From bb34df3003c7199315b4e9ae9bad80455216a18f Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 12 Dec 2019 10:28:20 -0700
Subject: [PATCH 001/183] code to generate website

---
 docs/web/conf.py                   | 1337 ++++++++++++++++++++++++++++
 docs/web/github_readme_to_pages.sh |   66 ++
 docs/web/requirements.txt          |    1 +
 3 files changed, 1404 insertions(+)
 create mode 100644 docs/web/conf.py
 create mode 100755 docs/web/github_readme_to_pages.sh
 create mode 100644 docs/web/requirements.txt

diff --git a/docs/web/conf.py b/docs/web/conf.py
new file mode 100644
index 000000000..84d426832
--- /dev/null
+++ b/docs/web/conf.py
@@ -0,0 +1,1337 @@
+# -*- coding: utf-8 -*-
+
+import time
+
+# !! This is the configuration of Nikola. !! #
+# !!  You should edit it to your liking.  !! #
+
+
+# ! Some settings can be different in different languages.
+# ! A comment stating (translatable) is used to denote those.
+# ! There are two ways to specify a translatable setting:
+# ! (a) BLOG_TITLE = "My Blog"
+# ! (b) BLOG_TITLE = {"en": "My Blog", "es": "Mi Blog"}
+# ! Option (a) is used when you don't want that setting translated.
+# ! Option (b) is used for settings that are different in different languages.
+
+
+# Data about this site
+BLOG_AUTHOR = "Seth Grover"  # (translatable)
+BLOG_TITLE = "Malcolm"  # (translatable)
+# This is the main URL for your site. It will be used
+# in a prominent link. Don't forget the protocol (http/https)!
+SITE_URL = "https://malcolm.fyi/"
+# This is the URL where Nikola's output will be deployed.
+# If not set, defaults to SITE_URL
+# BASE_URL = "https://malcolm.fyi/"
+BLOG_EMAIL = "malcolm.netsec@gmail.com"
+BLOG_DESCRIPTION = "Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs."  # (translatable)
+
+# Nikola is multilingual!
+#
+# Currently supported languages are:
+#
+# en        English
+# af        Afrikaans
+# ar        Arabic
+# az        Azerbaijani
+# bg        Bulgarian
+# bs        Bosnian
+# ca        Catalan
+# cs        Czech [ALTERNATIVELY cz]
+# da        Danish
+# de        German
+# el        Greek [NOT gr]
+# eo        Esperanto
+# es        Spanish
+# et        Estonian
+# eu        Basque
+# fa        Persian
+# fi        Finnish
+# fr        French
+# fur       Friulian
+# gl        Galician
+# he        Hebrew
+# hi        Hindi
+# hr        Croatian
+# hu        Hungarian
+# ia        Interlingua
+# id        Indonesian
+# it        Italian
+# ja        Japanese [NOT jp]
+# ko        Korean
+# lt        Lithuanian
+# ml        Malayalam
+# nb        Norwegian (Bokmål)
+# nl        Dutch
+# pa        Punjabi
+# pl        Polish
+# pt        Portuguese
+# pt_br     Portuguese (Brazil)
+# ru        Russian
+# sk        Slovak
+# sl        Slovene
+# sq        Albanian
+# sr        Serbian (Cyrillic)
+# sr_latin  Serbian (Latin)
+# sv        Swedish
+# te        Telugu
+# th        Thai
+# tr        Turkish [NOT tr_TR]
+# uk        Ukrainian
+# ur        Urdu
+# vi        Vietnamese
+# zh_cn     Chinese (Simplified)
+# zh_tw     Chinese (Traditional)
+#
+# If you want to use Nikola with a non-supported language you have to provide
+# a module containing the necessary translations
+# (cf. the modules at nikola/data/themes/base/messages/).
+# If a specific post is not translated to a language, then the version
+# in the default language will be shown instead.
+
+# What is the default language?
+DEFAULT_LANG = "en"
+
+# What other languages do you have?
+# The format is {"translationcode" : "path/to/translation" }
+# the path will be used as a prefix for the generated pages location
+TRANSLATIONS = {
+    DEFAULT_LANG: "",
+    # Example for another language:
+    # "es": "./es",
+}
+
+# What will translated input files be named like?
+
+# If you have a page something.rst, then something.pl.rst will be considered
+# its Polish translation.
+#     (in the above example: path == "something", ext == "rst", lang == "pl")
+# this pattern is also used for metadata:
+#     something.meta -> something.pl.meta
+
+TRANSLATIONS_PATTERN = '{path}.{lang}.{ext}'
+
+# Links for the sidebar / navigation bar.  (translatable)
+# This is a dict.  The keys are languages, and values are tuples.
+#
+# For regular links:
+#     ('https://getnikola.com/', 'Nikola Homepage')
+#
+# For submenus:
+#     (
+#         (
+#             ('https://apple.com/', 'Apple'),
+#             ('https://orange.com/', 'Orange'),
+#         ),
+#         'Fruits'
+#     )
+#
+# WARNING: Support for submenus is theme-dependent.
+#          Only one level of submenus is supported.
+# WARNING: Some themes, including the default Bootstrap 4 theme,
+#          may present issues if the menu is too large.
+#          (in Bootstrap, the navbar can grow too large and cover contents.)
+# WARNING: If you link to directories, make sure to follow
+#          ``STRIP_INDEXES``.  If it’s set to ``True``, end your links
+#          with a ``/``, otherwise end them with ``/index.html`` — or
+#          else they won’t be highlighted when active.
+
+NAVIGATION_LINKS = {
+    DEFAULT_LANG: (
+        ("/", "Home"),
+        ("/documentation/#QuickStart", "Getting Started"),
+        ("/documentation/#Components", "Components"),
+        ("/documentation/#Protocols", "Supported Protocols"),
+        ("/documentation/", "Documentation"),
+        ("/hedgehog/", "Hedgehog Linux"),
+        ("https://github.com/idaholab/Malcolm", "↪ GitHub")
+    ),
+}
+
+# Alternative navigation links. Works the same way NAVIGATION_LINKS does,
+# although themes may not always support them. (translatable)
+# (Bootstrap 4: right-side of navbar, Bootblog 4: right side of title)
+NAVIGATION_ALT_LINKS = {
+    DEFAULT_LANG: ()
+}
+
+# Name of the theme to use.
+THEME = "hyde"
+
+# Primary color of your theme. This will be used to customize your theme.
+# Must be a HEX value.
+THEME_COLOR = '#5670d4'
+
+# POSTS and PAGES contains (wildcard, destination, template) tuples.
+# (translatable)
+#
+# The wildcard is used to generate a list of source files
+# (whatever/thing.rst, for example).
+#
+# That fragment could have an associated metadata file (whatever/thing.meta),
+# and optionally translated files (example for Spanish, with code "es"):
+#     whatever/thing.es.rst and whatever/thing.es.meta
+#
+#     This assumes you use the default TRANSLATIONS_PATTERN.
+#
+# From those files, a set of HTML fragment files will be generated:
+# cache/whatever/thing.html (and maybe cache/whatever/thing.html.es)
+#
+# These files are combined with the template to produce rendered
+# pages, which will be placed at
+# output/TRANSLATIONS[lang]/destination/pagename.html
+#
+# where "pagename" is the "slug" specified in the metadata file.
+# The page might also be placed in /destination/pagename/index.html
+# if PRETTY_URLS are enabled.
+#
+# The difference between POSTS and PAGES is that POSTS are added
+# to feeds, indexes, tag lists and archives and are considered part
+# of a blog, while PAGES are just independent HTML pages.
+#
+# Finally, note that destination can be translated, i.e. you can
+# specify a different translation folder per language. Example:
+#     PAGES = (
+#         ("pages/*.rst", {"en": "pages", "de": "seiten"}, "page.tmpl"),
+#         ("pages/*.md", {"en": "pages", "de": "seiten"}, "page.tmpl"),
+#     )
+
+POSTS = (
+    ("posts/*.rst", "blog", "post.tmpl"),
+    ("posts/*.md", "blog", "post.tmpl"),
+    ("posts/*.txt", "blog", "post.tmpl"),
+    ("posts/*.html", "blog", "post.tmpl"),
+)
+PAGES = (
+    ("pages/*.rst", "", "page.tmpl"),
+    ("pages/*.md", "", "page.tmpl"),
+    ("pages/*.txt", "", "page.tmpl"),
+    ("pages/*.html", "", "page.tmpl"),
+)
+
+
+# Below this point, everything is optional
+
+# Post's dates are considered in UTC by default, if you want to use
+# another time zone, please set TIMEZONE to match. Check the available
+# list from Wikipedia:
+# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+# (e.g. 'Europe/Zurich')
+# Also, if you want to use a different time zone in some of your posts,
+# you can use the ISO 8601/RFC 3339 format (ex. 2012-03-30T23:00:00+02:00)
+TIMEZONE = "America/Denver"
+
+# If you want to use ISO 8601 (also valid RFC 3339) throughout Nikola
+# (especially in new_post), set this to True.
+# Note that this does not affect DATE_FORMAT.
+# FORCE_ISO8601 = False
+
+# Date format used to display post dates. (translatable)
+# Used by babel.dates, CLDR style: http://cldr.unicode.org/translation/date-time
+# You can also use 'full', 'long', 'medium', or 'short'
+# DATE_FORMAT = 'YYYY-MM-dd HH:mm'
+
+# Date format used to display post dates, if local dates are used. (translatable)
+# Used by moment.js: https://momentjs.com/docs/#/displaying/format/
+# JS_DATE_FORMAT = 'YYYY-MM-DD HH:mm'
+
+# Date fanciness.
+#
+# 0 = using DATE_FORMAT and TIMEZONE
+# 1 = using JS_DATE_FORMAT and local user time (via moment.js)
+# 2 = using a string like “2 days ago”
+#
+# Your theme must support it, Bootstrap already does.
+# DATE_FANCINESS = 0
+
+# Customize the locale/region used for a language.
+# For example, to use British instead of US English: LOCALES = {'en': 'en_GB'}
+# LOCALES = {}
+
+# One or more folders containing files to be copied as-is into the output.
+# The format is a dictionary of {source: relative destination}.
+# Default is:
+# FILES_FOLDERS = {'files': ''}
+# Which means copy 'files' into 'output'
+
+# One or more folders containing code listings to be processed and published on
+# the site. The format is a dictionary of {source: relative destination}.
+# Default is:
+# LISTINGS_FOLDERS = {'listings': 'listings'}
+# Which means process listings from 'listings' into 'output/listings'
+
+# A mapping of languages to file-extensions that represent that language.
+# Feel free to add or delete extensions to any list, but don't add any new
+# compilers unless you write the interface for it yourself.
+#
+# The default compiler for `new_post` is the first entry in the POSTS tuple.
+#
+# 'rest' is reStructuredText
+# 'markdown' is Markdown
+# 'html' assumes the file is HTML and just copies it
+COMPILERS = {
+    "rest": ('.rst', '.txt'),
+    "markdown": ('.md', '.mdown', '.markdown'),
+    "textile": ('.textile',),
+    "txt2tags": ('.t2t',),
+    "bbcode": ('.bb',),
+    "wiki": ('.wiki',),
+    "ipynb": ('.ipynb',),
+    "html": ('.html', '.htm'),
+    # PHP files are rendered the usual way (i.e. with the full templates).
+    # The resulting files have .php extensions, making it possible to run
+    # them without reconfiguring your server to recognize them.
+    "php": ('.php',),
+    # Pandoc detects the input from the source filename
+    # but is disabled by default as it would conflict
+    # with many of the others.
+    # "pandoc": ('.rst', '.md', '.txt'),
+}
+
+# Enable reST directives that insert the contents of external files such
+# as "include" and "raw." This maps directly to the docutils file_insertion_enabled
+# config. See: http://docutils.sourceforge.net/docs/user/config.html#file-insertion-enabled
+# REST_FILE_INSERTION_ENABLED = True
+
+# Create by default posts in one file format?
+# Set to False for two-file posts, with separate metadata.
+# ONE_FILE_POSTS = True
+
+# Preferred metadata format for new posts
+# "Nikola": reST comments, wrapped in a HTML comment if needed (default)
+# "YAML": YAML wrapped in "---"
+# "TOML": TOML wrapped in "+++"
+# "Pelican": Native markdown metadata or reST docinfo fields. Nikola style for other formats.
+# METADATA_FORMAT = "Nikola"
+
+# Use date-based path when creating posts?
+# Can be enabled on a per-post basis with `nikola new_post -d`.
+# The setting is ignored when creating pages.
+# NEW_POST_DATE_PATH = False
+
+# What format to use when creating posts with date paths?
+# Default is '%Y/%m/%d', other possibilities include '%Y' or '%Y/%m'.
+# NEW_POST_DATE_PATH_FORMAT = '%Y/%m/%d'
+
+# If this is set to True, the DEFAULT_LANG version will be displayed for
+# untranslated posts.
+# If this is set to False, then posts that are not translated to a language
+# LANG will not be visible at all in the pages in that language.
+# SHOW_UNTRANSLATED_POSTS = True
+
+# Nikola supports logo display.  If you have one, you can put the URL here.
+# Final output is <img src="LOGO_URL" id="logo" alt="BLOG_TITLE">.
+# The URL may be relative to the site root.
+LOGO_URL = 'https://raw.githubusercontent.com/idaholab/Malcolm/development/docs/images/logo/Malcolm_reflection_white.png'
+
+# If you want to hide the title of your website (for example, if your logo
+# already contains the text), set this to False.
+SHOW_BLOG_TITLE = False
+
+# Paths for different autogenerated bits. These are combined with the
+# translation paths.
+
+# Final locations are:
+# output / TRANSLATION[lang] / TAG_PATH / index.html (list of tags)
+# output / TRANSLATION[lang] / TAG_PATH / tag.html (list of posts for a tag)
+# output / TRANSLATION[lang] / TAG_PATH / tag RSS_EXTENSION (RSS feed for a tag)
+# (translatable)
+# TAG_PATH = "categories"
+
+# By default, the list of tags is stored in
+#     output / TRANSLATION[lang] / TAG_PATH / index.html
+# (see explanation for TAG_PATH). This location can be changed to
+#     output / TRANSLATION[lang] / TAGS_INDEX_PATH
+# with an arbitrary relative path TAGS_INDEX_PATH.
+# (translatable)
+# TAGS_INDEX_PATH = "tags.html"
+
+# If TAG_PAGES_ARE_INDEXES is set to True, each tag's page will contain
+# the posts themselves. If set to False, it will be just a list of links.
+# TAG_PAGES_ARE_INDEXES = False
+
+# Set descriptions for tag pages to make them more interesting. The
+# default is no description. The value is used in the meta description
+# and displayed underneath the tag list or index page’s title.
+# TAG_DESCRIPTIONS = {
+#    DEFAULT_LANG: {
+#        "blogging": "Meta-blog posts about blogging.",
+#        "open source": "My contributions to my many, varied, ever-changing, and eternal libre software projects."
+#    },
+# }
+
+# Set special titles for tag pages. The default is "Posts about TAG".
+# TAG_TITLES = {
+#    DEFAULT_LANG: {
+#        "blogging": "Meta-posts about blogging",
+#        "open source": "Posts about open source software"
+#    },
+# }
+
+# If you do not want to display a tag publicly, you can mark it as hidden.
+# The tag will not be displayed on the tag list page and posts.
+# Tag pages will still be generated.
+HIDDEN_TAGS = ['mathjax']
+
+# Only include tags on the tag list/overview page if there are at least
+# TAGLIST_MINIMUM_POSTS number of posts or more with every tag. Every tag
+# page is still generated, linked from posts, and included in the sitemap.
+# However, more obscure tags can be hidden from the tag index page.
+# TAGLIST_MINIMUM_POSTS = 1
+
+# A list of dictionaries specifying tags which translate to each other.
+# Format: a list of dicts {language: translation, language2: translation2, …}
+# For example:
+#   [
+#     {'en': 'private', 'de': 'Privat'},
+#     {'en': 'work', 'fr': 'travail', 'de': 'Arbeit'},
+#   ]
+# TAG_TRANSLATIONS = []
+
+# If set to True, a tag in a language will be treated as a translation
+# of the literally same tag in all other languages. Enable this if you
+# do not translate tags, for example.
+# TAG_TRANSLATIONS_ADD_DEFAULTS = True
+
+# Final locations are:
+# output / TRANSLATION[lang] / CATEGORY_PATH / index.html (list of categories)
+# output / TRANSLATION[lang] / CATEGORY_PATH / CATEGORY_PREFIX category.html (list of posts for a category)
+# output / TRANSLATION[lang] / CATEGORY_PATH / CATEGORY_PREFIX category RSS_EXTENSION (RSS feed for a category)
+# (translatable)
+# CATEGORY_PATH = "categories"
+# CATEGORY_PREFIX = "cat_"
+
+# By default, the list of categories is stored in
+#     output / TRANSLATION[lang] / CATEGORY_PATH / index.html
+# (see explanation for CATEGORY_PATH). This location can be changed to
+#     output / TRANSLATION[lang] / CATEGORIES_INDEX_PATH
+# with an arbitrary relative path CATEGORIES_INDEX_PATH.
+# (translatable)
+# CATEGORIES_INDEX_PATH = "categories.html"
+
+# If CATEGORY_ALLOW_HIERARCHIES is set to True, categories can be organized in
+# hierarchies. For a post, the whole path in the hierarchy must be specified,
+# using a forward slash ('/') to separate paths. Use a backslash ('\') to escape
+# a forward slash or a backslash (i.e. '\//\\' is a path specifying the
+# subcategory called '\' of the top-level category called '/').
+CATEGORY_ALLOW_HIERARCHIES = False
+# If CATEGORY_OUTPUT_FLAT_HIERARCHY is set to True, the output written to output
+# contains only the name of the leaf category and not the whole path.
+CATEGORY_OUTPUT_FLAT_HIERARCHY = False
+
+# If CATEGORY_PAGES_ARE_INDEXES is set to True, each category's page will contain
+# the posts themselves. If set to False, it will be just a list of links.
+# CATEGORY_PAGES_ARE_INDEXES = False
+
+# Set descriptions for category pages to make them more interesting. The
+# default is no description. The value is used in the meta description
+# and displayed underneath the category list or index page’s title.
+# CATEGORY_DESCRIPTIONS = {
+#    DEFAULT_LANG: {
+#        "blogging": "Meta-blog posts about blogging.",
+#        "open source": "My contributions to my many, varied, ever-changing, and eternal libre software projects."
+#    },
+# }
+
+# Set special titles for category pages. The default is "Posts about CATEGORY".
+# CATEGORY_TITLES = {
+#    DEFAULT_LANG: {
+#        "blogging": "Meta-posts about blogging",
+#        "open source": "Posts about open source software"
+#    },
+# }
+
+# If you do not want to display a category publicly, you can mark it as hidden.
+# The category will not be displayed on the category list page.
+# Category pages will still be generated.
+HIDDEN_CATEGORIES = []
+
+# A list of dictionaries specifying categories which translate to each other.
+# Format: a list of dicts {language: translation, language2: translation2, …}
+# See TAG_TRANSLATIONS example above.
+# CATEGORY_TRANSLATIONS = []
+
+# If set to True, a category in a language will be treated as a translation
+# of the literally same category in all other languages. Enable this if you
+# do not translate categories, for example.
+# CATEGORY_TRANSLATIONS_ADD_DEFAULTS = True
+
+# If no category is specified in a post, the destination path of the post
+# can be used in its place. This replaces the sections feature. Using
+# category hierarchies is recommended.
+# CATEGORY_DESTPATH_AS_DEFAULT = False
+
+# If True, the prefix will be trimmed from the category name, eg. if the
+# POSTS destination is "foo/bar", and the path is "foo/bar/baz/quux",
+# the category will be "baz/quux" (or "baz" if only the first directory is considered).
+# Note that prefixes coming from translations are always ignored.
+# CATEGORY_DESTPATH_TRIM_PREFIX = False
+
+# If True, only the first directory of a path will be used.
+# CATEGORY_DESTPATH_FIRST_DIRECTORY_ONLY = True
+
+# Map paths to prettier category names. (translatable)
+# CATEGORY_DESTPATH_NAMES = {
+#    DEFAULT_LANG: {
+#        'webdev': 'Web Development',
+#        'webdev/django': 'Web Development/Django',
+#        'random': 'Odds and Ends',
+#    },
+# }
+
+# By default, category indexes will appear in CATEGORY_PATH and use
+# CATEGORY_PREFIX. If this is enabled, those settings will be ignored (except
+# for the index) and instead, they will follow destination paths (eg. category
+# 'foo' might appear in 'posts/foo'). If the category does not come from a
+# destpath, first entry in POSTS followed by the category name will be used.
+# For this setting, category hierarchies are required and cannot be flattened.
+# CATEGORY_PAGES_FOLLOW_DESTPATH = False
+
+# If ENABLE_AUTHOR_PAGES is set to True and there is more than one
+# author, author pages are generated.
+# ENABLE_AUTHOR_PAGES = True
+
+# Path to author pages. Final locations are:
+# output / TRANSLATION[lang] / AUTHOR_PATH / index.html (list of authors)
+# output / TRANSLATION[lang] / AUTHOR_PATH / author.html (list of posts by an author)
+# output / TRANSLATION[lang] / AUTHOR_PATH / author RSS_EXTENSION (RSS feed for an author)
+# (translatable)
+# AUTHOR_PATH = "authors"
+
+# If AUTHOR_PAGES_ARE_INDEXES is set to True, each author's page will contain
+# the posts themselves. If set to False, it will be just a list of links.
+# AUTHOR_PAGES_ARE_INDEXES = False
+
+# Set descriptions for author pages to make them more interesting. The
+# default is no description. The value is used in the meta description
+# and displayed underneath the author list or index page’s title.
+# AUTHOR_PAGES_DESCRIPTIONS = {
+#    DEFAULT_LANG: {
+#        "Juanjo Conti": "Python coder and writer.",
+#        "Roberto Alsina": "Nikola father."
+#    },
+# }
+
+
+# If you do not want to display an author publicly, you can mark it as hidden.
+# The author will not be displayed on the author list page and posts.
+# Tag pages will still be generated.
+HIDDEN_AUTHORS = ['Guest']
+
+# Final location for the main blog page and sibling paginated pages is
+# output / TRANSLATION[lang] / INDEX_PATH / index-*.html
+# (translatable)
+INDEX_PATH = "blog"
+
+# Optional HTML that displayed on “main” blog index.html files.
+# May be used for a greeting. (translatable)
+FRONT_INDEX_HEADER = {
+    DEFAULT_LANG: ''
+}
+
+# Create per-month archives instead of per-year
+# CREATE_MONTHLY_ARCHIVE = False
+# Create one large archive instead of per-year
+# CREATE_SINGLE_ARCHIVE = False
+# Create year, month, and day archives each with a (long) list of posts
+# (overrides both CREATE_MONTHLY_ARCHIVE and CREATE_SINGLE_ARCHIVE)
+# CREATE_FULL_ARCHIVES = False
+# If monthly archives or full archives are created, adds also one archive per day
+# CREATE_DAILY_ARCHIVE = False
+# Create previous, up, next navigation links for archives
+# CREATE_ARCHIVE_NAVIGATION = False
+# Final locations for the archives are:
+# output / TRANSLATION[lang] / ARCHIVE_PATH / ARCHIVE_FILENAME
+# output / TRANSLATION[lang] / ARCHIVE_PATH / YEAR / index.html
+# output / TRANSLATION[lang] / ARCHIVE_PATH / YEAR / MONTH / index.html
+# output / TRANSLATION[lang] / ARCHIVE_PATH / YEAR / MONTH / DAY / index.html
+# (translatable)
+# ARCHIVE_PATH = ""
+# ARCHIVE_FILENAME = "archive.html"
+
+# If ARCHIVES_ARE_INDEXES is set to True, each archive page which contains a list
+# of posts will contain the posts themselves. If set to False, it will be just a
+# list of links.
+# ARCHIVES_ARE_INDEXES = False
+
+# URLs to other posts/pages can take 3 forms:
+# rel_path: a relative URL to the current page/post (default)
+# full_path: a URL with the full path from the root
+# absolute: a complete URL (that includes the SITE_URL)
+# URL_TYPE = 'rel_path'
+
+# Extension for RSS feed files
+# RSS_EXTENSION = ".xml"
+
+# RSS filename base (without extension); used for indexes and galleries.
+# (translatable)
+# RSS_FILENAME_BASE = "rss"
+
+# Final location for the blog main RSS feed is:
+# output / TRANSLATION[lang] / RSS_PATH / RSS_FILENAME_BASE RSS_EXTENSION
+# (translatable)
+# RSS_PATH = ""
+
+# Final location for the blog main Atom feed is:
+# output / TRANSLATION[lang] / ATOM_PATH / ATOM_FILENAME_BASE ATOM_EXTENSION
+# (translatable)
+# ATOM_PATH = ""
+
+# Atom filename base (without extension); used for indexes.
+# (translatable)
+ATOM_FILENAME_BASE = "feed"
+
+# Extension for Atom feed files
+# ATOM_EXTENSION = ".atom"
+
+# Slug the Tag URL. Easier for users to type, special characters are
+# often removed or replaced as well.
+# SLUG_TAG_PATH = True
+
+# Slug the Author URL. Easier for users to type, special characters are
+# often removed or replaced as well.
+# SLUG_AUTHOR_PATH = True
+
+# A list of redirection tuples, [("foo/from.html", "/bar/to.html")].
+#
+# A HTML file will be created in output/foo/from.html that redirects
+# to the "/bar/to.html" URL. notice that the "from" side MUST be a
+# relative URL.
+#
+# If you don't need any of these, just set to []
+REDIRECTIONS = []
+
+# Presets of commands to execute to deploy. Can be anything, for
+# example, you may use rsync:
+# "rsync -rav --delete output/ joe@my.site:/srv/www/site"
+# And then do a backup, or run `nikola ping` from the `ping`
+# plugin (`nikola plugin -i ping`).  Or run `nikola check -l`.
+# You may also want to use github_deploy (see below).
+# You can define multiple presets and specify them as arguments
+# to `nikola deploy`.  If no arguments are specified, a preset
+# named `default` will be executed.  You can use as many presets
+# in a `nikola deploy` command as you like.
+# DEPLOY_COMMANDS = {
+#     'default': [
+#         "rsync -rav --delete output/ joe@my.site:/srv/www/site",
+#     ]
+# }
+
+# github_deploy configuration
+# For more details, read the manual:
+# https://getnikola.com/handbook.html#deploying-to-github
+# You will need to configure the deployment branch on GitHub.
+GITHUB_SOURCE_BRANCH = 'src'
+GITHUB_DEPLOY_BRANCH = 'master'
+
+# The name of the remote where you wish to push to, using github_deploy.
+GITHUB_REMOTE_NAME = 'origin'
+
+# Whether or not github_deploy should commit to the source branch automatically
+# before deploying.
+GITHUB_COMMIT_SOURCE = True
+
+# Where the output site should be located
+# If you don't use an absolute path, it will be considered as relative
+# to the location of conf.py
+# OUTPUT_FOLDER = 'output'
+
+# where the "cache" of partial generated content should be located
+# default: 'cache'
+# CACHE_FOLDER = 'cache'
+
+# Filters to apply to the output.
+# A directory where the keys are either: a file extensions, or
+# a tuple of file extensions.
+#
+# And the value is a list of commands to be applied in order.
+#
+# Each command must be either:
+#
+# A string containing a '%s' which will
+# be replaced with a filename. The command *must* produce output
+# in place.
+#
+# Or:
+#
+# A python callable, which will be called with the filename as
+# argument.
+#
+# By default, only .php files uses filters to inject PHP into
+# Nikola’s templates. All other filters must be enabled through FILTERS.
+#
+# Many filters are shipped with Nikola. A list is available in the manual:
+# <https://getnikola.com/handbook.html#post-processing-filters>
+#
+# from nikola import filters
+# FILTERS = {
+#    ".html": [filters.typogrify],
+#    ".js": [filters.closure_compiler],
+#    ".jpg": ["jpegoptim --strip-all -m75 -v %s"],
+# }
+
+# Executable for the "yui_compressor" filter (defaults to 'yui-compressor').
+# YUI_COMPRESSOR_EXECUTABLE = 'yui-compressor'
+
+# Executable for the "closure_compiler" filter (defaults to 'closure-compiler').
+# CLOSURE_COMPILER_EXECUTABLE = 'closure-compiler'
+
+# Executable for the "optipng" filter (defaults to 'optipng').
+# OPTIPNG_EXECUTABLE = 'optipng'
+
+# Executable for the "jpegoptim" filter (defaults to 'jpegoptim').
+# JPEGOPTIM_EXECUTABLE = 'jpegoptim'
+
+# Executable for the "html_tidy_withconfig", "html_tidy_nowrap",
+# "html_tidy_wrap", "html_tidy_wrap_attr" and "html_tidy_mini" filters
+# (defaults to 'tidy5').
+# HTML_TIDY_EXECUTABLE = 'tidy5'
+
+# List of XPath expressions which should be used for finding headers
+# ({hx} is replaced by headers h1 through h6).
+# You must change this if you use a custom theme that does not use
+# "e-content entry-content" as a class for post and page contents.
+# HEADER_PERMALINKS_XPATH_LIST = ['*//div[@class="e-content entry-content"]//{hx}']
+# Include *every* header (not recommended):
+# HEADER_PERMALINKS_XPATH_LIST = ['*//{hx}']
+
+# File blacklist for header permalinks. Contains output path
+# (eg. 'output/index.html')
+# HEADER_PERMALINKS_FILE_BLACKLIST = []
+
+# Expert setting! Create a gzipped copy of each generated file. Cheap server-
+# side optimization for very high traffic sites or low memory servers.
+# GZIP_FILES = False
+# File extensions that will be compressed
+# GZIP_EXTENSIONS = ('.txt', '.htm', '.html', '.css', '.js', '.json', '.atom', '.xml')
+# Use an external gzip command? None means no.
+# Example: GZIP_COMMAND = "pigz -k {filename}"
+# GZIP_COMMAND = None
+# Make sure the server does not return a "Accept-Ranges: bytes" header for
+# files compressed by this option! OR make sure that a ranged request does not
+# return partial content of another representation for these resources. Do not
+# use this feature if you do not understand what this means.
+
+# #############################################################################
+# Image Gallery Options
+# #############################################################################
+
+# One or more folders containing galleries. The format is a dictionary of
+# {"source": "relative_destination"}, where galleries are looked for in
+# "source/" and the results will be located in
+# "OUTPUT_PATH/relative_destination/gallery_name"
+# Default is:
+# GALLERY_FOLDERS = {"galleries": "galleries"}
+# More gallery options:
+# THUMBNAIL_SIZE = 180
+# MAX_IMAGE_SIZE = 1280
+# USE_FILENAME_AS_TITLE = True
+# EXTRA_IMAGE_EXTENSIONS = []
+#
+# If set to False, it will sort by filename instead. Defaults to True
+# GALLERY_SORT_BY_DATE = True
+
+# If set to True, EXIF data will be copied when an image is thumbnailed or
+# resized. (See also EXIF_WHITELIST)
+# PRESERVE_EXIF_DATA = False
+
+# If you have enabled PRESERVE_EXIF_DATA, this option lets you choose EXIF
+# fields you want to keep in images. (See also PRESERVE_EXIF_DATA)
+#
+# For a full list of field names, please see here:
+# http://www.cipa.jp/std/documents/e/DC-008-2012_E.pdf
+#
+# This is a dictionary of lists. Each key in the dictionary is the
+# name of a IDF, and each list item is a field you want to preserve.
+# If you have a IDF with only a '*' item, *EVERY* item in it will be
+# preserved. If you don't want to preserve anything in a IDF, remove it
+# from the setting. By default, no EXIF information is kept.
+# Setting the whitelist to anything other than {} implies
+# PRESERVE_EXIF_DATA is set to True
+# To preserve ALL EXIF data, set EXIF_WHITELIST to {"*": "*"}
+
+# EXIF_WHITELIST = {}
+
+# Some examples of EXIF_WHITELIST settings:
+
+# Basic image information:
+# EXIF_WHITELIST['0th'] = [
+#    "Orientation",
+#    "XResolution",
+#    "YResolution",
+# ]
+
+# If you want to keep GPS data in the images:
+# EXIF_WHITELIST['GPS'] = ["*"]
+
+# Embedded thumbnail information:
+# EXIF_WHITELIST['1st'] = ["*"]
+
+# If set to True, any ICC profile will be copied when an image is thumbnailed or
+# resized.
+# PRESERVE_ICC_PROFILES = False
+
+# Folders containing images to be used in normal posts or pages.
+# IMAGE_FOLDERS is a dictionary of the form {"source": "destination"},
+# where "source" is the folder containing the images to be published, and
+# "destination" is the folder under OUTPUT_PATH containing the images copied
+# to the site. Thumbnail images will be created there as well.
+
+# To reference the images in your posts, include a leading slash in the path.
+# For example, if IMAGE_FOLDERS = {'images': 'images'}, write
+#
+#   .. image:: /images/tesla.jpg
+#
+# See the Nikola Handbook for details (in the “Embedding Images” and
+# “Thumbnails” sections)
+
+# Images will be scaled down according to IMAGE_THUMBNAIL_SIZE and MAX_IMAGE_SIZE
+# options, but will have to be referenced manually to be visible on the site
+# (the thumbnail has ``.thumbnail`` added before the file extension by default,
+# but a different naming template can be configured with IMAGE_THUMBNAIL_FORMAT).
+
+IMAGE_FOLDERS = {'images': 'images'}
+# IMAGE_THUMBNAIL_SIZE = 400
+# IMAGE_THUMBNAIL_FORMAT = '{name}.thumbnail{ext}'
+
+# #############################################################################
+# HTML fragments and diverse things that are used by the templates
+# #############################################################################
+
+# Data about post-per-page indexes.
+# INDEXES_PAGES defaults to ' old posts, page %d' or ' page %d' (translated),
+# depending on the value of INDEXES_PAGES_MAIN.
+#
+# (translatable) If the following is empty, defaults to BLOG_TITLE:
+# INDEXES_TITLE = ""
+#
+# (translatable) If the following is empty, defaults to ' [old posts,] page %d' (see above):
+# INDEXES_PAGES = ""
+#
+# If the following is True, INDEXES_PAGES is also displayed on the main (the
+# newest) index page (index.html):
+# INDEXES_PAGES_MAIN = False
+#
+# If the following is True, index-1.html has the oldest posts, index-2.html the
+# second-oldest posts, etc., and index.html has the newest posts. This ensures
+# that all posts on index-x.html will forever stay on that page, now matter how
+# many new posts are added.
+# If False, index-1.html has the second-newest posts, index-2.html the third-newest,
+# and index-n.html the oldest posts. When this is active, old posts can be moved
+# to other index pages when new posts are added.
+# INDEXES_STATIC = True
+#
+# (translatable) If PRETTY_URLS is set to True, this setting will be used to create
+# prettier URLs for index pages, such as page/2/index.html instead of index-2.html.
+# Valid values for this settings are:
+#   * False,
+#   * a list or tuple, specifying the path to be generated,
+#   * a dictionary mapping languages to lists or tuples.
+# Every list or tuple must consist of strings which are used to combine the path;
+# for example:
+#     ['page', '{number}', '{index_file}']
+# The replacements
+#     {number}     --> (logical) page number;
+#     {old_number} --> the page number inserted into index-n.html before (zero for
+#                      the main page);
+#     {index_file} --> value of option INDEX_FILE
+# are made.
+# Note that in case INDEXES_PAGES_MAIN is set to True, a redirection will be created
+# for the full URL with the page number of the main page to the normal (shorter) main
+# page URL.
+# INDEXES_PRETTY_PAGE_URL = False
+#
+# If the following is true, a page range navigation will be inserted to indices.
+# Please note that this will undo the effect of INDEXES_STATIC, as all index pages
+# must be recreated whenever the number of pages changes.
+# SHOW_INDEX_PAGE_NAVIGATION = False
+
+# If the following is True, a meta name="generator" tag is added to pages. The
+# generator tag is used to specify the software used to generate the page
+# (it promotes Nikola).
+# META_GENERATOR_TAG = True
+
+# Color scheme to be used for code blocks. If your theme provides
+# "assets/css/code.css" this is ignored. Set to None to disable.
+# Can be any of:
+# algol, algol_nu, autumn, borland, bw, colorful, default, emacs, friendly,
+# fruity, igor, lovelace, manni, monokai, murphy, native, paraiso-dark,
+# paraiso-light, pastie, perldoc, rrt, tango, trac, vim, vs, xcode
+# This list MAY be incomplete since pygments adds styles every now and then.
+# Check with list(pygments.styles.get_all_styles()) in an interpreter.
+#
+# CODE_COLOR_SCHEME = 'default'
+
+# FAVICONS contains (name, file, size) tuples.
+# Used to create favicon link like this:
+# <link rel="name" href="file" sizes="size"/>
+# FAVICONS = (
+#     ("icon", "/favicon.ico", "16x16"),
+#     ("icon", "/icon_128x128.png", "128x128"),
+# )
+
+# Show teasers (instead of full posts) in indexes? Defaults to False.
+# INDEX_TEASERS = False
+
+# HTML fragments with the Read more... links.
+# The following tags exist and are replaced for you:
+# {link}                        A link to the full post page.
+# {read_more}                   The string “Read more” in the current language.
+# {reading_time}                An estimate of how long it will take to read the post.
+# {remaining_reading_time}      An estimate of how long it will take to read the post, sans the teaser.
+# {min_remaining_read}          The string “{remaining_reading_time} min remaining to read” in the current language.
+# {paragraph_count}             The amount of paragraphs in the post.
+# {remaining_paragraph_count}   The amount of paragraphs in the post, sans the teaser.
+# {post_title}                  The title of the post.
+# {{                            A literal { (U+007B LEFT CURLY BRACKET)
+# }}                            A literal } (U+007D RIGHT CURLY BRACKET)
+
+# 'Read more...' for the index page, if INDEX_TEASERS is True (translatable)
+INDEX_READ_MORE_LINK = '<p class="more"><a href="{link}">{read_more}…</a></p>'
+# 'Read more...' for the feeds, if FEED_TEASERS is True (translatable)
+FEED_READ_MORE_LINK = '<p><a href="{link}">{read_more}…</a> ({min_remaining_read})</p>'
+
+# Append a URL query to the FEED_READ_MORE_LINK in Atom and RSS feeds. Advanced
+# option used for traffic source tracking.
+# Minimum example for use with Piwik: "pk_campaign=feed"
+# The following tags exist and are replaced for you:
+# {feedRelUri}                  A relative link to the feed.
+# {feedFormat}                  The name of the syndication format.
+# Example using replacement for use with Google Analytics:
+# "utm_source={feedRelUri}&utm_medium=nikola_feed&utm_campaign={feedFormat}_feed"
+FEED_LINKS_APPEND_QUERY = False
+
+# A HTML fragment describing the license, for the sidebar.
+# (translatable)
+LICENSE = LICENSE = """
+<a rel="license" href="https://raw.githubusercontent.com/idaholab/Malcolm/master/License.txt">License</a>"""
+# I recommend using the Creative Commons' wizard:
+# https://creativecommons.org/choose/
+# LICENSE = """
+# <a rel="license" href="https://creativecommons.org/licenses/by-nc-sa/4.0/">
+# <img alt="Creative Commons License BY-NC-SA"
+# style="border-width:0; margin-bottom:12px;"
+# src="https://i.creativecommons.org/l/by-nc-sa/4.0/88x31.png"></a>"""
+
+# A small copyright notice for the page footer (in HTML).
+# (translatable)
+CONTENT_FOOTER = 'This site mirrors the documentation of <a href="https://github.com/idaholab/Malcolm">Malcolm</a>, an open-source project developed at <a href="https://github.com/idaholab/">INL</a> and funded by <a href="https://www.dhs.gov/">DHS</a>. This site is not operated by INL nor DHS: its content is the sole responsibility of <a href="mailto:{email}">its maintainer</a>. See {license} for Malcolm\'s license terms.'
+
+# Things that will be passed to CONTENT_FOOTER.format().  This is done
+# for translatability, as dicts are not formattable.  Nikola will
+# intelligently format the setting properly.
+# The setting takes a dict. The keys are languages. The values are
+# tuples of tuples of positional arguments and dicts of keyword arguments
+# to format().  For example, {'en': (('Hello'), {'target': 'World'})}
+# results in CONTENT_FOOTER['en'].format('Hello', target='World').
+# If you need to use the literal braces '{' and '}' in your footer text, use
+# '{{' and '}}' to escape them (str.format is used)
+# WARNING: If you do not use multiple languages with CONTENT_FOOTER, this
+#          still needs to be a dict of this format.  (it can be empty if you
+#          do not need formatting)
+# (translatable)
+CONTENT_FOOTER_FORMATS = {
+    DEFAULT_LANG: (
+        (),
+        {
+            "email": BLOG_EMAIL,
+            "author": BLOG_AUTHOR,
+            "date": time.gmtime().tm_year,
+            "license": LICENSE,
+            "siteurl": SITE_URL
+        }
+    )
+}
+
+# A simple copyright tag for inclusion in RSS feeds that works just
+# like CONTENT_FOOTER and CONTENT_FOOTER_FORMATS
+RSS_COPYRIGHT = 'Contents © {date} <a href="mailto:{email}">{author}</a> {license}'
+RSS_COPYRIGHT_PLAIN = 'Contents © {date} {author} {license}'
+RSS_COPYRIGHT_FORMATS = CONTENT_FOOTER_FORMATS
+
+# To use comments, you can choose between different third party comment
+# systems.  The following comment systems are supported by Nikola:
+#   disqus, facebook, intensedebate, isso, muut, commento
+# You can leave this option blank to disable comments.
+COMMENT_SYSTEM = ""
+# And you also need to add your COMMENT_SYSTEM_ID which
+# depends on what comment system you use. The default is
+# "nikolademo" which is a test account for Disqus. More information
+# is in the manual.
+COMMENT_SYSTEM_ID = ""
+
+# Create index.html for page folders?
+# WARNING: if a page would conflict with the index file (usually
+#          caused by setting slug to `index`), the PAGE_INDEX
+#          will not be generated for that directory.
+# PAGE_INDEX = False
+# Enable comments on pages (i.e. not posts)?
+# COMMENTS_IN_PAGES = False
+# Enable comments on picture gallery pages?
+# COMMENTS_IN_GALLERIES = False
+
+# What file should be used for directory indexes?
+# Defaults to index.html
+# Common other alternatives: default.html for IIS, index.php
+# INDEX_FILE = "index.html"
+
+# If a link ends in /index.html,  drop the index.html part.
+# http://mysite/foo/bar/index.html => http://mysite/foo/bar/
+# (Uses the INDEX_FILE setting, so if that is, say, default.html,
+# it will instead /foo/default.html => /foo)
+STRIP_INDEXES = True
+
+# List of files relative to the server root (!) that will be asked to be excluded
+# from indexing and other robotic spidering. * is supported. Will only be effective
+# if SITE_URL points to server root. The list is used to exclude resources from
+# /robots.txt and /sitemap.xml, and to inform search engines about /sitemapindex.xml.
+# ROBOTS_EXCLUSIONS = ["/archive.html", "/category/*.html"]
+
+# Instead of putting files in <slug>.html, put them in <slug>/index.html.
+# No web server configuration is required. Also enables STRIP_INDEXES.
+# This can be disabled on a per-page/post basis by adding
+#    .. pretty_url: False
+# to the metadata.
+PRETTY_URLS = True
+
+# If True, publish future dated posts right away instead of scheduling them.
+# Defaults to False.
+# FUTURE_IS_NOW = False
+
+# If True, future dated posts are allowed in deployed output
+# Only the individual posts are published/deployed; not in indexes/sitemap
+# Generally, you want FUTURE_IS_NOW and DEPLOY_FUTURE to be the same value.
+# DEPLOY_FUTURE = False
+# If False, draft posts will not be deployed
+# DEPLOY_DRAFTS = True
+
+# Allows scheduling of posts using the rule specified here (new_post -s)
+# Specify an iCal Recurrence Rule: http://www.kanzaki.com/docs/ical/rrule.html
+# SCHEDULE_RULE = ''
+# If True, use the scheduling rule to all posts (not pages!) by default
+# SCHEDULE_ALL = False
+
+# Do you want a add a Mathjax config file?
+# MATHJAX_CONFIG = ""
+
+# If you want support for the $.$ syntax (which may conflict with running
+# text!), just use this config:
+# MATHJAX_CONFIG = """
+# <script type="text/x-mathjax-config">
+# MathJax.Hub.Config({
+#     tex2jax: {
+#         inlineMath: [ ['$','$'], ["\\\(","\\\)"] ],
+#         displayMath: [ ['$$','$$'], ["\\\[","\\\]"] ],
+#         processEscapes: true
+#     },
+#     displayAlign: 'center', // Change this to 'left' if you want left-aligned equations.
+#     "HTML-CSS": {
+#         styles: {'.MathJax_Display': {"margin": 0}}
+#     }
+# });
+# </script>
+# """
+
+# Want to use KaTeX instead of MathJax? While KaTeX may not support every
+# feature yet, it's faster and the output looks better.
+# USE_KATEX = False
+
+# KaTeX auto-render settings. If you want support for the $.$ syntax (which may
+# conflict with running text!), just use this config:
+# KATEX_AUTO_RENDER = """
+# delimiters: [
+#     {left: "$$", right: "$$", display: true},
+#     {left: "\\\\[", right: "\\\\]", display: true},
+#     {left: "\\\\begin{equation*}", right: "\\\\end{equation*}", display: true},
+#     {left: "$", right: "$", display: false},
+#     {left: "\\\\(", right: "\\\\)", display: false}
+# ]
+# """
+
+# Do you want to customize the nbconversion of your IPython notebook?
+# IPYNB_CONFIG = {}
+# With the following example configuration you can use a custom jinja template
+# called `toggle.tpl` which has to be located in your site/blog main folder:
+# IPYNB_CONFIG = {'Exporter': {'template_file': 'toggle'}}
+
+# What Markdown extensions to enable?
+# You will also get gist, nikola and podcast because those are
+# done in the code, hope you don't mind ;-)
+# Note: most Nikola-specific extensions are done via the Nikola plugin system,
+#       with the MarkdownExtension class and should not be added here.
+# Defaults are markdown.extensions.(fenced_code|codehilite|extra)
+# markdown.extensions.meta is required for Markdown metadata.
+MARKDOWN_EXTENSIONS = ['markdown.extensions.fenced_code', 'markdown.extensions.codehilite', 'markdown.extensions.extra']
+
+# Options to be passed to markdown extensions (See https://python-markdown.github.io/reference/)
+# Default is {} (no config at all)
+# MARKDOWN_EXTENSION_CONFIGS = {}
+
+
+# Extra options to pass to the pandoc command.
+# by default, it's empty, is a list of strings, for example
+# ['-F', 'pandoc-citeproc', '--bibliography=/Users/foo/references.bib']
+# Pandoc does not demote headers by default.  To enable this, you can use, for example
+# ['--base-header-level=2']
+# PANDOC_OPTIONS = []
+
+# Social buttons. This is sample code for AddThis (which was the default for a
+# long time). Insert anything you want here, or even make it empty (which is
+# the default right now)
+# (translatable)
+# SOCIAL_BUTTONS_CODE = """
+# <!-- Social buttons -->
+# <div id="addthisbox" class="addthis_toolbox addthis_peekaboo_style addthis_default_style addthis_label_style addthis_32x32_style">
+# <a class="addthis_button_more">Share</a>
+# <ul><li><a class="addthis_button_facebook"></a>
+# <li><a class="addthis_button_google_plusone_share"></a>
+# <li><a class="addthis_button_linkedin"></a>
+# <li><a class="addthis_button_twitter"></a>
+# </ul>
+# </div>
+# <script src="https://s7.addthis.com/js/300/addthis_widget.js#pubid=ra-4f7088a56bb93798"></script>
+# <!-- End of social buttons -->
+# """
+
+# Show link to source for the posts?
+# SHOW_SOURCELINK = True
+# Copy the source files for your pages?
+# Setting it to False implies SHOW_SOURCELINK = False
+# COPY_SOURCES = True
+
+# Modify the number of Post per Index Page
+# Defaults to 10
+# INDEX_DISPLAY_POST_COUNT = 10
+
+# By default, Nikola generates RSS files for the website and for tags, and
+# links to it.  Set this to False to disable everything RSS-related.
+# GENERATE_RSS = True
+
+# By default, Nikola does not generates Atom files for indexes and links to
+# them. Generate Atom for tags by setting TAG_PAGES_ARE_INDEXES to True.
+# Atom feeds are built based on INDEX_DISPLAY_POST_COUNT and not FEED_LENGTH
+# Switch between plain-text summaries and full HTML content using the
+# FEED_TEASER option. FEED_LINKS_APPEND_QUERY is also respected. Atom feeds
+# are generated even for old indexes and have pagination link relations
+# between each other. Old Atom feeds with no changes are marked as archived.
+# GENERATE_ATOM = False
+
+# Only include teasers in Atom and RSS feeds. Disabling include the full
+# content. Defaults to True.
+# FEED_TEASERS = True
+
+# Strip HTML from Atom and RSS feed summaries and content. Defaults to False.
+# FEED_PLAIN = False
+
+# Number of posts in Atom and RSS feeds.
+# FEED_LENGTH = 10
+
+# RSS_LINK is a HTML fragment to link the RSS or Atom feeds. If set to None,
+# the base.tmpl will use the feed Nikola generates. However, you may want to
+# change it for a FeedBurner feed or something else.
+# RSS_LINK = None
+
+# A search form to search this site, for the sidebar. You can use a Google
+# custom search (https://www.google.com/cse/)
+# Or a DuckDuckGo search: https://duckduckgo.com/search_box.html
+# Default is no search form.
+# (translatable)
+# SEARCH_FORM = ""
+#
+# This search form works for any site and looks good in the "site" theme where
+# it appears on the navigation bar:
+#
+# SEARCH_FORM = """
+# <!-- DuckDuckGo custom search -->
+# <form method="get" id="search" action="https://duckduckgo.com/"
+#  class="navbar-form pull-left">
+# <input type="hidden" name="sites" value="%s">
+# <input type="hidden" name="k8" value="#444444">
+# <input type="hidden" name="k9" value="#D51920">
+# <input type="hidden" name="kt" value="h">
+# <input type="text" name="q" maxlength="255"
+#  placeholder="Search&hellip;" class="span2" style="margin-top: 4px;">
+# <input type="submit" value="DuckDuckGo Search" style="visibility: hidden;">
+# </form>
+# <!-- End of custom search -->
+# """ % SITE_URL
+#
+# If you prefer a Google search form, here's an example that should just work:
+# SEARCH_FORM = """
+# <!-- Google custom search -->
+# <form method="get" action="https://www.google.com/search" class="navbar-form navbar-right" role="search">
+# <div class="form-group">
+# <input type="text" name="q" class="form-control" placeholder="Search">
+# </div>
+# <button type="submit" class="btn btn-primary">
+# 	<span class="glyphicon glyphicon-search"></span>
+# </button>
+# <input type="hidden" name="sitesearch" value="%s">
+# </form>
+# <!-- End of custom search -->
+# """ % SITE_URL
+
+# Use content distribution networks for jQuery, twitter-bootstrap css and js,
+# and html5shiv (for older versions of Internet Explorer)
+# If this is True, jQuery and html5shiv are served from the Google CDN and
+# Bootstrap is served from BootstrapCDN (provided by MaxCDN)
+# Set this to False if you want to host your site without requiring access to
+# external resources.
+# USE_CDN = False
+
+# Check for USE_CDN compatibility.
+# If you are using custom themes, have configured the CSS properly and are
+# receiving warnings about incompatibility but believe they are incorrect, you
+# can set this to False.
+# USE_CDN_WARNING = True
+
+# Extra things you want in the pages HEAD tag. This will be added right
+# before </head>
+# (translatable)
+# EXTRA_HEAD_DATA = ""
+# Google Analytics or whatever else you use. Added to the bottom of <body>
+# in the default template (base.tmpl).
+# (translatable)
+# BODY_END = ""
+
+# The possibility to extract metadata from the filename by using a
+# regular expression.
+# To make it work you need to name parts of your regular expression.
+# The following names will be used to extract metadata:
+# - title
+# - slug
+# - date
+# - tags
+# - link
+# - description
+#
+# An example re is the following:
+# '.*\/(?P<date>\d{4}-\d{2}-\d{2})-(?P<slug>.*)-(?P<title>.*)\.rst'
+# (Note the '.*\/' in the beginning -- matches source paths relative to conf.py)
+# FILE_METADATA_REGEXP = None
+
+# Should titles fetched from file metadata be unslugified (made prettier?)
+# FILE_METADATA_UNSLUGIFY_TITLES = True
+
+# If enabled, extract metadata from docinfo fields in reST documents.
+# If your text files start with a level 1 heading, it will be treated as the
+# document title and will be removed from the text.
+# USE_REST_DOCINFO_METADATA = False
+
+# If enabled, hide docinfo fields in reST document output
+# HIDE_REST_DOCINFO = False
+
+# Map metadata from other formats to Nikola names.
+# Supported formats: yaml, toml, rest_docinfo, markdown_metadata
+# METADATA_MAPPING = {}
+#
+# Example for Pelican compatibility:
+# METADATA_MAPPING = {
+#     "rest_docinfo": {"summary": "description", "modified": "updated"},
+#     "markdown_metadata": {"summary": "description", "modified": "updated"}
+# }
+# Other examples: https://getnikola.com/handbook.html#mapping-metadata-from-other-formats
+
+# Map metadata between types/values. (Runs after METADATA_MAPPING.)
+# Supported formats: nikola, yaml, toml, rest_docinfo, markdown_metadata
+# The value on the right should be a dict of callables.
+# METADATA_VALUE_MAPPING = {}
+# Examples:
+# METADATA_VALUE_MAPPING = {
+#     "yaml": {"keywords": lambda value: ', '.join(value)},  # yaml: 'keywords' list -> str
+#     "nikola": {
+#         "widgets": lambda value: value.split(', '),  # nikola: 'widgets' comma-separated string -> list
+#         "tags": str.lower  # nikola: force lowercase 'tags' (input would be string)
+#      }
+# }
+
+# Additional metadata that is added to a post when creating a new_post
+# ADDITIONAL_METADATA = {}
+
+# Nikola supports Twitter Card summaries, but they are disabled by default.
+# They make it possible for you to attach media to Tweets that link
+# to your content.
+#
+# Uncomment and modify to following lines to match your accounts.
+# Images displayed come from the `previewimage` meta tag.
+# You can specify the card type by using the `card` parameter in TWITTER_CARD.
+# TWITTER_CARD = {
+#     # 'use_twitter_cards': True,  # enable Twitter Cards
+#     # 'card': 'summary',          # Card type, you can also use 'summary_large_image',
+#                                   # see https://dev.twitter.com/cards/types
+#     # 'site': '@website',         # twitter nick for the website
+#     # 'creator': '@username',     # Username for the content creator / author.
+# }
+
+# Bundle JS and CSS into single files to make site loading faster in a HTTP/1.1
+# environment but is not recommended for HTTP/2.0 when caching is used.
+# Defaults to True.
+# USE_BUNDLES = True
+
+# Plugins you don't want to use. Be careful :-)
+# DISABLED_PLUGINS = ["render_galleries"]
+
+# Special settings to disable only parts of the indexes plugin.
+# Use with care.
+# DISABLE_INDEXES = False
+# DISABLE_MAIN_ATOM_FEED = False
+# DISABLE_MAIN_RSS_FEED = False
+
+# Add the absolute paths to directories containing plugins to use them.
+# For example, the `plugins` directory of your clone of the Nikola plugins
+# repository.
+# EXTRA_PLUGINS_DIRS = []
+
+# Add the absolute paths to directories containing themes to use them.
+# For example, the `v7` directory of your clone of the Nikola themes
+# repository.
+# EXTRA_THEMES_DIRS = []
+
+# List of regular expressions, links matching them will always be considered
+# valid by "nikola check -l"
+# LINK_CHECK_WHITELIST = []
+
+# If set to True, enable optional hyphenation in your posts (requires pyphen)
+# Enabling hyphenation has been shown to break math support in some cases,
+# use with caution.
+# HYPHENATE = False
+
+# The <hN> tags in HTML generated by certain compilers (reST/Markdown)
+# will be demoted by that much (1 → h1 will become h2 and so on)
+# This was a hidden feature of the Markdown and reST compilers in the
+# past.  Useful especially if your post titles are in <h1> tags too, for
+# example.
+# (defaults to 1.)
+# DEMOTE_HEADERS = 1
+
+# If you don’t like slugified file names ([a-z0-9] and a literal dash),
+# and would prefer to use all the characters your file system allows.
+# USE WITH CARE!  This is also not guaranteed to be perfect, and may
+# sometimes crash Nikola, your web server, or eat your cat.
+# USE_SLUGIFY = True
+
+# If set to True, the tags 'draft', 'mathjax' and 'private' have special
+# meaning. If set to False, these tags are handled like regular tags.
+USE_TAG_METADATA = False
+
+# If set to True, a warning is issued if one of the 'draft', 'mathjax'
+# and 'private' tags are found in a post. Useful for checking that
+# migration was successful.
+WARN_ABOUT_TAG_METADATA = False
+
+# Templates will use those filters, along with the defaults.
+# Consult your engine's documentation on filters if you need help defining
+# those.
+# TEMPLATE_FILTERS = {}
+
+# Put in global_context things you want available on all your templates.
+# It can be anything, data, functions, modules, etc.
+GLOBAL_CONTEXT = {
+}
+
+
+# Add functions here and they will be called with template
+# GLOBAL_CONTEXT as parameter when the template is about to be
+# rendered
+GLOBAL_CONTEXT_FILLER = []
diff --git a/docs/web/github_readme_to_pages.sh b/docs/web/github_readme_to_pages.sh
new file mode 100755
index 000000000..467a96578
--- /dev/null
+++ b/docs/web/github_readme_to_pages.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+function GenerateMarkdownHeader() {
+  TITLE="$1"
+  SLUG="$2"
+  DATE="$(date +'%Y-%m-%d %H:%M:%S UTC%:z')"
+  cat <<EOF
+<!--
+.. title: $TITLE
+.. slug: $SLUG
+.. date: $DATE
+.. tags:
+.. category:
+.. link:
+.. description:
+.. type: text
+-->
+EOF
+}
+
+if [[ -n "$1" ]]; then
+  BRANCH="$1"
+else
+  BRANCH="master"
+fi
+
+OUTPUT_DIR=./pages
+
+# main page
+OUTPUT_FILE="$OUTPUT_DIR"/index.md
+> $OUTPUT_FILE
+GenerateMarkdownHeader " " "index" >> $OUTPUT_FILE
+curl -sSL --silent https://raw.githubusercontent.com/idaholab/Malcolm/$BRANCH/README.md \
+  | sed '/name="TableOfContents"/,$d' \
+  | sed 's/^# Malcolm$//' \
+  | sed "s@\](https://github.com/idaholab/[Mm]alcolm/*)@\](https://malcolm.fyi/)@g" \
+  | sed "s@/[Mm]alcolm/blob/master/@/Malcolm/blob/$BRANCH/@g" \
+  | sed "s@\](\./@\](https://raw.githubusercontent.com/idaholab/Malcolm/$BRANCH/@g" \
+  >> $OUTPUT_FILE
+
+# documentation page
+OUTPUT_FILE="$OUTPUT_DIR"/documentation.md
+> $OUTPUT_FILE
+GenerateMarkdownHeader "Documentation" "documentation" >> $OUTPUT_FILE
+curl -sSL --silent https://raw.githubusercontent.com/idaholab/Malcolm/$BRANCH/README.md \
+  | sed '0,/name="TableOfContents"/d' \
+  | sed '/## Other Software/,$d' \
+  | sed "s@\](https://github.com/idaholab/[Mm]alcolm/*)@\](https://malcolm.fyi/)@g" \
+  | sed "s@/[Mm]alcolm/blob/master/@/Malcolm/blob/$BRANCH/@g" \
+  | sed "s@\](\./@\](https://raw.githubusercontent.com/idaholab/Malcolm/$BRANCH/@g" \
+  >> $OUTPUT_FILE
+
+# hedgehog Linux page
+OUTPUT_FILE="$OUTPUT_DIR"/hedgehog.md
+> $OUTPUT_FILE
+GenerateMarkdownHeader " " "hedgehog" >> $OUTPUT_FILE
+curl -sSL --silent https://raw.githubusercontent.com/idaholab/Malcolm/$BRANCH/sensor-iso/README.md \
+  | sed "s@\](https://github.com/idaholab/[Mm]alcolm/*)@\](https://malcolm.fyi/)@g" \
+  | sed "s@/[Mm]alcolm/blob/master/@/Malcolm/blob/$BRANCH/@g" \
+  | sed "s@\](\./docs/Notes.md@\](https://github.com/idaholab/Malcolm/blob/$BRANCH/sensor-iso/docs/Notes.md)@g" \
+  | sed "s@\](\./@\](https://raw.githubusercontent.com/idaholab/Malcolm/$BRANCH/sensor-iso/@g" \
+  >> $OUTPUT_FILE
+
+# build site
+nikola clean -a
+nikola build
\ No newline at end of file
diff --git a/docs/web/requirements.txt b/docs/web/requirements.txt
new file mode 100644
index 000000000..5b3e05575
--- /dev/null
+++ b/docs/web/requirements.txt
@@ -0,0 +1 @@
+Nikola[extras]

From 6e6eb221478a8872e02b809d40c6428d48cf0ae0 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 13 Jan 2020 15:02:35 -0700
Subject: [PATCH 002/183] bump moloch to 2.2.0

---
 Dockerfiles/moloch.Dockerfile           | 2 +-
 docker-compose-standalone-zeek-live.yml | 2 +-
 docker-compose-standalone.yml           | 2 +-
 docker-compose.yml                      | 2 +-
 sensor-iso/docs/Notes.md                | 4 ++--
 sensor-iso/moloch/Dockerfile            | 2 +-
 6 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Dockerfiles/moloch.Dockerfile b/Dockerfiles/moloch.Dockerfile
index eb9078887..b7f6ce306 100644
--- a/Dockerfiles/moloch.Dockerfile
+++ b/Dockerfiles/moloch.Dockerfile
@@ -4,7 +4,7 @@ FROM debian:buster-slim AS build
 
 ENV DEBIAN_FRONTEND noninteractive
 
-ENV MOLOCH_VERSION "2.1.2"
+ENV MOLOCH_VERSION "2.2.0"
 ENV MOLOCHDIR "/data/moloch"
 
 ADD moloch/scripts/bs4_remove_div.py /data/
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 4c2e1cefa..1e1aec89b 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -241,7 +241,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.1.2'
+      MOLOCH_VERSION : '2.2.0'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 6da54a451..c17f54e92 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -241,7 +241,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.1.2'
+      MOLOCH_VERSION : '2.2.0'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
diff --git a/docker-compose.yml b/docker-compose.yml
index 90a64c9ab..7e73ec37f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -264,7 +264,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.1.2'
+      MOLOCH_VERSION : '2.2.0'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index 0f543f3f8..f9eacc150 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -113,12 +113,12 @@ $ /usr/sbin/tcpdump \
 
 ### <a name="molochCompile"></a>Compiling Moloch from source
 
-At the time of writing, the [current stable release](https://github.com/aol/moloch/blob/master/CHANGELOG) of Moloch is [v2.1.2](https://github.com/aol/moloch/releases/tag/v2.1.2). The following bash script was used to install Moloch's build dependencies, download Moloch, build a Debian .deb package using [fpm](https://github.com/jordansissel/fpm) and install it. In building Hedgehog Linux, the building of this .deb is done inside a Docker container dedicated to that purpose.
+At the time of writing, the [current stable release](https://github.com/aol/moloch/blob/master/CHANGELOG) of Moloch is [v2.2.0](https://github.com/aol/moloch/releases/tag/v2.2.0). The following bash script was used to install Moloch's build dependencies, download Moloch, build a Debian .deb package using [fpm](https://github.com/jordansissel/fpm) and install it. In building Hedgehog Linux, the building of this .deb is done inside a Docker container dedicated to that purpose.
 
 ```bash
 #!/bin/bash
 
-MOLOCH_VERSION="2.1.2"
+MOLOCH_VERSION="2.2.0"
 MOLOCHDIR="/opt/moloch"
 
 OUTPUT_DIR="/tmp"
diff --git a/sensor-iso/moloch/Dockerfile b/sensor-iso/moloch/Dockerfile
index 59ac2389b..242535e54 100644
--- a/sensor-iso/moloch/Dockerfile
+++ b/sensor-iso/moloch/Dockerfile
@@ -6,7 +6,7 @@ LABEL maintainer="malcolm.netsec@gmail.com"
 
 ENV DEBIAN_FRONTEND noninteractive
 
-ENV MOLOCH_VERSION "2.1.2"
+ENV MOLOCH_VERSION "2.2.0"
 ENV MOLOCHDIR "/opt/moloch"
 
 RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \

From 76b1d2626f3925dc5a01c1a9306848cb6d4c5784 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 15 Jan 2020 07:52:52 -0700
Subject: [PATCH 003/183] reduce log noise

---
 scripts/logs.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/logs.sh b/scripts/logs.sh
index 576c9b5ff..472ab2875 100755
--- a/scripts/logs.sh
+++ b/scripts/logs.sh
@@ -37,7 +37,7 @@ BASE_PATH=`pwd`;
 # tail logs
 $DOCKER_COMPOSE_COMMAND ps
 echo ""
-IGNORE_LOG_TEXT="(deprecated|eshealth|update_mapping|throttling index|but no there are no living connections|saved_objects|\b(d|es)?stats\.json|esindices\/list|_cat\/indices|use_field_mapping|reaped unknown pid|Successfully handled GET request for '/'|GET /(_cat/health|api/status).+HTTP/[\d\.].+\b200\b|POST /(d?stats/d?stat|_bulk|fields/field/_search).+HTTP/[\d\.].+\b20[01]\b|POST  HTTP/[\d\.].+\b200\b|POST\s+/server/php/\s+HTTP/\d+\.\d+\"\s+\d+\s+\d+.*:8443/|kibana.+curl.+localhost.+GET /api/status 200)"
+IGNORE_LOG_TEXT="(deprecated|eshealth|update_mapping|throttling index|but no there are no living connections|saved_objects|\b(d|es)?stats\.json|esindices\/list|_cat\/indices|use_field_mapping|reaped unknown pid|Successfully handled GET request for '/'|GET /(_cat/health|api/status|sessions2-).+HTTP/[\d\.].+\b200\b|POST /(d?stats/d?stat|_bulk|fields/field/_search).+HTTP/[\d\.].+\b20[01]\b|POST  HTTP/[\d\.].+\b200\b|POST\s+/server/php/\s+HTTP/\d+\.\d+\"\s+\d+\s+\d+.*:8443/|kibana.+curl.+localhost.+GET /api/status 200)"
 
 $DOCKER_COMPOSE_COMMAND logs -f | grep --line-buffered -Piv "$IGNORE_LOG_TEXT"
 

From 0d479e5fbdc21ba1787d38d8786c344a21fdb2c1 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 15 Jan 2020 07:55:34 -0700
Subject: [PATCH 004/183] bump version for development to 1.8.2

---
 README.md                               | 54 ++++++++++++-------------
 docker-compose-standalone-zeek-live.yml | 26 ++++++------
 docker-compose-standalone.yml           | 26 ++++++------
 docker-compose.yml                      | 26 ++++++------
 sensor-iso/README.md                    |  2 +-
 sensor-iso/docs/Notes.md                | 16 +++-----
 6 files changed, 72 insertions(+), 78 deletions(-)

diff --git a/README.md b/README.md
index 3a2beedda..4031b4bce 100644
--- a/README.md
+++ b/README.md
@@ -126,19 +126,19 @@ You can then observe that the images have been retrieved by running `docker imag
 ```
 $ docker images
 REPOSITORY                                          TAG                 IMAGE ID            CREATED             SIZE
-malcolmnetsec/moloch                                1.8.1               xxxxxxxxxxxx        10 minutes ago      491MB
-malcolmnetsec/logstash-oss                          1.8.1               xxxxxxxxxxxx        17 minutes ago      1.4GB
-malcolmnetsec/zeek                                  1.8.1               xxxxxxxxxxxx        17 minutes ago      232MB
-malcolmnetsec/file-upload                           1.8.1               xxxxxxxxxxxx        23 minutes ago      199MB
-malcolmnetsec/pcap-capture                          1.8.1               xxxxxxxxxxxx        23 minutes ago      112MB
-malcolmnetsec/file-monitor                          1.8.1               xxxxxxxxxxxx        25 minutes ago      369MB
-malcolmnetsec/filebeat-oss                          1.8.1               xxxxxxxxxxxx        28 minutes ago      501MB
-malcolmnetsec/kibana-oss                            1.8.1               xxxxxxxxxxxx        28 minutes ago      964MB
-malcolmnetsec/pcap-monitor                          1.8.1               xxxxxxxxxxxx        28 minutes ago      156MB
-malcolmnetsec/curator                               1.8.1               xxxxxxxxxxxx        29 minutes ago      240MB
-malcolmnetsec/nginx-proxy                           1.8.1               xxxxxxxxxxxx        29 minutes ago      54.5MB
-malcolmnetsec/elastalert                            1.8.1               xxxxxxxxxxxx        30 minutes ago      276MB
-malcolmnetsec/htadmin                               1.8.1               xxxxxxxxxxxx        31 minutes ago      256MB
+malcolmnetsec/moloch                                1.8.2               xxxxxxxxxxxx        10 minutes ago      491MB
+malcolmnetsec/logstash-oss                          1.8.2               xxxxxxxxxxxx        17 minutes ago      1.4GB
+malcolmnetsec/zeek                                  1.8.2               xxxxxxxxxxxx        17 minutes ago      232MB
+malcolmnetsec/file-upload                           1.8.2               xxxxxxxxxxxx        23 minutes ago      199MB
+malcolmnetsec/pcap-capture                          1.8.2               xxxxxxxxxxxx        23 minutes ago      112MB
+malcolmnetsec/file-monitor                          1.8.2               xxxxxxxxxxxx        25 minutes ago      369MB
+malcolmnetsec/filebeat-oss                          1.8.2               xxxxxxxxxxxx        28 minutes ago      501MB
+malcolmnetsec/kibana-oss                            1.8.2               xxxxxxxxxxxx        28 minutes ago      964MB
+malcolmnetsec/pcap-monitor                          1.8.2               xxxxxxxxxxxx        28 minutes ago      156MB
+malcolmnetsec/curator                               1.8.2               xxxxxxxxxxxx        29 minutes ago      240MB
+malcolmnetsec/nginx-proxy                           1.8.2               xxxxxxxxxxxx        29 minutes ago      54.5MB
+malcolmnetsec/elastalert                            1.8.2               xxxxxxxxxxxx        30 minutes ago      276MB
+malcolmnetsec/htadmin                               1.8.2               xxxxxxxxxxxx        31 minutes ago      256MB
 docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         825MB
 ```
 
@@ -1353,7 +1353,7 @@ Building the ISO may take 30 minutes or more depending on your system. As the bu
 
 ```
 …
-Finished, created "/malcolm-build/malcolm-iso/malcolm-1.8.1.iso"
+Finished, created "/malcolm-build/malcolm-iso/malcolm-1.8.2.iso"
 …
 ```
 
@@ -1747,19 +1747,19 @@ Pulling zeek          ... done
 
 user@host:~/Malcolm$ docker images
 REPOSITORY                                          TAG                 IMAGE ID            CREATED             SIZE
-malcolmnetsec/moloch                                1.8.1               xxxxxxxxxxxx        27 minutes ago      517MB
-malcolmnetsec/zeek                                  1.8.1               xxxxxxxxxxxx        27 minutes ago      489MB
-malcolmnetsec/htadmin                               1.8.1               xxxxxxxxxxxx        2 hours ago         180MB
-malcolmnetsec/nginx-proxy                           1.8.1               xxxxxxxxxxxx        4 hours ago         53MB
-malcolmnetsec/file-upload                           1.8.1               xxxxxxxxxxxx        24 hours ago        198MB
-malcolmnetsec/pcap-capture                          1.8.1               xxxxxxxxxxxx        24 hours ago        111MB
-malcolmnetsec/pcap-monitor                          1.8.1               xxxxxxxxxxxx        24 hours ago        156MB
-malcolmnetsec/file-monitor                          1.8.1               xxxxxxxxxxxx        24 hours ago        355MB
-malcolmnetsec/logstash-oss                          1.8.1               xxxxxxxxxxxx        25 hours ago        1.24GB
-malcolmnetsec/curator                               1.8.1               xxxxxxxxxxxx        25 hours ago        303MB
-malcolmnetsec/kibana-oss                            1.8.1               xxxxxxxxxxxx        33 hours ago        944MB
-malcolmnetsec/filebeat-oss                          1.8.1               xxxxxxxxxxxx        11 days ago         459MB
-malcolmnetsec/elastalert                            1.8.1               xxxxxxxxxxxx        11 days ago         276MB
+malcolmnetsec/moloch                                1.8.2               xxxxxxxxxxxx        27 minutes ago      517MB
+malcolmnetsec/zeek                                  1.8.2               xxxxxxxxxxxx        27 minutes ago      489MB
+malcolmnetsec/htadmin                               1.8.2               xxxxxxxxxxxx        2 hours ago         180MB
+malcolmnetsec/nginx-proxy                           1.8.2               xxxxxxxxxxxx        4 hours ago         53MB
+malcolmnetsec/file-upload                           1.8.2               xxxxxxxxxxxx        24 hours ago        198MB
+malcolmnetsec/pcap-capture                          1.8.2               xxxxxxxxxxxx        24 hours ago        111MB
+malcolmnetsec/pcap-monitor                          1.8.2               xxxxxxxxxxxx        24 hours ago        156MB
+malcolmnetsec/file-monitor                          1.8.2               xxxxxxxxxxxx        24 hours ago        355MB
+malcolmnetsec/logstash-oss                          1.8.2               xxxxxxxxxxxx        25 hours ago        1.24GB
+malcolmnetsec/curator                               1.8.2               xxxxxxxxxxxx        25 hours ago        303MB
+malcolmnetsec/kibana-oss                            1.8.2               xxxxxxxxxxxx        33 hours ago        944MB
+malcolmnetsec/filebeat-oss                          1.8.2               xxxxxxxxxxxx        11 days ago         459MB
+malcolmnetsec/elastalert                            1.8.2               xxxxxxxxxxxx        11 days ago         276MB
 docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         769MB
 ```
 
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 1e1aec89b..bafecd19d 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -122,7 +122,7 @@ services:
       - ./elasticsearch:/usr/share/elasticsearch/data:delegated
       - ./elasticsearch-backup:/opt/elasticsearch/backup:delegated
   kibana:
-    image: malcolmnetsec/kibana-oss:1.8.1
+    image: malcolmnetsec/kibana-oss:1.8.2
     restart: "no"
     hostname: kibana
     environment:
@@ -145,7 +145,7 @@ services:
         retries: 3
         start_period: 200s
   elastalert:
-    image: malcolmnetsec/elastalert:1.8.1
+    image: malcolmnetsec/elastalert:1.8.2
     restart: "no"
     hostname: elastalert
     environment:
@@ -170,7 +170,7 @@ services:
       - ./elastalert/config/config.json:/opt/elastalert-server/config/config.json
       - ./elastalert/rules/:/opt/elastalert/rules/
   curator:
-    image: malcolmnetsec/curator:1.8.1
+    image: malcolmnetsec/curator:1.8.2
     restart: "no"
     hostname: curator
     environment:
@@ -180,7 +180,7 @@ services:
     depends_on:
       - elasticsearch
   logstash:
-    image: malcolmnetsec/logstash-oss:1.8.1
+    image: malcolmnetsec/logstash-oss:1.8.2
     restart: "no"
     hostname: logstash
     environment:
@@ -208,7 +208,7 @@ services:
       - ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
   filebeat:
-    image: malcolmnetsec/filebeat-oss:1.8.1
+    image: malcolmnetsec/filebeat-oss:1.8.2
     restart: "no"
     hostname: filebeat
     environment:
@@ -233,7 +233,7 @@ services:
       - ./filebeat/certs/client.crt:/certs/client.crt:ro
       - ./filebeat/certs/client.key:/certs/client.key:ro
   moloch:
-    image: malcolmnetsec/moloch:1.8.1
+    image: malcolmnetsec/moloch:1.8.2
     restart: "no"
     hostname: moloch
     env_file:
@@ -263,7 +263,7 @@ services:
       - ./moloch-logs:/data/moloch/logs
       - ./moloch-raw:/data/moloch/raw
   zeek:
-    image: malcolmnetsec/zeek:1.8.1
+    image: malcolmnetsec/zeek:1.8.2
     restart: "no"
     hostname: zeek
     environment:
@@ -280,7 +280,7 @@ services:
       - ./zeek-logs/upload:/zeek/upload
       - ./zeek-logs/extract_files:/zeek/extract_files
   file-monitor:
-    image: malcolmnetsec/file-monitor:1.8.1
+    image: malcolmnetsec/file-monitor:1.8.2
     restart: "no"
     hostname: filemon
     environment:
@@ -291,7 +291,7 @@ services:
       - ./zeek-logs/extract_files:/data/zeek/extract_files
       - ./zeek-logs/current:/data/zeek/logs
   pcap-capture:
-    image: malcolmnetsec/pcap-capture:1.8.1
+    image: malcolmnetsec/pcap-capture:1.8.2
     restart: "no"
     network_mode: host
     ulimits:
@@ -308,7 +308,7 @@ services:
     volumes:
       - ./pcap/upload:/pcap
   pcap-monitor:
-    image: malcolmnetsec/pcap-monitor:1.8.1
+    image: malcolmnetsec/pcap-monitor:1.8.2
     restart: "no"
     hostname: pcapmon
     environment:
@@ -322,7 +322,7 @@ services:
       - ./zeek-logs:/zeek
       - ./pcap:/pcap
   upload:
-    image: malcolmnetsec/file-upload:1.8.1
+    image: malcolmnetsec/file-upload:1.8.2
     restart: "no"
     hostname: upload
     env_file:
@@ -339,7 +339,7 @@ services:
     volumes:
       - ./pcap/upload:/var/www/upload/server/php/chroot/files
   htadmin:
-    image: malcolmnetsec/htadmin:1.8.1
+    image: malcolmnetsec/htadmin:1.8.2
     restart: "no"
     hostname: htadmin
     environment:
@@ -352,7 +352,7 @@ services:
       - ./htadmin/metadata:/var/www/htadmin/config/metadata:rw
       - ./nginx/htpasswd:/var/www/htadmin/config/htpasswd:rw
   nginx-proxy:
-    image: malcolmnetsec/nginx-proxy:1.8.1
+    image: malcolmnetsec/nginx-proxy:1.8.2
     restart: "no"
     hostname: nginx-proxy
     environment:
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index c17f54e92..133a0e7e4 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -122,7 +122,7 @@ services:
       - ./elasticsearch:/usr/share/elasticsearch/data:delegated
       - ./elasticsearch-backup:/opt/elasticsearch/backup:delegated
   kibana:
-    image: malcolmnetsec/kibana-oss:1.8.1
+    image: malcolmnetsec/kibana-oss:1.8.2
     restart: "no"
     hostname: kibana
     environment:
@@ -145,7 +145,7 @@ services:
         retries: 3
         start_period: 200s
   elastalert:
-    image: malcolmnetsec/elastalert:1.8.1
+    image: malcolmnetsec/elastalert:1.8.2
     restart: "no"
     hostname: elastalert
     environment:
@@ -170,7 +170,7 @@ services:
       - ./elastalert/config/config.json:/opt/elastalert-server/config/config.json
       - ./elastalert/rules/:/opt/elastalert/rules/
   curator:
-    image: malcolmnetsec/curator:1.8.1
+    image: malcolmnetsec/curator:1.8.2
     restart: "no"
     hostname: curator
     environment:
@@ -180,7 +180,7 @@ services:
     depends_on:
       - elasticsearch
   logstash:
-    image: malcolmnetsec/logstash-oss:1.8.1
+    image: malcolmnetsec/logstash-oss:1.8.2
     restart: "no"
     hostname: logstash
     environment:
@@ -208,7 +208,7 @@ services:
       - ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
   filebeat:
-    image: malcolmnetsec/filebeat-oss:1.8.1
+    image: malcolmnetsec/filebeat-oss:1.8.2
     restart: "no"
     hostname: filebeat
     environment:
@@ -233,7 +233,7 @@ services:
       - ./filebeat/certs/client.crt:/certs/client.crt:ro
       - ./filebeat/certs/client.key:/certs/client.key:ro
   moloch:
-    image: malcolmnetsec/moloch:1.8.1
+    image: malcolmnetsec/moloch:1.8.2
     restart: "no"
     hostname: moloch
     env_file:
@@ -263,7 +263,7 @@ services:
       - ./moloch-logs:/data/moloch/logs
       - ./moloch-raw:/data/moloch/raw
   zeek:
-    image: malcolmnetsec/zeek:1.8.1
+    image: malcolmnetsec/zeek:1.8.2
     restart: "no"
     hostname: zeek
     environment:
@@ -280,7 +280,7 @@ services:
       - ./zeek-logs/upload:/zeek/upload
       - ./zeek-logs/extract_files:/zeek/extract_files
   file-monitor:
-    image: malcolmnetsec/file-monitor:1.8.1
+    image: malcolmnetsec/file-monitor:1.8.2
     restart: "no"
     hostname: filemon
     environment:
@@ -291,7 +291,7 @@ services:
       - ./zeek-logs/extract_files:/data/zeek/extract_files
       - ./zeek-logs/current:/data/zeek/logs
   pcap-capture:
-    image: malcolmnetsec/pcap-capture:1.8.1
+    image: malcolmnetsec/pcap-capture:1.8.2
     restart: "no"
     network_mode: host
     ulimits:
@@ -308,7 +308,7 @@ services:
     volumes:
       - ./pcap/upload:/pcap
   pcap-monitor:
-    image: malcolmnetsec/pcap-monitor:1.8.1
+    image: malcolmnetsec/pcap-monitor:1.8.2
     restart: "no"
     hostname: pcapmon
     environment:
@@ -322,7 +322,7 @@ services:
       - ./zeek-logs:/zeek
       - ./pcap:/pcap
   upload:
-    image: malcolmnetsec/file-upload:1.8.1
+    image: malcolmnetsec/file-upload:1.8.2
     restart: "no"
     hostname: upload
     env_file:
@@ -339,7 +339,7 @@ services:
     volumes:
       - ./pcap/upload:/var/www/upload/server/php/chroot/files
   htadmin:
-    image: malcolmnetsec/htadmin:1.8.1
+    image: malcolmnetsec/htadmin:1.8.2
     restart: "no"
     hostname: htadmin
     environment:
@@ -352,7 +352,7 @@ services:
       - ./htadmin/metadata:/var/www/htadmin/config/metadata:rw
       - ./nginx/htpasswd:/var/www/htadmin/config/htpasswd:rw
   nginx-proxy:
-    image: malcolmnetsec/nginx-proxy:1.8.1
+    image: malcolmnetsec/nginx-proxy:1.8.2
     restart: "no"
     hostname: nginx-proxy
     environment:
diff --git a/docker-compose.yml b/docker-compose.yml
index 7e73ec37f..66a018a80 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -125,7 +125,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/kibana.Dockerfile
-    image: malcolmnetsec/kibana-oss:1.8.1
+    image: malcolmnetsec/kibana-oss:1.8.2
     restart: "no"
     hostname: kibana
     environment:
@@ -151,7 +151,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/elastalert.Dockerfile
-    image: malcolmnetsec/elastalert:1.8.1
+    image: malcolmnetsec/elastalert:1.8.2
     restart: "no"
     hostname: elastalert
     environment:
@@ -179,7 +179,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/curator.Dockerfile
-    image: malcolmnetsec/curator:1.8.1
+    image: malcolmnetsec/curator:1.8.2
     restart: "no"
     hostname: curator
     environment:
@@ -194,7 +194,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/logstash.Dockerfile
-    image: malcolmnetsec/logstash-oss:1.8.1
+    image: malcolmnetsec/logstash-oss:1.8.2
     restart: "no"
     hostname: logstash
     environment:
@@ -227,7 +227,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/filebeat.Dockerfile
-    image: malcolmnetsec/filebeat-oss:1.8.1
+    image: malcolmnetsec/filebeat-oss:1.8.2
     restart: "no"
     hostname: filebeat
     environment:
@@ -256,7 +256,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/moloch.Dockerfile
-    image: malcolmnetsec/moloch:1.8.1
+    image: malcolmnetsec/moloch:1.8.2
     restart: "no"
     hostname: moloch
     env_file:
@@ -291,7 +291,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/zeek.Dockerfile
-    image: malcolmnetsec/zeek:1.8.1
+    image: malcolmnetsec/zeek:1.8.2
     restart: "no"
     hostname: zeek
     environment:
@@ -312,7 +312,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/file-monitor.Dockerfile
-    image: malcolmnetsec/file-monitor:1.8.1
+    image: malcolmnetsec/file-monitor:1.8.2
     restart: "no"
     hostname: filemon
     environment:
@@ -326,7 +326,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/pcap-capture.Dockerfile
-    image: malcolmnetsec/pcap-capture:1.8.1
+    image: malcolmnetsec/pcap-capture:1.8.2
     restart: "no"
     network_mode: host
     ulimits:
@@ -346,7 +346,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/pcap-monitor.Dockerfile
-    image: malcolmnetsec/pcap-monitor:1.8.1
+    image: malcolmnetsec/pcap-monitor:1.8.2
     restart: "no"
     hostname: pcapmon
     environment:
@@ -363,7 +363,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/file-upload.Dockerfile
-    image: malcolmnetsec/file-upload:1.8.1
+    image: malcolmnetsec/file-upload:1.8.2
     restart: "no"
     hostname: upload
     env_file:
@@ -380,7 +380,7 @@ services:
     volumes:
       - ./pcap/upload:/var/www/upload/server/php/chroot/files
   htadmin:
-    image: malcolmnetsec/htadmin:1.8.1
+    image: malcolmnetsec/htadmin:1.8.2
     build:
       context: .
       dockerfile: Dockerfiles/htadmin.Dockerfile
@@ -399,7 +399,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/nginx.Dockerfile
-    image: malcolmnetsec/nginx-proxy:1.8.1
+    image: malcolmnetsec/nginx-proxy:1.8.2
     restart: "no"
     hostname: nginx-proxy
     environment:
diff --git a/sensor-iso/README.md b/sensor-iso/README.md
index 81a27ca73..23f491f6f 100644
--- a/sensor-iso/README.md
+++ b/sensor-iso/README.md
@@ -398,7 +398,7 @@ Building the ISO may take 90 minutes or more depending on your system. As the bu
 
 ```
 …
-Finished, created "/sensor-build/hedgehog-1.8.1.iso"
+Finished, created "/sensor-build/hedgehog-1.8.2.iso"
 …
 ```
 
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index f9eacc150..508beca3b 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -137,10 +137,6 @@ if [[ -n $VERBOSE ]]; then
 fi
 
 apt-get -q update
-apt-get install -q -y --no-install-recommends \
-    curl iproute2 git python python-dev sudo ruby ruby-dev rubygems build-essential 
-
-gem install --no-ri --no-rdoc fpm
 
 mkdir -p /opt
 curl -L -o /tmp/moloch.tar.gz "https://github.com/aol/moloch/archive/v$MOLOCH_VERSION.tar.gz"
@@ -163,19 +159,17 @@ cp -r ./capture/plugins/lua/samples "$MOLOCHDIR"/lua
 
 npm install license-checker; release/notice.txt.pl $MOLOCHDIR NOTICE release/CAPTURENOTICE > $MOLOCHDIR/NOTICE.txt
 
-curl -L -o "$MOLOCHDIR"/etc/ipv4-address-space.csv "https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.csv"
-curl -L -o "$MOLOCHDIR"/etc/oui.txt "https://raw.githubusercontent.com/wireshark/wireshark/master/manuf"
-curl -L -o /tmp/GeoLite2-Country.mmdb.gz "https://updates.maxmind.com/app/update_secure?edition_id=GeoLite2-Country"
-curl -L -o /tmp/GeoLite2-ASN.mmdb.gz "https://updates.maxmind.com/app/update_secure?edition_id=GeoLite2-ASN"
-zcat /tmp/GeoLite2-Country.mmdb.gz > "$MOLOCHDIR"/etc/GeoLite2-Country.mmdb
-zcat /tmp/GeoLite2-ASN.mmdb.gz > "$MOLOCHDIR"/etc/GeoLite2-ASN.mmdb
+ETC_FILES=$(shopt -s nullglob dotglob; echo /moloch-etc/*)
+if (( ${#ETC_FILES} )) ; then
+  mkdir -p $MOLOCHDIR/etc
+  cp -r /moloch-etc/* $MOLOCHDIR/etc/
+fi
 
 fpm -s dir -t deb -n moloch -x opt/moloch/logs -x opt/moloch/raw -v $MOLOCH_VERSION --iteration 1 --template-scripts --after-install "release/afterinstall.sh" --url "http://molo.ch" --description "Moloch Full Packet System" -d libwww-perl -d libjson-perl -d ethtool -d libyaml-dev "$MOLOCHDIR"
 
 ls -l *.deb && mv -v *.deb "$OUTPUT_DIR"/
 
 cd /tmp
-rm -rf /tmp/moloch-$MOLOCH_VER.tar.gz /tmp/moloch-$MOLOCH_VER /tmp/GeoLite2-Country.mmdb.gz /tmp/GeoLite2-ASN.mmdb.gz
 
 if [[ -n $VERBOSE ]]; then
   set +x

From 00275c8d3d51695381a71dbc323a1820d54f0676 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 15 Jan 2020 09:09:11 -0700
Subject: [PATCH 005/183] set elastalert index settings for a single node

---
 elastalert/config/config.json     | 2 +-
 elastalert/config/elastalert.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/elastalert/config/config.json b/elastalert/config/config.json
index 5f28031eb..ccac36286 100644
--- a/elastalert/config/config.json
+++ b/elastalert/config/config.json
@@ -18,7 +18,7 @@
   "es_port": 9200,
   "writeback_index": "elastalert_status",
   "index_settings": {
-    "shards": 2,
+    "shards": 1,
     "replicas": 0
   }
 }
diff --git a/elastalert/config/elastalert.yaml b/elastalert/config/elastalert.yaml
index b0a735fad..1fdec1b25 100644
--- a/elastalert/config/elastalert.yaml
+++ b/elastalert/config/elastalert.yaml
@@ -43,7 +43,7 @@ buffer_time:
 # elastalert-create-index to set a mapping
 writeback_index: elastalert_status
 index_settings:
-  shards: 2
+  shards: 1
   replicas: 0
 
 # If an alert fails for some reason, ElastAlert will retry

From e8ddf4471d452c9fe8d985f5040e25b1dfd64563 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 15 Jan 2020 11:32:40 -0700
Subject: [PATCH 006/183] fix issue #97, when using tcpdump the capture files
 are named .pcap.pcap

---
 pcap-capture/templates/tcpdump.template | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pcap-capture/templates/tcpdump.template b/pcap-capture/templates/tcpdump.template
index 819a5630d..aa9f7c3d3 100644
--- a/pcap-capture/templates/tcpdump.template
+++ b/pcap-capture/templates/tcpdump.template
@@ -1,5 +1,5 @@
 [program:tcpdump-$IFACE]
-command=/usr/sbin/tcpdump -i "$IFACE" -s %(ENV_PCAP_SNAPLEN)s -w "tcpdump-$IFACE_%(ENV_PCAP_TCPDUMP_FILENAME_PATTERN)s.pcap" -G %(ENV_PCAP_ROTATE_SECONDS)s -C %(ENV_PCAP_ROTATE_MEGABYTES)s -K -n "%(ENV_PCAP_FILTER)s"
+command=/usr/sbin/tcpdump -i "$IFACE" -s %(ENV_PCAP_SNAPLEN)s -w "tcpdump-$IFACE_%(ENV_PCAP_TCPDUMP_FILENAME_PATTERN)s" -G %(ENV_PCAP_ROTATE_SECONDS)s -C %(ENV_PCAP_ROTATE_MEGABYTES)s -K -n "%(ENV_PCAP_FILTER)s"
 startsecs=5
 startretries=3
 stopasgroup=true

From a7c7f6052467e23a4cad055aa8cd264ce95cde9a Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 16 Jan 2020 07:40:17 -0700
Subject: [PATCH 007/183] check moloch viewer status page periodically for
 docker container health check

---
 docker-compose-standalone-zeek-live.yml | 6 ++++++
 docker-compose-standalone.yml           | 6 ++++++
 docker-compose.yml                      | 6 ++++++
 scripts/logs.sh                         | 2 +-
 4 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index bafecd19d..78de256f2 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -254,6 +254,12 @@ services:
         hard: -1
     depends_on:
       - elasticsearch
+    healthcheck:
+        test: ["CMD", "curl", "-f", "http://localhost:8005/_ns_/nstest.html"]
+        interval: 90s
+        timeout: 30s
+        retries: 3
+        start_period: 180s
     expose:
       - 8000
       - 8005
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 133a0e7e4..e0c38ef05 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -254,6 +254,12 @@ services:
         hard: -1
     depends_on:
       - elasticsearch
+    healthcheck:
+        test: ["CMD", "curl", "-f", "http://localhost:8005/_ns_/nstest.html"]
+        interval: 90s
+        timeout: 30s
+        retries: 3
+        start_period: 180s
     expose:
       - 8000
       - 8005
diff --git a/docker-compose.yml b/docker-compose.yml
index 66a018a80..ca67c5a45 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -277,6 +277,12 @@ services:
         hard: -1
     depends_on:
       - elasticsearch
+    healthcheck:
+        test: ["CMD", "curl", "-f", "http://localhost:8005/_ns_/nstest.html"]
+        interval: 90s
+        timeout: 30s
+        retries: 3
+        start_period: 180s
     expose:
       - 8000
       - 8005
diff --git a/scripts/logs.sh b/scripts/logs.sh
index 472ab2875..33a1204aa 100755
--- a/scripts/logs.sh
+++ b/scripts/logs.sh
@@ -37,7 +37,7 @@ BASE_PATH=`pwd`;
 # tail logs
 $DOCKER_COMPOSE_COMMAND ps
 echo ""
-IGNORE_LOG_TEXT="(deprecated|eshealth|update_mapping|throttling index|but no there are no living connections|saved_objects|\b(d|es)?stats\.json|esindices\/list|_cat\/indices|use_field_mapping|reaped unknown pid|Successfully handled GET request for '/'|GET /(_cat/health|api/status|sessions2-).+HTTP/[\d\.].+\b200\b|POST /(d?stats/d?stat|_bulk|fields/field/_search).+HTTP/[\d\.].+\b20[01]\b|POST  HTTP/[\d\.].+\b200\b|POST\s+/server/php/\s+HTTP/\d+\.\d+\"\s+\d+\s+\d+.*:8443/|kibana.+curl.+localhost.+GET /api/status 200)"
+IGNORE_LOG_TEXT="(deprecated|eshealth|update_mapping|throttling index|but no there are no living connections|saved_objects|\b(d|es)?stats\.json|esindices\/list|_cat\/indices|use_field_mapping|reaped unknown pid|Successfully handled GET request for '/'|GET /(_cat/health|api/status|sessions2-).+HTTP/[\d\.].+\b200\b|POST /(d?stats/d?stat|_bulk|fields/field/_search).+HTTP/[\d\.].+\b20[01]\b|POST  HTTP/[\d\.].+\b200\b|POST\s+/server/php/\s+HTTP/\d+\.\d+\"\s+\d+\s+\d+.*:8443/|kibana.+curl.+localhost.+GET /api/status 200|moloch.+GET /_ns_/nstest.html 200)"
 
 $DOCKER_COMPOSE_COMMAND logs -f | grep --line-buffered -Piv "$IGNORE_LOG_TEXT"
 

From 3066800bdda4f25f20dd98d6b55737bea3364de3 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 16 Jan 2020 07:53:49 -0700
Subject: [PATCH 008/183] fix docker-compose log verbosity

---
 scripts/logs.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/logs.sh b/scripts/logs.sh
index 33a1204aa..53936800d 100755
--- a/scripts/logs.sh
+++ b/scripts/logs.sh
@@ -37,7 +37,7 @@ BASE_PATH=`pwd`;
 # tail logs
 $DOCKER_COMPOSE_COMMAND ps
 echo ""
-IGNORE_LOG_TEXT="(deprecated|eshealth|update_mapping|throttling index|but no there are no living connections|saved_objects|\b(d|es)?stats\.json|esindices\/list|_cat\/indices|use_field_mapping|reaped unknown pid|Successfully handled GET request for '/'|GET /(_cat/health|api/status|sessions2-).+HTTP/[\d\.].+\b200\b|POST /(d?stats/d?stat|_bulk|fields/field/_search).+HTTP/[\d\.].+\b20[01]\b|POST  HTTP/[\d\.].+\b200\b|POST\s+/server/php/\s+HTTP/\d+\.\d+\"\s+\d+\s+\d+.*:8443/|kibana.+curl.+localhost.+GET /api/status 200|moloch.+GET /_ns_/nstest.html 200)"
+IGNORE_LOG_TEXT="(deprecated|eshealth|update_mapping|throttling index|but no there are no living connections|saved_objects|\b(d|es)?stats\.json|\/_ns_\/nstest\.html|esindices\/list|_cat\/indices|use_field_mapping|reaped unknown pid|Successfully handled GET request for '/'|GET /(_cat/health|api/status|sessions2-).+HTTP/[\d\.].+\b200\b|POST /(d?stats/d?stat|_bulk|fields/field/_search).+HTTP/[\d\.].+\b20[01]\b|POST  HTTP/[\d\.].+\b200\b|POST\s+/server/php/\s+HTTP/\d+\.\d+\"\s+\d+\s+\d+.*:8443/|kibana.+curl.+localhost.+GET /api/status 200)"
 
 $DOCKER_COMPOSE_COMMAND logs -f | grep --line-buffered -Piv "$IGNORE_LOG_TEXT"
 

From ba8b51f68af92fa3ffb83052577a94581aa9bdbf Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 16 Jan 2020 08:49:00 -0700
Subject: [PATCH 009/183] made kibana_index_refresh.py more robust as suggested
 by @fabrie in issue #100

use a _find API to get the index ID for a given index name instead of just the saved_objects/index-pattern API

Example in test environment:

Before adding new fields (dry run):
```
/home/user/devel/github/malcolm/kibana/scripts/kibana_index_refresh.py
Arguments: ['-v', '-n', '-k', 'http://192.168.0.11:5601/kibana']
Arguments: Namespace(debug=True, dryrun=True, index='sessions2-*', url='http://192.168.0.11:5601/kibana')
Kibana version is 7.5.1
Index ID for sessions2-* is sessions2-*
sessions2-* would have 465 fields
success (dry run only, no write performed)
```

After adding new fields (dry run):
```
/home/user/devel/github/malcolm/kibana/scripts/kibana_index_refresh.py
Arguments: ['-v', '-n', '-k', 'http://192.168.0.11:5601/kibana']
Arguments: Namespace(debug=True, dryrun=True, index='sessions2-*', url='http://192.168.0.11:5601/kibana')
Kibana version is 7.5.1
Index ID for sessions2-* is sessions2-*
sessions2-* would have 481 fields
success (dry run only, no write performed)
```

After adding new fields (update index mapping):
```
/home/user/devel/github/malcolm/kibana/scripts/kibana_index_refresh.py
Arguments: ['-v', '-k', 'http://192.168.0.11:5601/kibana']
Arguments: Namespace(debug=True, dryrun=False, index='sessions2-*', url='http://192.168.0.11:5601/kibana')
Kibana version is 7.5.1
Index ID for sessions2-* is sessions2-*
sessions2-* would have 481 fields
success
```
---
 kibana/scripts/kibana_index_refresh.py | 74 +++++++++++++++-----------
 1 file changed, 43 insertions(+), 31 deletions(-)

diff --git a/kibana/scripts/kibana_index_refresh.py b/kibana/scripts/kibana_index_refresh.py
index cf80af9fd..d0d7079bc 100755
--- a/kibana/scripts/kibana_index_refresh.py
+++ b/kibana/scripts/kibana_index_refresh.py
@@ -10,7 +10,7 @@
 import sys
 
 GET_STATUS_API = 'api/status'
-GET_INDEX_PATTERN_INFO_URI = 'api/saved_objects/index-pattern'
+GET_INDEX_PATTERN_INFO_URI = 'api/saved_objects/_find'
 GET_FIELDS_URI = 'api/index_patterns/_fields_for_wildcard'
 PUT_INDEX_PATTERN_URI = 'api/saved_objects/index-pattern'
 
@@ -78,42 +78,54 @@ def main():
   if debug:
     eprint('Kibana version is {}'.format(kibanaVersion))
 
-  # get the ID of the index name (probably will be the same as the name)
-  getIndexInfoResponse = requests.get('{}/{}/{}'.format(args.url, GET_INDEX_PATTERN_INFO_URI, args.index))
+  # find the ID of the index name (probably will be the same as the name)
+  getIndexInfoResponse = requests.get(
+    '{}/{}'.format(args.url, GET_INDEX_PATTERN_INFO_URI),
+    params={
+      'type': 'index-pattern',
+      'fields': 'id',
+      'search': f'"{args.index}"'
+    }
+  )
   getIndexInfoResponse.raise_for_status()
   getIndexInfo = getIndexInfoResponse.json()
-  indexId = getIndexInfo['id']
+  indexId = getIndexInfo['saved_objects'][0]['id'] if (len(getIndexInfo['saved_objects']) > 0) else None
   if debug:
     eprint('Index ID for {} is {}'.format(args.index, indexId))
 
-  # get the fields list
-  getFieldsResponse = requests.get('{}/{}'.format(args.url, GET_FIELDS_URI),
-                                   params={ 'pattern': args.index,
-                                            'meta_fields': ["_source","_id","_type","_index","_score"] })
-  getFieldsResponse.raise_for_status()
-  getFieldsList = getFieldsResponse.json()['fields']
-  if debug:
-    eprint('{} would have {} fields'.format(args.index, len(getFieldsList)))
-
-  # set the index pattern with our complete list of fields
-  if not args.dryrun:
-    putIndexInfo = {}
-    putIndexInfo['attributes'] = {}
-    putIndexInfo['attributes']['title'] = args.index
-    putIndexInfo['attributes']['fields'] = json.dumps(getFieldsList)
-
-    putResponse = requests.put('{}/{}/{}'.format(args.url, PUT_INDEX_PATTERN_URI, indexId),
-                               headers={ 'Content-Type': 'application/json',
-                                         'kbn-xsrf': 'true',
-                                         'kbn-version': kibanaVersion, },
-                               data=json.dumps(putIndexInfo))
-    putResponse.raise_for_status()
-
-  # if we got this far, it probably worked!
-  if args.dryrun:
-    print("success (dry run only, no write performed)")
+  if indexId is not None:
+
+    # get the fields list
+    getFieldsResponse = requests.get('{}/{}'.format(args.url, GET_FIELDS_URI),
+                                     params={ 'pattern': args.index,
+                                              'meta_fields': ["_source","_id","_type","_index","_score"] })
+    getFieldsResponse.raise_for_status()
+    getFieldsList = getFieldsResponse.json()['fields']
+    if debug:
+      eprint('{} would have {} fields'.format(args.index, len(getFieldsList)))
+
+    # set the index pattern with our complete list of fields
+    if not args.dryrun:
+      putIndexInfo = {}
+      putIndexInfo['attributes'] = {}
+      putIndexInfo['attributes']['title'] = args.index
+      putIndexInfo['attributes']['fields'] = json.dumps(getFieldsList)
+
+      putResponse = requests.put('{}/{}/{}'.format(args.url, PUT_INDEX_PATTERN_URI, indexId),
+                                 headers={ 'Content-Type': 'application/json',
+                                           'kbn-xsrf': 'true',
+                                           'kbn-version': kibanaVersion, },
+                                 data=json.dumps(putIndexInfo))
+      putResponse.raise_for_status()
+
+    # if we got this far, it probably worked!
+    if args.dryrun:
+      print("success (dry run only, no write performed)")
+    else:
+      print("success")
+
   else:
-    print("success")
+    print("failure (could not find Index ID for {})".format(args.index))
 
 if __name__ == '__main__':
   main()

From 1d9c6d6b0536302698f787442df7be3f55378eff Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 16 Jan 2020 12:13:59 -0700
Subject: [PATCH 010/183] added plugin for detecting cve-2020-0601

---
 README.md                          | 1 +
 shared/bin/zeek_install_plugins.sh | 1 +
 2 files changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 4031b4bce..46dbbc0aa 100644
--- a/README.md
+++ b/README.md
@@ -204,6 +204,7 @@ Malcolm leverages the following excellent open source tools, among others.
     * Salesforce's [HASSH](https://github.com/salesforce/hassh) SSH fingerprinting plugin
     * Salesforce's [JA3](https://github.com/salesforce/ja3) TLS fingerprinting plugin
     * SoftwareConsultingEmporium's [Bro::LDAP](https://github.com/SoftwareConsultingEmporium/ldap-analyzer) analyzer
+    * Johanna Amann's [CVE-2020-0601](https://github.com/0xxon/cve-2020-0601) ECC certificate validation plugin
 * [GeoLite2](https://dev.maxmind.com/geoip/geoip2/geolite2/) - Malcolm includes GeoLite2 data created by [MaxMind](https://www.maxmind.com)
 
 ## <a name="Protocols"></a>Supported Protocols
diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh
index 55713f125..07a69b2e3 100755
--- a/shared/bin/zeek_install_plugins.sh
+++ b/shared/bin/zeek_install_plugins.sh
@@ -77,6 +77,7 @@ ZKG_GITHUB_URLS=(
   https://github.com/lexibrent/zeek-EternalSafety
   https://github.com/salesforce/hassh
   https://github.com/salesforce/ja3
+  https://github.com/0xxon/cve-2020-0601
 )
 for i in ${ZKG_GITHUB_URLS[@]}; do
   SRC_DIR="$(clone_github_repo "$i")"

From 2a10fc4fd052c9d5c4ab0cb57a9d8033b571d50b Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 16 Jan 2020 14:55:22 -0700
Subject: [PATCH 011/183] work on issue #102, log access to Malcolm web
 interface(s) to Elasticsearch for analysis in Kibana

---
 Dockerfiles/filebeat.Dockerfile         | 17 ++++++++---
 Dockerfiles/nginx.Dockerfile            |  2 --
 README.md                               |  2 ++
 docker-compose-standalone-zeek-live.yml | 12 ++++++++
 docker-compose-standalone.yml           | 12 ++++++++
 docker-compose.yml                      | 12 ++++++++
 filebeat/filebeat-nginx.yml             | 40 +++++++++++++++++++++++++
 filebeat/supervisord.conf               | 18 +++++++++++
 nginx/supervisord.conf                  | 24 +++++++++++++++
 sensor-iso/moloch/etc/.gitignore        |  4 +++
 10 files changed, 137 insertions(+), 6 deletions(-)
 create mode 100644 filebeat/filebeat-nginx.yml
 create mode 100644 sensor-iso/moloch/etc/.gitignore

diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile
index 7a36ee8f1..07a3a5226 100644
--- a/Dockerfiles/filebeat.Dockerfile
+++ b/Dockerfiles/filebeat.Dockerfile
@@ -10,7 +10,6 @@ LABEL org.opencontainers.image.vendor='Idaho National Laboratory'
 LABEL org.opencontainers.image.title='malcolmnetsec/filebeat-oss'
 LABEL org.opencontainers.image.description='Malcolm container providing Filebeat (the Apache-licensed variant)'
 
-
 ARG FILEBEAT_LOG_CLEANUP_MINUTES=0
 ARG FILEBEAT_ZIP_CLEANUP_MINUTES=0
 ARG FILEBEAT_SCAN_FREQUENCY=10s
@@ -22,6 +21,8 @@ ARG FILEBEAT_CLOSE_REMOVED=true
 ARG FILEBEAT_CLOSE_EOF=true
 ARG FILEBEAT_CLEAN_REMOVED=true
 ARG FILEBEAT_LOG_PATH="/data/zeek/current"
+ARG FILEBEAT_NGINX_LOG_PATH="/data/nginx"
+ARG NGINX_LOG_ACCESS_AND_ERRORS=false
 ARG AUTO_TAG=true
 
 USER root
@@ -36,10 +37,16 @@ RUN yum install -y epel-release && \
 
 ADD shared/bin/cron_env_centos.sh /data/
 ADD filebeat/filebeat.yml /usr/share/filebeat/filebeat.yml
+ADD filebeat/filebeat-nginx.yml /usr/share/filebeat-nginx/filebeat-nginx.yml
 ADD filebeat/scripts /data/
+ADD shared/bin/elastic_search_status.sh /data/
 ADD filebeat/supervisord.conf /etc/supervisord.conf
-RUN chmod 755 /data/*.sh /data/*.py && \
-    mkdir -p /var/log/supervisor && \
+RUN mkdir -p /var/log/supervisor /usr/share/filebeat-nginx/data && \
+    chown -R root:filebeat /usr/share/filebeat-nginx && \
+    cp -a /usr/share/filebeat/module /usr/share/filebeat-nginx/module && \
+    chmod 750 /usr/share/filebeat-nginx && \
+    chmod 770 /usr/share/filebeat-nginx/data && \
+    chmod 755 /data/*.sh /data/*.py && \
     (echo -e "* * * * * su -c /data/filebeat-process-zeek-folder.sh filebeat >/dev/null 2>&1\n*/5 * * * * su -c /data/filebeat-clean-zeeklogs-processed-folder.py filebeat >/dev/null 2>&1" | crontab -)
 
 ENV FILEBEAT_LOG_CLEANUP_MINUTES $FILEBEAT_LOG_CLEANUP_MINUTES
@@ -53,13 +60,15 @@ ENV FILEBEAT_CLOSE_REMOVED $FILEBEAT_CLOSE_REMOVED
 ENV FILEBEAT_CLOSE_EOF $FILEBEAT_CLOSE_EOF
 ENV FILEBEAT_CLEAN_REMOVED $FILEBEAT_CLEAN_REMOVED
 ENV FILEBEAT_LOG_PATH $FILEBEAT_LOG_PATH
+ENV FILEBEAT_NGINX_LOG_PATH $FILEBEAT_NGINX_LOG_PATH
+ENV NGINX_LOG_ACCESS_AND_ERRORS $NGINX_LOG_ACCESS_AND_ERRORS
 ENV AUTO_TAG $AUTO_TAG
 
 ENV FILEBEAT_REGISTRY_FILE "/usr/share/filebeat/data/registry/filebeat/data.json"
 ENV FILEBEAT_ZEEK_DIR "/data/zeek/"
 ENV PATH="/data:${PATH}"
 
-VOLUME ["/usr/share/filebeat/data"]
+VOLUME ["/usr/share/filebeat/data", "/usr/share/filebeat-nginx/data"]
 
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf", "-u", "root", "-n"]
 
diff --git a/Dockerfiles/nginx.Dockerfile b/Dockerfiles/nginx.Dockerfile
index 84a1c8ac3..fc8d8388e 100644
--- a/Dockerfiles/nginx.Dockerfile
+++ b/Dockerfiles/nginx.Dockerfile
@@ -207,8 +207,6 @@ RUN set -x ; \
   mv /tmp/envsubst /usr/local/bin/ ; \
   mkdir -p /var/log/supervisor ; \
   rm -rf /usr/src/* /var/tmp/* /var/cache/apk/* /tmp/stunnel-*.apk /nginx.tar.gz /nginx-auth-ldap.tar.gz /ngx_http_auth_pam_module.tar.gz /docker-gen-alpine-linux-amd64-$DOCKER_GEN_VERSION.tar.gz; \
-  ln -sf /dev/stdout /var/log/nginx/access.log; \
-  ln -sf /dev/stderr /var/log/nginx/error.log; \
   touch /etc/nginx/nginx_ldap.conf /etc/nginx/nginx_blank.conf;
 
 COPY --from=jwilder/nginx-proxy:alpine /app/nginx.tmpl /etc/nginx/
diff --git a/README.md b/README.md
index 46dbbc0aa..28739bf30 100644
--- a/README.md
+++ b/README.md
@@ -424,6 +424,8 @@ Various other environment variables inside of `docker-compose.yml` can be tweake
 
 * `NGINX_BASIC_AUTH` - if set to `true`, use [TLS-encrypted HTTP basic](#AuthBasicAccountManagement) authentication (default); if set to `false`, use [Lightweight Directory Access Protocol (LDAP)](#AuthLDAP) authentication
 
+* `NGINX_LOG_ACCESS_AND_ERRORS` - if set to `true`, all access to Malcolm via its [web interfaces](#UserInterfaceURLs) will be logged to Elasticsearch (default `false`)
+
 * `MANAGE_PCAP_FILES` – if set to `true`, all PCAP files imported into Malcolm will be marked as available for deletion by Moloch if available storage space becomes too low (default `false`)
 
 * `ZEEK_AUTO_ANALYZE_PCAP_FILES` – if set to `true`, all PCAP files imported into Malcolm will automatically be analyzed by Zeek, and the resulting logs will also be imported (default `false`)
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 78de256f2..a448591be 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -16,6 +16,10 @@ x-auth-variables: &auth-variables
   # "extendedReq(1) LDAP_START_TLS_OID" command: winldap or openldap
   NGINX_LDAP_TLS_STUNNEL_PROTOCOL : 'winldap'
 
+x-nginx-variables: &nginx-variables
+  # Whether or not to write nginx's access.log and error.log to Elasticsearch
+  NGINX_LOG_ACCESS_AND_ERRORS : 'false'
+
 x-moloch-variables: &moloch-variables
   MANAGE_PCAP_FILES : 'false'
   MOLOCH_ANALYZE_PCAP_THREADS : 1
@@ -212,9 +216,11 @@ services:
     restart: "no"
     hostname: filebeat
     environment:
+      << : *nginx-variables
       << : *common-upload-variables
       << : *common-beats-variables
       FILEBEAT_LOG_PATH : '/data/zeek/current'
+      FILEBEAT_NGINX_LOG_PATH : '/data/nginx'
       FILEBEAT_LOG_CLEANUP_MINUTES : 180
       FILEBEAT_ZIP_CLEANUP_MINUTES : 360
       FILEBEAT_SCAN_FREQUENCY : '10s'
@@ -228,6 +234,7 @@ services:
     depends_on:
       - logstash
     volumes:
+      - nginx-log-path:/data/nginx:ro
       - ./zeek-logs:/data/zeek
       - ./filebeat/certs/ca.crt:/certs/ca.crt:ro
       - ./filebeat/certs/client.crt:/certs/client.crt:ro
@@ -363,6 +370,7 @@ services:
     hostname: nginx-proxy
     environment:
       << : *auth-variables
+      << : *nginx-variables
     depends_on:
       - moloch
       - kibana
@@ -378,9 +386,13 @@ services:
       - "9600:9600"
       - "28991:28991"
     volumes:
+      - nginx-log-path:/var/log/nginx:rw
       - /var/run/docker.sock:/tmp/docker.sock:ro
       - ./nginx/nginx_ldap.conf:/etc/nginx/nginx_ldap.conf:ro
       - ./nginx/htpasswd:/etc/nginx/.htpasswd:ro
       - ./nginx/certs:/etc/nginx/certs:ro
       - ./nginx/certs/dhparam.pem:/etc/nginx/dhparam/dhparam.pem:ro
 
+# shared named volume so filebeat can access nginx access logs
+volumes:
+  nginx-log-path:
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index e0c38ef05..3c844e3e3 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -16,6 +16,10 @@ x-auth-variables: &auth-variables
   # "extendedReq(1) LDAP_START_TLS_OID" command: winldap or openldap
   NGINX_LDAP_TLS_STUNNEL_PROTOCOL : 'winldap'
 
+x-nginx-variables: &nginx-variables
+  # Whether or not to write nginx's access.log and error.log to Elasticsearch
+  NGINX_LOG_ACCESS_AND_ERRORS : 'false'
+
 x-moloch-variables: &moloch-variables
   MANAGE_PCAP_FILES : 'false'
   MOLOCH_ANALYZE_PCAP_THREADS : 1
@@ -212,9 +216,11 @@ services:
     restart: "no"
     hostname: filebeat
     environment:
+      << : *nginx-variables
       << : *common-upload-variables
       << : *common-beats-variables
       FILEBEAT_LOG_PATH : '/data/zeek/current'
+      FILEBEAT_NGINX_LOG_PATH : '/data/nginx'
       FILEBEAT_LOG_CLEANUP_MINUTES : 180
       FILEBEAT_ZIP_CLEANUP_MINUTES : 360
       FILEBEAT_SCAN_FREQUENCY : '10s'
@@ -228,6 +234,7 @@ services:
     depends_on:
       - logstash
     volumes:
+      - nginx-log-path:/data/nginx:ro
       - ./zeek-logs:/data/zeek
       - ./filebeat/certs/ca.crt:/certs/ca.crt:ro
       - ./filebeat/certs/client.crt:/certs/client.crt:ro
@@ -363,6 +370,7 @@ services:
     hostname: nginx-proxy
     environment:
       << : *auth-variables
+      << : *nginx-variables
     depends_on:
       - moloch
       - kibana
@@ -378,9 +386,13 @@ services:
       - "9600:9600"
       - "28991:28991"
     volumes:
+      - nginx-log-path:/var/log/nginx:rw
       - /var/run/docker.sock:/tmp/docker.sock:ro
       - ./nginx/nginx_ldap.conf:/etc/nginx/nginx_ldap.conf:ro
       - ./nginx/htpasswd:/etc/nginx/.htpasswd:ro
       - ./nginx/certs:/etc/nginx/certs:ro
       - ./nginx/certs/dhparam.pem:/etc/nginx/dhparam/dhparam.pem:ro
 
+# shared named volume so filebeat can access nginx access logs
+volumes:
+  nginx-log-path:
diff --git a/docker-compose.yml b/docker-compose.yml
index ca67c5a45..17042aafa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -16,6 +16,10 @@ x-auth-variables: &auth-variables
   # "extendedReq(1) LDAP_START_TLS_OID" command: winldap or openldap
   NGINX_LDAP_TLS_STUNNEL_PROTOCOL : 'winldap'
 
+x-nginx-variables: &nginx-variables
+  # Whether or not to write nginx's access.log and error.log to Elasticsearch
+  NGINX_LOG_ACCESS_AND_ERRORS : 'false'
+
 x-moloch-variables: &moloch-variables
   MANAGE_PCAP_FILES : 'false'
   MOLOCH_ANALYZE_PCAP_THREADS : 1
@@ -231,9 +235,11 @@ services:
     restart: "no"
     hostname: filebeat
     environment:
+      << : *nginx-variables
       << : *common-upload-variables
       << : *common-beats-variables
       FILEBEAT_LOG_PATH : '/data/zeek/current'
+      FILEBEAT_NGINX_LOG_PATH : '/data/nginx'
       FILEBEAT_LOG_CLEANUP_MINUTES : 180
       FILEBEAT_ZIP_CLEANUP_MINUTES : 360
       FILEBEAT_SCAN_FREQUENCY : '10s'
@@ -247,6 +253,7 @@ services:
     depends_on:
       - logstash
     volumes:
+      - nginx-log-path:/data/nginx:ro
       - ./zeek-logs:/data/zeek
       - ./filebeat/certs/ca.crt:/certs/ca.crt:ro
       - ./filebeat/certs/client.crt:/certs/client.crt:ro
@@ -410,6 +417,7 @@ services:
     hostname: nginx-proxy
     environment:
       << : *auth-variables
+      << : *nginx-variables
     depends_on:
       - moloch
       - kibana
@@ -425,6 +433,7 @@ services:
       - "9600:9600"
       - "28991:28991"
     volumes:
+      - nginx-log-path:/var/log/nginx:rw
       - /var/run/docker.sock:/tmp/docker.sock:ro
       - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./nginx/nginx_ldap.conf:/etc/nginx/nginx_ldap.conf:ro
@@ -432,3 +441,6 @@ services:
       - ./nginx/certs:/etc/nginx/certs:ro
       - ./nginx/certs/dhparam.pem:/etc/nginx/dhparam/dhparam.pem:ro
 
+# shared named volume so filebeat can access nginx access logs
+volumes:
+  nginx-log-path:
diff --git a/filebeat/filebeat-nginx.yml b/filebeat/filebeat-nginx.yml
new file mode 100644
index 000000000..91c92e851
--- /dev/null
+++ b/filebeat/filebeat-nginx.yml
@@ -0,0 +1,40 @@
+# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+
+#================================ Modules ======================================
+filebeat.modules:
+- module: nginx
+  access:
+    enabled: true
+    var.paths: ["${FILEBEAT_NGINX_LOG_PATH:/data/nginx}/access.log*"]
+  error:
+    enabled: true
+    var.paths: ["${FILEBEAT_NGINX_LOG_PATH:/data/nginx}/error.log*"]
+
+#================================ Outputs ======================================
+
+#-------------------------- Elasticsearch output -------------------------------
+output.elasticsearch:
+  enabled: true
+  hosts: ["elasticsearch:9200"]
+  indices:
+    - index: "filebeat-%{[agent.version]}-nginx-%{+yyyy.MM.dd}"
+      when.equals:
+        event.module: "nginx"
+
+setup.template.enabled: true
+setup.template.overwrite: false
+setup.template.settings:
+  index.number_of_shards: 1
+  index.number_of_replicas: 0
+
+#============================== Dashboards =====================================
+setup.dashboards.enabled: true
+setup.dashboards.directory: "/usr/share/filebeat/kibana"
+
+#============================== Kibana =====================================
+setup.kibana:
+  host: "kibana:5601"
+  path: "/kibana"
+
+#================================ Logging ======================================
+logging.metrics.enabled: false
diff --git a/filebeat/supervisord.conf b/filebeat/supervisord.conf
index 573846daf..1abdd91b3 100644
--- a/filebeat/supervisord.conf
+++ b/filebeat/supervisord.conf
@@ -28,6 +28,24 @@ stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
 redirect_stderr=true
 
+[program:filebeat-nginx]
+command=bash -c "/data/elastic_search_status.sh && /usr/local/bin/docker-entrypoint -e --strict.perms=false \
+  --path.home /usr/share/filebeat-nginx \
+  --path.config /usr/share/filebeat-nginx \
+  --path.data /usr/share/filebeat-nginx/data \
+  -c /usr/share/filebeat-nginx/filebeat-nginx.yml \
+  --modules nginx"
+user=filebeat
+autostart=%(ENV_NGINX_LOG_ACCESS_AND_ERRORS)s
+startsecs=30
+startretries=2000000000
+stopasgroup=true
+killasgroup=true
+directory=/usr/share/filebeat-nginx
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+
 [program:watch-upload]
 command=/bin/bash -c "sleep 30 && /data/filebeat-watch-zeeklogs-uploads-folder.sh"
 startsecs=35
diff --git a/nginx/supervisord.conf b/nginx/supervisord.conf
index 784ce2b32..81ae1d8aa 100644
--- a/nginx/supervisord.conf
+++ b/nginx/supervisord.conf
@@ -26,6 +26,30 @@ stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
 redirect_stderr=true
 
+[program:logaccess]
+command=/usr/bin/tail -F /var/log/nginx/access.log
+startsecs=10
+startretries=2000000000
+stopasgroup=true
+killasgroup=true
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/null
+stdout_logfile_maxbytes=0
+redirect_stderr=false
+
+[program:logerrors]
+command=/usr/bin/tail -F /var/log/nginx/error.log
+startsecs=10
+startretries=2000000000
+stopasgroup=true
+killasgroup=true
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/null
+stdout_logfile_maxbytes=0
+redirect_stderr=false
+
 [program:dockergen]
 command=/usr/local/bin/docker-gen -watch -notify "nginx -s reload" /etc/nginx/nginx.tmpl /etc/nginx/conf.d/default.conf
 startsecs=5
diff --git a/sensor-iso/moloch/etc/.gitignore b/sensor-iso/moloch/etc/.gitignore
new file mode 100644
index 000000000..257e036a0
--- /dev/null
+++ b/sensor-iso/moloch/etc/.gitignore
@@ -0,0 +1,4 @@
+GeoLite2-*
+oui.txt*
+ipv4-address-space.csv*
+

From a26691a7b470297ac8de3d1d496ef64b2d6c2441 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 20 Jan 2020 13:55:14 -0700
Subject: [PATCH 012/183] nginx/php adjustments for issue #101, uploading very
 large pcap files may fail

---
 file-upload/nginx/sites-available/default | 12 ++++++----
 file-upload/php/php.ini                   |  8 +++----
 nginx/nginx.conf                          | 29 +++++++++++++++++------
 3 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/file-upload/nginx/sites-available/default b/file-upload/nginx/sites-available/default
index 72cf4e215..0ae59e1f7 100644
--- a/file-upload/nginx/sites-available/default
+++ b/file-upload/nginx/sites-available/default
@@ -3,10 +3,7 @@ server {
 
     sendfile on;
     client_max_body_size 20G;
-
-    proxy_buffer_size 128k;
-    proxy_buffers 4 256k;
-    proxy_busy_buffers_size 256k;
+    client_body_buffer_size 4M;
 
     root /var/www/upload;
     index index.php index.html index.htm;
@@ -19,7 +16,12 @@ server {
 
     location ~ \.php$ {
         include snippets/fastcgi-php.conf;
-        fastcgi_read_timeout 300;
+        fastcgi_buffers 16 64k;
+        fastcgi_buffer_size 256k;
+        fastcgi_read_timeout 300s;
+        fastcgi_send_timeout 300s;
+        fastcgi_busy_buffers_size 384k;
+        fastcgi_request_buffering off;
         fastcgi_pass unix:/run/php/php7.3-fpm.sock;
     }
 
diff --git a/file-upload/php/php.ini b/file-upload/php/php.ini
index 04cbf1cfb..7680c9be2 100644
--- a/file-upload/php/php.ini
+++ b/file-upload/php/php.ini
@@ -17,8 +17,8 @@ disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexi
 disable_classes =
 zend.enable_gc = On
 expose_php = Off
-max_execution_time = 600
-max_input_time = 600
+max_execution_time = 900
+max_input_time = 900
 memory_limit = 128M
 error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
 display_errors = Off
@@ -44,10 +44,10 @@ user_dir =
 enable_dl = Off
 file_uploads = On
 upload_max_filesize = 20G
-max_file_uploads = 20
+max_file_uploads = 8
 allow_url_fopen = On
 allow_url_include = Off
-default_socket_timeout = 60
+default_socket_timeout = 180
 
 [CLI Server]
 cli_server.color = On
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 9be5cf675..efd402de6 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -10,14 +10,21 @@ http {
 
   include /etc/nginx/mime.types;
   sendfile on;
+
   client_max_body_size 20m;
-  fastcgi_buffers 16 16k;
-  fastcgi_buffer_size 32k;
-  fastcgi_read_timeout 600;
-  proxy_read_timeout 600;
-  proxy_buffer_size 128k;
-  proxy_buffers 4 256k;
-  proxy_busy_buffers_size 256k;
+
+  fastcgi_buffers 16 64k;
+  fastcgi_buffer_size 256k;
+  fastcgi_read_timeout 300s;
+  fastcgi_busy_buffers_size 384k;
+  fastcgi_request_buffering off;
+
+  proxy_connect_timeout 180s;
+  proxy_read_timeout 300s;
+  proxy_send_timeout 300s;
+  proxy_buffer_size 512k;
+  proxy_buffers 16 4m;
+  proxy_busy_buffers_size 16m;
 
   # if LDAP authentication is enabled, this will configure the ldap_server section
   include /etc/nginx/nginx_ldap_rt.conf;
@@ -89,9 +96,13 @@ http {
 
     # Malcolm file upload
     location /upload {
+      proxy_http_version 1.1;
+      proxy_set_header Connection "";
       proxy_pass http://docker-upload;
       proxy_redirect off;
       proxy_set_header Host upload.malcolm.local;
+      proxy_request_buffering off;
+      proxy_buffering off;
       client_max_body_size 20G;
     }
 
@@ -188,9 +199,13 @@ http {
     }
 
     location / {
+      proxy_http_version 1.1;
+      proxy_set_header Connection "";
       proxy_pass http://docker-upload;
       proxy_redirect off;
       proxy_set_header Host upload.malcolm.local;
+      proxy_request_buffering off;
+      proxy_buffering off;
       client_max_body_size 20G;
     }
   }

From a0cbe89af452debafa78b86470b0747b195ab257 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 21 Jan 2020 07:48:09 -0700
Subject: [PATCH 013/183] fix a few of the control bash scripts to use GNU
 coreutils where applicable (issue #103)

A few uses of "grep" and "find" use flags unique to the GNU versions of those tools. As GNU coreutils was already required for a few other utilities I've done the same thing to detect and use ggrep and gfind when needed.

As suggested, it might be a good idea to rewrite these to use Python instead to be more portable (although I'll have to take care to make them work with both python 2/3 for various platforms).
---
 scripts/build.sh | 22 ++++++++++++----------
 scripts/logs.sh  | 18 ++++++++++--------
 scripts/wipe.sh  | 18 ++++++++++--------
 3 files changed, 32 insertions(+), 26 deletions(-)

diff --git a/scripts/build.sh b/scripts/build.sh
index 093878601..c7964854c 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -7,10 +7,18 @@ if [ -z "$BASH_VERSION" ]; then
   exit 1
 fi
 
+[[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
+[[ "$(uname -s)" = 'Darwin' ]] && DIRNAME=gdirname || DIRNAME=dirname
+[[ "$(uname -s)" = 'Darwin' ]] && GREP=ggrep || GREP=grep
+if ! (type "$REALPATH" && type "$DIRNAME" && type "$GREP") > /dev/null; then
+  echo "$(basename "${BASH_SOURCE[0]}") requires $REALPATH and $DIRNAME and $GREP"
+  exit 1
+fi
+
 if docker-compose version >/dev/null 2>&1; then
   DOCKER_COMPOSE_BIN=docker-compose
   DOCKER_BIN=docker
-elif grep -q Microsoft /proc/version && docker-compose.exe version >/dev/null 2>&1; then
+elif $GREP -q Microsoft /proc/version && docker-compose.exe version >/dev/null 2>&1; then
   DOCKER_COMPOSE_BIN=docker-compose.exe
   DOCKER_BIN=docker.exe
 fi
@@ -26,17 +34,11 @@ fi
 
 function filesize_in_image() {
   FILESPEC="$2"
-  IMAGE="$(grep -P "^\s+image:.*$1" docker-compose-standalone.yml | awk '{print $2}')"
+  IMAGE="$($GREP -P "^\s+image:.*$1" docker-compose-standalone.yml | awk '{print $2}')"
   $DOCKER_BIN run --rm --entrypoint /bin/sh "$IMAGE" -c "stat --printf='%s' \"$FILESPEC\""
 }
 
 # force-navigate to Malcolm base directory (parent of scripts/ directory)
-[[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
-[[ "$(uname -s)" = 'Darwin' ]] && DIRNAME=gdirname || DIRNAME=dirname
-if ! (type "$REALPATH" && type "$DIRNAME") > /dev/null; then
-  echo "$(basename "${BASH_SOURCE[0]}") requires $REALPATH and $DIRNAME"
-  exit 1
-fi
 SCRIPT_PATH="$($DIRNAME $($REALPATH -e "${BASH_SOURCE[0]}"))"
 pushd "$SCRIPT_PATH/.." >/dev/null 2>&1
 
@@ -59,7 +61,7 @@ read -p "Malcolm Docker images will now be built and/or pulled, force full clean
 CONFIRMATION=${CONFIRMATION:-N}
 
 BUILD_DATE="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
-MALCOLM_VERSION="$(grep -P "^\s+image:\s*malcolm" "$CONFIG_FILE" | awk '{print $2}' | cut -d':' -f2 | uniq -c | sort -nr | awk '{print $2}' | head -n 1)"
+MALCOLM_VERSION="$($GREP -P "^\s+image:\s*malcolm" "$CONFIG_FILE" | awk '{print $2}' | cut -d':' -f2 | uniq -c | sort -nr | awk '{print $2}' | head -n 1)"
 VCS_REVISION="$(git rev-parse --short HEAD 2>/dev/null || echo unknown)"
 
 # MaxMind now requires a (free) license key to download the free versions of their GeoIP databases.
@@ -68,7 +70,7 @@ if [ ${#MAXMIND_GEOIP_DB_LICENSE_KEY} -gt 1 ]; then
   MAXMIND_API_KEY="$MAXMIND_GEOIP_DB_LICENSE_KEY"
 else
   # but default to what they have saved in the docker-compose YML file
-  MAXMIND_API_KEY="$(grep -P "^\s*MAXMIND_GEOIP_DB_LICENSE_KEY\s*:\s" "$CONFIG_FILE" | cut -d: -f2 | tr -d '[:space:]'\'\" | head -n 1)"
+  MAXMIND_API_KEY="$($GREP -P "^\s*MAXMIND_GEOIP_DB_LICENSE_KEY\s*:\s" "$CONFIG_FILE" | cut -d: -f2 | tr -d '[:space:]'\'\" | head -n 1)"
 fi
 
 if [[ $CONFIRMATION =~ ^[Yy] ]]; then
diff --git a/scripts/logs.sh b/scripts/logs.sh
index 53936800d..4153a8535 100755
--- a/scripts/logs.sh
+++ b/scripts/logs.sh
@@ -7,9 +7,17 @@ if [ -z "$BASH_VERSION" ]; then
   exit 1
 fi
 
+[[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
+[[ "$(uname -s)" = 'Darwin' ]] && DIRNAME=gdirname || DIRNAME=dirname
+[[ "$(uname -s)" = 'Darwin' ]] && GREP=ggrep || GREP=grep
+if ! (type "$REALPATH" && type "$DIRNAME" && type "$GREP") > /dev/null; then
+  echo "$(basename "${BASH_SOURCE[0]}") requires $REALPATH and $DIRNAME and $GREP"
+  exit 1
+fi
+
 if docker-compose version >/dev/null 2>&1; then
   DOCKER_COMPOSE_BIN=docker-compose
-elif grep -q Microsoft /proc/version && docker-compose.exe version >/dev/null 2>&1; then
+elif $GREP -q Microsoft /proc/version && docker-compose.exe version >/dev/null 2>&1; then
   DOCKER_COMPOSE_BIN=docker-compose.exe
 fi
 
@@ -24,12 +32,6 @@ else
 fi
 
 # force-navigate to Malcolm base directory (parent of scripts/ directory)
-[[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
-[[ "$(uname -s)" = 'Darwin' ]] && DIRNAME=gdirname || DIRNAME=dirname
-if ! (type "$REALPATH" && type "$DIRNAME") > /dev/null; then
-  echo "$(basename "${BASH_SOURCE[0]}") requires $REALPATH and $DIRNAME"
-  exit 1
-fi
 SCRIPT_PATH="$($DIRNAME $($REALPATH -e "${BASH_SOURCE[0]}"))"
 pushd "$SCRIPT_PATH/.." >/dev/null 2>&1
 BASE_PATH=`pwd`;
@@ -39,7 +41,7 @@ $DOCKER_COMPOSE_COMMAND ps
 echo ""
 IGNORE_LOG_TEXT="(deprecated|eshealth|update_mapping|throttling index|but no there are no living connections|saved_objects|\b(d|es)?stats\.json|\/_ns_\/nstest\.html|esindices\/list|_cat\/indices|use_field_mapping|reaped unknown pid|Successfully handled GET request for '/'|GET /(_cat/health|api/status|sessions2-).+HTTP/[\d\.].+\b200\b|POST /(d?stats/d?stat|_bulk|fields/field/_search).+HTTP/[\d\.].+\b20[01]\b|POST  HTTP/[\d\.].+\b200\b|POST\s+/server/php/\s+HTTP/\d+\.\d+\"\s+\d+\s+\d+.*:8443/|kibana.+curl.+localhost.+GET /api/status 200)"
 
-$DOCKER_COMPOSE_COMMAND logs -f | grep --line-buffered -Piv "$IGNORE_LOG_TEXT"
+$DOCKER_COMPOSE_COMMAND logs -f | $GREP --line-buffered -Piv "$IGNORE_LOG_TEXT"
 
 echo ""
 
diff --git a/scripts/wipe.sh b/scripts/wipe.sh
index 37f832692..f5624416f 100755
--- a/scripts/wipe.sh
+++ b/scripts/wipe.sh
@@ -7,6 +7,14 @@ if [ -z "$BASH_VERSION" ]; then
   exit 1
 fi
 
+[[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
+[[ "$(uname -s)" = 'Darwin' ]] && DIRNAME=gdirname || DIRNAME=dirname
+[[ "$(uname -s)" = 'Darwin' ]] && FIND=gfind || FIND=find
+if ! (type "$REALPATH" && type "$DIRNAME" && type "$FIND") > /dev/null; then
+  echo "$(basename "${BASH_SOURCE[0]}") requires $REALPATH and $DIRNAME and $FIND"
+  exit 1
+fi
+
 if docker-compose version >/dev/null 2>&1; then
   DOCKER_COMPOSE_BIN=docker-compose
 elif grep -q Microsoft /proc/version && docker-compose.exe version >/dev/null 2>&1; then
@@ -24,12 +32,6 @@ else
 fi
 
 # force-navigate to Malcolm base directory (parent of scripts/ directory)
-[[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
-[[ "$(uname -s)" = 'Darwin' ]] && DIRNAME=gdirname || DIRNAME=dirname
-if ! (type "$REALPATH" && type "$DIRNAME") > /dev/null; then
-  echo "$(basename "${BASH_SOURCE[0]}") requires $REALPATH and $DIRNAME"
-  exit 1
-fi
 SCRIPT_PATH="$($DIRNAME $($REALPATH -e "${BASH_SOURCE[0]}"))"
 pushd "$SCRIPT_PATH/.." >/dev/null 2>&1
 
@@ -41,8 +43,8 @@ $SCRIPT_PATH/stop.sh "$CONFIG_FILE" wipe
 
 # completely clean out elasticsearch database and local files
 rm -rf ./elasticsearch/nodes 2>/dev/null
-find ./elasticsearch-backup/ ./zeek-logs/ ./moloch-logs/ ./pcap/ ./moloch-raw/ \( \( -type f -o -type l \) -a ! -name ".gitignore" \) -delete 2>/dev/null
-find ./elasticsearch-backup/logs/ ./zeek-logs/processed/ ./zeek-logs/current/ -mindepth 1 -type d -delete 2>/dev/null
+$FIND ./elasticsearch-backup/ ./zeek-logs/ ./moloch-logs/ ./pcap/ ./moloch-raw/ \( \( -type f -o -type l \) -a ! -name ".gitignore" \) -delete 2>/dev/null
+$FIND ./elasticsearch-backup/logs/ ./zeek-logs/processed/ ./zeek-logs/current/ -mindepth 1 -type d -delete 2>/dev/null
 
 echo "Malcolm has been stopped and its data cleared."
 echo ""

From e458f59bd153fb5bdce217a486963f8ffc02f770 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 21 Jan 2020 08:00:55 -0700
Subject: [PATCH 014/183] bump malcolm version to 1.9.0, moloch version to
 2.2.1

---
 Dockerfiles/moloch.Dockerfile           |  2 +-
 README.md                               | 54 ++++++++++++-------------
 docker-compose-standalone-zeek-live.yml | 28 ++++++-------
 docker-compose-standalone.yml           | 28 ++++++-------
 docker-compose.yml                      | 28 ++++++-------
 sensor-iso/README.md                    |  2 +-
 sensor-iso/docs/Notes.md                |  4 +-
 sensor-iso/moloch/Dockerfile            |  2 +-
 8 files changed, 74 insertions(+), 74 deletions(-)

diff --git a/Dockerfiles/moloch.Dockerfile b/Dockerfiles/moloch.Dockerfile
index b7f6ce306..99e31b66f 100644
--- a/Dockerfiles/moloch.Dockerfile
+++ b/Dockerfiles/moloch.Dockerfile
@@ -4,7 +4,7 @@ FROM debian:buster-slim AS build
 
 ENV DEBIAN_FRONTEND noninteractive
 
-ENV MOLOCH_VERSION "2.2.0"
+ENV MOLOCH_VERSION "2.2.1"
 ENV MOLOCHDIR "/data/moloch"
 
 ADD moloch/scripts/bs4_remove_div.py /data/
diff --git a/README.md b/README.md
index 28739bf30..0b99ae27d 100644
--- a/README.md
+++ b/README.md
@@ -126,19 +126,19 @@ You can then observe that the images have been retrieved by running `docker imag
 ```
 $ docker images
 REPOSITORY                                          TAG                 IMAGE ID            CREATED             SIZE
-malcolmnetsec/moloch                                1.8.2               xxxxxxxxxxxx        10 minutes ago      491MB
-malcolmnetsec/logstash-oss                          1.8.2               xxxxxxxxxxxx        17 minutes ago      1.4GB
-malcolmnetsec/zeek                                  1.8.2               xxxxxxxxxxxx        17 minutes ago      232MB
-malcolmnetsec/file-upload                           1.8.2               xxxxxxxxxxxx        23 minutes ago      199MB
-malcolmnetsec/pcap-capture                          1.8.2               xxxxxxxxxxxx        23 minutes ago      112MB
-malcolmnetsec/file-monitor                          1.8.2               xxxxxxxxxxxx        25 minutes ago      369MB
-malcolmnetsec/filebeat-oss                          1.8.2               xxxxxxxxxxxx        28 minutes ago      501MB
-malcolmnetsec/kibana-oss                            1.8.2               xxxxxxxxxxxx        28 minutes ago      964MB
-malcolmnetsec/pcap-monitor                          1.8.2               xxxxxxxxxxxx        28 minutes ago      156MB
-malcolmnetsec/curator                               1.8.2               xxxxxxxxxxxx        29 minutes ago      240MB
-malcolmnetsec/nginx-proxy                           1.8.2               xxxxxxxxxxxx        29 minutes ago      54.5MB
-malcolmnetsec/elastalert                            1.8.2               xxxxxxxxxxxx        30 minutes ago      276MB
-malcolmnetsec/htadmin                               1.8.2               xxxxxxxxxxxx        31 minutes ago      256MB
+malcolmnetsec/moloch                                1.9.0               xxxxxxxxxxxx        10 minutes ago      491MB
+malcolmnetsec/logstash-oss                          1.9.0               xxxxxxxxxxxx        17 minutes ago      1.4GB
+malcolmnetsec/zeek                                  1.9.0               xxxxxxxxxxxx        17 minutes ago      232MB
+malcolmnetsec/file-upload                           1.9.0               xxxxxxxxxxxx        23 minutes ago      199MB
+malcolmnetsec/pcap-capture                          1.9.0               xxxxxxxxxxxx        23 minutes ago      112MB
+malcolmnetsec/file-monitor                          1.9.0               xxxxxxxxxxxx        25 minutes ago      369MB
+malcolmnetsec/filebeat-oss                          1.9.0               xxxxxxxxxxxx        28 minutes ago      501MB
+malcolmnetsec/kibana-oss                            1.9.0               xxxxxxxxxxxx        28 minutes ago      964MB
+malcolmnetsec/pcap-monitor                          1.9.0               xxxxxxxxxxxx        28 minutes ago      156MB
+malcolmnetsec/curator                               1.9.0               xxxxxxxxxxxx        29 minutes ago      240MB
+malcolmnetsec/nginx-proxy                           1.9.0               xxxxxxxxxxxx        29 minutes ago      54.5MB
+malcolmnetsec/elastalert                            1.9.0               xxxxxxxxxxxx        30 minutes ago      276MB
+malcolmnetsec/htadmin                               1.9.0               xxxxxxxxxxxx        31 minutes ago      256MB
 docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         825MB
 ```
 
@@ -1356,7 +1356,7 @@ Building the ISO may take 30 minutes or more depending on your system. As the bu
 
 ```
 …
-Finished, created "/malcolm-build/malcolm-iso/malcolm-1.8.2.iso"
+Finished, created "/malcolm-build/malcolm-iso/malcolm-1.9.0.iso"
 …
 ```
 
@@ -1750,19 +1750,19 @@ Pulling zeek          ... done
 
 user@host:~/Malcolm$ docker images
 REPOSITORY                                          TAG                 IMAGE ID            CREATED             SIZE
-malcolmnetsec/moloch                                1.8.2               xxxxxxxxxxxx        27 minutes ago      517MB
-malcolmnetsec/zeek                                  1.8.2               xxxxxxxxxxxx        27 minutes ago      489MB
-malcolmnetsec/htadmin                               1.8.2               xxxxxxxxxxxx        2 hours ago         180MB
-malcolmnetsec/nginx-proxy                           1.8.2               xxxxxxxxxxxx        4 hours ago         53MB
-malcolmnetsec/file-upload                           1.8.2               xxxxxxxxxxxx        24 hours ago        198MB
-malcolmnetsec/pcap-capture                          1.8.2               xxxxxxxxxxxx        24 hours ago        111MB
-malcolmnetsec/pcap-monitor                          1.8.2               xxxxxxxxxxxx        24 hours ago        156MB
-malcolmnetsec/file-monitor                          1.8.2               xxxxxxxxxxxx        24 hours ago        355MB
-malcolmnetsec/logstash-oss                          1.8.2               xxxxxxxxxxxx        25 hours ago        1.24GB
-malcolmnetsec/curator                               1.8.2               xxxxxxxxxxxx        25 hours ago        303MB
-malcolmnetsec/kibana-oss                            1.8.2               xxxxxxxxxxxx        33 hours ago        944MB
-malcolmnetsec/filebeat-oss                          1.8.2               xxxxxxxxxxxx        11 days ago         459MB
-malcolmnetsec/elastalert                            1.8.2               xxxxxxxxxxxx        11 days ago         276MB
+malcolmnetsec/moloch                                1.9.0               xxxxxxxxxxxx        27 minutes ago      517MB
+malcolmnetsec/zeek                                  1.9.0               xxxxxxxxxxxx        27 minutes ago      489MB
+malcolmnetsec/htadmin                               1.9.0               xxxxxxxxxxxx        2 hours ago         180MB
+malcolmnetsec/nginx-proxy                           1.9.0               xxxxxxxxxxxx        4 hours ago         53MB
+malcolmnetsec/file-upload                           1.9.0               xxxxxxxxxxxx        24 hours ago        198MB
+malcolmnetsec/pcap-capture                          1.9.0               xxxxxxxxxxxx        24 hours ago        111MB
+malcolmnetsec/pcap-monitor                          1.9.0               xxxxxxxxxxxx        24 hours ago        156MB
+malcolmnetsec/file-monitor                          1.9.0               xxxxxxxxxxxx        24 hours ago        355MB
+malcolmnetsec/logstash-oss                          1.9.0               xxxxxxxxxxxx        25 hours ago        1.24GB
+malcolmnetsec/curator                               1.9.0               xxxxxxxxxxxx        25 hours ago        303MB
+malcolmnetsec/kibana-oss                            1.9.0               xxxxxxxxxxxx        33 hours ago        944MB
+malcolmnetsec/filebeat-oss                          1.9.0               xxxxxxxxxxxx        11 days ago         459MB
+malcolmnetsec/elastalert                            1.9.0               xxxxxxxxxxxx        11 days ago         276MB
 docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         769MB
 ```
 
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index a448591be..349202297 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -126,7 +126,7 @@ services:
       - ./elasticsearch:/usr/share/elasticsearch/data:delegated
       - ./elasticsearch-backup:/opt/elasticsearch/backup:delegated
   kibana:
-    image: malcolmnetsec/kibana-oss:1.8.2
+    image: malcolmnetsec/kibana-oss:1.9.0
     restart: "no"
     hostname: kibana
     environment:
@@ -149,7 +149,7 @@ services:
         retries: 3
         start_period: 200s
   elastalert:
-    image: malcolmnetsec/elastalert:1.8.2
+    image: malcolmnetsec/elastalert:1.9.0
     restart: "no"
     hostname: elastalert
     environment:
@@ -174,7 +174,7 @@ services:
       - ./elastalert/config/config.json:/opt/elastalert-server/config/config.json
       - ./elastalert/rules/:/opt/elastalert/rules/
   curator:
-    image: malcolmnetsec/curator:1.8.2
+    image: malcolmnetsec/curator:1.9.0
     restart: "no"
     hostname: curator
     environment:
@@ -184,7 +184,7 @@ services:
     depends_on:
       - elasticsearch
   logstash:
-    image: malcolmnetsec/logstash-oss:1.8.2
+    image: malcolmnetsec/logstash-oss:1.9.0
     restart: "no"
     hostname: logstash
     environment:
@@ -212,7 +212,7 @@ services:
       - ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
   filebeat:
-    image: malcolmnetsec/filebeat-oss:1.8.2
+    image: malcolmnetsec/filebeat-oss:1.9.0
     restart: "no"
     hostname: filebeat
     environment:
@@ -240,7 +240,7 @@ services:
       - ./filebeat/certs/client.crt:/certs/client.crt:ro
       - ./filebeat/certs/client.key:/certs/client.key:ro
   moloch:
-    image: malcolmnetsec/moloch:1.8.2
+    image: malcolmnetsec/moloch:1.9.0
     restart: "no"
     hostname: moloch
     env_file:
@@ -248,7 +248,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.2.0'
+      MOLOCH_VERSION : '2.2.1'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
@@ -276,7 +276,7 @@ services:
       - ./moloch-logs:/data/moloch/logs
       - ./moloch-raw:/data/moloch/raw
   zeek:
-    image: malcolmnetsec/zeek:1.8.2
+    image: malcolmnetsec/zeek:1.9.0
     restart: "no"
     hostname: zeek
     environment:
@@ -293,7 +293,7 @@ services:
       - ./zeek-logs/upload:/zeek/upload
       - ./zeek-logs/extract_files:/zeek/extract_files
   file-monitor:
-    image: malcolmnetsec/file-monitor:1.8.2
+    image: malcolmnetsec/file-monitor:1.9.0
     restart: "no"
     hostname: filemon
     environment:
@@ -304,7 +304,7 @@ services:
       - ./zeek-logs/extract_files:/data/zeek/extract_files
       - ./zeek-logs/current:/data/zeek/logs
   pcap-capture:
-    image: malcolmnetsec/pcap-capture:1.8.2
+    image: malcolmnetsec/pcap-capture:1.9.0
     restart: "no"
     network_mode: host
     ulimits:
@@ -321,7 +321,7 @@ services:
     volumes:
       - ./pcap/upload:/pcap
   pcap-monitor:
-    image: malcolmnetsec/pcap-monitor:1.8.2
+    image: malcolmnetsec/pcap-monitor:1.9.0
     restart: "no"
     hostname: pcapmon
     environment:
@@ -335,7 +335,7 @@ services:
       - ./zeek-logs:/zeek
       - ./pcap:/pcap
   upload:
-    image: malcolmnetsec/file-upload:1.8.2
+    image: malcolmnetsec/file-upload:1.9.0
     restart: "no"
     hostname: upload
     env_file:
@@ -352,7 +352,7 @@ services:
     volumes:
       - ./pcap/upload:/var/www/upload/server/php/chroot/files
   htadmin:
-    image: malcolmnetsec/htadmin:1.8.2
+    image: malcolmnetsec/htadmin:1.9.0
     restart: "no"
     hostname: htadmin
     environment:
@@ -365,7 +365,7 @@ services:
       - ./htadmin/metadata:/var/www/htadmin/config/metadata:rw
       - ./nginx/htpasswd:/var/www/htadmin/config/htpasswd:rw
   nginx-proxy:
-    image: malcolmnetsec/nginx-proxy:1.8.2
+    image: malcolmnetsec/nginx-proxy:1.9.0
     restart: "no"
     hostname: nginx-proxy
     environment:
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 3c844e3e3..31559d635 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -126,7 +126,7 @@ services:
       - ./elasticsearch:/usr/share/elasticsearch/data:delegated
       - ./elasticsearch-backup:/opt/elasticsearch/backup:delegated
   kibana:
-    image: malcolmnetsec/kibana-oss:1.8.2
+    image: malcolmnetsec/kibana-oss:1.9.0
     restart: "no"
     hostname: kibana
     environment:
@@ -149,7 +149,7 @@ services:
         retries: 3
         start_period: 200s
   elastalert:
-    image: malcolmnetsec/elastalert:1.8.2
+    image: malcolmnetsec/elastalert:1.9.0
     restart: "no"
     hostname: elastalert
     environment:
@@ -174,7 +174,7 @@ services:
       - ./elastalert/config/config.json:/opt/elastalert-server/config/config.json
       - ./elastalert/rules/:/opt/elastalert/rules/
   curator:
-    image: malcolmnetsec/curator:1.8.2
+    image: malcolmnetsec/curator:1.9.0
     restart: "no"
     hostname: curator
     environment:
@@ -184,7 +184,7 @@ services:
     depends_on:
       - elasticsearch
   logstash:
-    image: malcolmnetsec/logstash-oss:1.8.2
+    image: malcolmnetsec/logstash-oss:1.9.0
     restart: "no"
     hostname: logstash
     environment:
@@ -212,7 +212,7 @@ services:
       - ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
   filebeat:
-    image: malcolmnetsec/filebeat-oss:1.8.2
+    image: malcolmnetsec/filebeat-oss:1.9.0
     restart: "no"
     hostname: filebeat
     environment:
@@ -240,7 +240,7 @@ services:
       - ./filebeat/certs/client.crt:/certs/client.crt:ro
       - ./filebeat/certs/client.key:/certs/client.key:ro
   moloch:
-    image: malcolmnetsec/moloch:1.8.2
+    image: malcolmnetsec/moloch:1.9.0
     restart: "no"
     hostname: moloch
     env_file:
@@ -248,7 +248,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.2.0'
+      MOLOCH_VERSION : '2.2.1'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
@@ -276,7 +276,7 @@ services:
       - ./moloch-logs:/data/moloch/logs
       - ./moloch-raw:/data/moloch/raw
   zeek:
-    image: malcolmnetsec/zeek:1.8.2
+    image: malcolmnetsec/zeek:1.9.0
     restart: "no"
     hostname: zeek
     environment:
@@ -293,7 +293,7 @@ services:
       - ./zeek-logs/upload:/zeek/upload
       - ./zeek-logs/extract_files:/zeek/extract_files
   file-monitor:
-    image: malcolmnetsec/file-monitor:1.8.2
+    image: malcolmnetsec/file-monitor:1.9.0
     restart: "no"
     hostname: filemon
     environment:
@@ -304,7 +304,7 @@ services:
       - ./zeek-logs/extract_files:/data/zeek/extract_files
       - ./zeek-logs/current:/data/zeek/logs
   pcap-capture:
-    image: malcolmnetsec/pcap-capture:1.8.2
+    image: malcolmnetsec/pcap-capture:1.9.0
     restart: "no"
     network_mode: host
     ulimits:
@@ -321,7 +321,7 @@ services:
     volumes:
       - ./pcap/upload:/pcap
   pcap-monitor:
-    image: malcolmnetsec/pcap-monitor:1.8.2
+    image: malcolmnetsec/pcap-monitor:1.9.0
     restart: "no"
     hostname: pcapmon
     environment:
@@ -335,7 +335,7 @@ services:
       - ./zeek-logs:/zeek
       - ./pcap:/pcap
   upload:
-    image: malcolmnetsec/file-upload:1.8.2
+    image: malcolmnetsec/file-upload:1.9.0
     restart: "no"
     hostname: upload
     env_file:
@@ -352,7 +352,7 @@ services:
     volumes:
       - ./pcap/upload:/var/www/upload/server/php/chroot/files
   htadmin:
-    image: malcolmnetsec/htadmin:1.8.2
+    image: malcolmnetsec/htadmin:1.9.0
     restart: "no"
     hostname: htadmin
     environment:
@@ -365,7 +365,7 @@ services:
       - ./htadmin/metadata:/var/www/htadmin/config/metadata:rw
       - ./nginx/htpasswd:/var/www/htadmin/config/htpasswd:rw
   nginx-proxy:
-    image: malcolmnetsec/nginx-proxy:1.8.2
+    image: malcolmnetsec/nginx-proxy:1.9.0
     restart: "no"
     hostname: nginx-proxy
     environment:
diff --git a/docker-compose.yml b/docker-compose.yml
index 17042aafa..ea88df778 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -129,7 +129,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/kibana.Dockerfile
-    image: malcolmnetsec/kibana-oss:1.8.2
+    image: malcolmnetsec/kibana-oss:1.9.0
     restart: "no"
     hostname: kibana
     environment:
@@ -155,7 +155,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/elastalert.Dockerfile
-    image: malcolmnetsec/elastalert:1.8.2
+    image: malcolmnetsec/elastalert:1.9.0
     restart: "no"
     hostname: elastalert
     environment:
@@ -183,7 +183,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/curator.Dockerfile
-    image: malcolmnetsec/curator:1.8.2
+    image: malcolmnetsec/curator:1.9.0
     restart: "no"
     hostname: curator
     environment:
@@ -198,7 +198,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/logstash.Dockerfile
-    image: malcolmnetsec/logstash-oss:1.8.2
+    image: malcolmnetsec/logstash-oss:1.9.0
     restart: "no"
     hostname: logstash
     environment:
@@ -231,7 +231,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/filebeat.Dockerfile
-    image: malcolmnetsec/filebeat-oss:1.8.2
+    image: malcolmnetsec/filebeat-oss:1.9.0
     restart: "no"
     hostname: filebeat
     environment:
@@ -263,7 +263,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/moloch.Dockerfile
-    image: malcolmnetsec/moloch:1.8.2
+    image: malcolmnetsec/moloch:1.9.0
     restart: "no"
     hostname: moloch
     env_file:
@@ -271,7 +271,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.2.0'
+      MOLOCH_VERSION : '2.2.1'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
@@ -304,7 +304,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/zeek.Dockerfile
-    image: malcolmnetsec/zeek:1.8.2
+    image: malcolmnetsec/zeek:1.9.0
     restart: "no"
     hostname: zeek
     environment:
@@ -325,7 +325,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/file-monitor.Dockerfile
-    image: malcolmnetsec/file-monitor:1.8.2
+    image: malcolmnetsec/file-monitor:1.9.0
     restart: "no"
     hostname: filemon
     environment:
@@ -339,7 +339,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/pcap-capture.Dockerfile
-    image: malcolmnetsec/pcap-capture:1.8.2
+    image: malcolmnetsec/pcap-capture:1.9.0
     restart: "no"
     network_mode: host
     ulimits:
@@ -359,7 +359,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/pcap-monitor.Dockerfile
-    image: malcolmnetsec/pcap-monitor:1.8.2
+    image: malcolmnetsec/pcap-monitor:1.9.0
     restart: "no"
     hostname: pcapmon
     environment:
@@ -376,7 +376,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/file-upload.Dockerfile
-    image: malcolmnetsec/file-upload:1.8.2
+    image: malcolmnetsec/file-upload:1.9.0
     restart: "no"
     hostname: upload
     env_file:
@@ -393,7 +393,7 @@ services:
     volumes:
       - ./pcap/upload:/var/www/upload/server/php/chroot/files
   htadmin:
-    image: malcolmnetsec/htadmin:1.8.2
+    image: malcolmnetsec/htadmin:1.9.0
     build:
       context: .
       dockerfile: Dockerfiles/htadmin.Dockerfile
@@ -412,7 +412,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/nginx.Dockerfile
-    image: malcolmnetsec/nginx-proxy:1.8.2
+    image: malcolmnetsec/nginx-proxy:1.9.0
     restart: "no"
     hostname: nginx-proxy
     environment:
diff --git a/sensor-iso/README.md b/sensor-iso/README.md
index 23f491f6f..f5aea7a18 100644
--- a/sensor-iso/README.md
+++ b/sensor-iso/README.md
@@ -398,7 +398,7 @@ Building the ISO may take 90 minutes or more depending on your system. As the bu
 
 ```
 …
-Finished, created "/sensor-build/hedgehog-1.8.2.iso"
+Finished, created "/sensor-build/hedgehog-1.9.0.iso"
 …
 ```
 
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index 508beca3b..fb5889354 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -113,12 +113,12 @@ $ /usr/sbin/tcpdump \
 
 ### <a name="molochCompile"></a>Compiling Moloch from source
 
-At the time of writing, the [current stable release](https://github.com/aol/moloch/blob/master/CHANGELOG) of Moloch is [v2.2.0](https://github.com/aol/moloch/releases/tag/v2.2.0). The following bash script was used to install Moloch's build dependencies, download Moloch, build a Debian .deb package using [fpm](https://github.com/jordansissel/fpm) and install it. In building Hedgehog Linux, the building of this .deb is done inside a Docker container dedicated to that purpose.
+At the time of writing, the [current stable release](https://github.com/aol/moloch/blob/master/CHANGELOG) of Moloch is [v2.2.1](https://github.com/aol/moloch/releases/tag/v2.2.1). The following bash script was used to install Moloch's build dependencies, download Moloch, build a Debian .deb package using [fpm](https://github.com/jordansissel/fpm) and install it. In building Hedgehog Linux, the building of this .deb is done inside a Docker container dedicated to that purpose.
 
 ```bash
 #!/bin/bash
 
-MOLOCH_VERSION="2.2.0"
+MOLOCH_VERSION="2.2.1"
 MOLOCHDIR="/opt/moloch"
 
 OUTPUT_DIR="/tmp"
diff --git a/sensor-iso/moloch/Dockerfile b/sensor-iso/moloch/Dockerfile
index 242535e54..231459d1d 100644
--- a/sensor-iso/moloch/Dockerfile
+++ b/sensor-iso/moloch/Dockerfile
@@ -6,7 +6,7 @@ LABEL maintainer="malcolm.netsec@gmail.com"
 
 ENV DEBIAN_FRONTEND noninteractive
 
-ENV MOLOCH_VERSION "2.2.0"
+ENV MOLOCH_VERSION "2.2.1"
 ENV MOLOCHDIR "/opt/moloch"
 
 RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \

From b396094cffe788aa29a0b0b10be461c8cb1d8be8 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 21 Jan 2020 14:13:46 -0700
Subject: [PATCH 015/183] work on implementing control scripts
 (start,stop,restart,wipe,logs) in python rather than bash for portability
 (see issue #103). have not as of yet removed the bash versions, as I am still
 testing these new implementations. for now the auth_setup.sh and
 malcolm_appliance_packager.sh are still in Bash as well

---
 scripts/control.py        | 283 +++++++++++++++++++++++++
 scripts/install.py        | 435 +++++++++-----------------------------
 scripts/logs              |   1 +
 scripts/malcolm_common.py | 306 +++++++++++++++++++++++++++
 scripts/restart           |   1 +
 scripts/start             |   1 +
 scripts/stop              |   1 +
 scripts/wipe              |   1 +
 8 files changed, 697 insertions(+), 332 deletions(-)
 create mode 100755 scripts/control.py
 create mode 120000 scripts/logs
 create mode 100644 scripts/malcolm_common.py
 create mode 120000 scripts/restart
 create mode 120000 scripts/start
 create mode 120000 scripts/stop
 create mode 120000 scripts/wipe

diff --git a/scripts/control.py b/scripts/control.py
new file mode 100755
index 000000000..c31621edc
--- /dev/null
+++ b/scripts/control.py
@@ -0,0 +1,283 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+
+from __future__ import print_function
+
+import argparse
+import errno
+import glob
+import os
+import platform
+import re
+import shutil
+import stat
+import sys
+
+from malcolm_common import *
+
+from subprocess import (PIPE, STDOUT, Popen, check_call, CalledProcessError)
+
+###################################################################################################
+ScriptName = os.path.basename(__file__)
+
+PY3 = (sys.version_info.major >= 3)
+pyPlatform = platform.system()
+
+ansiEscape = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])')
+
+args = None
+dockerCmd = None
+dockerComposeCmd = None
+
+###################################################################################################
+try:
+  FileNotFoundError
+except NameError:
+  FileNotFoundError = IOError
+
+try:
+  from colorama import init as ColoramaInit, Fore, Back, Style
+  ColoramaInit()
+  coloramaImported = True
+except:
+  coloramaImported = False
+
+###################################################################################################
+def logs():
+  global args
+  global dockerBin
+  global dockerComposeBin
+
+  # noisy logs
+  ignoreRegEx = re.compile(r"""
+    .+(
+        deprecated
+      | elastalert-server:\s+Routes:
+      | eshealth
+      | update_mapping
+      | throttling\s+index
+      | but\s+there\s+are\s+no\s+living\s+connections
+      | saved_objects
+      | \b(d|es)?stats\.json
+      | /_ns_/nstest\.html
+      | esindices/list
+      | _cat/indices
+      | use_field_mapping
+      | reaped\s+unknown\s+pid
+      | Successfully\s+handled\s+GET\s+request\s+for\s+'/'
+      | GET\s+/(_cat/health|api/status|sessions2-).+HTTP/[\d\.].+\b200\b
+      | POST\s+/(d?stats/d?stat|_bulk|fields/field/_search).+HTTP/[\d\.].+\b20[01]\b
+      | POST\s+HTTP/[\d\.].+\b200\b
+      | POST\s+/server/php/\s+HTTP/\d+\.\d+"\s+\d+\s+\d+.*:8443/
+      | curl.+localhost.+GET\s+/api/status\s+200
+    )
+  """, re.VERBOSE | re.IGNORECASE)
+
+  err, out = run_process([dockerComposeBin, '-f', args.composeFile, 'ps'], debug=args.debug)
+  print("\n".join(out))
+
+  process = Popen([dockerComposeBin, '-f', args.composeFile, 'logs', '-f'], stdout=PIPE)
+  while True:
+    output = process.stdout.readline()
+    if (output == '') and process.poll() is not None:
+      break
+    if output:
+      outputStr = output.decode().strip()
+      outputStrEscaped = EscapeAnsi(outputStr)
+      if not ignoreRegEx.match(outputStrEscaped):
+        print(outputStr if coloramaImported else outputStrEscaped)
+      else:
+        pass
+        # print('!!!!!!!: {}'.format(outputStr))
+    else:
+      time.sleep(0.5)
+  process.poll()
+
+###################################################################################################
+def stop(wipe=False):
+  global args
+  global dockerBin
+  global dockerComposeBin
+
+  if wipe:
+    # attempt to DELETE _template/zeek_template in Elasticsearch
+    err, out = run_process([dockerComposeBin, '-f', args.composeFile, 'exec', 'moloch', 'bash', '-c', 'curl -fs --output /dev/null -H"Content-Type: application/json" -XDELETE "http://$ES_HOST:$ES_PORT/_template/zeek_template"'], debug=args.debug)
+
+  # if stop.sh is being called with wipe.sh (after the docker-compose file)
+  # then also remove named and anonymous volumes (not external volumes, of course)
+  err, out = run_process([dockerComposeBin, '-f', args.composeFile, 'down', '--volumes'][:5 if wipe else -1], debug=args.debug)
+  if (err == 0):
+    eprint("Stopped Malcolm\n")
+  else:
+    eprint("Malcolm failed to stop\n")
+    eprint("\n".join(out))
+    exit(err)
+
+  if wipe:
+    # delete elasticsearch database
+    shutil.rmtree(os.path.join(MalcolmPath, 'elasticsearch/nodes'), ignore_errors=True)
+
+    # delete data files (backups, zeek logs, moloch logs, PCAP files, captured PCAP files)
+    for dataDir in ['elasticsearch-backup', 'zeek-logs', 'moloch-logs', 'pcap', 'moloch-raw']:
+      for root, dirnames, filenames in os.walk(os.path.join(MalcolmPath, dataDir), topdown=True, onerror=None):
+        for file in filenames:
+          fileSpec = os.path.join(root, file)
+          if os.path.isfile(fileSpec) and (not file.startswith('.git')):
+            try:
+              os.remove(fileSpec)
+            except:
+              pass
+
+    # clean up empty directories
+    for dataDir in [os.path.join('elasticsearch-backup', 'logs'), os.path.join('zeek-logs', 'processed'), os.path.join('zeek-logs', 'current')]:
+      RemoveEmptyFolders(dataDir, removeRoot=False)
+
+    eprint("Malcolm has been stopped and its data cleared\n")
+
+###################################################################################################
+def start():
+  global args
+  global dockerBin
+  global dockerComposeBin
+
+  # make sure the auth files exist. if we are in an interactive shell and we're
+  # missing any of the auth files, prompt to create them now
+  if sys.__stdin__.isatty() and (not MalcolmAuthFilesExist()):
+    check_call(['bash', os.path.join(ScriptPath, 'auth_setup.sh')])
+
+  # still missing? sorry charlie
+  if (not MalcolmAuthFilesExist()):
+    raise Exception('Malcolm administrator account authentication files are missing, please run ./scripts/auth_setup.sh to generate them')
+
+  # touch the metadata file
+  open(os.path.join(MalcolmPath, os.path.join('htadmin', 'metadata')), 'a').close()
+
+  smtpAuthFile = os.path.join(MalcolmPath, os.path.join('elastalert', os.path.join('config', 'smtp-auth.yaml')))
+  if (not os.path.isfile(smtpAuthFile)):
+    # create a sample smtp-auth.yaml for if/when we want to do elastalert email
+    with open(smtpAuthFile, 'w') as f:
+      f.write('user: "user@gmail.com"')
+      f.write('password: "abcdefg1234567"')
+    os.chmod(smtpAuthFile, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IWGRP)
+
+  # make sure permissions are set correctly for the nginx worker processes
+  for authFile in [os.path.join(MalcolmPath, os.path.join('nginx', 'htpasswd')),
+                   os.path.join(MalcolmPath, os.path.join('nginx', 'nginx_ldap.conf')),
+                   os.path.join(MalcolmPath, os.path.join('htadmin', 'config.ini')),
+                   os.path.join(MalcolmPath, os.path.join('htadmin', 'metadata'))]:
+    # chmod 644 authFile
+    os.chmod(authFile, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IWGRP | stat.S_IROTH)
+
+  # make sure some directories exist before we start
+  for path in [os.path.join(MalcolmPath, 'elasticsearch'),
+               os.path.join(MalcolmPath, 'elasticsearch-backup'),
+               os.path.join(MalcolmPath, os.path.join('pcap', 'upload')),
+               os.path.join(MalcolmPath, os.path.join('pcap', 'processed')),
+               os.path.join(MalcolmPath, os.path.join('zeek-logs', 'current')),
+               os.path.join(MalcolmPath, os.path.join('zeek-logs', 'upload')),
+               os.path.join(MalcolmPath, os.path.join('zeek-logs', 'processed')),
+               os.path.join(MalcolmPath, os.path.join('zeek-logs', 'extract_files'))]:
+    try:
+      os.makedirs(path)
+    except OSError as exc:
+      if (exc.errno == errno.EEXIST) and os.path.isdir(path):
+        pass
+      else:
+        raise
+
+  # start docker
+  err, out = run_process([dockerComposeBin, '-f', args.composeFile, 'up', '--detach'], debug=args.debug)
+  if (err == 0):
+    eprint("Started Malcolm\n\n")
+    eprint("In a few minutes, Malcolm services will be accessible via the following URLs:")
+    eprint("------------------------------------------------------------------------------")
+    eprint("  - Moloch: https://localhost/")
+    eprint("  - Kibana: https://localhost/kibana/")
+    eprint("  - PCAP Upload (web): https://localhost/upload/")
+    eprint("  - PCAP Upload (sftp): sftp://username@127.0.0.1:8022/files/")
+    eprint("  - Account management: https://localhost:488/\n")
+  else:
+    eprint("Malcolm failed to start\n")
+    eprint("\n".join(out))
+    exit(err)
+
+###################################################################################################
+# main
+def main():
+  global args
+  global dockerBin
+  global dockerComposeBin
+
+  # extract arguments from the command line
+  # print (sys.argv[1:]);
+  parser = argparse.ArgumentParser(description='Malcolm control script', add_help=False, usage='{} <arguments>'.format(ScriptName))
+  parser.add_argument('-v', '--verbose', dest='debug', type=str2bool, nargs='?', const=True, default=False, help="Verbose output")
+  parser.add_argument('-f', '--file', required=False, dest='composeFile', metavar='<STR>', type=str, default='docker-compose.yml', help='docker-compose YML file')
+  parser.add_argument('-l', '--logs', dest='cmdLogs', type=str2bool, nargs='?', const=True, default=False, help="Tail Malcolm logs")
+  parser.add_argument('--start', dest='cmdStart', type=str2bool, nargs='?', const=True, default=False, help="Start Malcolm")
+  parser.add_argument('--restart', dest='cmdRestart', type=str2bool, nargs='?', const=True, default=False, help="Stop and restart Malcolm")
+  parser.add_argument('--stop', dest='cmdStop', type=str2bool, nargs='?', const=True, default=False, help="Stop Malcolm")
+  parser.add_argument('--wipe', dest='cmdWipe', type=str2bool, nargs='?', const=True, default=False, help="Stop Malcolm and delete all data")
+
+  try:
+    parser.error = parser.exit
+    args = parser.parse_args()
+  except SystemExit:
+    parser.print_help()
+    exit(2)
+
+  if args.debug:
+    eprint(os.path.join(ScriptPath, ScriptName))
+    eprint("Arguments: {}".format(sys.argv[1:]))
+    eprint("Arguments: {}".format(args))
+    eprint("Malcolm path:", MalcolmPath)
+  else:
+    sys.tracebacklimit = 0
+
+  if not ImportRequests(debug=args.debug):
+    exit(2)
+
+  os.chdir(MalcolmPath)
+
+  # make sure docker/docker-compose is available
+  dockerBin = 'docker.exe' if ((pyPlatform == PLATFORM_WINDOWS) and Which('docker.exe')) else 'docker'
+  dockerComposeBin = 'docker-compose.exe' if ((pyPlatform == PLATFORM_WINDOWS) and Which('docker-compose.exe')) else 'docker-compose'
+  err, out = run_process([dockerBin, 'info'], debug=args.debug)
+  if (err != 0):
+    raise Exception('{} requires docker, please run install.py'.format(ScriptName))
+  err, out = run_process([dockerComposeBin, '-f', args.composeFile, 'version'], debug=args.debug)
+  if (err != 0):
+    raise Exception('{} requires docker-compose, please run install.py'.format(ScriptName))
+
+  # if executed via a symlink, figure out what was intended via the symlink name
+  if os.path.islink(os.path.join(ScriptPath, ScriptName)):
+    if (ScriptName == "logs"):
+      args.cmdLogs = True
+    elif (ScriptName == "start"):
+      args.cmdStart = True
+    elif (ScriptName == "restart"):
+      args.cmdRestart = True
+    elif (ScriptName == "stop"):
+      args.cmdStop = True
+    elif (ScriptName == "wipe"):
+      args.cmdWipe = True
+
+  # stop Malcolm (and wipe data if requestsed)
+  if args.cmdRestart or args.cmdStop or args.cmdWipe:
+    stop(wipe=args.cmdWipe)
+
+  # start Malcolm
+  if args.cmdStart or args.cmdRestart:
+    start()
+
+  # tail Malcolm logs
+  if args.cmdStart or args.cmdRestart or args.cmdLogs:
+    logs()
+
+if __name__ == '__main__':
+  main()
+  if coloramaImported:
+    print(Style.RESET_ALL)
+
diff --git a/scripts/install.py b/scripts/install.py
index c74deb4c1..b87e16a44 100755
--- a/scripts/install.py
+++ b/scripts/install.py
@@ -23,61 +23,27 @@
 import time
 
 from pwd import getpwuid
-from subprocess import (PIPE, STDOUT, Popen, CalledProcessError)
 from collections import defaultdict, namedtuple
 
+from malcolm_common import *
+
 ###################################################################################################
 DOCKER_COMPOSE_INSTALL_VERSION="1.24.0"
 
-PLATFORM_WINDOWS = "Windows"
-PLATFORM_MAC = "Darwin"
-PLATFORM_LINUX = "Linux"
-PLATFORM_LINUX_CENTOS = 'centos'
-PLATFORM_LINUX_DEBIAN = 'debian'
-PLATFORM_LINUX_FEDORA = 'fedora'
-PLATFORM_LINUX_UBUNTU = 'ubuntu'
-
 DEB_GPG_KEY_FINGERPRINT = '0EBFCD88' # used to verify GPG key for Docker Debian repository
 
 MAC_BREW_DOCKER_PACKAGE = 'docker-edge'
 MAC_BREW_DOCKER_SETTINGS = '/Users/{}/Library/Group Containers/group.com.docker/settings.json'
 
-# URLS for figuring things out if something goes wrong
-DOCKER_INSTALL_URLS = defaultdict(lambda: 'https://docs.docker.com/install/')
-DOCKER_INSTALL_URLS[PLATFORM_WINDOWS] = ['https://stefanscherer.github.io/how-to-install-docker-the-chocolatey-way/',
-                                           'https://docs.docker.com/docker-for-windows/install/']
-DOCKER_INSTALL_URLS[PLATFORM_LINUX_UBUNTU] = 'https://docs.docker.com/install/linux/docker-ce/ubuntu/'
-DOCKER_INSTALL_URLS[PLATFORM_LINUX_DEBIAN] = 'https://docs.docker.com/install/linux/docker-ce/debian/'
-DOCKER_INSTALL_URLS[PLATFORM_LINUX_CENTOS] = 'https://docs.docker.com/install/linux/docker-ce/centos/'
-DOCKER_INSTALL_URLS[PLATFORM_LINUX_FEDORA] = 'https://docs.docker.com/install/linux/docker-ce/fedora/'
-DOCKER_INSTALL_URLS[PLATFORM_MAC] =  ['https://www.code2bits.com/how-to-install-docker-on-macos-using-homebrew/',
-                                        'https://docs.docker.com/docker-for-mac/install/']
-DOCKER_COMPOSE_INSTALL_URLS = defaultdict(lambda: 'https://docs.docker.com/compose/install/')
-HOMEBREW_INSTALL_URLS = defaultdict(lambda: 'https://brew.sh/')
-
 ###################################################################################################
-args = None
-PY3 = (sys.version_info.major >= 3)
-scriptName = os.path.basename(__file__)
-scriptPath = os.path.dirname(os.path.realpath(__file__))
+ScriptName = os.path.basename(__file__)
 origPath = os.getcwd()
 
 ###################################################################################################
-# print to stderr
-def eprint(*args, **kwargs):
-  print(*args, file=sys.stderr, **kwargs)
+args = None
+PY3 = (sys.version_info.major >= 3)
 
 ###################################################################################################
-if not PY3:
-  if hasattr(__builtins__, 'raw_input'): input = raw_input
-
-# attempt to import requests, will cover failure later
-try:
-  import requests
-  requestsImported = True
-except ImportError:
-  requestsImported = False
-
 try:
   FileNotFoundError
 except NameError:
@@ -85,210 +51,15 @@ def eprint(*args, **kwargs):
 
 ###################################################################################################
 # get interactive user response to Y/N question
-def YesOrNo(question, default=None, forceInteraction=False):
+def InstallerYesOrNo(question, default=None, forceInteraction=False):
   global args
-
-  if default == True:
-    questionStr = "\n{} (Y/n): ".format(question)
-  elif default == False:
-    questionStr = "\n{} (y/N): ".format(question)
-  else:
-    questionStr = "\n{} (y/n): ".format(question)
-
-  if args.acceptDefaults and (default is not None) and (not forceInteraction):
-    reply = ''
-  else:
-    while True:
-      reply = str(input(questionStr)).lower().strip()
-      if (len(reply) > 0) or (default is not None):
-        break
-
-  if (len(reply) == 0):
-    reply = 'y' if default else 'n'
-
-  if reply[0] == 'y':
-    return True
-  elif reply[0] == 'n':
-    return False
-  else:
-    return YesOrNo(question, default=default)
+  return YesOrNo(question, default=default, forceInteraction=forceInteraction, acceptDefault=args.acceptDefaults)
 
 ###################################################################################################
 # get interactive user response
-def AskForString(question, default=None, forceInteraction=False):
+def InstallerAskForString(question, default=None, forceInteraction=False):
   global args
-
-  if args.acceptDefaults and (default is not None) and (not forceInteraction):
-    reply = default
-  else:
-    reply = str(input('\n{}: '.format(question))).strip()
-
-  return reply
-
-###################################################################################################
-# convenient boolean argument parsing
-def str2bool(v):
-  if v.lower() in ('yes', 'true', 't', 'y', '1'):
-    return True
-  elif v.lower() in ('no', 'false', 'f', 'n', '0'):
-    return False
-  else:
-    raise argparse.ArgumentTypeError('Boolean value expected.')
-
-###################################################################################################
-# determine if a program/script exists and is executable in the system path
-def Which(cmd):
-  global args
-
-  result = any(os.access(os.path.join(path, cmd), os.X_OK) for path in os.environ["PATH"].split(os.pathsep))
-  if args.debug:
-    eprint("Which {} returned {}".format(cmd, result))
-  return result
-
-###################################################################################################
-# nice human-readable file sizes
-def SizeHumanFormat(num, suffix='B'):
-  for unit in ['','Ki','Mi','Gi','Ti','Pi','Ei','Zi']:
-    if abs(num) < 1024.0:
-      return "%3.1f%s%s" % (num, unit, suffix)
-    num /= 1024.0
-  return "%.1f%s%s" % (num, 'Yi', suffix)
-
-###################################################################################################
-# download to file
-def DownloadToFile(url, local_filename):
-  global args
-
-  r = requests.get(url, stream=True, allow_redirects=True)
-  with open(local_filename, 'wb') as f:
-    for chunk in r.iter_content(chunk_size=1024):
-      if chunk: f.write(chunk)
-  fExists = os.path.isfile(local_filename)
-  fSize = os.path.getsize(local_filename)
-  if args.debug:
-    eprint("Download of {} to {} {} ({})".format(url, local_filename, "succeeded" if fExists else "failed", SizeHumanFormat(fSize)))
-  return fExists and (fSize > 0)
-
-###################################################################################################
-# run command with arguments and return its exit code, stdout, and stderr
-def check_output_input(*popenargs, **kwargs):
-
-  if 'stdout' in kwargs:
-    raise ValueError('stdout argument not allowed, it will be overridden')
-
-  if 'stderr' in kwargs:
-    raise ValueError('stderr argument not allowed, it will be overridden')
-
-  if 'input' in kwargs and kwargs['input']:
-    if 'stdin' in kwargs:
-      raise ValueError('stdin and input arguments may not both be used')
-    inputdata = kwargs['input']
-    kwargs['stdin'] = PIPE
-  else:
-    inputdata = None
-  kwargs.pop('input', None)
-
-  process = Popen(*popenargs, stdout=PIPE, stderr=PIPE, **kwargs)
-  try:
-    output, errput = process.communicate(inputdata)
-  except:
-    process.kill()
-    process.wait()
-    raise
-
-  retcode = process.poll()
-
-  return retcode, output, errput
-
-#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-def run_process(command, stdout=True, stderr=True, stdin=None, retry=0, retrySleepSec=5, debug=False):
-  retcode = -1
-  output = []
-
-  try:
-    # run the command
-    retcode, cmdout, cmderr = check_output_input(command, input=stdin.encode() if (PY3 and stdin) else stdin)
-
-    # split the output on newlines to return a list
-    if PY3:
-      if stderr and (len(cmderr) > 0): output.extend(cmderr.decode(sys.getdefaultencoding()).split('\n'))
-      if stdout and (len(cmdout) > 0): output.extend(cmdout.decode(sys.getdefaultencoding()).split('\n'))
-    else:
-      if stderr and (len(cmderr) > 0): output.extend(cmderr.split('\n'))
-      if stdout and (len(cmdout) > 0): output.extend(cmdout.split('\n'))
-
-  except (FileNotFoundError, OSError, IOError) as e:
-    if stderr:
-      output.append("Command {} not found or unable to execute".format(command))
-
-  if debug:
-    eprint("{}{} returned {}: {}".format(command, "({})".format(stdin[:80] + bool(stdin[80:]) * '...' if stdin else ""), retcode, output))
-
-  if (retcode != 0) and retry and (retry > 0):
-    # sleep then retry
-    time.sleep(retrySleepSec)
-    return run_process(command, stdout, stderr, stdin, retry-1, retrySleepSec, debug)
-  else:
-    return retcode, output
-
-###################################################################################################
-# make sure we can import requests properly and take care of it automatically if possible
-def ImportRequests():
-  global args
-  global requestsImported
-
-  if not requestsImported:
-    # see if we can help out by installing the requests module
-
-    pyPlatform = platform.system()
-    pyExec = sys.executable
-    pipCmd = 'pip3' if PY3 else 'pip2'
-    if not Which(pipCmd): pipCmd = 'pip'
-
-    eprint('{} requires the requests module under Python {} ({})'.format(scriptName, platform.python_version(), pyExec))
-
-    if Which(pipCmd):
-      if YesOrNo('Importing the requests module failed. Attempt to install via {}?'.format(pipCmd), default=True):
-        installCmd = None
-
-        if (pyPlatform == PLATFORM_LINUX) or (pyPlatform == PLATFORM_MAC):
-          # for linux/mac, we're going to try to figure out if this python is owned by root or the script user
-          if (getpass.getuser() == getpwuid(os.stat(pyExec).st_uid).pw_name):
-            # we're running a user-owned python, regular pip should work
-            installCmd = [pipCmd, 'install', 'requests']
-          else:
-            # python is owned by system, so make sure to pass the --user flag
-            installCmd = [pipCmd, 'install', '--user', 'requests']
-        else:
-          # on windows (or whatever other platform this is) I don't know any other way other than pip
-          installCmd = [pipCmd, 'install', 'requests']
-
-        err, out = run_process(installCmd, debug=args.debug)
-        if err == 0:
-          eprint("Installation of requests module apparently succeeded")
-          try:
-            import requests
-            requestsImported = True
-          except ImportError as e:
-            eprint("Importing the requests module still failed: {}".format(e))
-        else:
-          eprint("Installation of requests module failed: {}".format(out))
-
-  if not requestsImported:
-    eprint("System-wide installation varies by platform and Python configuration. Please consult platform-specific documentation for installing Python modules.")
-    if (platform.system() == PLATFORM_MAC):
-      eprint('You *may* be able to install pip and requests manually via: sudo sh -c "easy_install pip && pip install requests"')
-    elif (pyPlatform == PLATFORM_LINUX):
-      if Which('apt-get'):
-        eprint('You *may* be able to install requests manually via: sudo apt-get install {}'.format('python3-requests' if PY3 else 'python-requests'))
-      elif Which('apt'):
-        eprint('You *may* be able to install requests manually via: sudo apt install {}'.format('python3-requests' if PY3 else 'python-requests'))
-      elif Which('dnf'):
-        eprint('You *may* be able to install requests manually via: sudo dnf install {}'.format('python3-requests' if PY3 else 'python2-requests'))
-      elif Which('yum'):
-        eprint('You *may* be able to install requests manually via: sudo yum install {}'.format('python-requests'))
-
-  return requestsImported
+  return AskForString(question, default=default, forceInteraction=forceInteraction, acceptDefault=args.acceptDefaults)
 
 ###################################################################################################
 class Installer(object):
@@ -305,7 +76,7 @@ def __init__(self, debug=False):
     self.requiredPackages = []
 
     self.pipCmd = 'pip3' if PY3 else 'pip2'
-    if not Which(self.pipCmd): self.pipCmd = 'pip'
+    if not Which(self.pipCmd, debug=self.debug): self.pipCmd = 'pip'
 
     self.tempDirName = tempfile.mkdtemp()
 
@@ -363,7 +134,7 @@ def install_required_packages(self):
   #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   def install_docker_images(self, docker_image_file):
     result = False
-    if docker_image_file and os.path.isfile(docker_image_file) and YesOrNo('Load Malcolm Docker images from {}'.format(docker_image_file), default=True, forceInteraction=True):
+    if docker_image_file and os.path.isfile(docker_image_file) and InstallerYesOrNo('Load Malcolm Docker images from {}'.format(docker_image_file), default=True, forceInteraction=True):
       ecode, out = self.run_process(['docker', 'load', '-q', '-i', docker_image_file], privileged=True)
       if (ecode == 0):
         result = True
@@ -375,12 +146,12 @@ def install_docker_images(self, docker_image_file):
   def install_malcolm_files(self, malcolm_install_file):
     result = False
     installPath = None
-    if malcolm_install_file and os.path.isfile(malcolm_install_file) and YesOrNo('Extract Malcolm runtime files from {}'.format(malcolm_install_file), default=True, forceInteraction=True):
+    if malcolm_install_file and os.path.isfile(malcolm_install_file) and InstallerYesOrNo('Extract Malcolm runtime files from {}'.format(malcolm_install_file), default=True, forceInteraction=True):
 
       # determine and create destination path for installation
       while True:
         defaultPath = os.path.join(origPath, 'malcolm')
-        installPath = AskForString('Enter installation path for Malcolm [{}]'.format(defaultPath), default=defaultPath, forceInteraction=True)
+        installPath = InstallerAskForString('Enter installation path for Malcolm [{}]'.format(defaultPath), default=defaultPath, forceInteraction=True)
         if (len(installPath) == 0): installPath = defaultPath
         if os.path.isdir(installPath):
           eprint("{} already exists, please specify a different installation path".format(installPath))
@@ -469,52 +240,52 @@ def tweak_malcolm_runtime(self, malcolm_install_path, expose_logstash_default=Fa
       esMemory = '8g'
       lsMemory = '3g'
 
-    while not YesOrNo('Setting {} for Elasticsearch and {} for Logstash. Is this OK?'.format(esMemory, lsMemory), default=True):
-      esMemory = AskForString('Enter memory for Elasticsearch (e.g., 16g, 9500m, etc.)')
-      lsMemory = AskForString('Enter memory for LogStash (e.g., 4g, 2500m, etc.)')
+    while not InstallerYesOrNo('Setting {} for Elasticsearch and {} for Logstash. Is this OK?'.format(esMemory, lsMemory), default=True):
+      esMemory = InstallerAskForString('Enter memory for Elasticsearch (e.g., 16g, 9500m, etc.)')
+      lsMemory = InstallerAskForString('Enter memory for LogStash (e.g., 4g, 2500m, etc.)')
 
     restartMode = None
     allowedRestartModes = ('no', 'on-failure', 'always', 'unless-stopped')
-    if YesOrNo('Restart Malcolm upon system or Docker daemon restart?', default=restart_mode_default):
+    if InstallerYesOrNo('Restart Malcolm upon system or Docker daemon restart?', default=restart_mode_default):
       while restartMode not in allowedRestartModes:
-        restartMode = AskForString('Select Malcolm restart behavior {}'.format(allowedRestartModes), default='unless-stopped')
+        restartMode = InstallerAskForString('Select Malcolm restart behavior {}'.format(allowedRestartModes), default='unless-stopped')
     else:
       restartMode = 'no'
     if (restartMode == 'no'): restartMode = '"no"'
 
     ldapStartTLS = False
     ldapServerType = 'winldap'
-    useBasicAuth = not YesOrNo('Authenticate against Lightweight Directory Access Protocol (LDAP) server?', default=False)
+    useBasicAuth = not InstallerYesOrNo('Authenticate against Lightweight Directory Access Protocol (LDAP) server?', default=False)
     if not useBasicAuth:
       allowedLdapModes = ('winldap', 'openldap')
       ldapServerType = None
       while ldapServerType not in allowedLdapModes:
-        ldapServerType = AskForString('Select LDAP server compatibility type {}'.format(allowedLdapModes), default='winldap')
-      ldapStartTLS = YesOrNo('Use StartTLS for LDAP connection security?', default=True)
+        ldapServerType = InstallerAskForString('Select LDAP server compatibility type {}'.format(allowedLdapModes), default='winldap')
+      ldapStartTLS = InstallerYesOrNo('Use StartTLS for LDAP connection security?', default=True)
       try:
-        with open(os.path.join(os.path.realpath(os.path.join(scriptPath, "..")), ".ldap_config_defaults"), "w") as ldapDefaultsFile:
+        with open(os.path.join(os.path.realpath(os.path.join(ScriptPath, "..")), ".ldap_config_defaults"), "w") as ldapDefaultsFile:
           print("LDAP_SERVER_TYPE='{}'".format(ldapServerType), file=ldapDefaultsFile)
           print("LDAP_PROTO='{}'".format('ldap://' if useBasicAuth or ldapStartTLS else 'ldaps://'), file=ldapDefaultsFile)
           print("LDAP_PORT='{}'".format(3268 if ldapStartTLS else 3269), file=ldapDefaultsFile)
       except:
         pass
 
-    curatorSnapshots = YesOrNo('Create daily snapshots (backups) of Elasticsearch indices?', default=False)
+    curatorSnapshots = InstallerYesOrNo('Create daily snapshots (backups) of Elasticsearch indices?', default=False)
     curatorSnapshotDir = './elasticsearch-backup'
     if curatorSnapshots:
-      if not YesOrNo('Store snapshots locally in {}?'.format(os.path.join(malcolm_install_path, 'elasticsearch-backup')), default=True):
+      if not InstallerYesOrNo('Store snapshots locally in {}?'.format(os.path.join(malcolm_install_path, 'elasticsearch-backup')), default=True):
         while True:
-          curatorSnapshotDir = AskForString('Enter Elasticsearch index snapshot directory')
+          curatorSnapshotDir = InstallerAskForString('Enter Elasticsearch index snapshot directory')
           if (len(curatorSnapshotDir) > 1) and os.path.isdir(curatorSnapshotDir):
             curatorSnapshotDir = os.path.realpath(curatorSnapshotDir)
             break
 
     curatorCloseUnits = 'years'
     curatorCloseCount = '5'
-    if YesOrNo('Periodically close old Elasticsearch indices?', default=False):
-      while not YesOrNo('Indices older than {} {} will be periodically closed. Is this OK?'.format(curatorCloseCount, curatorCloseUnits), default=True):
+    if InstallerYesOrNo('Periodically close old Elasticsearch indices?', default=False):
+      while not InstallerYesOrNo('Indices older than {} {} will be periodically closed. Is this OK?'.format(curatorCloseCount, curatorCloseUnits), default=True):
         while True:
-          curatorPeriod = AskForString('Enter index close threshold (e.g., 90 days, 2 years, etc.)').lower().split()
+          curatorPeriod = InstallerAskForString('Enter index close threshold (e.g., 90 days, 2 years, etc.)').lower().split()
           if (len(curatorPeriod) == 2) and (not curatorPeriod[1].endswith('s')):
             curatorPeriod[1] += 's'
           if ((len(curatorPeriod) == 2) and
@@ -529,10 +300,10 @@ def tweak_malcolm_runtime(self, malcolm_install_path, expose_logstash_default=Fa
 
     curatorDeleteUnits = 'years'
     curatorDeleteCount = '10'
-    if YesOrNo('Periodically delete old Elasticsearch indices?', default=False):
-      while not YesOrNo('Indices older than {} {} will be periodically deleted. Is this OK?'.format(curatorDeleteCount, curatorDeleteUnits), default=True):
+    if InstallerYesOrNo('Periodically delete old Elasticsearch indices?', default=False):
+      while not InstallerYesOrNo('Indices older than {} {} will be periodically deleted. Is this OK?'.format(curatorDeleteCount, curatorDeleteUnits), default=True):
         while True:
-          curatorPeriod = AskForString('Enter index delete threshold (e.g., 90 days, 2 years, etc.)').lower().split()
+          curatorPeriod = InstallerAskForString('Enter index delete threshold (e.g., 90 days, 2 years, etc.)').lower().split()
           if (len(curatorPeriod) == 2) and (not curatorPeriod[1].endswith('s')):
             curatorPeriod[1] += 's'
           if ((len(curatorPeriod) == 2) and
@@ -546,26 +317,26 @@ def tweak_malcolm_runtime(self, malcolm_install_path, expose_logstash_default=Fa
       curatorDeleteCount = '99'
 
     curatorDeleteOverGigs = '10000'
-    if YesOrNo('Periodically delete the oldest Elasticsearch indices when the database exceeds a certain size?', default=False):
-      while not YesOrNo('Indices will be deleted when the database exceeds {} gigabytes. Is this OK?'.format(curatorDeleteOverGigs), default=True):
+    if InstallerYesOrNo('Periodically delete the oldest Elasticsearch indices when the database exceeds a certain size?', default=False):
+      while not InstallerYesOrNo('Indices will be deleted when the database exceeds {} gigabytes. Is this OK?'.format(curatorDeleteOverGigs), default=True):
         while True:
-          curatorSize = AskForString('Enter index threshold in gigabytes')
+          curatorSize = InstallerAskForString('Enter index threshold in gigabytes')
           if (len(curatorSize) > 0) and curatorSize.isdigit():
             curatorDeleteOverGigs = curatorSize
             break
     else:
       curatorDeleteOverGigs = '9000000'
 
-    autoZeek = YesOrNo('Automatically analyze all PCAP files with Zeek?', default=True)
-    reverseDns = YesOrNo('Perform reverse DNS lookup locally for source and destination IP addresses in Zeek logs?', default=False)
-    autoOui = YesOrNo('Perform hardware vendor OUI lookups for MAC addresses?', default=True)
-    logstashOpen = YesOrNo('Expose Logstash port to external hosts?', default=expose_logstash_default)
-    logstashSsl = logstashOpen and YesOrNo('Should Logstash require SSL for Zeek logs? (Note: This requires the forwarder to be similarly configured and a corresponding copy of the client SSL files.)', default=False)
-    externalEsForward = YesOrNo('Forward Logstash logs to external Elasticstack instance?', default=False)
+    autoZeek = InstallerYesOrNo('Automatically analyze all PCAP files with Zeek?', default=True)
+    reverseDns = InstallerYesOrNo('Perform reverse DNS lookup locally for source and destination IP addresses in Zeek logs?', default=False)
+    autoOui = InstallerYesOrNo('Perform hardware vendor OUI lookups for MAC addresses?', default=True)
+    logstashOpen = InstallerYesOrNo('Expose Logstash port to external hosts?', default=expose_logstash_default)
+    logstashSsl = logstashOpen and InstallerYesOrNo('Should Logstash require SSL for Zeek logs? (Note: This requires the forwarder to be similarly configured and a corresponding copy of the client SSL files.)', default=False)
+    externalEsForward = InstallerYesOrNo('Forward Logstash logs to external Elasticstack instance?', default=False)
     if externalEsForward:
-      externalEsHost = AskForString('Enter external Elasticstack host:port (e.g., 10.0.0.123:9200)')
-      externalEsSsl = YesOrNo('Connect to "{}" using SSL?'.format(externalEsHost), default=True)
-      externalEsSslVerify = externalEsSsl and YesOrNo('Require SSL certificate validation for communication with "{}"?'.format(externalEsHost), default=False)
+      externalEsHost = InstallerAskForString('Enter external Elasticstack host:port (e.g., 10.0.0.123:9200)')
+      externalEsSsl = InstallerYesOrNo('Connect to "{}" using SSL?'.format(externalEsHost), default=True)
+      externalEsSslVerify = externalEsSsl and InstallerYesOrNo('Require SSL certificate validation for communication with "{}"?'.format(externalEsHost), default=False)
     else:
       externalEsHost = ""
       externalEsSsl = False
@@ -582,18 +353,18 @@ def tweak_malcolm_runtime(self, malcolm_install_path, expose_logstash_default=Fa
     clamAvScan = False
     clamAvUpdate = False
 
-    if YesOrNo('Enable file extraction with Zeek?', default=False):
+    if InstallerYesOrNo('Enable file extraction with Zeek?', default=False):
       while fileCarveMode not in allowedFileCarveModes:
-        fileCarveMode = AskForString('Select file extraction behavior {}'.format(allowedFileCarveModes), default=allowedFileCarveModes[0])
+        fileCarveMode = InstallerAskForString('Select file extraction behavior {}'.format(allowedFileCarveModes), default=allowedFileCarveModes[0])
       while filePreserveMode not in allowedFilePreserveModes:
-        filePreserveMode = AskForString('Select file preservation behavior {}'.format(allowedFilePreserveModes), default=allowedFilePreserveModes[0])
+        filePreserveMode = InstallerAskForString('Select file preservation behavior {}'.format(allowedFilePreserveModes), default=allowedFilePreserveModes[0])
       if fileCarveMode is not None:
-        if YesOrNo('Scan extracted files with ClamAV?', default=False):
+        if InstallerYesOrNo('Scan extracted files with ClamAV?', default=False):
           clamAvScan = True
-          clamAvUpdate = YesOrNo('Download updated ClamAV virus signatures periodically?', default=True)
-        elif YesOrNo('Lookup extracted file hashes with VirusTotal?', default=False):
+          clamAvUpdate = InstallerYesOrNo('Download updated ClamAV virus signatures periodically?', default=True)
+        elif InstallerYesOrNo('Lookup extracted file hashes with VirusTotal?', default=False):
           while (len(vtotApiKey) <= 1):
-            vtotApiKey = AskForString('Enter VirusTotal API key')
+            vtotApiKey = InstallerAskForString('Enter VirusTotal API key')
 
     if fileCarveMode not in allowedFileCarveModes:
       fileCarveMode = allowedFileCarveModes[0]
@@ -606,12 +377,12 @@ def tweak_malcolm_runtime(self, malcolm_install_path, expose_logstash_default=Fa
     pcapNetSniff = False
     pcapTcpDump = False
     pcapIface = 'lo'
-    if YesOrNo('Should Malcolm capture network traffic to PCAP files?', default=False):
+    if InstallerYesOrNo('Should Malcolm capture network traffic to PCAP files?', default=False):
       pcapIface = ''
       while (len(pcapIface) <= 0):
-        pcapIface = AskForString('Specify capture interface(s) (comma-separated)')
-      pcapNetSniff = YesOrNo('Capture packets using netsniff-ng?', default=True)
-      pcapTcpDump = YesOrNo('Capture packets using tcpdump?', default=(not pcapNetSniff))
+        pcapIface = InstallerAskForString('Specify capture interface(s) (comma-separated)')
+      pcapNetSniff = InstallerYesOrNo('Capture packets using netsniff-ng?', default=True)
+      pcapTcpDump = InstallerYesOrNo('Capture packets using tcpdump?', default=(not pcapNetSniff))
 
     # modify specified values in-place in docker-compose files
     for composeFile in composeFiles:
@@ -758,10 +529,10 @@ def tweak_malcolm_runtime(self, malcolm_install_path, expose_logstash_default=Fa
     # if the Malcolm dir is owned by root, see if they want to reassign ownership to a non-root user
     if (((self.platform == PLATFORM_LINUX) or (self.platform == PLATFORM_MAC)) and
         (self.scriptUser == "root") and (getpwuid(os.stat(malcolm_install_path).st_uid).pw_uid == self.scriptUser) and
-        YesOrNo('Set ownership of {} to an account other than {}?'.format(malcolm_install_path, self.scriptUser), default=True, forceInteraction=True)):
+        InstallerYesOrNo('Set ownership of {} to an account other than {}?'.format(malcolm_install_path, self.scriptUser), default=True, forceInteraction=True)):
       tmpUser = ''
       while (len(tmpUser) == 0):
-        tmpUser = AskForString('Enter user account').strip()
+        tmpUser = InstallerAskForString('Enter user account').strip()
       err, out = self.run_process(['id', '-g', '-n', tmpUser], stderr=True)
       if (err == 0) and (len(out) > 0) and (len(out[0]) > 0):
         tmpUser = "{}:{}".format(tmpUser, out[0])
@@ -820,27 +591,27 @@ def __init__(self, debug=False):
       self.sudoCmd = ["sudo", "-n"]
       err, out = self.run_process(['whoami'], privileged=True)
       if (err != 0) or (len(out) == 0) or (out[0] != 'root'):
-        raise Exception('{} must be run as root, or {} must be available'.format(scriptName, self.sudoCmd))
+        raise Exception('{} must be run as root, or {} must be available'.format(ScriptName, self.sudoCmd))
 
     # determine command to use to query if a package is installed
-    if Which('dpkg'):
+    if Which('dpkg', debug=self.debug):
       os.environ["DEBIAN_FRONTEND"] = "noninteractive"
       self.checkPackageCmds.append(['dpkg', '-s'])
-    elif Which('rpm'):
+    elif Which('rpm', debug=self.debug):
       self.checkPackageCmds.append(['rpm', '-q'])
-    elif Which('dnf'):
+    elif Which('dnf', debug=self.debug):
       self.checkPackageCmds.append(['dnf', 'list', 'installed'])
-    elif Which('yum'):
+    elif Which('yum', debug=self.debug):
       self.checkPackageCmds.append(['yum', 'list', 'installed'])
 
     # determine command to install a package from the distro's repos
-    if Which('apt-get'):
+    if Which('apt-get', debug=self.debug):
       self.installPackageCmds.append(['apt-get', 'install', '-y', '-qq'])
-    elif Which('apt'):
+    elif Which('apt', debug=self.debug):
       self.installPackageCmds.append(['apt', 'install', '-y', '-qq'])
-    elif Which('dnf'):
+    elif Which('dnf', debug=self.debug):
       self.installPackageCmds.append(['dnf', '-y', 'install'])
-    elif Which('yum'):
+    elif Which('yum', debug=self.debug):
       self.installPackageCmds.append(['yum', '-y', 'install'])
 
     # determine total system memory
@@ -879,9 +650,9 @@ def install_docker(self):
     if (err == 0):
       result = True
 
-    elif YesOrNo('"docker info" failed, attempt to install Docker?', default=True):
+    elif InstallerYesOrNo('"docker info" failed, attempt to install Docker?', default=True):
 
-      if YesOrNo('Attempt to install Docker using official repositories?', default=True):
+      if InstallerYesOrNo('Attempt to install Docker using official repositories?', default=True):
 
         # install required packages for repo-based install
         if self.distro == PLATFORM_LINUX_UBUNTU:
@@ -956,9 +727,9 @@ def install_docker(self):
 
       # the user either chose not to use the official repos, the official repo installation failed, or there are not official repos available
       # see if we want to attempt using the convenience script at https://get.docker.com (see https://github.com/docker/docker-install)
-      if not result and YesOrNo('Docker not installed via official repositories. Attempt to install Docker via convenience script (please read https://github.com/docker/docker-install)?', default=False):
+      if not result and InstallerYesOrNo('Docker not installed via official repositories. Attempt to install Docker via convenience script (please read https://github.com/docker/docker-install)?', default=False):
         tempFileName = os.path.join(self.tempDirName, 'docker-install.sh')
-        if DownloadToFile("https://get.docker.com/", tempFileName):
+        if DownloadToFile("https://get.docker.com/", tempFileName, debug=self.debug):
           os.chmod(tempFileName, 493) # 493 = 0o755
           err, out = self.run_process(([tempFileName]), privileged=True)
           if (err == 0):
@@ -988,8 +759,8 @@ def install_docker(self):
       # add non-root user to docker group if required
       usersToAdd = []
       if self.scriptUser == 'root':
-        while YesOrNo('Add {} non-root user to the "docker" group?'.format('a' if len(usersToAdd) == 0 else 'another')):
-          tmpUser = AskForString('Enter user account')
+        while InstallerYesOrNo('Add {} non-root user to the "docker" group?'.format('a' if len(usersToAdd) == 0 else 'another')):
+          tmpUser = InstallerAskForString('Enter user account')
           if (len(tmpUser) > 0): usersToAdd.append(tmpUser)
       else:
         usersToAdd.append(self.scriptUser)
@@ -1004,7 +775,7 @@ def install_docker(self):
 
     elif (err != 0):
       result = False
-      raise Exception('{} requires docker, please see {}'.format(scriptName, DOCKER_INSTALL_URLS[self.distro]))
+      raise Exception('{} requires docker, please see {}'.format(ScriptName, DOCKER_INSTALL_URLS[self.distro]))
 
     return result
 
@@ -1013,7 +784,7 @@ def install_docker_compose(self):
     result = False
 
     dockerComposeCmd = 'docker-compose'
-    if not Which(dockerComposeCmd) and os.path.isfile('/usr/local/bin/docker-compose'):
+    if not Which(dockerComposeCmd, debug=self.debug) and os.path.isfile('/usr/local/bin/docker-compose'):
       dockerComposeCmd = '/usr/local/bin/docker-compose'
 
     # first see if docker-compose is already installed and runnable (try non-root and root)
@@ -1021,9 +792,9 @@ def install_docker_compose(self):
     if (err != 0):
       err, out = self.run_process([dockerComposeCmd, 'version'], privileged=True)
 
-    if (err != 0) and YesOrNo('"docker-compose version" failed, attempt to install docker-compose?', default=True):
+    if (err != 0) and InstallerYesOrNo('"docker-compose version" failed, attempt to install docker-compose?', default=True):
 
-      if YesOrNo('Install docker-compose directly from docker github?', default=True):
+      if InstallerYesOrNo('Install docker-compose directly from docker github?', default=True):
         # download docker-compose from github and put it in /usr/local/bin
 
         # need to know some linux platform info
@@ -1036,7 +807,7 @@ def install_docker_compose(self):
           # download docker-compose from github and save it to a temporary file
           tempFileName = os.path.join(self.tempDirName, dockerComposeCmd)
           dockerComposeUrl = "https://github.com/docker/compose/releases/download/{}/docker-compose-{}-{}".format(DOCKER_COMPOSE_INSTALL_VERSION, unames[0], unames[1])
-          if DownloadToFile(dockerComposeUrl, tempFileName):
+          if DownloadToFile(dockerComposeUrl, tempFileName, debug=self.debug):
             os.chmod(tempFileName, 493) # 493 = 0o755, mark as executable
             # put docker-compose into /usr/local/bin
             err, out = self.run_process((['cp', '-f', tempFileName, '/usr/local/bin/docker-compose']), privileged=True)
@@ -1049,7 +820,7 @@ def install_docker_compose(self):
           else:
             eprint("Downloading {} to {} failed".format(dockerComposeUrl, tempFileName))
 
-      elif YesOrNo('Install docker-compose via pip (privileged)?', default=False):
+      elif InstallerYesOrNo('Install docker-compose via pip (privileged)?', default=False):
         # install docker-compose via pip (as root)
         err, out = self.run_process([self.pipCmd, 'install', dockerComposeCmd], privileged=True)
         if (err == 0):
@@ -1057,7 +828,7 @@ def install_docker_compose(self):
         else:
           eprint("Install docker-compose via pip failed with {}, {}".format(err, out))
 
-      elif YesOrNo('Install docker-compose via pip (user)?', default=True):
+      elif InstallerYesOrNo('Install docker-compose via pip (user)?', default=True):
         # install docker-compose via pip (regular user)
         err, out = self.run_process([self.pipCmd, 'install', dockerComposeCmd], privileged=False)
         if (err == 0):
@@ -1076,7 +847,7 @@ def install_docker_compose(self):
         eprint('"docker-compose version" succeeded')
 
     else:
-      raise Exception('{} requires docker-compose, please see {}'.format(scriptName, DOCKER_COMPOSE_INSTALL_URLS[self.platform]))
+      raise Exception('{} requires docker-compose, please see {}'.format(ScriptName, DOCKER_COMPOSE_INSTALL_URLS[self.platform]))
 
     return result
 
@@ -1166,14 +937,14 @@ def tweak_system_files(self):
     for config in configLinesToAdd:
 
       if (((len(config.distros) == 0) or (self.codename in config.distros)) and
-          (os.path.isfile(config.filename) or YesOrNo('\n{}\n{} does not exist, create it?'.format(config.description, config.filename), default=True))):
+          (os.path.isfile(config.filename) or InstallerYesOrNo('\n{}\n{} does not exist, create it?'.format(config.description, config.filename), default=True))):
 
         confFileLines = [line.rstrip('\n') for line in open(config.filename)] if os.path.isfile(config.filename) else []
 
         if ((len(confFileLines) == 0) or
             (not os.path.isfile(config.filename) and (len(config.prefix) == 0)) or
             ((len(list(filter(lambda x: x.startswith(config.prefix), confFileLines))) == 0) and
-              YesOrNo('\n{}\n{} appears to be missing from {}, append it?'.format(config.description, config.prefix, config.filename), default=True))):
+              InstallerYesOrNo('\n{}\n{} appears to be missing from {}, append it?'.format(config.description, config.prefix, config.filename), default=True))):
 
           err, out = self.run_process(['bash', '-c', "mkdir -p {} && echo -n -e '\\n{}\\n' >> '{}'".format(os.path.dirname(config.filename),
                                                                                                            "\\n".join(config.lines),
@@ -1181,7 +952,7 @@ def tweak_system_files(self):
 
     # install haveged
     if (not self.package_is_installed('haveged') and
-        YesOrNo('The "haveged" utility may help improve Malcolm startup times by providing entropy for the Linux kernel. Install haveged?', default=False)):
+        InstallerYesOrNo('The "haveged" utility may help improve Malcolm startup times by providing entropy for the Linux kernel. Install haveged?', default=False)):
       havegedPackages = ['haveged']
       if self.distro == PLATFORM_LINUX_CENTOS:
         havegedPackages.append('https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm')
@@ -1214,14 +985,14 @@ def __init__(self, debug=False):
     err, out = self.run_process(['brew', 'info'])
     brewInstalled = (err == 0)
 
-    if brewInstalled and YesOrNo('Homebrew is installed: continue with Homebrew?', default=True):
+    if brewInstalled and InstallerYesOrNo('Homebrew is installed: continue with Homebrew?', default=True):
       self.useBrew = True
 
     else:
       self.useBrew = False
       eprint('Docker can be installed and maintained with Homebrew, or manually.')
-      if (not brewInstalled) and (not YesOrNo('Homebrew is not installed: continue with manual installation?', default=False)):
-        raise Exception('Follow the steps at {} to install Homebrew, then re-run {}'.format(HOMEBREW_INSTALL_URLS[self.platform], scriptName))
+      if (not brewInstalled) and (not InstallerYesOrNo('Homebrew is not installed: continue with manual installation?', default=False)):
+        raise Exception('Follow the steps at {} to install Homebrew, then re-run {}'.format(HOMEBREW_INSTALL_URLS[self.platform], ScriptName))
 
     if self.useBrew:
       # make sure we have brew cask
@@ -1279,7 +1050,7 @@ def install_docker(self):
       # if docker is installed via brew, but not running, prompt them to start it
       eprint('{} appears to be installed via Homebrew, but "docker info" failed'.format(MAC_BREW_DOCKER_PACKAGE))
       while True:
-        response = AskForString('Starting Docker the first time may require user interaction. Please find and start Docker in the Applications folder, then return here and type YES').lower()
+        response = InstallerAskForString('Starting Docker the first time may require user interaction. Please find and start Docker in the Applications folder, then return here and type YES').lower()
         if (response == 'yes'):
           break
       err, out = self.run_process(['docker', 'info'], retry=12, retrySleepSec=5)
@@ -1288,7 +1059,7 @@ def install_docker(self):
     if (err == 0):
       result = True
 
-    elif YesOrNo('"docker info" failed, attempt to install Docker?', default=True):
+    elif InstallerYesOrNo('"docker info" failed, attempt to install Docker?', default=True):
 
       if self.useBrew:
         # install docker via brew cask (requires user interaction)
@@ -1297,7 +1068,7 @@ def install_docker(self):
         if self.install_package(dockerPackages):
           eprint("Installation of docker packages apparently succeeded")
           while True:
-            response = AskForString('Starting Docker the first time may require user interaction. Please find and start Docker in the Applications folder, then return here and type YES').lower()
+            response = InstallerAskForString('Starting Docker the first time may require user interaction. Please find and start Docker in the Applications folder, then return here and type YES').lower()
             if (response == 'yes'):
               break
         else:
@@ -1310,9 +1081,9 @@ def install_docker(self):
           tempFileName = os.path.join(dlDirName, 'Docker.dmg')
         else:
           tempFileName = os.path.join(self.tempDirName, 'Docker.dmg')
-        if DownloadToFile('https://download.docker.com/mac/edge/Docker.dmg', tempFileName):
+        if DownloadToFile('https://download.docker.com/mac/edge/Docker.dmg', tempFileName, debug=self.debug):
           while True:
-            response = AskForString('Installing and starting Docker the first time may require user interaction. Please open Finder and install {}, start Docker from the Applications folder, then return here and type YES'.format(tempFileName)).lower()
+            response = InstallerAskForString('Installing and starting Docker the first time may require user interaction. Please open Finder and install {}, start Docker from the Applications folder, then return here and type YES'.format(tempFileName)).lower()
             if (response == 'yes'):
               break
 
@@ -1324,14 +1095,14 @@ def install_docker(self):
           eprint('"docker info" succeeded')
 
       elif (err != 0):
-        raise Exception('{} requires docker edge, please see {}'.format(scriptName, DOCKER_INSTALL_URLS[self.platform]))
+        raise Exception('{} requires docker edge, please see {}'.format(ScriptName, DOCKER_INSTALL_URLS[self.platform]))
 
     elif (err != 0):
-      raise Exception('{} requires docker edge, please see {}'.format(scriptName, DOCKER_INSTALL_URLS[self.platform]))
+      raise Exception('{} requires docker edge, please see {}'.format(ScriptName, DOCKER_INSTALL_URLS[self.platform]))
 
     # tweak CPU/RAM usage for Docker in Mac
     settingsFile = MAC_BREW_DOCKER_SETTINGS.format(self.scriptUser)
-    if result and os.path.isfile(settingsFile) and YesOrNo('Configure Docker resource usage in {}?'.format(settingsFile), default=True):
+    if result and os.path.isfile(settingsFile) and InstallerYesOrNo('Configure Docker resource usage in {}?'.format(settingsFile), default=True):
 
       # adjust CPU and RAM based on system resources
       if self.totalCores >= 16:
@@ -1360,9 +1131,9 @@ def install_docker(self):
       else:
         newMemoryGiB = 2
 
-      while not YesOrNo('Setting {} for CPU cores and {} GiB for RAM. Is this OK?'.format(newCpus if newCpus else "(unchanged)", newMemoryGiB if newMemoryGiB else "(unchanged)"), default=True):
-        newCpus = AskForString('Enter Docker CPU cores (e.g., 4, 8, 16)')
-        newMemoryGiB = AskForString('Enter Docker RAM MiB (e.g., 8, 16, etc.)')
+      while not InstallerYesOrNo('Setting {} for CPU cores and {} GiB for RAM. Is this OK?'.format(newCpus if newCpus else "(unchanged)", newMemoryGiB if newMemoryGiB else "(unchanged)"), default=True):
+        newCpus = InstallerAskForString('Enter Docker CPU cores (e.g., 4, 8, 16)')
+        newMemoryGiB = InstallerAskForString('Enter Docker RAM MiB (e.g., 8, 16, etc.)')
 
       if newCpus or newMemoryMiB:
         with open(settingsFile, 'r+') as f:
@@ -1393,7 +1164,7 @@ def install_docker(self):
         else:
           eprint("Restarting Docker automatically failed: {}".format(out))
           while True:
-            response = AskForString('Please restart Docker via the system taskbar, then return here and type YES').lower()
+            response = InstallerAskForString('Please restart Docker via the system taskbar, then return here and type YES').lower()
             if (response == 'yes'):
               break
 
@@ -1406,7 +1177,7 @@ def main():
 
   # extract arguments from the command line
   # print (sys.argv[1:]);
-  parser = argparse.ArgumentParser(description='Malcolm install script', add_help=False, usage='{} <arguments>'.format(scriptName))
+  parser = argparse.ArgumentParser(description='Malcolm install script', add_help=False, usage='{} <arguments>'.format(ScriptName))
   parser.add_argument('-v', '--verbose', dest='debug', type=str2bool, nargs='?', const=True, default=False, help="Verbose output")
   parser.add_argument('-m', '--malcolm-file', required=False, dest='mfile', metavar='<STR>', type=str, default='', help='Malcolm .tar.gz file for installation')
   parser.add_argument('-i', '--image-file', required=False, dest='ifile', metavar='<STR>', type=str, default='', help='Malcolm docker images .tar.gz file for installation')
@@ -1424,13 +1195,13 @@ def main():
     exit(2)
 
   if args.debug:
-    eprint(os.path.join(scriptPath, scriptName))
+    eprint(os.path.join(ScriptPath, ScriptName))
     eprint("Arguments: {}".format(sys.argv[1:]))
     eprint("Arguments: {}".format(args))
   else:
     sys.tracebacklimit = 0
 
-  if not ImportRequests():
+  if not ImportRequests(debug=args.debug):
     exit(2)
 
   # If Malcolm and images tarballs are provided, we will use them.
@@ -1445,7 +1216,7 @@ def main():
     # find the most recent non-image tarball, first checking in the pwd then in the script path
     files = list(filter(lambda x: "_images" not in x, glob.glob(os.path.join(origPath, '*.tar.gz'))))
     if (len(files) == 0):
-      files = list(filter(lambda x: "_images" not in x, glob.glob(os.path.join(scriptPath, '*.tar.gz'))))
+      files = list(filter(lambda x: "_images" not in x, glob.glob(os.path.join(ScriptPath, '*.tar.gz'))))
     files.sort(key=lambda x: os.path.getmtime(x), reverse=True)
     if (len(files) > 0):
       malcolmFile = files[0]
@@ -1471,7 +1242,7 @@ def main():
   elif installerPlatform == PLATFORM_MAC:
     installer = MacInstaller(debug=args.debug)
   elif installerPlatform == PLATFORM_WINDOWS:
-    raise Exception('{} is not yet supported on {}'.format(scriptName, installerPlatform))
+    raise Exception('{} is not yet supported on {}'.format(ScriptName, installerPlatform))
     installer = WindowsInstaller(debug=args.debug)
 
   success = False
@@ -1483,7 +1254,7 @@ def main():
   if (not args.configOnly) and hasattr(installer, 'install_docker_images'): success = installer.install_docker_images(imageFile)
   if args.configOnly or (args.configFile and os.path.isfile(args.configFile)):
     if not args.configFile:
-      for testPath in [origPath, scriptPath, os.path.realpath(os.path.join(scriptPath, ".."))]:
+      for testPath in [origPath, ScriptPath, os.path.realpath(os.path.join(ScriptPath, ".."))]:
         if os.path.isfile(os.path.join(testPath, "docker-compose.yml")):
           installPath = testPath
     else:
diff --git a/scripts/logs b/scripts/logs
new file mode 120000
index 000000000..1bc304a1e
--- /dev/null
+++ b/scripts/logs
@@ -0,0 +1 @@
+control.py
\ No newline at end of file
diff --git a/scripts/malcolm_common.py b/scripts/malcolm_common.py
new file mode 100644
index 000000000..77fb81f64
--- /dev/null
+++ b/scripts/malcolm_common.py
@@ -0,0 +1,306 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+
+from __future__ import print_function
+
+import getpass
+import os
+import platform
+import re
+import sys
+import time
+
+from collections import defaultdict
+from pwd import getpwuid
+from subprocess import (PIPE, STDOUT, Popen, CalledProcessError)
+
+###################################################################################################
+ScriptPath = os.path.dirname(os.path.realpath(__file__))
+MalcolmPath = os.path.abspath(os.path.join(ScriptPath, os.pardir))
+
+###################################################################################################
+# python 2/3 portability
+
+PY3 = (sys.version_info.major >= 3)
+
+# bind raw_input to input in older versions of python
+try:
+  input = raw_input
+except NameError:
+  pass
+
+# attempt to import requests, will cover failure later
+try:
+  import requests
+  RequestsImported = True
+except ImportError:
+  RequestsImported = False
+
+try:
+  FileNotFoundError
+except NameError:
+  FileNotFoundError = IOError
+
+###################################################################################################
+PLATFORM_WINDOWS = "Windows"
+PLATFORM_MAC = "Darwin"
+PLATFORM_LINUX = "Linux"
+PLATFORM_LINUX_CENTOS = 'centos'
+PLATFORM_LINUX_DEBIAN = 'debian'
+PLATFORM_LINUX_FEDORA = 'fedora'
+PLATFORM_LINUX_UBUNTU = 'ubuntu'
+
+# URLS for figuring things out if something goes wrong
+DOCKER_INSTALL_URLS = defaultdict(lambda: 'https://docs.docker.com/install/')
+DOCKER_INSTALL_URLS[PLATFORM_WINDOWS] = ['https://stefanscherer.github.io/how-to-install-docker-the-chocolatey-way/',
+                                           'https://docs.docker.com/docker-for-windows/install/']
+DOCKER_INSTALL_URLS[PLATFORM_LINUX_UBUNTU] = 'https://docs.docker.com/install/linux/docker-ce/ubuntu/'
+DOCKER_INSTALL_URLS[PLATFORM_LINUX_DEBIAN] = 'https://docs.docker.com/install/linux/docker-ce/debian/'
+DOCKER_INSTALL_URLS[PLATFORM_LINUX_CENTOS] = 'https://docs.docker.com/install/linux/docker-ce/centos/'
+DOCKER_INSTALL_URLS[PLATFORM_LINUX_FEDORA] = 'https://docs.docker.com/install/linux/docker-ce/fedora/'
+DOCKER_INSTALL_URLS[PLATFORM_MAC] =  ['https://www.code2bits.com/how-to-install-docker-on-macos-using-homebrew/',
+                                        'https://docs.docker.com/docker-for-mac/install/']
+DOCKER_COMPOSE_INSTALL_URLS = defaultdict(lambda: 'https://docs.docker.com/compose/install/')
+HOMEBREW_INSTALL_URLS = defaultdict(lambda: 'https://brew.sh/')
+
+###################################################################################################
+# print to stderr
+def eprint(*args, **kwargs):
+  print(*args, file=sys.stderr, **kwargs)
+
+###################################################################################################
+def EscapeAnsi(line):
+  ansiEscape = re.compile(r'(?:\x1B[@-_]|[\x80-\x9F])[0-?]*[ -/]*[@-~]')
+  return ansiEscape.sub('', line)
+
+###################################################################################################
+# get interactive user response to Y/N question
+def YesOrNo(question, default=None, forceInteraction=False, acceptDefault=False):
+
+  if default == True:
+    questionStr = "\n{} (Y/n): ".format(question)
+  elif default == False:
+    questionStr = "\n{} (y/N): ".format(question)
+  else:
+    questionStr = "\n{} (y/n): ".format(question)
+
+  if acceptDefault and (default is not None) and (not forceInteraction):
+    reply = ''
+  else:
+    while True:
+      reply = str(input(questionStr)).lower().strip()
+      if (len(reply) > 0) or (default is not None):
+        break
+
+  if (len(reply) == 0):
+    reply = 'y' if default else 'n'
+
+  if reply[0] == 'y':
+    return True
+  elif reply[0] == 'n':
+    return False
+  else:
+    return YesOrNo(question, default=default)
+
+###################################################################################################
+# get interactive user response
+def AskForString(question, default=None, forceInteraction=False, acceptDefault=False):
+
+  if acceptDefault and (default is not None) and (not forceInteraction):
+    reply = default
+  else:
+    reply = str(input('\n{}: '.format(question))).strip()
+
+  return reply
+
+###################################################################################################
+# convenient boolean argument parsing
+def str2bool(v):
+  if v.lower() in ('yes', 'true', 't', 'y', '1'):
+    return True
+  elif v.lower() in ('no', 'false', 'f', 'n', '0'):
+    return False
+  else:
+    raise ValueError('Boolean value expected')
+
+###################################################################################################
+# determine if a program/script exists and is executable in the system path
+def Which(cmd, debug=False):
+  result = any(os.access(os.path.join(path, cmd), os.X_OK) for path in os.environ["PATH"].split(os.pathsep))
+  if debug:
+    eprint("Which {} returned {}".format(cmd, result))
+  return result
+
+###################################################################################################
+# nice human-readable file sizes
+def SizeHumanFormat(num, suffix='B'):
+  for unit in ['','Ki','Mi','Gi','Ti','Pi','Ei','Zi']:
+    if abs(num) < 1024.0:
+      return "%3.1f%s%s" % (num, unit, suffix)
+    num /= 1024.0
+  return "%.1f%s%s" % (num, 'Yi', suffix)
+
+###################################################################################################
+# run command with arguments and return its exit code, stdout, and stderr
+def check_output_input(*popenargs, **kwargs):
+
+  if 'stdout' in kwargs:
+    raise ValueError('stdout argument not allowed, it will be overridden')
+
+  if 'stderr' in kwargs:
+    raise ValueError('stderr argument not allowed, it will be overridden')
+
+  if 'input' in kwargs and kwargs['input']:
+    if 'stdin' in kwargs:
+      raise ValueError('stdin and input arguments may not both be used')
+    inputdata = kwargs['input']
+    kwargs['stdin'] = PIPE
+  else:
+    inputdata = None
+  kwargs.pop('input', None)
+
+  process = Popen(*popenargs, stdout=PIPE, stderr=PIPE, **kwargs)
+  try:
+    output, errput = process.communicate(inputdata)
+  except:
+    process.kill()
+    process.wait()
+    raise
+
+  retcode = process.poll()
+
+  return retcode, output, errput
+
+#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+def run_process(command, stdout=True, stderr=True, stdin=None, retry=0, retrySleepSec=5, debug=False):
+  retcode = -1
+  output = []
+
+  try:
+    # run the command
+    retcode, cmdout, cmderr = check_output_input(command, input=stdin.encode() if (PY3 and stdin) else stdin)
+
+    # split the output on newlines to return a list
+    if PY3:
+      if stderr and (len(cmderr) > 0): output.extend(cmderr.decode(sys.getdefaultencoding()).split('\n'))
+      if stdout and (len(cmdout) > 0): output.extend(cmdout.decode(sys.getdefaultencoding()).split('\n'))
+    else:
+      if stderr and (len(cmderr) > 0): output.extend(cmderr.split('\n'))
+      if stdout and (len(cmdout) > 0): output.extend(cmdout.split('\n'))
+
+  except (FileNotFoundError, OSError, IOError) as e:
+    if stderr:
+      output.append("Command {} not found or unable to execute".format(command))
+
+  if debug:
+    eprint("{}{} returned {}: {}".format(command, "({})".format(stdin[:80] + bool(stdin[80:]) * '...' if stdin else ""), retcode, output))
+
+  if (retcode != 0) and retry and (retry > 0):
+    # sleep then retry
+    time.sleep(retrySleepSec)
+    return run_process(command, stdout, stderr, stdin, retry-1, retrySleepSec, debug)
+  else:
+    return retcode, output
+
+###################################################################################################
+# make sure we can import requests properly and take care of it automatically if possible
+def ImportRequests(debug=False):
+  global RequestsImported
+
+  if not RequestsImported:
+    # see if we can help out by installing the requests module
+
+    pyPlatform = platform.system()
+    pyExec = sys.executable
+    pipCmd = 'pip3' if PY3 else 'pip2'
+    if not Which(pipCmd, debug=debug): pipCmd = 'pip'
+
+    eprint('The requests module is required under Python {} ({})'.format(platform.python_version(), pyExec))
+
+    if Which(pipCmd, debug=debug):
+      if YesOrNo('Importing the requests module failed. Attempt to install via {}?'.format(pipCmd)):
+        installCmd = None
+
+        if (pyPlatform == PLATFORM_LINUX) or (pyPlatform == PLATFORM_MAC):
+          # for linux/mac, we're going to try to figure out if this python is owned by root or the script user
+          if (getpass.getuser() == getpwuid(os.stat(pyExec).st_uid).pw_name):
+            # we're running a user-owned python, regular pip should work
+            installCmd = [pipCmd, 'install', 'requests']
+          else:
+            # python is owned by system, so make sure to pass the --user flag
+            installCmd = [pipCmd, 'install', '--user', 'requests']
+        else:
+          # on windows (or whatever other platform this is) I don't know any other way other than pip
+          installCmd = [pipCmd, 'install', 'requests']
+
+        err, out = run_process(installCmd, debug=debug)
+        if err == 0:
+          eprint("Installation of requests module apparently succeeded")
+          try:
+            import requests
+            RequestsImported = True
+          except ImportError as e:
+            eprint("Importing the requests module still failed: {}".format(e))
+        else:
+          eprint("Installation of requests module failed: {}".format(out))
+
+  if not RequestsImported:
+    eprint("System-wide installation varies by platform and Python configuration. Please consult platform-specific documentation for installing Python modules.")
+    if (platform.system() == PLATFORM_MAC):
+      eprint('You *may* be able to install pip and requests manually via: sudo sh -c "easy_install pip && pip install requests"')
+    elif (pyPlatform == PLATFORM_LINUX):
+      if Which('apt-get', debug=debug):
+        eprint('You *may* be able to install requests manually via: sudo apt-get install {}'.format('python3-requests' if PY3 else 'python-requests'))
+      elif Which('apt', debug=debug):
+        eprint('You *may* be able to install requests manually via: sudo apt install {}'.format('python3-requests' if PY3 else 'python-requests'))
+      elif Which('dnf', debug=debug):
+        eprint('You *may* be able to install requests manually via: sudo dnf install {}'.format('python3-requests' if PY3 else 'python2-requests'))
+      elif Which('yum', debug=debug):
+        eprint('You *may* be able to install requests manually via: sudo yum install {}'.format('python-requests'))
+
+  return RequestsImported
+
+###################################################################################################
+# do the required auth files for Malcolm exist?
+def MalcolmAuthFilesExist():
+  return os.path.isfile(os.path.join(MalcolmPath, os.path.join('nginx', 'htpasswd'))) and \
+         os.path.isfile(os.path.join(MalcolmPath, os.path.join('nginx', 'nginx_ldap.conf'))) and \
+         os.path.isfile(os.path.join(MalcolmPath, os.path.join('htadmin', 'config.ini'))) and \
+         os.path.isfile(os.path.join(MalcolmPath, os.path.join('nginx', os.path.join('certs', 'cert.pem')))) and \
+         os.path.isfile(os.path.join(MalcolmPath, os.path.join('nginx', os.path.join('certs', 'key.pem')))) and \
+         os.path.isfile(os.path.join(MalcolmPath, 'auth.env'))
+
+###################################################################################################
+# download to file
+def DownloadToFile(url, local_filename, debug=False):
+  r = requests.get(url, stream=True, allow_redirects=True)
+  with open(local_filename, 'wb') as f:
+    for chunk in r.iter_content(chunk_size=1024):
+      if chunk: f.write(chunk)
+  fExists = os.path.isfile(local_filename)
+  fSize = os.path.getsize(local_filename)
+  if debug:
+    eprint("Download of {} to {} {} ({})".format(url, local_filename, "succeeded" if fExists else "failed", SizeHumanFormat(fSize)))
+  return fExists and (fSize > 0)
+
+###################################################################################################
+# recursively remove empty subfolders
+def RemoveEmptyFolders(path, removeRoot=True):
+  if not os.path.isdir(path):
+    return
+
+  files = os.listdir(path)
+  if len(files):
+    for f in files:
+      fullpath = os.path.join(path, f)
+      if os.path.isdir(fullpath):
+        RemoveEmptyFolders(fullpath)
+
+  files = os.listdir(path)
+  if len(files) == 0 and removeRoot:
+    try:
+      os.rmdir(path)
+    except:
+      pass
\ No newline at end of file
diff --git a/scripts/restart b/scripts/restart
new file mode 120000
index 000000000..1bc304a1e
--- /dev/null
+++ b/scripts/restart
@@ -0,0 +1 @@
+control.py
\ No newline at end of file
diff --git a/scripts/start b/scripts/start
new file mode 120000
index 000000000..1bc304a1e
--- /dev/null
+++ b/scripts/start
@@ -0,0 +1 @@
+control.py
\ No newline at end of file
diff --git a/scripts/stop b/scripts/stop
new file mode 120000
index 000000000..1bc304a1e
--- /dev/null
+++ b/scripts/stop
@@ -0,0 +1 @@
+control.py
\ No newline at end of file
diff --git a/scripts/wipe b/scripts/wipe
new file mode 120000
index 000000000..c910cf9d6
--- /dev/null
+++ b/scripts/wipe
@@ -0,0 +1 @@
+./control.py
\ No newline at end of file

From 3fb4a6266d62c42ae8527928b4ebec7733d6f450 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 21 Jan 2020 14:17:39 -0700
Subject: [PATCH 016/183] have ISO use new scripts

---
 malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot   | 1 +
 .../includes.chroot/usr/share/applications/malcolm-logs.desktop | 2 +-
 .../usr/share/applications/malcolm-restart.desktop              | 2 +-
 .../usr/share/applications/malcolm-start.desktop                | 2 +-
 .../includes.chroot/usr/share/applications/malcolm-stop.desktop | 2 +-
 sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot    | 1 +
 6 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot b/malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot
index 5ee761fa7..5e39cd2e8 100755
--- a/malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot
@@ -6,6 +6,7 @@ export LANG=C.UTF-8
 # python 3
 pip3 install --no-compile --no-cache-dir --force-reinstall --upgrade \
   beautifulsoup4 \
+  colorama \
   debinterface \
   docker-compose \
   netifaces \
diff --git a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-logs.desktop b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-logs.desktop
index bf6244f9b..4c3377ffd 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-logs.desktop
+++ b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-logs.desktop
@@ -1,7 +1,7 @@
 #!/usr/bin/env xdg-open
 [Desktop Entry]
 Name=Malcolm Debug Logs
-Exec=lxterminal --command=/bin/bash\ -l\ -c\ ~/Malcolm/scripts/logs.sh
+Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3 ~/Malcolm/scripts/control.py --logs"
 Comment=Monitor the debug output of Malcolm containers
 Terminal=false
 Type=Application
diff --git a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-restart.desktop b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-restart.desktop
index 52974d132..e6cd0c911 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-restart.desktop
+++ b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-restart.desktop
@@ -1,7 +1,7 @@
 #!/usr/bin/env xdg-open
 [Desktop Entry]
 Name=Restart Malcolm
-Exec=lxterminal --command=/bin/bash\ -l\ -c\ ~/Malcolm/scripts/restart.sh
+Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3 ~/Malcolm/scripts/control.py --restart"
 Comment=Restart Malcolm
 Terminal=false
 Type=Application
diff --git a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-start.desktop b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-start.desktop
index 3e1d6cac0..4e8275922 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-start.desktop
+++ b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-start.desktop
@@ -1,7 +1,7 @@
 #!/usr/bin/env xdg-open
 [Desktop Entry]
 Name=Start Malcolm
-Exec=lxterminal --command=/bin/bash\ -l\ -c\ ~/Malcolm/scripts/start.sh
+Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3 ~/Malcolm/scripts/control.py --start"
 Comment=Start Malcolm
 Terminal=false
 Type=Application
diff --git a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-stop.desktop b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-stop.desktop
index 96aaa9aed..7c846eff4 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-stop.desktop
+++ b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-stop.desktop
@@ -1,7 +1,7 @@
 #!/usr/bin/env xdg-open
 [Desktop Entry]
 Name=Stop Malcolm
-Exec=lxterminal --command=/bin/bash\ -l\ -c\ ~/Malcolm/scripts/stop.sh
+Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3 ~/Malcolm/scripts/control.py --stop"
 Comment=Stop Malcolm
 Terminal=false
 Type=Application
diff --git a/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot b/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot
index 74fecbf06..8b115387d 100755
--- a/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot
@@ -8,6 +8,7 @@ export LANG=C.UTF-8
 # python 3
 pip3 install --no-compile --no-cache-dir --force-reinstall --upgrade \
   beautifulsoup4 \
+  colorama \
   clamd \
   debinterface \
   ipaddress \

From 440c85980b4e58064e164294ee395cf503e93487 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 21 Jan 2020 14:22:43 -0700
Subject: [PATCH 017/183] bump elastic to 7.5.2

---
 Dockerfiles/filebeat.Dockerfile                        |  2 +-
 Dockerfiles/kibana.Dockerfile                          | 10 +++++-----
 Dockerfiles/logstash.Dockerfile                        |  2 +-
 README.md                                              |  4 ++--
 docker-compose-standalone-zeek-live.yml                |  2 +-
 docker-compose-standalone.yml                          |  2 +-
 docker-compose.yml                                     |  2 +-
 .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json          |  2 +-
 .../05e3e000-f118-11e9-acda-83a8e29e1a24.json          |  4 ++--
 .../078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json          |  2 +-
 .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json          |  2 +-
 .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json          |  2 +-
 .../0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json          |  2 +-
 .../0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json          |  2 +-
 .../11be6381-beef-40a7-bdce-88c5398392fc.json          |  2 +-
 .../11ddd980-e388-11e9-b568-cf17de8e860c.json          |  4 ++--
 .../152f29dc-51a2-4f53-93e9-6e92765567b8.json          |  4 ++--
 .../1ce42250-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json          |  2 +-
 .../29a1b290-eb98-11e9-a384-0fcf32210194.json          |  4 ++--
 .../2bec1490-eb94-11e9-a384-0fcf32210194.json          |  4 ++--
 .../2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json          |  2 +-
 .../2d98bb8e-214c-4374-837b-20e1bcd63a5e.json          |  2 +-
 .../32587740-ef88-11e9-b38a-2db3ee640e88.json          |  4 ++--
 .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json          |  2 +-
 .../37041ee1-79c0-4684-a436-3173b0e89876.json          |  2 +-
 .../39abfe30-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../42e831b9-41a9-4f35-8b7d-e1566d368773.json          |  2 +-
 .../432af556-c5c0-4cc3-8166-b274b4e3a406.json          |  2 +-
 .../4e5f106e-c60a-4226-8f64-d534abb912ab.json          |  2 +-
 .../50ced171-1b10-4c3f-8b67-2db9635661a6.json          |  2 +-
 .../543118a9-02d7-43fe-b669-b8652177fc37.json          |  2 +-
 .../55e332d0-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../60d78fbd-471c-4f59-a9e3-189b33a13644.json          |  2 +-
 .../665d1610-523d-11e9-a30e-e3576242f3ed.json          |  4 ++--
 .../76f2f912-80da-44cd-ab66-6a73c8344cc3.json          |  2 +-
 .../77fc9960-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../7f41913f-cba8-43f5-82a8-241b7ead03e0.json          |  2 +-
 .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json          |  4 ++--
 .../82da3101-2a9c-4ae2-bb61-d447a3fbe673.json          |  2 +-
 .../870a5862-6c26-4a08-99fd-0c06cda85ba3.json          |  2 +-
 .../87a32f90-ef58-11e9-974e-9d600036d105.json          |  4 ++--
 .../87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json          |  2 +-
 .../92985909-dc29-4533-9e80-d3182a0ecf1d.json          |  2 +-
 .../9ee51f94-3316-4fc5-bd89-93a52af69714.json          |  2 +-
 .../a16110b0-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../a7514350-eba6-11e9-a384-0fcf32210194.json          |  4 ++--
 .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json          |  4 ++--
 .../ae79b7d1-4281-4095-b2f6-fa7eafda9970.json          |  2 +-
 .../af5df620-eeb6-11e9-bdef-65a192b7f586.json          |  4 ++--
 .../b50c8d17-6ed3-4de6-aed4-5181032810b2.json          |  2 +-
 .../b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../bb827f8e-639e-468c-93c8-9f5bc132eb8f.json          |  2 +-
 .../bed185a0-ef82-11e9-b38a-2db3ee640e88.json          |  4 ++--
 .../caef3ade-d289-4d05-a511-149f3e97f238.json          |  2 +-
 .../d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json          |  2 +-
 .../d41fe630-3f98-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json          |  2 +-
 .../e09a4b86-29b5-4256-bb3b-802ac9f90404.json          |  2 +-
 .../e76d05c0-eb9f-11e9-a384-0fcf32210194.json          |  4 ++--
 .../ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json          |  2 +-
 .../f394057d-1b16-4174-b994-7045f423a416.json          |  2 +-
 .../f77bf097-18a8-465c-b634-eb2acc7a4f26.json          |  2 +-
 .../fa141950-ef89-11e9-b38a-2db3ee640e88.json          |  4 ++--
 .../config/hooks/normal/0910-agg-build.hook.chroot     |  2 +-
 .../Auditbeat-auditd-overview-custom.json              |  2 +-
 .../7/dashboard-custom/Filebeat-syslog-custom.json     |  2 +-
 sensor-iso/beats/Dockerfile                            |  2 +-
 sensor-iso/beats/beat-build.sh                         |  2 +-
 .../config/hooks/normal/0910-sensor-build.hook.chroot  |  2 +-
 .../Auditbeat-auditd-overview-custom.json              |  2 +-
 .../7/dashboard-custom/Filebeat-syslog-custom.json     |  2 +-
 sensor-iso/docs/Notes.md                               |  2 +-
 .../sensor_ctl/heatbeat/protologbeat.template.json     |  2 +-
 75 files changed, 103 insertions(+), 103 deletions(-)

diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile
index 07a3a5226..43c2d4738 100644
--- a/Dockerfiles/filebeat.Dockerfile
+++ b/Dockerfiles/filebeat.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/beats/filebeat-oss:7.5.1
+FROM docker.elastic.co/beats/filebeat-oss:7.5.2
 
 # Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
index f5fb8b2a8..3b27ed75b 100644
--- a/Dockerfiles/kibana.Dockerfile
+++ b/Dockerfiles/kibana.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/kibana/kibana-oss:7.5.1
+FROM docker.elastic.co/kibana/kibana-oss:7.5.2
 
 # Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
@@ -76,7 +76,7 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     cd /tmp && \
     echo "Installing ElastAlert plugin..." && \
       unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
-      sed -i "s/7\.5\.0/7\.5\.1/g" kibana/elastalert-kibana-plugin/package.json && \
+      sed -i "s/7\.5\.0/7\.5\.2/g" kibana/elastalert-kibana-plugin/package.json && \
       zip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
       /usr/share/kibana/bin/kibana-plugin install file:///tmp/elastalert-kibana-plugin.zip --allow-root && \
       rm -f /tmp/elastalert-kibana-plugin.zip
@@ -84,14 +84,14 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     ## && \
     ## echo "Installing Swimlanes visualization..." && \
     ##  unzip kibana-swimlane.zip kibana/prelert_swimlane_vis-7.4.2/package.json && \
-    ##  sed -i "s/7\.4\.2/7\.5\.1/g" kibana/prelert_swimlane_vis-7.4.2/package.json && \
+    ##  sed -i "s/7\.4\.2/7\.5\.2/g" kibana/prelert_swimlane_vis-7.4.2/package.json && \
     ##  zip kibana-swimlane.zip kibana/prelert_swimlane_vis-7.4.2/package.json && \
     ##  /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
     ##  bash -c "find /usr/share/kibana/plugins/prelert_swimlane_vis/ -type f -exec chmod 644 '{}' \;" && \
     ##  rm -f /tmp/kibana-swimlane.zip && \
     ## echo "Installing Comments visualization..." && \
     ##   unzip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
-    ##   sed -i "s/7\.4\.0/7\.5\.1/g" kibana/kibana-comments-app-plugin/package.json && \
+    ##   sed -i "s/7\.4\.0/7\.5\.2/g" kibana/kibana-comments-app-plugin/package.json && \
     ##   zip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
     ##   /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-comments.zip --allow-root && \
     ##   rm -rf /tmp/kibana-comments.zip /tmp/kibana && \
@@ -99,7 +99,7 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     ## && \
     ## echo "Installing Milestones visualization..." && \
     ##  unzip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
-    ##  sed -i "s/7\.1\.1/7\.5\.1/g" kibana/kibana-milestones-vis/package.json && \
+    ##  sed -i "s/7\.1\.1/7\.5\.2/g" kibana/kibana-milestones-vis/package.json && \
     ##  zip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
     ##  /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-milestones.zip --allow-root && \
     ##  rm -rf /tmp/kibana-milestones.zip /tmp/kibana
diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile
index 9d92c15da..67679418c 100644
--- a/Dockerfiles/logstash.Dockerfile
+++ b/Dockerfiles/logstash.Dockerfile
@@ -42,7 +42,7 @@ RUN /bin/bash -lc "command curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -
     git clone --depth 1 https://github.com/mmguero/logstash-filter-ieee_oui.git /opt/logstash-filter-ieee_oui && \
     /bin/bash -lc "cd /opt/logstash-filter-ieee_oui && bundle install && gem build logstash-filter-ieee_oui.gemspec && bundle info logstash-filter-ieee_oui"
 
-FROM docker.elastic.co/logstash/logstash-oss:7.5.1
+FROM docker.elastic.co/logstash/logstash-oss:7.5.2
 USER root
 
 COPY --from=build /opt/logstash-filter-ieee_oui /opt/logstash-filter-ieee_oui
diff --git a/README.md b/README.md
index 0b99ae27d..bca5d7a07 100644
--- a/README.md
+++ b/README.md
@@ -139,7 +139,7 @@ malcolmnetsec/curator                               1.9.0               xxxxxxxx
 malcolmnetsec/nginx-proxy                           1.9.0               xxxxxxxxxxxx        29 minutes ago      54.5MB
 malcolmnetsec/elastalert                            1.9.0               xxxxxxxxxxxx        30 minutes ago      276MB
 malcolmnetsec/htadmin                               1.9.0               xxxxxxxxxxxx        31 minutes ago      256MB
-docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         825MB
+docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.2               xxxxxxxxxxxx        5 weeks ago         825MB
 ```
 
 You must run [`auth_setup.sh`](#AuthSetup) prior to running `docker-compose pull`. You should also ensure your system configuration and `docker-compose.yml` settings are tuned by running `./scripts/install.py` or `./scripts/install.py --configure` (see [System configuration and tuning](#ConfigAndTuning)).
@@ -1763,7 +1763,7 @@ malcolmnetsec/curator                               1.9.0               xxxxxxxx
 malcolmnetsec/kibana-oss                            1.9.0               xxxxxxxxxxxx        33 hours ago        944MB
 malcolmnetsec/filebeat-oss                          1.9.0               xxxxxxxxxxxx        11 days ago         459MB
 malcolmnetsec/elastalert                            1.9.0               xxxxxxxxxxxx        11 days ago         276MB
-docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         769MB
+docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.2               xxxxxxxxxxxx        5 weeks ago         769MB
 ```
 
 Finally, we can start Malcolm. When Malcolm starts it will stream informational and debug messages to the console. If you wish, you can safely close the console or use `Ctrl+C` to stop these messages; Malcolm will continue running in the background.
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 349202297..137406944 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -95,7 +95,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.1
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.2
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 31559d635..c5681f3ec 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -95,7 +95,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.1
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.2
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/docker-compose.yml b/docker-compose.yml
index ea88df778..8d1b84516 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -95,7 +95,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.1
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.2
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
index 383df668a..6d4f92707 100644
--- a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
+++ b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "024062a6-48d6-498f-a91a-3bf2da3a3cd3",
diff --git a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
index a0b5fb65e..aefd0a75e 100644
--- a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
+++ b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "05e3e000-f118-11e9-acda-83a8e29e1a24",
@@ -10,7 +10,7 @@
         "title": "LDAP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":18,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":27,\"w\":25,\"h\":27,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":25,\"y\":27,\"w\":23,\"h\":27,\"i\":\"9\"},\"version\":\"7.5.1\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":18,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":27,\"w\":25,\"h\":27,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":25,\"y\":27,\"w\":23,\"h\":27,\"i\":\"9\"},\"version\":\"7.5.2\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
index 0bb32110f..d12865cd4 100644
--- a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
+++ b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b",
diff --git a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index 4241db2c8..a8059700c 100644
--- a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "0a490422-0ce9-44bf-9a2d-19329ddde8c3",
diff --git a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index 38a9ecabf..2ae33f18a 100644
--- a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "0ad3d7c2-3441-485e-9dfe-dbb22e84e576",
diff --git a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
index ed3430204..b54343811 100644
--- a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
+++ b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0",
diff --git a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
index a0c443d45..02274a749 100644
--- a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
+++ b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa",
diff --git a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
index 4068721e5..f51520293 100644
--- a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
+++ b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "11be6381-beef-40a7-bdce-88c5398392fc",
diff --git a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
index b7166dee4..e1306e57a 100644
--- a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
+++ b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "11ddd980-e388-11e9-b568-cf17de8e860c",
@@ -10,7 +10,7 @@
         "title": "QUIC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"15\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"15\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"16\",\"w\":48,\"x\":0,\"y\":69},\"panelIndex\":\"16\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"17\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"18\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"18\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"19\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"19\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"20\",\"w\":20,\"x\":8,\"y\":29},\"panelIndex\":\"20\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"21\",\"w\":20,\"x\":28,\"y\":29},\"panelIndex\":\"21\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"22\",\"w\":40,\"x\":8,\"y\":49},\"panelIndex\":\"22\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":13,\"i\":\"23\",\"w\":8,\"x\":0,\"y\":56},\"panelIndex\":\"23\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"15\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"15\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"16\",\"w\":48,\"x\":0,\"y\":69},\"panelIndex\":\"16\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"17\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"18\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"18\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"19\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"19\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"20\",\"w\":20,\"x\":8,\"y\":29},\"panelIndex\":\"20\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"21\",\"w\":20,\"x\":28,\"y\":29},\"panelIndex\":\"21\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"22\",\"w\":40,\"x\":8,\"y\":49},\"panelIndex\":\"22\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":13,\"i\":\"23\",\"w\":8,\"x\":0,\"y\":56},\"panelIndex\":\"23\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
index e74245e43..cc9a1cc60 100644
--- a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
+++ b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "152f29dc-51a2-4f53-93e9-6e92765567b8",
@@ -10,7 +10,7 @@
         "title": "Modbus",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":53,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":20,\"x\":8,\"y\":33},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":13,\"i\":\"13\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"13\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":73},\"panelIndex\":\"14\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"15\",\"w\":17,\"x\":8,\"y\":13},\"panelIndex\":\"15\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":23,\"x\":25,\"y\":13},\"panelIndex\":\"16\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17\",\"w\":20,\"x\":28,\"y\":33},\"panelIndex\":\"17\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"18\",\"w\":27,\"x\":0,\"y\":53},\"panelIndex\":\"18\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"19\",\"w\":21,\"x\":27,\"y\":53},\"panelIndex\":\"19\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":53,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":20,\"x\":8,\"y\":33},\"panelIndex\":\"11\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":13,\"i\":\"13\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"13\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":73},\"panelIndex\":\"14\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"15\",\"w\":17,\"x\":8,\"y\":13},\"panelIndex\":\"15\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":23,\"x\":25,\"y\":13},\"panelIndex\":\"16\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17\",\"w\":20,\"x\":28,\"y\":33},\"panelIndex\":\"17\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"18\",\"w\":27,\"x\":0,\"y\":53},\"panelIndex\":\"18\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"19\",\"w\":21,\"x\":27,\"y\":53},\"panelIndex\":\"19\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index 9b664c906..a086cac38 100644
--- a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "1ce42250-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Sum of Total Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
index 2cec97baf..587afd3ee 100644
--- a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
+++ b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "1fff49f6-0199-4a0f-820b-721aff9ff1f1",
diff --git a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
index 195bf3e2e..ee78c2940 100644
--- a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "29a1b290-eb98-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "EtherNet/IP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":74,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":15,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":15,\"w\":18,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":15,\"w\":22,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":34,\"w\":18,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":22,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":8,\"y\":54,\"w\":22,\"h\":20,\"i\":\"9\"},\"version\":\"7.5.1\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":30,\"y\":54,\"w\":18,\"h\":20,\"i\":\"10\"},\"version\":\"7.5.1\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":74,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":15,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":15,\"w\":18,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":15,\"w\":22,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":34,\"w\":18,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":22,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":8,\"y\":54,\"w\":22,\"h\":20,\"i\":\"9\"},\"version\":\"7.5.2\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":30,\"y\":54,\"w\":18,\"h\":20,\"i\":\"10\"},\"version\":\"7.5.2\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
index e8ab6848c..fb084ab2d 100644
--- a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "2bec1490-eb94-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "BACnet",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":73,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":25,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":25,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":25,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":53,\"w\":40,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":20,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":33,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":73,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":25,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":25,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":25,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":53,\"w\":40,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":20,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":33,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
index 4fe6a2dc5..cee731445 100644
--- a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
+++ b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "2cf94cd0-ecab-40a5-95a7-8419f3a39cd9",
diff --git a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
index 86f1a27ff..6916ba23b 100644
--- a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
+++ b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "2d98bb8e-214c-4374-837b-20e1bcd63a5e",
diff --git a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
index 77bb347ea..7b7460f81 100644
--- a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "32587740-ef88-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream - RPC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":29,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"7\"},\"version\":\"7.5.1\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":29,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"7\"},\"version\":\"7.5.2\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
index 3f1afddfc..de6b1234a 100644
--- a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
+++ b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "36ed695f-edcc-47c1-b0ec-50d20c93ce0f",
diff --git a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
index 85e63de5f..4bc05ad3c 100644
--- a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
+++ b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "37041ee1-79c0-4684-a436-3173b0e89876",
diff --git a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index a035eaa8d..0c7fb206d 100644
--- a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "39abfe30-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Top Connection Duration (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 15d8430fb..93a437b3d 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "42e831b9-41a9-4f35-8b7d-e1566d368773",
diff --git a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
index 15a302270..cf4104c5c 100644
--- a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
+++ b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "432af556-c5c0-4cc3-8166-b274b4e3a406",
diff --git a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
index d8e76e6f8..c598b00b8 100644
--- a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
+++ b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "4e5f106e-c60a-4226-8f64-d534abb912ab",
diff --git a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
index 048619661..a9318d246 100644
--- a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
+++ b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "50ced171-1b10-4c3f-8b67-2db9635661a6",
diff --git a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
index 7b62e8ebf..bd1dd2262 100644
--- a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
+++ b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "543118a9-02d7-43fe-b669-b8652177fc37",
diff --git a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index 45c9c6e7a..b3740c30b 100644
--- a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "55e332d0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Originator Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
index abd234a92..3b8463a06 100644
--- a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
+++ b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "60d78fbd-471c-4f59-a9e3-189b33a13644",
diff --git a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
index 662d538a7..f437c7bb1 100644
--- a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
+++ b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "665d1610-523d-11e9-a30e-e3576242f3ed",
@@ -10,7 +10,7 @@
         "title": "Signatures",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"9\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"10\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":48,\"i\":\"11\",\"w\":40,\"x\":8,\"y\":32},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"12\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"13\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"13\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"9\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"9\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"10\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"10\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":48,\"i\":\"11\",\"w\":40,\"x\":8,\"y\":32},\"panelIndex\":\"11\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"12\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"13\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"13\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
index ce199c1d1..5ed1f19c1 100644
--- a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
+++ b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "76f2f912-80da-44cd-ab66-6a73c8344cc3",
diff --git a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index 34861ea02..baf9beb19 100644
--- a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "77fc9960-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Responder Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
index f1c2d9208..0fae1b8da 100644
--- a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
+++ b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "7f41913f-cba8-43f5-82a8-241b7ead03e0",
diff --git a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index c57632be4..474dacfe7 100644
--- a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb",
@@ -10,7 +10,7 @@
         "title": "SSL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"7\"},\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":124,\"w\":16,\"h\":24,\"i\":\"9\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":36,\"y\":124,\"w\":12,\"h\":24,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":16,\"y\":124,\"w\":20,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":24,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"14\"},\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":0,\"y\":148,\"w\":48,\"h\":72,\"i\":\"15\"},\"version\":\"7.5.1\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"19\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":24,\"i\":\"19\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"20\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"21\",\"gridData\":{\"x\":8,\"y\":32,\"w\":40,\"h\":24,\"i\":\"21\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_12\"},{\"gridData\":{\"x\":0,\"y\":104,\"w\":24,\"h\":20,\"i\":\"22\"},\"version\":\"7.5.1\",\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":24,\"y\":104,\"w\":24,\"h\":20,\"i\":\"23\"},\"version\":\"7.5.1\",\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]",
+        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"7\"},\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":124,\"w\":16,\"h\":24,\"i\":\"9\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":36,\"y\":124,\"w\":12,\"h\":24,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":16,\"y\":124,\"w\":20,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":24,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"14\"},\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":0,\"y\":148,\"w\":48,\"h\":72,\"i\":\"15\"},\"version\":\"7.5.2\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"19\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":24,\"i\":\"19\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"20\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"21\",\"gridData\":{\"x\":8,\"y\":32,\"w\":40,\"h\":24,\"i\":\"21\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_12\"},{\"gridData\":{\"x\":0,\"y\":104,\"w\":24,\"h\":20,\"i\":\"22\"},\"version\":\"7.5.2\",\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":24,\"y\":104,\"w\":24,\"h\":20,\"i\":\"23\"},\"version\":\"7.5.2\",\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
index 976898082..a63128a4f 100644
--- a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
+++ b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "82da3101-2a9c-4ae2-bb61-d447a3fbe673",
diff --git a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
index b29ab8dbf..70cd5fd33 100644
--- a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
+++ b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "870a5862-6c26-4a08-99fd-0c06cda85ba3",
diff --git a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
index b29bc391d..8420a16a7 100644
--- a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
+++ b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "87a32f90-ef58-11e9-974e-9d600036d105",
@@ -10,7 +10,7 @@
         "title": "MQTT",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":33,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":33,\"w\":17,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"x\":16,\"y\":53,\"w\":32,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":25,\"i\":\"12\"},\"version\":\"7.5.1\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":33,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":33,\"w\":17,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"x\":16,\"y\":53,\"w\":32,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":25,\"i\":\"12\"},\"version\":\"7.5.2\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
index 452bebb42..794d82e38 100644
--- a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
+++ b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "87d990cc-9e0b-41e5-b8fe-b10ae1da0c85",
diff --git a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
index 4152357e1..7d6a56f91 100644
--- a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
+++ b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "92985909-dc29-4533-9e80-d3182a0ecf1d",
diff --git a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
index eef0b5bf1..460fcc278 100644
--- a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
+++ b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "9ee51f94-3316-4fc5-bd89-93a52af69714",
diff --git a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index c2f3660c4..a6ff79e32 100644
--- a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "a16110b0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Sum of Total Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
index f46d049a9..b9ac5738d 100644
--- a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "a7514350-eba6-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "PROFINET",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":69,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":69,\"w\":48,\"h\":34,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":50,\"w\":19,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":50,\"w\":20,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":19,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":27,\"y\":33,\"w\":21,\"h\":17,\"i\":\"10\"},\"version\":\"7.5.1\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":69,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":69,\"w\":48,\"h\":34,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":50,\"w\":19,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":50,\"w\":20,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":19,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":27,\"y\":33,\"w\":21,\"h\":17,\"i\":\"10\"},\"version\":\"7.5.2\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index 17b697ec2..b9b59f1fe 100644
--- a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4",
@@ -10,7 +10,7 @@
         "title": "Connections",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":134,\"w\":16,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":134,\"w\":16,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":195,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":195,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":32,\"y\":195,\"w\":16,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":20,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"22\"},\"panelIndex\":\"22\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"23\"},\"panelIndex\":\"23\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"24\"},\"panelIndex\":\"24\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"gridData\":{\"x\":0,\"y\":215,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":0,\"y\":91,\"w\":19,\"h\":7,\"i\":\"26\"},\"panelIndex\":\"26\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_15\"},{\"gridData\":{\"x\":19,\"y\":73,\"w\":29,\"h\":25,\"i\":\"30\"},\"panelIndex\":\"30\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_16\"},{\"gridData\":{\"x\":32,\"y\":134,\"w\":16,\"h\":21,\"i\":\"31\"},\"panelIndex\":\"31\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":175,\"w\":24,\"h\":20,\"i\":\"32\"},\"panelIndex\":\"32\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_18\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":175,\"w\":24,\"h\":20,\"i\":\"33\"},\"panelIndex\":\"33\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_19\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":155,\"w\":24,\"h\":20,\"i\":\"34\"},\"panelIndex\":\"34\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_20\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":155,\"w\":24,\"h\":20,\"i\":\"35\"},\"panelIndex\":\"35\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_21\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":25,\"i\":\"36\"},\"panelIndex\":\"36\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_22\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":25,\"i\":\"37\"},\"panelIndex\":\"37\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_23\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":0,\"y\":73,\"w\":19,\"h\":18,\"i\":\"38\"},\"panelIndex\":\"38\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_24\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":134,\"w\":16,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":134,\"w\":16,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":195,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":195,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":32,\"y\":195,\"w\":16,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":20,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"22\"},\"panelIndex\":\"22\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"23\"},\"panelIndex\":\"23\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"24\"},\"panelIndex\":\"24\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"gridData\":{\"x\":0,\"y\":215,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":0,\"y\":91,\"w\":19,\"h\":7,\"i\":\"26\"},\"panelIndex\":\"26\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_15\"},{\"gridData\":{\"x\":19,\"y\":73,\"w\":29,\"h\":25,\"i\":\"30\"},\"panelIndex\":\"30\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_16\"},{\"gridData\":{\"x\":32,\"y\":134,\"w\":16,\"h\":21,\"i\":\"31\"},\"panelIndex\":\"31\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":175,\"w\":24,\"h\":20,\"i\":\"32\"},\"panelIndex\":\"32\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_18\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":175,\"w\":24,\"h\":20,\"i\":\"33\"},\"panelIndex\":\"33\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_19\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":155,\"w\":24,\"h\":20,\"i\":\"34\"},\"panelIndex\":\"34\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_20\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":155,\"w\":24,\"h\":20,\"i\":\"35\"},\"panelIndex\":\"35\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_21\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":25,\"i\":\"36\"},\"panelIndex\":\"36\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_22\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":25,\"i\":\"37\"},\"panelIndex\":\"37\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_23\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":0,\"y\":73,\"w\":19,\"h\":18,\"i\":\"38\"},\"panelIndex\":\"38\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_24\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
index 7fa6a732e..109f0b51b 100644
--- a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
+++ b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "ae79b7d1-4281-4095-b2f6-fa7eafda9970",
diff --git a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
index 00fde0bad..0434f4dcb 100644
--- a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
+++ b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "af5df620-eeb6-11e9-bdef-65a192b7f586",
@@ -10,7 +10,7 @@
         "title": "NTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":29,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":28,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":8,\"w\":21,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":28,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":20,\"i\":\"13\"},\"version\":\"7.5.1\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":29,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":28,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":8,\"w\":21,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":28,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":20,\"i\":\"13\"},\"version\":\"7.5.2\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
index 6e1917e34..f4aac4ee3 100644
--- a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
+++ b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "b50c8d17-6ed3-4de6-aed4-5181032810b2",
diff --git a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index 6749c245b..e65465920 100644
--- a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "b9f247c0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Top Connection Duration (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
index bbcd37232..1c6f8480e 100644
--- a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
+++ b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "bb827f8e-639e-468c-93c8-9f5bc132eb8f",
diff --git a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
index 42259d51b..62d7ac1c9 100644
--- a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "bed185a0-ef82-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":7,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":0,\"w\":33,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":11,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":35,\"y\":14,\"w\":13,\"h\":20,\"i\":\"7\"},\"version\":\"7.5.1\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":7,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":0,\"w\":33,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":11,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":35,\"y\":14,\"w\":13,\"h\":20,\"i\":\"7\"},\"version\":\"7.5.2\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
index f50d9e94b..e91ca3533 100644
--- a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
+++ b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "caef3ade-d289-4d05-a511-149f3e97f238",
diff --git a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json b/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
index 42d47b481..8d6e91e96 100644
--- a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
+++ b/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "d15a9d40-5c3e-492f-8e17-67a5d6862a3a",
diff --git a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index 332203b06..f636d781c 100644
--- a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "d41fe630-3f98-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Originator Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
index 1200e30e6..04f34c777 100644
--- a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
+++ b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "d4fd6afd-15cb-42bf-8a25-03dd8e59b327",
diff --git a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
index 01a3383a8..d03229ccb 100644
--- a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
+++ b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "e09a4b86-29b5-4256-bb3b-802ac9f90404",
diff --git a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
index b8fbe1d36..ee8bdbbc1 100644
--- a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "e76d05c0-eb9f-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "S7comm",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":51,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":34,\"w\":20,\"h\":17,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":20,\"h\":17,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":14,\"w\":20,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":51,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":34,\"w\":20,\"h\":17,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":20,\"h\":17,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":14,\"w\":20,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index 679477fcd..3467e4d6a 100644
--- a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "ed8a6640-3f98-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Responder Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
index c862ddd67..49450001d 100644
--- a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
+++ b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "f1f09567-fc7f-450b-a341-19d2f2bb468b",
diff --git a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
index 2b72cb10c..554158dda 100644
--- a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
+++ b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "f394057d-1b16-4174-b994-7045f423a416",
diff --git a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
index 16cad4e83..f6f268690 100644
--- a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
+++ b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "f77bf097-18a8-465c-b634-eb2acc7a4f26",
diff --git a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
index 78494f26f..63cb5a786 100644
--- a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "fa141950-ef89-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream - SQL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":47,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"2\",\"w\":48,\"x\":0,\"y\":47},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":11,\"x\":21,\"y\":8},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":40,\"x\":8,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":47,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"2\",\"w\":48,\"x\":0,\"y\":47},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":11,\"x\":21,\"y\":8},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":40,\"x\":8,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot b/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
index b2b91769e..10ecc0fb9 100755
--- a/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-BEATS_VER="7.5.1"
+BEATS_VER="7.5.2"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json b/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
index dc292c4e9..1eae59653 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
+++ b/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "072befc0-ffba-11e8-a854-ad7782ef6a55",
diff --git a/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json b/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
index d2afbf94f..ed2b8b92f 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
+++ b/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "1ca59220-ffb0-11e8-a854-ad7782ef6a55",
diff --git a/sensor-iso/beats/Dockerfile b/sensor-iso/beats/Dockerfile
index 0a86b16c1..60d1b33b7 100644
--- a/sensor-iso/beats/Dockerfile
+++ b/sensor-iso/beats/Dockerfile
@@ -28,7 +28,7 @@ RUN apt-get update && apt-get install -y \
     bash -c "curl https://glide.sh/get | bash"
 
 ENV BEATS=metricbeat
-ENV BEATS_VERSION=7.5.1
+ENV BEATS_VERSION=7.5.2
 
 ADD ./build.sh /build.sh
 RUN [ "chmod", "+x", "/build.sh" ]
diff --git a/sensor-iso/beats/beat-build.sh b/sensor-iso/beats/beat-build.sh
index 0241c2e99..915aff66f 100755
--- a/sensor-iso/beats/beat-build.sh
+++ b/sensor-iso/beats/beat-build.sh
@@ -2,7 +2,7 @@
 
 # Copyright (c) 2018 Battelle Energy Alliance, LLC.  All rights reserved.
 
-VERSION="7.5.1"
+VERSION="7.5.2"
 THIRD_PARTY_BRANCH="master"
 while getopts b:v:t: opts; do
    case ${opts} in
diff --git a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
index 4d6ce1bb9..8f179f22a 100755
--- a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -11,7 +11,7 @@ ZEEK_PATCH_URLS=(
   # nothing here for now
 )
 
-BEATS_VER="7.5.1"
+BEATS_VER="7.5.2"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json b/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
index dc292c4e9..1eae59653 100644
--- a/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
+++ b/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "072befc0-ffba-11e8-a854-ad7782ef6a55",
diff --git a/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json b/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
index d2afbf94f..ed2b8b92f 100644
--- a/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
+++ b/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.5.2",
   "objects": [
     {
       "id": "1ca59220-ffb0-11e8-a854-ad7782ef6a55",
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index fb5889354..228560175 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -1763,7 +1763,7 @@ The Elastic Stack's [Beats](https://www.elastic.co/products/beats) platform is a
 
 set -e
 
-BEATS_VER="7.5.1"
+BEATS_VER="7.5.2"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json b/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
index 5013a1251..aa50ef5a3 100644
--- a/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
+++ b/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
@@ -2,7 +2,7 @@
   "index_patterns": ["protologbeat-*"],
   "mappings": {
     "_meta": {
-      "version": "7.5.1"
+      "version": "7.5.2"
     },
     "dynamic_templates": [{
       "strings_as_keyword": {

From 34c0b122047d8af3ef80fa2d729b831fdb853c05 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 21 Jan 2020 15:52:43 -0700
Subject: [PATCH 018/183] update iso build scripts to use new python scripts
 for install

---
 malcolm-iso/build.sh                  | 14 +++++++++-----
 scripts/malcolm_appliance_packager.sh | 15 ++++++++++-----
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/malcolm-iso/build.sh b/malcolm-iso/build.sh
index 8c0092501..90ba35225 100755
--- a/malcolm-iso/build.sh
+++ b/malcolm-iso/build.sh
@@ -108,12 +108,16 @@ if [ -d "$WORKDIR" ]; then
   cp ./cidr-map.txt "$MALCOLM_DEST_DIR/"
   cp ./host-map.txt "$MALCOLM_DEST_DIR/"
   cp ./scripts/auth_setup.sh "$MALCOLM_DEST_DIR/scripts/"
-  cp ./scripts/start.sh "$MALCOLM_DEST_DIR/scripts/"
-  cp ./scripts/stop.sh "$MALCOLM_DEST_DIR/scripts/"
-  cp ./scripts/restart.sh "$MALCOLM_DEST_DIR/scripts/"
-  cp ./scripts/wipe.sh "$MALCOLM_DEST_DIR/scripts/"
-  cp ./scripts/logs.sh "$MALCOLM_DEST_DIR/scripts/"
   cp ./scripts/install.py "$MALCOLM_DEST_DIR/scripts/"
+  cp ./scripts/control.py "$MALCOLM_DEST_DIR/scripts/"
+  pushd "$MALCOLM_DEST_DIR/scripts/" >/dev/null 2>&1
+  ln -s ./control.py start
+  ln -s ./control.py stop
+  ln -s ./control.py restart
+  ln -s ./control.py wipe
+  ln -s ./control.py logs
+  popd >/dev/null 2>&1
+  cp ./scripts/malcolm_common.py "$MALCOLM_DEST_DIR/scripts/"
   cp ./README.md "$MALCOLM_DEST_DIR/"
   cp ./nginx/certs/*.sh "$MALCOLM_DEST_DIR/nginx/certs/"
   cp ./logstash/certs/Makefile ./logstash/certs/*.conf "$MALCOLM_DEST_DIR/logstash/certs/"
diff --git a/scripts/malcolm_appliance_packager.sh b/scripts/malcolm_appliance_packager.sh
index c594f516b..6284f7a01 100755
--- a/scripts/malcolm_appliance_packager.sh
+++ b/scripts/malcolm_appliance_packager.sh
@@ -85,12 +85,9 @@ if mkdir "$DESTDIR"; then
   cp $VERBOSE ./cidr-map.txt "$DESTDIR/"
   cp $VERBOSE ./host-map.txt "$DESTDIR/"
   cp $VERBOSE ./scripts/auth_setup.sh "$DESTDIR/scripts/"
-  cp $VERBOSE ./scripts/start.sh "$DESTDIR/scripts/"
-  cp $VERBOSE ./scripts/stop.sh "$DESTDIR/scripts/"
-  cp $VERBOSE ./scripts/restart.sh "$DESTDIR/scripts/"
-  cp $VERBOSE ./scripts/wipe.sh "$DESTDIR/scripts/"
-  cp $VERBOSE ./scripts/logs.sh "$DESTDIR/scripts/"
   cp $VERBOSE ./scripts/install.py "$DESTDIR/scripts/"
+  cp $VERBOSE ./scripts/control.py "$DESTDIR/scripts/"
+  cp $VERBOSE ./scripts/malcolm_common.py "$DESTDIR/scripts/"
   cp $VERBOSE ./README.md "$DESTDIR/"
   cp $VERBOSE ./nginx/certs/*.sh "$DESTDIR/nginx/certs/"
   cp $VERBOSE ./logstash/certs/Makefile ./logstash/certs/*.conf "$DESTDIR/logstash/certs/"
@@ -98,6 +95,13 @@ if mkdir "$DESTDIR"; then
   cp $VERBOSE ./elastalert/rules/* "$DESTDIR/elastalert/rules/" 2>/dev/null || true
   cp $VERBOSE ./elastalert/sample-rules/* "$DESTDIR/elastalert/sample-rules/" 2>/dev/null || true
   pushd "$DESTDIR" >/dev/null 2>&1
+  pushd "./scripts" >/dev/null 2>&1
+  ln -s ./control.py start
+  ln -s ./control.py stop
+  ln -s ./control.py restart
+  ln -s ./control.py wipe
+  ln -s ./control.py logs
+  popd  >/dev/null 2>&1
   echo "You must set an administrator username and password for Malcolm, and self-signed X.509 certificates will be generated"
   ./scripts/auth_setup.sh
   rm -rf logstash/certs/ca.key
@@ -107,6 +111,7 @@ if mkdir "$DESTDIR"; then
   README_HTML="$RUN_PATH/$(basename $DESTDIR).README.html"
   docker run --rm --entrypoint /bin/bash "$(grep -E 'image: *malcolmnetsec/moloch' "$DESTDIR/docker-compose.yml" | awk '{print $2}')" -c "cat /data/moloch/doc/README.html" > "$README_HTML" || true
   cp $VERBOSE "$SCRIPT_PATH/install.py" "$RUN_PATH/"
+  cp $VERBOSE "$SCRIPT_PATH/malcolm_common.py" "$RUN_PATH/"
   tar -czf $VERBOSE "$DESTNAME" "./$(basename $DESTDIR)/"
   echo "Packaged Malcolm to \"$DESTNAME\""
   echo ""

From e017a1d72bf140e659f6c34313af9ccd93c71b7d Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 22 Jan 2020 08:57:32 -0700
Subject: [PATCH 019/183] compatibility fixes for scripts under linux

---
 scripts/control.py |  3 --
 scripts/install.py | 72 ++++++++++++++++++++++++++++++++++++++--------
 2 files changed, 60 insertions(+), 15 deletions(-)

diff --git a/scripts/control.py b/scripts/control.py
index c31621edc..e97d82e8a 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -236,9 +236,6 @@ def main():
   else:
     sys.tracebacklimit = 0
 
-  if not ImportRequests(debug=args.debug):
-    exit(2)
-
   os.chdir(MalcolmPath)
 
   # make sure docker/docker-compose is available
diff --git a/scripts/install.py b/scripts/install.py
index b87e16a44..0634b32fe 100755
--- a/scripts/install.py
+++ b/scripts/install.py
@@ -28,7 +28,7 @@
 from malcolm_common import *
 
 ###################################################################################################
-DOCKER_COMPOSE_INSTALL_VERSION="1.24.0"
+DOCKER_COMPOSE_INSTALL_VERSION="1.25.1"
 
 DEB_GPG_KEY_FINGERPRINT = '0EBFCD88' # used to verify GPG key for Docker Debian repository
 
@@ -553,28 +553,75 @@ def __init__(self, debug=False):
     else:
       super(LinuxInstaller, self).__init__(debug)
 
-    self.distro = "linux"
+    self.distro = None
     self.codename = None
+    self.release = None
 
     # determine the distro (e.g., ubuntu) and code name (e.g., bionic) if applicable
-    err, out = self.run_process(['lsb_release', '-is'], stderr=False)
-    if (err == 0) and (len(out) > 0):
-      self.distro = out[0].lower()
+
+    # check /etc/os-release values first
+    if os.path.isfile('/etc/os-release'):
+      osInfo = dict()
+
+      with open("/etc/os-release", 'r') as f:
+        for line in f:
+          try:
+            k, v = line.rstrip().split("=")
+            osInfo[k] = v.strip('"')
+          except:
+            pass
+
+      if ('NAME' in osInfo) and (len(osInfo['NAME']) > 0):
+        distro = osInfo['NAME'].lower().split()[0]
+
+      if ('VERSION_CODENAME' in osInfo) and (len(osInfo['VERSION_CODENAME']) > 0):
+        codename = osInfo['VERSION_CODENAME'].lower().split()[0]
+
+      if ('VERSION_ID' in osInfo) and (len(osInfo['VERSION_ID']) > 0):
+        release = osInfo['VERSION_ID'].lower().split()[0]
+
+    # try lsb_release next
+    if (self.distro is None):
+      err, out = self.run_process(['lsb_release', '-is'], stderr=False)
+      if (err == 0) and (len(out) > 0):
+        self.distro = out[0].lower()
+
+    if (self.codename is None):
       err, out = self.run_process(['lsb_release', '-cs'], stderr=False)
       if (err == 0) and (len(out) > 0):
         self.codename = out[0].lower()
-    else:
+
+    if (self.release is None):
+      err, out = self.run_process(['lsb_release', '-rs'], stderr=False)
+      if (err == 0) and (len(out) > 0):
+        self.release = out[0].lower()
+
+    # try release-specific files
+    if (self.distro is None):
+      if os.path.isfile('/etc/centos-release'):
+        distroFile = '/etc/centos-release'
       if os.path.isfile('/etc/redhat-release'):
         distroFile = '/etc/redhat-release'
       elif os.path.isfile('/etc/issue'):
         distroFile = '/etc/issue'
       else:
         distroFile = None
-      if distroFile:
+      if (distroFile is not None):
         with open(distroFile, 'r') as f:
-          self.distro = f.read().lower().split()[0]
+          distroVals = f.read().lower().split()
+          distroNums = [x for x in distroVals if x[0].isdigit()]
+          self.distro = distroVals[0]
+          if (self.release is None) and (len(distroNums) > 0):
+            self.release = distroNums[0]
+
+    if (self.distro is None):
+      self.distro = "linux"
+
     if self.debug:
-      eprint("distro: {}{}".format(self.distro, " {}".format(self.codename) if self.codename else ""))
+      eprint("distro: {}{}{}".format(self.distro,
+                                     " {}".format(self.codename) if self.codename else "",
+                                     " {}".format(self.release) if self.release else ""))
+
     if not self.codename: self.codename = self.distro
 
     # determine packages required by Malcolm itself (not docker, those will be done later)
@@ -610,7 +657,7 @@ def __init__(self, debug=False):
     elif Which('apt', debug=self.debug):
       self.installPackageCmds.append(['apt', 'install', '-y', '-qq'])
     elif Which('dnf', debug=self.debug):
-      self.installPackageCmds.append(['dnf', '-y', 'install'])
+      self.installPackageCmds.append(['dnf', '-y', 'install', '--nobest'])
     elif Which('yum', debug=self.debug):
       self.installPackageCmds.append(['yum', '-y', 'install'])
 
@@ -953,9 +1000,10 @@ def tweak_system_files(self):
     # install haveged
     if (not self.package_is_installed('haveged') and
         InstallerYesOrNo('The "haveged" utility may help improve Malcolm startup times by providing entropy for the Linux kernel. Install haveged?', default=False)):
+      if (self.distro == PLATFORM_LINUX_CENTOS) and (self.release is not None):
+        eprint("Installing EPEL repo")
+        self.install_package(['https://dl.fedoraproject.org/pub/epel/epel-release-latest-{}.noarch.rpm'.format(self.release.split('.')[0])])
       havegedPackages = ['haveged']
-      if self.distro == PLATFORM_LINUX_CENTOS:
-        havegedPackages.append('https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm')
       eprint("Installing haveged packages: {}".format(havegedPackages))
       if self.install_package(havegedPackages):
         eprint("Installation of haveged packages apparently succeeded")

From 79c39c05bb4fbf6258f27b8c5e28c3dc6ed61057 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 22 Jan 2020 09:07:55 -0700
Subject: [PATCH 020/183] don't source missing files

---
 scripts/auth_setup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/auth_setup.sh b/scripts/auth_setup.sh
index a8a47d3cb..97eebb2f9 100755
--- a/scripts/auth_setup.sh
+++ b/scripts/auth_setup.sh
@@ -65,7 +65,7 @@ htpasswd -b $HTPASSWD_CREATE_FLAG -B ./htpasswd "$USERNAME" "$PASSWORD" >/dev/nu
 # if the admininstrator username has changed, remove the previous administrator username from htpasswd
 [[ -n "$USERNAME_PREVIOUS" ]] && [ "$USERNAME" != "$USERNAME_PREVIOUS" ] && sed -i "/^$USERNAME_PREVIOUS:/d" ./htpasswd
 
-source ../.ldap_config_defaults 2>/dev/null || true
+[[ -r ../.ldap_config_defaults ]] && source ../.ldap_config_defaults 2>/dev/null || true
 LDAP_DEFAULT_PROTO=${LDAP_PROTO:-"ldap://"}
 LDAP_DEFAULT_HOST=${LDAP_HOST:-"ds.example.com"}
 LDAP_DEFAULT_PORT=${LDAP_PORT:-"3268"}

From e19912a220c98093931e16fdb2ed08eaeea44eaf Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 22 Jan 2020 12:42:15 -0700
Subject: [PATCH 021/183] more reworking of scripts from bash -> python (not
 complete yet, may be in a broken state)

---
 README.md                               |  16 +-
 docker-compose-standalone-zeek-live.yml |   2 +-
 docker-compose-standalone.yml           |   2 +-
 docker-compose.yml                      |   2 +-
 malcolm-iso/build.sh                    |   2 +-
 nginx/certs/.gitignore                  |   3 +
 nginx/certs/gen_self_signed_certs.sh    |   8 -
 scripts/auth_setup                      |   1 +
 scripts/auth_setup.sh                   | 207 -----------------
 scripts/control.py                      | 295 +++++++++++++++++++++++-
 scripts/logs                            |   2 +-
 scripts/logs.sh                         |  48 ----
 scripts/malcolm_appliance_packager.sh   |  16 +-
 scripts/malcolm_common.py               |   6 +
 scripts/restart                         |   2 +-
 scripts/restart.sh                      |  42 ----
 scripts/start                           |   2 +-
 scripts/start.sh                        |  96 --------
 scripts/stop                            |   2 +-
 scripts/stop.sh                         |  56 -----
 scripts/wipe.sh                         |  52 -----
 sensor-iso/README.md                    |   2 +-
 22 files changed, 321 insertions(+), 543 deletions(-)
 create mode 100644 nginx/certs/.gitignore
 delete mode 100755 nginx/certs/gen_self_signed_certs.sh
 create mode 120000 scripts/auth_setup
 delete mode 100755 scripts/auth_setup.sh
 delete mode 100755 scripts/logs.sh
 delete mode 100755 scripts/restart.sh
 delete mode 100755 scripts/start.sh
 delete mode 100755 scripts/stop.sh
 delete mode 100755 scripts/wipe.sh

diff --git a/README.md b/README.md
index bca5d7a07..68e10b820 100644
--- a/README.md
+++ b/README.md
@@ -142,7 +142,7 @@ malcolmnetsec/htadmin                               1.9.0               xxxxxxxx
 docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.2               xxxxxxxxxxxx        5 weeks ago         825MB
 ```
 
-You must run [`auth_setup.sh`](#AuthSetup) prior to running `docker-compose pull`. You should also ensure your system configuration and `docker-compose.yml` settings are tuned by running `./scripts/install.py` or `./scripts/install.py --configure` (see [System configuration and tuning](#ConfigAndTuning)).
+You must run [`auth_setup`](#AuthSetup) prior to running `docker-compose pull`. You should also ensure your system configuration and `docker-compose.yml` settings are tuned by running `./scripts/install.py` or `./scripts/install.py --configure` (see [System configuration and tuning](#ConfigAndTuning)).
 
 #### Import from pre-packaged tarballs
 
@@ -292,7 +292,7 @@ Checking out the [Malcolm source code](https://github.com/idaholab/Malcolm/tree/
 
 and the following files of special note:
 
-* `auth.env` - the script `./scripts/auth_setup.sh` prompts the user for the administrator credentials used by the Malcolm appliance, and `auth.env` is the environment file where those values are stored
+* `auth.env` - the script `./scripts/auth_setup` prompts the user for the administrator credentials used by the Malcolm appliance, and `auth.env` is the environment file where those values are stored
 * `cidr-map.txt` - specify custom IP address to network segment mapping
 * `host-map.txt` - specify custom IP and/or MAC address to host mapping
 * `docker-compose.yml` - the configuration file used by `docker-compose` to build, start, and stop an instance of the Malcolm appliance
@@ -365,7 +365,7 @@ To start, stop, restart, etc. Malcolm:
    - restart.sh    (restart Malcolm)
    - logs.sh       (monitor Malcolm logs)
    - wipe.sh       (stop Malcolm and clear its database)
-   - auth_setup.sh (change authentication-related settings)
+   - auth_setup (change authentication-related settings)
 
 A minute or so after starting Malcolm, the following services will be accessible:
   - Moloch: https://localhost/
@@ -663,7 +663,7 @@ LDAP authentication are managed on a remote directory service, such as a [Micros
 
 Malcolm's authentication method is defined in the `x-auth-variables` section near the top of the [`docker-compose.yml`](#DockerComposeYml) file with the `NGINX_BASIC_AUTH` environment variable: `true` for local TLS-encrypted HTTP basic authentication, `false` for LDAP authentication.
 
-In either case, you **must** run `./scripts/auth_setup.sh` before starting Malcolm for the first time in order to:
+In either case, you **must** run `./scripts/auth_setup` before starting Malcolm for the first time in order to:
 
 * define the local Malcolm administrator account username and password (although these credentials will only be used for basic authentication, not LDAP authentication)
 * specify whether or not to (re)generate the self-signed certificates used for HTTPS access
@@ -676,7 +676,7 @@ In either case, you **must** run `./scripts/auth_setup.sh` before starting Malco
 
 ##### <a name="AuthBasicAccountManagement"></a>Local account management
 
-[`auth_setup.sh`](#AuthSetup) is used to define the username and password for the administrator account. Once Malcolm is running, the administrator account can be used to manage other user accounts via a **Malcolm User Management** page served over HTTPS on port 488 (e.g., [https://localhost:488](https://localhost:488) if you are connecting locally).
+[`auth_setup`](#AuthSetup) is used to define the username and password for the administrator account. Once Malcolm is running, the administrator account can be used to manage other user accounts via a **Malcolm User Management** page served over HTTPS on port 488 (e.g., [https://localhost:488](https://localhost:488) if you are connecting locally).
 
 Malcolm user accounts can be used to access the [interfaces](#UserInterfaceURLs) of all of its [components](#Components), including Moloch. Moloch uses its own internal database of user accounts, so when a Malcolm user account logs in to Moloch for the first time Malcolm creates a corresponding Moloch user account automatically. This being the case, it is *not* recommended to use the Moloch **Users** settings page or change the password via the **Password** form under the Moloch **Settings** page, as those settings would not be consistently used across Malcolm.
 
@@ -684,7 +684,7 @@ Users may change their passwords via the **Malcolm User Management** page by cli
 
 #### <a name="AuthLDAP"></a>Lightweight Directory Access Protocol (LDAP) authentication
 
-The [nginx-auth-ldap](https://github.com/kvspb/nginx-auth-ldap) module serves as the interface between Malcolm's [Nginx](https://nginx.org/) web server and a remote LDAP server. When you run [`auth_setup.sh`](#AuthSetup) for the first time, a sample LDAP configuration file is created at `nginx/nginx_ldap.conf`. 
+The [nginx-auth-ldap](https://github.com/kvspb/nginx-auth-ldap) module serves as the interface between Malcolm's [Nginx](https://nginx.org/) web server and a remote LDAP server. When you run [`auth_setup`](#AuthSetup) for the first time, a sample LDAP configuration file is created at `nginx/nginx_ldap.conf`. 
 
 ```
 # This is a sample configuration for the ldap_server section of nginx.conf.
@@ -1395,7 +1395,7 @@ Following these prompts, the installer will reboot and the Malcolm base operatin
 
 When the system boots for the first time, the Malcolm Docker images will load if the installer was built with pre-packaged installation files as described above. Wait for this operation to continue (the progress dialog will disappear when they have finished loading) before continuing the setup.
 
-Open a terminal (click the red terminal 🗔 icon next to the Debian swirl logo 🍥 menu button in the menu bar). At this point, setup is similar to the steps described in the [Quick start](#QuickStart) section. Navigate to the Malcolm directory (`cd ~/Malcolm`) and run [`auth_setup.sh`](#AuthSetup) to configure authentication. If the ISO didn't have pre-packaged Malcolm images, or if you'd like to retrieve the latest updates, run `docker-compose pull`. Finalize your configuration by running `sudo python3 scripts/install.py -c` and follow the prompts as illustrated in the [installation example](#InstallationExample).
+Open a terminal (click the red terminal 🗔 icon next to the Debian swirl logo 🍥 menu button in the menu bar). At this point, setup is similar to the steps described in the [Quick start](#QuickStart) section. Navigate to the Malcolm directory (`cd ~/Malcolm`) and run [`auth_setup`](#AuthSetup) to configure authentication. If the ISO didn't have pre-packaged Malcolm images, or if you'd like to retrieve the latest updates, run `docker-compose pull`. Finalize your configuration by running `sudo python3 scripts/install.py -c` and follow the prompts as illustrated in the [installation example](#InstallationExample).
 
 Once Malcolm is configured, you can [start Malcolm](#Starting) via the command line or by clicking the circular yellow Malcolm icon in the menu bar.
 
@@ -1718,7 +1718,7 @@ At this point you should **reboot your computer** so that the new system setting
 
 Now we need to [set up authentication](#AuthSetup) and generate some unique self-signed SSL certificates. You can replace `analyst` in this example with whatever username you wish to use to log in to the Malcolm web interface.
 ```
-user@host:~/Malcolm$ ./scripts/auth_setup.sh
+user@host:~/Malcolm$ ./scripts/auth_setup
 Username: analyst
 analyst password:
 analyst password (again):
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 137406944..d93e7baa0 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -48,7 +48,7 @@ x-logstash-variables: &logstash-variables
   # ES_EXTERNAL_HOSTS : '10.0.0.123:9200'
   # ES_EXTERNAL_SSL : 'true'
   # ES_EXTERNAL_SSL_CERTIFICATE_VERIFICATION : 'false'
-  # For security, ES_EXTERNAL_USER and ES_EXTERNAL_PASSWORD should be stored in Logstash keystore using ./scripts/auth_setup.sh
+  # For security, ES_EXTERNAL_USER and ES_EXTERNAL_PASSWORD should be stored in Logstash keystore using ./scripts/auth_setup
   #   See also volume mount for logstash.keystore below.
   # ES_EXTERNAL_USER : 'janedoe'
   # ES_EXTERNAL_PASSWORD : 'secret'
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index c5681f3ec..6867dc561 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -48,7 +48,7 @@ x-logstash-variables: &logstash-variables
   # ES_EXTERNAL_HOSTS : '10.0.0.123:9200'
   # ES_EXTERNAL_SSL : 'true'
   # ES_EXTERNAL_SSL_CERTIFICATE_VERIFICATION : 'false'
-  # For security, ES_EXTERNAL_USER and ES_EXTERNAL_PASSWORD should be stored in Logstash keystore using ./scripts/auth_setup.sh
+  # For security, ES_EXTERNAL_USER and ES_EXTERNAL_PASSWORD should be stored in Logstash keystore using ./scripts/auth_setup
   #   See also volume mount for logstash.keystore below.
   # ES_EXTERNAL_USER : 'janedoe'
   # ES_EXTERNAL_PASSWORD : 'secret'
diff --git a/docker-compose.yml b/docker-compose.yml
index 8d1b84516..cbfa2fe46 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -48,7 +48,7 @@ x-logstash-variables: &logstash-variables
   # ES_EXTERNAL_HOSTS : '10.0.0.123:9200'
   # ES_EXTERNAL_SSL : 'true'
   # ES_EXTERNAL_SSL_CERTIFICATE_VERIFICATION : 'false'
-  # For security, ES_EXTERNAL_USER and ES_EXTERNAL_PASSWORD should be stored in Logstash keystore using ./scripts/auth_setup.sh
+  # For security, ES_EXTERNAL_USER and ES_EXTERNAL_PASSWORD should be stored in Logstash keystore using ./scripts/auth_setup
   #   See also volume mount for logstash.keystore below.
   # ES_EXTERNAL_USER : 'janedoe'
   # ES_EXTERNAL_PASSWORD : 'secret'
diff --git a/malcolm-iso/build.sh b/malcolm-iso/build.sh
index 90ba35225..4e17f51c4 100755
--- a/malcolm-iso/build.sh
+++ b/malcolm-iso/build.sh
@@ -107,7 +107,6 @@ if [ -d "$WORKDIR" ]; then
   cp ./docker-compose-standalone-zeek-live.yml "$MALCOLM_DEST_DIR/docker-compose-zeek-live.yml"
   cp ./cidr-map.txt "$MALCOLM_DEST_DIR/"
   cp ./host-map.txt "$MALCOLM_DEST_DIR/"
-  cp ./scripts/auth_setup.sh "$MALCOLM_DEST_DIR/scripts/"
   cp ./scripts/install.py "$MALCOLM_DEST_DIR/scripts/"
   cp ./scripts/control.py "$MALCOLM_DEST_DIR/scripts/"
   pushd "$MALCOLM_DEST_DIR/scripts/" >/dev/null 2>&1
@@ -116,6 +115,7 @@ if [ -d "$WORKDIR" ]; then
   ln -s ./control.py restart
   ln -s ./control.py wipe
   ln -s ./control.py logs
+  ln -s ./control.py auth_setup
   popd >/dev/null 2>&1
   cp ./scripts/malcolm_common.py "$MALCOLM_DEST_DIR/scripts/"
   cp ./README.md "$MALCOLM_DEST_DIR/"
diff --git a/nginx/certs/.gitignore b/nginx/certs/.gitignore
new file mode 100644
index 000000000..a5baada18
--- /dev/null
+++ b/nginx/certs/.gitignore
@@ -0,0 +1,3 @@
+*
+!.gitignore
+
diff --git a/nginx/certs/gen_self_signed_certs.sh b/nginx/certs/gen_self_signed_certs.sh
deleted file mode 100755
index 7d5988009..000000000
--- a/nginx/certs/gen_self_signed_certs.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
-
-
-# one may wish to consider not using self-signed certificates in production
-openssl dhparam -out dhparam.pem 2048
-openssl req -subj '/CN=localhost' -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 3650
diff --git a/scripts/auth_setup b/scripts/auth_setup
new file mode 120000
index 000000000..c910cf9d6
--- /dev/null
+++ b/scripts/auth_setup
@@ -0,0 +1 @@
+./control.py
\ No newline at end of file
diff --git a/scripts/auth_setup.sh b/scripts/auth_setup.sh
deleted file mode 100755
index 97eebb2f9..000000000
--- a/scripts/auth_setup.sh
+++ /dev/null
@@ -1,207 +0,0 @@
-#!/bin/bash
-
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
-
-if [ -z "$BASH_VERSION" ]; then
-  echo "Wrong interpreter, please run \"$0\" with bash"
-  exit 1
-fi
-
-set -e
-
-if docker version >/dev/null 2>&1; then
-  DOCKER_BIN=docker
-elif grep -q Microsoft /proc/version && docker.exe version >/dev/null 2>&1; then
-  DOCKER_BIN=docker.exe
-fi
-
-if [ "$1" ]; then
-  CONFIG_FILE="$1"
-else
-  CONFIG_FILE="docker-compose.yml"
-fi
-
-# force-navigate to Malcolm base directory (parent of scripts/ directory)
-[[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
-[[ "$(uname -s)" = 'Darwin' ]] && DIRNAME=gdirname || DIRNAME=dirname
-if ! (type "$REALPATH" && type "$DIRNAME") > /dev/null; then
-  echo "$(basename "${BASH_SOURCE[0]}") requires $REALPATH and $DIRNAME"
-  exit 1
-fi
-SCRIPT_PATH="$($DIRNAME $($REALPATH -e "${BASH_SOURCE[0]}"))"
-pushd "$SCRIPT_PATH/.." >/dev/null 2>&1
-
-USERNAME=""
-PASSWORD=""
-PASSWORD_CONFIRM=""
-
-read -p "Administrator username: " USERNAME
-while true; do
-    read -s -p "${USERNAME} password: " PASSWORD
-    echo
-    read -s -p "${USERNAME} password (again): " PASSWORD_CONFIRM
-    echo
-    [ "$PASSWORD" = "$PASSWORD_CONFIRM" ] && break
-    echo "Passwords do not match"
-done
-PASSWORD_ENCRYPTED="$(echo $PASSWORD | openssl passwd -1 -stdin)"
-
-# get previous admin username to remove from htpasswd file if it's changed
-unset USERNAME_PREVIOUS
-[[ -r auth.env ]] && source auth.env && USERNAME_PREVIOUS="$MALCOLM_USERNAME"
-
-cat <<EOF > auth.env
-# Malcolm Administrator username and encrypted password for nginx reverse proxy (and upload server's SFTP access)
-MALCOLM_USERNAME=$USERNAME
-MALCOLM_PASSWORD=$PASSWORD_ENCRYPTED
-EOF
-chmod 600 ./auth.env
-
-pushd ./nginx/ >/dev/null 2>&1
-# create or update the htpasswd file
-[[ ! -f ./htpasswd ]] && HTPASSWD_CREATE_FLAG="-c" || HTPASSWD_CREATE_FLAG=""
-htpasswd -b $HTPASSWD_CREATE_FLAG -B ./htpasswd "$USERNAME" "$PASSWORD" >/dev/null 2>&1
-
-# if the admininstrator username has changed, remove the previous administrator username from htpasswd
-[[ -n "$USERNAME_PREVIOUS" ]] && [ "$USERNAME" != "$USERNAME_PREVIOUS" ] && sed -i "/^$USERNAME_PREVIOUS:/d" ./htpasswd
-
-[[ -r ../.ldap_config_defaults ]] && source ../.ldap_config_defaults 2>/dev/null || true
-LDAP_DEFAULT_PROTO=${LDAP_PROTO:-"ldap://"}
-LDAP_DEFAULT_HOST=${LDAP_HOST:-"ds.example.com"}
-LDAP_DEFAULT_PORT=${LDAP_PORT:-"3268"}
-LDAP_DEFAULT_SERVER_TYPE=${LDAP_SERVER_TYPE:-"winldap"}
-if [[ "$LDAP_DEFAULT_SERVER_TYPE" = 'openldap' ]]; then
-  LDAP_DEFAULT_URI='DC=example,DC=com?uid?sub?(objectClass=posixAccount)'
-  LDAP_DEFAULT_GROUP_ATTR=memberuid
-else
-  LDAP_DEFAULT_URI='DC=example,DC=com?sAMAccountName?sub?(objectClass=person)'
-  LDAP_DEFAULT_GROUP_ATTR=member
-fi
-
-[[ ! -f nginx_ldap.conf ]] && cat <<EOF > nginx_ldap.conf
-# This is a sample configuration for the ldap_server section of nginx.conf.
-# Yours will vary depending on how your Active Directory/LDAP server is configured.
-# See https://github.com/kvspb/nginx-auth-ldap#available-config-parameters for options.
-
-ldap_server ad_server {
-  url "${LDAP_DEFAULT_PROTO}${LDAP_DEFAULT_HOST}:${LDAP_DEFAULT_PORT}/${LDAP_DEFAULT_URI}";
-
-  binddn "bind_dn";
-  binddn_passwd "bind_dn_password";
-
-  group_attribute ${LDAP_DEFAULT_GROUP_ATTR};
-  group_attribute_is_dn on;
-  require group "CN=malcolm,OU=groups,DC=example,DC=com";
-  require valid_user;
-  satisfy all;
-}
-
-auth_ldap_cache_enabled on;
-auth_ldap_cache_expiration_time 10000;
-auth_ldap_cache_size 1000;
-EOF
-
-popd >/dev/null 2>&1
-
-pushd ./htadmin/ >/dev/null 2>&1
-cat <<EOF > config.ini
-; HTAdmin config file.
-
-[application]
-; Change this to customize your title:
-app_title = Malcolm User Management
-
-; htpasswd file
-secure_path  = ./config/htpasswd
-; metadata file
-metadata_path  = ./config/metadata
-
-; administrator user/password (htpasswd -b -c -B ...)
-admin_user = $USERNAME
-
-; username field quality checks
-;
-min_username_len = 4
-max_username_len = 12
-
-; Password field quality checks
-;
-min_password_len = 6
-max_password_len = 20
-
-EOF
-touch metadata
-popd >/dev/null 2>&1
-
-if [[ ! -f ./elastalert/config/smtp-auth.yaml ]]; then
-  # create a sample smtp-auth.yaml for if/when we want to do elastalert email
-  pushd ./elastalert/config/ >/dev/null 2>&1
-  cat <<EOF > smtp-auth.yaml
-user: "user@gmail.com"
-password: "abcdefg1234567"
-EOF
-  chmod 600 ./smtp-auth.yaml
-  popd >/dev/null 2>&1
-fi
-
-unset CONFIRMATION
-echo ""
-read -p "(Re)generate self-signed certificates for HTTPS access [Y/n]? " CONFIRMATION
-CONFIRMATION=${CONFIRMATION:-Y}
-if [[ $CONFIRMATION =~ ^[Yy]$ ]]; then
-  pushd ./nginx/certs >/dev/null 2>&1
-  rm -f *.pem
-  /bin/bash ./gen_self_signed_certs.sh >/dev/null 2>&1
-  popd >/dev/null 2>&1
-fi
-
-unset CONFIRMATION
-echo ""
-read -p "(Re)generate self-signed certificates for a remote log forwarder [Y/n]? " CONFIRMATION
-CONFIRMATION=${CONFIRMATION:-Y}
-if [[ $CONFIRMATION =~ ^[Yy]$ ]]; then
-  pushd ./logstash/certs/ >/dev/null 2>&1
-  make clean >/dev/null 2>&1
-  make >/dev/null 2>&1
-  mkdir -p ../../filebeat/certs
-  rm -f ../../filebeat/certs/*
-  cp ca.crt ../../filebeat/certs
-  mv client.key client.crt ../../filebeat/certs
-  rm -f *.srl *.csr *.pem
-  popd >/dev/null 2>&1
-fi
-
-unset CONFIRMATION
-echo ""
-read -p "Store username/password for forwarding Logstash events to a secondary, external Elasticsearch instance [y/N]? " CONFIRMATION
-CONFIRMATION=${CONFIRMATION:-N}
-if [[ $CONFIRMATION =~ ^[Yy]$ ]]; then
-
-  EXT_USERNAME=""
-  EXT_PASSWORD=""
-  EXT_PASSWORD_CONFIRM=""
-  read -p "External Elasticsearch username: " EXT_USERNAME
-  while true; do
-      read -s -p "${EXT_USERNAME} password: " EXT_PASSWORD
-      echo
-      read -s -p "${EXT_USERNAME} password (again): " EXT_PASSWORD_CONFIRM
-      echo
-      [ "$EXT_PASSWORD" = "$EXT_PASSWORD_CONFIRM" ] && break
-      echo "Passwords do not match"
-  done
-  echo
-
-  pushd ./logstash/certs/ >/dev/null 2>&1
-  rm -f ./logstash.keystore
-  $DOCKER_BIN run --rm --entrypoint /bin/bash \
-    -v "$(pwd)":/usr/share/logstash/config:rw \
-    -w /usr/share/logstash/config \
-    -u logstash \
-    -e EXT_USERNAME="$EXT_USERNAME" \
-    -e EXT_PASSWORD="$EXT_PASSWORD" \
-    "$(grep "image: malcolmnetsec/logstash" ../../"$CONFIG_FILE" | awk '{print $2}')" \
-    /usr/local/bin/set_es_external_keystore.sh
-  popd >/dev/null 2>&1
-fi
-
-popd >/dev/null 2>&1
diff --git a/scripts/control.py b/scripts/control.py
index e97d82e8a..c0cf67405 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -16,7 +16,7 @@
 import sys
 
 from malcolm_common import *
-
+from collections import defaultdict, namedtuple
 from subprocess import (PIPE, STDOUT, Popen, check_call, CalledProcessError)
 
 ###################################################################################################
@@ -28,8 +28,8 @@
 ansiEscape = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])')
 
 args = None
-dockerCmd = None
-dockerComposeCmd = None
+dockerBin = None
+dockerComposeBin = None
 
 ###################################################################################################
 try:
@@ -145,11 +145,11 @@ def start():
   # make sure the auth files exist. if we are in an interactive shell and we're
   # missing any of the auth files, prompt to create them now
   if sys.__stdin__.isatty() and (not MalcolmAuthFilesExist()):
-    check_call(['bash', os.path.join(ScriptPath, 'auth_setup.sh')])
+    check_call(['bash', os.path.join(ScriptPath, 'auth_setup')])
 
   # still missing? sorry charlie
   if (not MalcolmAuthFilesExist()):
-    raise Exception('Malcolm administrator account authentication files are missing, please run ./scripts/auth_setup.sh to generate them')
+    raise Exception('Malcolm administrator account authentication files are missing, please run ./scripts/auth_setup to generate them')
 
   # touch the metadata file
   open(os.path.join(MalcolmPath, os.path.join('htadmin', 'metadata')), 'a').close()
@@ -158,9 +158,9 @@ def start():
   if (not os.path.isfile(smtpAuthFile)):
     # create a sample smtp-auth.yaml for if/when we want to do elastalert email
     with open(smtpAuthFile, 'w') as f:
-      f.write('user: "user@gmail.com"')
-      f.write('password: "abcdefg1234567"')
-    os.chmod(smtpAuthFile, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IWGRP)
+      f.write('user: "user@gmail.com"\n')
+      f.write('password: "abcdefg1234567"\n')
+    os.chmod(smtpAuthFile, stat.S_IRUSR | stat.S_IWUSR)
 
   # make sure permissions are set correctly for the nginx worker processes
   for authFile in [os.path.join(MalcolmPath, os.path.join('nginx', 'htpasswd')),
@@ -168,7 +168,7 @@ def start():
                    os.path.join(MalcolmPath, os.path.join('htadmin', 'config.ini')),
                    os.path.join(MalcolmPath, os.path.join('htadmin', 'metadata'))]:
     # chmod 644 authFile
-    os.chmod(authFile, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IWGRP | stat.S_IROTH)
+    os.chmod(authFile, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH)
 
   # make sure some directories exist before we start
   for path in [os.path.join(MalcolmPath, 'elasticsearch'),
@@ -203,6 +203,273 @@ def start():
     eprint("\n".join(out))
     exit(err)
 
+###################################################################################################
+def authSetup(wipe=False):
+  global args
+  global dockerBin
+  global dockerComposeBin
+
+  # prompt usernamd and password
+  usernamePrevious = None
+  password = None
+  passwordConfirm = None
+  passwordEncrypted = ''
+  username = AskForString("Administrator username")
+
+  while True:
+    password = AskForPassword("{} password: ".format(username))
+    passwordConfirm = AskForPassword("{} password (again): ".format(username))
+    if (password == passwordConfirm):
+      break
+    eprint("Passwords do not match")
+
+  # get previous admin username to remove from htpasswd file if it's changed
+  authEnvFile = os.path.join(MalcolmPath, 'auth.env')
+  if os.path.isfile(authEnvFile):
+    prevAuthInfo = defaultdict(str)
+    with open(authEnvFile, 'r') as f:
+      for line in f:
+        try:
+          k, v = line.rstrip().split("=")
+          prevAuthInfo[k] = v.strip('"')
+        except:
+          pass
+    if (len(prevAuthInfo['MALCOLM_USERNAME']) > 0):
+      usernamePrevious = prevAuthInfo['MALCOLM_USERNAME']
+
+  # get openssl hash of password
+  err, out = run_process(['openssl', 'passwd', '-1', '-stdin'], stdin=password, stderr=False, debug=args.debug)
+  if (err == 0) and (len(out) > 0) and (len(out[0]) > 0):
+    passwordEncrypted = out[0]
+  else:
+    raise Exception('Unable to generate password hash with openssl')
+
+  # write auth.env (used by htadmin and file-upload containers)
+  with open(authEnvFile, 'w') as f:
+    f.write("# Malcolm Administrator username and encrypted password for nginx reverse proxy (and upload server's SFTP access)\n")
+    f.write('MALCOLM_USERNAME={}\n'.format(username))
+    f.write('MALCOLM_PASSWORD={}\n'.format(passwordEncrypted))
+  os.chmod(authEnvFile, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH)
+
+  # create or update the htpasswd file
+  htpasswdFile = os.path.join(MalcolmPath, os.path.join('nginx', 'htpasswd'))
+  htpasswdCmd = ['htpasswd',
+                 '-i',
+                 '-B',
+                 htpasswdFile,
+                 username]
+  if not os.path.isfile(htpasswdFile):
+    htpasswdCmd.insert(1, '-c')
+  err, out = run_process(htpasswdCmd, stdin=password, stderr=True, debug=args.debug)
+  if (err != 0):
+    raise Exception('Unable to generate htpasswd file: {}'.format(out))
+
+  # if the admininstrator username has changed, remove the previous administrator username from htpasswd
+  if (usernamePrevious is not None) and (usernamePrevious != username):
+    htpasswdLines = list()
+    with open(htpasswdFile, 'r') as f:
+      htpasswdLines = f.readlines()
+    with open(htpasswdFile, 'w') as f:
+      for line in htpasswdLines:
+        if not line.startswith("{}:".format(usernamePrevious)):
+          f.write(line)
+
+  # configure default LDAP stuff (they'll have to edit it by hand later)
+  ldapConfFile = os.path.join(MalcolmPath, os.path.join('nginx', 'nginx_ldap.conf'))
+  if not os.path.isfile(ldapConfFile):
+    ldapDefaults = defaultdict(str)
+    if os.path.isfile(os.path.join(MalcolmPath, '.ldap_config_defaults')):
+      ldapDefaults = defaultdict(str)
+      with open(os.path.join(MalcolmPath, '.ldap_config_defaults'), 'r') as f:
+        for line in f:
+          try:
+            k, v = line.rstrip().split("=")
+            ldapDefaults[k] = v.strip('"')
+          except:
+            pass
+    ldapProto = ldapDefaults.get("LDAP_PROTO", "ldap://")
+    ldapHost = ldapDefaults.get("LDAP_HOST", "ds.example.com")
+    ldapPort = ldapDefaults.get("LDAP_PORT", "3268")
+    ldapType = ldapDefaults.get("LDAP_SERVER_TYPE", "winldap")
+    if (ldapType == "openldap"):
+      ldapUri = 'DC=example,DC=com?uid?sub?(objectClass=posixAccount)'
+      ldapGroupAttr = "memberuid"
+    else:
+      ldapUri = 'DC=example,DC=com?sAMAccountName?sub?(objectClass=person)'
+      ldapGroupAttr = "member"
+    with open(ldapConfFile, 'w') as f:
+      f.write('# This is a sample configuration for the ldap_server section of nginx.conf.\n')
+      f.write('# Yours will vary depending on how your Active Directory/LDAP server is configured.\n')
+      f.write('# See https://github.com/kvspb/nginx-auth-ldap#available-config-parameters for options.\n\n')
+      f.write('ldap_server ad_server {\n')
+      f.write('  url "{}{}:{}/{}";\n\n'.format(ldapProto, ldapHost, ldapPort, ldapUri))
+      f.write('  binddn "bind_dn";\n')
+      f.write('  binddn_passwd "bind_dn_password";\n\n')
+      f.write('  group_attribute {};\n'.format(ldapGroupAttr))
+      f.write('  group_attribute_is_dn on;\n')
+      f.write('  require group "CN=malcolm,OU=groups,DC=example,DC=com";\n')
+      f.write('  require valid_user;\n')
+      f.write('  satisfy all;\n')
+      f.write('}\n\n')
+      f.write('auth_ldap_cache_enabled on;\n')
+      f.write('auth_ldap_cache_expiration_time 10000;\n')
+      f.write('auth_ldap_cache_size 1000;\n')
+    os.chmod(ldapConfFile, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH)
+
+  # populate htadmin config file
+  with open(os.path.join(MalcolmPath, os.path.join('htadmin', 'config.ini')), 'w') as f:
+    f.write('; HTAdmin config file.\n\n')
+    f.write('[application]\n')
+    f.write('; Change this to customize your title:\n')
+    f.write('app_title = Malcolm User Management\n\n')
+    f.write('; htpasswd file\n')
+    f.write('secure_path  = ./config/htpasswd\n')
+    f.write('; metadata file\n')
+    f.write('metadata_path  = ./config/metadata\n\n')
+    f.write('; administrator user/password (htpasswd -b -c -B ...)\n')
+    f.write('admin_user = {}\n\n'.format(username))
+    f.write('; username field quality checks\n')
+    f.write(';\n')
+    f.write('min_username_len = 4\n')
+    f.write('max_username_len = 12\n\n')
+    f.write('; Password field quality checks\n')
+    f.write(';\n')
+    f.write('min_password_len = 6\n')
+    f.write('max_password_len = 20\n\n')
+
+  # touch the metadata file
+  open(os.path.join(MalcolmPath, os.path.join('htadmin', 'metadata')), 'a').close()
+
+  # create a sample smtp-auth.yaml for if/when we want to do elastalert email
+  smtpAuthFile = os.path.join(MalcolmPath, os.path.join('elastalert', os.path.join('config', 'smtp-auth.yaml')))
+  if not os.path.isfile(smtpAuthFile):
+    with open(smtpAuthFile, 'w') as f:
+      f.write('user: "user@gmail.com"\n')
+      f.write('password: "abcdefg1234567"\n')
+    os.chmod(smtpAuthFile, stat.S_IRUSR | stat.S_IWUSR)
+
+  # generate HTTPS self-signed certificates
+  if YesOrNo('(Re)generate self-signed certificates for HTTPS access', default=True):
+    os.chdir(os.path.join(MalcolmPath, os.path.join('nginx', 'certs')))
+    try:
+
+      # remove previous files
+      for oldfile in glob.glob("*.pem"):
+        os.remove(oldfile)
+
+      # generate dhparam
+      err, out = run_process(['openssl', 'dhparam', '-out', 'dhparam.pem', '2048'], stderr=True, debug=args.debug)
+      if (err != 0):
+        raise Exception('Unable to generate dhparam.pem file: {}'.format(out))
+
+      # generate key/cert
+      err, out = run_process(['openssl', 'req', '-subj', '/CN=localhost', '-x509', '-newkey', 'rsa:4096', '-nodes', '-keyout', 'key.pem', '-out', 'cert.pem', '-days', '3650'], stderr=True, debug=args.debug)
+      if (err != 0):
+        raise Exception('Unable to generate key.pem/cert.pem file(s): {}'.format(out))
+
+    finally:
+      os.chdir(MalcolmPath)
+
+  # generate beats/logstash self-signed certificates
+  logstashPath = os.path.join(MalcolmPath, os.path.join('logstash', 'certs'))
+  filebeatPath = os.path.join(MalcolmPath, os.path.join('filebeat', 'certs'))
+  if YesOrNo('(Re)generate self-signed certificates for a remote log forwarder', default=True):
+    os.chdir(logstashPath)
+    try:
+
+      # make clean to clean previous files
+      err, out = run_process(['make', 'clean'], stderr=True, debug=args.debug)
+      if (err != 0):
+        raise Exception('Unable to generate clean remote log forwarder certificates: {}'.format(out))
+
+      # make to generate new files
+      err, out = run_process(['make'], stderr=True, debug=args.debug)
+      if (err != 0):
+        raise Exception('Unable to generate remote log forwarder certificates: {}'.format(out))
+
+      # generate filebeat/certs if it doesn't exist
+      try:
+        os.makedirs(filebeatPath)
+      except OSError as exc:
+        if (exc.errno == errno.EEXIST) and os.path.isdir(filebeatPath):
+          pass
+        else:
+          raise
+
+      # remove any leftover files in filebeat/certs
+      for oldfile in glob.glob(os.path.join(filebeatPath, "*")):
+        os.remove(oldfile)
+
+      # copy the ca so logstasn and filebeat both have it
+      shutil.copy2(os.path.join(logstashPath, "ca.crt"), filebeatPath)
+
+      # move the client certs for filebeat
+      for f in ['client.key', 'client.crt']:
+        shutil.move(os.path.join(logstashPath, f), filebeatPath)
+
+      # remove leftovers
+      for pat in ['*.srl', '*.csr', '*.pem']:
+        for f in glob.glob(pat):
+          os.remove(f)
+
+    finally:
+      os.chdir(MalcolmPath)
+
+  # create and populate keystore for remote
+  if YesOrNo('Store username/password for forwarding Logstash events to a secondary, external Elasticsearch instance', default=True):
+
+    # prompt usernamd and password
+    esPassword = None
+    esPasswordConfirm = None
+    esUsername = AskForString("External Elasticsearch username")
+
+    while True:
+      esPassword = AskForPassword("{} password: ".format(esUsername))
+      esPasswordConfirm = AskForPassword("{} password (again): ".format(esUsername))
+      if (esPassword == esPasswordConfirm):
+        break
+      eprint("Passwords do not match")
+
+    # use the logstash image to run set_es_external_keystore to generate the keystore
+
+    logstashImage = None
+    composeFileLines = list()
+    with open(args.composeFile, 'r') as f:
+      composeFileLines = [x for x in f.readlines() if 'image: malcolmnetsec/logstash' in x]
+    if (len(composeFileLines) > 0) and (len(composeFileLines[0]) > 0):
+      imageLineValues = composeFileLines[0].split()
+      if (len(imageLineValues) > 1):
+        logstashImage = imageLineValues[1]
+
+    if logstashImage is not None:
+      os.chdir(logstashPath)
+      try:
+        if os.path.isfile('logstash.keystore'):
+          os.remove('logstash.keystore')
+
+        dockerCmd = [dockerBin,
+                     'run',
+                     '--rm',
+                     '--entrypoint',
+                     '/bin/bash',
+                     '-v', '{}:/usr/share/logstash/config:rw'.format(logstashPath),
+                     '-w', '/usr/share/logstash/config',
+                     '-u', 'logstash',
+                     '-e', 'EXT_USERNAME={}'.format(esUsername),
+                     '-e', 'EXT_PASSWORD={}'.format(esPassword),
+                     logstashImage,
+                     '/usr/local/bin/set_es_external_keystore.sh']
+
+        err, out = run_process(dockerCmd, stderr=True, debug=args.debug)
+        if (err != 0) or not os.path.isfile('logstash.keystore'):
+          raise Exception('Unable to generate logstash keystore: {}'.format(out))
+
+      finally:
+        os.chdir(MalcolmPath)
+    else:
+      raise Exception('Failed to determine logstash image from {}'.format(args.composeFile))
+
+
 ###################################################################################################
 # main
 def main():
@@ -220,6 +487,7 @@ def main():
   parser.add_argument('--restart', dest='cmdRestart', type=str2bool, nargs='?', const=True, default=False, help="Stop and restart Malcolm")
   parser.add_argument('--stop', dest='cmdStop', type=str2bool, nargs='?', const=True, default=False, help="Stop Malcolm")
   parser.add_argument('--wipe', dest='cmdWipe', type=str2bool, nargs='?', const=True, default=False, help="Stop Malcolm and delete all data")
+  parser.add_argument('--auth', dest='cmdAuthSetup', type=str2bool, nargs='?', const=True, default=False, help="Configure Malcolm authentication")
 
   try:
     parser.error = parser.exit
@@ -236,6 +504,9 @@ def main():
   else:
     sys.tracebacklimit = 0
 
+  if not os.path.isabs(args.composeFile):
+    args.composeFile = os.path.join(MalcolmPath, args.composeFile)
+
   os.chdir(MalcolmPath)
 
   # make sure docker/docker-compose is available
@@ -260,11 +531,17 @@ def main():
       args.cmdStop = True
     elif (ScriptName == "wipe"):
       args.cmdWipe = True
+    elif (ScriptName.startswith("auth")):
+      args.cmdAuthSetup = True
 
   # stop Malcolm (and wipe data if requestsed)
   if args.cmdRestart or args.cmdStop or args.cmdWipe:
     stop(wipe=args.cmdWipe)
 
+  # configure Malcolm authentication
+  if args.cmdAuthSetup:
+    authSetup()
+
   # start Malcolm
   if args.cmdStart or args.cmdRestart:
     start()
diff --git a/scripts/logs b/scripts/logs
index 1bc304a1e..c910cf9d6 120000
--- a/scripts/logs
+++ b/scripts/logs
@@ -1 +1 @@
-control.py
\ No newline at end of file
+./control.py
\ No newline at end of file
diff --git a/scripts/logs.sh b/scripts/logs.sh
deleted file mode 100755
index 4153a8535..000000000
--- a/scripts/logs.sh
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/bash
-
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
-
-if [ -z "$BASH_VERSION" ]; then
-  echo "Wrong interpreter, please run \"$0\" with bash"
-  exit 1
-fi
-
-[[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
-[[ "$(uname -s)" = 'Darwin' ]] && DIRNAME=gdirname || DIRNAME=dirname
-[[ "$(uname -s)" = 'Darwin' ]] && GREP=ggrep || GREP=grep
-if ! (type "$REALPATH" && type "$DIRNAME" && type "$GREP") > /dev/null; then
-  echo "$(basename "${BASH_SOURCE[0]}") requires $REALPATH and $DIRNAME and $GREP"
-  exit 1
-fi
-
-if docker-compose version >/dev/null 2>&1; then
-  DOCKER_COMPOSE_BIN=docker-compose
-elif $GREP -q Microsoft /proc/version && docker-compose.exe version >/dev/null 2>&1; then
-  DOCKER_COMPOSE_BIN=docker-compose.exe
-fi
-
-# if the docker-compose config file was specified, use it, otherwise
-# let docker-compose figure it out
-if [ "$1" ]; then
-  CONFIG_FILE="$1"
-  DOCKER_COMPOSE_COMMAND="$DOCKER_COMPOSE_BIN -f "$CONFIG_FILE""
-else
-  CONFIG_FILE="docker-compose.yml"
-  DOCKER_COMPOSE_COMMAND="$DOCKER_COMPOSE_BIN"
-fi
-
-# force-navigate to Malcolm base directory (parent of scripts/ directory)
-SCRIPT_PATH="$($DIRNAME $($REALPATH -e "${BASH_SOURCE[0]}"))"
-pushd "$SCRIPT_PATH/.." >/dev/null 2>&1
-BASE_PATH=`pwd`;
-
-# tail logs
-$DOCKER_COMPOSE_COMMAND ps
-echo ""
-IGNORE_LOG_TEXT="(deprecated|eshealth|update_mapping|throttling index|but no there are no living connections|saved_objects|\b(d|es)?stats\.json|\/_ns_\/nstest\.html|esindices\/list|_cat\/indices|use_field_mapping|reaped unknown pid|Successfully handled GET request for '/'|GET /(_cat/health|api/status|sessions2-).+HTTP/[\d\.].+\b200\b|POST /(d?stats/d?stat|_bulk|fields/field/_search).+HTTP/[\d\.].+\b20[01]\b|POST  HTTP/[\d\.].+\b200\b|POST\s+/server/php/\s+HTTP/\d+\.\d+\"\s+\d+\s+\d+.*:8443/|kibana.+curl.+localhost.+GET /api/status 200)"
-
-$DOCKER_COMPOSE_COMMAND logs -f | $GREP --line-buffered -Piv "$IGNORE_LOG_TEXT"
-
-echo ""
-
-popd >/dev/null 2>&1
diff --git a/scripts/malcolm_appliance_packager.sh b/scripts/malcolm_appliance_packager.sh
index 6284f7a01..818c5adf9 100755
--- a/scripts/malcolm_appliance_packager.sh
+++ b/scripts/malcolm_appliance_packager.sh
@@ -84,7 +84,6 @@ if mkdir "$DESTDIR"; then
   cp $VERBOSE ./auth.env "$DESTDIR/"
   cp $VERBOSE ./cidr-map.txt "$DESTDIR/"
   cp $VERBOSE ./host-map.txt "$DESTDIR/"
-  cp $VERBOSE ./scripts/auth_setup.sh "$DESTDIR/scripts/"
   cp $VERBOSE ./scripts/install.py "$DESTDIR/scripts/"
   cp $VERBOSE ./scripts/control.py "$DESTDIR/scripts/"
   cp $VERBOSE ./scripts/malcolm_common.py "$DESTDIR/scripts/"
@@ -101,9 +100,10 @@ if mkdir "$DESTDIR"; then
   ln -s ./control.py restart
   ln -s ./control.py wipe
   ln -s ./control.py logs
+  ln -s ./control.py auth_setup
   popd  >/dev/null 2>&1
   echo "You must set an administrator username and password for Malcolm, and self-signed X.509 certificates will be generated"
-  ./scripts/auth_setup.sh
+  ./scripts/auth_setup
   rm -rf logstash/certs/ca.key
   pushd .. >/dev/null 2>&1
   DESTNAME="$RUN_PATH/$(basename $DESTDIR).tar.gz"
@@ -135,12 +135,12 @@ if mkdir "$DESTDIR"; then
   echo "" | tee -a "$README"
   echo "To start, stop, restart, etc. Malcolm:" | tee -a "$README"
   echo "  Use the control scripts in the \"scripts/\" directory:" | tee -a "$README"
-  echo "   - start.sh      (start Malcolm)" | tee -a "$README"
-  echo "   - stop.sh       (stop Malcolm)" | tee -a "$README"
-  echo "   - restart.sh    (restart Malcolm)" | tee -a "$README"
-  echo "   - logs.sh       (monitor Malcolm logs)" | tee -a "$README"
-  echo "   - wipe.sh       (stop Malcolm and clear its database)" | tee -a "$README"
-  echo "   - auth_setup.sh (change authentication-related settings)" | tee -a "$README"
+  echo "   - start       (start Malcolm)" | tee -a "$README"
+  echo "   - stop        (stop Malcolm)" | tee -a "$README"
+  echo "   - restart     (restart Malcolm)" | tee -a "$README"
+  echo "   - logs        (monitor Malcolm logs)" | tee -a "$README"
+  echo "   - wipe        (stop Malcolm and clear its database)" | tee -a "$README"
+  echo "   - auth_setup  (change authentication-related settings)" | tee -a "$README"
   echo "" | tee -a "$README"
   echo "A minute or so after starting Malcolm, the following services will be accessible:" | tee -a "$README"
   echo "  - Moloch: https://localhost/" | tee -a "$README"
diff --git a/scripts/malcolm_common.py b/scripts/malcolm_common.py
index 77fb81f64..4b520a6a7 100644
--- a/scripts/malcolm_common.py
+++ b/scripts/malcolm_common.py
@@ -115,6 +115,12 @@ def AskForString(question, default=None, forceInteraction=False, acceptDefault=F
 
   return reply
 
+###################################################################################################
+# get interactive password (without echoing)
+def AskForPassword(prompt):
+  reply = getpass.getpass(prompt=prompt)
+  return reply
+
 ###################################################################################################
 # convenient boolean argument parsing
 def str2bool(v):
diff --git a/scripts/restart b/scripts/restart
index 1bc304a1e..c910cf9d6 120000
--- a/scripts/restart
+++ b/scripts/restart
@@ -1 +1 @@
-control.py
\ No newline at end of file
+./control.py
\ No newline at end of file
diff --git a/scripts/restart.sh b/scripts/restart.sh
deleted file mode 100755
index decc61162..000000000
--- a/scripts/restart.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
-
-if [ -z "$BASH_VERSION" ]; then
-  echo "Wrong interpreter, please run \"$0\" with bash"
-  exit 1
-fi
-
-if docker-compose version >/dev/null 2>&1; then
-  DOCKER_COMPOSE_BIN=docker-compose
-elif grep -q Microsoft /proc/version && docker-compose.exe version >/dev/null 2>&1; then
-  DOCKER_COMPOSE_BIN=docker-compose.exe
-fi
-
-# if the docker-compose config file was specified, use it, otherwise
-# let docker-compose figure it out
-if [ "$1" ]; then
-  CONFIG_FILE="$1"
-  DOCKER_COMPOSE_COMMAND="$DOCKER_COMPOSE_BIN -f "$CONFIG_FILE""
-else
-  CONFIG_FILE="docker-compose.yml"
-  DOCKER_COMPOSE_COMMAND="$DOCKER_COMPOSE_BIN"
-fi
-
-# force-navigate to Malcolm base directory (parent of scripts/ directory)
-[[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
-[[ "$(uname -s)" = 'Darwin' ]] && DIRNAME=gdirname || DIRNAME=dirname
-if ! (type "$REALPATH" && type "$DIRNAME") > /dev/null; then
-  echo "$(basename "${BASH_SOURCE[0]}") requires $REALPATH and $DIRNAME"
-  exit 1
-fi
-SCRIPT_PATH="$($DIRNAME $($REALPATH -e "${BASH_SOURCE[0]}"))"
-pushd "$SCRIPT_PATH/.." >/dev/null 2>&1
-
-# stop Malcolm if needed
-$SCRIPT_PATH/stop.sh "$CONFIG_FILE"
-
-# start Malcolm
-$SCRIPT_PATH/start.sh "$CONFIG_FILE"
-
-popd >/dev/null 2>&1
diff --git a/scripts/start b/scripts/start
index 1bc304a1e..c910cf9d6 120000
--- a/scripts/start
+++ b/scripts/start
@@ -1 +1 @@
-control.py
\ No newline at end of file
+./control.py
\ No newline at end of file
diff --git a/scripts/start.sh b/scripts/start.sh
deleted file mode 100755
index 7ebac3af1..000000000
--- a/scripts/start.sh
+++ /dev/null
@@ -1,96 +0,0 @@
-#!/bin/bash
-
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
-
-if [ -z "$BASH_VERSION" ]; then
-  echo "Wrong interpreter, please run \"$0\" with bash"
-  exit 1
-fi
-
-if docker-compose version >/dev/null 2>&1; then
-  DOCKER_COMPOSE_BIN=docker-compose
-elif grep -q Microsoft /proc/version && docker-compose.exe version >/dev/null 2>&1; then
-  DOCKER_COMPOSE_BIN=docker-compose.exe
-fi
-
-# if the docker-compose config file was specified, use it, otherwise
-# let docker-compose figure it out
-if [ "$1" ]; then
-  CONFIG_FILE="$1"
-  DOCKER_COMPOSE_COMMAND="$DOCKER_COMPOSE_BIN -f "$CONFIG_FILE""
-else
-  CONFIG_FILE="docker-compose.yml"
-  DOCKER_COMPOSE_COMMAND="$DOCKER_COMPOSE_BIN"
-fi
-
-# force-navigate to Malcolm base directory (parent of scripts/ directory)
-[[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
-[[ "$(uname -s)" = 'Darwin' ]] && DIRNAME=gdirname || DIRNAME=dirname
-if ! (type "$REALPATH" && type "$DIRNAME") > /dev/null; then
-  echo "$(basename "${BASH_SOURCE[0]}") requires $REALPATH and $DIRNAME"
-  exit 1
-fi
-SCRIPT_PATH="$($DIRNAME $($REALPATH -e "${BASH_SOURCE[0]}"))"
-pushd "$SCRIPT_PATH/.." >/dev/null 2>&1
-
-# if we are in an interactive shell and we're missing any of the auth files, prompt to create them now
-# ( another way to check this: [[ "${-}" =~ 'i' ]] )
-if [[ -t 1 ]] && \
-   ( [[ ! -f ./nginx/htpasswd ]] || [[ ! -f ./nginx/nginx_ldap.conf ]] || [[ ! -f ./htadmin/config.ini ]] || [[ ! -f ./nginx/certs/cert.pem ]] || [[ ! -f ./nginx/certs/key.pem ]] || [[ ! -r ./auth.env ]] )
-then
-  echo "Malcolm administrator account authentication files are missing, running ./scripts/auth_setup.sh..."
-  ./scripts/auth_setup.sh
-fi
-# still missing? sorry charlie
-if [[ ! -f ./nginx/htpasswd ]] || [[ ! -f ./nginx/nginx_ldap.conf ]] || [[ ! -f ./htadmin/config.ini ]] || [[ ! -f ./nginx/certs/cert.pem ]] || [[ ! -f ./nginx/certs/key.pem ]] || [[ ! -r ./auth.env ]]; then
-  echo "Malcolm administrator account authentication files are missing, please run ./scripts/auth_setup.sh to generate them"
-  exit 1
-fi
-
-[[ -f ./htadmin/metadata ]] || touch ./htadmin/metadata
-
-if [[ ! -f ./elastalert/config/smtp-auth.yaml ]]; then
-  # create a sample smtp-auth.yaml for if/when we want to do elastalert email
-  pushd ./elastalert/config/ >/dev/null 2>&1
-  cat <<EOF > smtp-auth.yaml
-user: "user@gmail.com"
-password: "abcdefg1234567"
-EOF
-  chmod 600 ./smtp-auth.yaml
-  popd >/dev/null 2>&1
-fi
-
-# make sure a read permission is set correctly for the nginx worker processes
-chmod 644 ./nginx/htpasswd ./nginx/nginx_ldap.conf ./htadmin/config.ini ./htadmin/metadata >/dev/null 2>&1
-
-# make sure some directories exist before we start
-mkdir -p ./elasticsearch/
-mkdir -p ./elasticsearch-backup/
-mkdir -p ./pcap/upload/
-mkdir -p ./pcap/processed/
-mkdir -p ./zeek-logs/current/
-mkdir -p ./zeek-logs/upload/
-mkdir -p ./zeek-logs/processed/
-mkdir -p ./zeek-logs/extract_files/
-
-# start docker
-if $DOCKER_COMPOSE_COMMAND up --detach ; then
-  echo ""
-  echo "In a few minutes, Malcolm services will be accessible via the following URLs:"
-  echo "------------------------------------------------------------------------------"
-  echo "  - Moloch: https://localhost/"
-  echo "  - Kibana: https://localhost/kibana/"
-  echo "  - PCAP Upload (web): https://localhost/upload/"
-  echo "  - PCAP Upload (sftp): sftp://username@127.0.0.1:8022/files/"
-  echo "  - Account management: https://localhost:488/"
-  echo ""
-
-  $SCRIPT_PATH/logs.sh "$CONFIG_FILE"
-
-else
-  DOCKER_ERROR=$?
-  echo "Malcolm failed to start"
-  exit $DOCKER_ERROR
-fi
-
-popd >/dev/null 2>&1
diff --git a/scripts/stop b/scripts/stop
index 1bc304a1e..c910cf9d6 120000
--- a/scripts/stop
+++ b/scripts/stop
@@ -1 +1 @@
-control.py
\ No newline at end of file
+./control.py
\ No newline at end of file
diff --git a/scripts/stop.sh b/scripts/stop.sh
deleted file mode 100755
index cc0f3037e..000000000
--- a/scripts/stop.sh
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/bash
-
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
-
-if [ -z "$BASH_VERSION" ]; then
-  echo "Wrong interpreter, please run \"$0\" with bash"
-  exit 1
-fi
-
-if docker-compose version >/dev/null 2>&1; then
-  DOCKER_COMPOSE_BIN=docker-compose
-elif grep -q Microsoft /proc/version && docker-compose.exe version >/dev/null 2>&1; then
-  DOCKER_COMPOSE_BIN=docker-compose.exe
-fi
-
-# if the docker-compose config file was specified, use it, otherwise
-# let docker-compose figure it out
-if [ "$1" ]; then
-  CONFIG_FILE="$1"
-  DOCKER_COMPOSE_COMMAND="$DOCKER_COMPOSE_BIN -f "$CONFIG_FILE""
-else
-  CONFIG_FILE="docker-compose.yml"
-  DOCKER_COMPOSE_COMMAND="$DOCKER_COMPOSE_BIN"
-fi
-
-# if stop.sh is being called with wipe.sh (after the docker-compose file)
-# then also remove named and anonymous volumes (not external volumes, of course)
-if [ "$2" == "wipe" ]; then
-  VOLUMES_FLAG="--volumes"
-else
-  VOLUMES_FLAG=""
-fi
-
-# force-navigate to Malcolm base directory (parent of scripts/ directory)
-[[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
-[[ "$(uname -s)" = 'Darwin' ]] && DIRNAME=gdirname || DIRNAME=dirname
-if ! (type "$REALPATH" && type "$DIRNAME") > /dev/null; then
-  echo "$(basename "${BASH_SOURCE[0]}") requires $REALPATH and $DIRNAME"
-  exit 1
-fi
-SCRIPT_PATH="$($DIRNAME $($REALPATH -e "${BASH_SOURCE[0]}"))"
-pushd "$SCRIPT_PATH/.." >/dev/null 2>&1
-
-# stop docker
-if $DOCKER_COMPOSE_COMMAND down $VOLUMES_FLAG ; then
-  echo "Stopped Malcolm"
-  echo ""
-else
-  DOCKER_ERROR=$?
-  echo "Malcolm failed to stop"
-  echo ""
-  $DOCKER_COMPOSE_COMMAND ps
-  exit $DOCKER_ERROR
-fi
-
-popd >/dev/null 2>&1
diff --git a/scripts/wipe.sh b/scripts/wipe.sh
deleted file mode 100755
index f5624416f..000000000
--- a/scripts/wipe.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/bash
-
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
-
-if [ -z "$BASH_VERSION" ]; then
-  echo "Wrong interpreter, please run \"$0\" with bash"
-  exit 1
-fi
-
-[[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
-[[ "$(uname -s)" = 'Darwin' ]] && DIRNAME=gdirname || DIRNAME=dirname
-[[ "$(uname -s)" = 'Darwin' ]] && FIND=gfind || FIND=find
-if ! (type "$REALPATH" && type "$DIRNAME" && type "$FIND") > /dev/null; then
-  echo "$(basename "${BASH_SOURCE[0]}") requires $REALPATH and $DIRNAME and $FIND"
-  exit 1
-fi
-
-if docker-compose version >/dev/null 2>&1; then
-  DOCKER_COMPOSE_BIN=docker-compose
-elif grep -q Microsoft /proc/version && docker-compose.exe version >/dev/null 2>&1; then
-  DOCKER_COMPOSE_BIN=docker-compose.exe
-fi
-
-# if the docker-compose config file was specified, use it, otherwise
-# let docker-compose figure it out
-if [ "$1" ]; then
-  CONFIG_FILE="$1"
-  DOCKER_COMPOSE_COMMAND="$DOCKER_COMPOSE_BIN -f "$CONFIG_FILE""
-else
-  CONFIG_FILE="docker-compose.yml"
-  DOCKER_COMPOSE_COMMAND="$DOCKER_COMPOSE_BIN"
-fi
-
-# force-navigate to Malcolm base directory (parent of scripts/ directory)
-SCRIPT_PATH="$($DIRNAME $($REALPATH -e "${BASH_SOURCE[0]}"))"
-pushd "$SCRIPT_PATH/.." >/dev/null 2>&1
-
-# attempt to DELETE _template/zeek_template in Elasticsearch
-$DOCKER_COMPOSE_COMMAND exec moloch bash -c 'curl -fs --output /dev/null -H"Content-Type: application/json" -XDELETE "http://$ES_HOST:$ES_PORT/_template/zeek_template"' >/dev/null 2>&1
-
-# stop Malcolm and remove volumes if needed
-$SCRIPT_PATH/stop.sh "$CONFIG_FILE" wipe
-
-# completely clean out elasticsearch database and local files
-rm -rf ./elasticsearch/nodes 2>/dev/null
-$FIND ./elasticsearch-backup/ ./zeek-logs/ ./moloch-logs/ ./pcap/ ./moloch-raw/ \( \( -type f -o -type l \) -a ! -name ".gitignore" \) -delete 2>/dev/null
-$FIND ./elasticsearch-backup/logs/ ./zeek-logs/processed/ ./zeek-logs/current/ -mindepth 1 -type d -delete 2>/dev/null
-
-echo "Malcolm has been stopped and its data cleared."
-echo ""
-
-popd >/dev/null 2>&1
diff --git a/sensor-iso/README.md b/sensor-iso/README.md
index f5aea7a18..8d2f4d891 100644
--- a/sensor-iso/README.md
+++ b/sensor-iso/README.md
@@ -238,7 +238,7 @@ If **SSL** is chosen, you must choose whether to enable [SSL certificate verific
 
 ![Unencrypted vs. SSL encryption for Zeek log forwarding](./docs/images/filebeat_ssl_verify.png)
 
-The last step for SSL-encrypted Zeek log forwarding is to specify the SSL certificate authority, certificate, and key files. These files must match those used by the Logstash instance receiving the Zeek logs on the aggregator. If Malcolm's `auth_setup.sh` script was used to generate these files they would be found in the `filebeat/certs/` subdirectory of the Malcolm installation and must be manually copied to the sensor (stored under `/opt/sensor/sensor_ctl/filebeat/` or in any other path accessible to the sensor account). Specify the location of the certificate authorities file (eg., `ca.crt`), the certificate file (eg., `client.crt`), and the key file (eg., `client.key`).
+The last step for SSL-encrypted Zeek log forwarding is to specify the SSL certificate authority, certificate, and key files. These files must match those used by the Logstash instance receiving the Zeek logs on the aggregator. If Malcolm's `auth_setup` script was used to generate these files they would be found in the `filebeat/certs/` subdirectory of the Malcolm installation and must be manually copied to the sensor (stored under `/opt/sensor/sensor_ctl/filebeat/` or in any other path accessible to the sensor account). Specify the location of the certificate authorities file (eg., `ca.crt`), the certificate file (eg., `client.crt`), and the key file (eg., `client.key`).
 
 ![SSL certificate files](./docs/images/filebeat_certs.png)
 

From 59384aeee86ff8998df084f77818517001724b07 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 22 Jan 2020 13:18:27 -0700
Subject: [PATCH 022/183] more work on auth_setup

---
 logstash/certs/Makefile | 24 ---------------
 scripts/control.py      | 67 +++++++++++++++++++++++++++++++----------
 2 files changed, 51 insertions(+), 40 deletions(-)
 delete mode 100644 logstash/certs/Makefile

diff --git a/logstash/certs/Makefile b/logstash/certs/Makefile
deleted file mode 100644
index 306b63c81..000000000
--- a/logstash/certs/Makefile
+++ /dev/null
@@ -1,24 +0,0 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
-
-# one may wish to consider not using self-signed certificates in production
-
-all: ca server client
-
-ca:
-	openssl genrsa -out ca.key 2048
-	openssl req -x509 -new -nodes -key ca.key -sha256 -days 9999 -subj /C=US/ST=ID/O=sensor/OU=ca -out ca.crt
-
-server:
-	openssl genrsa -out server.key 2048
-	openssl req -sha512 -new -key server.key -out server.csr -config server.conf
-	openssl x509 -days 3650 -req -sha512 -in server.csr -CAcreateserial -CA ca.crt -CAkey ca.key -out server.crt -extensions v3_req -extfile server.conf
-	mv server.key server.key.pem && openssl pkcs8 -in server.key.pem -topk8 -nocrypt -out server.key
-
-client:
-	openssl genrsa -out client.key 2048
-	openssl req -sha512 -new -key client.key -out client.csr -config client.conf
-	openssl x509 -days 3650 -req -sha512 -in client.csr -CAcreateserial -CA ca.crt -CAkey ca.key -out client.crt -extensions v3_req -extensions usr_cert -extfile client.conf
-
-.PHONY: clean
-clean:
-	@rm -f *.key *.crt *.pem *.csr *.srl
diff --git a/scripts/control.py b/scripts/control.py
index c0cf67405..7f91da401 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -30,6 +30,7 @@
 args = None
 dockerBin = None
 dockerComposeBin = None
+opensslBin = None
 
 ###################################################################################################
 try:
@@ -208,6 +209,7 @@ def authSetup(wipe=False):
   global args
   global dockerBin
   global dockerComposeBin
+  global opensslBin
 
   # prompt usernamd and password
   usernamePrevious = None
@@ -238,7 +240,7 @@ def authSetup(wipe=False):
       usernamePrevious = prevAuthInfo['MALCOLM_USERNAME']
 
   # get openssl hash of password
-  err, out = run_process(['openssl', 'passwd', '-1', '-stdin'], stdin=password, stderr=False, debug=args.debug)
+  err, out = run_process([opensslBin, 'passwd', '-1', '-stdin'], stdin=password, stderr=False, debug=args.debug)
   if (err == 0) and (len(out) > 0) and (len(out[0]) > 0):
     passwordEncrypted = out[0]
   else:
@@ -357,13 +359,13 @@ def authSetup(wipe=False):
       for oldfile in glob.glob("*.pem"):
         os.remove(oldfile)
 
-      # generate dhparam
-      err, out = run_process(['openssl', 'dhparam', '-out', 'dhparam.pem', '2048'], stderr=True, debug=args.debug)
+      # generate dhparam -------------------------------
+      err, out = run_process([opensslBin, 'dhparam', '-out', 'dhparam.pem', '2048'], stderr=True, debug=args.debug)
       if (err != 0):
         raise Exception('Unable to generate dhparam.pem file: {}'.format(out))
 
-      # generate key/cert
-      err, out = run_process(['openssl', 'req', '-subj', '/CN=localhost', '-x509', '-newkey', 'rsa:4096', '-nodes', '-keyout', 'key.pem', '-out', 'cert.pem', '-days', '3650'], stderr=True, debug=args.debug)
+      # generate key/cert -------------------------------
+      err, out = run_process([opensslBin, 'req', '-subj', '/CN=localhost', '-x509', '-newkey', 'rsa:4096', '-nodes', '-keyout', 'key.pem', '-out', 'cert.pem', '-days', '3650'], stderr=True, debug=args.debug)
       if (err != 0):
         raise Exception('Unable to generate key.pem/cert.pem file(s): {}'.format(out))
 
@@ -378,16 +380,45 @@ def authSetup(wipe=False):
     try:
 
       # make clean to clean previous files
-      err, out = run_process(['make', 'clean'], stderr=True, debug=args.debug)
-      if (err != 0):
-        raise Exception('Unable to generate clean remote log forwarder certificates: {}'.format(out))
+      for pat in ['*.srl', '*.csr', '*.key', '*.crt', '*.pem']:
+        for oldfile in glob.glob(pat):
+          os.remove(oldfile)
 
-      # make to generate new files
-      err, out = run_process(['make'], stderr=True, debug=args.debug)
-      if (err != 0):
-        raise Exception('Unable to generate remote log forwarder certificates: {}'.format(out))
+      # -----------------------------------------------
+      # generate new ca/server/client certificates/keys
+      # ca -------------------------------
+      err, out = run_process([opensslBin, 'genrsa', '-out', 'ca.key', '2048'], stderr=True, debug=args.debug)
+      if (err != 0): raise Exception('Unable to generate ca.key: {}'.format(out))
+
+      err, out = run_process([opensslBin, 'req', '-x509', '-new', '-nodes', '-key', 'ca.key', '-sha256', '-days', '9999', '-subj', '/C=US/ST=ID/O=sensor/OU=ca', '-out', 'ca.crt'], stderr=True, debug=args.debug)
+      if (err != 0): raise Exception('Unable to generate ca.crt: {}'.format(out))
+
+      # server -------------------------------
+      err, out = run_process([opensslBin, 'genrsa', '-out', 'server.key', '2048'], stderr=True, debug=args.debug)
+      if (err != 0): raise Exception('Unable to generate server.key: {}'.format(out))
+
+      err, out = run_process([opensslBin, 'req', '-sha512', '-new', '-key', 'server.key', '-out', 'server.csr', '-config', 'server.conf'], stderr=True, debug=args.debug)
+      if (err != 0): raise Exception('Unable to generate server.csr: {}'.format(out))
+
+      err, out = run_process([opensslBin, 'x509', '-days', '3650', '-req', '-sha512', '-in', 'server.csr', '-CAcreateserial', '-CA', 'ca.crt', '-CAkey', 'ca.key', '-out', 'server.crt', '-extensions', 'v3_req', '-extfile', 'server.conf'], stderr=True, debug=args.debug)
+      if (err != 0): raise Exception('Unable to generate server.crt: {}'.format(out))
 
-      # generate filebeat/certs if it doesn't exist
+      shutil.move("server.key", "server.key.pem")
+      err, out = run_process([opensslBin, 'pkcs8', '-in', 'server.key.pem', '-topk8', '-nocrypt', '-out', 'server.key'], stderr=True, debug=args.debug)
+      if (err != 0): raise Exception('Unable to generate server.key: {}'.format(out))
+
+      # client -------------------------------
+      err, out = run_process([opensslBin, 'genrsa', '-out', 'client.key', '2048'], stderr=True, debug=args.debug)
+      if (err != 0): raise Exception('Unable to generate client.key: {}'.format(out))
+
+      err, out = run_process([opensslBin, 'req', '-sha512', '-new', '-key', 'client.key', '-out', 'client.csr', '-config', 'client.conf'], stderr=True, debug=args.debug)
+      if (err != 0): raise Exception('Unable to generate client.csr: {}'.format(out))
+
+      err, out = run_process([opensslBin, 'x509', '-days', '3650', '-req', '-sha512', '-in', 'client.csr', '-CAcreateserial', '-CA', 'ca.crt', '-CAkey', 'ca.key', '-out', 'client.crt', '-extensions', 'v3_req', '-extensions', 'usr_cert', '-extfile', 'client.conf'], stderr=True, debug=args.debug)
+      if (err != 0): raise Exception('Unable to generate client.crt: {}'.format(out))
+      # -----------------------------------------------
+
+      # mkdir filebeat/certs if it doesn't exist
       try:
         os.makedirs(filebeatPath)
       except OSError as exc:
@@ -396,7 +427,7 @@ def authSetup(wipe=False):
         else:
           raise
 
-      # remove any leftover files in filebeat/certs
+      # remove previous files in filebeat/certs
       for oldfile in glob.glob(os.path.join(filebeatPath, "*")):
         os.remove(oldfile)
 
@@ -409,8 +440,8 @@ def authSetup(wipe=False):
 
       # remove leftovers
       for pat in ['*.srl', '*.csr', '*.pem']:
-        for f in glob.glob(pat):
-          os.remove(f)
+        for oldfile in glob.glob(pat):
+          os.remove(oldfile)
 
     finally:
       os.chdir(MalcolmPath)
@@ -476,6 +507,7 @@ def main():
   global args
   global dockerBin
   global dockerComposeBin
+  global opensslBin
 
   # extract arguments from the command line
   # print (sys.argv[1:]);
@@ -519,6 +551,9 @@ def main():
   if (err != 0):
     raise Exception('{} requires docker-compose, please run install.py'.format(ScriptName))
 
+  # identify openssl binary
+  opensslBin = 'openssl.exe' if ((pyPlatform == PLATFORM_WINDOWS) and Which('openssl.exe')) else 'openssl'
+
   # if executed via a symlink, figure out what was intended via the symlink name
   if os.path.islink(os.path.join(ScriptPath, ScriptName)):
     if (ScriptName == "logs"):

From 06930a5ed8d4db5300ff0a59c69cf35c6a886070 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 22 Jan 2020 14:00:49 -0700
Subject: [PATCH 023/183] remove reference to files we're not longer using

---
 malcolm-iso/build.sh                  | 3 +--
 scripts/malcolm_appliance_packager.sh | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/malcolm-iso/build.sh b/malcolm-iso/build.sh
index 4e17f51c4..8c422a9c8 100755
--- a/malcolm-iso/build.sh
+++ b/malcolm-iso/build.sh
@@ -119,8 +119,7 @@ if [ -d "$WORKDIR" ]; then
   popd >/dev/null 2>&1
   cp ./scripts/malcolm_common.py "$MALCOLM_DEST_DIR/scripts/"
   cp ./README.md "$MALCOLM_DEST_DIR/"
-  cp ./nginx/certs/*.sh "$MALCOLM_DEST_DIR/nginx/certs/"
-  cp ./logstash/certs/Makefile ./logstash/certs/*.conf "$MALCOLM_DEST_DIR/logstash/certs/"
+  cp ./logstash/certs/*.conf "$MALCOLM_DEST_DIR/logstash/certs/"
   cp ./elastalert/config/* "$MALCOLM_DEST_DIR/elastalert/config/"
   cp ./elastalert/rules/* "$MALCOLM_DEST_DIR/elastalert/rules/" 2>/dev/null || true
   cp ./elastalert/sample-rules/* "$MALCOLM_DEST_DIR/elastalert/sample-rules/" 2>/dev/null || true
diff --git a/scripts/malcolm_appliance_packager.sh b/scripts/malcolm_appliance_packager.sh
index 818c5adf9..7c8b8f5a7 100755
--- a/scripts/malcolm_appliance_packager.sh
+++ b/scripts/malcolm_appliance_packager.sh
@@ -88,8 +88,7 @@ if mkdir "$DESTDIR"; then
   cp $VERBOSE ./scripts/control.py "$DESTDIR/scripts/"
   cp $VERBOSE ./scripts/malcolm_common.py "$DESTDIR/scripts/"
   cp $VERBOSE ./README.md "$DESTDIR/"
-  cp $VERBOSE ./nginx/certs/*.sh "$DESTDIR/nginx/certs/"
-  cp $VERBOSE ./logstash/certs/Makefile ./logstash/certs/*.conf "$DESTDIR/logstash/certs/"
+  cp $VERBOSE ./logstash/certs/*.conf "$DESTDIR/logstash/certs/"
   cp $VERBOSE ./elastalert/config/* "$DESTDIR/elastalert/config/"
   cp $VERBOSE ./elastalert/rules/* "$DESTDIR/elastalert/rules/" 2>/dev/null || true
   cp $VERBOSE ./elastalert/sample-rules/* "$DESTDIR/elastalert/sample-rules/" 2>/dev/null || true

From 90bd12ba2ab4575753e3c24a8559ccc8a7c8a8cf Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 22 Jan 2020 14:40:58 -0700
Subject: [PATCH 024/183] Revert "bump elastic to 7.5.2"

This reverts commit 440c85980b4e58064e164294ee395cf503e93487.
---
 Dockerfiles/filebeat.Dockerfile                        |  2 +-
 Dockerfiles/kibana.Dockerfile                          | 10 +++++-----
 Dockerfiles/logstash.Dockerfile                        |  2 +-
 README.md                                              |  4 ++--
 docker-compose-standalone-zeek-live.yml                |  2 +-
 docker-compose-standalone.yml                          |  2 +-
 docker-compose.yml                                     |  2 +-
 .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json          |  2 +-
 .../05e3e000-f118-11e9-acda-83a8e29e1a24.json          |  4 ++--
 .../078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json          |  2 +-
 .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json          |  2 +-
 .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json          |  2 +-
 .../0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json          |  2 +-
 .../0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json          |  2 +-
 .../11be6381-beef-40a7-bdce-88c5398392fc.json          |  2 +-
 .../11ddd980-e388-11e9-b568-cf17de8e860c.json          |  4 ++--
 .../152f29dc-51a2-4f53-93e9-6e92765567b8.json          |  4 ++--
 .../1ce42250-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json          |  2 +-
 .../29a1b290-eb98-11e9-a384-0fcf32210194.json          |  4 ++--
 .../2bec1490-eb94-11e9-a384-0fcf32210194.json          |  4 ++--
 .../2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json          |  2 +-
 .../2d98bb8e-214c-4374-837b-20e1bcd63a5e.json          |  2 +-
 .../32587740-ef88-11e9-b38a-2db3ee640e88.json          |  4 ++--
 .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json          |  2 +-
 .../37041ee1-79c0-4684-a436-3173b0e89876.json          |  2 +-
 .../39abfe30-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../42e831b9-41a9-4f35-8b7d-e1566d368773.json          |  2 +-
 .../432af556-c5c0-4cc3-8166-b274b4e3a406.json          |  2 +-
 .../4e5f106e-c60a-4226-8f64-d534abb912ab.json          |  2 +-
 .../50ced171-1b10-4c3f-8b67-2db9635661a6.json          |  2 +-
 .../543118a9-02d7-43fe-b669-b8652177fc37.json          |  2 +-
 .../55e332d0-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../60d78fbd-471c-4f59-a9e3-189b33a13644.json          |  2 +-
 .../665d1610-523d-11e9-a30e-e3576242f3ed.json          |  4 ++--
 .../76f2f912-80da-44cd-ab66-6a73c8344cc3.json          |  2 +-
 .../77fc9960-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../7f41913f-cba8-43f5-82a8-241b7ead03e0.json          |  2 +-
 .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json          |  4 ++--
 .../82da3101-2a9c-4ae2-bb61-d447a3fbe673.json          |  2 +-
 .../870a5862-6c26-4a08-99fd-0c06cda85ba3.json          |  2 +-
 .../87a32f90-ef58-11e9-974e-9d600036d105.json          |  4 ++--
 .../87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json          |  2 +-
 .../92985909-dc29-4533-9e80-d3182a0ecf1d.json          |  2 +-
 .../9ee51f94-3316-4fc5-bd89-93a52af69714.json          |  2 +-
 .../a16110b0-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../a7514350-eba6-11e9-a384-0fcf32210194.json          |  4 ++--
 .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json          |  4 ++--
 .../ae79b7d1-4281-4095-b2f6-fa7eafda9970.json          |  2 +-
 .../af5df620-eeb6-11e9-bdef-65a192b7f586.json          |  4 ++--
 .../b50c8d17-6ed3-4de6-aed4-5181032810b2.json          |  2 +-
 .../b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../bb827f8e-639e-468c-93c8-9f5bc132eb8f.json          |  2 +-
 .../bed185a0-ef82-11e9-b38a-2db3ee640e88.json          |  4 ++--
 .../caef3ade-d289-4d05-a511-149f3e97f238.json          |  2 +-
 .../d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json          |  2 +-
 .../d41fe630-3f98-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json          |  2 +-
 .../e09a4b86-29b5-4256-bb3b-802ac9f90404.json          |  2 +-
 .../e76d05c0-eb9f-11e9-a384-0fcf32210194.json          |  4 ++--
 .../ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json          |  2 +-
 .../f394057d-1b16-4174-b994-7045f423a416.json          |  2 +-
 .../f77bf097-18a8-465c-b634-eb2acc7a4f26.json          |  2 +-
 .../fa141950-ef89-11e9-b38a-2db3ee640e88.json          |  4 ++--
 .../config/hooks/normal/0910-agg-build.hook.chroot     |  2 +-
 .../Auditbeat-auditd-overview-custom.json              |  2 +-
 .../7/dashboard-custom/Filebeat-syslog-custom.json     |  2 +-
 sensor-iso/beats/Dockerfile                            |  2 +-
 sensor-iso/beats/beat-build.sh                         |  2 +-
 .../config/hooks/normal/0910-sensor-build.hook.chroot  |  2 +-
 .../Auditbeat-auditd-overview-custom.json              |  2 +-
 .../7/dashboard-custom/Filebeat-syslog-custom.json     |  2 +-
 sensor-iso/docs/Notes.md                               |  2 +-
 .../sensor_ctl/heatbeat/protologbeat.template.json     |  2 +-
 75 files changed, 103 insertions(+), 103 deletions(-)

diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile
index 43c2d4738..07a3a5226 100644
--- a/Dockerfiles/filebeat.Dockerfile
+++ b/Dockerfiles/filebeat.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/beats/filebeat-oss:7.5.2
+FROM docker.elastic.co/beats/filebeat-oss:7.5.1
 
 # Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
index 3b27ed75b..f5fb8b2a8 100644
--- a/Dockerfiles/kibana.Dockerfile
+++ b/Dockerfiles/kibana.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/kibana/kibana-oss:7.5.2
+FROM docker.elastic.co/kibana/kibana-oss:7.5.1
 
 # Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
@@ -76,7 +76,7 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     cd /tmp && \
     echo "Installing ElastAlert plugin..." && \
       unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
-      sed -i "s/7\.5\.0/7\.5\.2/g" kibana/elastalert-kibana-plugin/package.json && \
+      sed -i "s/7\.5\.0/7\.5\.1/g" kibana/elastalert-kibana-plugin/package.json && \
       zip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
       /usr/share/kibana/bin/kibana-plugin install file:///tmp/elastalert-kibana-plugin.zip --allow-root && \
       rm -f /tmp/elastalert-kibana-plugin.zip
@@ -84,14 +84,14 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     ## && \
     ## echo "Installing Swimlanes visualization..." && \
     ##  unzip kibana-swimlane.zip kibana/prelert_swimlane_vis-7.4.2/package.json && \
-    ##  sed -i "s/7\.4\.2/7\.5\.2/g" kibana/prelert_swimlane_vis-7.4.2/package.json && \
+    ##  sed -i "s/7\.4\.2/7\.5\.1/g" kibana/prelert_swimlane_vis-7.4.2/package.json && \
     ##  zip kibana-swimlane.zip kibana/prelert_swimlane_vis-7.4.2/package.json && \
     ##  /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
     ##  bash -c "find /usr/share/kibana/plugins/prelert_swimlane_vis/ -type f -exec chmod 644 '{}' \;" && \
     ##  rm -f /tmp/kibana-swimlane.zip && \
     ## echo "Installing Comments visualization..." && \
     ##   unzip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
-    ##   sed -i "s/7\.4\.0/7\.5\.2/g" kibana/kibana-comments-app-plugin/package.json && \
+    ##   sed -i "s/7\.4\.0/7\.5\.1/g" kibana/kibana-comments-app-plugin/package.json && \
     ##   zip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
     ##   /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-comments.zip --allow-root && \
     ##   rm -rf /tmp/kibana-comments.zip /tmp/kibana && \
@@ -99,7 +99,7 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     ## && \
     ## echo "Installing Milestones visualization..." && \
     ##  unzip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
-    ##  sed -i "s/7\.1\.1/7\.5\.2/g" kibana/kibana-milestones-vis/package.json && \
+    ##  sed -i "s/7\.1\.1/7\.5\.1/g" kibana/kibana-milestones-vis/package.json && \
     ##  zip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
     ##  /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-milestones.zip --allow-root && \
     ##  rm -rf /tmp/kibana-milestones.zip /tmp/kibana
diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile
index 67679418c..9d92c15da 100644
--- a/Dockerfiles/logstash.Dockerfile
+++ b/Dockerfiles/logstash.Dockerfile
@@ -42,7 +42,7 @@ RUN /bin/bash -lc "command curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -
     git clone --depth 1 https://github.com/mmguero/logstash-filter-ieee_oui.git /opt/logstash-filter-ieee_oui && \
     /bin/bash -lc "cd /opt/logstash-filter-ieee_oui && bundle install && gem build logstash-filter-ieee_oui.gemspec && bundle info logstash-filter-ieee_oui"
 
-FROM docker.elastic.co/logstash/logstash-oss:7.5.2
+FROM docker.elastic.co/logstash/logstash-oss:7.5.1
 USER root
 
 COPY --from=build /opt/logstash-filter-ieee_oui /opt/logstash-filter-ieee_oui
diff --git a/README.md b/README.md
index 68e10b820..17617869e 100644
--- a/README.md
+++ b/README.md
@@ -139,7 +139,7 @@ malcolmnetsec/curator                               1.9.0               xxxxxxxx
 malcolmnetsec/nginx-proxy                           1.9.0               xxxxxxxxxxxx        29 minutes ago      54.5MB
 malcolmnetsec/elastalert                            1.9.0               xxxxxxxxxxxx        30 minutes ago      276MB
 malcolmnetsec/htadmin                               1.9.0               xxxxxxxxxxxx        31 minutes ago      256MB
-docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.2               xxxxxxxxxxxx        5 weeks ago         825MB
+docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         825MB
 ```
 
 You must run [`auth_setup`](#AuthSetup) prior to running `docker-compose pull`. You should also ensure your system configuration and `docker-compose.yml` settings are tuned by running `./scripts/install.py` or `./scripts/install.py --configure` (see [System configuration and tuning](#ConfigAndTuning)).
@@ -1763,7 +1763,7 @@ malcolmnetsec/curator                               1.9.0               xxxxxxxx
 malcolmnetsec/kibana-oss                            1.9.0               xxxxxxxxxxxx        33 hours ago        944MB
 malcolmnetsec/filebeat-oss                          1.9.0               xxxxxxxxxxxx        11 days ago         459MB
 malcolmnetsec/elastalert                            1.9.0               xxxxxxxxxxxx        11 days ago         276MB
-docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.2               xxxxxxxxxxxx        5 weeks ago         769MB
+docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         769MB
 ```
 
 Finally, we can start Malcolm. When Malcolm starts it will stream informational and debug messages to the console. If you wish, you can safely close the console or use `Ctrl+C` to stop these messages; Malcolm will continue running in the background.
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index d93e7baa0..cb0bead9b 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -95,7 +95,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.2
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.1
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 6867dc561..90fa4f36d 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -95,7 +95,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.2
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.1
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/docker-compose.yml b/docker-compose.yml
index cbfa2fe46..911f11cf3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -95,7 +95,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.2
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.1
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
index 6d4f92707..383df668a 100644
--- a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
+++ b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "024062a6-48d6-498f-a91a-3bf2da3a3cd3",
diff --git a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
index aefd0a75e..a0b5fb65e 100644
--- a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
+++ b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "05e3e000-f118-11e9-acda-83a8e29e1a24",
@@ -10,7 +10,7 @@
         "title": "LDAP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":18,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":27,\"w\":25,\"h\":27,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":25,\"y\":27,\"w\":23,\"h\":27,\"i\":\"9\"},\"version\":\"7.5.2\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":18,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":27,\"w\":25,\"h\":27,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":25,\"y\":27,\"w\":23,\"h\":27,\"i\":\"9\"},\"version\":\"7.5.1\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
index d12865cd4..0bb32110f 100644
--- a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
+++ b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b",
diff --git a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index a8059700c..4241db2c8 100644
--- a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "0a490422-0ce9-44bf-9a2d-19329ddde8c3",
diff --git a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index 2ae33f18a..38a9ecabf 100644
--- a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "0ad3d7c2-3441-485e-9dfe-dbb22e84e576",
diff --git a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
index b54343811..ed3430204 100644
--- a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
+++ b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0",
diff --git a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
index 02274a749..a0c443d45 100644
--- a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
+++ b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa",
diff --git a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
index f51520293..4068721e5 100644
--- a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
+++ b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "11be6381-beef-40a7-bdce-88c5398392fc",
diff --git a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
index e1306e57a..b7166dee4 100644
--- a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
+++ b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "11ddd980-e388-11e9-b568-cf17de8e860c",
@@ -10,7 +10,7 @@
         "title": "QUIC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"15\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"15\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"16\",\"w\":48,\"x\":0,\"y\":69},\"panelIndex\":\"16\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"17\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"18\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"18\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"19\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"19\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"20\",\"w\":20,\"x\":8,\"y\":29},\"panelIndex\":\"20\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"21\",\"w\":20,\"x\":28,\"y\":29},\"panelIndex\":\"21\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"22\",\"w\":40,\"x\":8,\"y\":49},\"panelIndex\":\"22\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":13,\"i\":\"23\",\"w\":8,\"x\":0,\"y\":56},\"panelIndex\":\"23\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"15\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"15\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"16\",\"w\":48,\"x\":0,\"y\":69},\"panelIndex\":\"16\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"17\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"18\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"18\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"19\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"19\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"20\",\"w\":20,\"x\":8,\"y\":29},\"panelIndex\":\"20\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"21\",\"w\":20,\"x\":28,\"y\":29},\"panelIndex\":\"21\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"22\",\"w\":40,\"x\":8,\"y\":49},\"panelIndex\":\"22\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":13,\"i\":\"23\",\"w\":8,\"x\":0,\"y\":56},\"panelIndex\":\"23\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
index cc9a1cc60..e74245e43 100644
--- a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
+++ b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "152f29dc-51a2-4f53-93e9-6e92765567b8",
@@ -10,7 +10,7 @@
         "title": "Modbus",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":53,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":20,\"x\":8,\"y\":33},\"panelIndex\":\"11\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":13,\"i\":\"13\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"13\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":73},\"panelIndex\":\"14\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"15\",\"w\":17,\"x\":8,\"y\":13},\"panelIndex\":\"15\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":23,\"x\":25,\"y\":13},\"panelIndex\":\"16\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17\",\"w\":20,\"x\":28,\"y\":33},\"panelIndex\":\"17\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"18\",\"w\":27,\"x\":0,\"y\":53},\"panelIndex\":\"18\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"19\",\"w\":21,\"x\":27,\"y\":53},\"panelIndex\":\"19\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":53,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":20,\"x\":8,\"y\":33},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":13,\"i\":\"13\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"13\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":73},\"panelIndex\":\"14\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"15\",\"w\":17,\"x\":8,\"y\":13},\"panelIndex\":\"15\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":23,\"x\":25,\"y\":13},\"panelIndex\":\"16\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17\",\"w\":20,\"x\":28,\"y\":33},\"panelIndex\":\"17\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"18\",\"w\":27,\"x\":0,\"y\":53},\"panelIndex\":\"18\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"19\",\"w\":21,\"x\":27,\"y\":53},\"panelIndex\":\"19\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index a086cac38..9b664c906 100644
--- a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "1ce42250-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Sum of Total Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
index 587afd3ee..2cec97baf 100644
--- a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
+++ b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "1fff49f6-0199-4a0f-820b-721aff9ff1f1",
diff --git a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
index ee78c2940..195bf3e2e 100644
--- a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "29a1b290-eb98-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "EtherNet/IP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":74,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":15,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":15,\"w\":18,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":15,\"w\":22,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":34,\"w\":18,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":22,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":8,\"y\":54,\"w\":22,\"h\":20,\"i\":\"9\"},\"version\":\"7.5.2\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":30,\"y\":54,\"w\":18,\"h\":20,\"i\":\"10\"},\"version\":\"7.5.2\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":74,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":15,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":15,\"w\":18,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":15,\"w\":22,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":34,\"w\":18,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":22,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":8,\"y\":54,\"w\":22,\"h\":20,\"i\":\"9\"},\"version\":\"7.5.1\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":30,\"y\":54,\"w\":18,\"h\":20,\"i\":\"10\"},\"version\":\"7.5.1\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
index fb084ab2d..e8ab6848c 100644
--- a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "2bec1490-eb94-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "BACnet",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":73,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":25,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":25,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":25,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":53,\"w\":40,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":20,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":33,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":73,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":25,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":25,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":25,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":53,\"w\":40,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":20,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":33,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
index cee731445..4fe6a2dc5 100644
--- a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
+++ b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "2cf94cd0-ecab-40a5-95a7-8419f3a39cd9",
diff --git a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
index 6916ba23b..86f1a27ff 100644
--- a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
+++ b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "2d98bb8e-214c-4374-837b-20e1bcd63a5e",
diff --git a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
index 7b7460f81..77bb347ea 100644
--- a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "32587740-ef88-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream - RPC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":29,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"7\"},\"version\":\"7.5.2\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":29,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"7\"},\"version\":\"7.5.1\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
index de6b1234a..3f1afddfc 100644
--- a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
+++ b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "36ed695f-edcc-47c1-b0ec-50d20c93ce0f",
diff --git a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
index 4bc05ad3c..85e63de5f 100644
--- a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
+++ b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "37041ee1-79c0-4684-a436-3173b0e89876",
diff --git a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index 0c7fb206d..a035eaa8d 100644
--- a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "39abfe30-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Top Connection Duration (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 93a437b3d..15d8430fb 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "42e831b9-41a9-4f35-8b7d-e1566d368773",
diff --git a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
index cf4104c5c..15a302270 100644
--- a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
+++ b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "432af556-c5c0-4cc3-8166-b274b4e3a406",
diff --git a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
index c598b00b8..d8e76e6f8 100644
--- a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
+++ b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "4e5f106e-c60a-4226-8f64-d534abb912ab",
diff --git a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
index a9318d246..048619661 100644
--- a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
+++ b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "50ced171-1b10-4c3f-8b67-2db9635661a6",
diff --git a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
index bd1dd2262..7b62e8ebf 100644
--- a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
+++ b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "543118a9-02d7-43fe-b669-b8652177fc37",
diff --git a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index b3740c30b..45c9c6e7a 100644
--- a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "55e332d0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Originator Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
index 3b8463a06..abd234a92 100644
--- a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
+++ b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "60d78fbd-471c-4f59-a9e3-189b33a13644",
diff --git a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
index f437c7bb1..662d538a7 100644
--- a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
+++ b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "665d1610-523d-11e9-a30e-e3576242f3ed",
@@ -10,7 +10,7 @@
         "title": "Signatures",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"9\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"9\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"10\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"10\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":48,\"i\":\"11\",\"w\":40,\"x\":8,\"y\":32},\"panelIndex\":\"11\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"12\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"13\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"13\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"9\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"10\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":48,\"i\":\"11\",\"w\":40,\"x\":8,\"y\":32},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"12\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"13\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"13\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
index 5ed1f19c1..ce199c1d1 100644
--- a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
+++ b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "76f2f912-80da-44cd-ab66-6a73c8344cc3",
diff --git a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index baf9beb19..34861ea02 100644
--- a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "77fc9960-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Responder Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
index 0fae1b8da..f1c2d9208 100644
--- a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
+++ b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "7f41913f-cba8-43f5-82a8-241b7ead03e0",
diff --git a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index 474dacfe7..c57632be4 100644
--- a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb",
@@ -10,7 +10,7 @@
         "title": "SSL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"7\"},\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":124,\"w\":16,\"h\":24,\"i\":\"9\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":36,\"y\":124,\"w\":12,\"h\":24,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":16,\"y\":124,\"w\":20,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":24,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"14\"},\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":0,\"y\":148,\"w\":48,\"h\":72,\"i\":\"15\"},\"version\":\"7.5.2\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"19\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":24,\"i\":\"19\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"20\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"21\",\"gridData\":{\"x\":8,\"y\":32,\"w\":40,\"h\":24,\"i\":\"21\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"version\":\"7.5.2\",\"panelRefName\":\"panel_12\"},{\"gridData\":{\"x\":0,\"y\":104,\"w\":24,\"h\":20,\"i\":\"22\"},\"version\":\"7.5.2\",\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":24,\"y\":104,\"w\":24,\"h\":20,\"i\":\"23\"},\"version\":\"7.5.2\",\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]",
+        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"7\"},\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":124,\"w\":16,\"h\":24,\"i\":\"9\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":36,\"y\":124,\"w\":12,\"h\":24,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":16,\"y\":124,\"w\":20,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":24,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"14\"},\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":0,\"y\":148,\"w\":48,\"h\":72,\"i\":\"15\"},\"version\":\"7.5.1\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"19\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":24,\"i\":\"19\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"20\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"21\",\"gridData\":{\"x\":8,\"y\":32,\"w\":40,\"h\":24,\"i\":\"21\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_12\"},{\"gridData\":{\"x\":0,\"y\":104,\"w\":24,\"h\":20,\"i\":\"22\"},\"version\":\"7.5.1\",\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":24,\"y\":104,\"w\":24,\"h\":20,\"i\":\"23\"},\"version\":\"7.5.1\",\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
index a63128a4f..976898082 100644
--- a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
+++ b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "82da3101-2a9c-4ae2-bb61-d447a3fbe673",
diff --git a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
index 70cd5fd33..b29ab8dbf 100644
--- a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
+++ b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "870a5862-6c26-4a08-99fd-0c06cda85ba3",
diff --git a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
index 8420a16a7..b29bc391d 100644
--- a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
+++ b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "87a32f90-ef58-11e9-974e-9d600036d105",
@@ -10,7 +10,7 @@
         "title": "MQTT",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":33,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":33,\"w\":17,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"x\":16,\"y\":53,\"w\":32,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":25,\"i\":\"12\"},\"version\":\"7.5.2\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":33,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":33,\"w\":17,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"x\":16,\"y\":53,\"w\":32,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":25,\"i\":\"12\"},\"version\":\"7.5.1\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
index 794d82e38..452bebb42 100644
--- a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
+++ b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "87d990cc-9e0b-41e5-b8fe-b10ae1da0c85",
diff --git a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
index 7d6a56f91..4152357e1 100644
--- a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
+++ b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "92985909-dc29-4533-9e80-d3182a0ecf1d",
diff --git a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
index 460fcc278..eef0b5bf1 100644
--- a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
+++ b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "9ee51f94-3316-4fc5-bd89-93a52af69714",
diff --git a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index a6ff79e32..c2f3660c4 100644
--- a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "a16110b0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Sum of Total Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
index b9ac5738d..f46d049a9 100644
--- a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "a7514350-eba6-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "PROFINET",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":69,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":69,\"w\":48,\"h\":34,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":50,\"w\":19,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":50,\"w\":20,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":19,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":27,\"y\":33,\"w\":21,\"h\":17,\"i\":\"10\"},\"version\":\"7.5.2\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":69,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":69,\"w\":48,\"h\":34,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":50,\"w\":19,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":50,\"w\":20,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":19,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":27,\"y\":33,\"w\":21,\"h\":17,\"i\":\"10\"},\"version\":\"7.5.1\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index b9b59f1fe..17b697ec2 100644
--- a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4",
@@ -10,7 +10,7 @@
         "title": "Connections",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":134,\"w\":16,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":134,\"w\":16,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":195,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":195,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":32,\"y\":195,\"w\":16,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":20,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"22\"},\"panelIndex\":\"22\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"23\"},\"panelIndex\":\"23\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"24\"},\"panelIndex\":\"24\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"gridData\":{\"x\":0,\"y\":215,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":0,\"y\":91,\"w\":19,\"h\":7,\"i\":\"26\"},\"panelIndex\":\"26\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_15\"},{\"gridData\":{\"x\":19,\"y\":73,\"w\":29,\"h\":25,\"i\":\"30\"},\"panelIndex\":\"30\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_16\"},{\"gridData\":{\"x\":32,\"y\":134,\"w\":16,\"h\":21,\"i\":\"31\"},\"panelIndex\":\"31\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":175,\"w\":24,\"h\":20,\"i\":\"32\"},\"panelIndex\":\"32\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_18\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":175,\"w\":24,\"h\":20,\"i\":\"33\"},\"panelIndex\":\"33\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_19\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":155,\"w\":24,\"h\":20,\"i\":\"34\"},\"panelIndex\":\"34\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_20\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":155,\"w\":24,\"h\":20,\"i\":\"35\"},\"panelIndex\":\"35\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_21\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":25,\"i\":\"36\"},\"panelIndex\":\"36\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_22\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":25,\"i\":\"37\"},\"panelIndex\":\"37\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_23\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":0,\"y\":73,\"w\":19,\"h\":18,\"i\":\"38\"},\"panelIndex\":\"38\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_24\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":134,\"w\":16,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":134,\"w\":16,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":195,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":195,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":32,\"y\":195,\"w\":16,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":20,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"22\"},\"panelIndex\":\"22\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"23\"},\"panelIndex\":\"23\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"24\"},\"panelIndex\":\"24\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"gridData\":{\"x\":0,\"y\":215,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":0,\"y\":91,\"w\":19,\"h\":7,\"i\":\"26\"},\"panelIndex\":\"26\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_15\"},{\"gridData\":{\"x\":19,\"y\":73,\"w\":29,\"h\":25,\"i\":\"30\"},\"panelIndex\":\"30\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_16\"},{\"gridData\":{\"x\":32,\"y\":134,\"w\":16,\"h\":21,\"i\":\"31\"},\"panelIndex\":\"31\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":175,\"w\":24,\"h\":20,\"i\":\"32\"},\"panelIndex\":\"32\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_18\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":175,\"w\":24,\"h\":20,\"i\":\"33\"},\"panelIndex\":\"33\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_19\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":155,\"w\":24,\"h\":20,\"i\":\"34\"},\"panelIndex\":\"34\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_20\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":155,\"w\":24,\"h\":20,\"i\":\"35\"},\"panelIndex\":\"35\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_21\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":25,\"i\":\"36\"},\"panelIndex\":\"36\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_22\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":25,\"i\":\"37\"},\"panelIndex\":\"37\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_23\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":0,\"y\":73,\"w\":19,\"h\":18,\"i\":\"38\"},\"panelIndex\":\"38\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_24\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
index 109f0b51b..7fa6a732e 100644
--- a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
+++ b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "ae79b7d1-4281-4095-b2f6-fa7eafda9970",
diff --git a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
index 0434f4dcb..00fde0bad 100644
--- a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
+++ b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "af5df620-eeb6-11e9-bdef-65a192b7f586",
@@ -10,7 +10,7 @@
         "title": "NTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":29,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":28,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":8,\"w\":21,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":28,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":20,\"i\":\"13\"},\"version\":\"7.5.2\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":29,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":28,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":8,\"w\":21,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":28,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":20,\"i\":\"13\"},\"version\":\"7.5.1\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
index f4aac4ee3..6e1917e34 100644
--- a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
+++ b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "b50c8d17-6ed3-4de6-aed4-5181032810b2",
diff --git a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index e65465920..6749c245b 100644
--- a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "b9f247c0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Top Connection Duration (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
index 1c6f8480e..bbcd37232 100644
--- a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
+++ b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "bb827f8e-639e-468c-93c8-9f5bc132eb8f",
diff --git a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
index 62d7ac1c9..42259d51b 100644
--- a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "bed185a0-ef82-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":7,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":0,\"w\":33,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":11,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":35,\"y\":14,\"w\":13,\"h\":20,\"i\":\"7\"},\"version\":\"7.5.2\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":7,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":0,\"w\":33,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":11,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":35,\"y\":14,\"w\":13,\"h\":20,\"i\":\"7\"},\"version\":\"7.5.1\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
index e91ca3533..f50d9e94b 100644
--- a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
+++ b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "caef3ade-d289-4d05-a511-149f3e97f238",
diff --git a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json b/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
index 8d6e91e96..42d47b481 100644
--- a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
+++ b/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "d15a9d40-5c3e-492f-8e17-67a5d6862a3a",
diff --git a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index f636d781c..332203b06 100644
--- a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "d41fe630-3f98-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Originator Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
index 04f34c777..1200e30e6 100644
--- a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
+++ b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "d4fd6afd-15cb-42bf-8a25-03dd8e59b327",
diff --git a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
index d03229ccb..01a3383a8 100644
--- a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
+++ b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "e09a4b86-29b5-4256-bb3b-802ac9f90404",
diff --git a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
index ee8bdbbc1..b8fbe1d36 100644
--- a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "e76d05c0-eb9f-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "S7comm",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":51,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":34,\"w\":20,\"h\":17,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":20,\"h\":17,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":14,\"w\":20,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":51,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":34,\"w\":20,\"h\":17,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":20,\"h\":17,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":14,\"w\":20,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index 3467e4d6a..679477fcd 100644
--- a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "ed8a6640-3f98-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Responder Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
index 49450001d..c862ddd67 100644
--- a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
+++ b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "f1f09567-fc7f-450b-a341-19d2f2bb468b",
diff --git a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
index 554158dda..2b72cb10c 100644
--- a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
+++ b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "f394057d-1b16-4174-b994-7045f423a416",
diff --git a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
index f6f268690..16cad4e83 100644
--- a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
+++ b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "f77bf097-18a8-465c-b634-eb2acc7a4f26",
diff --git a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
index 63cb5a786..78494f26f 100644
--- a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "fa141950-ef89-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream - SQL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":47,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"2\",\"w\":48,\"x\":0,\"y\":47},\"panelIndex\":\"2\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":11,\"x\":21,\"y\":8},\"panelIndex\":\"6\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":40,\"x\":8,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.5.2\",\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":47,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"2\",\"w\":48,\"x\":0,\"y\":47},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":11,\"x\":21,\"y\":8},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":40,\"x\":8,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot b/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
index 10ecc0fb9..b2b91769e 100755
--- a/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-BEATS_VER="7.5.2"
+BEATS_VER="7.5.1"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json b/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
index 1eae59653..dc292c4e9 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
+++ b/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "072befc0-ffba-11e8-a854-ad7782ef6a55",
diff --git a/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json b/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
index ed2b8b92f..d2afbf94f 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
+++ b/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "1ca59220-ffb0-11e8-a854-ad7782ef6a55",
diff --git a/sensor-iso/beats/Dockerfile b/sensor-iso/beats/Dockerfile
index 60d1b33b7..0a86b16c1 100644
--- a/sensor-iso/beats/Dockerfile
+++ b/sensor-iso/beats/Dockerfile
@@ -28,7 +28,7 @@ RUN apt-get update && apt-get install -y \
     bash -c "curl https://glide.sh/get | bash"
 
 ENV BEATS=metricbeat
-ENV BEATS_VERSION=7.5.2
+ENV BEATS_VERSION=7.5.1
 
 ADD ./build.sh /build.sh
 RUN [ "chmod", "+x", "/build.sh" ]
diff --git a/sensor-iso/beats/beat-build.sh b/sensor-iso/beats/beat-build.sh
index 915aff66f..0241c2e99 100755
--- a/sensor-iso/beats/beat-build.sh
+++ b/sensor-iso/beats/beat-build.sh
@@ -2,7 +2,7 @@
 
 # Copyright (c) 2018 Battelle Energy Alliance, LLC.  All rights reserved.
 
-VERSION="7.5.2"
+VERSION="7.5.1"
 THIRD_PARTY_BRANCH="master"
 while getopts b:v:t: opts; do
    case ${opts} in
diff --git a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
index 8f179f22a..4d6ce1bb9 100755
--- a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -11,7 +11,7 @@ ZEEK_PATCH_URLS=(
   # nothing here for now
 )
 
-BEATS_VER="7.5.2"
+BEATS_VER="7.5.1"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json b/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
index 1eae59653..dc292c4e9 100644
--- a/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
+++ b/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "072befc0-ffba-11e8-a854-ad7782ef6a55",
diff --git a/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json b/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
index ed2b8b92f..d2afbf94f 100644
--- a/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
+++ b/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.2",
+  "version": "7.5.1",
   "objects": [
     {
       "id": "1ca59220-ffb0-11e8-a854-ad7782ef6a55",
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index 228560175..fb5889354 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -1763,7 +1763,7 @@ The Elastic Stack's [Beats](https://www.elastic.co/products/beats) platform is a
 
 set -e
 
-BEATS_VER="7.5.2"
+BEATS_VER="7.5.1"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json b/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
index aa50ef5a3..5013a1251 100644
--- a/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
+++ b/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
@@ -2,7 +2,7 @@
   "index_patterns": ["protologbeat-*"],
   "mappings": {
     "_meta": {
-      "version": "7.5.2"
+      "version": "7.5.1"
     },
     "dynamic_templates": [{
       "strings_as_keyword": {

From 3f2067ae085066c4003840a570967303b87bb223 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 23 Jan 2020 07:06:40 -0700
Subject: [PATCH 025/183] fix default for external password question

---
 scripts/control.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/control.py b/scripts/control.py
index 7f91da401..1765eb33f 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -447,7 +447,7 @@ def authSetup(wipe=False):
       os.chdir(MalcolmPath)
 
   # create and populate keystore for remote
-  if YesOrNo('Store username/password for forwarding Logstash events to a secondary, external Elasticsearch instance', default=True):
+  if YesOrNo('Store username/password for forwarding Logstash events to a secondary, external Elasticsearch instance', default=False):
 
     # prompt usernamd and password
     esPassword = None

From 414f64ce5c2d89d8089195bfd749e2609d07d40c Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 23 Jan 2020 07:39:25 -0700
Subject: [PATCH 026/183] handle missing python package in windows

---
 scripts/install.py        | 5 ++++-
 scripts/malcolm_common.py | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/scripts/install.py b/scripts/install.py
index 0634b32fe..ecfa1b3a2 100755
--- a/scripts/install.py
+++ b/scripts/install.py
@@ -22,7 +22,10 @@
 import tempfile
 import time
 
-from pwd import getpwuid
+try:
+  from pwd import getpwuid
+except ImportError:
+  getpwuid = None
 from collections import defaultdict, namedtuple
 
 from malcolm_common import *
diff --git a/scripts/malcolm_common.py b/scripts/malcolm_common.py
index 4b520a6a7..279cd3184 100644
--- a/scripts/malcolm_common.py
+++ b/scripts/malcolm_common.py
@@ -13,7 +13,10 @@
 import time
 
 from collections import defaultdict
-from pwd import getpwuid
+try:
+  from pwd import getpwuid
+except ImportError:
+  getpwuid = None
 from subprocess import (PIPE, STDOUT, Popen, CalledProcessError)
 
 ###################################################################################################

From 9567cbc05893a94157b002ccc3bbab5923b4d64e Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 23 Jan 2020 07:59:28 -0700
Subject: [PATCH 027/183] documentation updates

---
 README.md | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index 17617869e..5cc2edd33 100644
--- a/README.md
+++ b/README.md
@@ -360,12 +360,12 @@ To install Malcolm:
 
 To start, stop, restart, etc. Malcolm:
   Use the control scripts in the "scripts/" directory:
-   - start.sh      (start Malcolm)
-   - stop.sh       (stop Malcolm)
-   - restart.sh    (restart Malcolm)
-   - logs.sh       (monitor Malcolm logs)
-   - wipe.sh       (stop Malcolm and clear its database)
-   - auth_setup (change authentication-related settings)
+   - start         (start Malcolm)
+   - stop          (stop Malcolm)
+   - restart       (restart Malcolm)
+   - logs          (monitor Malcolm logs)
+   - wipe          (stop Malcolm and clear its database)
+   - auth_setup    (change authentication-related settings)
 
 A minute or so after starting Malcolm, the following services will be accessible:
   - Moloch: https://localhost/
@@ -622,7 +622,7 @@ After making these changes, right click on the Docker 🐋 icon in the system tr
 Installing and configuring Docker to run under Windows must be done manually, rather than through the `install.py` script as is done for Linux and macOS.
 
 1. In order to be able to configure Docker volume mounts correctly, you should be running [Windows 10, version 1803](https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1803) or higher.
-1. The control scripts in the `scripts/` directory are written in the Bash command language. The easiest way to run Bash in Windows is using the [Windows Subsystem for Linux](https://docs.microsoft.com/en-us/windows/wsl/install-win10) (WSL). To install WSL, run the following command in PowerShell as Administrator:
+1. The control scripts in the `scripts/` directory are written in the Python. They also rely on a few other utilities such as OpenSSL and htpasswd. The easiest way to run these tools in Windows is using the [Windows Subsystem for Linux](https://docs.microsoft.com/en-us/windows/wsl/install-win10) (WSL) (however, they may also be installed and configured manually: [Python](https://www.python.org/downloads/windows); [OpenSSL](https://wiki.openssl.org/index.php/Binaries); [htpasswd](https://httpd.apache.org/docs/current/platform/windows.html#down), download the `httpd….zip` file and extract `htpasswd.exe` from the `Apache…\bin\` directory). To install WSL, run the following command in PowerShell as Administrator:
     + `Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux`
 1. Install the [Linux distribution of your choice](https://docs.microsoft.com/en-us/windows/wsl/install-win10#install-your-linux-distribution-of-choice) in WSL. These instructions have been tested using Debian, but will probably work with other distributions as well.
 1. Run the following commands in PowerShell as Administrator to enable required Windows features:
@@ -651,6 +651,8 @@ Installing and configuring Docker to run under Windows must be done manually, ra
 
 Once Docker is installed, configured and running as described in the previous section, run [`./scripts/install.py --configure`](#ConfigAndTuning) (in WSL it will probably be something like `sudo python3 ./scripts/install.py --configure`) to finish configuration of the local Malcolm installation.
 
+The control scripts outlined in the [Running Malcolm](#Running) section may not be symlinked correctly under Windows. Rather than running `./scripts/start`, `./scripts/stop`, etc., you can run `python3 ./scripts/control.py --start`, `python3 ./scripts/control.py --stop`, etc. to the same effect.
+
 ## <a name="Running"></a>Running Malcolm
 
 ### <a name="AuthSetup"></a>Configure authentication
@@ -719,7 +721,7 @@ The contents of `nginx_ldap.conf` will vary depending on how the LDAP server is
 * **`group_attribute_is_dn`** - whether or not to search for the full distinguished name in the member object
 * **`require`** and **`satisfy`** - `require user`, `require group` and `require valid_user` can be used in conjunction with `satisfy any` or `satisfy all` to limit the users that are allowed to access the Malcolm instance
 
-Before starting Malcolm, edit `nginx/nginx_ldap.conf` according to the specifics of your LDAP server and directory tree structure. Using a LDAP search tool such as [`ldapsearch`](https://www.openldap.org/software/man.cgi?query=ldapsearch) in Linux or [`dsquery`](https://social.technet.microsoft.com/wiki/contents/articles/2195.active-directory-dsquery-commands.aspx) in Windows may be of help as you formulate the configuration. Your changes should be made within the curly braces of the `ldap_server ad_server { … }` section. You can troubleshoot configuration file syntax errors and LDAP connection or credentials issues by running `./scripts/logs.sh` (or `docker-compose logs nginx`) and examining the output of the `nginx` container.
+Before starting Malcolm, edit `nginx/nginx_ldap.conf` according to the specifics of your LDAP server and directory tree structure. Using a LDAP search tool such as [`ldapsearch`](https://www.openldap.org/software/man.cgi?query=ldapsearch) in Linux or [`dsquery`](https://social.technet.microsoft.com/wiki/contents/articles/2195.active-directory-dsquery-commands.aspx) in Windows may be of help as you formulate the configuration. Your changes should be made within the curly braces of the `ldap_server ad_server { … }` section. You can troubleshoot configuration file syntax errors and LDAP connection or credentials issues by running `./scripts/logs` (or `docker-compose logs nginx`) and examining the output of the `nginx` container.
 
 The **Malcolm User Management** page described above is not available when using LDAP authentication.
 
@@ -748,23 +750,23 @@ In addition to the `NGINX_BASIC_AUTH` environment variable being set to `false`
 
 [Docker compose](https://docs.docker.com/compose/) is used to coordinate running the Docker containers. To start Malcolm, navigate to the directory containing `docker-compose.yml` and run:
 ```
-$ ./scripts/start.sh
+$ ./scripts/start
 ```
 This will create the containers' virtual network and instantiate them, then leave them running in the background. The Malcolm containers may take a several minutes to start up completely. To follow the debug output for an already-running Malcolm instance, run:
 ```
-$ ./scripts/logs.sh
+$ ./scripts/logs
 ```
 You can also use `docker stats` to monitor the resource utilization of running containers.
 
 ### <a name="StopAndRestart"></a>Stopping and restarting Malcolm
 
-You can run `./scripts/stop.sh` to stop the docker containers and remove their virtual network. Alternately, `./scripts/restart.sh` will restart an instance of Malcolm. Because the data on disk is stored on the host in docker volumes, doing these operations will not result in loss of data. 
+You can run `./scripts/stop` to stop the docker containers and remove their virtual network. Alternately, `./scripts/restart` will restart an instance of Malcolm. Because the data on disk is stored on the host in docker volumes, doing these operations will not result in loss of data. 
 
 Malcolm can be configured to be automatically restarted when the Docker system daemon restart (for example, on system reboot). This behavior depends on the [value](https://docs.docker.com/config/containers/start-containers-automatically/) of the [`restart:`](https://docs.docker.com/compose/compose-file/#restart) setting for each service in the `docker-compose.yml` file. This value can be set by running [`./scripts/install.py --configure`](#ConfigAndTuning) and answering "yes" to "`Restart Malcolm upon system or Docker daemon restart?`."
 
 ### <a name="Wipe"></a>Clearing Malcolm’s data
 
-Run `./scripts/wipe.sh` to stop the Malcolm instance and wipe its Elasticsearch database (including [index snapshots](#Curator)).
+Run `./scripts/wipe` to stop the Malcolm instance and wipe its Elasticsearch database (including [index snapshots](#Curator)).
 
 ## <a name="Upload"></a>Capture file and log archive upload
 
@@ -859,9 +861,9 @@ To do this, you'll need to configure Malcolm's local Filebeat log forwarder so t
 $ mv -f ./docker-compose-standalone-zeek-live.yml ./docker-compose.yml
 ```
 
-Alternately, you can run the `start.sh` script (and the other control scripts) like this, without modifying your original `docker-compose.yml` file:
+Alternately, you can run the `start` script (and the other control scripts) like this, without modifying your original `docker-compose.yml` file:
 ```
-$ ./scripts/start.sh ./docker-compose-standalone-zeek-live.yml
+$ ./scripts/start -f ./docker-compose-standalone-zeek-live.yml
 ```
 
 Once Malcolm has been [started](#Starting), `cd` into `./zeek-logs/current/` and run `bro` from inside that directory.
@@ -1305,7 +1307,7 @@ If both `zeek.orig_segment` and `zeek.resp_segment` are added to a log, and if t
 ![Cross-segment traffic in Connections](./docs/images/screenshots/moloch_connections_segments.png)
 
 #### <a name="ApplyMapping"></a>Applying mapping changes
-When changes are made to either `cidr-map.txt` or `host-map.txt`, Malcolm's Logstash container must be restarted. The easiest way to do this is to restart malcolm via `restart.sh` (see [Stopping and restarting Malcolm](#StopAndRestart)).
+When changes are made to either `cidr-map.txt` or `host-map.txt`, Malcolm's Logstash container must be restarted. The easiest way to do this is to restart malcolm via `restart` (see [Stopping and restarting Malcolm](#StopAndRestart)).
 
 ## <a name="Curator"></a>Elasticsearch index curation
 
@@ -1768,7 +1770,7 @@ docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxx
 
 Finally, we can start Malcolm. When Malcolm starts it will stream informational and debug messages to the console. If you wish, you can safely close the console or use `Ctrl+C` to stop these messages; Malcolm will continue running in the background.
 ```
-user@host:~/Malcolm$ ./scripts/start.sh
+user@host:~/Malcolm$ ./scripts/start
 Creating network "malcolm_default" with the default driver
 Creating malcolm_curator_1       ... done
 Creating malcolm_elastalert_1    ... done

From 256613130fc8565fa7412188bc1ad7a7c9912644 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 23 Jan 2020 08:50:53 -0700
Subject: [PATCH 028/183] tweak some codenames

---
 scripts/install.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/install.py b/scripts/install.py
index ecfa1b3a2..70eba3cb0 100755
--- a/scripts/install.py
+++ b/scripts/install.py
@@ -968,14 +968,14 @@ def tweak_system_files(self):
                                     'vm.dirty_ratio defines the maximum percentage of dirty system memory before committing everything',
                                     ['# maximum % of dirty system memory before committing everything',
                                      'vm.dirty_ratio=80']),
-                        ConfigLines(['centos'],
+                        ConfigLines(['centos', 'core'],
                                     '/etc/systemd/system.conf.d/limits.conf',
                                     '',
                                     '/etc/systemd/system.conf.d/limits.conf increases the allowed maximums for file handles and memlocked segments',
                                     ['[Manager]',
                                      'DefaultLimitNOFILE=65535:65535',
                                      'DefaultLimitMEMLOCK=infinity']),
-                        ConfigLines(['bionic', 'cosmic', 'disco', 'stretch', 'buster', 'sid', 'fedora'],
+                        ConfigLines(['bionic', 'cosmic', 'disco', 'eoan', 'stretch', 'buster', 'sid', 'fedora'],
                                     '/etc/security/limits.d/limits.conf',
                                     '',
                                     '/etc/security/limits.d/limits.conf increases the allowed maximums for file handles and memlocked segments',

From ec89f2591c83d65bacd6e2c16363e2392d05789c Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 23 Jan 2020 14:07:00 -0700
Subject: [PATCH 029/183] use specified path (rather than absolute path) for
 compose file

---
 scripts/control.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/scripts/control.py b/scripts/control.py
index 1765eb33f..e9ca75369 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -536,9 +536,6 @@ def main():
   else:
     sys.tracebacklimit = 0
 
-  if not os.path.isabs(args.composeFile):
-    args.composeFile = os.path.join(MalcolmPath, args.composeFile)
-
   os.chdir(MalcolmPath)
 
   # make sure docker/docker-compose is available

From 52e53f4196cf9221333af69d63ce71bdf12b220d Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 23 Jan 2020 14:29:36 -0700
Subject: [PATCH 030/183] make python3 the default

---
 malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot | 4 ++++
 sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot  | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot b/malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot
index 5e39cd2e8..f7aba638d 100755
--- a/malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot
@@ -12,3 +12,7 @@ pip3 install --no-compile --no-cache-dir --force-reinstall --upgrade \
   netifaces \
   pythondialog \
   requests[security]
+
+# make python3 the default python
+update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
+update-alternatives --install /usr/bin/python python /usr/bin/python3.7 2
diff --git a/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot b/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot
index 8b115387d..64bc9dfab 100755
--- a/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot
@@ -19,3 +19,7 @@ pip3 install --no-compile --no-cache-dir --force-reinstall --upgrade \
   requests \
   scapy \
   zkg
+
+# make python3 the default python
+update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
+update-alternatives --install /usr/bin/python python /usr/bin/python3.7 2

From cba92862895b417a2aab76db3b5fb06c227c3854 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 23 Jan 2020 14:34:43 -0700
Subject: [PATCH 031/183] Revert "make python3 the default"

This reverts commit 52e53f4196cf9221333af69d63ce71bdf12b220d.
---
 malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot | 4 ----
 sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot  | 4 ----
 2 files changed, 8 deletions(-)

diff --git a/malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot b/malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot
index f7aba638d..5e39cd2e8 100755
--- a/malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot
@@ -12,7 +12,3 @@ pip3 install --no-compile --no-cache-dir --force-reinstall --upgrade \
   netifaces \
   pythondialog \
   requests[security]
-
-# make python3 the default python
-update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
-update-alternatives --install /usr/bin/python python /usr/bin/python3.7 2
diff --git a/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot b/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot
index 64bc9dfab..8b115387d 100755
--- a/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot
@@ -19,7 +19,3 @@ pip3 install --no-compile --no-cache-dir --force-reinstall --upgrade \
   requests \
   scapy \
   zkg
-
-# make python3 the default python
-update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
-update-alternatives --install /usr/bin/python python /usr/bin/python3.7 2

From 40ea9c8e5ab5649a3484318234d4201d54eaea9d Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 23 Jan 2020 14:52:21 -0700
Subject: [PATCH 032/183] fixes for new control scripts

---
 malcolm-iso/build.sh                                            | 1 +
 .../includes.chroot/usr/share/applications/malcolm-logs.desktop | 2 +-
 .../usr/share/applications/malcolm-restart.desktop              | 2 +-
 .../usr/share/applications/malcolm-start.desktop                | 2 +-
 .../includes.chroot/usr/share/applications/malcolm-stop.desktop | 2 +-
 5 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/malcolm-iso/build.sh b/malcolm-iso/build.sh
index 8c422a9c8..9e9200dc8 100755
--- a/malcolm-iso/build.sh
+++ b/malcolm-iso/build.sh
@@ -116,6 +116,7 @@ if [ -d "$WORKDIR" ]; then
   ln -s ./control.py wipe
   ln -s ./control.py logs
   ln -s ./control.py auth_setup
+  sed -i 's@#!/usr/bin/env[[:space:]]*python$@#!/usr/bin/env python3@g' *.py
   popd >/dev/null 2>&1
   cp ./scripts/malcolm_common.py "$MALCOLM_DEST_DIR/scripts/"
   cp ./README.md "$MALCOLM_DEST_DIR/"
diff --git a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-logs.desktop b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-logs.desktop
index 4c3377ffd..41e731b98 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-logs.desktop
+++ b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-logs.desktop
@@ -1,7 +1,7 @@
 #!/usr/bin/env xdg-open
 [Desktop Entry]
 Name=Malcolm Debug Logs
-Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3 ~/Malcolm/scripts/control.py --logs"
+Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3\ ~/Malcolm/scripts/control.py\ --logs"
 Comment=Monitor the debug output of Malcolm containers
 Terminal=false
 Type=Application
diff --git a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-restart.desktop b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-restart.desktop
index e6cd0c911..1329aa8ae 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-restart.desktop
+++ b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-restart.desktop
@@ -1,7 +1,7 @@
 #!/usr/bin/env xdg-open
 [Desktop Entry]
 Name=Restart Malcolm
-Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3 ~/Malcolm/scripts/control.py --restart"
+Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3\ ~/Malcolm/scripts/control.py\ --restart"
 Comment=Restart Malcolm
 Terminal=false
 Type=Application
diff --git a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-start.desktop b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-start.desktop
index 4e8275922..c4a3861a0 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-start.desktop
+++ b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-start.desktop
@@ -1,7 +1,7 @@
 #!/usr/bin/env xdg-open
 [Desktop Entry]
 Name=Start Malcolm
-Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3 ~/Malcolm/scripts/control.py --start"
+Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3\ ~/Malcolm/scripts/control.py\ --start"
 Comment=Start Malcolm
 Terminal=false
 Type=Application
diff --git a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-stop.desktop b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-stop.desktop
index 7c846eff4..16d8b0560 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-stop.desktop
+++ b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-stop.desktop
@@ -1,7 +1,7 @@
 #!/usr/bin/env xdg-open
 [Desktop Entry]
 Name=Stop Malcolm
-Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3 ~/Malcolm/scripts/control.py --stop"
+Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3\ ~/Malcolm/scripts/control.py\ --stop"
 Comment=Stop Malcolm
 Terminal=false
 Type=Application

From cb9766b02439d8a791eae86e205cd9e40c38450d Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 23 Jan 2020 15:08:08 -0700
Subject: [PATCH 033/183] fix logs script hanging

---
 scripts/control.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/control.py b/scripts/control.py
index e9ca75369..fcfd85c6e 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -82,7 +82,7 @@ def logs():
   process = Popen([dockerComposeBin, '-f', args.composeFile, 'logs', '-f'], stdout=PIPE)
   while True:
     output = process.stdout.readline()
-    if (output == '') and process.poll() is not None:
+    if (len(output) == 0) and (process.poll() is not None):
       break
     if output:
       outputStr = output.decode().strip()

From a021a49967724d86179f80b864449c79eee064c4 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 27 Jan 2020 07:49:13 -0700
Subject: [PATCH 034/183] pin filters by default in kibana

---
 kibana/scripts/kibana-create-moloch-sessions-index.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kibana/scripts/kibana-create-moloch-sessions-index.sh b/kibana/scripts/kibana-create-moloch-sessions-index.sh
index 9b1068bf5..7d31570cd 100755
--- a/kibana/scripts/kibana-create-moloch-sessions-index.sh
+++ b/kibana/scripts/kibana-create-moloch-sessions-index.sh
@@ -48,6 +48,9 @@ if [[ "$CREATE_ES_MOLOCH_SESSION_INDEX" = "true" ]] ; then
 
       # turn off telemetry
       curl -XPOST "$KIBANA_URL/api/telemetry/v2/optIn" -H 'kbn-xsrf:true' -H 'Content-type:application/json' -d '{"enabled":false}'
+
+      # pin filters by default
+      curl -XPOST "$KIBANA_URL/api/kibana/settings/filters:pinnedByDefault" -H 'kbn-xsrf:true' -H 'Content-type:application/json' -d '{"value":true}'
     fi
   fi
 fi

From e363ea25d39f482f041eeff69410112ca8eef538 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 28 Jan 2020 09:29:50 -0700
Subject: [PATCH 035/183] put a hack/fix in for vagrant not liking dhcp nat in
 6.1

---
 malcolm-iso/vagrant/Vagrantfile | 7 +++++++
 sensor-iso/vagrant/Vagrantfile  | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/malcolm-iso/vagrant/Vagrantfile b/malcolm-iso/vagrant/Vagrantfile
index d6a3962d8..21dc10f21 100644
--- a/malcolm-iso/vagrant/Vagrantfile
+++ b/malcolm-iso/vagrant/Vagrantfile
@@ -2,6 +2,13 @@ unless Vagrant.has_plugin?("vagrant-reload")
   raise 'vagrant-reload plugin is not installed!'
 end
 
+# hack: https://github.com/hashicorp/vagrant/issues/8878#issuecomment-345112810
+class VagrantPlugins::ProviderVirtualBox::Action::Network
+  def dhcp_server_matches_config?(dhcp_server, config)
+    true
+  end
+end
+
 Vagrant.configure("2") do |config|
 
   config.vm.box = "bento/debian-10"
diff --git a/sensor-iso/vagrant/Vagrantfile b/sensor-iso/vagrant/Vagrantfile
index c518d7623..d2869545d 100644
--- a/sensor-iso/vagrant/Vagrantfile
+++ b/sensor-iso/vagrant/Vagrantfile
@@ -4,6 +4,13 @@ unless Vagrant.has_plugin?("vagrant-reload")
   raise 'vagrant-reload plugin is not installed!'
 end
 
+# hack: https://github.com/hashicorp/vagrant/issues/8878#issuecomment-345112810
+class VagrantPlugins::ProviderVirtualBox::Action::Network
+  def dhcp_server_matches_config?(dhcp_server, config)
+    true
+  end
+end
+
 Vagrant.configure("2") do |config|
 
   config.vm.box = "bento/debian-10"

From 54ba1c3cada910f53d579540afccc0dfce445845 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 28 Jan 2020 10:18:29 -0700
Subject: [PATCH 036/183] create a zeek.service_version field to track protocol
 version in a single place; also, move password up to the zeek root level

---
 logstash/pipelines/zeek/11_zeek_logs.conf | 140 +++++++++++++++++++---
 moloch/wise/source.zeeklogs.js            |  18 +--
 zeek/config/local.zeek                    |   2 +
 3 files changed, 137 insertions(+), 23 deletions(-)

diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index d0d559a88..61b469e53 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -2395,18 +2395,19 @@ filter {
   # show up in many types of logs)
   mutate {
     id => "mutate_rename_zeek_common_fields"
-    rename => { "[zeek_%{[source]}][ts]"            => "[zeek][ts]" }
-    rename => { "[zeek_%{[source]}][uid]"           => "[zeek][uid]" }
-    rename => { "[zeek_%{[source]}][orig_h]"        => "[zeek][orig_h]" }
-    rename => { "[zeek_%{[source]}][orig_p]"        => "[zeek][orig_p]" }
-    rename => { "[zeek_%{[source]}][orig_l2_addr]"  => "[zeek][orig_l2_addr]" }
-    rename => { "[zeek_%{[source]}][resp_h]"        => "[zeek][resp_h]" }
-    rename => { "[zeek_%{[source]}][resp_p]"        => "[zeek][resp_p]" }
-    rename => { "[zeek_%{[source]}][resp_l2_addr]"  => "[zeek][resp_l2_addr]" }
-    rename => { "[zeek_%{[source]}][proto]"         => "[zeek][proto]" }
-    rename => { "[zeek_%{[source]}][service]"       => "[zeek][service]" }
-    rename => { "[zeek_%{[source]}][user]"          => "[zeek][user]" }
-    rename => { "[zeek_%{[source]}][community_id]"  => "[zeek][community_id]" }
+    rename => { "[zeek_%{[source]}][ts]"              => "[zeek][ts]" }
+    rename => { "[zeek_%{[source]}][uid]"             => "[zeek][uid]" }
+    rename => { "[zeek_%{[source]}][orig_h]"          => "[zeek][orig_h]" }
+    rename => { "[zeek_%{[source]}][orig_p]"          => "[zeek][orig_p]" }
+    rename => { "[zeek_%{[source]}][orig_l2_addr]"    => "[zeek][orig_l2_addr]" }
+    rename => { "[zeek_%{[source]}][resp_h]"          => "[zeek][resp_h]" }
+    rename => { "[zeek_%{[source]}][resp_p]"          => "[zeek][resp_p]" }
+    rename => { "[zeek_%{[source]}][resp_l2_addr]"    => "[zeek][resp_l2_addr]" }
+    rename => { "[zeek_%{[source]}][proto]"           => "[zeek][proto]" }
+    rename => { "[zeek_%{[source]}][service]"         => "[zeek][service]" }
+    rename => { "[zeek_%{[source]}][user]"            => "[zeek][user]" }
+    rename => { "[zeek_%{[source]}][password]"        => "[zeek][password]" }
+    rename => { "[zeek_%{[source]}][community_id]"    => "[zeek][community_id]" }
   }
 
   if ([zeek][orig_h]) { mutate { id => "mutate_add_field_zeek_srcIp"
@@ -2850,6 +2851,9 @@ filter {
         id => "mutate_add_field_zeek_quic_versionCnt"
         add_field =>  { "[quic][versionCnt]" => "1" }
       }
+      # collect protocol version under the parent zeek.service_version array
+      mutate { id => "mutate_merge_field_zeek_service_version_quic"
+               merge => { "[zeek][service_version]" => "[quic][version]" } }
     }
 
 
@@ -2943,6 +2947,9 @@ filter {
         id => "ruby_zeek_http_clientVersionCnt"
         code => "event.set('[http][clientVersionCnt]', event.get('[http][clientVersion]').length)"
       }
+      # collect protocol version under the parent zeek.service_version array
+      mutate { id => "mutate_merge_field_zeek_service_version_http"
+               merge => { "[zeek][service_version]" => "[zeek_http][version]" } }
     }
 
     if ([zeek_http][status_code]) {
@@ -3141,6 +3148,16 @@ filter {
       }
     }
 
+  } else if ([source] == "mqtt_connect") {
+    #############################################################################################################################
+    # mqtt_connect.log specific logic
+
+    if ([zeek_mqtt_connect][proto_version]) {
+      # collect protocol version under the parent zeek.service_version array
+      mutate { id => "mutate_merge_field_zeek_service_version_mqtt_connect"
+               merge => { "[zeek][service_version]" => "[zeek_mqtt_connect][proto_version]" } }
+    }
+
   } else if ([source] == "mqtt_publish") {
     #############################################################################################################################
     # mqtt_publish.log specific logic
@@ -3204,6 +3221,12 @@ filter {
       }
     }
 
+    if ([zeek_ntp][version]) {
+      # collect protocol version under the parent zeek.service_version array
+      mutate { id => "mutate_merge_field_zeek_service_version_ntp"
+               merge => { "[zeek][service_version]" => "[zeek_ntp][version]" } }
+    }
+
     # convert timestamps from UNIX
     # ref_time: Time when the system clock was last set or correct.
     if ([zeek_ntp][ref_time]) {
@@ -3311,6 +3334,26 @@ filter {
                merge => { "[zeek][fuid]" => "[zeek_pe][fuid]" } }
     }
 
+  } else if ([source] == "profinet") {
+    #############################################################################################################################
+    # profinet.log specific logic
+
+    if ([zeek_profinet][block_version]) {
+      # collect protocol version under the parent zeek.service_version array
+      mutate { id => "mutate_merge_field_zeek_service_version_profinet"
+               merge => { "[zeek][service_version]" => "[zeek_profinet][block_version]" } }
+    }
+
+  } else if ([source] == "profinet_dce_rpc") {
+    #############################################################################################################################
+    # profinet.log specific logic
+
+    if ([zeek_profinet_dce_rpc][version]) {
+      # collect protocol version under the parent zeek.service_version array
+      mutate { id => "mutate_merge_field_zeek_service_version_profinet_dce_rpc"
+               merge => { "[zeek][service_version]" => "[zeek_profinet_dce_rpc][version]" } }
+    }
+
   } else if ([source] == "radius") {
     #############################################################################################################################
     # radius.log specific logic
@@ -3352,6 +3395,34 @@ filter {
     mutate { id => "mutate_split_zeek_rdp_client_channels"
              split => { "[zeek_rdp][client_channels]" => "," } }
 
+    if ([zeek_rdp][client_build]) {
+      # collect protocol version under the parent zeek.service_version array
+      mutate { id => "mutate_merge_field_zeek_service_version_rdp"
+               merge => { "[zeek][service_version]" => "[zeek_rdp][client_build]" } }
+    }
+
+  } else if ([source] == "rfb") {
+    #############################################################################################################################
+    # rfb.log specific logic
+
+    # collect protocol version under the parent zeek.service_version array
+    ruby {
+      id => "ruby_zeek_field_zeek_service_version_rfb"
+      code => '
+        versions = Array.new
+        clientMajorVersion = event.get("[zeek_rfb][client_major_version]").sub!(/^0*/, "")
+        clientMinorVersion = event.get("[zeek_rfb][client_minor_version]").sub!(/^0*/, "")
+        serverMajorVersion = event.get("[zeek_rfb][server_major_version]").sub!(/^0*/, "")
+        serverMinorVersion = event.get("[zeek_rfb][server_minor_version]").sub!(/^0*/, "")
+        if clientMajorVersion then
+          versions << [clientMajorVersion, clientMinorVersion].join(".")
+        end
+        if serverMajorVersion then
+          versions << [serverMajorVersion, serverMinorVersion].join(".")
+        end
+        event.set("[zeek][service_version]", versions.uniq)'
+    }
+
   } else if ([source] == "s7comm") {
     #############################################################################################################################
     # s7comm.log specific logic
@@ -3450,8 +3521,24 @@ filter {
     #############################################################################################################################
     # sip.log specific logic
 
+    # collect all mime types under the parent [zeek][filetype] array
+    if ([zeek_sip][content_type]) { mutate { id => "mutate_merge_zeek_sip_content_type"
+                                             merge => { "[zeek][filetype]" => "[zeek_sip][content_type]" } } }
+
+
+    # collect protocol version under the parent zeek.service_version array
+    ruby {
+      id => "ruby_zeek_field_zeek_service_version_sip"
+      code => '
+      versions = Array.new
+      paths = [event.get("[zeek_sip][request_path]"), event.get("[zeek_sip][response_path]")].compact.join(",")
+      paths.scan(/\bSIP:?\/([\d\.]+)/i) { |match| versions << match[0] }
+      event.set("[zeek][service_version]", versions.uniq)'
+    }
+
     mutate { id => "mutate_split_zeek_sip_request_path"
              split => { "[zeek_sip][request_path]" => "," } }
+
     mutate { id => "mutate_split_zeek_sip_response_path"
              split => { "[zeek_sip][response_path]" => "," } }
 
@@ -3699,14 +3786,36 @@ filter {
                                       replace => { "[zeek_snmp][up_since]" => "%{[@metadata][snmp_time]}" } } }
     }
 
+    if ([zeek_snmp][version]) {
+      # collect protocol version under the parent zeek.service_version array
+      mutate { id => "mutate_merge_field_zeek_service_version_snmp"
+               merge => { "[zeek][service_version]" => "[zeek_snmp][version]" } }
+    }
+
+  } else if ([source] == "socks") {
+    #############################################################################################################################
+    # socks.log specific logic
+
+    if ([zeek_socks][version]) {
+      # collect protocol version under the parent zeek.service_version array
+      mutate { id => "mutate_merge_field_zeek_service_version_socks"
+               merge => { "[zeek][service_version]" => "[zeek_socks][version]" } }
+    }
+
   } else if ([source] == "ssh") {
     #############################################################################################################################
     # ssh.log specific logic
 
+    if ([zeek_ssh][version]) {
+      # collect protocol version under the parent zeek.service_version array
+      mutate { id => "mutate_merge_field_zeek_service_version_ssh"
+               merge => { "[zeek][service_version]" => "[zeek_ssh][version]" } }
+    }
+
     if ([zeek_ssh][server]) { mutate { id => "mutate_merge_zeek_ssh_server_version"
-                                      merge => { "[ssh][version]" => "[zeek_ssh][server]" } } }
+                                       merge => { "[ssh][version]" => "[zeek_ssh][server]" } } }
     if ([zeek_ssh][client]) { mutate { id => "mutate_merge_zeek_client_version"
-                                      merge => { "[ssh][version]" => "[zeek_ssh][client]" } } }
+                                       merge => { "[ssh][version]" => "[zeek_ssh][client]" } } }
     if (![ssh][version]) and ([zeek_ssh][version]) {
       mutate { id => "mutate_merge_zeek_ssh_version"
                merge => { "[ssh][version]" => "[zeek_ssh][version]" } }
@@ -3872,6 +3981,9 @@ filter {
         id => "ruby_zeek_ssl_versionCnt"
         code => "event.set('[tls][versionCnt]', event.get('[tls][version]').length)"
       }
+      # collect protocol version under the parent zeek.service_version array
+      mutate { id => "mutate_merge_field_zeek_service_version_ssl"
+               merge => { "[zeek][service_version]" => "[zeek_ssl][ssl_version]" } }
     }
 
     if ([zeek_ssl][cipher]) {
diff --git a/moloch/wise/source.zeeklogs.js b/moloch/wise/source.zeeklogs.js
index 9b4e48255..ffa5b28f5 100755
--- a/moloch/wise/source.zeeklogs.js
+++ b/moloch/wise/source.zeeklogs.js
@@ -46,7 +46,9 @@ function ZeekLogs (api, section) {
   this.destination_geo_countryField = this.api.addField("field:zeek.destination_geo.country_name;db:zeek.destination_geo.country_name;kind:termfield;friendly:Responding GeoIP Country;help:Responding GeoIP Country");
   this.protoField = this.api.addField("field:zeek.proto;db:zeek.proto;kind:lotermfield;friendly:Protocol;help:Protocol");
   this.serviceField = this.api.addField("field:zeek.service;db:zeek.service;kind:termfield;friendly:Service;help:Service");
+  this.service_versionField = this.api.addField("field:zeek.service_version;db:zeek.service_version;kind:termfield;friendly:Service Version;help:Service Version");
   this.userField = this.api.addField("field:zeek.user;db:zeek.user;kind:termfield;friendly:User;help:User");
+  this.passwordField = this.api.addField("field:zeek.password;db:zeek.password;kind:termfield;friendly:Password;help:Password");
 
   // file information
   this.fuidField = this.api.addField("field:zeek.fuid;db:zeek.fuid;kind:termfield;friendly:File ID;help:File ID");
@@ -189,7 +191,6 @@ function ZeekLogs (api, section) {
 
   // ftp.log
   // https://docs.zeek.org/en/stable/scripts/base/protocols/ftp/info.zeek.html#type-FTP::Info
-  this.ftp_passwordField = this.api.addField("field:zeek_ftp.password;db:zeek_ftp.password;kind:termfield;friendly:Password;help:Password");
   this.ftp_commandField = this.api.addField("field:zeek_ftp.command;db:zeek_ftp.command;kind:termfield;friendly:Command;help:Command");
   this.ftp_argField = this.api.addField("field:zeek_ftp.arg;db:zeek_ftp.arg;kind:termfield;friendly:Argument;help:Argument");
   this.ftp_mime_typeField = this.api.addField("field:zeek_ftp.mime_type;db:zeek_ftp.mime_type;kind:termfield;friendly:File Magic;help:File Magic");
@@ -228,8 +229,6 @@ function ZeekLogs (api, section) {
   this.http_info_codeField = this.api.addField("field:zeek_http.info_code;db:zeek_http.info_code;kind:integer;friendly:Informational Code;help:Informational Code");
   this.http_info_msgField = this.api.addField("field:zeek_http.info_msg;db:zeek_http.info_msg;kind:termfield;friendly:Informational Message;help:Informational Message");
   this.http_tagsField = this.api.addField("field:zeek_http.tags;db:zeek_http.tags;kind:termfield;friendly:HTTP Tag;help:HTTP Tag");
-  this.http_userField = this.api.addField("field:zeek_http.user;db:zeek_http.user;kind:termfield;friendly:User;help:User");
-  this.http_passwordField = this.api.addField("field:zeek_http.password;db:zeek_http.password;kind:termfield;friendly:Password;help:Password");
   this.http_proxiedField = this.api.addField("field:zeek_http.proxied;db:zeek_http.proxied;kind:termfield;friendly:Proxy Header;help:Proxy Header");
   this.http_orig_fuidsField = this.api.addField("field:zeek_http.orig_fuids;db:zeek_http.orig_fuids;kind:termfield;friendly:Originating File ID;help:Originating File ID");
   this.http_orig_filenamesField = this.api.addField("field:zeek_http.orig_filenames;db:zeek_http.orig_filenames;kind:termfield;friendly:Originating Filename;help:Originating Filename");
@@ -585,7 +584,6 @@ function ZeekLogs (api, section) {
   // socks.log
   // https://docs.zeek.org/en/stable/scripts/base/protocols/socks/main.zeek.html#type-SOCKS::Info
   this.socks_versionField = this.api.addField("field:zeek_socks.version;db:zeek_socks.version;kind:integer;friendly:Version;help:Version");
-  this.socks_passwordField = this.api.addField("field:zeek_socks.password;db:zeek_socks.password;kind:termfield;friendly:Password;help:Password");
   this.socks_server_statusField = this.api.addField("field:zeek_socks.server_status;db:zeek_socks.server_status;kind:termfield;friendly:Server Status;help:Server Status");
   this.socks_request_hostField = this.api.addField("field:zeek_socks.request_host;db:zeek_socks.request_host;kind:termfield;friendly:Client Address;help:Client Address");
   this.socks_request_nameField = this.api.addField("field:zeek_socks.request_name;db:zeek_socks.request_name;kind:termfield;friendly:Client Name;help:Client Name");
@@ -795,7 +793,7 @@ function ZeekLogs (api, section) {
   // add right-clicks for pivoting into Kibana from Moloch (see nginx.conf)
   var filterLabel = "Filter %DBFIELD% in Kibana";
   var filterUrl = "idmol2kib/filter?start=%ISOSTART%&stop=%ISOSTOP%&field=%DBFIELD%&value=%TEXT%";
-  var allFieldsStr = "communityId,host.name,ip.protocol,mac.dst,mac.src,node,oui.dst,oui.src,protocols,rootId,tags,zeek.community_id,zeek.destination_geo.city_name,zeek.destination_geo.country_name,zeek.destination_ip_reverse_dns,zeek.filename,zeek.filetype,zeek.fuid,zeek.logType,zeek.orig_h,zeek.orig_hostname,zeek.orig_l2_addr,zeek.orig_l2_oui,zeek.orig_p,zeek.orig_segment,zeek.proto,zeek.resp_h,zeek.resp_hostname,zeek.resp_l2_addr,zeek.resp_l2_oui,zeek.resp_p,zeek.resp_segment,zeek.service,zeek.source_geo.city_name,zeek.source_geo.country_name,zeek.source_ip_reverse_dns,zeek.ts,zeek.uid,zeek.user,zeek_bacnet.apdu_type,zeek_bacnet.bvlc_function,zeek_bacnet.bvlc_len,zeek_bacnet.data,zeek_bacnet.data_dict.date,zeek_bacnet.data_dict.low_limit,zeek_bacnet.data_dict.high_limit,zeek_bacnet.data_dict.object,zeek_bacnet.data_dict.property,zeek_bacnet.data_dict.result,zeek_bacnet.data_dict.time,zeek_bacnet.data_dict.ttl,zeek_bacnet.service_choice,zeek_cip.cip_service,zeek_cip.cip_tags,zeek_cip.status,zeek_conn.conn_state,zeek_conn.conn_state_description,zeek_conn.duration,zeek_conn.history,zeek_conn.inner_vlan,zeek_conn.local_orig,zeek_conn.local_resp,zeek_conn.missed_bytes,zeek_conn.orig_bytes,zeek_conn.orig_ip_bytes,zeek_conn.orig_pkts,zeek_conn.resp_bytes,zeek_conn.resp_ip_bytes,zeek_conn.resp_pkts,zeek_conn.tunnel_parents,zeek_conn.vlan,zeek_dce_rpc.endpoint,zeek_dce_rpc.named_pipe,zeek_dce_rpc.operation,zeek_dce_rpc.rtt,zeek_dhcp.assigned_ip,zeek_dhcp.lease_time,zeek_dhcp.mac,zeek_dhcp.trans_id,zeek_dnp3.fc_reply,zeek_dnp3.fc_request,zeek_dnp3.iin,zeek_dns.AA,zeek_dns.answers,zeek_dns.qclass,zeek_dns.qclass_name,zeek_dns.qtype,zeek_dns.qtype_name,zeek_dns.query,zeek_dns.RA,zeek_dns.rcode,zeek_dns.rcode_name,zeek_dns.RD,zeek_dns.rejected,zeek_dns.rtt,zeek_dns.TC,zeek_dns.trans_id,zeek_dns.TTLs,zeek_dns.Z,zeek_dpd.failure_reason,zeek_dpd.service,zeek_enip.command,zeek_enip.length,zeek_enip.options,zeek_enip.sender_context,zeek_enip.session_handle,zeek_enip.status,zeek_enip_list_identity.device_ip,zeek_enip_list_identity.device_type,zeek_enip_list_identity.product_code,zeek_enip_list_identity.product_name,zeek_enip_list_identity.revision,zeek_enip_list_identity.serial_number,zeek_enip_list_identity.state,zeek_enip_list_identity.status,zeek_enip_list_identity.vendor,zeek_files.analyzers,zeek_files.conn_uids,zeek_files.depth,zeek_files.duration,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size,zeek_files.filename,zeek_files.fuid,zeek_files.is_orig,zeek_files.local_orig,zeek_files.md5,zeek_files.mime_type,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.parent_fuid,zeek_files.rx_hosts,zeek_files.seen_bytes,zeek_files.sha1,zeek_files.sha256,zeek_files.source,zeek_files.timedout,zeek_files.total_bytes,zeek_files.tx_hosts,zeek_ftp.arg,zeek_ftp.command,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p,zeek_ftp.file_size,zeek_ftp.fuid,zeek_ftp.mime_type,zeek_ftp.password,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_gquic.cyu,zeek_gquic.cyutags,zeek_gquic.server_name,zeek_gquic.tag_count,zeek_gquic.user_agent,zeek_gquic.version,zeek_http.host,zeek_http.info_code,zeek_http.info_msg,zeek_http.method,zeek_http.orig_filenames,zeek_http.orig_fuids,zeek_http.orig_mime_types,zeek_http.origin,zeek_http.password,zeek_http.proxied,zeek_http.referrer,zeek_http.request_body_len,zeek_http.resp_filenames,zeek_http.resp_fuids,zeek_http.resp_mime_types,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.tags,zeek_http.trans_depth,zeek_http.uri,zeek_http.user,zeek_http.user_agent,zeek_http.version,zeek_intel.file_description,zeek_intel.fuid,zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.matched,zeek_intel.mimetype,zeek_intel.seen_node,zeek_intel.seen_where,zeek_intel.sources,zeek_irc.addl,zeek_irc.command,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type,zeek_irc.fuid,zeek_irc.nick,zeek_irc.value,zeek_iso_cotp.pdu_type,zeek_kerberos.cipher,zeek_kerberos.client_cert_fuid,zeek_kerberos.client_cert_subject,zeek_kerberos.cname,zeek_kerberos.error_msg,zeek_kerberos.forwardable,zeek_kerberos.from,zeek_kerberos.renewable,zeek_kerberos.server_cert_fuid,zeek_kerberos.server_cert_subject,zeek_kerberos.sname,zeek_kerberos.success,zeek_kerberos.till,zeek_known_certs.issuer_subject,zeek_known_certs.serial,zeek_known_certs.subject,zeek_known_modbus.device_type,zeek_ldap.message_id,zeek_ldap.operation,zeek_ldap.value,zeek_ldap.entry,zeek_ldap.result,zeek_ldap.result_code,zeek_ldap.error,zeek_modbus.exception,zeek_modbus.func,modbus_register_change.register,modbus_register_change.old_val,modbus_register_change.new_val,modbus_register_change.delta,zeek_mqtt_connect.client_id,zeek_mqtt_connect.connect_status,zeek_mqtt_connect.proto_name,zeek_mqtt_connect.proto_version,zeek_mqtt_connect.will_payload,zeek_mqtt_connect.will_topic,zeek_mqtt_publish.from_client,zeek_mqtt_publish.retain,zeek_mqtt_publish.qos,zeek_mqtt_publish.status,zeek_mqtt_publish.topic,zeek_mqtt_publish.payload,zeek_mqtt_publish.payload_len,zeek_mqtt_subscribe.action,zeek_mqtt_subscribe.topics,zeek_mqtt_subscribe.qos_levels,zeek_mqtt_subscribe.granted_qos_level,zeek_mqtt_subscribe.ack,zeek_mysql.arg,zeek_mysql.cmd,zeek_mysql.response,zeek_mysql.rows,zeek_mysql.success,zeek_notice.actions,zeek_notice.dropped,zeek_notice.dst,zeek_notice.file_desc,zeek_notice.file_mime_type,zeek_notice.fuid,zeek_notice.msg,zeek_notice.n,zeek_notice.note,zeek_notice.p,zeek_notice.peer_descr,zeek_notice.remote_location_city,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_country_code,zeek_notice.remote_location_latitude,zeek_notice.remote_location_longitude,zeek_notice.remote_location_region,zeek_notice.src,zeek_notice.sub,zeek_notice.suppress_for,zeek_ntlm.domain,zeek_ntlm.host,zeek_ntlm.status,zeek_ntlm.success,zeek_ntlm.server_nb_computer,zeek_ntlm.server_dns_computer,zeek_ntlm.server_tree,zeek_ntp.mode,zeek_ntp.mode_str,zeek_ntp.num_exts,zeek_ntp.org_time,zeek_ntp.poll,zeek_ntp.precision,zeek_ntp.rec_time,zeek_ntp.ref_id,zeek_ntp.ref_time,zeek_ntp.root_delay,zeek_ntp.root_disp,zeek_ntp.stratum,zeek_ntp.version,zeek_ntp.xmt_time,zeek_pe.compile_ts,zeek_pe.fuid,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.has_export_table,zeek_pe.has_import_table,zeek_pe.is_64bit,zeek_pe.is_exe,zeek_pe.machine,zeek_pe.os,zeek_pe.section_names,zeek_pe.subsystem,zeek_pe.uses_aslr,zeek_pe.uses_code_integrity,zeek_pe.uses_dep,zeek_pe.uses_seh,zeek_profinet.block_version,zeek_profinet.index,zeek_profinet.operation_type,zeek_profinet.slot_number,zeek_profinet.subslot_number,zeek_profinet_dce_rpc.activity_uuid,zeek_profinet_dce_rpc.interface_uuid,zeek_profinet_dce_rpc.object_uuid,zeek_profinet_dce_rpc.operation,zeek_profinet_dce_rpc.packet_type,zeek_profinet_dce_rpc.server_boot_time,zeek_profinet_dce_rpc.version,zeek_radius.connect_info,zeek_radius.framed_addr,zeek_radius.mac,zeek_radius.tunnel_client,zeek_radius.reply_msg,zeek_radius.result,zeek_radius.ttl,zeek_rdp.cert_count,zeek_rdp.cert_permanent,zeek_rdp.cert_type,zeek_rdp.client_build,zeek_rdp.client_channels,zeek_rdp.client_dig_product_id,zeek_rdp.client_name,zeek_rdp.cookie,zeek_rdp.desktop_height,zeek_rdp.desktop_width,zeek_rdp.encryption_level,zeek_rdp.encryption_method,zeek_rdp.keyboard_layout,zeek_rdp.requested_color_depth,zeek_rdp.result,zeek_rdp.security_protocol,zeek_rfb.auth,zeek_rfb.authentication_method,zeek_rfb.client_major_version,zeek_rfb.client_minor_version,zeek_rfb.desktop_name,zeek_rfb.height,zeek_rfb.server_major_version,zeek_rfb.server_minor_version,zeek_rfb.share_flag,zeek_rfb.width,zeek_s7comm.data_info,zeek_s7comm.item_count,zeek_s7comm.parameter,zeek_s7comm.parameters.class,zeek_s7comm.parameters.code,zeek_s7comm.parameters.group,zeek_s7comm.parameters.mode,zeek_s7comm.parameters.sub,zeek_s7comm.parameters.type,zeek_s7comm.rosctr,zeek_signatures.engine,zeek_signatures.event_message,zeek_signatures.hits,zeek_signatures.host_count,zeek_signatures.note,zeek_signatures.signature_count,zeek_signatures.signature_id,zeek_signatures.sub_message,zeek_sip.call_id,zeek_sip.content_type,zeek_sip.date,zeek_sip.method,zeek_sip.reply_to,zeek_sip.request_body_len,zeek_sip.request_from,zeek_sip.request_path,zeek_sip.request_to,zeek_sip.response_body_len,zeek_sip.response_from,zeek_sip.response_path,zeek_sip.response_to,zeek_sip.seq,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.subject,zeek_sip.trans_depth,zeek_sip.uri,zeek_sip.user_agent,zeek_sip.warning,zeek_smb_files.action,zeek_smb_files.fuid,zeek_smb_files.name,zeek_smb_files.path,zeek_smb_files.prev_name,zeek_smb_files.size,zeek_smb_files.times_accessed,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp,zeek_smb_files.times_created,zeek_smb_files.times_modified,zeek_smb_mapping.native_file_system,zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.share_type,zeek_smtp.cc,zeek_smtp.date,zeek_smtp.first_received,zeek_smtp.from,zeek_smtp.fuids,zeek_smtp.helo,zeek_smtp.in_reply_to,zeek_smtp.is_webmail,zeek_smtp.last_reply,zeek_smtp.mailfrom,zeek_smtp.msg_id,zeek_smtp.path,zeek_smtp.rcptto,zeek_smtp.reply_to,zeek_smtp.second_received,zeek_smtp.subject,zeek_smtp.tls,zeek_smtp.to,zeek_smtp.trans_depth,zeek_smtp.user_agent,zeek_smtp.x_originating_ip,zeek_snmp.community,zeek_snmp.display_string,zeek_snmp.duration,zeek_snmp.get_bulk_requests,zeek_snmp.get_requests,zeek_snmp.get_responses,zeek_snmp.set_requests,zeek_snmp.up_since,zeek_snmp.version,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port,zeek_socks.password,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.server_status,zeek_socks.version,zeek_software.name,zeek_software.software_type,zeek_software.unparsed_version,zeek_software.version_addl,zeek_software.version_major,zeek_software.version_minor,zeek_software.version_minor2,zeek_software.version_minor3,zeek_ssh.auth_attempts,zeek_ssh.auth_success,zeek_ssh.cipher_alg,zeek_ssh.client,zeek_ssh.compression_alg,zeek_ssh.cshka,zeek_ssh.direction,zeek_ssh.hassh,zeek_ssh.hasshAlgorithms,zeek_ssh.hasshServer,zeek_ssh.hasshServerAlgorithms,zeek_ssh.hasshVersion,zeek_ssh.host_key,zeek_ssh.host_key_alg,zeek_ssh.kex_alg,zeek_ssh.mac_alg,zeek_ssh.remote_location_city,zeek_ssh.remote_location_country_code,zeek_ssh.remote_location_latitude,zeek_ssh.remote_location_longitude,zeek_ssh.remote_location_region,zeek_ssh.server,zeek_ssh.sshka,zeek_ssh.version,zeek_ssl.cert_chain_fuids,zeek_ssl.cipher,zeek_ssl.client_cert_chain_fuids,zeek_ssl.client_issuer.C,zeek_ssl.client_issuer.CN,zeek_ssl.client_issuer.DC,zeek_ssl.client_issuer.emailAddress,zeek_ssl.client_issuer.GN,zeek_ssl.client_issuer.initials,zeek_ssl.client_issuer.L,zeek_ssl.client_issuer.O,zeek_ssl.client_issuer.OU,zeek_ssl.client_issuer.pseudonym,zeek_ssl.client_issuer.serialNumber,zeek_ssl.client_issuer.SN,zeek_ssl.client_issuer.ST,zeek_ssl.client_issuer.title,zeek_ssl.client_issuer_full,zeek_ssl.client_subject.C,zeek_ssl.client_subject.CN,zeek_ssl.client_subject.emailAddress,zeek_ssl.client_subject.GN,zeek_ssl.client_subject.initials,zeek_ssl.client_subject.L,zeek_ssl.client_subject.O,zeek_ssl.client_subject.OU,zeek_ssl.client_subject.pseudonym,zeek_ssl.client_subject.serialNumber,zeek_ssl.client_subject.SN,zeek_ssl.client_subject.ST,zeek_ssl.client_subject.title,zeek_ssl.client_subject_full,zeek_ssl.curve,zeek_ssl.established,zeek_ssl.issuer.C,zeek_ssl.issuer.CN,zeek_ssl.issuer.DC,zeek_ssl.issuer.emailAddress,zeek_ssl.issuer.GN,zeek_ssl.issuer.initials,zeek_ssl.issuer.L,zeek_ssl.issuer.O,zeek_ssl.issuer.OU,zeek_ssl.issuer.pseudonym,zeek_ssl.issuer.serialNumber,zeek_ssl.issuer.SN,zeek_ssl.issuer.ST,zeek_ssl.issuer.title,zeek_ssl.issuer_full,zeek_ssl.ja3,zeek_ssl.ja3_desc,zeek_ssl.ja3s,zeek_ssl.ja3s_desc,zeek_ssl.last_alert,zeek_ssl.next_protocol,zeek_ssl.resumed,zeek_ssl.server_name,zeek_ssl.ssl_version,zeek_ssl.subject.C,zeek_ssl.subject.CN,zeek_ssl.subject.emailAddress,zeek_ssl.subject.GN,zeek_ssl.subject.initials,zeek_ssl.subject.L,zeek_ssl.subject.O,zeek_ssl.subject.OU,zeek_ssl.subject.pseudonym,zeek_ssl.subject.serialNumber,zeek_ssl.subject.SN,zeek_ssl.subject.ST,zeek_ssl.subject.title,zeek_ssl.subject_full,zeek_ssl.validation_status,zeek_syslog.facility,zeek_syslog.message,zeek_syslog.severity,zeek_tds.command,zeek_tds_rpc.parameters,zeek_tds_rpc.procedure_name,zeek_tds_sql_batch.header_type,zeek_tds_sql_batch.query,zeek_tunnel.action,zeek_tunnel.tunnel_type,zeek_weird.addl,zeek_weird.name,zeek_weird.notice,zeek_weird.peer,zeek_x509.basic_constraints_ca,zeek_x509.basic_constraints_path_len,zeek_x509.certificate_curve,zeek_x509.certificate_exponent,zeek_x509.certificate_issuer.C,zeek_x509.certificate_issuer.CN,zeek_x509.certificate_issuer.emailAddress,zeek_x509.certificate_issuer.GN,zeek_x509.certificate_issuer.initials,zeek_x509.certificate_issuer.L,zeek_x509.certificate_issuer.O,zeek_x509.certificate_issuer.OU,zeek_x509.certificate_issuer.pseudonym,zeek_x509.certificate_issuer.serialNumber,zeek_x509.certificate_issuer.SN,zeek_x509.certificate_issuer.ST,zeek_x509.certificate_issuer.title,zeek_x509.certificate_issuer_full,zeek_x509.certificate_key_alg,zeek_x509.certificate_key_length,zeek_x509.certificate_key_type,zeek_x509.certificate_not_valid_after,zeek_x509.certificate_not_valid_before,zeek_x509.certificate_serial,zeek_x509.certificate_sig_alg,zeek_x509.certificate_subject.C,zeek_x509.certificate_subject.CN,zeek_x509.certificate_subject.DC,zeek_x509.certificate_subject.emailAddress,zeek_x509.certificate_subject.GN,zeek_x509.certificate_subject.initials,zeek_x509.certificate_subject.L,zeek_x509.certificate_subject.O,zeek_x509.certificate_subject.OU,zeek_x509.certificate_subject.pseudonym,zeek_x509.certificate_subject.serialNumber,zeek_x509.certificate_subject.SN,zeek_x509.certificate_subject.ST,zeek_x509.certificate_subject.title,zeek_x509.certificate_subject_full,zeek_x509.certificate_version,zeek_x509.fuid,zeek_x509.san_dns,zeek_x509.san_email,zeek_x509.san_ip,zeek_x509.san_uri";
+  var allFieldsStr = "communityId,host.name,ip.protocol,mac.dst,mac.src,node,oui.dst,oui.src,protocols,rootId,tags,zeek.community_id,zeek.destination_geo.city_name,zeek.destination_geo.country_name,zeek.destination_ip_reverse_dns,zeek.filename,zeek.filetype,zeek.fuid,zeek.logType,zeek.orig_h,zeek.orig_hostname,zeek.orig_l2_addr,zeek.orig_l2_oui,zeek.orig_p,zeek.orig_segment,zeek.proto,zeek.resp_h,zeek.resp_hostname,zeek.resp_l2_addr,zeek.resp_l2_oui,zeek.resp_p,zeek.resp_segment,zeek.service,zeek.service_version,zeek.source_geo.city_name,zeek.source_geo.country_name,zeek.source_ip_reverse_dns,zeek.ts,zeek.uid,zeek.user,zeek.password,zeek_bacnet.apdu_type,zeek_bacnet.bvlc_function,zeek_bacnet.bvlc_len,zeek_bacnet.data,zeek_bacnet.data_dict.date,zeek_bacnet.data_dict.low_limit,zeek_bacnet.data_dict.high_limit,zeek_bacnet.data_dict.object,zeek_bacnet.data_dict.property,zeek_bacnet.data_dict.result,zeek_bacnet.data_dict.time,zeek_bacnet.data_dict.ttl,zeek_bacnet.service_choice,zeek_cip.cip_service,zeek_cip.cip_tags,zeek_cip.status,zeek_conn.conn_state,zeek_conn.conn_state_description,zeek_conn.duration,zeek_conn.history,zeek_conn.inner_vlan,zeek_conn.local_orig,zeek_conn.local_resp,zeek_conn.missed_bytes,zeek_conn.orig_bytes,zeek_conn.orig_ip_bytes,zeek_conn.orig_pkts,zeek_conn.resp_bytes,zeek_conn.resp_ip_bytes,zeek_conn.resp_pkts,zeek_conn.tunnel_parents,zeek_conn.vlan,zeek_dce_rpc.endpoint,zeek_dce_rpc.named_pipe,zeek_dce_rpc.operation,zeek_dce_rpc.rtt,zeek_dhcp.assigned_ip,zeek_dhcp.lease_time,zeek_dhcp.mac,zeek_dhcp.trans_id,zeek_dnp3.fc_reply,zeek_dnp3.fc_request,zeek_dnp3.iin,zeek_dns.AA,zeek_dns.answers,zeek_dns.qclass,zeek_dns.qclass_name,zeek_dns.qtype,zeek_dns.qtype_name,zeek_dns.query,zeek_dns.RA,zeek_dns.rcode,zeek_dns.rcode_name,zeek_dns.RD,zeek_dns.rejected,zeek_dns.rtt,zeek_dns.TC,zeek_dns.trans_id,zeek_dns.TTLs,zeek_dns.Z,zeek_dpd.failure_reason,zeek_dpd.service,zeek_enip.command,zeek_enip.length,zeek_enip.options,zeek_enip.sender_context,zeek_enip.session_handle,zeek_enip.status,zeek_enip_list_identity.device_ip,zeek_enip_list_identity.device_type,zeek_enip_list_identity.product_code,zeek_enip_list_identity.product_name,zeek_enip_list_identity.revision,zeek_enip_list_identity.serial_number,zeek_enip_list_identity.state,zeek_enip_list_identity.status,zeek_enip_list_identity.vendor,zeek_files.analyzers,zeek_files.conn_uids,zeek_files.depth,zeek_files.duration,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size,zeek_files.filename,zeek_files.fuid,zeek_files.is_orig,zeek_files.local_orig,zeek_files.md5,zeek_files.mime_type,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.parent_fuid,zeek_files.rx_hosts,zeek_files.seen_bytes,zeek_files.sha1,zeek_files.sha256,zeek_files.source,zeek_files.timedout,zeek_files.total_bytes,zeek_files.tx_hosts,zeek_ftp.arg,zeek_ftp.command,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p,zeek_ftp.file_size,zeek_ftp.fuid,zeek_ftp.mime_type,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_gquic.cyu,zeek_gquic.cyutags,zeek_gquic.server_name,zeek_gquic.tag_count,zeek_gquic.user_agent,zeek_gquic.version,zeek_http.host,zeek_http.info_code,zeek_http.info_msg,zeek_http.method,zeek_http.orig_filenames,zeek_http.orig_fuids,zeek_http.orig_mime_types,zeek_http.origin,zeek_http.proxied,zeek_http.referrer,zeek_http.request_body_len,zeek_http.resp_filenames,zeek_http.resp_fuids,zeek_http.resp_mime_types,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.tags,zeek_http.trans_depth,zeek_http.uri,zeek_http.user_agent,zeek_http.version,zeek_intel.file_description,zeek_intel.fuid,zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.matched,zeek_intel.mimetype,zeek_intel.seen_node,zeek_intel.seen_where,zeek_intel.sources,zeek_irc.addl,zeek_irc.command,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type,zeek_irc.fuid,zeek_irc.nick,zeek_irc.value,zeek_iso_cotp.pdu_type,zeek_kerberos.cipher,zeek_kerberos.client_cert_fuid,zeek_kerberos.client_cert_subject,zeek_kerberos.cname,zeek_kerberos.error_msg,zeek_kerberos.forwardable,zeek_kerberos.from,zeek_kerberos.renewable,zeek_kerberos.server_cert_fuid,zeek_kerberos.server_cert_subject,zeek_kerberos.sname,zeek_kerberos.success,zeek_kerberos.till,zeek_known_certs.issuer_subject,zeek_known_certs.serial,zeek_known_certs.subject,zeek_known_modbus.device_type,zeek_ldap.message_id,zeek_ldap.operation,zeek_ldap.value,zeek_ldap.entry,zeek_ldap.result,zeek_ldap.result_code,zeek_ldap.error,zeek_modbus.exception,zeek_modbus.func,modbus_register_change.register,modbus_register_change.old_val,modbus_register_change.new_val,modbus_register_change.delta,zeek_mqtt_connect.client_id,zeek_mqtt_connect.connect_status,zeek_mqtt_connect.proto_name,zeek_mqtt_connect.proto_version,zeek_mqtt_connect.will_payload,zeek_mqtt_connect.will_topic,zeek_mqtt_publish.from_client,zeek_mqtt_publish.retain,zeek_mqtt_publish.qos,zeek_mqtt_publish.status,zeek_mqtt_publish.topic,zeek_mqtt_publish.payload,zeek_mqtt_publish.payload_len,zeek_mqtt_subscribe.action,zeek_mqtt_subscribe.topics,zeek_mqtt_subscribe.qos_levels,zeek_mqtt_subscribe.granted_qos_level,zeek_mqtt_subscribe.ack,zeek_mysql.arg,zeek_mysql.cmd,zeek_mysql.response,zeek_mysql.rows,zeek_mysql.success,zeek_notice.actions,zeek_notice.dropped,zeek_notice.dst,zeek_notice.file_desc,zeek_notice.file_mime_type,zeek_notice.fuid,zeek_notice.msg,zeek_notice.n,zeek_notice.note,zeek_notice.p,zeek_notice.peer_descr,zeek_notice.remote_location_city,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_country_code,zeek_notice.remote_location_latitude,zeek_notice.remote_location_longitude,zeek_notice.remote_location_region,zeek_notice.src,zeek_notice.sub,zeek_notice.suppress_for,zeek_ntlm.domain,zeek_ntlm.host,zeek_ntlm.status,zeek_ntlm.success,zeek_ntlm.server_nb_computer,zeek_ntlm.server_dns_computer,zeek_ntlm.server_tree,zeek_ntp.mode,zeek_ntp.mode_str,zeek_ntp.num_exts,zeek_ntp.org_time,zeek_ntp.poll,zeek_ntp.precision,zeek_ntp.rec_time,zeek_ntp.ref_id,zeek_ntp.ref_time,zeek_ntp.root_delay,zeek_ntp.root_disp,zeek_ntp.stratum,zeek_ntp.version,zeek_ntp.xmt_time,zeek_pe.compile_ts,zeek_pe.fuid,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.has_export_table,zeek_pe.has_import_table,zeek_pe.is_64bit,zeek_pe.is_exe,zeek_pe.machine,zeek_pe.os,zeek_pe.section_names,zeek_pe.subsystem,zeek_pe.uses_aslr,zeek_pe.uses_code_integrity,zeek_pe.uses_dep,zeek_pe.uses_seh,zeek_profinet.block_version,zeek_profinet.index,zeek_profinet.operation_type,zeek_profinet.slot_number,zeek_profinet.subslot_number,zeek_profinet_dce_rpc.activity_uuid,zeek_profinet_dce_rpc.interface_uuid,zeek_profinet_dce_rpc.object_uuid,zeek_profinet_dce_rpc.operation,zeek_profinet_dce_rpc.packet_type,zeek_profinet_dce_rpc.server_boot_time,zeek_profinet_dce_rpc.version,zeek_radius.connect_info,zeek_radius.framed_addr,zeek_radius.mac,zeek_radius.tunnel_client,zeek_radius.reply_msg,zeek_radius.result,zeek_radius.ttl,zeek_rdp.cert_count,zeek_rdp.cert_permanent,zeek_rdp.cert_type,zeek_rdp.client_build,zeek_rdp.client_channels,zeek_rdp.client_dig_product_id,zeek_rdp.client_name,zeek_rdp.cookie,zeek_rdp.desktop_height,zeek_rdp.desktop_width,zeek_rdp.encryption_level,zeek_rdp.encryption_method,zeek_rdp.keyboard_layout,zeek_rdp.requested_color_depth,zeek_rdp.result,zeek_rdp.security_protocol,zeek_rfb.auth,zeek_rfb.authentication_method,zeek_rfb.client_major_version,zeek_rfb.client_minor_version,zeek_rfb.desktop_name,zeek_rfb.height,zeek_rfb.server_major_version,zeek_rfb.server_minor_version,zeek_rfb.share_flag,zeek_rfb.width,zeek_s7comm.data_info,zeek_s7comm.item_count,zeek_s7comm.parameter,zeek_s7comm.parameters.class,zeek_s7comm.parameters.code,zeek_s7comm.parameters.group,zeek_s7comm.parameters.mode,zeek_s7comm.parameters.sub,zeek_s7comm.parameters.type,zeek_s7comm.rosctr,zeek_signatures.engine,zeek_signatures.event_message,zeek_signatures.hits,zeek_signatures.host_count,zeek_signatures.note,zeek_signatures.signature_count,zeek_signatures.signature_id,zeek_signatures.sub_message,zeek_sip.call_id,zeek_sip.content_type,zeek_sip.date,zeek_sip.method,zeek_sip.reply_to,zeek_sip.request_body_len,zeek_sip.request_from,zeek_sip.request_path,zeek_sip.request_to,zeek_sip.response_body_len,zeek_sip.response_from,zeek_sip.response_path,zeek_sip.response_to,zeek_sip.seq,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.subject,zeek_sip.trans_depth,zeek_sip.uri,zeek_sip.user_agent,zeek_sip.warning,zeek_smb_files.action,zeek_smb_files.fuid,zeek_smb_files.name,zeek_smb_files.path,zeek_smb_files.prev_name,zeek_smb_files.size,zeek_smb_files.times_accessed,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp,zeek_smb_files.times_created,zeek_smb_files.times_modified,zeek_smb_mapping.native_file_system,zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.share_type,zeek_smtp.cc,zeek_smtp.date,zeek_smtp.first_received,zeek_smtp.from,zeek_smtp.fuids,zeek_smtp.helo,zeek_smtp.in_reply_to,zeek_smtp.is_webmail,zeek_smtp.last_reply,zeek_smtp.mailfrom,zeek_smtp.msg_id,zeek_smtp.path,zeek_smtp.rcptto,zeek_smtp.reply_to,zeek_smtp.second_received,zeek_smtp.subject,zeek_smtp.tls,zeek_smtp.to,zeek_smtp.trans_depth,zeek_smtp.user_agent,zeek_smtp.x_originating_ip,zeek_snmp.community,zeek_snmp.display_string,zeek_snmp.duration,zeek_snmp.get_bulk_requests,zeek_snmp.get_requests,zeek_snmp.get_responses,zeek_snmp.set_requests,zeek_snmp.up_since,zeek_snmp.version,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.server_status,zeek_socks.version,zeek_software.name,zeek_software.software_type,zeek_software.unparsed_version,zeek_software.version_addl,zeek_software.version_major,zeek_software.version_minor,zeek_software.version_minor2,zeek_software.version_minor3,zeek_ssh.auth_attempts,zeek_ssh.auth_success,zeek_ssh.cipher_alg,zeek_ssh.client,zeek_ssh.compression_alg,zeek_ssh.cshka,zeek_ssh.direction,zeek_ssh.hassh,zeek_ssh.hasshAlgorithms,zeek_ssh.hasshServer,zeek_ssh.hasshServerAlgorithms,zeek_ssh.hasshVersion,zeek_ssh.host_key,zeek_ssh.host_key_alg,zeek_ssh.kex_alg,zeek_ssh.mac_alg,zeek_ssh.remote_location_city,zeek_ssh.remote_location_country_code,zeek_ssh.remote_location_latitude,zeek_ssh.remote_location_longitude,zeek_ssh.remote_location_region,zeek_ssh.server,zeek_ssh.sshka,zeek_ssh.version,zeek_ssl.cert_chain_fuids,zeek_ssl.cipher,zeek_ssl.client_cert_chain_fuids,zeek_ssl.client_issuer.C,zeek_ssl.client_issuer.CN,zeek_ssl.client_issuer.DC,zeek_ssl.client_issuer.emailAddress,zeek_ssl.client_issuer.GN,zeek_ssl.client_issuer.initials,zeek_ssl.client_issuer.L,zeek_ssl.client_issuer.O,zeek_ssl.client_issuer.OU,zeek_ssl.client_issuer.pseudonym,zeek_ssl.client_issuer.serialNumber,zeek_ssl.client_issuer.SN,zeek_ssl.client_issuer.ST,zeek_ssl.client_issuer.title,zeek_ssl.client_issuer_full,zeek_ssl.client_subject.C,zeek_ssl.client_subject.CN,zeek_ssl.client_subject.emailAddress,zeek_ssl.client_subject.GN,zeek_ssl.client_subject.initials,zeek_ssl.client_subject.L,zeek_ssl.client_subject.O,zeek_ssl.client_subject.OU,zeek_ssl.client_subject.pseudonym,zeek_ssl.client_subject.serialNumber,zeek_ssl.client_subject.SN,zeek_ssl.client_subject.ST,zeek_ssl.client_subject.title,zeek_ssl.client_subject_full,zeek_ssl.curve,zeek_ssl.established,zeek_ssl.issuer.C,zeek_ssl.issuer.CN,zeek_ssl.issuer.DC,zeek_ssl.issuer.emailAddress,zeek_ssl.issuer.GN,zeek_ssl.issuer.initials,zeek_ssl.issuer.L,zeek_ssl.issuer.O,zeek_ssl.issuer.OU,zeek_ssl.issuer.pseudonym,zeek_ssl.issuer.serialNumber,zeek_ssl.issuer.SN,zeek_ssl.issuer.ST,zeek_ssl.issuer.title,zeek_ssl.issuer_full,zeek_ssl.ja3,zeek_ssl.ja3_desc,zeek_ssl.ja3s,zeek_ssl.ja3s_desc,zeek_ssl.last_alert,zeek_ssl.next_protocol,zeek_ssl.resumed,zeek_ssl.server_name,zeek_ssl.ssl_version,zeek_ssl.subject.C,zeek_ssl.subject.CN,zeek_ssl.subject.emailAddress,zeek_ssl.subject.GN,zeek_ssl.subject.initials,zeek_ssl.subject.L,zeek_ssl.subject.O,zeek_ssl.subject.OU,zeek_ssl.subject.pseudonym,zeek_ssl.subject.serialNumber,zeek_ssl.subject.SN,zeek_ssl.subject.ST,zeek_ssl.subject.title,zeek_ssl.subject_full,zeek_ssl.validation_status,zeek_syslog.facility,zeek_syslog.message,zeek_syslog.severity,zeek_tds.command,zeek_tds_rpc.parameters,zeek_tds_rpc.procedure_name,zeek_tds_sql_batch.header_type,zeek_tds_sql_batch.query,zeek_tunnel.action,zeek_tunnel.tunnel_type,zeek_weird.addl,zeek_weird.name,zeek_weird.notice,zeek_weird.peer,zeek_x509.basic_constraints_ca,zeek_x509.basic_constraints_path_len,zeek_x509.certificate_curve,zeek_x509.certificate_exponent,zeek_x509.certificate_issuer.C,zeek_x509.certificate_issuer.CN,zeek_x509.certificate_issuer.emailAddress,zeek_x509.certificate_issuer.GN,zeek_x509.certificate_issuer.initials,zeek_x509.certificate_issuer.L,zeek_x509.certificate_issuer.O,zeek_x509.certificate_issuer.OU,zeek_x509.certificate_issuer.pseudonym,zeek_x509.certificate_issuer.serialNumber,zeek_x509.certificate_issuer.SN,zeek_x509.certificate_issuer.ST,zeek_x509.certificate_issuer.title,zeek_x509.certificate_issuer_full,zeek_x509.certificate_key_alg,zeek_x509.certificate_key_length,zeek_x509.certificate_key_type,zeek_x509.certificate_not_valid_after,zeek_x509.certificate_not_valid_before,zeek_x509.certificate_serial,zeek_x509.certificate_sig_alg,zeek_x509.certificate_subject.C,zeek_x509.certificate_subject.CN,zeek_x509.certificate_subject.DC,zeek_x509.certificate_subject.emailAddress,zeek_x509.certificate_subject.GN,zeek_x509.certificate_subject.initials,zeek_x509.certificate_subject.L,zeek_x509.certificate_subject.O,zeek_x509.certificate_subject.OU,zeek_x509.certificate_subject.pseudonym,zeek_x509.certificate_subject.serialNumber,zeek_x509.certificate_subject.SN,zeek_x509.certificate_subject.ST,zeek_x509.certificate_subject.title,zeek_x509.certificate_subject_full,zeek_x509.certificate_version,zeek_x509.fuid,zeek_x509.san_dns,zeek_x509.san_email,zeek_x509.san_ip,zeek_x509.san_uri";
   this.api.addRightClick("malcolm_kibana_cat_ip",       {name:filterLabel, url:"idmol2kib/filter?start=%ISOSTART%&stop=%ISOSTOP%&field=%DBFIELD%&value=%TEXT%", category:"ip"});
   this.api.addRightClick("malcolm_kibana_cat_port",     {name:filterLabel, url:filterUrl, category:"port"});
   this.api.addRightClick("malcolm_kibana_cat_country",  {name:filterLabel, url:filterUrl, category:"country"});
@@ -820,7 +818,7 @@ function ZeekLogs (api, section) {
     // basic connection information
     "  if (session.zeek.orig_h || session.zeek.orig_p || session.zeek.orig_l2_addr || session.zeek.resp_h || " +
     "      session.zeek.resp_p || session.zeek.resp_l2_addr || session.zeek.proto || session.zeek.service || " +
-    "      session.zeek.user)\n" +
+    "      session.zeek.service_version || session.zeek.user || session.zeek.password)\n" +
     "    dl.sessionDetailMeta(suffix=\"Basic Connection Info\")\n" +
     "      +arrayList(session.zeek, 'orig_h', 'Originating Host', 'zeek.orig_h')\n" +
     "      +arrayList(session.zeek, 'orig_l2_addr', 'Originating MAC', 'zeek.orig_l2_addr')\n" +
@@ -842,7 +840,9 @@ function ZeekLogs (api, section) {
     "      +arrayList(session.zeek, 'resp_p', 'Responding Port', 'zeek.resp_p')\n" +
     "      +arrayList(session.zeek, 'proto', 'Protocol', 'zeek.proto')\n" +
     "      +arrayList(session.zeek, 'service', 'Service', 'zeek.service')\n" +
+    "      +arrayList(session.zeek, 'service_version', 'Service Version', 'zeek.service_version')\n" +
     "      +arrayList(session.zeek, 'user', 'User', 'zeek.user')\n" +
+    "      +arrayList(session.zeek, 'password', 'Password', 'zeek.password')\n" +
 
     // file information
     "  if (session.zeek.fuid || session.zeek.filename || session.zeek.filetype)\n" +
@@ -865,9 +865,9 @@ function ZeekLogs (api, section) {
   this.api.addView("zeek_enip", "require:zeek_enip;title:Zeek enip.log;fields:zeek_enip.command,zeek_enip.length,zeek_enip.session_handle,zeek_enip.status,zeek_enip.sender_context,zeek_enip.options")
   this.api.addView("zeek_enip_list_identity", "require:zeek_enip_list_identity;title:Zeek enip_list_identity.log;fields:zeek_enip_list_identity.device_type,zeek_enip_list_identity.vendor,zeek_enip_list_identity.product_name,zeek_enip_list_identity.serial_number,zeek_enip_list_identity.product_code,zeek_enip_list_identity.revision,zeek_enip_list_identity.status,zeek_enip_list_identity.state,zeek_enip_list_identity.device_ip")
   this.api.addView("zeek_files", "require:zeek_files;title:Zeek files.log;fields:zeek_files.fuid,zeek_files.tx_hosts,zeek_files.rx_hosts,zeek_files.conn_uids,zeek_files.source,zeek_files.depth,zeek_files.analyzers,zeek_files.mime_type,zeek_files.filename,zeek_files.duration,zeek_files.local_orig,zeek_files.is_orig,zeek_files.seen_bytes,zeek_files.total_bytes,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.timedout,zeek_files.parent_fuid,zeek_files.md5,zeek_files.sha1,zeek_files.sha256,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size")
-  this.api.addView("zeek_ftp", "require:zeek_ftp;title:Zeek ftp.log;fields:zeek_ftp.password,zeek_ftp.command,zeek_ftp.arg,zeek_ftp.mime_type,zeek_ftp.file_size,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p,zeek_ftp.fuid")
+  this.api.addView("zeek_ftp", "require:zeek_ftp;title:Zeek ftp.log;fields:zeek_ftp.command,zeek_ftp.arg,zeek_ftp.mime_type,zeek_ftp.file_size,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p,zeek_ftp.fuid")
   this.api.addView("zeek_gquic", "require:zeek_gquic;title:Zeek gquic.log;fields:zeek_gquic.version,zeek_gquic.server_name,zeek_gquic.user_agent,zeek_gquic.tag_count,zeek_gquic.cyu,zeek_gquic.cyutags")
-  this.api.addView("zeek_http", "require:zeek_http;title:Zeek http.log;fields:zeek_http.trans_depth,zeek_http.method,zeek_http.host,zeek_http.uri,zeek_http.origin,zeek_http.referrer,zeek_http.version,zeek_http.user_agent,zeek_http.request_body_len,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.info_code,zeek_http.info_msg,zeek_http.tags,zeek_http.user,zeek_http.password,zeek_http.proxied,zeek_http.orig_fuids,zeek_http.orig_filenames,zeek_http.orig_mime_types,zeek_http.resp_fuids,zeek_http.resp_filenames,zeek_http.resp_mime_types")
+  this.api.addView("zeek_http", "require:zeek_http;title:Zeek http.log;fields:zeek_http.trans_depth,zeek_http.method,zeek_http.host,zeek_http.uri,zeek_http.origin,zeek_http.referrer,zeek_http.version,zeek_http.user_agent,zeek_http.request_body_len,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.info_code,zeek_http.info_msg,zeek_http.tags,zeek_http.proxied,zeek_http.orig_fuids,zeek_http.orig_filenames,zeek_http.orig_mime_types,zeek_http.resp_fuids,zeek_http.resp_filenames,zeek_http.resp_mime_types")
   this.api.addView("zeek_intel", "require:zeek_intel;title:Zeek intel.log;fields:zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.seen_where,zeek_intel.seen_node,zeek_intel.matched,zeek_intel.sources,zeek_intel.fuid,zeek_intel.mimetype,zeek_intel.file_description")
   this.api.addView("zeek_irc", "require:zeek_irc;title:Zeek irc.log;fields:zeek_irc.nick,zeek_irc.command,zeek_irc.value,zeek_irc.addl,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type,zeek_irc.fuid")
   this.api.addView("zeek_iso_cotp", "require:zeek_iso_cotp;title:Zeek iso_cotp.log;fields:zeek_iso_cotp.pdu_type")
@@ -897,7 +897,7 @@ function ZeekLogs (api, section) {
   this.api.addView("zeek_smb_mapping", "require:zeek_smb_mapping;title:Zeek smb_mapping.log;fields:zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.native_file_system,zeek_smb_mapping.share_type")
   this.api.addView("zeek_smtp", "require:zeek_smtp;title:Zeek smtp.log;fields:zeek_smtp.trans_depth,zeek_smtp.helo,zeek_smtp.mailfrom,zeek_smtp.rcptto,zeek_smtp.date,zeek_smtp.from,zeek_smtp.to,zeek_smtp.cc,zeek_smtp.reply_to,zeek_smtp.msg_id,zeek_smtp.in_reply_to,zeek_smtp.subject,zeek_smtp.x_originating_ip,zeek_smtp.first_received,zeek_smtp.second_received,zeek_smtp.last_reply,zeek_smtp.path,zeek_smtp.user_agent,zeek_smtp.tls,zeek_smtp.fuids,zeek_smtp.is_webmail")
   this.api.addView("zeek_snmp", "require:zeek_snmp;title:Zeek snmp.log;fields:zeek_snmp.duration,zeek_snmp.version,zeek_snmp.community,zeek_snmp.get_requests,zeek_snmp.get_bulk_requests,zeek_snmp.get_responses,zeek_snmp.set_requests,zeek_snmp.display_string,zeek_snmp.up_since")
-  this.api.addView("zeek_socks", "require:zeek_socks;title:Zeek socks.log;fields:zeek_socks.version,zeek_socks.password,zeek_socks.server_status,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port")
+  this.api.addView("zeek_socks", "require:zeek_socks;title:Zeek socks.log;fields:zeek_socks.version,zeek_socks.server_status,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port")
   this.api.addView("zeek_software", "require:zeek_software;title:Zeek software.log;fields:zeek_software.software_type,zeek_software.name,zeek_software.version_major,zeek_software.version_minor,zeek_software.version_minor2,zeek_software.version_minor3,zeek_software.version_addl,zeek_software.unparsed_version")
   this.api.addView("zeek_ssh", "require:zeek_ssh;title:Zeek ssh.log;fields:zeek_ssh.version,zeek_ssh.auth_success,zeek_ssh.auth_attempts,zeek_ssh.direction,zeek_ssh.client,zeek_ssh.server,zeek_ssh.cipher_alg,zeek_ssh.mac_alg,zeek_ssh.compression_alg,zeek_ssh.kex_alg,zeek_ssh.host_key_alg,zeek_ssh.host_key,zeek_ssh.remote_location_country_code,zeek_ssh.remote_location_region,zeek_ssh.remote_location_city,zeek_ssh.remote_location_latitude,zeek_ssh.remote_location_longitude,zeek_ssh.hassh,zeek_ssh.hasshServer,zeek_ssh.hasshAlgorithms,zeek_ssh.hasshServerAlgorithms,zeek_ssh.cshka,zeek_ssh.sshka")
   this.api.addView("zeek_ssl", "require:zeek_ssl;title:Zeek ssl.log;fields:zeek_ssl.ssl_version,zeek_ssl.cipher,zeek_ssl.curve,zeek_ssl.server_name,zeek_ssl.resumed,zeek_ssl.last_alert,zeek_ssl.next_protocol,zeek_ssl.established,zeek_ssl.ja3,zeek_ssl.ja3_desc,zeek_ssl.ja3s,zeek_ssl.ja3s_desc,zeek_ssl.cert_chain_fuids,zeek_ssl.client_cert_chain_fuids,zeek_ssl.subject.CN,zeek_ssl.subject.C,zeek_ssl.subject.O,zeek_ssl.subject.OU,zeek_ssl.subject.ST,zeek_ssl.subject.SN,zeek_ssl.subject.L,zeek_ssl.subject.GN,zeek_ssl.subject.pseudonym,zeek_ssl.subject.serialNumber,zeek_ssl.subject.title,zeek_ssl.subject.initials,zeek_ssl.subject.emailAddress,zeek_ssl.client_subject.CN,zeek_ssl.client_subject.C,zeek_ssl.client_subject.O,zeek_ssl.client_subject.OU,zeek_ssl.client_subject.ST,zeek_ssl.client_subject.SN,zeek_ssl.client_subject.L,zeek_ssl.client_subject.GN,zeek_ssl.client_subject.pseudonym,zeek_ssl.client_subject.serialNumber,zeek_ssl.client_subject.title,zeek_ssl.client_subject.initials,zeek_ssl.client_subject.emailAddress,zeek_ssl.issuer.CN,zeek_ssl.issuer.C,zeek_ssl.issuer.O,zeek_ssl.issuer.OU,zeek_ssl.issuer.ST,zeek_ssl.issuer.SN,zeek_ssl.issuer.L,zeek_ssl.issuer.DC,zeek_ssl.issuer.GN,zeek_ssl.issuer.pseudonym,zeek_ssl.issuer.serialNumber,zeek_ssl.issuer.title,zeek_ssl.issuer.initials,zeek_ssl.issuer.emailAddress,zeek_ssl.client_issuer.CN,zeek_ssl.client_issuer.C,zeek_ssl.client_issuer.O,zeek_ssl.client_issuer.OU,zeek_ssl.client_issuer.ST,zeek_ssl.client_issuer.SN,zeek_ssl.client_issuer.L,zeek_ssl.client_issuer.DC,zeek_ssl.client_issuer.GN,zeek_ssl.client_issuer.pseudonym,zeek_ssl.client_issuer.serialNumber,zeek_ssl.client_issuer.title,zeek_ssl.client_issuer.initials,zeek_ssl.client_issuer.emailAddress,zeek_ssl.validation_status")
diff --git a/zeek/config/local.zeek b/zeek/config/local.zeek
index b3361c3fb..7abc52902 100644
--- a/zeek/config/local.zeek
+++ b/zeek/config/local.zeek
@@ -21,12 +21,14 @@ redef SOCKS::default_capture_password = T;
 @load protocols/dhcp/software
 @load protocols/dns/detect-external-names
 @load protocols/ftp/detect
+@load protocols/ftp/detect-bruteforcing.zeek
 @load protocols/ftp/software
 @load protocols/http/detect-sqli
 @load protocols/http/detect-webapps
 @load protocols/http/software
 @load protocols/http/software-browser-plugins
 @load protocols/mysql/software
+@load protocols/ssl/weak-keys
 @load protocols/smtp/software
 @load protocols/ssh/detect-bruteforcing
 @load protocols/ssh/geo-data

From fb953412ffd36ba89e786914063c20f4e54d2944 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 28 Jan 2020 11:55:24 -0700
Subject: [PATCH 037/183] added security overview dashboard wip

---
 .../95479950-41f2-11ea-88fa-7151df485405.json | 481 ++++++++++++++++++
 logstash/pipelines/zeek/11_zeek_logs.conf     |   4 +-
 2 files changed, 484 insertions(+), 1 deletion(-)
 create mode 100644 kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json

diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
new file mode 100644
index 000000000..288381c05
--- /dev/null
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -0,0 +1,481 @@
+{
+  "version": "7.5.1",
+  "objects": [
+    {
+      "id": "95479950-41f2-11ea-88fa-7151df485405",
+      "type": "dashboard",
+      "updated_at": "2020-01-28T18:54:49.682Z",
+      "version": "Wzg1MCwxXQ==",
+      "attributes": {
+        "title": "Security Overview",
+        "hits": 0,
+        "description": "",
+        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"h\":23,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":23,\"i\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"w\":12,\"x\":8,\"y\":0},\"panelIndex\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":23,\"i\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"w\":15,\"x\":20,\"y\":0},\"panelIndex\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":23,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"w\":13,\"x\":35,\"y\":0},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":34,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"w\":13,\"x\":0,\"y\":23},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":34,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"w\":15,\"x\":13,\"y\":23},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"w\":10,\"x\":28,\"y\":23},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"w\":10,\"x\":38,\"y\":23},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":16,\"i\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"w\":20,\"x\":28,\"y\":41},\"panelIndex\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":34,\"i\":\"94ee60c6-28b4-4042-8ecb-f49f9c7827df\",\"w\":13,\"x\":0,\"y\":57},\"panelIndex\":\"94ee60c6-28b4-4042-8ecb-f49f9c7827df\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":18,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"w\":35,\"x\":13,\"y\":57},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_10\"}]",
+        "optionsJSON": "{\"useMargins\":true}",
+        "version": 1,
+        "timeRestore": false,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
+        }
+      },
+      "references": [
+        {
+          "name": "panel_0",
+          "type": "visualization",
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3"
+        },
+        {
+          "name": "panel_1",
+          "type": "visualization",
+          "id": "a4f6eba0-41f5-11ea-88fa-7151df485405"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "c5b1e590-41f3-11ea-88fa-7151df485405"
+        },
+        {
+          "name": "panel_4",
+          "type": "visualization",
+          "id": "e9f27fa0-41f8-11ea-88fa-7151df485405"
+        },
+        {
+          "name": "panel_5",
+          "type": "visualization",
+          "id": "f7b3ba60-41f7-11ea-88fa-7151df485405"
+        },
+        {
+          "name": "panel_6",
+          "type": "visualization",
+          "id": "0ffb5790-41f3-11ea-88fa-7151df485405"
+        },
+        {
+          "name": "panel_7",
+          "type": "visualization",
+          "id": "4a183420-41f3-11ea-88fa-7151df485405"
+        },
+        {
+          "name": "panel_8",
+          "type": "visualization",
+          "id": "10a01120-41f5-11ea-88fa-7151df485405"
+        },
+        {
+          "name": "panel_9",
+          "type": "visualization",
+          "id": "750367f0-41f2-11ea-88fa-7151df485405"
+        },
+        {
+          "name": "panel_10",
+          "type": "visualization",
+          "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405"
+        }
+      ],
+      "migrationVersion": {
+        "dashboard": "7.3.0"
+      }
+    },
+    {
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+      "type": "visualization",
+      "updated_at": "2020-01-28T17:11:03.544Z",
+      "version": "Wzc2MiwxXQ==",
+      "attributes": {
+        "title": "Zeek Logs",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "a4f6eba0-41f5-11ea-88fa-7151df485405",
+      "type": "visualization",
+      "updated_at": "2020-01-28T17:43:07.866Z",
+      "version": "WzgwMywxXQ==",
+      "attributes": {
+        "title": "Notices by Category",
+        "visState": "{\"title\":\"Notices by Category\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.note\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice Category\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75",
+      "type": "visualization",
+      "updated_at": "2020-01-28T17:10:32.729Z",
+      "version": "WzQ1MSwxXQ==",
+      "attributes": {
+        "title": "Signatures - Signature IDs",
+        "visState": "{\"title\":\"Signatures - Signature IDs\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_signatures.signature_id\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature ID\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "type": "search",
+          "name": "search_0",
+          "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "c5b1e590-41f3-11ea-88fa-7151df485405",
+      "type": "visualization",
+      "updated_at": "2020-01-28T18:05:05.122Z",
+      "version": "WzgyMywxXQ==",
+      "attributes": {
+        "title": "Clear-text Transmission of Passwords ",
+        "visState": "{\"title\":\"Clear-text Transmission of Passwords \",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Username\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\\\\*password:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "e9f27fa0-41f8-11ea-88fa-7151df485405",
+      "type": "visualization",
+      "updated_at": "2020-01-28T18:42:31.189Z",
+      "version": "WzgzOSwxXQ==",
+      "attributes": {
+        "title": "Outdated/Insecure Application Protocols",
+        "visState": "{\"title\":\"Outdated/Insecure Application Protocols\",\"type\":\"table\",\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol Version\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"(zeek.service:ssh AND zeek.service_version < 2) OR (zeek.service:tls AND NOT zeek.service_version:(*TLS*v12* OR *TLS*v13*)) OR (zeek.service:ntp AND zeek.service_version < 4) OR (zeek.service:rfb AND zeek.service_version < 3.8) OR (zeek.service:rdp AND zeek.service_version < 6.0) OR (zeek.service:snmp AND zeek.service_version < 3)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "f7b3ba60-41f7-11ea-88fa-7151df485405",
+      "type": "visualization",
+      "updated_at": "2020-01-28T17:59:45.669Z",
+      "version": "WzgxNSwxXQ==",
+      "attributes": {
+        "title": "Connections by Destination Country (region map)",
+        "visState": "{\"title\":\"Connections by Destination Country (region map)\",\"type\":\"region_map\",\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Blues\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p><a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.maptiler.com\\\">MapTiler</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"http://localhost:28991/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Connections\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_code2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}",
+        "uiStateJSON": "{\"mapZoom\":3,\"mapCenter\":[37.16031654673677,-5.7511603125000015]}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "0ffb5790-41f3-11ea-88fa-7151df485405",
+      "type": "visualization",
+      "updated_at": "2020-01-28T17:46:50.064Z",
+      "version": "WzgwNSwxXQ==",
+      "attributes": {
+        "title": "Inbound External Traffic by Country",
+        "visState": "{\"title\":\"Inbound External Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.source_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Originating Country\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"tags:external_source AND tags:internal_destination\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "4a183420-41f3-11ea-88fa-7151df485405",
+      "type": "visualization",
+      "updated_at": "2020-01-28T17:47:36.034Z",
+      "version": "WzgwNywxXQ==",
+      "attributes": {
+        "title": "Outbound Internal Traffic by Country",
+        "visState": "{\"title\":\"Outbound Internal Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Responding Country\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"tags:internal_source AND tags:external_destination\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "10a01120-41f5-11ea-88fa-7151df485405",
+      "type": "visualization",
+      "updated_at": "2020-01-28T18:54:04.879Z",
+      "version": "Wzg0OCwxXQ==",
+      "attributes": {
+        "title": "File Types Observed",
+        "visState": "{\"title\":\"File Types Observed\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.filetype\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}}]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "750367f0-41f2-11ea-88fa-7151df485405",
+      "type": "visualization",
+      "updated_at": "2020-01-28T18:00:41.420Z",
+      "version": "WzgxNywxXQ==",
+      "attributes": {
+        "title": "Application Protocol by Version",
+        "visState": "{\"title\":\"Application Protocol by Version\",\"type\":\"table\",\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol Version\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405",
+      "type": "visualization",
+      "updated_at": "2020-01-28T18:54:35.175Z",
+      "version": "Wzg0OSwxXQ==",
+      "attributes": {
+        "title": "External Remote Access Over Time",
+        "visState": "{\"title\":\"External Remote Access Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD\"}},\"params\":{\"date\":true,\"interval\":\"P30D\",\"intervalESValue\":30,\"intervalESUnit\":\"d\",\"format\":\"YYYY-MM-DD\",\"bounds\":{\"min\":\"1976-01-28T18:52:45.953Z\",\"max\":\"2020-01-28T18:52:45.953Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-44y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"zeek.service:(ssh OR rdp OR rfb OR telnet) AND tags:(external_source OR external_destination)\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c",
+      "type": "search",
+      "updated_at": "2020-01-28T17:11:00.469Z",
+      "version": "WzczOSwxXQ==",
+      "attributes": {
+        "title": "Notices - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek_notice.note",
+          "srcIp",
+          "dstIp",
+          "zeek.uid",
+          "_id"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
+    },
+    {
+      "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed",
+      "type": "search",
+      "updated_at": "2020-01-28T17:10:32.729Z",
+      "version": "WzQ1MCwxXQ==",
+      "attributes": {
+        "title": "Signatures - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek_signatures.note",
+          "zeek_signatures.signature_id",
+          "zeek_signatures.signature_count",
+          "zeek.fuid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"zeek.logType:signatures\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
+    },
+    {
+      "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
+      "type": "search",
+      "updated_at": "2020-01-28T17:11:01.499Z",
+      "version": "Wzc0NSwxXQ==",
+      "attributes": {
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "hits": 0,
+        "description": "",
+        "title": "Connections - Logs",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        },
+        "columns": [
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "zeek.uid",
+          "_id"
+        ]
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
+    }
+  ]
+}
\ No newline at end of file
diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index 61b469e53..ee64dd67a 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -2853,7 +2853,7 @@ filter {
       }
       # collect protocol version under the parent zeek.service_version array
       mutate { id => "mutate_merge_field_zeek_service_version_quic"
-               merge => { "[zeek][service_version]" => "[quic][version]" } }
+               merge => { "[zeek][service_version]" => "[zeek_gquic][version]" } }
     }
 
 
@@ -3399,6 +3399,8 @@ filter {
       # collect protocol version under the parent zeek.service_version array
       mutate { id => "mutate_merge_field_zeek_service_version_rdp"
                merge => { "[zeek][service_version]" => "[zeek_rdp][client_build]" } }
+      mutate { id => "mutate_gsub_field_zeek_service_version_rdp"
+               gsub => [ "[zeek][service_version]", "RDP ", "" ] }
     }
 
   } else if ([source] == "rfb") {

From b68760629b20a872f38659e99f67ebb99e574059 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 28 Jan 2020 13:02:03 -0700
Subject: [PATCH 038/183] added freq.Dockerfile to detecting string entropy

---
 Dockerfiles/freq.Dockerfile             | 60 +++++++++++++++++++++++++
 README.md                               |  9 +++-
 docker-compose-standalone-zeek-live.yml |  8 ++++
 docker-compose-standalone.yml           |  8 ++++
 docker-compose.yml                      | 11 +++++
 freq-server/supervisord.conf            | 29 ++++++++++++
 6 files changed, 124 insertions(+), 1 deletion(-)
 create mode 100644 Dockerfiles/freq.Dockerfile
 create mode 100644 freq-server/supervisord.conf

diff --git a/Dockerfiles/freq.Dockerfile b/Dockerfiles/freq.Dockerfile
new file mode 100644
index 000000000..bfddd588d
--- /dev/null
+++ b/Dockerfiles/freq.Dockerfile
@@ -0,0 +1,60 @@
+FROM debian:buster-slim
+
+# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+LABEL maintainer="malcolm.netsec@gmail.com"
+LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
+LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
+LABEL org.opencontainers.image.documentation='https://github.com/idaholab/Malcolm/blob/master/README.md'
+LABEL org.opencontainers.image.source='https://github.com/idaholab/Malcolm'
+LABEL org.opencontainers.image.vendor='Idaho National Laboratory'
+LABEL org.opencontainers.image.title='malcolmnetsec/freq'
+LABEL org.opencontainers.image.description='Malcolm container providing an interface to Mark Baggett''s freq_server.py'
+
+ARG FREQ_USER=freq
+ARG FREQ_PORT=10004
+ARG FREQ_ENABLED=true
+
+ENV FREQ_USER    $FREQ_USER
+ENV FREQ_PORT    $FREQ_PORT
+ENV FREQ_ENABLED $FREQ_ENABLED
+
+RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \
+    apt-get update && \
+    apt-get  -y -q install \
+      build-essential \
+      curl \
+      git \
+      procps \
+      psmisc \
+      python3 \
+      python3-dev \
+      python3-pip && \
+    pip3 install supervisor && \
+      mkdir -p /var/log/supervisor && \
+    git clone --depth=1 --single-branch -b master https://github.com/markbaggett/freq /opt/freq_server && \
+      rm -rf /opt/freq_server/systemd /opt/freq_server/upstart /opt/freq_server/*.md /opt/freq_server/*.exe && \
+      mv -v "$(ls /opt/freq_server/*.freq | tail -n 1)" /opt/freq_server/freq_table.freq && \
+    groupadd --gid 1000 $FREQ_USER && \
+      useradd -M --uid 1000 --gid 1000 --home /nonexistant $FREQ_USER && \
+      chown -R $FREQ_USER:$FREQ_USER /opt/freq_server && \
+    apt-get -y -q --allow-downgrades --allow-remove-essential --allow-change-held-packages --purge remove git python3-dev build-essential && \
+      apt-get -y -q --allow-downgrades --allow-remove-essential --allow-change-held-packages autoremove && \
+      apt-get clean && \
+      rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+ADD freq-server/supervisord.conf /etc/supervisord.conf
+
+WORKDIR /opt/freq_server
+
+EXPOSE $FREQ_PORT
+
+CMD ["/usr/local/bin/supervisord", "-c", "/etc/supervisord.conf", "-u", "root", "-n"]
+
+# to be populated at build-time:
+ARG BUILD_DATE
+ARG MALCOLM_VERSION
+ARG VCS_REVISION
+
+LABEL org.opencontainers.image.created=$BUILD_DATE
+LABEL org.opencontainers.image.version=$MALCOLM_VERSION
+LABEL org.opencontainers.image.revision=$VCS_REVISION
diff --git a/README.md b/README.md
index 5cc2edd33..febb7c924 100644
--- a/README.md
+++ b/README.md
@@ -111,6 +111,7 @@ Pulling elastalert      ... done
 Pulling elasticsearch   ... done
 Pulling file-monitor    ... done
 Pulling filebeat        ... done
+Pulling freq            ... done
 Pulling htadmin         ... done
 Pulling kibana          ... done
 Pulling logstash        ... done
@@ -139,6 +140,7 @@ malcolmnetsec/curator                               1.9.0               xxxxxxxx
 malcolmnetsec/nginx-proxy                           1.9.0               xxxxxxxxxxxx        29 minutes ago      54.5MB
 malcolmnetsec/elastalert                            1.9.0               xxxxxxxxxxxx        30 minutes ago      276MB
 malcolmnetsec/htadmin                               1.9.0               xxxxxxxxxxxx        31 minutes ago      256MB
+malcolmnetsec/freq                                  1.9.0               xxxxxxxxxxxx        32 minutes ago      188MB
 docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         825MB
 ```
 
@@ -193,6 +195,7 @@ Malcolm leverages the following excellent open source tools, among others.
 * [Nginx](https://nginx.org/) - for HTTPS and reverse proxying Malcolm components
 * [nginx-auth-ldap](https://github.com/kvspb/nginx-auth-ldap) - an LDAP authentication module for nginx
 * [ElastAlert](https://github.com/Yelp/elastalert) - an alerting framework for Elasticsearch. Specifically, the [BitSensor fork of ElastAlert](https://github.com/bitsensor/elastalert), its Docker configuration and its corresponding [Kibana plugin](https://github.com/bitsensor/elastalert-kibana-plugin) are used.
+* [freq](https://github.com/MarkBaggett/freq) - a tool for calculating entropy of strings
 * These third party Zeek plugins:
     * Amazon.com, Inc.'s [ICS protocol](https://github.com/amzn?q=zeek) analyzers
     * Corelight's [bro-xor-exe](https://github.com/corelight/bro-xor-exe-plugin) plugin
@@ -314,6 +317,7 @@ Then, go take a walk or something since it will be a while. When you're done, yo
 * `malcolmnetsec/filebeat-oss` (based on `docker.elastic.co/beats/filebeat-oss`)
 * `malcolmnetsec/file-monitor` (based on `debian:buster-slim`)
 * `malcolmnetsec/file-upload` (based on `debian:buster-slim`)
+* `malcolmnetsec/freq` (based on `debian:buster-slim`)
 * `malcolmnetsec/htadmin` (based on `debian:buster-slim`)
 * `malcolmnetsec/kibana-oss` (based on `docker.elastic.co/kibana/kibana-oss`)
 * `malcolmnetsec/logstash-oss` (based on `docker.elastic.co/logstash/logstash-oss`)
@@ -1740,6 +1744,7 @@ Pulling elastalert    ... done
 Pulling elasticsearch ... done
 Pulling file-monitor  ... done
 Pulling filebeat      ... done
+Pulling freq          ... done
 Pulling htadmin       ... done
 Pulling kibana        ... done
 Pulling logstash      ... done
@@ -1765,6 +1770,7 @@ malcolmnetsec/curator                               1.9.0               xxxxxxxx
 malcolmnetsec/kibana-oss                            1.9.0               xxxxxxxxxxxx        33 hours ago        944MB
 malcolmnetsec/filebeat-oss                          1.9.0               xxxxxxxxxxxx        11 days ago         459MB
 malcolmnetsec/elastalert                            1.9.0               xxxxxxxxxxxx        11 days ago         276MB
+malcolmnetsec/freq                                  1.9.0               xxxxxxxxxxxx        11 days ago         188MB
 docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         769MB
 ```
 
@@ -1777,6 +1783,7 @@ Creating malcolm_elastalert_1    ... done
 Creating malcolm_elasticsearch_1 ... done
 Creating malcolm_file-monitor_1  ... done
 Creating malcolm_filebeat_1      ... done
+Creating malcolm_freq_1          ... done
 Creating malcolm_htadmin_1       ... done
 Creating malcolm_kibana_1        ... done
 Creating malcolm_logstash_1      ... done
@@ -1797,7 +1804,7 @@ In a few minutes, Malcolm services will be accessible via the following URLs:
 …
 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 …
-Attaching to malcolm_curator_1, malcolm_elastalert_1, malcolm_elasticsearch_1, malcolm_file-monitor_1, malcolm_filebeat_1, malcolm_htadmin_1, malcolm_kibana_1, malcolm_logstash_1, malcolm_moloch_1, malcolm_nginx-proxy_1, malcolm_pcap-capture_1, malcolm_pcap-monitor_1, malcolm_upload_1, malcolm_zeek_1
+Attaching to malcolm_curator_1, malcolm_elastalert_1, malcolm_elasticsearch_1, malcolm_file-monitor_1, malcolm_filebeat_1, malcolm_freq_1, malcolm_htadmin_1, malcolm_kibana_1, malcolm_logstash_1, malcolm_moloch_1, malcolm_nginx-proxy_1, malcolm_pcap-capture_1, malcolm_pcap-monitor_1, malcolm_upload_1, malcolm_zeek_1
 …
 ```
 
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index cb0bead9b..e57392e46 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -364,6 +364,14 @@ services:
       - ./htadmin/config.ini:/var/www/htadmin/config/config.ini:rw
       - ./htadmin/metadata:/var/www/htadmin/config/metadata:rw
       - ./nginx/htpasswd:/var/www/htadmin/config/htpasswd:rw
+  freq:
+    image: malcolmnetsec/freq:1.9.0
+    restart: "no"
+    hostname: freq
+    environment:
+      VIRTUAL_HOST : 'freq.malcolm.local'
+    expose:
+      - 10004
   nginx-proxy:
     image: malcolmnetsec/nginx-proxy:1.9.0
     restart: "no"
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 90fa4f36d..53b461f60 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -364,6 +364,14 @@ services:
       - ./htadmin/config.ini:/var/www/htadmin/config/config.ini:rw
       - ./htadmin/metadata:/var/www/htadmin/config/metadata:rw
       - ./nginx/htpasswd:/var/www/htadmin/config/htpasswd:rw
+  freq:
+    image: malcolmnetsec/freq:1.9.0
+    restart: "no"
+    hostname: freq
+    environment:
+      VIRTUAL_HOST : 'freq.malcolm.local'
+    expose:
+      - 10004
   nginx-proxy:
     image: malcolmnetsec/nginx-proxy:1.9.0
     restart: "no"
diff --git a/docker-compose.yml b/docker-compose.yml
index 911f11cf3..234a8ab4e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -408,6 +408,17 @@ services:
       - ./htadmin/config.ini:/var/www/htadmin/config/config.ini:rw
       - ./htadmin/metadata:/var/www/htadmin/config/metadata:rw
       - ./nginx/htpasswd:/var/www/htadmin/config/htpasswd:rw
+  freq:
+    image: malcolmnetsec/freq:1.9.0
+    build:
+      context: .
+      dockerfile: Dockerfiles/freq.Dockerfile
+    restart: "no"
+    hostname: freq
+    environment:
+      VIRTUAL_HOST : 'freq.malcolm.local'
+    expose:
+      - 10004
   nginx-proxy:
     build:
       context: .
diff --git a/freq-server/supervisord.conf b/freq-server/supervisord.conf
new file mode 100644
index 000000000..e73db10b0
--- /dev/null
+++ b/freq-server/supervisord.conf
@@ -0,0 +1,29 @@
+; Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+
+[unix_http_server]
+file=/var/run/supervisor.sock   ; (the path to the socket file)
+chmod=0700
+
+[supervisord]
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+pidfile=/var/run/supervisord.pid
+childlogdir=/var/log/supervisor
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock
+
+[program:freq]
+command=/usr/bin/python3 /opt/freq_server/freq_server.py -ip 0.0.0.0 %(ENV_FREQ_PORT)s /opt/freq_server/freq_table.freq
+user=%(ENV_FREQ_USER)s
+autostart=%(ENV_FREQ_ENABLED)s
+startsecs=5
+startretries=2000000000
+stopasgroup=true
+killasgroup=true
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true

From 65b6260562e35aefa9605525ce075803669a8187 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 28 Jan 2020 14:28:47 -0700
Subject: [PATCH 039/183] if designated by the FREQ_LOOKUP (true) environment
 variable, look up DNS query hostnames using freq_server.py

---
 Dockerfiles/freq.Dockerfile                   | 11 +++++-----
 Dockerfiles/logstash.Dockerfile               |  2 +-
 docker-compose-standalone-zeek-live.yml       |  5 +++++
 docker-compose-standalone.yml                 |  5 +++++
 docker-compose.yml                            |  5 +++++
 freq-server/supervisord.conf                  |  2 +-
 logstash/pipelines/enrichment/11_lookups.conf | 20 +++++++++++++++++++
 .../pipelines/enrichment/12_type_conv.conf    |  2 ++
 moloch/wise/source.zeeklogs.js                |  9 +++++++--
 9 files changed, 51 insertions(+), 10 deletions(-)

diff --git a/Dockerfiles/freq.Dockerfile b/Dockerfiles/freq.Dockerfile
index bfddd588d..d4d3be88a 100644
--- a/Dockerfiles/freq.Dockerfile
+++ b/Dockerfiles/freq.Dockerfile
@@ -12,16 +12,15 @@ LABEL org.opencontainers.image.description='Malcolm container providing an inter
 
 ARG FREQ_USER=freq
 ARG FREQ_PORT=10004
-ARG FREQ_ENABLED=true
+ARG FREQ_LOOKUP=true
 
-ENV FREQ_USER    $FREQ_USER
-ENV FREQ_PORT    $FREQ_PORT
-ENV FREQ_ENABLED $FREQ_ENABLED
+ENV FREQ_USER   $FREQ_USER
+ENV FREQ_PORT   $FREQ_PORT
+ENV FREQ_LOOKUP $FREQ_LOOKUP
 
 RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \
     apt-get update && \
     apt-get  -y -q install \
-      build-essential \
       curl \
       git \
       procps \
@@ -37,7 +36,7 @@ RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list
     groupadd --gid 1000 $FREQ_USER && \
       useradd -M --uid 1000 --gid 1000 --home /nonexistant $FREQ_USER && \
       chown -R $FREQ_USER:$FREQ_USER /opt/freq_server && \
-    apt-get -y -q --allow-downgrades --allow-remove-essential --allow-change-held-packages --purge remove git python3-dev build-essential && \
+    apt-get -y -q --allow-downgrades --allow-remove-essential --allow-change-held-packages --purge remove git python3-dev && \
       apt-get -y -q --allow-downgrades --allow-remove-essential --allow-change-held-packages autoremove && \
       apt-get clean && \
       rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile
index 9d92c15da..4cb919ae5 100644
--- a/Dockerfiles/logstash.Dockerfile
+++ b/Dockerfiles/logstash.Dockerfile
@@ -53,7 +53,7 @@ RUN yum install -y epel-release && \
     yum clean all && \
     pip install py2-ipaddress && \
     logstash-plugin install logstash-filter-translate logstash-filter-cidr logstash-filter-dns \
-                            logstash-filter-json logstash-filter-prune \
+                            logstash-filter-json logstash-filter-prune logstash-filter-http \
                             logstash-filter-grok logstash-filter-geoip logstash-filter-uuid \
                             logstash-filter-kv logstash-filter-mutate logstash-filter-dissect \
                             logstash-input-beats logstash-output-elasticsearch && \
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index e57392e46..2e0d79a6c 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -81,6 +81,9 @@ x-common-upload-variables: &common-upload-variables
   PCAP_PIPELINE_IGNORE_PREEXISTING : 'false'
   PCAP_MONITOR_HOST : 'pcap-monitor'
 
+x-common-lookup-variables: &common-lookup-variables
+  FREQ_LOOKUP : 'false'
+
 x-common-beats-variables: &common-beats-variables
   BEATS_SSL : 'false'
 
@@ -190,6 +193,7 @@ services:
     environment:
       << : *logstash-variables
       << : *common-beats-variables
+      << : *common-lookup-variables
       ES_HOSTS : 'elasticsearch:9200'
       LS_JAVA_OPTS : '-Xms2g -Xmx2g -Djava.security.egd=file:/dev/./urandom'
     depends_on:
@@ -369,6 +373,7 @@ services:
     restart: "no"
     hostname: freq
     environment:
+      << : *common-lookup-variables
       VIRTUAL_HOST : 'freq.malcolm.local'
     expose:
       - 10004
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 53b461f60..82f3c29af 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -81,6 +81,9 @@ x-common-upload-variables: &common-upload-variables
   PCAP_PIPELINE_IGNORE_PREEXISTING : 'false'
   PCAP_MONITOR_HOST : 'pcap-monitor'
 
+x-common-lookup-variables: &common-lookup-variables
+  FREQ_LOOKUP : 'false'
+
 x-common-beats-variables: &common-beats-variables
   BEATS_SSL : 'false'
 
@@ -190,6 +193,7 @@ services:
     environment:
       << : *logstash-variables
       << : *common-beats-variables
+      << : *common-lookup-variables
       ES_HOSTS : 'elasticsearch:9200'
       LS_JAVA_OPTS : '-Xms2g -Xmx2g -Djava.security.egd=file:/dev/./urandom'
     depends_on:
@@ -369,6 +373,7 @@ services:
     restart: "no"
     hostname: freq
     environment:
+      << : *common-lookup-variables
       VIRTUAL_HOST : 'freq.malcolm.local'
     expose:
       - 10004
diff --git a/docker-compose.yml b/docker-compose.yml
index 234a8ab4e..5a32146a1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -81,6 +81,9 @@ x-common-upload-variables: &common-upload-variables
   PCAP_PIPELINE_IGNORE_PREEXISTING : 'false'
   PCAP_MONITOR_HOST : 'pcap-monitor'
 
+x-common-lookup-variables: &common-lookup-variables
+  FREQ_LOOKUP : 'false'
+
 x-common-beats-variables: &common-beats-variables
   BEATS_SSL : 'false'
 
@@ -204,6 +207,7 @@ services:
     environment:
       << : *logstash-variables
       << : *common-beats-variables
+      << : *common-lookup-variables
       ES_HOSTS : 'elasticsearch:9200'
       LS_JAVA_OPTS : '-Xms2g -Xmx2g -Djava.security.egd=file:/dev/./urandom'
     depends_on:
@@ -416,6 +420,7 @@ services:
     restart: "no"
     hostname: freq
     environment:
+      << : *common-lookup-variables
       VIRTUAL_HOST : 'freq.malcolm.local'
     expose:
       - 10004
diff --git a/freq-server/supervisord.conf b/freq-server/supervisord.conf
index e73db10b0..d27cea551 100644
--- a/freq-server/supervisord.conf
+++ b/freq-server/supervisord.conf
@@ -19,7 +19,7 @@ serverurl=unix:///var/run/supervisor.sock
 [program:freq]
 command=/usr/bin/python3 /opt/freq_server/freq_server.py -ip 0.0.0.0 %(ENV_FREQ_PORT)s /opt/freq_server/freq_table.freq
 user=%(ENV_FREQ_USER)s
-autostart=%(ENV_FREQ_ENABLED)s
+autostart=%(ENV_FREQ_LOOKUP)s
 startsecs=5
 startretries=2000000000
 stopasgroup=true
diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index 3f4f7c2a2..0175dece4 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -201,6 +201,26 @@ filter {
     }
   } # if ([dstIp])
 
+  if ([dns][host]) {
+    # if requested, look up DNS queries using freq_server.py to get entropy scores
+    mutate {
+      add_field => { "[@metadata][ENV_FREQ_LOOKUP]" => "${FREQ_LOOKUP:false}" }
+    }
+    if ([@metadata][ENV_FREQ_LOOKUP] == "true") {
+      http {
+        id => "rest_dns_freq_lookup"
+        url => "http://freq:10004/measure/%{[dns][host]}"
+        target_body => "[@metadata][dns_host_freq]"
+      }
+      if ([@metadata][dns_host_freq]) {
+        grok {
+          id => "grok_dns_freq_parse"
+          match => { "[@metadata][dns_host_freq]" => [ "^\(%{NUMBER:[zeek][freq_score_v1]}, %{NUMBER:[zeek][freq_score_v2]}\)$" ] }
+        }
+      }
+    }
+  }
+
   if ([dns][ip]) and ([dns][ip][0]) {
     # if this is a DNS record with an IP, GeoIP it as well
     geoip {
diff --git a/logstash/pipelines/enrichment/12_type_conv.conf b/logstash/pipelines/enrichment/12_type_conv.conf
index 7b880319d..7a8861a8a 100644
--- a/logstash/pipelines/enrichment/12_type_conv.conf
+++ b/logstash/pipelines/enrichment/12_type_conv.conf
@@ -71,6 +71,8 @@ filter {
       "[userCnt]" => "integer"
       "[vlan]" => "integer"
       "[vlanCnt]" => "integer"
+      "[zeek][freq_score_v1]" => "float"
+      "[zeek][freq_score_v2]" => "float"
     }
   }
 
diff --git a/moloch/wise/source.zeeklogs.js b/moloch/wise/source.zeeklogs.js
index ffa5b28f5..da828a8ac 100755
--- a/moloch/wise/source.zeeklogs.js
+++ b/moloch/wise/source.zeeklogs.js
@@ -49,6 +49,8 @@ function ZeekLogs (api, section) {
   this.service_versionField = this.api.addField("field:zeek.service_version;db:zeek.service_version;kind:termfield;friendly:Service Version;help:Service Version");
   this.userField = this.api.addField("field:zeek.user;db:zeek.user;kind:termfield;friendly:User;help:User");
   this.passwordField = this.api.addField("field:zeek.password;db:zeek.password;kind:termfield;friendly:Password;help:Password");
+  this.freq_score_v1 = this.api.addField("field:zeek.freq_score_v1;db:zeek_dns.freq_score_v1;kind:termfield;friendly:Freq Score v1;help:Freq Score v1");
+  this.freq_score_v2 = this.api.addField("field:zeek.freq_score_v2;db:zeek_dns.freq_score_v2;kind:termfield;friendly:Freq Score v2;help:Freq Score v2");
 
   // file information
   this.fuidField = this.api.addField("field:zeek.fuid;db:zeek.fuid;kind:termfield;friendly:File ID;help:File ID");
@@ -793,7 +795,7 @@ function ZeekLogs (api, section) {
   // add right-clicks for pivoting into Kibana from Moloch (see nginx.conf)
   var filterLabel = "Filter %DBFIELD% in Kibana";
   var filterUrl = "idmol2kib/filter?start=%ISOSTART%&stop=%ISOSTOP%&field=%DBFIELD%&value=%TEXT%";
-  var allFieldsStr = "communityId,host.name,ip.protocol,mac.dst,mac.src,node,oui.dst,oui.src,protocols,rootId,tags,zeek.community_id,zeek.destination_geo.city_name,zeek.destination_geo.country_name,zeek.destination_ip_reverse_dns,zeek.filename,zeek.filetype,zeek.fuid,zeek.logType,zeek.orig_h,zeek.orig_hostname,zeek.orig_l2_addr,zeek.orig_l2_oui,zeek.orig_p,zeek.orig_segment,zeek.proto,zeek.resp_h,zeek.resp_hostname,zeek.resp_l2_addr,zeek.resp_l2_oui,zeek.resp_p,zeek.resp_segment,zeek.service,zeek.service_version,zeek.source_geo.city_name,zeek.source_geo.country_name,zeek.source_ip_reverse_dns,zeek.ts,zeek.uid,zeek.user,zeek.password,zeek_bacnet.apdu_type,zeek_bacnet.bvlc_function,zeek_bacnet.bvlc_len,zeek_bacnet.data,zeek_bacnet.data_dict.date,zeek_bacnet.data_dict.low_limit,zeek_bacnet.data_dict.high_limit,zeek_bacnet.data_dict.object,zeek_bacnet.data_dict.property,zeek_bacnet.data_dict.result,zeek_bacnet.data_dict.time,zeek_bacnet.data_dict.ttl,zeek_bacnet.service_choice,zeek_cip.cip_service,zeek_cip.cip_tags,zeek_cip.status,zeek_conn.conn_state,zeek_conn.conn_state_description,zeek_conn.duration,zeek_conn.history,zeek_conn.inner_vlan,zeek_conn.local_orig,zeek_conn.local_resp,zeek_conn.missed_bytes,zeek_conn.orig_bytes,zeek_conn.orig_ip_bytes,zeek_conn.orig_pkts,zeek_conn.resp_bytes,zeek_conn.resp_ip_bytes,zeek_conn.resp_pkts,zeek_conn.tunnel_parents,zeek_conn.vlan,zeek_dce_rpc.endpoint,zeek_dce_rpc.named_pipe,zeek_dce_rpc.operation,zeek_dce_rpc.rtt,zeek_dhcp.assigned_ip,zeek_dhcp.lease_time,zeek_dhcp.mac,zeek_dhcp.trans_id,zeek_dnp3.fc_reply,zeek_dnp3.fc_request,zeek_dnp3.iin,zeek_dns.AA,zeek_dns.answers,zeek_dns.qclass,zeek_dns.qclass_name,zeek_dns.qtype,zeek_dns.qtype_name,zeek_dns.query,zeek_dns.RA,zeek_dns.rcode,zeek_dns.rcode_name,zeek_dns.RD,zeek_dns.rejected,zeek_dns.rtt,zeek_dns.TC,zeek_dns.trans_id,zeek_dns.TTLs,zeek_dns.Z,zeek_dpd.failure_reason,zeek_dpd.service,zeek_enip.command,zeek_enip.length,zeek_enip.options,zeek_enip.sender_context,zeek_enip.session_handle,zeek_enip.status,zeek_enip_list_identity.device_ip,zeek_enip_list_identity.device_type,zeek_enip_list_identity.product_code,zeek_enip_list_identity.product_name,zeek_enip_list_identity.revision,zeek_enip_list_identity.serial_number,zeek_enip_list_identity.state,zeek_enip_list_identity.status,zeek_enip_list_identity.vendor,zeek_files.analyzers,zeek_files.conn_uids,zeek_files.depth,zeek_files.duration,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size,zeek_files.filename,zeek_files.fuid,zeek_files.is_orig,zeek_files.local_orig,zeek_files.md5,zeek_files.mime_type,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.parent_fuid,zeek_files.rx_hosts,zeek_files.seen_bytes,zeek_files.sha1,zeek_files.sha256,zeek_files.source,zeek_files.timedout,zeek_files.total_bytes,zeek_files.tx_hosts,zeek_ftp.arg,zeek_ftp.command,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p,zeek_ftp.file_size,zeek_ftp.fuid,zeek_ftp.mime_type,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_gquic.cyu,zeek_gquic.cyutags,zeek_gquic.server_name,zeek_gquic.tag_count,zeek_gquic.user_agent,zeek_gquic.version,zeek_http.host,zeek_http.info_code,zeek_http.info_msg,zeek_http.method,zeek_http.orig_filenames,zeek_http.orig_fuids,zeek_http.orig_mime_types,zeek_http.origin,zeek_http.proxied,zeek_http.referrer,zeek_http.request_body_len,zeek_http.resp_filenames,zeek_http.resp_fuids,zeek_http.resp_mime_types,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.tags,zeek_http.trans_depth,zeek_http.uri,zeek_http.user_agent,zeek_http.version,zeek_intel.file_description,zeek_intel.fuid,zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.matched,zeek_intel.mimetype,zeek_intel.seen_node,zeek_intel.seen_where,zeek_intel.sources,zeek_irc.addl,zeek_irc.command,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type,zeek_irc.fuid,zeek_irc.nick,zeek_irc.value,zeek_iso_cotp.pdu_type,zeek_kerberos.cipher,zeek_kerberos.client_cert_fuid,zeek_kerberos.client_cert_subject,zeek_kerberos.cname,zeek_kerberos.error_msg,zeek_kerberos.forwardable,zeek_kerberos.from,zeek_kerberos.renewable,zeek_kerberos.server_cert_fuid,zeek_kerberos.server_cert_subject,zeek_kerberos.sname,zeek_kerberos.success,zeek_kerberos.till,zeek_known_certs.issuer_subject,zeek_known_certs.serial,zeek_known_certs.subject,zeek_known_modbus.device_type,zeek_ldap.message_id,zeek_ldap.operation,zeek_ldap.value,zeek_ldap.entry,zeek_ldap.result,zeek_ldap.result_code,zeek_ldap.error,zeek_modbus.exception,zeek_modbus.func,modbus_register_change.register,modbus_register_change.old_val,modbus_register_change.new_val,modbus_register_change.delta,zeek_mqtt_connect.client_id,zeek_mqtt_connect.connect_status,zeek_mqtt_connect.proto_name,zeek_mqtt_connect.proto_version,zeek_mqtt_connect.will_payload,zeek_mqtt_connect.will_topic,zeek_mqtt_publish.from_client,zeek_mqtt_publish.retain,zeek_mqtt_publish.qos,zeek_mqtt_publish.status,zeek_mqtt_publish.topic,zeek_mqtt_publish.payload,zeek_mqtt_publish.payload_len,zeek_mqtt_subscribe.action,zeek_mqtt_subscribe.topics,zeek_mqtt_subscribe.qos_levels,zeek_mqtt_subscribe.granted_qos_level,zeek_mqtt_subscribe.ack,zeek_mysql.arg,zeek_mysql.cmd,zeek_mysql.response,zeek_mysql.rows,zeek_mysql.success,zeek_notice.actions,zeek_notice.dropped,zeek_notice.dst,zeek_notice.file_desc,zeek_notice.file_mime_type,zeek_notice.fuid,zeek_notice.msg,zeek_notice.n,zeek_notice.note,zeek_notice.p,zeek_notice.peer_descr,zeek_notice.remote_location_city,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_country_code,zeek_notice.remote_location_latitude,zeek_notice.remote_location_longitude,zeek_notice.remote_location_region,zeek_notice.src,zeek_notice.sub,zeek_notice.suppress_for,zeek_ntlm.domain,zeek_ntlm.host,zeek_ntlm.status,zeek_ntlm.success,zeek_ntlm.server_nb_computer,zeek_ntlm.server_dns_computer,zeek_ntlm.server_tree,zeek_ntp.mode,zeek_ntp.mode_str,zeek_ntp.num_exts,zeek_ntp.org_time,zeek_ntp.poll,zeek_ntp.precision,zeek_ntp.rec_time,zeek_ntp.ref_id,zeek_ntp.ref_time,zeek_ntp.root_delay,zeek_ntp.root_disp,zeek_ntp.stratum,zeek_ntp.version,zeek_ntp.xmt_time,zeek_pe.compile_ts,zeek_pe.fuid,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.has_export_table,zeek_pe.has_import_table,zeek_pe.is_64bit,zeek_pe.is_exe,zeek_pe.machine,zeek_pe.os,zeek_pe.section_names,zeek_pe.subsystem,zeek_pe.uses_aslr,zeek_pe.uses_code_integrity,zeek_pe.uses_dep,zeek_pe.uses_seh,zeek_profinet.block_version,zeek_profinet.index,zeek_profinet.operation_type,zeek_profinet.slot_number,zeek_profinet.subslot_number,zeek_profinet_dce_rpc.activity_uuid,zeek_profinet_dce_rpc.interface_uuid,zeek_profinet_dce_rpc.object_uuid,zeek_profinet_dce_rpc.operation,zeek_profinet_dce_rpc.packet_type,zeek_profinet_dce_rpc.server_boot_time,zeek_profinet_dce_rpc.version,zeek_radius.connect_info,zeek_radius.framed_addr,zeek_radius.mac,zeek_radius.tunnel_client,zeek_radius.reply_msg,zeek_radius.result,zeek_radius.ttl,zeek_rdp.cert_count,zeek_rdp.cert_permanent,zeek_rdp.cert_type,zeek_rdp.client_build,zeek_rdp.client_channels,zeek_rdp.client_dig_product_id,zeek_rdp.client_name,zeek_rdp.cookie,zeek_rdp.desktop_height,zeek_rdp.desktop_width,zeek_rdp.encryption_level,zeek_rdp.encryption_method,zeek_rdp.keyboard_layout,zeek_rdp.requested_color_depth,zeek_rdp.result,zeek_rdp.security_protocol,zeek_rfb.auth,zeek_rfb.authentication_method,zeek_rfb.client_major_version,zeek_rfb.client_minor_version,zeek_rfb.desktop_name,zeek_rfb.height,zeek_rfb.server_major_version,zeek_rfb.server_minor_version,zeek_rfb.share_flag,zeek_rfb.width,zeek_s7comm.data_info,zeek_s7comm.item_count,zeek_s7comm.parameter,zeek_s7comm.parameters.class,zeek_s7comm.parameters.code,zeek_s7comm.parameters.group,zeek_s7comm.parameters.mode,zeek_s7comm.parameters.sub,zeek_s7comm.parameters.type,zeek_s7comm.rosctr,zeek_signatures.engine,zeek_signatures.event_message,zeek_signatures.hits,zeek_signatures.host_count,zeek_signatures.note,zeek_signatures.signature_count,zeek_signatures.signature_id,zeek_signatures.sub_message,zeek_sip.call_id,zeek_sip.content_type,zeek_sip.date,zeek_sip.method,zeek_sip.reply_to,zeek_sip.request_body_len,zeek_sip.request_from,zeek_sip.request_path,zeek_sip.request_to,zeek_sip.response_body_len,zeek_sip.response_from,zeek_sip.response_path,zeek_sip.response_to,zeek_sip.seq,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.subject,zeek_sip.trans_depth,zeek_sip.uri,zeek_sip.user_agent,zeek_sip.warning,zeek_smb_files.action,zeek_smb_files.fuid,zeek_smb_files.name,zeek_smb_files.path,zeek_smb_files.prev_name,zeek_smb_files.size,zeek_smb_files.times_accessed,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp,zeek_smb_files.times_created,zeek_smb_files.times_modified,zeek_smb_mapping.native_file_system,zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.share_type,zeek_smtp.cc,zeek_smtp.date,zeek_smtp.first_received,zeek_smtp.from,zeek_smtp.fuids,zeek_smtp.helo,zeek_smtp.in_reply_to,zeek_smtp.is_webmail,zeek_smtp.last_reply,zeek_smtp.mailfrom,zeek_smtp.msg_id,zeek_smtp.path,zeek_smtp.rcptto,zeek_smtp.reply_to,zeek_smtp.second_received,zeek_smtp.subject,zeek_smtp.tls,zeek_smtp.to,zeek_smtp.trans_depth,zeek_smtp.user_agent,zeek_smtp.x_originating_ip,zeek_snmp.community,zeek_snmp.display_string,zeek_snmp.duration,zeek_snmp.get_bulk_requests,zeek_snmp.get_requests,zeek_snmp.get_responses,zeek_snmp.set_requests,zeek_snmp.up_since,zeek_snmp.version,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.server_status,zeek_socks.version,zeek_software.name,zeek_software.software_type,zeek_software.unparsed_version,zeek_software.version_addl,zeek_software.version_major,zeek_software.version_minor,zeek_software.version_minor2,zeek_software.version_minor3,zeek_ssh.auth_attempts,zeek_ssh.auth_success,zeek_ssh.cipher_alg,zeek_ssh.client,zeek_ssh.compression_alg,zeek_ssh.cshka,zeek_ssh.direction,zeek_ssh.hassh,zeek_ssh.hasshAlgorithms,zeek_ssh.hasshServer,zeek_ssh.hasshServerAlgorithms,zeek_ssh.hasshVersion,zeek_ssh.host_key,zeek_ssh.host_key_alg,zeek_ssh.kex_alg,zeek_ssh.mac_alg,zeek_ssh.remote_location_city,zeek_ssh.remote_location_country_code,zeek_ssh.remote_location_latitude,zeek_ssh.remote_location_longitude,zeek_ssh.remote_location_region,zeek_ssh.server,zeek_ssh.sshka,zeek_ssh.version,zeek_ssl.cert_chain_fuids,zeek_ssl.cipher,zeek_ssl.client_cert_chain_fuids,zeek_ssl.client_issuer.C,zeek_ssl.client_issuer.CN,zeek_ssl.client_issuer.DC,zeek_ssl.client_issuer.emailAddress,zeek_ssl.client_issuer.GN,zeek_ssl.client_issuer.initials,zeek_ssl.client_issuer.L,zeek_ssl.client_issuer.O,zeek_ssl.client_issuer.OU,zeek_ssl.client_issuer.pseudonym,zeek_ssl.client_issuer.serialNumber,zeek_ssl.client_issuer.SN,zeek_ssl.client_issuer.ST,zeek_ssl.client_issuer.title,zeek_ssl.client_issuer_full,zeek_ssl.client_subject.C,zeek_ssl.client_subject.CN,zeek_ssl.client_subject.emailAddress,zeek_ssl.client_subject.GN,zeek_ssl.client_subject.initials,zeek_ssl.client_subject.L,zeek_ssl.client_subject.O,zeek_ssl.client_subject.OU,zeek_ssl.client_subject.pseudonym,zeek_ssl.client_subject.serialNumber,zeek_ssl.client_subject.SN,zeek_ssl.client_subject.ST,zeek_ssl.client_subject.title,zeek_ssl.client_subject_full,zeek_ssl.curve,zeek_ssl.established,zeek_ssl.issuer.C,zeek_ssl.issuer.CN,zeek_ssl.issuer.DC,zeek_ssl.issuer.emailAddress,zeek_ssl.issuer.GN,zeek_ssl.issuer.initials,zeek_ssl.issuer.L,zeek_ssl.issuer.O,zeek_ssl.issuer.OU,zeek_ssl.issuer.pseudonym,zeek_ssl.issuer.serialNumber,zeek_ssl.issuer.SN,zeek_ssl.issuer.ST,zeek_ssl.issuer.title,zeek_ssl.issuer_full,zeek_ssl.ja3,zeek_ssl.ja3_desc,zeek_ssl.ja3s,zeek_ssl.ja3s_desc,zeek_ssl.last_alert,zeek_ssl.next_protocol,zeek_ssl.resumed,zeek_ssl.server_name,zeek_ssl.ssl_version,zeek_ssl.subject.C,zeek_ssl.subject.CN,zeek_ssl.subject.emailAddress,zeek_ssl.subject.GN,zeek_ssl.subject.initials,zeek_ssl.subject.L,zeek_ssl.subject.O,zeek_ssl.subject.OU,zeek_ssl.subject.pseudonym,zeek_ssl.subject.serialNumber,zeek_ssl.subject.SN,zeek_ssl.subject.ST,zeek_ssl.subject.title,zeek_ssl.subject_full,zeek_ssl.validation_status,zeek_syslog.facility,zeek_syslog.message,zeek_syslog.severity,zeek_tds.command,zeek_tds_rpc.parameters,zeek_tds_rpc.procedure_name,zeek_tds_sql_batch.header_type,zeek_tds_sql_batch.query,zeek_tunnel.action,zeek_tunnel.tunnel_type,zeek_weird.addl,zeek_weird.name,zeek_weird.notice,zeek_weird.peer,zeek_x509.basic_constraints_ca,zeek_x509.basic_constraints_path_len,zeek_x509.certificate_curve,zeek_x509.certificate_exponent,zeek_x509.certificate_issuer.C,zeek_x509.certificate_issuer.CN,zeek_x509.certificate_issuer.emailAddress,zeek_x509.certificate_issuer.GN,zeek_x509.certificate_issuer.initials,zeek_x509.certificate_issuer.L,zeek_x509.certificate_issuer.O,zeek_x509.certificate_issuer.OU,zeek_x509.certificate_issuer.pseudonym,zeek_x509.certificate_issuer.serialNumber,zeek_x509.certificate_issuer.SN,zeek_x509.certificate_issuer.ST,zeek_x509.certificate_issuer.title,zeek_x509.certificate_issuer_full,zeek_x509.certificate_key_alg,zeek_x509.certificate_key_length,zeek_x509.certificate_key_type,zeek_x509.certificate_not_valid_after,zeek_x509.certificate_not_valid_before,zeek_x509.certificate_serial,zeek_x509.certificate_sig_alg,zeek_x509.certificate_subject.C,zeek_x509.certificate_subject.CN,zeek_x509.certificate_subject.DC,zeek_x509.certificate_subject.emailAddress,zeek_x509.certificate_subject.GN,zeek_x509.certificate_subject.initials,zeek_x509.certificate_subject.L,zeek_x509.certificate_subject.O,zeek_x509.certificate_subject.OU,zeek_x509.certificate_subject.pseudonym,zeek_x509.certificate_subject.serialNumber,zeek_x509.certificate_subject.SN,zeek_x509.certificate_subject.ST,zeek_x509.certificate_subject.title,zeek_x509.certificate_subject_full,zeek_x509.certificate_version,zeek_x509.fuid,zeek_x509.san_dns,zeek_x509.san_email,zeek_x509.san_ip,zeek_x509.san_uri";
+  var allFieldsStr = "communityId,host.name,ip.protocol,mac.dst,mac.src,node,oui.dst,oui.src,protocols,rootId,tags,zeek.community_id,zeek.destination_geo.city_name,zeek.destination_geo.country_name,zeek.destination_ip_reverse_dns,zeek.filename,zeek.filetype,zeek.fuid,zeek.logType,zeek.orig_h,zeek.orig_hostname,zeek.orig_l2_addr,zeek.orig_l2_oui,zeek.orig_p,zeek.orig_segment,zeek.proto,zeek.resp_h,zeek.resp_hostname,zeek.resp_l2_addr,zeek.resp_l2_oui,zeek.resp_p,zeek.resp_segment,zeek.service,zeek.service_version,zeek.source_geo.city_name,zeek.source_geo.country_name,zeek.source_ip_reverse_dns,zeek.ts,zeek.uid,zeek.user,zeek.password,zeek.freq_score_v1,zeek.freq_score_v2,zeek_bacnet.apdu_type,zeek_bacnet.bvlc_function,zeek_bacnet.bvlc_len,zeek_bacnet.data,zeek_bacnet.data_dict.date,zeek_bacnet.data_dict.low_limit,zeek_bacnet.data_dict.high_limit,zeek_bacnet.data_dict.object,zeek_bacnet.data_dict.property,zeek_bacnet.data_dict.result,zeek_bacnet.data_dict.time,zeek_bacnet.data_dict.ttl,zeek_bacnet.service_choice,zeek_cip.cip_service,zeek_cip.cip_tags,zeek_cip.status,zeek_conn.conn_state,zeek_conn.conn_state_description,zeek_conn.duration,zeek_conn.history,zeek_conn.inner_vlan,zeek_conn.local_orig,zeek_conn.local_resp,zeek_conn.missed_bytes,zeek_conn.orig_bytes,zeek_conn.orig_ip_bytes,zeek_conn.orig_pkts,zeek_conn.resp_bytes,zeek_conn.resp_ip_bytes,zeek_conn.resp_pkts,zeek_conn.tunnel_parents,zeek_conn.vlan,zeek_dce_rpc.endpoint,zeek_dce_rpc.named_pipe,zeek_dce_rpc.operation,zeek_dce_rpc.rtt,zeek_dhcp.assigned_ip,zeek_dhcp.lease_time,zeek_dhcp.mac,zeek_dhcp.trans_id,zeek_dnp3.fc_reply,zeek_dnp3.fc_request,zeek_dnp3.iin,zeek_dns.AA,zeek_dns.answers,zeek_dns.qclass,zeek_dns.qclass_name,zeek_dns.qtype,zeek_dns.qtype_name,zeek_dns.query,zeek_dns.RA,zeek_dns.rcode,zeek_dns.rcode_name,zeek_dns.RD,zeek_dns.rejected,zeek_dns.rtt,zeek_dns.TC,zeek_dns.trans_id,zeek_dns.TTLs,zeek_dns.Z,zeek_dpd.failure_reason,zeek_dpd.service,zeek_enip.command,zeek_enip.length,zeek_enip.options,zeek_enip.sender_context,zeek_enip.session_handle,zeek_enip.status,zeek_enip_list_identity.device_ip,zeek_enip_list_identity.device_type,zeek_enip_list_identity.product_code,zeek_enip_list_identity.product_name,zeek_enip_list_identity.revision,zeek_enip_list_identity.serial_number,zeek_enip_list_identity.state,zeek_enip_list_identity.status,zeek_enip_list_identity.vendor,zeek_files.analyzers,zeek_files.conn_uids,zeek_files.depth,zeek_files.duration,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size,zeek_files.filename,zeek_files.fuid,zeek_files.is_orig,zeek_files.local_orig,zeek_files.md5,zeek_files.mime_type,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.parent_fuid,zeek_files.rx_hosts,zeek_files.seen_bytes,zeek_files.sha1,zeek_files.sha256,zeek_files.source,zeek_files.timedout,zeek_files.total_bytes,zeek_files.tx_hosts,zeek_ftp.arg,zeek_ftp.command,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p,zeek_ftp.file_size,zeek_ftp.fuid,zeek_ftp.mime_type,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_gquic.cyu,zeek_gquic.cyutags,zeek_gquic.server_name,zeek_gquic.tag_count,zeek_gquic.user_agent,zeek_gquic.version,zeek_http.host,zeek_http.info_code,zeek_http.info_msg,zeek_http.method,zeek_http.orig_filenames,zeek_http.orig_fuids,zeek_http.orig_mime_types,zeek_http.origin,zeek_http.proxied,zeek_http.referrer,zeek_http.request_body_len,zeek_http.resp_filenames,zeek_http.resp_fuids,zeek_http.resp_mime_types,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.tags,zeek_http.trans_depth,zeek_http.uri,zeek_http.user_agent,zeek_http.version,zeek_intel.file_description,zeek_intel.fuid,zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.matched,zeek_intel.mimetype,zeek_intel.seen_node,zeek_intel.seen_where,zeek_intel.sources,zeek_irc.addl,zeek_irc.command,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type,zeek_irc.fuid,zeek_irc.nick,zeek_irc.value,zeek_iso_cotp.pdu_type,zeek_kerberos.cipher,zeek_kerberos.client_cert_fuid,zeek_kerberos.client_cert_subject,zeek_kerberos.cname,zeek_kerberos.error_msg,zeek_kerberos.forwardable,zeek_kerberos.from,zeek_kerberos.renewable,zeek_kerberos.server_cert_fuid,zeek_kerberos.server_cert_subject,zeek_kerberos.sname,zeek_kerberos.success,zeek_kerberos.till,zeek_known_certs.issuer_subject,zeek_known_certs.serial,zeek_known_certs.subject,zeek_known_modbus.device_type,zeek_ldap.message_id,zeek_ldap.operation,zeek_ldap.value,zeek_ldap.entry,zeek_ldap.result,zeek_ldap.result_code,zeek_ldap.error,zeek_modbus.exception,zeek_modbus.func,modbus_register_change.register,modbus_register_change.old_val,modbus_register_change.new_val,modbus_register_change.delta,zeek_mqtt_connect.client_id,zeek_mqtt_connect.connect_status,zeek_mqtt_connect.proto_name,zeek_mqtt_connect.proto_version,zeek_mqtt_connect.will_payload,zeek_mqtt_connect.will_topic,zeek_mqtt_publish.from_client,zeek_mqtt_publish.retain,zeek_mqtt_publish.qos,zeek_mqtt_publish.status,zeek_mqtt_publish.topic,zeek_mqtt_publish.payload,zeek_mqtt_publish.payload_len,zeek_mqtt_subscribe.action,zeek_mqtt_subscribe.topics,zeek_mqtt_subscribe.qos_levels,zeek_mqtt_subscribe.granted_qos_level,zeek_mqtt_subscribe.ack,zeek_mysql.arg,zeek_mysql.cmd,zeek_mysql.response,zeek_mysql.rows,zeek_mysql.success,zeek_notice.actions,zeek_notice.dropped,zeek_notice.dst,zeek_notice.file_desc,zeek_notice.file_mime_type,zeek_notice.fuid,zeek_notice.msg,zeek_notice.n,zeek_notice.note,zeek_notice.p,zeek_notice.peer_descr,zeek_notice.remote_location_city,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_country_code,zeek_notice.remote_location_latitude,zeek_notice.remote_location_longitude,zeek_notice.remote_location_region,zeek_notice.src,zeek_notice.sub,zeek_notice.suppress_for,zeek_ntlm.domain,zeek_ntlm.host,zeek_ntlm.status,zeek_ntlm.success,zeek_ntlm.server_nb_computer,zeek_ntlm.server_dns_computer,zeek_ntlm.server_tree,zeek_ntp.mode,zeek_ntp.mode_str,zeek_ntp.num_exts,zeek_ntp.org_time,zeek_ntp.poll,zeek_ntp.precision,zeek_ntp.rec_time,zeek_ntp.ref_id,zeek_ntp.ref_time,zeek_ntp.root_delay,zeek_ntp.root_disp,zeek_ntp.stratum,zeek_ntp.version,zeek_ntp.xmt_time,zeek_pe.compile_ts,zeek_pe.fuid,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.has_export_table,zeek_pe.has_import_table,zeek_pe.is_64bit,zeek_pe.is_exe,zeek_pe.machine,zeek_pe.os,zeek_pe.section_names,zeek_pe.subsystem,zeek_pe.uses_aslr,zeek_pe.uses_code_integrity,zeek_pe.uses_dep,zeek_pe.uses_seh,zeek_profinet.block_version,zeek_profinet.index,zeek_profinet.operation_type,zeek_profinet.slot_number,zeek_profinet.subslot_number,zeek_profinet_dce_rpc.activity_uuid,zeek_profinet_dce_rpc.interface_uuid,zeek_profinet_dce_rpc.object_uuid,zeek_profinet_dce_rpc.operation,zeek_profinet_dce_rpc.packet_type,zeek_profinet_dce_rpc.server_boot_time,zeek_profinet_dce_rpc.version,zeek_radius.connect_info,zeek_radius.framed_addr,zeek_radius.mac,zeek_radius.tunnel_client,zeek_radius.reply_msg,zeek_radius.result,zeek_radius.ttl,zeek_rdp.cert_count,zeek_rdp.cert_permanent,zeek_rdp.cert_type,zeek_rdp.client_build,zeek_rdp.client_channels,zeek_rdp.client_dig_product_id,zeek_rdp.client_name,zeek_rdp.cookie,zeek_rdp.desktop_height,zeek_rdp.desktop_width,zeek_rdp.encryption_level,zeek_rdp.encryption_method,zeek_rdp.keyboard_layout,zeek_rdp.requested_color_depth,zeek_rdp.result,zeek_rdp.security_protocol,zeek_rfb.auth,zeek_rfb.authentication_method,zeek_rfb.client_major_version,zeek_rfb.client_minor_version,zeek_rfb.desktop_name,zeek_rfb.height,zeek_rfb.server_major_version,zeek_rfb.server_minor_version,zeek_rfb.share_flag,zeek_rfb.width,zeek_s7comm.data_info,zeek_s7comm.item_count,zeek_s7comm.parameter,zeek_s7comm.parameters.class,zeek_s7comm.parameters.code,zeek_s7comm.parameters.group,zeek_s7comm.parameters.mode,zeek_s7comm.parameters.sub,zeek_s7comm.parameters.type,zeek_s7comm.rosctr,zeek_signatures.engine,zeek_signatures.event_message,zeek_signatures.hits,zeek_signatures.host_count,zeek_signatures.note,zeek_signatures.signature_count,zeek_signatures.signature_id,zeek_signatures.sub_message,zeek_sip.call_id,zeek_sip.content_type,zeek_sip.date,zeek_sip.method,zeek_sip.reply_to,zeek_sip.request_body_len,zeek_sip.request_from,zeek_sip.request_path,zeek_sip.request_to,zeek_sip.response_body_len,zeek_sip.response_from,zeek_sip.response_path,zeek_sip.response_to,zeek_sip.seq,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.subject,zeek_sip.trans_depth,zeek_sip.uri,zeek_sip.user_agent,zeek_sip.warning,zeek_smb_files.action,zeek_smb_files.fuid,zeek_smb_files.name,zeek_smb_files.path,zeek_smb_files.prev_name,zeek_smb_files.size,zeek_smb_files.times_accessed,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp,zeek_smb_files.times_created,zeek_smb_files.times_modified,zeek_smb_mapping.native_file_system,zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.share_type,zeek_smtp.cc,zeek_smtp.date,zeek_smtp.first_received,zeek_smtp.from,zeek_smtp.fuids,zeek_smtp.helo,zeek_smtp.in_reply_to,zeek_smtp.is_webmail,zeek_smtp.last_reply,zeek_smtp.mailfrom,zeek_smtp.msg_id,zeek_smtp.path,zeek_smtp.rcptto,zeek_smtp.reply_to,zeek_smtp.second_received,zeek_smtp.subject,zeek_smtp.tls,zeek_smtp.to,zeek_smtp.trans_depth,zeek_smtp.user_agent,zeek_smtp.x_originating_ip,zeek_snmp.community,zeek_snmp.display_string,zeek_snmp.duration,zeek_snmp.get_bulk_requests,zeek_snmp.get_requests,zeek_snmp.get_responses,zeek_snmp.set_requests,zeek_snmp.up_since,zeek_snmp.version,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.server_status,zeek_socks.version,zeek_software.name,zeek_software.software_type,zeek_software.unparsed_version,zeek_software.version_addl,zeek_software.version_major,zeek_software.version_minor,zeek_software.version_minor2,zeek_software.version_minor3,zeek_ssh.auth_attempts,zeek_ssh.auth_success,zeek_ssh.cipher_alg,zeek_ssh.client,zeek_ssh.compression_alg,zeek_ssh.cshka,zeek_ssh.direction,zeek_ssh.hassh,zeek_ssh.hasshAlgorithms,zeek_ssh.hasshServer,zeek_ssh.hasshServerAlgorithms,zeek_ssh.hasshVersion,zeek_ssh.host_key,zeek_ssh.host_key_alg,zeek_ssh.kex_alg,zeek_ssh.mac_alg,zeek_ssh.remote_location_city,zeek_ssh.remote_location_country_code,zeek_ssh.remote_location_latitude,zeek_ssh.remote_location_longitude,zeek_ssh.remote_location_region,zeek_ssh.server,zeek_ssh.sshka,zeek_ssh.version,zeek_ssl.cert_chain_fuids,zeek_ssl.cipher,zeek_ssl.client_cert_chain_fuids,zeek_ssl.client_issuer.C,zeek_ssl.client_issuer.CN,zeek_ssl.client_issuer.DC,zeek_ssl.client_issuer.emailAddress,zeek_ssl.client_issuer.GN,zeek_ssl.client_issuer.initials,zeek_ssl.client_issuer.L,zeek_ssl.client_issuer.O,zeek_ssl.client_issuer.OU,zeek_ssl.client_issuer.pseudonym,zeek_ssl.client_issuer.serialNumber,zeek_ssl.client_issuer.SN,zeek_ssl.client_issuer.ST,zeek_ssl.client_issuer.title,zeek_ssl.client_issuer_full,zeek_ssl.client_subject.C,zeek_ssl.client_subject.CN,zeek_ssl.client_subject.emailAddress,zeek_ssl.client_subject.GN,zeek_ssl.client_subject.initials,zeek_ssl.client_subject.L,zeek_ssl.client_subject.O,zeek_ssl.client_subject.OU,zeek_ssl.client_subject.pseudonym,zeek_ssl.client_subject.serialNumber,zeek_ssl.client_subject.SN,zeek_ssl.client_subject.ST,zeek_ssl.client_subject.title,zeek_ssl.client_subject_full,zeek_ssl.curve,zeek_ssl.established,zeek_ssl.issuer.C,zeek_ssl.issuer.CN,zeek_ssl.issuer.DC,zeek_ssl.issuer.emailAddress,zeek_ssl.issuer.GN,zeek_ssl.issuer.initials,zeek_ssl.issuer.L,zeek_ssl.issuer.O,zeek_ssl.issuer.OU,zeek_ssl.issuer.pseudonym,zeek_ssl.issuer.serialNumber,zeek_ssl.issuer.SN,zeek_ssl.issuer.ST,zeek_ssl.issuer.title,zeek_ssl.issuer_full,zeek_ssl.ja3,zeek_ssl.ja3_desc,zeek_ssl.ja3s,zeek_ssl.ja3s_desc,zeek_ssl.last_alert,zeek_ssl.next_protocol,zeek_ssl.resumed,zeek_ssl.server_name,zeek_ssl.ssl_version,zeek_ssl.subject.C,zeek_ssl.subject.CN,zeek_ssl.subject.emailAddress,zeek_ssl.subject.GN,zeek_ssl.subject.initials,zeek_ssl.subject.L,zeek_ssl.subject.O,zeek_ssl.subject.OU,zeek_ssl.subject.pseudonym,zeek_ssl.subject.serialNumber,zeek_ssl.subject.SN,zeek_ssl.subject.ST,zeek_ssl.subject.title,zeek_ssl.subject_full,zeek_ssl.validation_status,zeek_syslog.facility,zeek_syslog.message,zeek_syslog.severity,zeek_tds.command,zeek_tds_rpc.parameters,zeek_tds_rpc.procedure_name,zeek_tds_sql_batch.header_type,zeek_tds_sql_batch.query,zeek_tunnel.action,zeek_tunnel.tunnel_type,zeek_weird.addl,zeek_weird.name,zeek_weird.notice,zeek_weird.peer,zeek_x509.basic_constraints_ca,zeek_x509.basic_constraints_path_len,zeek_x509.certificate_curve,zeek_x509.certificate_exponent,zeek_x509.certificate_issuer.C,zeek_x509.certificate_issuer.CN,zeek_x509.certificate_issuer.emailAddress,zeek_x509.certificate_issuer.GN,zeek_x509.certificate_issuer.initials,zeek_x509.certificate_issuer.L,zeek_x509.certificate_issuer.O,zeek_x509.certificate_issuer.OU,zeek_x509.certificate_issuer.pseudonym,zeek_x509.certificate_issuer.serialNumber,zeek_x509.certificate_issuer.SN,zeek_x509.certificate_issuer.ST,zeek_x509.certificate_issuer.title,zeek_x509.certificate_issuer_full,zeek_x509.certificate_key_alg,zeek_x509.certificate_key_length,zeek_x509.certificate_key_type,zeek_x509.certificate_not_valid_after,zeek_x509.certificate_not_valid_before,zeek_x509.certificate_serial,zeek_x509.certificate_sig_alg,zeek_x509.certificate_subject.C,zeek_x509.certificate_subject.CN,zeek_x509.certificate_subject.DC,zeek_x509.certificate_subject.emailAddress,zeek_x509.certificate_subject.GN,zeek_x509.certificate_subject.initials,zeek_x509.certificate_subject.L,zeek_x509.certificate_subject.O,zeek_x509.certificate_subject.OU,zeek_x509.certificate_subject.pseudonym,zeek_x509.certificate_subject.serialNumber,zeek_x509.certificate_subject.SN,zeek_x509.certificate_subject.ST,zeek_x509.certificate_subject.title,zeek_x509.certificate_subject_full,zeek_x509.certificate_version,zeek_x509.fuid,zeek_x509.san_dns,zeek_x509.san_email,zeek_x509.san_ip,zeek_x509.san_uri";
   this.api.addRightClick("malcolm_kibana_cat_ip",       {name:filterLabel, url:"idmol2kib/filter?start=%ISOSTART%&stop=%ISOSTOP%&field=%DBFIELD%&value=%TEXT%", category:"ip"});
   this.api.addRightClick("malcolm_kibana_cat_port",     {name:filterLabel, url:filterUrl, category:"port"});
   this.api.addRightClick("malcolm_kibana_cat_country",  {name:filterLabel, url:filterUrl, category:"country"});
@@ -818,7 +820,8 @@ function ZeekLogs (api, section) {
     // basic connection information
     "  if (session.zeek.orig_h || session.zeek.orig_p || session.zeek.orig_l2_addr || session.zeek.resp_h || " +
     "      session.zeek.resp_p || session.zeek.resp_l2_addr || session.zeek.proto || session.zeek.service || " +
-    "      session.zeek.service_version || session.zeek.user || session.zeek.password)\n" +
+    "      session.zeek.service_version || session.zeek.user || session.zeek.password || " +
+    "      session.zeek.freq_score_v1 || session.zeek.freq_score_v2 )\n" +
     "    dl.sessionDetailMeta(suffix=\"Basic Connection Info\")\n" +
     "      +arrayList(session.zeek, 'orig_h', 'Originating Host', 'zeek.orig_h')\n" +
     "      +arrayList(session.zeek, 'orig_l2_addr', 'Originating MAC', 'zeek.orig_l2_addr')\n" +
@@ -843,6 +846,8 @@ function ZeekLogs (api, section) {
     "      +arrayList(session.zeek, 'service_version', 'Service Version', 'zeek.service_version')\n" +
     "      +arrayList(session.zeek, 'user', 'User', 'zeek.user')\n" +
     "      +arrayList(session.zeek, 'password', 'Password', 'zeek.password')\n" +
+    "      +arrayList(session.zeek, 'freq_score_v1', 'Freq Score v1', 'zeek.freq_score_v1')\n" +
+    "      +arrayList(session.zeek, 'freq_score_v2', 'Freq Score v2', 'zeek.freq_score_v2')\n" +
 
     // file information
     "  if (session.zeek.fuid || session.zeek.filename || session.zeek.filetype)\n" +

From 067426aef21b21fa415ef93d5f73b89859e1cd8f Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 28 Jan 2020 14:42:06 -0700
Subject: [PATCH 040/183] update docker ignore ifle

---
 .dockerignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.dockerignore b/.dockerignore
index e18e0b551..2790c07f4 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -13,7 +13,9 @@
 docker-compose*yml
 Dockerfiles
 elasticsearch
+elasticsearch-backup
 malcolm-iso
+sensor-iso
 moloch-logs
 moloch-raw
 nginx/nginx_ldap.conf

From 6c651912613d5ad0ae1c2463b77254d6f1314675 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 28 Jan 2020 15:09:00 -0700
Subject: [PATCH 041/183] ask about string freq lookup in install.py

---
 scripts/install.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/install.py b/scripts/install.py
index 70eba3cb0..a3bb7f658 100755
--- a/scripts/install.py
+++ b/scripts/install.py
@@ -333,6 +333,7 @@ def tweak_malcolm_runtime(self, malcolm_install_path, expose_logstash_default=Fa
     autoZeek = InstallerYesOrNo('Automatically analyze all PCAP files with Zeek?', default=True)
     reverseDns = InstallerYesOrNo('Perform reverse DNS lookup locally for source and destination IP addresses in Zeek logs?', default=False)
     autoOui = InstallerYesOrNo('Perform hardware vendor OUI lookups for MAC addresses?', default=True)
+    autoFreq = InstallerYesOrNo('Perform string randomness scoring on some fields?', default=False)
     logstashOpen = InstallerYesOrNo('Expose Logstash port to external hosts?', default=expose_logstash_default)
     logstashSsl = logstashOpen and InstallerYesOrNo('Should Logstash require SSL for Zeek logs? (Note: This requires the forwarder to be similarly configured and a corresponding copy of the client SSL files.)', default=False)
     externalEsForward = InstallerYesOrNo('Forward Logstash logs to external Elasticstack instance?', default=False)
@@ -472,6 +473,9 @@ def tweak_malcolm_runtime(self, malcolm_install_path, expose_logstash_default=Fa
           elif 'LOGSTASH_OUI_LOOKUP' in line:
             # automatic MAC OUI lookup
             line = re.sub(r'(LOGSTASH_OUI_LOOKUP\s*:\s*)(\S+)', r'\g<1>{}'.format("'true'" if autoOui else "'false'"), line)
+          elif 'FREQ_LOOKUP' in line:
+            # freq.py string randomness calculations
+            line = re.sub(r'(FREQ_LOOKUP\s*:\s*)(\S+)', r'\g<1>{}'.format("'true'" if autoFreq else "'false'"), line)
           elif 'BEATS_SSL' in line:
             # enable/disable beats SSL
             line = re.sub(r'(BEATS_SSL\s*:\s*)(\S+)', r'\g<1>{}'.format("'true'" if logstashOpen and logstashSsl else "'false'"), line)

From ed8654efd07180ef3e2da3234a7160060ad5cdaf Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 28 Jan 2020 15:32:05 -0700
Subject: [PATCH 042/183] added security overview dashboard wip

---
 .../95479950-41f2-11ea-88fa-7151df485405.json | 165 +++++++++++++-----
 logstash/pipelines/enrichment/11_lookups.conf |   2 +-
 2 files changed, 119 insertions(+), 48 deletions(-)

diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index 288381c05..f0da9099a 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -4,13 +4,13 @@
     {
       "id": "95479950-41f2-11ea-88fa-7151df485405",
       "type": "dashboard",
-      "updated_at": "2020-01-28T18:54:49.682Z",
-      "version": "Wzg1MCwxXQ==",
+      "updated_at": "2020-01-28T22:30:26.848Z",
+      "version": "WzgwOSwxXQ==",
       "attributes": {
         "title": "Security Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"h\":23,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":23,\"i\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"w\":12,\"x\":8,\"y\":0},\"panelIndex\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":23,\"i\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"w\":15,\"x\":20,\"y\":0},\"panelIndex\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":23,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"w\":13,\"x\":35,\"y\":0},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":34,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"w\":13,\"x\":0,\"y\":23},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":34,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"w\":15,\"x\":13,\"y\":23},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"w\":10,\"x\":28,\"y\":23},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"w\":10,\"x\":38,\"y\":23},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":16,\"i\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"w\":20,\"x\":28,\"y\":41},\"panelIndex\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":34,\"i\":\"94ee60c6-28b4-4042-8ecb-f49f9c7827df\",\"w\":13,\"x\":0,\"y\":57},\"panelIndex\":\"94ee60c6-28b4-4042-8ecb-f49f9c7827df\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"h\":18,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"w\":35,\"x\":13,\"y\":57},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":12,\"h\":23,\"i\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\"},\"panelIndex\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":20,\"y\":0,\"w\":15,\"h\":23,\"i\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\"},\"panelIndex\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":35,\"y\":0,\"w\":13,\"h\":23,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\"},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":15,\"h\":18,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\"},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":15,\"y\":23,\"w\":15,\"h\":34,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\"},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":30,\"y\":23,\"w\":9,\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\"},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":39,\"y\":23,\"w\":9,\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\"},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":41,\"w\":15,\"h\":19,\"i\":\"071a1c98-695f-4708-92c9-2c950e515131\"},\"panelIndex\":\"071a1c98-695f-4708-92c9-2c950e515131\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":30,\"y\":41,\"w\":18,\"h\":16,\"i\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\"},\"panelIndex\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":15,\"y\":57,\"w\":33,\"h\":22,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\"},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":60,\"w\":15,\"h\":19,\"i\":\"94ee60c6-28b4-4042-8ecb-f49f9c7827df\"},\"panelIndex\":\"94ee60c6-28b4-4042-8ecb-f49f9c7827df\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -62,17 +62,22 @@
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "10a01120-41f5-11ea-88fa-7151df485405"
+          "id": "69241a80-421d-11ea-9084-41ab7c5fff2e"
         },
         {
           "name": "panel_9",
           "type": "visualization",
-          "id": "750367f0-41f2-11ea-88fa-7151df485405"
+          "id": "10a01120-41f5-11ea-88fa-7151df485405"
         },
         {
           "name": "panel_10",
           "type": "visualization",
           "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405"
+        },
+        {
+          "name": "panel_11",
+          "type": "visualization",
+          "id": "750367f0-41f2-11ea-88fa-7151df485405"
         }
       ],
       "migrationVersion": {
@@ -82,8 +87,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-01-28T17:11:03.544Z",
-      "version": "Wzc2MiwxXQ==",
+      "updated_at": "2020-01-28T22:06:03.783Z",
+      "version": "Wzc3NywxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -102,8 +107,8 @@
     {
       "id": "a4f6eba0-41f5-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T17:43:07.866Z",
-      "version": "WzgwMywxXQ==",
+      "updated_at": "2020-01-28T22:05:42.216Z",
+      "version": "WzU1NSwxXQ==",
       "attributes": {
         "title": "Notices by Category",
         "visState": "{\"title\":\"Notices by Category\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.note\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice Category\"}}]}",
@@ -129,8 +134,8 @@
     {
       "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75",
       "type": "visualization",
-      "updated_at": "2020-01-28T17:10:32.729Z",
-      "version": "WzQ1MSwxXQ==",
+      "updated_at": "2020-01-28T22:05:42.216Z",
+      "version": "WzU1NiwxXQ==",
       "attributes": {
         "title": "Signatures - Signature IDs",
         "visState": "{\"title\":\"Signatures - Signature IDs\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_signatures.signature_id\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature ID\"}}]}",
@@ -156,8 +161,8 @@
     {
       "id": "c5b1e590-41f3-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T18:05:05.122Z",
-      "version": "WzgyMywxXQ==",
+      "updated_at": "2020-01-28T22:05:42.216Z",
+      "version": "WzU1NywxXQ==",
       "attributes": {
         "title": "Clear-text Transmission of Passwords ",
         "visState": "{\"title\":\"Clear-text Transmission of Passwords \",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Username\"}}]}",
@@ -182,11 +187,11 @@
     {
       "id": "e9f27fa0-41f8-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T18:42:31.189Z",
-      "version": "WzgzOSwxXQ==",
+      "updated_at": "2020-01-28T22:23:16.384Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
         "title": "Outdated/Insecure Application Protocols",
-        "visState": "{\"title\":\"Outdated/Insecure Application Protocols\",\"type\":\"table\",\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol Version\"}}]}",
+        "visState": "{\"title\":\"Outdated/Insecure Application Protocols\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol Version\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}",
         "description": "",
         "version": 1,
@@ -208,8 +213,8 @@
     {
       "id": "f7b3ba60-41f7-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T17:59:45.669Z",
-      "version": "WzgxNSwxXQ==",
+      "updated_at": "2020-01-28T22:05:42.216Z",
+      "version": "WzU1OSwxXQ==",
       "attributes": {
         "title": "Connections by Destination Country (region map)",
         "visState": "{\"title\":\"Connections by Destination Country (region map)\",\"type\":\"region_map\",\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Blues\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p><a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.maptiler.com\\\">MapTiler</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"http://localhost:28991/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Connections\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_code2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}",
@@ -235,8 +240,8 @@
     {
       "id": "0ffb5790-41f3-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T17:46:50.064Z",
-      "version": "WzgwNSwxXQ==",
+      "updated_at": "2020-01-28T22:05:42.216Z",
+      "version": "WzU2MCwxXQ==",
       "attributes": {
         "title": "Inbound External Traffic by Country",
         "visState": "{\"title\":\"Inbound External Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.source_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Originating Country\"}}]}",
@@ -261,8 +266,8 @@
     {
       "id": "4a183420-41f3-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T17:47:36.034Z",
-      "version": "WzgwNywxXQ==",
+      "updated_at": "2020-01-28T22:05:42.216Z",
+      "version": "WzU2MSwxXQ==",
       "attributes": {
         "title": "Outbound Internal Traffic by Country",
         "visState": "{\"title\":\"Outbound Internal Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Responding Country\"}}]}",
@@ -285,25 +290,26 @@
       }
     },
     {
-      "id": "10a01120-41f5-11ea-88fa-7151df485405",
+      "id": "69241a80-421d-11ea-9084-41ab7c5fff2e",
       "type": "visualization",
-      "updated_at": "2020-01-28T18:54:04.879Z",
-      "version": "Wzg0OCwxXQ==",
+      "updated_at": "2020-01-28T22:27:47.367Z",
+      "version": "WzgwNiwxXQ==",
       "attributes": {
-        "title": "File Types Observed",
-        "visState": "{\"title\":\"File Types Observed\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.filetype\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}}]}",
-        "uiStateJSON": "{}",
+        "title": "DNS Queries by Randomness",
+        "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+          "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
+          "name": "search_0",
+          "type": "search",
+          "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e"
         }
       ],
       "migrationVersion": {
@@ -311,14 +317,14 @@
       }
     },
     {
-      "id": "750367f0-41f2-11ea-88fa-7151df485405",
+      "id": "10a01120-41f5-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T18:00:41.420Z",
-      "version": "WzgxNywxXQ==",
+      "updated_at": "2020-01-28T22:05:42.216Z",
+      "version": "WzU2MiwxXQ==",
       "attributes": {
-        "title": "Application Protocol by Version",
-        "visState": "{\"title\":\"Application Protocol by Version\",\"type\":\"table\",\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol Version\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}",
+        "title": "File Types Observed",
+        "visState": "{\"title\":\"File Types Observed\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.filetype\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}}]}",
+        "uiStateJSON": "{}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -339,8 +345,8 @@
     {
       "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T18:54:35.175Z",
-      "version": "Wzg0OSwxXQ==",
+      "updated_at": "2020-01-28T22:05:42.216Z",
+      "version": "WzU2NCwxXQ==",
       "attributes": {
         "title": "External Remote Access Over Time",
         "visState": "{\"title\":\"External Remote Access Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD\"}},\"params\":{\"date\":true,\"interval\":\"P30D\",\"intervalESValue\":30,\"intervalESUnit\":\"d\",\"format\":\"YYYY-MM-DD\",\"bounds\":{\"min\":\"1976-01-28T18:52:45.953Z\",\"max\":\"2020-01-28T18:52:45.953Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-44y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
@@ -363,11 +369,37 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "750367f0-41f2-11ea-88fa-7151df485405",
+      "type": "visualization",
+      "updated_at": "2020-01-28T22:30:08.330Z",
+      "version": "WzgwOCwxXQ==",
+      "attributes": {
+        "title": "Application Protocol by Version",
+        "visState": "{\"title\":\"Application Protocol by Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol Version\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c",
       "type": "search",
-      "updated_at": "2020-01-28T17:11:00.469Z",
-      "version": "WzczOSwxXQ==",
+      "updated_at": "2020-01-28T22:06:00.709Z",
+      "version": "Wzc1NCwxXQ==",
       "attributes": {
         "title": "Notices - Logs",
         "description": "",
@@ -404,8 +436,8 @@
     {
       "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed",
       "type": "search",
-      "updated_at": "2020-01-28T17:10:32.729Z",
-      "version": "WzQ1MCwxXQ==",
+      "updated_at": "2020-01-28T22:05:42.216Z",
+      "version": "WzU2NiwxXQ==",
       "attributes": {
         "title": "Signatures - Logs",
         "description": "",
@@ -441,8 +473,8 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-01-28T17:11:01.499Z",
-      "version": "Wzc0NSwxXQ==",
+      "updated_at": "2020-01-28T22:06:01.739Z",
+      "version": "Wzc2MCwxXQ==",
       "attributes": {
         "sort": [
           [
@@ -476,6 +508,45 @@
       "migrationVersion": {
         "search": "7.4.0"
       }
+    },
+    {
+      "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e",
+      "type": "search",
+      "updated_at": "2020-01-28T22:05:54.537Z",
+      "version": "WzcwOSwxXQ==",
+      "attributes": {
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "hits": 0,
+        "description": "",
+        "title": "DNS - Logs",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:dns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        },
+        "columns": [
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "zeek.uid",
+          "_id"
+        ]
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index 0175dece4..2481c4147 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -219,7 +219,7 @@ filter {
         }
       }
     }
-  }
+  } # end if dns.ip
 
   if ([dns][ip]) and ([dns][ip][0]) {
     # if this is a DNS record with an IP, GeoIP it as well

From dcc32b6b0de3c4203d2f25d809b31190edab29f3 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 28 Jan 2020 15:43:00 -0700
Subject: [PATCH 043/183] added security overview dashboard wip

---
 .../95479950-41f2-11ea-88fa-7151df485405.json | 64 +++++++++----------
 1 file changed, 32 insertions(+), 32 deletions(-)

diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index f0da9099a..b0eb716df 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -4,18 +4,18 @@
     {
       "id": "95479950-41f2-11ea-88fa-7151df485405",
       "type": "dashboard",
-      "updated_at": "2020-01-28T22:30:26.848Z",
-      "version": "WzgwOSwxXQ==",
+      "updated_at": "2020-01-28T22:42:16.269Z",
+      "version": "WzgxOCwxXQ==",
       "attributes": {
         "title": "Security Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":12,\"h\":23,\"i\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\"},\"panelIndex\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":20,\"y\":0,\"w\":15,\"h\":23,\"i\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\"},\"panelIndex\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":35,\"y\":0,\"w\":13,\"h\":23,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\"},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":15,\"h\":18,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\"},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":15,\"y\":23,\"w\":15,\"h\":34,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\"},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":30,\"y\":23,\"w\":9,\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\"},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":39,\"y\":23,\"w\":9,\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\"},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":41,\"w\":15,\"h\":19,\"i\":\"071a1c98-695f-4708-92c9-2c950e515131\"},\"panelIndex\":\"071a1c98-695f-4708-92c9-2c950e515131\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":30,\"y\":41,\"w\":18,\"h\":16,\"i\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\"},\"panelIndex\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":15,\"y\":57,\"w\":33,\"h\":22,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\"},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":60,\"w\":15,\"h\":19,\"i\":\"94ee60c6-28b4-4042-8ecb-f49f9c7827df\"},\"panelIndex\":\"94ee60c6-28b4-4042-8ecb-f49f9c7827df\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":12,\"h\":23,\"i\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\"},\"panelIndex\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":20,\"y\":0,\"w\":15,\"h\":23,\"i\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\"},\"panelIndex\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":35,\"y\":0,\"w\":13,\"h\":23,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\"},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":15,\"h\":18,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\"},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":15,\"y\":23,\"w\":15,\"h\":37,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\"},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":30,\"y\":23,\"w\":9,\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\"},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":39,\"y\":23,\"w\":9,\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\"},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":41,\"w\":15,\"h\":19,\"i\":\"071a1c98-695f-4708-92c9-2c950e515131\"},\"panelIndex\":\"071a1c98-695f-4708-92c9-2c950e515131\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":30,\"y\":41,\"w\":18,\"h\":19,\"i\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\"},\"panelIndex\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":60,\"w\":15,\"h\":23,\"i\":\"94ee60c6-28b4-4042-8ecb-f49f9c7827df\"},\"panelIndex\":\"94ee60c6-28b4-4042-8ecb-f49f9c7827df\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":15,\"y\":60,\"w\":33,\"h\":23,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\"},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}"
         }
       },
       "references": [
@@ -72,12 +72,12 @@
         {
           "name": "panel_10",
           "type": "visualization",
-          "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405"
+          "id": "750367f0-41f2-11ea-88fa-7151df485405"
         },
         {
           "name": "panel_11",
           "type": "visualization",
-          "id": "750367f0-41f2-11ea-88fa-7151df485405"
+          "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405"
         }
       ],
       "migrationVersion": {
@@ -319,11 +319,11 @@
     {
       "id": "10a01120-41f5-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:05:42.216Z",
-      "version": "WzU2MiwxXQ==",
+      "updated_at": "2020-01-28T22:40:58.288Z",
+      "version": "WzgxMiwxXQ==",
       "attributes": {
         "title": "File Types Observed",
-        "visState": "{\"title\":\"File Types Observed\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.filetype\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}}]}",
+        "visState": "{\"title\":\"File Types Observed\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":56,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.filetype\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -343,26 +343,25 @@
       }
     },
     {
-      "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405",
+      "id": "750367f0-41f2-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:05:42.216Z",
-      "version": "WzU2NCwxXQ==",
+      "updated_at": "2020-01-28T22:41:44.039Z",
+      "version": "WzgxNCwxXQ==",
       "attributes": {
-        "title": "External Remote Access Over Time",
-        "visState": "{\"title\":\"External Remote Access Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD\"}},\"params\":{\"date\":true,\"interval\":\"P30D\",\"intervalESValue\":30,\"intervalESUnit\":\"d\",\"format\":\"YYYY-MM-DD\",\"bounds\":{\"min\":\"1976-01-28T18:52:45.953Z\",\"max\":\"2020-01-28T18:52:45.953Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-44y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
+        "title": "Application Protocol by Version",
+        "visState": "{\"title\":\"Application Protocol by Version\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol Version\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"zeek.service:(ssh OR rdp OR rfb OR telnet) AND tags:(external_source OR external_destination)\",\"language\":\"kuery\"},\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
-          "name": "search_0",
-          "type": "search",
-          "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
         }
       ],
       "migrationVersion": {
@@ -370,25 +369,26 @@
       }
     },
     {
-      "id": "750367f0-41f2-11ea-88fa-7151df485405",
+      "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:30:08.330Z",
-      "version": "WzgwOCwxXQ==",
+      "updated_at": "2020-01-28T22:05:42.216Z",
+      "version": "WzU2NCwxXQ==",
       "attributes": {
-        "title": "Application Protocol by Version",
-        "visState": "{\"title\":\"Application Protocol by Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol Version\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}",
+        "title": "External Remote Access Over Time",
+        "visState": "{\"title\":\"External Remote Access Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD\"}},\"params\":{\"date\":true,\"interval\":\"P30D\",\"intervalESValue\":30,\"intervalESUnit\":\"d\",\"format\":\"YYYY-MM-DD\",\"bounds\":{\"min\":\"1976-01-28T18:52:45.953Z\",\"max\":\"2020-01-28T18:52:45.953Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-44y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+          "searchSourceJSON": "{\"query\":{\"query\":\"zeek.service:(ssh OR rdp OR rfb OR telnet) AND tags:(external_source OR external_destination)\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
+          "name": "search_0",
+          "type": "search",
+          "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
       "migrationVersion": {

From 3ca2feb6fff253ba44f3036a6e51e2bdbe6647be Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 29 Jan 2020 12:24:04 -0700
Subject: [PATCH 044/183] use a ruby block rather than an http filter in order
 to better handle arrays

---
 logstash/pipelines/enrichment/11_lookups.conf | 57 ++++++++++++++-----
 1 file changed, 42 insertions(+), 15 deletions(-)

diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index 2481c4147..51268d370 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -203,21 +203,48 @@ filter {
 
   if ([dns][host]) {
     # if requested, look up DNS queries using freq_server.py to get entropy scores
-    mutate {
-      add_field => { "[@metadata][ENV_FREQ_LOOKUP]" => "${FREQ_LOOKUP:false}" }
-    }
-    if ([@metadata][ENV_FREQ_LOOKUP] == "true") {
-      http {
-        id => "rest_dns_freq_lookup"
-        url => "http://freq:10004/measure/%{[dns][host]}"
-        target_body => "[@metadata][dns_host_freq]"
-      }
-      if ([@metadata][dns_host_freq]) {
-        grok {
-          id => "grok_dns_freq_parse"
-          match => { "[@metadata][dns_host_freq]" => [ "^\(%{NUMBER:[zeek][freq_score_v1]}, %{NUMBER:[zeek][freq_score_v2]}\)$" ] }
-        }
-      }
+
+    # I would do this in an http filter, but it doesn't handle arrays
+    # http {
+    #   id => "rest_dns_freq_lookup"
+    #   url => "http://freq:10004/measure/%{[dns][host]}"
+    #   target_body => "[@metadata][dns_host_freq]"
+    # }
+    # if ([@metadata][dns_host_freq]) {
+    #   grok {
+    #     id => "grok_dns_freq_parse"
+    #     match => { "[@metadata][dns_host_freq]" => [ "^\(%{NUMBER:[zeek][freq_score_v1]}, %{NUMBER:[zeek][freq_score_v2]}\)$" ] }
+    #   }
+    # }
+    ruby {
+        id => "ruby_dns_freq_lookup"
+        init => "
+          require 'net/http'
+          $freqLookupEnabled = ENV['FREQ_LOOKUP'] || 'false'
+          "
+        # freq_server.py returns a string like: (2.9333, 3.6353)
+        code => "
+            if ($freqLookupEnabled == 'true') then
+              scoresv1 = Array.new
+              scoresv2 = Array.new
+              scoresTmp = Array.new
+              begin
+                event.get('[dns][host]').each { |query|
+                  if (query.length >= 4) then
+                    scoresTmp.clear
+                    scoresTmp.concat(Net::HTTP.get_response(URI.parse('http://freq:10004/measure/' + query)).body.gsub(/(^\(|\)$|\s+)/, '').split(',').map(&:to_f))
+                    if (scoresTmp.length == 2) then
+                      scoresv1 << scoresTmp[0]
+                      scoresv2 << scoresTmp[1]
+                    end
+                  end
+                }
+              rescue Exception => e
+                event.set('ruby_exception', 'ruby_dns_freq_lookup: ' + e.message)
+              end
+              event.set('[zeek][freq_score_v1]', scoresv1) unless (scoresv1.length == 0)
+              event.set('[zeek][freq_score_v2]', scoresv2) unless (scoresv2.length == 0)
+            end"
     }
   } # end if dns.ip
 

From 9ba3f96c0b2f5260650987094af7f6b6574d84e2 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 29 Jan 2020 13:09:55 -0700
Subject: [PATCH 045/183] fix volume mapping for local.zeek in
 docker-compose.yml for testing

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 5a32146a1..06c4323c6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -324,7 +324,7 @@ services:
       - ./pcap:/pcap
       - ./zeek-logs/upload:/zeek/upload
       - ./zeek-logs/extract_files:/zeek/extract_files
-      - ./zeek/config:/usr/share/zeek/site:ro
+      - ./zeek/config:/opt/zeek/share/zeek/site:ro
   file-monitor:
     build:
       context: .

From 943ecd7917e09bcf5e835136a4b47fab7d41222c Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 29 Jan 2020 13:14:34 -0700
Subject: [PATCH 046/183] fix volume mapping for local.zeek in
 docker-compose.yml for testing

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 06c4323c6..6e3437042 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -324,7 +324,7 @@ services:
       - ./pcap:/pcap
       - ./zeek-logs/upload:/zeek/upload
       - ./zeek-logs/extract_files:/zeek/extract_files
-      - ./zeek/config:/opt/zeek/share/zeek/site:ro
+      - ./zeek/config/local.zeek:/opt/zeek/share/zeek/site/local.zeek:ro
   file-monitor:
     build:
       context: .

From 3fe565c9c3c988e474010b9932fcb7c52f15ad60 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 29 Jan 2020 13:59:35 -0700
Subject: [PATCH 047/183] clean up symlinks as well

---
 scripts/control.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/control.py b/scripts/control.py
index fcfd85c6e..3f54a5abe 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -125,7 +125,7 @@ def stop(wipe=False):
       for root, dirnames, filenames in os.walk(os.path.join(MalcolmPath, dataDir), topdown=True, onerror=None):
         for file in filenames:
           fileSpec = os.path.join(root, file)
-          if os.path.isfile(fileSpec) and (not file.startswith('.git')):
+          if (os.path.isfile(fileSpec) or os.path.islink(fileSpec)) and (not file.startswith('.git')):
             try:
               os.remove(fileSpec)
             except:

From c108329ccdd68c5366e3950221a379f67f6c76fd Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 29 Jan 2020 14:19:41 -0700
Subject: [PATCH 048/183] initial code for generating and parsing smb_cmd.log

---
 logstash/pipelines/zeek/11_zeek_logs.conf | 256 +++++++++++++++-------
 zeek/config/local.zeek                    |   1 +
 2 files changed, 174 insertions(+), 83 deletions(-)

diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index ee64dd67a..b14cf5461 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -1755,11 +1755,46 @@ filter {
       add_field =>  { "[zeek_cols][service]" => "sip" }
     }
 
+  } else if ([source] == "smb_cmd") {
+    #############################################################################################################################
+    # smb_cmd.log
+    # https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html#type-SMB::CmdInfo
+    #
+    # note that smb_cmd.referenced_file is exactly the same structure as the log line for smb_files. later on it will be
+    # merged up as its own top-level entity so I don't have to duplicate the parsing effort below
+
+    dissect {
+      id => "dissect_zeek_smb_cmd"
+      # zeek's default delimiter is a literal tab, MAKE SURE YOUR EDITOR DOESN'T SCREW IT UP
+      mapping => {
+        "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][orig_p]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][resp_p]}	%{[zeek_cols][command]}	%{[zeek_cols][sub_command]}	%{[zeek_cols][argument]}	%{[zeek_cols][status]}	%{[zeek_cols][rtt]}	%{[zeek_cols][version]}	%{[zeek_cols][user]}	%{[zeek_cols][tree]}	%{[zeek_cols][tree_service]}	%{[zeek_cols][referenced_file][ts]}	%{[zeek_cols][referenced_file][uid]}	%{[zeek_cols][referenced_file][orig_h]}	%{[zeek_cols][referenced_file][orig_p]}	%{[zeek_cols][referenced_file][resp_h]}	%{[zeek_cols][referenced_file][resp_p]}	%{[zeek_cols][referenced_file][fuid]}	%{[zeek_cols][referenced_file][action]}	%{[zeek_cols][referenced_file][path]}	%{[zeek_cols][referenced_file][name]}	%{[zeek_cols][referenced_file][size]}	%{[zeek_cols][referenced_file][prev_name]}	%{[zeek_cols][referenced_file][times_modified]}	%{[zeek_cols][referenced_file][times_accessed]}	%{[zeek_cols][referenced_file][times_created]}	%{[zeek_cols][referenced_file][times_changed]}	%{[zeek_cols][referenced_file][data_offset_req]}	%{[zeek_cols][referenced_file][data_len_req]}	%{[zeek_cols][referenced_file][data_len_rsp]}"
+      }
+    }
+    if ("_dissectfailure" in [tags]) {
+      mutate {
+        id => "mutate_split_zeek_smb_cmd"
+        # zeek's default delimiter is a literal tab, MAKE SURE YOUR EDITOR DOESN'T SCREW IT UP
+        split => { "[message]" => "	" }
+      }
+      ruby {
+        id => "ruby_zip_zeek_smb_cmd"
+        init => "$zeek_smb_cmd_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'command', 'sub_command', 'argument', 'status', 'rtt', 'version', 'user', 'tree', 'tree_service', 'referenced_file.ts', 'referenced_file.uid', 'referenced_file.orig_h', 'referenced_file.orig_p', 'referenced_file.resp_h', 'referenced_file.resp_p', 'referenced_file.fuid', 'referenced_file.action', 'referenced_file.path', 'referenced_file.name', 'referenced_file.size', 'referenced_file.prev_name', 'referenced_file.times_modified', 'referenced_file.times_accessed', 'referenced_file.times_created', 'referenced_file.times_changed', 'referenced_file.data_offset_req', 'referenced_file.data_len_req', 'referenced_file.data_len_rsp' ]"
+        code => "event.set('[zeek_cols]', $zeek_smb_cmd_field_names.zip(event.get('[message]')).to_h)"
+      }
+    }
+
+    mutate {
+      id => "mutate_add_fields_zeek_smb_cmd"
+      add_field => {
+        "[zeek_cols][proto]" => "tcp"
+        "[zeek_cols][service]" => "smb"
+      }
+    }
+
   } else if ([source] == "smb_files") {
     #############################################################################################################################
     # smb_files.log
     # https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html#type-SMB::FileInfo
-    # todo: also smb_cmd.log?
 
     if ([@metadata][zeek_fields_bitmap] and [@metadata][zeek_fields_bitmap_version]) {
 
@@ -2374,7 +2409,7 @@ filter {
   } # if / else if for source type (conn.log, dns.log, etc.)
 
   if ([zeek_cols]) {
-    # remove unset (-) or "(empty)" field values
+    # remove unset (-) or "(empty)" top-level field values
     ruby {
       id => "ruby_zeek_remove_empty_values"
       code => "
@@ -3400,7 +3435,7 @@ filter {
       mutate { id => "mutate_merge_field_zeek_service_version_rdp"
                merge => { "[zeek][service_version]" => "[zeek_rdp][client_build]" } }
       mutate { id => "mutate_gsub_field_zeek_service_version_rdp"
-               gsub => [ "[zeek][service_version]", "RDP ", "" ] }
+               gsub => [ "[zeek][service_version]", "^RDP ", "" ] }
     }
 
   } else if ([source] == "rfb") {
@@ -3544,102 +3579,151 @@ filter {
     mutate { id => "mutate_split_zeek_sip_response_path"
              split => { "[zeek_sip][response_path]" => "," } }
 
-  } else if ([source] == "smb_files") {
+
+  } else if ([source] == "smb_cmd") or ([source] == "smb_files") {
     #############################################################################################################################
-    # smb_files.log specific logic
+    # smb_cmd.log and smb_files.log specific logic
+    # note that smb_cmd.referenced_file is exactly the same structure as the log line for smb_files, which is why I've combined
+    # the logic here to avoid duplication
 
-    # collect all FUIDs under the parent [zeek][fuid] array
-    if ([zeek_smb_files][fuid]) {
-      mutate { id => "mutate_split_zeek_smb_files_fuid"
-               split => { "[zeek_smb_files][fuid]" => "," } }
-      mutate { id => "mutate_merge_zeek_smb_files_fuid"
-               merge => { "[zeek][fuid]" => "[zeek_smb_files][fuid]" } }
-    }
-    # collect all filenames under the parent [zeek][filename] array
-    if ([zeek_smb_files][name]) { mutate { id => "mutate_merge_zeek_smb_files_name_to_filename"
-                                          merge => { "[zeek][filename]" => "[zeek_smb_files][name]" } } }
-    if ([zeek_smb_files][prev_name]) { mutate { id => "mutate_merge_zeek_smb_files_prev_name_to_filename"
-                                               merge => { "[zeek][filename]" => "[zeek_smb_files][prev_name]" } } }
-
-    if ([zeek][filename]) {
-      mutate { id => "mutate_merge_zeek_smb_files_filename"
-               merge => { "[smb][filename]" => "[zeek][filename]" } }
-      ruby {
-        id => "ruby_zeek_smb_files_filenameCnt"
-        code => "event.set('[smb][filenameCnt]', event.get('[smb][filename]').length)"
-      }
-    }
+    if ([zeek_smb_cmd]) {
 
-    if ([zeek_smb_files][path]) {
-      grok {
-        id => "grok_zeek_smb_files_path"
-        match => { "[zeek_smb_files][path]" => [ "^%{SPACE}[\\\/]+%{DATA:[@metadata][smb_host]}[\\\/]+%{DATA:[@metadata][smb_share]}(?:[\\\/]+%{GREEDYDATA:[@metadata][smb_path]})?$" ] }
+      if ([zeek_smb_cmd][version]) {
+        # collect protocol version under the parent zeek.service_version array
+        mutate { id => "mutate_merge_field_zeek_service_version_smb_cmd"
+                 merge => { "[zeek][service_version]" => "[zeek_smb_cmd][version]" } }
+        mutate { id => "mutate_gsub_field_zeek_service_version_smb_cmd"
+                 gsub => [ "[zeek][service_version]", "^SMB", "" ] }
       }
-      if ([@metadata][smb_host]) {
-        mutate { id => "mutate_merge_zeek_smb_files_host"
-                 merge => { "[smb][host]" => "[@metadata][smb_host]" } }
+
+      if ([zeek_smb_cmd][referenced_file]) {
+
+        # move "up" referenced_file to its own smb_files top-level entity
+        mutate {
+          id => "mutate_rename_zeek_zeek_smb_cmd_referenced_file"
+          rename => { "[zeek_smb_cmd][referenced_file]" => "[zeek_smb_files]" }
+        }
+
+        # remove unset (-) or "(empty)" referenced_file (now zeek_smb_files) subfield values
         ruby {
-          id => "ruby_zeek_smb_files_hostCnt"
-          code => "event.set('[smb][hostCnt]', event.get('[smb][host]').length)"
+          id => "ruby_zeek_remove_empty_smb_cmd_referenced_file_values"
+          code => "
+            fieldsHash = event.get('[zeek_smb_files]').to_hash
+            fieldsHash.delete_if{|_,v| ((v == nil) or (v == '') or (v == '-') or (v == '(empty)'))}
+            event.set('[zeek_smb_files]', fieldsHash)
+          "
         }
-      }
-      if ([@metadata][smb_share]) {
-        mutate { id => "mutate_merge_zeek_smb_files_share"
-                 merge => { "[smb][share]" => "[@metadata][smb_share]" } }
+
+        # this timestamp conversion would have happened originally had this been its own line from smb_files
+        if ([zeek_smb_files][ts]) {
+          # convert @timestamp to UNIX to use native kibana features
+          date {
+            id => "date_zeek_smb_files_ts"
+            match => [ "[zeek_smb_files][ts]", "UNIX" ]
+            target => "[@metadata][zeek_smb_files_ts]"
+          }
+          mutate { id => "mutate_replace_zeek_smb_files_ts"
+                   replace => { "[zeek_smb_files][ts]" => "%{[@metadata][zeek_smb_files_ts]}" } }
+        } # if ([zeek_smb_files][ts])
+
+      } # if ([zeek_smb_cmd][referenced_file])
+    } # if ([zeek_smb_cmd])
+
+    # this should now apply to either lines from smb_files.log or smb_cmd.referenced_file
+    if ([zeek_smb_files]) {
+
+      # collect all FUIDs under the parent [zeek][fuid] array
+      if ([zeek_smb_files][fuid]) {
+        mutate { id => "mutate_split_zeek_smb_files_fuid"
+                 split => { "[zeek_smb_files][fuid]" => "," } }
+        mutate { id => "mutate_merge_zeek_smb_files_fuid"
+                 merge => { "[zeek][fuid]" => "[zeek_smb_files][fuid]" } }
+      }
+      # collect all filenames under the parent [zeek][filename] array
+      if ([zeek_smb_files][name]) { mutate { id => "mutate_merge_zeek_smb_files_name_to_filename"
+                                            merge => { "[zeek][filename]" => "[zeek_smb_files][name]" } } }
+      if ([zeek_smb_files][prev_name]) { mutate { id => "mutate_merge_zeek_smb_files_prev_name_to_filename"
+                                                 merge => { "[zeek][filename]" => "[zeek_smb_files][prev_name]" } } }
+
+      if ([zeek][filename]) {
+        mutate { id => "mutate_merge_zeek_smb_files_filename"
+                 merge => { "[smb][filename]" => "[zeek][filename]" } }
         ruby {
-          id => "ruby_zeek_smb_files_shareCnt"
-          code => "event.set('[smb][shareCnt]', event.get('[smb][share]').length)"
+          id => "ruby_zeek_smb_files_filenameCnt"
+          code => "event.set('[smb][filenameCnt]', event.get('[smb][filename]').length)"
         }
       }
-    }
 
-    # convert times to something more usable
-    if ([zeek_smb_files][times_modified]) {
-      date {
-        id => "date_zeek_smb_files_times_modified"
-        match => [ "[zeek_smb_files][times_modified]", "UNIX" ]
-        target => "[@metadata][smb_time_mod]"
+      if ([zeek_smb_files][path]) {
+        grok {
+          id => "grok_zeek_smb_files_path"
+          match => { "[zeek_smb_files][path]" => [ "^%{SPACE}[\\\/]+%{DATA:[@metadata][smb_host]}[\\\/]+%{DATA:[@metadata][smb_share]}(?:[\\\/]+%{GREEDYDATA:[@metadata][smb_path]})?$" ] }
+        }
+        if ([@metadata][smb_host]) {
+          mutate { id => "mutate_merge_zeek_smb_files_host"
+                   merge => { "[smb][host]" => "[@metadata][smb_host]" } }
+          ruby {
+            id => "ruby_zeek_smb_files_hostCnt"
+            code => "event.set('[smb][hostCnt]', event.get('[smb][host]').length)"
+          }
+        }
+        if ([@metadata][smb_share]) {
+          mutate { id => "mutate_merge_zeek_smb_files_share"
+                   merge => { "[smb][share]" => "[@metadata][smb_share]" } }
+          ruby {
+            id => "ruby_zeek_smb_files_shareCnt"
+            code => "event.set('[smb][shareCnt]', event.get('[smb][share]').length)"
+          }
+        }
       }
-      if ([@metadata][smb_time_mod]) { mutate { id => "mutate_replace_zeek_smb_files_times_modified"
-                                         replace => { "[zeek_smb_files][times_modified]" => "%{[@metadata][smb_time_mod]}" } } }
-    }
-    if ([zeek_smb_files][times_accessed]) {
-      date {
-        id => "date_zeek_smb_files_times_accessed"
-        match => [ "[zeek_smb_files][times_accessed]", "UNIX" ]
-        target => "[@metadata][smb_time_acc]"
+
+      # convert times to something more usable
+      if ([zeek_smb_files][times_modified]) {
+        date {
+          id => "date_zeek_smb_files_times_modified"
+          match => [ "[zeek_smb_files][times_modified]", "UNIX" ]
+          target => "[@metadata][smb_time_mod]"
+        }
+        if ([@metadata][smb_time_mod]) { mutate { id => "mutate_replace_zeek_smb_files_times_modified"
+                                           replace => { "[zeek_smb_files][times_modified]" => "%{[@metadata][smb_time_mod]}" } } }
       }
-      if ([@metadata][smb_time_acc]) { mutate { id => "mutate_replace_zeek_smb_files_times_accessed"
-                                         replace => { "[zeek_smb_files][times_accessed]" => "%{[@metadata][smb_time_acc]}" } } }
-    }
-    if ([zeek_smb_files][times_created]) {
-      date {
-        id => "date_zeek_smb_files_times_created"
-        match => [ "[zeek_smb_files][times_created]", "UNIX" ]
-        target => "[@metadata][smb_time_cre]"
+      if ([zeek_smb_files][times_accessed]) {
+        date {
+          id => "date_zeek_smb_files_times_accessed"
+          match => [ "[zeek_smb_files][times_accessed]", "UNIX" ]
+          target => "[@metadata][smb_time_acc]"
+        }
+        if ([@metadata][smb_time_acc]) { mutate { id => "mutate_replace_zeek_smb_files_times_accessed"
+                                           replace => { "[zeek_smb_files][times_accessed]" => "%{[@metadata][smb_time_acc]}" } } }
       }
-      if ([@metadata][smb_time_cre]) { mutate { id => "mutate_replace_zeek_smb_files_times_created"
-                                         replace => { "[zeek_smb_files][times_created]" => "%{[@metadata][smb_time_cre]}" } } }
-    }
-    if ([zeek_smb_files][times_changed]) {
-      date {
-        id => "date_zeek_smb_files_times_changed"
-        match => [ "[zeek_smb_files][times_changed]", "UNIX" ]
-        target => "[@metadata][smb_time_cha]"
+      if ([zeek_smb_files][times_created]) {
+        date {
+          id => "date_zeek_smb_files_times_created"
+          match => [ "[zeek_smb_files][times_created]", "UNIX" ]
+          target => "[@metadata][smb_time_cre]"
+        }
+        if ([@metadata][smb_time_cre]) { mutate { id => "mutate_replace_zeek_smb_files_times_created"
+                                           replace => { "[zeek_smb_files][times_created]" => "%{[@metadata][smb_time_cre]}" } } }
+      }
+      if ([zeek_smb_files][times_changed]) {
+        date {
+          id => "date_zeek_smb_files_times_changed"
+          match => [ "[zeek_smb_files][times_changed]", "UNIX" ]
+          target => "[@metadata][smb_time_cha]"
+        }
+        if ([@metadata][smb_time_cha]) { mutate { id => "mutate_replace_zeek_smb_files_times_changed"
+                                           replace => { "[zeek_smb_files][times_changed]" => "%{[@metadata][smb_time_cha]}" } } }
       }
-      if ([@metadata][smb_time_cha]) { mutate { id => "mutate_replace_zeek_smb_files_times_changed"
-                                         replace => { "[zeek_smb_files][times_changed]" => "%{[@metadata][smb_time_cha]}" } } }
-    }
-
-    mutate {
-      id => "mutate_zeek_smb_files_convert"
-      convert => {
-        "[zeek_smb_files][data_offset_req]" => "integer"
-        "[zeek_smb_files][data_len_req]" => "integer"
-        "[zeek_smb_files][data_len_rsp]" => "integer"
 
+      mutate {
+        id => "mutate_zeek_smb_files_convert"
+        convert => {
+          "[zeek_smb_files][data_offset_req]" => "integer"
+          "[zeek_smb_files][data_len_req]" => "integer"
+          "[zeek_smb_files][data_len_rsp]" => "integer"
+        }
       }
-    }
+    } # if ([zeek_smb_files]) {
 
   } else if ([source] == "smb_mapping") {
     #############################################################################################################################
@@ -4184,6 +4268,12 @@ filter {
   mutate { id => "mutate_rename_zeek_logType"
            rename => { "[source]" => "[zeek][logType]" } }
 
+  # kind of a unique case, smb_cmd can also be smb_files
+  if ([zeek][logType] == "smb_cmd") and ([zeek_smb_files]) {
+    mutate { id => "mutate_merge_zeek_smb_cmd_and_smb_files_logType"
+             merge => { "[zeek][logType]" => "smb_files" } }
+  }
+
   # get counts for some arrays that each log type may contribute to individually
   if ([protocol]) {
     ruby {
diff --git a/zeek/config/local.zeek b/zeek/config/local.zeek
index 7abc52902..051eab2f9 100644
--- a/zeek/config/local.zeek
+++ b/zeek/config/local.zeek
@@ -29,6 +29,7 @@ redef SOCKS::default_capture_password = T;
 @load protocols/http/software-browser-plugins
 @load protocols/mysql/software
 @load protocols/ssl/weak-keys
+@load protocols/smb/log-cmds
 @load protocols/smtp/software
 @load protocols/ssh/detect-bruteforcing
 @load protocols/ssh/geo-data

From 7d173a8c998665358714c0e64a3aeee98e41acba Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 29 Jan 2020 14:46:51 -0700
Subject: [PATCH 049/183] initial code for generating and parsing smb_cmd.log

---
 logstash/pipelines/zeek/11_zeek_logs.conf | 31 ++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index b14cf5461..f633e655a 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -2670,6 +2670,17 @@ filter {
       #}
     }
 
+  } else if ([source] == "dce_rpc") {
+    #############################################################################################################################
+    # dce_rpc.log specific logic
+
+    mutate {
+      id => "mutate_zeek_dce_rpc_convert"
+      convert => {
+        "[zeek_dce_rpc][rtt]" => "float"
+      }
+    }
+
   } else if ([source] == "dhcp") {
     #############################################################################################################################
     # dhcp.log specific logic
@@ -2792,6 +2803,13 @@ filter {
       }
     } # if([dns][ip])
 
+    mutate {
+      id => "mutate_zeek_dns_convert"
+      convert => {
+        "[zeek_dns][rtt]" => "float"
+      }
+    }
+
   } else if ([source] == "files") {
     #############################################################################################################################
     # files.log specific logic
@@ -3627,6 +3645,14 @@ filter {
         } # if ([zeek_smb_files][ts])
 
       } # if ([zeek_smb_cmd][referenced_file])
+
+      mutate {
+        id => "mutate_zeek_smb_cmd_convert"
+        convert => {
+          "[zeek_smb_cmd][rtt]" => "float"
+        }
+      }
+
     } # if ([zeek_smb_cmd])
 
     # this should now apply to either lines from smb_files.log or smb_cmd.referenced_file
@@ -4270,8 +4296,11 @@ filter {
 
   # kind of a unique case, smb_cmd can also be smb_files
   if ([zeek][logType] == "smb_cmd") and ([zeek_smb_files]) {
+    # seriously I do not get how merge works, why can't I just merge the string literal?
+    mutate { id => "mutate_add_field_zeek_tmp_logtype"
+             add_field => { "[@metadata][tmpLogType]" => "smb_files" } }
     mutate { id => "mutate_merge_zeek_smb_cmd_and_smb_files_logType"
-             merge => { "[zeek][logType]" => "smb_files" } }
+             merge => { "[zeek][logType]" => "[@metadata][tmpLogType]" } }
   }
 
   # get counts for some arrays that each log type may contribute to individually

From 1b4d5de97f065c43d0287d9962d9821c2c12c103 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 29 Jan 2020 15:09:32 -0700
Subject: [PATCH 050/183] more work on smb command mapping

---
 kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json | 6 +++---
 kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json | 2 +-
 logstash/pipelines/zeek/11_zeek_logs.conf                   | 3 +++
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 15d8430fb..bbf738f4b 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -96,7 +96,7 @@
         "title": "SMB - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"(zeek.logType:smb_mapping OR zeek.logType:smb_files)\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"(zeek.logType:smb_cmd OR zeek.logType:smb_mapping OR zeek.logType:smb_files)\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         },
         "columns": [
           "srcIp",
@@ -225,8 +225,8 @@
       "updated_at": "2019-12-18T16:20:24.676Z",
       "version": "WzIyMiwxXQ==",
       "attributes": {
-        "title": "SMB - Action",
-        "visState": "{\"title\":\"SMB - Action\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_smb_files.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+        "title": "SMB - File Action",
+        "visState": "{\"title\":\"SMB - File Action\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_smb_files.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index b0eb716df..75b5d0645 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -196,7 +196,7 @@
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"(zeek.service:ssh AND zeek.service_version < 2) OR (zeek.service:tls AND NOT zeek.service_version:(*TLS*v12* OR *TLS*v13*)) OR (zeek.service:ntp AND zeek.service_version < 4) OR (zeek.service:rfb AND zeek.service_version < 3.8) OR (zeek.service:rdp AND zeek.service_version < 6.0) OR (zeek.service:snmp AND zeek.service_version < 3)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"(zeek.service:ssh AND zeek.service_version < 2) OR (zeek.service:smb AND zeek.service_version < 2) OR (zeek.service:tls AND NOT zeek.service_version:(*TLS*v12* OR *TLS*v13*)) OR (zeek.service:ntp AND zeek.service_version < 4) OR (zeek.service:rfb AND zeek.service_version < 3.8) OR (zeek.service:rdp AND zeek.service_version < 6.0) OR (zeek.service:snmp AND zeek.service_version < 3)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index f633e655a..849175dfa 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -3741,6 +3741,9 @@ filter {
                                            replace => { "[zeek_smb_files][times_changed]" => "%{[@metadata][smb_time_cha]}" } } }
       }
 
+      mutate { id => "mutate_gsub_zeek_smb_files_action"
+               gsub => [ "[zeek_smb_files][action]", "^SMB::", "" ] }
+
       mutate {
         id => "mutate_zeek_smb_files_convert"
         convert => {

From a15ef4d353da124a7963823557c16eff70db3ebb Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 29 Jan 2020 16:00:30 -0700
Subject: [PATCH 051/183] more work on smb

---
 .../42e831b9-41a9-4f35-8b7d-e1566d368773.json  |  6 +++---
 logstash/pipelines/zeek/11_zeek_logs.conf      | 18 ++++++++++++++++--
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index bbf738f4b..107f40b32 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -225,8 +225,8 @@
       "updated_at": "2019-12-18T16:20:24.676Z",
       "version": "WzIyMiwxXQ==",
       "attributes": {
-        "title": "SMB - File Action",
-        "visState": "{\"title\":\"SMB - File Action\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_smb_files.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+        "title": "SMB - Action",
+        "visState": "{\"title\":\"SMB - Action\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_smb.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -306,7 +306,7 @@
       "updated_at": "2019-12-18T16:20:24.676Z",
       "version": "WzIyNSwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}",
+        "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}",
         "description": "",
         "title": "SMB - File/Path Summary",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}",
diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index 849175dfa..d566d47ea 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -3646,6 +3646,10 @@ filter {
 
       } # if ([zeek_smb_cmd][referenced_file])
 
+      # normalize smb action/command
+      mutate { id => "mutate_merge_zeek_smb_cmd_command"
+               merge => { "[zeek_smb][action]" => "[zeek_smb_cmd][command]" } }
+
       mutate {
         id => "mutate_zeek_smb_cmd_convert"
         convert => {
@@ -3742,7 +3746,10 @@ filter {
       }
 
       mutate { id => "mutate_gsub_zeek_smb_files_action"
-               gsub => [ "[zeek_smb_files][action]", "^SMB::", "" ] }
+               gsub => [ "[zeek_smb_files][action]", "SMB::|FILE_", "" ] }
+      # normalize smb action/command
+      mutate { id => "mutate_merge_zeek_smb_files_action"
+               merge => { "[zeek_smb][action]" => "[zeek_smb_files][action]" } }
 
       mutate {
         id => "mutate_zeek_smb_files_convert"
@@ -3752,7 +3759,14 @@ filter {
           "[zeek_smb_files][data_len_rsp]" => "integer"
         }
       }
-    } # if ([zeek_smb_files]) {
+    } # if ([zeek_smb_files])
+
+    if ([zeek_smb][action]) {
+      ruby {
+        id => "ruby_zeek_smb_action"
+        code => "event.set('[zeek_smb][action]', event.get('[zeek_smb][action]').uniq)"
+      }
+    }
 
   } else if ([source] == "smb_mapping") {
     #############################################################################################################################

From d00e9406177c2e0036e808adf6e38e56a10948fb Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 30 Jan 2020 07:15:43 -0700
Subject: [PATCH 052/183] more work on smb

---
 docker-compose.yml                            |   2 +-
 .../42e831b9-41a9-4f35-8b7d-e1566d368773.json |   6 +-
 .../95479950-41f2-11ea-88fa-7151df485405.json |   2 +-
 logstash/pipelines/enrichment/11_lookups.conf |  57 +++-
 logstash/pipelines/zeek/11_zeek_logs.conf     | 296 +++++++++++++-----
 scripts/control.py                            |   2 +-
 zeek/config/local.zeek                        |   1 +
 7 files changed, 265 insertions(+), 101 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 5a32146a1..6e3437042 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -324,7 +324,7 @@ services:
       - ./pcap:/pcap
       - ./zeek-logs/upload:/zeek/upload
       - ./zeek-logs/extract_files:/zeek/extract_files
-      - ./zeek/config:/usr/share/zeek/site:ro
+      - ./zeek/config/local.zeek:/opt/zeek/share/zeek/site/local.zeek:ro
   file-monitor:
     build:
       context: .
diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 15d8430fb..107f40b32 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -96,7 +96,7 @@
         "title": "SMB - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"(zeek.logType:smb_mapping OR zeek.logType:smb_files)\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"(zeek.logType:smb_cmd OR zeek.logType:smb_mapping OR zeek.logType:smb_files)\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         },
         "columns": [
           "srcIp",
@@ -226,7 +226,7 @@
       "version": "WzIyMiwxXQ==",
       "attributes": {
         "title": "SMB - Action",
-        "visState": "{\"title\":\"SMB - Action\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_smb_files.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+        "visState": "{\"title\":\"SMB - Action\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_smb.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -306,7 +306,7 @@
       "updated_at": "2019-12-18T16:20:24.676Z",
       "version": "WzIyNSwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}",
+        "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}",
         "description": "",
         "title": "SMB - File/Path Summary",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}",
diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index b0eb716df..75b5d0645 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -196,7 +196,7 @@
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"(zeek.service:ssh AND zeek.service_version < 2) OR (zeek.service:tls AND NOT zeek.service_version:(*TLS*v12* OR *TLS*v13*)) OR (zeek.service:ntp AND zeek.service_version < 4) OR (zeek.service:rfb AND zeek.service_version < 3.8) OR (zeek.service:rdp AND zeek.service_version < 6.0) OR (zeek.service:snmp AND zeek.service_version < 3)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"(zeek.service:ssh AND zeek.service_version < 2) OR (zeek.service:smb AND zeek.service_version < 2) OR (zeek.service:tls AND NOT zeek.service_version:(*TLS*v12* OR *TLS*v13*)) OR (zeek.service:ntp AND zeek.service_version < 4) OR (zeek.service:rfb AND zeek.service_version < 3.8) OR (zeek.service:rdp AND zeek.service_version < 6.0) OR (zeek.service:snmp AND zeek.service_version < 3)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index 2481c4147..51268d370 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -203,21 +203,48 @@ filter {
 
   if ([dns][host]) {
     # if requested, look up DNS queries using freq_server.py to get entropy scores
-    mutate {
-      add_field => { "[@metadata][ENV_FREQ_LOOKUP]" => "${FREQ_LOOKUP:false}" }
-    }
-    if ([@metadata][ENV_FREQ_LOOKUP] == "true") {
-      http {
-        id => "rest_dns_freq_lookup"
-        url => "http://freq:10004/measure/%{[dns][host]}"
-        target_body => "[@metadata][dns_host_freq]"
-      }
-      if ([@metadata][dns_host_freq]) {
-        grok {
-          id => "grok_dns_freq_parse"
-          match => { "[@metadata][dns_host_freq]" => [ "^\(%{NUMBER:[zeek][freq_score_v1]}, %{NUMBER:[zeek][freq_score_v2]}\)$" ] }
-        }
-      }
+
+    # I would do this in an http filter, but it doesn't handle arrays
+    # http {
+    #   id => "rest_dns_freq_lookup"
+    #   url => "http://freq:10004/measure/%{[dns][host]}"
+    #   target_body => "[@metadata][dns_host_freq]"
+    # }
+    # if ([@metadata][dns_host_freq]) {
+    #   grok {
+    #     id => "grok_dns_freq_parse"
+    #     match => { "[@metadata][dns_host_freq]" => [ "^\(%{NUMBER:[zeek][freq_score_v1]}, %{NUMBER:[zeek][freq_score_v2]}\)$" ] }
+    #   }
+    # }
+    ruby {
+        id => "ruby_dns_freq_lookup"
+        init => "
+          require 'net/http'
+          $freqLookupEnabled = ENV['FREQ_LOOKUP'] || 'false'
+          "
+        # freq_server.py returns a string like: (2.9333, 3.6353)
+        code => "
+            if ($freqLookupEnabled == 'true') then
+              scoresv1 = Array.new
+              scoresv2 = Array.new
+              scoresTmp = Array.new
+              begin
+                event.get('[dns][host]').each { |query|
+                  if (query.length >= 4) then
+                    scoresTmp.clear
+                    scoresTmp.concat(Net::HTTP.get_response(URI.parse('http://freq:10004/measure/' + query)).body.gsub(/(^\(|\)$|\s+)/, '').split(',').map(&:to_f))
+                    if (scoresTmp.length == 2) then
+                      scoresv1 << scoresTmp[0]
+                      scoresv2 << scoresTmp[1]
+                    end
+                  end
+                }
+              rescue Exception => e
+                event.set('ruby_exception', 'ruby_dns_freq_lookup: ' + e.message)
+              end
+              event.set('[zeek][freq_score_v1]', scoresv1) unless (scoresv1.length == 0)
+              event.set('[zeek][freq_score_v2]', scoresv2) unless (scoresv2.length == 0)
+            end"
     }
   } # end if dns.ip
 
diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index ee64dd67a..d566d47ea 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -1755,11 +1755,46 @@ filter {
       add_field =>  { "[zeek_cols][service]" => "sip" }
     }
 
+  } else if ([source] == "smb_cmd") {
+    #############################################################################################################################
+    # smb_cmd.log
+    # https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html#type-SMB::CmdInfo
+    #
+    # note that smb_cmd.referenced_file is exactly the same structure as the log line for smb_files. later on it will be
+    # merged up as its own top-level entity so I don't have to duplicate the parsing effort below
+
+    dissect {
+      id => "dissect_zeek_smb_cmd"
+      # zeek's default delimiter is a literal tab, MAKE SURE YOUR EDITOR DOESN'T SCREW IT UP
+      mapping => {
+        "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][orig_p]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][resp_p]}	%{[zeek_cols][command]}	%{[zeek_cols][sub_command]}	%{[zeek_cols][argument]}	%{[zeek_cols][status]}	%{[zeek_cols][rtt]}	%{[zeek_cols][version]}	%{[zeek_cols][user]}	%{[zeek_cols][tree]}	%{[zeek_cols][tree_service]}	%{[zeek_cols][referenced_file][ts]}	%{[zeek_cols][referenced_file][uid]}	%{[zeek_cols][referenced_file][orig_h]}	%{[zeek_cols][referenced_file][orig_p]}	%{[zeek_cols][referenced_file][resp_h]}	%{[zeek_cols][referenced_file][resp_p]}	%{[zeek_cols][referenced_file][fuid]}	%{[zeek_cols][referenced_file][action]}	%{[zeek_cols][referenced_file][path]}	%{[zeek_cols][referenced_file][name]}	%{[zeek_cols][referenced_file][size]}	%{[zeek_cols][referenced_file][prev_name]}	%{[zeek_cols][referenced_file][times_modified]}	%{[zeek_cols][referenced_file][times_accessed]}	%{[zeek_cols][referenced_file][times_created]}	%{[zeek_cols][referenced_file][times_changed]}	%{[zeek_cols][referenced_file][data_offset_req]}	%{[zeek_cols][referenced_file][data_len_req]}	%{[zeek_cols][referenced_file][data_len_rsp]}"
+      }
+    }
+    if ("_dissectfailure" in [tags]) {
+      mutate {
+        id => "mutate_split_zeek_smb_cmd"
+        # zeek's default delimiter is a literal tab, MAKE SURE YOUR EDITOR DOESN'T SCREW IT UP
+        split => { "[message]" => "	" }
+      }
+      ruby {
+        id => "ruby_zip_zeek_smb_cmd"
+        init => "$zeek_smb_cmd_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'command', 'sub_command', 'argument', 'status', 'rtt', 'version', 'user', 'tree', 'tree_service', 'referenced_file.ts', 'referenced_file.uid', 'referenced_file.orig_h', 'referenced_file.orig_p', 'referenced_file.resp_h', 'referenced_file.resp_p', 'referenced_file.fuid', 'referenced_file.action', 'referenced_file.path', 'referenced_file.name', 'referenced_file.size', 'referenced_file.prev_name', 'referenced_file.times_modified', 'referenced_file.times_accessed', 'referenced_file.times_created', 'referenced_file.times_changed', 'referenced_file.data_offset_req', 'referenced_file.data_len_req', 'referenced_file.data_len_rsp' ]"
+        code => "event.set('[zeek_cols]', $zeek_smb_cmd_field_names.zip(event.get('[message]')).to_h)"
+      }
+    }
+
+    mutate {
+      id => "mutate_add_fields_zeek_smb_cmd"
+      add_field => {
+        "[zeek_cols][proto]" => "tcp"
+        "[zeek_cols][service]" => "smb"
+      }
+    }
+
   } else if ([source] == "smb_files") {
     #############################################################################################################################
     # smb_files.log
     # https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html#type-SMB::FileInfo
-    # todo: also smb_cmd.log?
 
     if ([@metadata][zeek_fields_bitmap] and [@metadata][zeek_fields_bitmap_version]) {
 
@@ -2374,7 +2409,7 @@ filter {
   } # if / else if for source type (conn.log, dns.log, etc.)
 
   if ([zeek_cols]) {
-    # remove unset (-) or "(empty)" field values
+    # remove unset (-) or "(empty)" top-level field values
     ruby {
       id => "ruby_zeek_remove_empty_values"
       code => "
@@ -2635,6 +2670,17 @@ filter {
       #}
     }
 
+  } else if ([source] == "dce_rpc") {
+    #############################################################################################################################
+    # dce_rpc.log specific logic
+
+    mutate {
+      id => "mutate_zeek_dce_rpc_convert"
+      convert => {
+        "[zeek_dce_rpc][rtt]" => "float"
+      }
+    }
+
   } else if ([source] == "dhcp") {
     #############################################################################################################################
     # dhcp.log specific logic
@@ -2757,6 +2803,13 @@ filter {
       }
     } # if([dns][ip])
 
+    mutate {
+      id => "mutate_zeek_dns_convert"
+      convert => {
+        "[zeek_dns][rtt]" => "float"
+      }
+    }
+
   } else if ([source] == "files") {
     #############################################################################################################################
     # files.log specific logic
@@ -3400,7 +3453,7 @@ filter {
       mutate { id => "mutate_merge_field_zeek_service_version_rdp"
                merge => { "[zeek][service_version]" => "[zeek_rdp][client_build]" } }
       mutate { id => "mutate_gsub_field_zeek_service_version_rdp"
-               gsub => [ "[zeek][service_version]", "RDP ", "" ] }
+               gsub => [ "[zeek][service_version]", "^RDP ", "" ] }
     }
 
   } else if ([source] == "rfb") {
@@ -3544,100 +3597,174 @@ filter {
     mutate { id => "mutate_split_zeek_sip_response_path"
              split => { "[zeek_sip][response_path]" => "," } }
 
-  } else if ([source] == "smb_files") {
+
+  } else if ([source] == "smb_cmd") or ([source] == "smb_files") {
     #############################################################################################################################
-    # smb_files.log specific logic
+    # smb_cmd.log and smb_files.log specific logic
+    # note that smb_cmd.referenced_file is exactly the same structure as the log line for smb_files, which is why I've combined
+    # the logic here to avoid duplication
 
-    # collect all FUIDs under the parent [zeek][fuid] array
-    if ([zeek_smb_files][fuid]) {
-      mutate { id => "mutate_split_zeek_smb_files_fuid"
-               split => { "[zeek_smb_files][fuid]" => "," } }
-      mutate { id => "mutate_merge_zeek_smb_files_fuid"
-               merge => { "[zeek][fuid]" => "[zeek_smb_files][fuid]" } }
-    }
-    # collect all filenames under the parent [zeek][filename] array
-    if ([zeek_smb_files][name]) { mutate { id => "mutate_merge_zeek_smb_files_name_to_filename"
-                                          merge => { "[zeek][filename]" => "[zeek_smb_files][name]" } } }
-    if ([zeek_smb_files][prev_name]) { mutate { id => "mutate_merge_zeek_smb_files_prev_name_to_filename"
-                                               merge => { "[zeek][filename]" => "[zeek_smb_files][prev_name]" } } }
-
-    if ([zeek][filename]) {
-      mutate { id => "mutate_merge_zeek_smb_files_filename"
-               merge => { "[smb][filename]" => "[zeek][filename]" } }
-      ruby {
-        id => "ruby_zeek_smb_files_filenameCnt"
-        code => "event.set('[smb][filenameCnt]', event.get('[smb][filename]').length)"
-      }
-    }
+    if ([zeek_smb_cmd]) {
 
-    if ([zeek_smb_files][path]) {
-      grok {
-        id => "grok_zeek_smb_files_path"
-        match => { "[zeek_smb_files][path]" => [ "^%{SPACE}[\\\/]+%{DATA:[@metadata][smb_host]}[\\\/]+%{DATA:[@metadata][smb_share]}(?:[\\\/]+%{GREEDYDATA:[@metadata][smb_path]})?$" ] }
+      if ([zeek_smb_cmd][version]) {
+        # collect protocol version under the parent zeek.service_version array
+        mutate { id => "mutate_merge_field_zeek_service_version_smb_cmd"
+                 merge => { "[zeek][service_version]" => "[zeek_smb_cmd][version]" } }
+        mutate { id => "mutate_gsub_field_zeek_service_version_smb_cmd"
+                 gsub => [ "[zeek][service_version]", "^SMB", "" ] }
       }
-      if ([@metadata][smb_host]) {
-        mutate { id => "mutate_merge_zeek_smb_files_host"
-                 merge => { "[smb][host]" => "[@metadata][smb_host]" } }
+
+      if ([zeek_smb_cmd][referenced_file]) {
+
+        # move "up" referenced_file to its own smb_files top-level entity
+        mutate {
+          id => "mutate_rename_zeek_zeek_smb_cmd_referenced_file"
+          rename => { "[zeek_smb_cmd][referenced_file]" => "[zeek_smb_files]" }
+        }
+
+        # remove unset (-) or "(empty)" referenced_file (now zeek_smb_files) subfield values
         ruby {
-          id => "ruby_zeek_smb_files_hostCnt"
-          code => "event.set('[smb][hostCnt]', event.get('[smb][host]').length)"
+          id => "ruby_zeek_remove_empty_smb_cmd_referenced_file_values"
+          code => "
+            fieldsHash = event.get('[zeek_smb_files]').to_hash
+            fieldsHash.delete_if{|_,v| ((v == nil) or (v == '') or (v == '-') or (v == '(empty)'))}
+            event.set('[zeek_smb_files]', fieldsHash)
+          "
+        }
+
+        # this timestamp conversion would have happened originally had this been its own line from smb_files
+        if ([zeek_smb_files][ts]) {
+          # convert @timestamp to UNIX to use native kibana features
+          date {
+            id => "date_zeek_smb_files_ts"
+            match => [ "[zeek_smb_files][ts]", "UNIX" ]
+            target => "[@metadata][zeek_smb_files_ts]"
+          }
+          mutate { id => "mutate_replace_zeek_smb_files_ts"
+                   replace => { "[zeek_smb_files][ts]" => "%{[@metadata][zeek_smb_files_ts]}" } }
+        } # if ([zeek_smb_files][ts])
+
+      } # if ([zeek_smb_cmd][referenced_file])
+
+      # normalize smb action/command
+      mutate { id => "mutate_merge_zeek_smb_cmd_command"
+               merge => { "[zeek_smb][action]" => "[zeek_smb_cmd][command]" } }
+
+      mutate {
+        id => "mutate_zeek_smb_cmd_convert"
+        convert => {
+          "[zeek_smb_cmd][rtt]" => "float"
         }
       }
-      if ([@metadata][smb_share]) {
-        mutate { id => "mutate_merge_zeek_smb_files_share"
-                 merge => { "[smb][share]" => "[@metadata][smb_share]" } }
+
+    } # if ([zeek_smb_cmd])
+
+    # this should now apply to either lines from smb_files.log or smb_cmd.referenced_file
+    if ([zeek_smb_files]) {
+
+      # collect all FUIDs under the parent [zeek][fuid] array
+      if ([zeek_smb_files][fuid]) {
+        mutate { id => "mutate_split_zeek_smb_files_fuid"
+                 split => { "[zeek_smb_files][fuid]" => "," } }
+        mutate { id => "mutate_merge_zeek_smb_files_fuid"
+                 merge => { "[zeek][fuid]" => "[zeek_smb_files][fuid]" } }
+      }
+      # collect all filenames under the parent [zeek][filename] array
+      if ([zeek_smb_files][name]) { mutate { id => "mutate_merge_zeek_smb_files_name_to_filename"
+                                            merge => { "[zeek][filename]" => "[zeek_smb_files][name]" } } }
+      if ([zeek_smb_files][prev_name]) { mutate { id => "mutate_merge_zeek_smb_files_prev_name_to_filename"
+                                                 merge => { "[zeek][filename]" => "[zeek_smb_files][prev_name]" } } }
+
+      if ([zeek][filename]) {
+        mutate { id => "mutate_merge_zeek_smb_files_filename"
+                 merge => { "[smb][filename]" => "[zeek][filename]" } }
         ruby {
-          id => "ruby_zeek_smb_files_shareCnt"
-          code => "event.set('[smb][shareCnt]', event.get('[smb][share]').length)"
+          id => "ruby_zeek_smb_files_filenameCnt"
+          code => "event.set('[smb][filenameCnt]', event.get('[smb][filename]').length)"
         }
       }
-    }
 
-    # convert times to something more usable
-    if ([zeek_smb_files][times_modified]) {
-      date {
-        id => "date_zeek_smb_files_times_modified"
-        match => [ "[zeek_smb_files][times_modified]", "UNIX" ]
-        target => "[@metadata][smb_time_mod]"
+      if ([zeek_smb_files][path]) {
+        grok {
+          id => "grok_zeek_smb_files_path"
+          match => { "[zeek_smb_files][path]" => [ "^%{SPACE}[\\\/]+%{DATA:[@metadata][smb_host]}[\\\/]+%{DATA:[@metadata][smb_share]}(?:[\\\/]+%{GREEDYDATA:[@metadata][smb_path]})?$" ] }
+        }
+        if ([@metadata][smb_host]) {
+          mutate { id => "mutate_merge_zeek_smb_files_host"
+                   merge => { "[smb][host]" => "[@metadata][smb_host]" } }
+          ruby {
+            id => "ruby_zeek_smb_files_hostCnt"
+            code => "event.set('[smb][hostCnt]', event.get('[smb][host]').length)"
+          }
+        }
+        if ([@metadata][smb_share]) {
+          mutate { id => "mutate_merge_zeek_smb_files_share"
+                   merge => { "[smb][share]" => "[@metadata][smb_share]" } }
+          ruby {
+            id => "ruby_zeek_smb_files_shareCnt"
+            code => "event.set('[smb][shareCnt]', event.get('[smb][share]').length)"
+          }
+        }
       }
-      if ([@metadata][smb_time_mod]) { mutate { id => "mutate_replace_zeek_smb_files_times_modified"
-                                         replace => { "[zeek_smb_files][times_modified]" => "%{[@metadata][smb_time_mod]}" } } }
-    }
-    if ([zeek_smb_files][times_accessed]) {
-      date {
-        id => "date_zeek_smb_files_times_accessed"
-        match => [ "[zeek_smb_files][times_accessed]", "UNIX" ]
-        target => "[@metadata][smb_time_acc]"
+
+      # convert times to something more usable
+      if ([zeek_smb_files][times_modified]) {
+        date {
+          id => "date_zeek_smb_files_times_modified"
+          match => [ "[zeek_smb_files][times_modified]", "UNIX" ]
+          target => "[@metadata][smb_time_mod]"
+        }
+        if ([@metadata][smb_time_mod]) { mutate { id => "mutate_replace_zeek_smb_files_times_modified"
+                                           replace => { "[zeek_smb_files][times_modified]" => "%{[@metadata][smb_time_mod]}" } } }
       }
-      if ([@metadata][smb_time_acc]) { mutate { id => "mutate_replace_zeek_smb_files_times_accessed"
-                                         replace => { "[zeek_smb_files][times_accessed]" => "%{[@metadata][smb_time_acc]}" } } }
-    }
-    if ([zeek_smb_files][times_created]) {
-      date {
-        id => "date_zeek_smb_files_times_created"
-        match => [ "[zeek_smb_files][times_created]", "UNIX" ]
-        target => "[@metadata][smb_time_cre]"
+      if ([zeek_smb_files][times_accessed]) {
+        date {
+          id => "date_zeek_smb_files_times_accessed"
+          match => [ "[zeek_smb_files][times_accessed]", "UNIX" ]
+          target => "[@metadata][smb_time_acc]"
+        }
+        if ([@metadata][smb_time_acc]) { mutate { id => "mutate_replace_zeek_smb_files_times_accessed"
+                                           replace => { "[zeek_smb_files][times_accessed]" => "%{[@metadata][smb_time_acc]}" } } }
       }
-      if ([@metadata][smb_time_cre]) { mutate { id => "mutate_replace_zeek_smb_files_times_created"
-                                         replace => { "[zeek_smb_files][times_created]" => "%{[@metadata][smb_time_cre]}" } } }
-    }
-    if ([zeek_smb_files][times_changed]) {
-      date {
-        id => "date_zeek_smb_files_times_changed"
-        match => [ "[zeek_smb_files][times_changed]", "UNIX" ]
-        target => "[@metadata][smb_time_cha]"
+      if ([zeek_smb_files][times_created]) {
+        date {
+          id => "date_zeek_smb_files_times_created"
+          match => [ "[zeek_smb_files][times_created]", "UNIX" ]
+          target => "[@metadata][smb_time_cre]"
+        }
+        if ([@metadata][smb_time_cre]) { mutate { id => "mutate_replace_zeek_smb_files_times_created"
+                                           replace => { "[zeek_smb_files][times_created]" => "%{[@metadata][smb_time_cre]}" } } }
+      }
+      if ([zeek_smb_files][times_changed]) {
+        date {
+          id => "date_zeek_smb_files_times_changed"
+          match => [ "[zeek_smb_files][times_changed]", "UNIX" ]
+          target => "[@metadata][smb_time_cha]"
+        }
+        if ([@metadata][smb_time_cha]) { mutate { id => "mutate_replace_zeek_smb_files_times_changed"
+                                           replace => { "[zeek_smb_files][times_changed]" => "%{[@metadata][smb_time_cha]}" } } }
       }
-      if ([@metadata][smb_time_cha]) { mutate { id => "mutate_replace_zeek_smb_files_times_changed"
-                                         replace => { "[zeek_smb_files][times_changed]" => "%{[@metadata][smb_time_cha]}" } } }
-    }
 
-    mutate {
-      id => "mutate_zeek_smb_files_convert"
-      convert => {
-        "[zeek_smb_files][data_offset_req]" => "integer"
-        "[zeek_smb_files][data_len_req]" => "integer"
-        "[zeek_smb_files][data_len_rsp]" => "integer"
+      mutate { id => "mutate_gsub_zeek_smb_files_action"
+               gsub => [ "[zeek_smb_files][action]", "SMB::|FILE_", "" ] }
+      # normalize smb action/command
+      mutate { id => "mutate_merge_zeek_smb_files_action"
+               merge => { "[zeek_smb][action]" => "[zeek_smb_files][action]" } }
 
+      mutate {
+        id => "mutate_zeek_smb_files_convert"
+        convert => {
+          "[zeek_smb_files][data_offset_req]" => "integer"
+          "[zeek_smb_files][data_len_req]" => "integer"
+          "[zeek_smb_files][data_len_rsp]" => "integer"
+        }
+      }
+    } # if ([zeek_smb_files])
+
+    if ([zeek_smb][action]) {
+      ruby {
+        id => "ruby_zeek_smb_action"
+        code => "event.set('[zeek_smb][action]', event.get('[zeek_smb][action]').uniq)"
       }
     }
 
@@ -4184,6 +4311,15 @@ filter {
   mutate { id => "mutate_rename_zeek_logType"
            rename => { "[source]" => "[zeek][logType]" } }
 
+  # kind of a unique case, smb_cmd can also be smb_files
+  if ([zeek][logType] == "smb_cmd") and ([zeek_smb_files]) {
+    # seriously I do not get how merge works, why can't I just merge the string literal?
+    mutate { id => "mutate_add_field_zeek_tmp_logtype"
+             add_field => { "[@metadata][tmpLogType]" => "smb_files" } }
+    mutate { id => "mutate_merge_zeek_smb_cmd_and_smb_files_logType"
+             merge => { "[zeek][logType]" => "[@metadata][tmpLogType]" } }
+  }
+
   # get counts for some arrays that each log type may contribute to individually
   if ([protocol]) {
     ruby {
diff --git a/scripts/control.py b/scripts/control.py
index fcfd85c6e..3f54a5abe 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -125,7 +125,7 @@ def stop(wipe=False):
       for root, dirnames, filenames in os.walk(os.path.join(MalcolmPath, dataDir), topdown=True, onerror=None):
         for file in filenames:
           fileSpec = os.path.join(root, file)
-          if os.path.isfile(fileSpec) and (not file.startswith('.git')):
+          if (os.path.isfile(fileSpec) or os.path.islink(fileSpec)) and (not file.startswith('.git')):
             try:
               os.remove(fileSpec)
             except:
diff --git a/zeek/config/local.zeek b/zeek/config/local.zeek
index 7abc52902..051eab2f9 100644
--- a/zeek/config/local.zeek
+++ b/zeek/config/local.zeek
@@ -29,6 +29,7 @@ redef SOCKS::default_capture_password = T;
 @load protocols/http/software-browser-plugins
 @load protocols/mysql/software
 @load protocols/ssl/weak-keys
+@load protocols/smb/log-cmds
 @load protocols/smtp/software
 @load protocols/ssh/detect-bruteforcing
 @load protocols/ssh/geo-data

From c2777fb41c884d636e4c1cd9d46a04356fa04457 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 30 Jan 2020 07:20:10 -0700
Subject: [PATCH 053/183] bump version to 2.0.0

---
 README.md                               | 58 ++++++++++++-------------
 docker-compose-standalone-zeek-live.yml | 28 ++++++------
 docker-compose-standalone.yml           | 28 ++++++------
 docker-compose.yml                      | 28 ++++++------
 sensor-iso/README.md                    |  2 +-
 5 files changed, 72 insertions(+), 72 deletions(-)

diff --git a/README.md b/README.md
index febb7c924..b6ae8fbe1 100644
--- a/README.md
+++ b/README.md
@@ -127,20 +127,20 @@ You can then observe that the images have been retrieved by running `docker imag
 ```
 $ docker images
 REPOSITORY                                          TAG                 IMAGE ID            CREATED             SIZE
-malcolmnetsec/moloch                                1.9.0               xxxxxxxxxxxx        10 minutes ago      491MB
-malcolmnetsec/logstash-oss                          1.9.0               xxxxxxxxxxxx        17 minutes ago      1.4GB
-malcolmnetsec/zeek                                  1.9.0               xxxxxxxxxxxx        17 minutes ago      232MB
-malcolmnetsec/file-upload                           1.9.0               xxxxxxxxxxxx        23 minutes ago      199MB
-malcolmnetsec/pcap-capture                          1.9.0               xxxxxxxxxxxx        23 minutes ago      112MB
-malcolmnetsec/file-monitor                          1.9.0               xxxxxxxxxxxx        25 minutes ago      369MB
-malcolmnetsec/filebeat-oss                          1.9.0               xxxxxxxxxxxx        28 minutes ago      501MB
-malcolmnetsec/kibana-oss                            1.9.0               xxxxxxxxxxxx        28 minutes ago      964MB
-malcolmnetsec/pcap-monitor                          1.9.0               xxxxxxxxxxxx        28 minutes ago      156MB
-malcolmnetsec/curator                               1.9.0               xxxxxxxxxxxx        29 minutes ago      240MB
-malcolmnetsec/nginx-proxy                           1.9.0               xxxxxxxxxxxx        29 minutes ago      54.5MB
-malcolmnetsec/elastalert                            1.9.0               xxxxxxxxxxxx        30 minutes ago      276MB
-malcolmnetsec/htadmin                               1.9.0               xxxxxxxxxxxx        31 minutes ago      256MB
-malcolmnetsec/freq                                  1.9.0               xxxxxxxxxxxx        32 minutes ago      188MB
+malcolmnetsec/moloch                                2.0.0               xxxxxxxxxxxx        10 minutes ago      491MB
+malcolmnetsec/logstash-oss                          2.0.0               xxxxxxxxxxxx        17 minutes ago      1.4GB
+malcolmnetsec/zeek                                  2.0.0               xxxxxxxxxxxx        17 minutes ago      232MB
+malcolmnetsec/file-upload                           2.0.0               xxxxxxxxxxxx        23 minutes ago      199MB
+malcolmnetsec/pcap-capture                          2.0.0               xxxxxxxxxxxx        23 minutes ago      112MB
+malcolmnetsec/file-monitor                          2.0.0               xxxxxxxxxxxx        25 minutes ago      369MB
+malcolmnetsec/filebeat-oss                          2.0.0               xxxxxxxxxxxx        28 minutes ago      501MB
+malcolmnetsec/kibana-oss                            2.0.0               xxxxxxxxxxxx        28 minutes ago      964MB
+malcolmnetsec/pcap-monitor                          2.0.0               xxxxxxxxxxxx        28 minutes ago      156MB
+malcolmnetsec/curator                               2.0.0               xxxxxxxxxxxx        29 minutes ago      240MB
+malcolmnetsec/nginx-proxy                           2.0.0               xxxxxxxxxxxx        29 minutes ago      54.5MB
+malcolmnetsec/elastalert                            2.0.0               xxxxxxxxxxxx        30 minutes ago      276MB
+malcolmnetsec/htadmin                               2.0.0               xxxxxxxxxxxx        31 minutes ago      256MB
+malcolmnetsec/freq                                  2.0.0               xxxxxxxxxxxx        32 minutes ago      188MB
 docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         825MB
 ```
 
@@ -1362,7 +1362,7 @@ Building the ISO may take 30 minutes or more depending on your system. As the bu
 
 ```
 …
-Finished, created "/malcolm-build/malcolm-iso/malcolm-1.9.0.iso"
+Finished, created "/malcolm-build/malcolm-iso/malcolm-2.0.0.iso"
 …
 ```
 
@@ -1757,20 +1757,20 @@ Pulling zeek          ... done
 
 user@host:~/Malcolm$ docker images
 REPOSITORY                                          TAG                 IMAGE ID            CREATED             SIZE
-malcolmnetsec/moloch                                1.9.0               xxxxxxxxxxxx        27 minutes ago      517MB
-malcolmnetsec/zeek                                  1.9.0               xxxxxxxxxxxx        27 minutes ago      489MB
-malcolmnetsec/htadmin                               1.9.0               xxxxxxxxxxxx        2 hours ago         180MB
-malcolmnetsec/nginx-proxy                           1.9.0               xxxxxxxxxxxx        4 hours ago         53MB
-malcolmnetsec/file-upload                           1.9.0               xxxxxxxxxxxx        24 hours ago        198MB
-malcolmnetsec/pcap-capture                          1.9.0               xxxxxxxxxxxx        24 hours ago        111MB
-malcolmnetsec/pcap-monitor                          1.9.0               xxxxxxxxxxxx        24 hours ago        156MB
-malcolmnetsec/file-monitor                          1.9.0               xxxxxxxxxxxx        24 hours ago        355MB
-malcolmnetsec/logstash-oss                          1.9.0               xxxxxxxxxxxx        25 hours ago        1.24GB
-malcolmnetsec/curator                               1.9.0               xxxxxxxxxxxx        25 hours ago        303MB
-malcolmnetsec/kibana-oss                            1.9.0               xxxxxxxxxxxx        33 hours ago        944MB
-malcolmnetsec/filebeat-oss                          1.9.0               xxxxxxxxxxxx        11 days ago         459MB
-malcolmnetsec/elastalert                            1.9.0               xxxxxxxxxxxx        11 days ago         276MB
-malcolmnetsec/freq                                  1.9.0               xxxxxxxxxxxx        11 days ago         188MB
+malcolmnetsec/moloch                                2.0.0               xxxxxxxxxxxx        27 minutes ago      517MB
+malcolmnetsec/zeek                                  2.0.0               xxxxxxxxxxxx        27 minutes ago      489MB
+malcolmnetsec/htadmin                               2.0.0               xxxxxxxxxxxx        2 hours ago         180MB
+malcolmnetsec/nginx-proxy                           2.0.0               xxxxxxxxxxxx        4 hours ago         53MB
+malcolmnetsec/file-upload                           2.0.0               xxxxxxxxxxxx        24 hours ago        198MB
+malcolmnetsec/pcap-capture                          2.0.0               xxxxxxxxxxxx        24 hours ago        111MB
+malcolmnetsec/pcap-monitor                          2.0.0               xxxxxxxxxxxx        24 hours ago        156MB
+malcolmnetsec/file-monitor                          2.0.0               xxxxxxxxxxxx        24 hours ago        355MB
+malcolmnetsec/logstash-oss                          2.0.0               xxxxxxxxxxxx        25 hours ago        1.24GB
+malcolmnetsec/curator                               2.0.0               xxxxxxxxxxxx        25 hours ago        303MB
+malcolmnetsec/kibana-oss                            2.0.0               xxxxxxxxxxxx        33 hours ago        944MB
+malcolmnetsec/filebeat-oss                          2.0.0               xxxxxxxxxxxx        11 days ago         459MB
+malcolmnetsec/elastalert                            2.0.0               xxxxxxxxxxxx        11 days ago         276MB
+malcolmnetsec/freq                                  2.0.0               xxxxxxxxxxxx        11 days ago         188MB
 docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         769MB
 ```
 
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 2e0d79a6c..0499b2560 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -129,7 +129,7 @@ services:
       - ./elasticsearch:/usr/share/elasticsearch/data:delegated
       - ./elasticsearch-backup:/opt/elasticsearch/backup:delegated
   kibana:
-    image: malcolmnetsec/kibana-oss:1.9.0
+    image: malcolmnetsec/kibana-oss:2.0.0
     restart: "no"
     hostname: kibana
     environment:
@@ -152,7 +152,7 @@ services:
         retries: 3
         start_period: 200s
   elastalert:
-    image: malcolmnetsec/elastalert:1.9.0
+    image: malcolmnetsec/elastalert:2.0.0
     restart: "no"
     hostname: elastalert
     environment:
@@ -177,7 +177,7 @@ services:
       - ./elastalert/config/config.json:/opt/elastalert-server/config/config.json
       - ./elastalert/rules/:/opt/elastalert/rules/
   curator:
-    image: malcolmnetsec/curator:1.9.0
+    image: malcolmnetsec/curator:2.0.0
     restart: "no"
     hostname: curator
     environment:
@@ -187,7 +187,7 @@ services:
     depends_on:
       - elasticsearch
   logstash:
-    image: malcolmnetsec/logstash-oss:1.9.0
+    image: malcolmnetsec/logstash-oss:2.0.0
     restart: "no"
     hostname: logstash
     environment:
@@ -216,7 +216,7 @@ services:
       - ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
   filebeat:
-    image: malcolmnetsec/filebeat-oss:1.9.0
+    image: malcolmnetsec/filebeat-oss:2.0.0
     restart: "no"
     hostname: filebeat
     environment:
@@ -244,7 +244,7 @@ services:
       - ./filebeat/certs/client.crt:/certs/client.crt:ro
       - ./filebeat/certs/client.key:/certs/client.key:ro
   moloch:
-    image: malcolmnetsec/moloch:1.9.0
+    image: malcolmnetsec/moloch:2.0.0
     restart: "no"
     hostname: moloch
     env_file:
@@ -280,7 +280,7 @@ services:
       - ./moloch-logs:/data/moloch/logs
       - ./moloch-raw:/data/moloch/raw
   zeek:
-    image: malcolmnetsec/zeek:1.9.0
+    image: malcolmnetsec/zeek:2.0.0
     restart: "no"
     hostname: zeek
     environment:
@@ -297,7 +297,7 @@ services:
       - ./zeek-logs/upload:/zeek/upload
       - ./zeek-logs/extract_files:/zeek/extract_files
   file-monitor:
-    image: malcolmnetsec/file-monitor:1.9.0
+    image: malcolmnetsec/file-monitor:2.0.0
     restart: "no"
     hostname: filemon
     environment:
@@ -308,7 +308,7 @@ services:
       - ./zeek-logs/extract_files:/data/zeek/extract_files
       - ./zeek-logs/current:/data/zeek/logs
   pcap-capture:
-    image: malcolmnetsec/pcap-capture:1.9.0
+    image: malcolmnetsec/pcap-capture:2.0.0
     restart: "no"
     network_mode: host
     ulimits:
@@ -325,7 +325,7 @@ services:
     volumes:
       - ./pcap/upload:/pcap
   pcap-monitor:
-    image: malcolmnetsec/pcap-monitor:1.9.0
+    image: malcolmnetsec/pcap-monitor:2.0.0
     restart: "no"
     hostname: pcapmon
     environment:
@@ -339,7 +339,7 @@ services:
       - ./zeek-logs:/zeek
       - ./pcap:/pcap
   upload:
-    image: malcolmnetsec/file-upload:1.9.0
+    image: malcolmnetsec/file-upload:2.0.0
     restart: "no"
     hostname: upload
     env_file:
@@ -356,7 +356,7 @@ services:
     volumes:
       - ./pcap/upload:/var/www/upload/server/php/chroot/files
   htadmin:
-    image: malcolmnetsec/htadmin:1.9.0
+    image: malcolmnetsec/htadmin:2.0.0
     restart: "no"
     hostname: htadmin
     environment:
@@ -369,7 +369,7 @@ services:
       - ./htadmin/metadata:/var/www/htadmin/config/metadata:rw
       - ./nginx/htpasswd:/var/www/htadmin/config/htpasswd:rw
   freq:
-    image: malcolmnetsec/freq:1.9.0
+    image: malcolmnetsec/freq:2.0.0
     restart: "no"
     hostname: freq
     environment:
@@ -378,7 +378,7 @@ services:
     expose:
       - 10004
   nginx-proxy:
-    image: malcolmnetsec/nginx-proxy:1.9.0
+    image: malcolmnetsec/nginx-proxy:2.0.0
     restart: "no"
     hostname: nginx-proxy
     environment:
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 82f3c29af..76813efa2 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -129,7 +129,7 @@ services:
       - ./elasticsearch:/usr/share/elasticsearch/data:delegated
       - ./elasticsearch-backup:/opt/elasticsearch/backup:delegated
   kibana:
-    image: malcolmnetsec/kibana-oss:1.9.0
+    image: malcolmnetsec/kibana-oss:2.0.0
     restart: "no"
     hostname: kibana
     environment:
@@ -152,7 +152,7 @@ services:
         retries: 3
         start_period: 200s
   elastalert:
-    image: malcolmnetsec/elastalert:1.9.0
+    image: malcolmnetsec/elastalert:2.0.0
     restart: "no"
     hostname: elastalert
     environment:
@@ -177,7 +177,7 @@ services:
       - ./elastalert/config/config.json:/opt/elastalert-server/config/config.json
       - ./elastalert/rules/:/opt/elastalert/rules/
   curator:
-    image: malcolmnetsec/curator:1.9.0
+    image: malcolmnetsec/curator:2.0.0
     restart: "no"
     hostname: curator
     environment:
@@ -187,7 +187,7 @@ services:
     depends_on:
       - elasticsearch
   logstash:
-    image: malcolmnetsec/logstash-oss:1.9.0
+    image: malcolmnetsec/logstash-oss:2.0.0
     restart: "no"
     hostname: logstash
     environment:
@@ -216,7 +216,7 @@ services:
       - ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
   filebeat:
-    image: malcolmnetsec/filebeat-oss:1.9.0
+    image: malcolmnetsec/filebeat-oss:2.0.0
     restart: "no"
     hostname: filebeat
     environment:
@@ -244,7 +244,7 @@ services:
       - ./filebeat/certs/client.crt:/certs/client.crt:ro
       - ./filebeat/certs/client.key:/certs/client.key:ro
   moloch:
-    image: malcolmnetsec/moloch:1.9.0
+    image: malcolmnetsec/moloch:2.0.0
     restart: "no"
     hostname: moloch
     env_file:
@@ -280,7 +280,7 @@ services:
       - ./moloch-logs:/data/moloch/logs
       - ./moloch-raw:/data/moloch/raw
   zeek:
-    image: malcolmnetsec/zeek:1.9.0
+    image: malcolmnetsec/zeek:2.0.0
     restart: "no"
     hostname: zeek
     environment:
@@ -297,7 +297,7 @@ services:
       - ./zeek-logs/upload:/zeek/upload
       - ./zeek-logs/extract_files:/zeek/extract_files
   file-monitor:
-    image: malcolmnetsec/file-monitor:1.9.0
+    image: malcolmnetsec/file-monitor:2.0.0
     restart: "no"
     hostname: filemon
     environment:
@@ -308,7 +308,7 @@ services:
       - ./zeek-logs/extract_files:/data/zeek/extract_files
       - ./zeek-logs/current:/data/zeek/logs
   pcap-capture:
-    image: malcolmnetsec/pcap-capture:1.9.0
+    image: malcolmnetsec/pcap-capture:2.0.0
     restart: "no"
     network_mode: host
     ulimits:
@@ -325,7 +325,7 @@ services:
     volumes:
       - ./pcap/upload:/pcap
   pcap-monitor:
-    image: malcolmnetsec/pcap-monitor:1.9.0
+    image: malcolmnetsec/pcap-monitor:2.0.0
     restart: "no"
     hostname: pcapmon
     environment:
@@ -339,7 +339,7 @@ services:
       - ./zeek-logs:/zeek
       - ./pcap:/pcap
   upload:
-    image: malcolmnetsec/file-upload:1.9.0
+    image: malcolmnetsec/file-upload:2.0.0
     restart: "no"
     hostname: upload
     env_file:
@@ -356,7 +356,7 @@ services:
     volumes:
       - ./pcap/upload:/var/www/upload/server/php/chroot/files
   htadmin:
-    image: malcolmnetsec/htadmin:1.9.0
+    image: malcolmnetsec/htadmin:2.0.0
     restart: "no"
     hostname: htadmin
     environment:
@@ -369,7 +369,7 @@ services:
       - ./htadmin/metadata:/var/www/htadmin/config/metadata:rw
       - ./nginx/htpasswd:/var/www/htadmin/config/htpasswd:rw
   freq:
-    image: malcolmnetsec/freq:1.9.0
+    image: malcolmnetsec/freq:2.0.0
     restart: "no"
     hostname: freq
     environment:
@@ -378,7 +378,7 @@ services:
     expose:
       - 10004
   nginx-proxy:
-    image: malcolmnetsec/nginx-proxy:1.9.0
+    image: malcolmnetsec/nginx-proxy:2.0.0
     restart: "no"
     hostname: nginx-proxy
     environment:
diff --git a/docker-compose.yml b/docker-compose.yml
index 6e3437042..a1047d88d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -132,7 +132,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/kibana.Dockerfile
-    image: malcolmnetsec/kibana-oss:1.9.0
+    image: malcolmnetsec/kibana-oss:2.0.0
     restart: "no"
     hostname: kibana
     environment:
@@ -158,7 +158,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/elastalert.Dockerfile
-    image: malcolmnetsec/elastalert:1.9.0
+    image: malcolmnetsec/elastalert:2.0.0
     restart: "no"
     hostname: elastalert
     environment:
@@ -186,7 +186,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/curator.Dockerfile
-    image: malcolmnetsec/curator:1.9.0
+    image: malcolmnetsec/curator:2.0.0
     restart: "no"
     hostname: curator
     environment:
@@ -201,7 +201,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/logstash.Dockerfile
-    image: malcolmnetsec/logstash-oss:1.9.0
+    image: malcolmnetsec/logstash-oss:2.0.0
     restart: "no"
     hostname: logstash
     environment:
@@ -235,7 +235,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/filebeat.Dockerfile
-    image: malcolmnetsec/filebeat-oss:1.9.0
+    image: malcolmnetsec/filebeat-oss:2.0.0
     restart: "no"
     hostname: filebeat
     environment:
@@ -267,7 +267,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/moloch.Dockerfile
-    image: malcolmnetsec/moloch:1.9.0
+    image: malcolmnetsec/moloch:2.0.0
     restart: "no"
     hostname: moloch
     env_file:
@@ -308,7 +308,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/zeek.Dockerfile
-    image: malcolmnetsec/zeek:1.9.0
+    image: malcolmnetsec/zeek:2.0.0
     restart: "no"
     hostname: zeek
     environment:
@@ -329,7 +329,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/file-monitor.Dockerfile
-    image: malcolmnetsec/file-monitor:1.9.0
+    image: malcolmnetsec/file-monitor:2.0.0
     restart: "no"
     hostname: filemon
     environment:
@@ -343,7 +343,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/pcap-capture.Dockerfile
-    image: malcolmnetsec/pcap-capture:1.9.0
+    image: malcolmnetsec/pcap-capture:2.0.0
     restart: "no"
     network_mode: host
     ulimits:
@@ -363,7 +363,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/pcap-monitor.Dockerfile
-    image: malcolmnetsec/pcap-monitor:1.9.0
+    image: malcolmnetsec/pcap-monitor:2.0.0
     restart: "no"
     hostname: pcapmon
     environment:
@@ -380,7 +380,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/file-upload.Dockerfile
-    image: malcolmnetsec/file-upload:1.9.0
+    image: malcolmnetsec/file-upload:2.0.0
     restart: "no"
     hostname: upload
     env_file:
@@ -397,7 +397,7 @@ services:
     volumes:
       - ./pcap/upload:/var/www/upload/server/php/chroot/files
   htadmin:
-    image: malcolmnetsec/htadmin:1.9.0
+    image: malcolmnetsec/htadmin:2.0.0
     build:
       context: .
       dockerfile: Dockerfiles/htadmin.Dockerfile
@@ -413,7 +413,7 @@ services:
       - ./htadmin/metadata:/var/www/htadmin/config/metadata:rw
       - ./nginx/htpasswd:/var/www/htadmin/config/htpasswd:rw
   freq:
-    image: malcolmnetsec/freq:1.9.0
+    image: malcolmnetsec/freq:2.0.0
     build:
       context: .
       dockerfile: Dockerfiles/freq.Dockerfile
@@ -428,7 +428,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/nginx.Dockerfile
-    image: malcolmnetsec/nginx-proxy:1.9.0
+    image: malcolmnetsec/nginx-proxy:2.0.0
     restart: "no"
     hostname: nginx-proxy
     environment:
diff --git a/sensor-iso/README.md b/sensor-iso/README.md
index 8d2f4d891..450ed3e0b 100644
--- a/sensor-iso/README.md
+++ b/sensor-iso/README.md
@@ -398,7 +398,7 @@ Building the ISO may take 90 minutes or more depending on your system. As the bu
 
 ```
 …
-Finished, created "/sensor-build/hedgehog-1.9.0.iso"
+Finished, created "/sensor-build/hedgehog-2.0.0.iso"
 …
 ```
 

From 3402e308e11d070bc91c553c95676e0b5e2fd81e Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 30 Jan 2020 15:26:13 -0700
Subject: [PATCH 054/183] some field normalization for 2.0.0

- restored kibana swimlane visualization as it has been fixed for 7.5.x
- remove some unused fields from records (agent.ephemeral_id, input.type, path portion of log.file.path)
- remove "_jsonparsefailure" tag on cleanup
- change some places where we were doing calculations to get count values when we already know the count is "1"
- normalization of "action" or "command" values to "zeek.action" field
- normalization of mime type, file names, fuids, and service version
---
 Dockerfiles/kibana.Dockerfile                 |  19 +-
 .../078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json |   4 +-
 .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json |   4 +-
 .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json |   4 +-
 .../9ee51f94-3316-4fc5-bd89-93a52af69714.json |   4 +-
 logstash/pipelines/enrichment/11_lookups.conf |   8 +
 .../enrichment/18_tags_finalize.conf          |   1 +
 logstash/pipelines/zeek/11_zeek_logs.conf     | 759 ++++--------------
 .../pipelines/zeek/12_zeek_normalize.conf     | 277 +++++++
 logstash/pipelines/zeek/13_zeek_convert.conf  |  35 +
 moloch/wise/source.zeeklogs.js                |  36 +-
 11 files changed, 512 insertions(+), 639 deletions(-)
 create mode 100644 logstash/pipelines/zeek/12_zeek_normalize.conf
 create mode 100644 logstash/pipelines/zeek/13_zeek_convert.conf

diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
index f5fb8b2a8..a7dd09f50 100644
--- a/Dockerfiles/kibana.Dockerfile
+++ b/Dockerfiles/kibana.Dockerfile
@@ -51,7 +51,7 @@ ADD https://github.com/bitsensor/elastalert-kibana-plugin/releases/download/1.1.
 
 # todo: these extra plugins are kind of gutted right now with 7.5.x, need to fix
 
-# ADD https://github.com/prelert/kibana-swimlane-vis/releases/download/v7.4.2/prelert_swimlane_vis-7.4.2.zip /tmp/kibana-swimlane.zip
+ADD https://github.com/prelert/kibana-swimlane-vis/releases/download/v7.5.1/prelert_swimlane_vis-7.5.1.zip /tmp/kibana-swimlane.zip
 # ADD https://github.com/gwintzer/kibana-comments-app-plugin/releases/download/7.4.0/kibana-comments-app-plugin-7.4.0-latest.zip /tmp/kibana-comments.zip
 
 # see https://github.com/walterra/kibana-milestones-vis/issues/9
@@ -79,16 +79,15 @@ RUN chmod 755 /data/*.sh /data/*.py && \
       sed -i "s/7\.5\.0/7\.5\.1/g" kibana/elastalert-kibana-plugin/package.json && \
       zip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
       /usr/share/kibana/bin/kibana-plugin install file:///tmp/elastalert-kibana-plugin.zip --allow-root && \
-      rm -f /tmp/elastalert-kibana-plugin.zip
-
+      rm -f /tmp/elastalert-kibana-plugin.zip && \
+    echo "Installing Swimlanes visualization..." && \
+      unzip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
+      sed -i "s/7\.5\.1/7\.5\.1/g" kibana/prelert_swimlane_vis/package.json && \
+      zip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
+      /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
+      bash -c "find /usr/share/kibana/plugins/prelert_swimlane_vis/ -type f -exec chmod 644 '{}' \;" && \
+      rm -f /tmp/kibana-swimlane.zip
     ## && \
-    ## echo "Installing Swimlanes visualization..." && \
-    ##  unzip kibana-swimlane.zip kibana/prelert_swimlane_vis-7.4.2/package.json && \
-    ##  sed -i "s/7\.4\.2/7\.5\.1/g" kibana/prelert_swimlane_vis-7.4.2/package.json && \
-    ##  zip kibana-swimlane.zip kibana/prelert_swimlane_vis-7.4.2/package.json && \
-    ##  /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
-    ##  bash -c "find /usr/share/kibana/plugins/prelert_swimlane_vis/ -type f -exec chmod 644 '{}' \;" && \
-    ##  rm -f /tmp/kibana-swimlane.zip && \
     ## echo "Installing Comments visualization..." && \
     ##   unzip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
     ##   sed -i "s/7\.4\.0/7\.5\.1/g" kibana/kibana-comments-app-plugin/package.json && \
diff --git a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
index 0bb32110f..1c6afb768 100644
--- a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
+++ b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
@@ -10,7 +10,7 @@
         "title": "FTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":20,\"y\":8,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":32,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":8,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":56,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":56,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":32,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"zeek_ftp.fuid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"14\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"14\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"15\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":8,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":20,\"y\":8,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":32,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":8,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":56,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":56,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":32,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"zeek.fuid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"14\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"14\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"15\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":8,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -317,7 +317,7 @@
           "dstIp",
           "dstPort",
           "zeek.uid",
-          "zeek_ftp.fuid",
+          "zeek.fuid",
           "_id"
         ]
       },
diff --git a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index 4241db2c8..7dd8330c8 100644
--- a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -10,7 +10,7 @@
         "title": "PE",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"zeek_pe.fuid\",\"zeek_pe.machine\",\"zeek_pe.is_exe\",\"zeek_pe.is_64bit\",\"zeek_pe.subsystem\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"zeek.fuid\",\"zeek_pe.machine\",\"zeek_pe.is_exe\",\"zeek_pe.is_64bit\",\"zeek_pe.subsystem\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -186,7 +186,7 @@
         },
         "columns": [
           "zeek_pe.machine",
-          "zeek_pe.fuid",
+          "zeek.fuid",
           "_id"
         ]
       },
diff --git a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
index 3f1afddfc..4bd23165e 100644
--- a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
+++ b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
@@ -10,7 +10,7 @@
         "title": "Intel",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":72,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":28,\"h\":24,\"x\":20,\"y\":48,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":0,\"y\":48,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"zeek_intel.fuid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":72,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"17\"},\"panelIndex\":\"17\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"}]",
+        "panelsJSON": "[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":72,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":28,\"h\":24,\"x\":20,\"y\":48,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":0,\"y\":48,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"zeek.fuid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":72,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"17\"},\"panelIndex\":\"17\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -349,7 +349,7 @@
           "dstIp",
           "dstPort",
           "zeek.uid",
-          "zeek_intel.fuid",
+          "zeek.fuid",
           "_id"
         ]
       },
diff --git a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
index eef0b5bf1..b6f29ab97 100644
--- a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
+++ b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
@@ -10,7 +10,7 @@
         "title": "Files",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"zeek_files.tx_hosts\",\"dstIp\",\"zeek_files.source\",\"zeek.uid\",\"zeek_files.fuid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":48,\"i\":\"7\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":48,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"12\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"zeek_files.tx_hosts\",\"dstIp\",\"zeek_files.source\",\"zeek.uid\",\"zeek.fuid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":48,\"i\":\"7\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":48,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"12\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -145,7 +145,7 @@
           "dstIp",
           "zeek_files.source",
           "zeek.uid",
-          "zeek_files.fuid",
+          "zeek.fuid",
           "_id"
         ]
       },
diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index 51268d370..805d1f841 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -365,12 +365,20 @@ filter {
              add_field => { "[node]" => "logs" } }
   }
 
+  if ([log][file][path]) {
+    # trim path portion of log.file.path
+    mutate { id => "mutate_gsub_field_zeek_log_file_path"
+             gsub => [ "[log][file][path]", "^.*/", "" ] }
+  }
+
   # remove some useless beats-related fields
   mutate {
     id => "mutate_remove_field_beats_useless"
     remove_field => [
       "[beat]",
+      "[agent][ephemeral_id]",
       "[log][offset]",
+      "[input][type]",
       "[prospector]",
       "[message]"
     ]
diff --git a/logstash/pipelines/enrichment/18_tags_finalize.conf b/logstash/pipelines/enrichment/18_tags_finalize.conf
index 71c18d408..7bae05368 100644
--- a/logstash/pipelines/enrichment/18_tags_finalize.conf
+++ b/logstash/pipelines/enrichment/18_tags_finalize.conf
@@ -5,6 +5,7 @@ filter {
   mutate { id => "mutate_enrichment_tags_remove"
            remove_tag => [ "beats_input_codec_plain_applied",
                            "_grokparsefailure",
+                           "_jsonparsefailure",
                            "_dissectfailure",
                            "_ouilookupfailure",
                            "_geoip_lookup_failure" ] }
diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index d566d47ea..11fb679be 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -223,10 +223,8 @@ filter {
       }
     }
 
-    mutate {
-      id => "mutate_add_field_zeek_conn_segmentCnt"
-      add_field => { "[segmentCnt]" => "1" }
-    }
+    mutate { id => "mutate_add_field_zeek_conn_segmentCnt"
+             add_field => { "[segmentCnt]" => "1" } }
 
     if ([zeek_cols][orig_ip_bytes]) and ([zeek_cols][orig_ip_bytes] != '-') and ([zeek_cols][orig_ip_bytes] != '(empty)') and ([zeek_cols][orig_ip_bytes] != '') {
       mutate { id => "mutate_add_field_zeek_srcBytes"
@@ -1236,7 +1234,6 @@ filter {
       }
     }
 
-
   } else if ([source] == "mqtt_subscribe") {
     #############################################################################################################################
     # mqtt_subscribe.log
@@ -1638,6 +1635,10 @@ filter {
       add_field =>  { "[zeek_cols][service]" => "rdp" }
     }
 
+    # remove RDP prefix from client_build (version)
+    mutate { id => "mutate_gsub_field_zeek_rdp_client_build"
+             gsub => [ "[zeek_cols][client_build]", "^RDP ", "" ] }
+
   } else if ([source] == "rfb") {
     #############################################################################################################################
     # rfb.log
@@ -1791,6 +1792,13 @@ filter {
       }
     }
 
+    # remove SMB prefix from version
+    mutate { id => "mutate_gsub_field_zeek_smb_cmd_version"
+             gsub => [ "[zeek_cols][version]", "^SMB", "" ] }
+
+    mutate { id => "mutate_gsub_zeek_smb_cmd_command"
+             gsub => [ "[zeek_cols][command]", "SMB::", "" ] }
+
   } else if ([source] == "smb_files") {
     #############################################################################################################################
     # smb_files.log
@@ -1866,6 +1874,9 @@ filter {
       }
     }
 
+    mutate { id => "mutate_gsub_zeek_smb_files_action"
+             gsub => [ "[zeek_cols][action]", "SMB::", "" ] }
+
   } else if ([source] == "smb_mapping") {
     #############################################################################################################################
     # smb_mapping.log
@@ -1908,7 +1919,7 @@ filter {
       id => "dissect_zeek_smtp"
       # zeek's default delimiter is a literal tab, MAKE SURE YOUR EDITOR DOESN'T SCREW IT UP
       mapping => {
-        "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][orig_p]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][resp_p]}	%{[zeek_cols][trans_depth]}	%{[zeek_cols][helo]}	%{[zeek_cols][mailfrom]}	%{[zeek_cols][rcptto]}	%{[zeek_cols][date]}	%{[zeek_cols][from]}	%{[zeek_cols][to]}	%{[zeek_cols][cc]}	%{[zeek_cols][reply_to]}	%{[zeek_cols][msg_id]}	%{[zeek_cols][in_reply_to]}	%{[zeek_cols][subject]}	%{[zeek_cols][x_originating_ip]}	%{[zeek_cols][first_received]}	%{[zeek_cols][second_received]}	%{[zeek_cols][last_reply]}	%{[zeek_cols][path]}	%{[zeek_cols][user_agent]}	%{[zeek_cols][tls]}	%{[zeek_cols][fuids]}	%{[zeek_cols][is_webmail]}"
+        "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][orig_p]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][resp_p]}	%{[zeek_cols][trans_depth]}	%{[zeek_cols][helo]}	%{[zeek_cols][mailfrom]}	%{[zeek_cols][rcptto]}	%{[zeek_cols][date]}	%{[zeek_cols][from]}	%{[zeek_cols][to]}	%{[zeek_cols][cc]}	%{[zeek_cols][reply_to]}	%{[zeek_cols][msg_id]}	%{[zeek_cols][in_reply_to]}	%{[zeek_cols][subject]}	%{[zeek_cols][x_originating_ip]}	%{[zeek_cols][first_received]}	%{[zeek_cols][second_received]}	%{[zeek_cols][last_reply]}	%{[zeek_cols][path]}	%{[zeek_cols][user_agent]}	%{[zeek_cols][tls]}	%{[zeek_cols][fuid]}	%{[zeek_cols][is_webmail]}"
       }
     }
     if ("_dissectfailure" in [tags]) {
@@ -1919,7 +1930,7 @@ filter {
       }
       ruby {
         id => "ruby_zip_zeek_smtp"
-        init => "$zeek_smtp_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'trans_depth', 'helo', 'mailfrom', 'rcptto', 'date', 'from', 'to', 'cc', 'reply_to', 'msg_id', 'in_reply_to', 'subject', 'x_originating_ip', 'first_received', 'second_received', 'last_reply', 'path', 'user_agent', 'tls', 'fuids', 'is_webmail' ]"
+        init => "$zeek_smtp_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'trans_depth', 'helo', 'mailfrom', 'rcptto', 'date', 'from', 'to', 'cc', 'reply_to', 'msg_id', 'in_reply_to', 'subject', 'x_originating_ip', 'first_received', 'second_received', 'last_reply', 'path', 'user_agent', 'tls', 'fuid', 'is_webmail' ]"
         code => "event.set('[zeek_cols]', $zeek_smtp_field_names.zip(event.get('[message]')).to_h)"
       }
     }
@@ -2329,6 +2340,8 @@ filter {
              lowercase => [ "[zeek_cols][service]" ] }
     mutate { id => "mutate_gsub_zeek_tunnel_service"
              gsub => [ "[zeek_cols][service]", "tunnel::", "" ] }
+    mutate { id => "mutate_gsub_zeek_tunnel_action"
+             gsub => [ "[zeek_cols][action]", "Tunnel::", "" ] }
 
   } else if ([source] == "weird") {
     #############################################################################################################################
@@ -2380,13 +2393,9 @@ filter {
       }
     }
 
-    mutate {
-      id => "mutate_add_fields_zeek_x509"
-      add_field => {
-        "[zeek_cols][service]" => "X.509"
-        "[certCnt]" => "1"
-      }
-    }
+    mutate { id => "mutate_add_fields_zeek_x509"
+             add_field => { "[zeek_cols][service]" => "X.509"
+                            "[certCnt]" => "1" } }
 
   } else {
     # some other unknown zeek log file. should start with ts at least!
@@ -2432,6 +2441,7 @@ filter {
     id => "mutate_rename_zeek_common_fields"
     rename => { "[zeek_%{[source]}][ts]"              => "[zeek][ts]" }
     rename => { "[zeek_%{[source]}][uid]"             => "[zeek][uid]" }
+    rename => { "[zeek_%{[source]}][fuid]"            => "[zeek][fuid]" }
     rename => { "[zeek_%{[source]}][orig_h]"          => "[zeek][orig_h]" }
     rename => { "[zeek_%{[source]}][orig_p]"          => "[zeek][orig_p]" }
     rename => { "[zeek_%{[source]}][orig_l2_addr]"    => "[zeek][orig_l2_addr]" }
@@ -2488,6 +2498,10 @@ filter {
              add_field => { "[zeek][uid]" => "%{[@metadata][uuid]}" } }
   }
 
+  # if present, FUIDs are always a vector (comma-separated)
+  if ([zeek][fuid]) { mutate { id => "mutate_split_zeek_fuids"
+                               split => { "[zeek][fuid]" => "," } } }
+
   if ([source] == "conn") {
     mutate { id => "mutate_add_field_zeek_conn_zeekLogDocId"
              add_field => { "[zeekLogDocId]" => "%{[zeek][uid]}" } }
@@ -2667,20 +2681,10 @@ filter {
                split => { "[zeek_bacnet][data]" => "," } }
 
       #if ([zeek_bacnet][data_dict][date]) and ([zeek_bacnet][data_dict][time]) {
+      # TODO:
       #}
     }
 
-  } else if ([source] == "dce_rpc") {
-    #############################################################################################################################
-    # dce_rpc.log specific logic
-
-    mutate {
-      id => "mutate_zeek_dce_rpc_convert"
-      convert => {
-        "[zeek_dce_rpc][rtt]" => "float"
-      }
-    }
-
   } else if ([source] == "dhcp") {
     #############################################################################################################################
     # dhcp.log specific logic
@@ -2692,10 +2696,8 @@ filter {
       }
       mutate { id => "mutate_merge_zeek_dhcp_mac"
                merge => { "[dhcp][mac]" => "[zeek][orig_l2_addr]" } }
-      ruby {
-        id => "ruby_zeek_dhcp_macCnt"
-        code => "event.set('[dhcp][macCnt]', event.get('[dhcp][mac]').length)"
-      }
+      mutate { id => "mutate_add_field_dhcp_macCnt"
+               add_field => { "[dhcp][macCnt]" => "1" } }
     }
 
     if ([zeek_dhcp][msg_types]) {
@@ -2708,10 +2710,8 @@ filter {
     if ([zeek_dhcp][trans_id]) {
       mutate { id => "mutate_merge_zeek_dhcp_id"
                merge => { "[dhcp][id]" => "[zeek_dhcp][trans_id]" } }
-      ruby {
-        id => "ruby_zeek_dhcp_idCnt"
-        code => "event.set('[dhcp][idCnt]', event.get('[dhcp][id]').length)"
-      }
+      mutate { id => "mutate_add_field_dhcp_idCnt"
+               add_field => { "[dhcp][idCnt]" => "1" } }
     }
 
     if ([zeek_dhcp][host_name]) {
@@ -2759,80 +2759,41 @@ filter {
                add_field => { "[@metadata][opcode]" => "QUERY" } }
       mutate { id => "mutate_merge_zeek_opcode"
                merge => { "[dns][opcode]" => "[@metadata][opcode]" } }
-    }
-    if ([dns][host]) {
-      ruby {
-        id => "ruby_zeek_dns_hostCnt"
-        code => "event.set('[dns][hostCnt]', event.get('[dns][host]').length)"
-      }
-    }
-    if ([dns][opcode]) {
-      ruby {
-        id => "ruby_zeek_dns_opcodeCnt"
-        code => "event.set('[dns][opcodeCnt]', event.get('[dns][opcode]').length)"
-      }
+      mutate { id => "mutate_add_field_dns_hostCnt"
+               add_field => { "[dns][hostCnt]" => "1" } }
+      mutate { id => "mutate_add_field_dns_opcodeCnt"
+               add_field => { "[dns][opcodeCnt]" => "1" } }
     }
 
     if ([@metadata][answers_ip]) {
       mutate { id => "mutate_merge_zeek_dns_ip"
                merge => { "[dns][ip]" => "[@metadata][answers_ip]" } }
+      ruby {
+        id => "ruby_zeek_dns_ipCnt"
+        code => "event.set('[dns][ipCnt]', event.get('[dns][ip]').length)"
+      }
     }
 
     if ([zeek_dns][qclass_name]) {
       mutate { id => "mutate_merge_zeek_dns_qc"
                merge => { "[dns][qc]" => "[zeek_dns][qclass_name]" } }
-      ruby {
-        id => "ruby_zeek_dns_qcCnt"
-        code => "event.set('[dns][qcCnt]', event.get('[dns][qc]').length)"
-      }
+      mutate { id => "mutate_add_field_dns_qcCnt"
+               add_field => { "[dns][qcCnt]" => "1" } }
     }
 
     if ([zeek_dns][qtype_name]) {
       mutate { id => "mutate_merge_zeek_dns_qt"
                merge => { "[dns][qt]" => "[zeek_dns][qtype_name]" } }
-      ruby {
-        id => "ruby_zeek_dns_qtCnt"
-        code => "event.set('[dns][qtCnt]', event.get('[dns][qt]').length)"
-      }
-    }
-
-    if ([dns][ip]) {
-      ruby {
-        id => "ruby_zeek_dns_ipCnt"
-        code => "event.set('[dns][ipCnt]', event.get('[dns][ip]').length)"
-      }
-    } # if([dns][ip])
-
-    mutate {
-      id => "mutate_zeek_dns_convert"
-      convert => {
-        "[zeek_dns][rtt]" => "float"
-      }
+      mutate { id => "mutate_add_field_dns_qtCnt"
+               add_field => { "[dns][qtCnt]" => "1" } }
     }
 
   } else if ([source] == "files") {
     #############################################################################################################################
     # files.log specific logic
 
-    # collect all FUIDs under the parent [zeek][fuid] array
-    if ([zeek_files][fuid]) {
-      mutate { id => "mutate_split_zeek_files_fuid"
-               split => { "[zeek_files][fuid]" => "," } }
-      mutate { id => "mutate_merge_zeek_files_fuid"
-               merge => { "[zeek][fuid]" => "[zeek_files][fuid]" } }
-    }
-    if ([zeek_files][parent_fuid]) {
-      mutate { id => "mutate_split_zeek_files_parent_fuid"
-               split => { "[zeek_files][parent_fuid]" => "," } }
-      mutate { id => "mutate_merge_zeek_files_parent_fuid"
-               merge => { "[zeek][fuid]" => "[zeek_files][parent_fuid]" } }
-    }
-    # collect all filenames under the parent [zeek][filename] array
-    if ([zeek_files][filename]) { mutate { id => "mutate_merge_zeek_files_filename"
-                                          merge => { "[zeek][filename]" => "[zeek_files][filename]" } } }
-    # collect all mime types under the parent [zeek][filetype] array
-    if ([zeek_files][mime_type]) { mutate { id => "mutate_merge_zeek_files_mime_type"
-                                           merge => { "[zeek][filetype]" => "[zeek_files][mime_type]" } } }
+    if ([zeek_files][parent_fuid]) { mutate { id => "mutate_split_zeek_files_parent_fuid"
+                                              split => { "[zeek_files][parent_fuid]" => "," } } }
 
     if ([zeek_files][total_bytes]) {
       ruby {
@@ -2861,18 +2822,6 @@ filter {
       }
     }
 
-    # collect all FUIDs under the parent [zeek][fuid] array
-    if ([zeek_ftp][fuid]) {
-      mutate { id => "mutate_split_zeek_ftp_fuid"
-               split => { "[zeek_ftp][fuid]" => "," } }
-      mutate { id => "mutate_merge_zeek_ftp_fuid"
-               merge => { "[zeek][fuid]" => "[zeek_ftp][fuid]" } }
-    }
-
-    # collect all mime types under the parent [zeek][filetype] array
-    if ([zeek_ftp][mime_type]) { mutate { id => "mutate_merge_zeek_ftp_filetype"
-                                         merge => { "[zeek][filetype]" => "[zeek_ftp][mime_type]" } } }
-
   } else if ([source] == "gquic") {
     #############################################################################################################################
     # gquic.log specific logic
@@ -2880,19 +2829,15 @@ filter {
     if ([zeek_gquic][user_agent]) {
       mutate { id => "mutate_merge_zeek_quic_useragent"
                merge => { "[quic][useragent]" => "[zeek_gquic][user_agent]" } }
-      mutate {
-        id => "mutate_add_field_zeek_quic_useragentCnt"
-        add_field =>  { "[quic][useragentCnt]" => "1" }
-      }
+      mutate { id => "mutate_add_field_zeek_quic_useragentCnt"
+               add_field =>  { "[quic][useragentCnt]" => "1" } }
     }
 
     if ([zeek_gquic][server_name]) {
       mutate { id => "mutate_merge_zeek_quic_host"
                merge => { "[quic][host]" => "[zeek_gquic][server_name]" } }
-      mutate {
-        id => "mutate_add_field_zeek_quic_hostCnt"
-        add_field =>  { "[quic][hostCnt]" => "1" }
-      }
+      mutate { id => "mutate_add_field_zeek_quic_hostCnt"
+               add_field =>  { "[quic][hostCnt]" => "1" } }
     }
 
     if ([zeek_gquic][version]) {
@@ -2900,13 +2845,8 @@ filter {
         id => "ruby_zeek_set_quic_version"
         code => "event.set('[quic][version]', 'Q' + event.get('[zeek_gquic][version]').rjust(3, '0'))"
       }
-      mutate {
-        id => "mutate_add_field_zeek_quic_versionCnt"
-        add_field =>  { "[quic][versionCnt]" => "1" }
-      }
-      # collect protocol version under the parent zeek.service_version array
-      mutate { id => "mutate_merge_field_zeek_service_version_quic"
-               merge => { "[zeek][service_version]" => "[zeek_gquic][version]" } }
+      mutate { id => "mutate_add_field_zeek_quic_versionCnt"
+               add_field =>  { "[quic][versionCnt]" => "1" } }
     }
 
 
@@ -2934,10 +2874,8 @@ filter {
     if ([zeek_http][host]) {
       mutate { id => "mutate_merge_zeek_http_host"
                merge => { "[http][host]" => "[zeek_http][host]" } }
-      ruby {
-        id => "ruby_zeek_http_hostCnt"
-        code => "event.set('[http][hostCnt]', event.get('[http][host]').length)"
-      }
+      mutate { id => "mutate_add_field_http_hostCnt"
+               add_field => { "[http][hostCnt]" => "1" } }
     }
 
     if ([zeek_http][uri]) {
@@ -2955,72 +2893,52 @@ filter {
       merge => { "[http][uri]" => "[zeek_http][referrer]" } }
     }
 
-    if ([http][uri]) {
-      ruby {
-        id => "ruby_zeek_http_uriCnt"
-        code => "event.set('[http][uriCnt]', event.get('[http][uri]').length)"
-      }
-    }
+    if ([http][uri]) { mutate { id => "mutate_add_field_http_uriCnt"
+                                add_field => { "[http][uriCnt]" => "1" } } }
 
     if ([zeek_http][user_agent]) {
       mutate { id => "mutate_merge_zeek_http_user_agent"
                merge => { "[http][useragent]" => "[zeek_http][user_agent]" } }
-      ruby {
-        id => "ruby_zeek_http_useragentCnt"
-        code => "event.set('[http][useragentCnt]', event.get('[http][useragent]').length)"
-      }
+      mutate { id => "mutate_add_field_http_useragentCnt"
+               add_field => { "[http][useragentCnt]" => "1" } }
     }
 
     if ([zeek_http][orig_mime_types]) {
       mutate { id => "mutate_merge_zeek_http_orig_mime_types"
-               merge => { "[@metadata][mime_types]" => "[zeek_http][orig_mime_types]" } }
+               merge => { "[http][bodyMagic]" => "[zeek_http][orig_mime_types]" } }
     }
 
     if ([zeek_http][resp_mime_types]) {
       mutate { id => "mutate_merge_zeek_http_resp_mime_types"
-               merge => { "[@metadata][mime_types]" => "[zeek_http][resp_mime_types]" } }
+               merge => { "[http][bodyMagic]" => "[zeek_http][resp_mime_types]" } }
     }
 
-    if ([@metadata][mime_types]) {
-      mutate { id => "mutate_merge_zeek_http_bodyMagic"
-               merge => { "[http][bodyMagic]" => "[@metadata][mime_types]" } }
+    if ([http][bodyMagic]) {
       ruby {
         id => "ruby_zeek_http_bodyMagicCnt"
-        code => "event.set('[http][bodyMagicCnt]', event.get('[@metadata][mime_types]').length)"
+        code => "event.set('[http][bodyMagicCnt]', event.get('[http][bodyMagic]').length)"
       }
-      # collect all mime types under the parent [zeek][filetype] array
-      mutate { id => "mutate_merge_zeek_http_filetype"
-               merge => { "[zeek][filetype]" => "[@metadata][mime_types]" } }
     }
 
     if ([zeek_http][version]) {
       mutate { id => "mutate_merge_zeek_http_clientVersion"
                merge => { "[http][clientVersion]" => "[zeek_http][version]" } }
-      ruby {
-        id => "ruby_zeek_http_clientVersionCnt"
-        code => "event.set('[http][clientVersionCnt]', event.get('[http][clientVersion]').length)"
-      }
-      # collect protocol version under the parent zeek.service_version array
-      mutate { id => "mutate_merge_field_zeek_service_version_http"
-               merge => { "[zeek][service_version]" => "[zeek_http][version]" } }
+      mutate { id => "mutate_add_field_http_clientVersion"
+               add_field => { "[http][clientVersionCnt]" => "1" } }
     }
 
     if ([zeek_http][status_code]) {
       mutate { id => "mutate_merge_zeek_http_statuscode"
                merge => { "[http][statuscode]" => "[zeek_http][status_code]" } }
-      ruby {
-        id => "ruby_zeek_http_statuscodeCnt"
-        code => "event.set('[http][statuscodeCnt]', event.get('[http][statuscode]').length)"
-      }
+      mutate { id => "mutate_add_field_http_statuscodeCnt"
+               add_field => { "[http][statuscodeCnt]" => "1" } }
     }
 
     if ([zeek_http][method]) {
       mutate { id => "mutate_merge_zeek_http_method"
                merge => { "[http][method]" => "[zeek_http][method]" } }
-      ruby {
-        id => "ruby_zeek_http_methodCnt"
-        code => "event.set('[http][methodCnt]', event.get('[http][method]').length)"
-      }
+      mutate { id => "mutate_add_field_http_methodCnt"
+               add_field => { "[http][methodCnt]" => "1" } }
     }
 
     ruby {
@@ -3028,77 +2946,34 @@ filter {
       code => "event.set('[totDataBytes]', event.get('[zeek_http][response_body_len]').to_i + event.get('[zeek_http][request_body_len]').to_i)"
     }
 
-    # collect all FUIDs under the parent [zeek][fuid] array
-    if ([zeek_http][orig_fuids]) { mutate { id => "mutate_merge_zeek_http_orig_fuids_to_fuid"
-                                           merge => { "[zeek][fuid]" => "[zeek_http][orig_fuids]" } } }
-    if ([zeek_http][resp_fuids]) { mutate { id => "mutate_merge_zeek_resp_fuids_to_fuid"
-                                           merge => { "[zeek][fuid]" => "[zeek_http][resp_fuids]" } } }
-
-    # collect all filenames under the parent [zeek][filename] array
-    if ([zeek_http][orig_filenames]) { mutate { id => "mutate_merge_zeek_http_orig_filenames_to_filename"
-                                               merge => { "[zeek][filename]" => "[zeek_http][orig_filenames]" } } }
-    if ([zeek_http][resp_filenames]) { mutate { id => "mutate_merge_zeek_http_resp_filenames_to_filename"
-                                               merge => { "[zeek][filename]" => "[zeek_http][resp_filenames]" } } }
-
 
   } else if ([source] == "irc") {
     #############################################################################################################################
     # irc.log specific logic
 
-    # collect all FUIDs under the parent [zeek][fuid] array
-    if ([zeek_irc][fuid]) {
-      mutate { id => "mutate_split_zeek_irc_fuid"
-               split => { "[zeek_irc][fuid]" => "," } }
-      mutate { id => "mutate_merge_zeek_irc_fuid"
-               merge => { "[zeek][fuid]" => "[zeek_irc][fuid]" } }
-    }
-
-    # collect all filenames under the parent [zeek][filename] array
-    if ([zeek_irc][dcc_file_name]) { mutate { id => "mutate_merge_zeek_irc_filename"
-                                             merge => { "[zeek][filename]" => "[zeek_irc][dcc_file_name]" } } }
-
-    # collect all mime types under the parent [zeek][filetype] array
-    if ([zeek_irc][dcc_mime_type]) { mutate { id => "mutate_merge_zeek_irc_filetype"
-                                             merge => { "[zeek][filetype]" => "[zeek_irc][dcc_mime_type]" } } }
-
     if ([zeek_irc][nick]) {
       mutate { id => "mutate_merge_zeek_irc_nick"
                merge => { "[irc][nick]" => "[zeek_irc][nick]" } }
-      ruby {
-        id => "ruby_zeek_irc_nickCnt"
-        code => "event.set('[irc][nickCnt]', event.get('[irc][nick]').length)"
-      }
+      mutate { id => "mutate_add_field_irc_nickCnt"
+               add_field => { "[irc][nickCnt]" => "1" } }
+      # store "nick" alongside "user"
+      mutate { id => "mutate_merge_irc_nick_user"
+               merge => { "[zeek][user]" => "[zeek_irc][nick]" } }
     }
 
     if ([zeek_irc][command]) and ([zeek_irc][value]) and (([zeek_irc][command] == "JOIN") or ([zeek_irc][command] == "PART")) {
       mutate { id => "mutate_merge_zeek_irc_channel"
                merge => { "[irc][channel]" => "[zeek_irc][value]" } }
-      ruby {
-        id => "ruby_zeek_irc_channelCnt"
-        code => "event.set('[irc][channelCnt]', event.get('[irc][channel]').length)"
-      }
+      mutate { id => "mutate_add_field_irc_channelCnt"
+               add_field => { "[irc][channelCnt]" => "1" } }
     }
 
   } else if ([source] == "intel") {
     #############################################################################################################################
     # intel.log specific logic
 
-    if ([zeek_intel][sources]) {
-      mutate { id => "mutate_split_zeek_intel_sources"
-               split => { "[zeek_intel][sources]" => "," } }
-    }
-
-    # collect all FUIDs under the parent [zeek][fuid] array
-    if ([zeek_intel][fuid]) {
-      mutate { id => "mutate_split_zeek_intel_fuid"
-               split => { "[zeek_intel][fuid]" => "," } }
-      mutate { id => "mutate_merge_zeek_intel_fuid"
-               merge => { "[zeek][fuid]" => "[zeek_intel][fuid]" } }
-    }
-
-    # collect all mime types under the parent [zeek][filetype] array
-    if ([zeek_intel][file_mime_type]) { mutate { id => "mutate_merge_zeek_intel_filetype"
-                                                merge => { "[zeek][filetype]" => "[zeek_intel][file_mime_type]" } } }
+    if ([zeek_intel][sources]) { mutate { id => "mutate_split_zeek_intel_sources"
+                                          split => { "[zeek_intel][sources]" => "," } } }
 
 
   } else if ([source] == "kerberos") {
@@ -3108,19 +2983,15 @@ filter {
     if ([zeek_kerberos][cname]) {
       mutate { id => "mutate_merge_zeek_kerberos_cname"
                merge => { "[krb5][cname]" => "[zeek_kerberos][cname]" } }
-      ruby {
-        id => "ruby_zeek_kerberos_cnameCnt"
-        code => "event.set('[krb5][cnameCnt]', event.get('[krb5][cname]').length)"
-      }
+      mutate { id => "mutate_add_field_kerberos_cnameCnt"
+               add_field => { "[krb5][cnameCnt]" => "1" } }
     }
 
     if ([zeek_kerberos][sname]) {
       mutate { id => "mutate_merge_zeek_kerberos_sname"
                merge => { "[krb5][sname]" => "[zeek_kerberos][sname]" } }
-      ruby {
-        id => "ruby_zeek_kerberos_snameCnt"
-        code => "event.set('[krb5][snameCnt]', event.get('[krb5][sname]').length)"
-      }
+      mutate { id => "mutate_add_field_kerberos_snameCnt"
+               add_field => { "[krb5][snameCnt]" => "1" } }
     }
 
     if ([zeek_kerberos][from]) {
@@ -3130,7 +3001,7 @@ filter {
         target => "[@metadata][krb_time_from]"
       }
       if ([@metadata][krb_time_from]) { mutate { id => "mutate_replace_zeek_kerberos_from"
-                                          replace => { "[zeek_kerberos][from]" => "%{[@metadata][krb_time_from]}" } } }
+                                                 replace => { "[zeek_kerberos][from]" => "%{[@metadata][krb_time_from]}" } } }
     }
     if ([zeek_kerberos][till]) {
       date {
@@ -3142,23 +3013,11 @@ filter {
                                           replace => { "[zeek_kerberos][till]" => "%{[@metadata][krb_time_till]}" } } }
     }
 
-    # collect all FUIDs under the parent [zeek][fuid] array
-    if ([zeek_kerberos][client_cert_fuid]) {
-      mutate { id => "mutate_split_zeek_kerberos_client_cert_fuid"
-               split => { "[zeek_kerberos][client_cert_fuid]" => "," } }
-      mutate { id => "mutate_merge_zeek_kerberos_client_cert_fuid"
-               merge => { "[@metadata][cert_fuids]" => "[zeek_kerberos][client_cert_fuid]" } }
-    }
-    if ([zeek_kerberos][server_cert_fuid]) {
-      mutate { id => "mutate_split_zeek_kerberos_server_cert_fuid"
-               split => { "[zeek_kerberos][server_cert_fuid]" => "," } }
-      mutate { id => "mutate_merge_zeek_kerberos_server_cert_fuid"
-               merge => { "[@metadata][cert_fuids]" => "[zeek_kerberos][server_cert_fuid]" } }
-    }
-    if ([@metadata][cert_fuids]) {
-      mutate { id => "mutate_merge_zeek_kerberos_fuids_to_fuid"
-               merge => { "[zeek][fuid]" => "[@metadata][cert_fuids]" } }
-    }
+    if ([zeek_kerberos][client_cert_fuid]) { mutate { id => "mutate_split_zeek_kerberos_client_cert_fuid"
+                                                      split => { "[zeek_kerberos][client_cert_fuid]" => "," } } }
+
+    if ([zeek_kerberos][server_cert_fuid]) { mutate { id => "mutate_split_zeek_kerberos_server_cert_fuid"
+                                                      split => { "[zeek_kerberos][server_cert_fuid]" => "," } } }
 
   } else if ([source] == "ldap") {
     #############################################################################################################################
@@ -3179,49 +3038,18 @@ filter {
       }
     }
 
-    mutate {
-      id => "mutate_zeek_ldap_convert"
-      convert => {
-        "[zeek_ldap][message_id]" => "integer"
-        "[zeek_ldap][result_code]" => "integer"
-      }
-    }
-
-  } else if ([source] == "modbus_register_change") {
-    #############################################################################################################################
-    # modbus_register_change.log specific logic
-
-    mutate {
-      id => "mutate_zeek_modbus_register_change_convert"
-      convert => {
-        "[zeek_modbus_register_change][register]" => "integer"
-        "[zeek_modbus_register_change][old_val]" => "integer"
-        "[zeek_modbus_register_change][new_val]" => "integer"
-        "[zeek_modbus_register_change][delta]" => "float"
-      }
-    }
-
-  } else if ([source] == "mqtt_connect") {
-    #############################################################################################################################
-    # mqtt_connect.log specific logic
-
-    if ([zeek_mqtt_connect][proto_version]) {
-      # collect protocol version under the parent zeek.service_version array
-      mutate { id => "mutate_merge_field_zeek_service_version_mqtt_connect"
-               merge => { "[zeek][service_version]" => "[zeek_mqtt_connect][proto_version]" } }
-    }
-
   } else if ([source] == "mqtt_publish") {
     #############################################################################################################################
     # mqtt_publish.log specific logic
 
-    mutate {
-      id => "mutate_zeek_mqtt_publish_convert_payload_len"
-      convert => {
-        "[zeek_mqtt_publish][payload_len]" => "integer"
-      }
+    # MQTT payload *may* be JSON, or it may not
+    json {
+      skip_on_invalid_json => true
+      source => "[zeek_mqtt_publish][payload]"
+      target => "[zeek_mqtt_publish][payload_dict]"
     }
 
+
   } else if ([source] == "mqtt_subscribe") {
     #############################################################################################################################
     # mqtt_subscribe.log specific logic
@@ -3230,31 +3058,12 @@ filter {
              split => { "[zeek_mqtt_subscribe][topics]" => ","
                         "[zeek_mqtt_subscribe][qos_levels]" => "," } }
 
-    mutate {
-      id => "mutate_zeek_mqtt_subscribe_convert_field"
-      convert => {
-        "[zeek_mqtt_subscribe][qos_levels]" => "integer"
-        "[zeek_mqtt_subscribe][granted_qos_level]" => "integer"
-      }
-    }
-
   } else if ([source] == "notice") {
     #############################################################################################################################
     # notice.log specific logic
     mutate { id => "mutate_split_zeek_notice_actions"
              split => { "[zeek_notice][actions]" => "," } }
 
-    # collect all FUIDs under the parent [zeek][fuid] array
-    if ([zeek_notice][fuid]) {
-      mutate { id => "mutate_split_zeek_notice_fuid"
-               split => { "[zeek_notice][fuid]" => "," } }
-      mutate { id => "mutate_merge_zeek_notice_fuid"
-               merge => { "[zeek][fuid]" => "[zeek_notice][fuid]" } }
-    }
-    # collect all mime types under the parent [zeek][filetype] array
-    if ([zeek_notice][file_mime_type]) { mutate { id => "mutate_merge_zeek_notice_filetype"
-                                                 merge => { "[zeek][filetype]" => "[zeek_notice][file_mime_type]" } } }
-
   } else if ([source] == "ntp") {
     #############################################################################################################################
     # ntp.log specific logic
@@ -3274,12 +3083,6 @@ filter {
       }
     }
 
-    if ([zeek_ntp][version]) {
-      # collect protocol version under the parent zeek.service_version array
-      mutate { id => "mutate_merge_field_zeek_service_version_ntp"
-               merge => { "[zeek][service_version]" => "[zeek_ntp][version]" } }
-    }
-
     # convert timestamps from UNIX
     # ref_time: Time when the system clock was last set or correct.
     if ([zeek_ntp][ref_time]) {
@@ -3342,20 +3145,6 @@ filter {
       }
     }
 
-    # convert various data types
-    mutate {
-      id => "mutate_convert_zeek_ntp"
-      convert => {
-        "[zeek_ntp][mode]" => "integer"
-        "[zeek_ntp][num_exts]" => "float"
-        "[zeek_ntp][poll]" => "float"
-        "[zeek_ntp][precision]" => "float"
-        "[zeek_ntp][root_delay]" => "float"
-        "[zeek_ntp][root_disp]" => "float"
-        "[zeek_ntp][version]" => "integer"
-      }
-    }
-
   } else if ([source] == "pe") {
     #############################################################################################################################
     # pe.log specific logic
@@ -3363,7 +3152,6 @@ filter {
     mutate { id => "mutate_split_zeek_pe_section_names"
              split => { "[zeek_pe][section_names]" => "," } }
 
-
     if ([zeek_pe][compile_ts]) {
      if ([zeek_pe][compile_ts] == "0.000000") {
        mutate {
@@ -3379,34 +3167,6 @@ filter {
       }
     }
 
-    # collect all FUIDs under the parent [zeek][fuid] array
-    if ([zeek_pe][fuid]) {
-      mutate { id => "mutate_split_zeek_pe_fuid"
-               split => { "[zeek_pe][fuid]" => "," } }
-      mutate { id => "mutate_merge_zeek_pe_fuid"
-               merge => { "[zeek][fuid]" => "[zeek_pe][fuid]" } }
-    }
-
-  } else if ([source] == "profinet") {
-    #############################################################################################################################
-    # profinet.log specific logic
-
-    if ([zeek_profinet][block_version]) {
-      # collect protocol version under the parent zeek.service_version array
-      mutate { id => "mutate_merge_field_zeek_service_version_profinet"
-               merge => { "[zeek][service_version]" => "[zeek_profinet][block_version]" } }
-    }
-
-  } else if ([source] == "profinet_dce_rpc") {
-    #############################################################################################################################
-    # profinet.log specific logic
-
-    if ([zeek_profinet_dce_rpc][version]) {
-      # collect protocol version under the parent zeek.service_version array
-      mutate { id => "mutate_merge_field_zeek_service_version_profinet_dce_rpc"
-               merge => { "[zeek][service_version]" => "[zeek_profinet_dce_rpc][version]" } }
-    }
-
   } else if ([source] == "radius") {
     #############################################################################################################################
     # radius.log specific logic
@@ -3417,28 +3177,22 @@ filter {
     if ([zeek_radius][framed_addr]) {
       mutate { id => "mutate_merge_zeek_radius_framed_addr"
                merge => { "[radius][framedIp]" => "[zeek_radius][framed_addr]" } }
-      ruby {
-        id => "ruby_zeek_radius_framedIpCnt"
-        code => "event.set('[radius][framedIpCnt]', event.get('[radius][framedIp]').length)"
-      }
+      mutate { id => "mutate_add_field_radius_framedIpCnt"
+               add_field => { "[radius][framedIpCnt]" => "1" } }
     }
 
     if ([zeek_radius][tunnel_client]) {
       mutate { id => "mutate_merge_zeek_radius_tunnel_client"
                merge => { "[radius][endpointIp]" => "[zeek_radius][tunnel_client]" } }
-      ruby {
-        id => "ruby_zeek_radius_endpointIpCnt"
-        code => "event.set('[radius][endpointIpCnt]', event.get('[radius][endpointIp]').length)"
-      }
+      mutate { id => "mutate_add_field_radius_endpointIpCnt"
+               add_field => { "[radius][endpointIpCnt]" => "1" } }
     }
 
     if ([zeek_radius][mac]) {
       mutate { id => "mutate_merge_zeek_radius_mac"
                merge => { "[radius][mac]" => "[zeek_radius][mac]" } }
-      ruby {
-        id => "ruby_zeek_radius_macCnt"
-        code => "event.set('[radius][macCnt]', event.get('[radius][mac]').length)"
-      }
+      mutate { id => "mutate_add_field_radius_macCnt"
+               add_field => { "[radius][macCnt]" => "1" } }
     }
 
   } else if ([source] == "rdp") {
@@ -3448,35 +3202,6 @@ filter {
     mutate { id => "mutate_split_zeek_rdp_client_channels"
              split => { "[zeek_rdp][client_channels]" => "," } }
 
-    if ([zeek_rdp][client_build]) {
-      # collect protocol version under the parent zeek.service_version array
-      mutate { id => "mutate_merge_field_zeek_service_version_rdp"
-               merge => { "[zeek][service_version]" => "[zeek_rdp][client_build]" } }
-      mutate { id => "mutate_gsub_field_zeek_service_version_rdp"
-               gsub => [ "[zeek][service_version]", "^RDP ", "" ] }
-    }
-
-  } else if ([source] == "rfb") {
-    #############################################################################################################################
-    # rfb.log specific logic
-
-    # collect protocol version under the parent zeek.service_version array
-    ruby {
-      id => "ruby_zeek_field_zeek_service_version_rfb"
-      code => '
-        versions = Array.new
-        clientMajorVersion = event.get("[zeek_rfb][client_major_version]").sub!(/^0*/, "")
-        clientMinorVersion = event.get("[zeek_rfb][client_minor_version]").sub!(/^0*/, "")
-        serverMajorVersion = event.get("[zeek_rfb][server_major_version]").sub!(/^0*/, "")
-        serverMinorVersion = event.get("[zeek_rfb][server_minor_version]").sub!(/^0*/, "")
-        if clientMajorVersion then
-          versions << [clientMajorVersion, clientMinorVersion].join(".")
-        end
-        if serverMajorVersion then
-          versions << [serverMajorVersion, serverMinorVersion].join(".")
-        end
-        event.set("[zeek][service_version]", versions.uniq)'
-    }
 
   } else if ([source] == "s7comm") {
     #############################################################################################################################
@@ -3504,13 +3229,6 @@ filter {
                split => { "[zeek_s7comm][data_info]" => "," } }
     }
 
-    mutate {
-      id => "mutate_convert_zeek_s7comm_item_count"
-      convert => {
-        "[zeek_s7comm][item_count]" => "integer"
-      }
-    }
-
   } else if ([source] == "signatures") {
     #############################################################################################################################
     # signatures.log specific logic
@@ -3518,12 +3236,12 @@ filter {
     if ("_carved" in [tags]) {
       # Malcolm does some "special" stuff in zeek_carve_logger.py for file carving, sort of hijacking signatures.log for it
 
+      # sub_message contains fuid(s) comma-separated
       if ([zeek_signatures][sub_message]) {
-        # sub_message contains fuid(s) comma-separated
         mutate { id => "mutate_split_zeek_signatures_sub_message"
                  split => { "[zeek_signatures][sub_message]" => "," } }
-        mutate { id => "mutate_merge_zeek_signatures_fuid"
-                 merge => { "[zeek][fuid]" => "[zeek_signatures][sub_message]" } }
+        mutate { id => "mutate_rename_zeek_signatures_sub_message"
+                 rename => { "[zeek_signatures][sub_message]" => "[zeek][fuid]" } }
       }
 
       if ([zeek_signatures][event_message]) {
@@ -3552,43 +3270,17 @@ filter {
 
     } # _carved
 
-    # signature_count is the number of hits
-    if ([zeek_signatures][signature_count]) {
-      mutate {
-        id => "mutate_convert_zeek_signatures_signature_count"
-        convert => {
-          "[zeek_signatures][signature_count]" => "integer"
-        }
-      }
-    }
-
-    # signature_count is the number of engines which scanned the file
-    if ([zeek_signatures][host_count]) {
-      mutate {
-        id => "mutate_convert_zeek_signatures_host_count"
-        convert => {
-          "[zeek_signatures][host_count]" => "integer"
-        }
-      }
-    }
-
   } else if ([source] == "sip") {
     #############################################################################################################################
     # sip.log specific logic
 
-    # collect all mime types under the parent [zeek][filetype] array
-    if ([zeek_sip][content_type]) { mutate { id => "mutate_merge_zeek_sip_content_type"
-                                             merge => { "[zeek][filetype]" => "[zeek_sip][content_type]" } } }
-
-
-    # collect protocol version under the parent zeek.service_version array
     ruby {
-      id => "ruby_zeek_field_zeek_service_version_sip"
+      id => "ruby_zeek_field_zeek_sip_version"
       code => '
       versions = Array.new
       paths = [event.get("[zeek_sip][request_path]"), event.get("[zeek_sip][response_path]")].compact.join(",")
       paths.scan(/\bSIP:?\/([\d\.]+)/i) { |match| versions << match[0] }
-      event.set("[zeek][service_version]", versions.uniq)'
+      event.set("[zeek_sip][version]", versions.uniq)'
     }
 
     mutate { id => "mutate_split_zeek_sip_request_path"
@@ -3606,14 +3298,6 @@ filter {
 
     if ([zeek_smb_cmd]) {
 
-      if ([zeek_smb_cmd][version]) {
-        # collect protocol version under the parent zeek.service_version array
-        mutate { id => "mutate_merge_field_zeek_service_version_smb_cmd"
-                 merge => { "[zeek][service_version]" => "[zeek_smb_cmd][version]" } }
-        mutate { id => "mutate_gsub_field_zeek_service_version_smb_cmd"
-                 gsub => [ "[zeek][service_version]", "^SMB", "" ] }
-      }
-
       if ([zeek_smb_cmd][referenced_file]) {
 
         # move "up" referenced_file to its own smb_files top-level entity
@@ -3632,6 +3316,16 @@ filter {
           "
         }
 
+        # collect referenced file FUID(s) at parent level (here rather than in 12_zeek_normalize.conf because
+        # this would have already been done as a root-level fuid array in the main "rename" above if we
+        # had not had to move it up a level just now)
+        if ([zeek_smb_files][fuid]) {
+          mutate { id => "mutate_merge_zeek_smb_files_fuid"
+                   merge => { "[zeek][fuid]" => "[zeek_smb_files][fuid]" } }
+          mutate { id => "mutate_remove_zeek_smb_files_fuid"
+                   remove_field => [ "[zeek_smb_files][fuid]" ] }
+        }
+
         # this timestamp conversion would have happened originally had this been its own line from smb_files
         if ([zeek_smb_files][ts]) {
           # convert @timestamp to UNIX to use native kibana features
@@ -3646,38 +3340,16 @@ filter {
 
       } # if ([zeek_smb_cmd][referenced_file])
 
-      # normalize smb action/command
-      mutate { id => "mutate_merge_zeek_smb_cmd_command"
-               merge => { "[zeek_smb][action]" => "[zeek_smb_cmd][command]" } }
-
-      mutate {
-        id => "mutate_zeek_smb_cmd_convert"
-        convert => {
-          "[zeek_smb_cmd][rtt]" => "float"
-        }
-      }
-
     } # if ([zeek_smb_cmd])
 
     # this should now apply to either lines from smb_files.log or smb_cmd.referenced_file
     if ([zeek_smb_files]) {
 
-      # collect all FUIDs under the parent [zeek][fuid] array
-      if ([zeek_smb_files][fuid]) {
-        mutate { id => "mutate_split_zeek_smb_files_fuid"
-                 split => { "[zeek_smb_files][fuid]" => "," } }
-        mutate { id => "mutate_merge_zeek_smb_files_fuid"
-                 merge => { "[zeek][fuid]" => "[zeek_smb_files][fuid]" } }
-      }
-      # collect all filenames under the parent [zeek][filename] array
       if ([zeek_smb_files][name]) { mutate { id => "mutate_merge_zeek_smb_files_name_to_filename"
-                                            merge => { "[zeek][filename]" => "[zeek_smb_files][name]" } } }
+                                            merge => { "[smb][filename]" => "[zeek_smb_files][name]" } } }
       if ([zeek_smb_files][prev_name]) { mutate { id => "mutate_merge_zeek_smb_files_prev_name_to_filename"
-                                                 merge => { "[zeek][filename]" => "[zeek_smb_files][prev_name]" } } }
-
-      if ([zeek][filename]) {
-        mutate { id => "mutate_merge_zeek_smb_files_filename"
-                 merge => { "[smb][filename]" => "[zeek][filename]" } }
+                                                 merge => { "[smb][filename]" => "[zeek_smb_files][prev_name]" } } }
+      if ([smb][filename]) {
         ruby {
           id => "ruby_zeek_smb_files_filenameCnt"
           code => "event.set('[smb][filenameCnt]', event.get('[smb][filename]').length)"
@@ -3692,10 +3364,8 @@ filter {
         if ([@metadata][smb_host]) {
           mutate { id => "mutate_merge_zeek_smb_files_host"
                    merge => { "[smb][host]" => "[@metadata][smb_host]" } }
-          ruby {
-            id => "ruby_zeek_smb_files_hostCnt"
-            code => "event.set('[smb][hostCnt]', event.get('[smb][host]').length)"
-          }
+          mutate { id => "mutate_add_field_smb_hostCnt"
+                   add_field => { "[smb][hostCnt]" => "1" } }
         }
         if ([@metadata][smb_share]) {
           mutate { id => "mutate_merge_zeek_smb_files_share"
@@ -3745,29 +3415,8 @@ filter {
                                            replace => { "[zeek_smb_files][times_changed]" => "%{[@metadata][smb_time_cha]}" } } }
       }
 
-      mutate { id => "mutate_gsub_zeek_smb_files_action"
-               gsub => [ "[zeek_smb_files][action]", "SMB::|FILE_", "" ] }
-      # normalize smb action/command
-      mutate { id => "mutate_merge_zeek_smb_files_action"
-               merge => { "[zeek_smb][action]" => "[zeek_smb_files][action]" } }
-
-      mutate {
-        id => "mutate_zeek_smb_files_convert"
-        convert => {
-          "[zeek_smb_files][data_offset_req]" => "integer"
-          "[zeek_smb_files][data_len_req]" => "integer"
-          "[zeek_smb_files][data_len_rsp]" => "integer"
-        }
-      }
     } # if ([zeek_smb_files])
 
-    if ([zeek_smb][action]) {
-      ruby {
-        id => "ruby_zeek_smb_action"
-        code => "event.set('[zeek_smb][action]', event.get('[zeek_smb][action]').uniq)"
-      }
-    }
-
   } else if ([source] == "smb_mapping") {
     #############################################################################################################################
     # smb_mapping.log specific logic
@@ -3776,10 +3425,6 @@ filter {
       # todo: figure out how to replace \\ -> \
       mutate { id => "mutate_merge_zeek_smb_mapping_share"
                merge => { "[smb][share]" => "[zeek_smb_mapping][path]" } }
-      ruby {
-        id => "ruby_zeek_smb_mapping_shareCnt_orig"
-        code => "event.set('[smb][shareCnt]', event.get('[smb][share]').length)"
-      }
     }
 
     if ([zeek_smb_mapping][path]) {
@@ -3790,18 +3435,19 @@ filter {
       if ([@metadata][smb_host]) {
         mutate { id => "mutate_merge_zeek_smb_mapping_host"
                  merge => { "[smb][host]" => "[@metadata][smb_host]" } }
-        ruby {
-          id => "ruby_zeek_smb_mapping_hostCnt"
-          code => "event.set('[smb][hostCnt]', event.get('[smb][host]').length)"
-        }
+        mutate { id => "mutate_add_field_smb_mapping_hostCnt"
+                 add_field => { "[smb][hostCnt]" => "1" } }
       }
       if ([@metadata][smb_share]) {
         mutate { id => "mutate_merge_zeek_smb_mapping_share_from_path"
                  merge => { "[smb][share]" => "[@metadata][smb_share]" } }
-        ruby {
-          id => "ruby_zeek_smb_mapping_shareCnt"
-          code => "event.set('[smb][shareCnt]', event.get('[smb][share]').length)"
-        }
+      }
+    }
+
+    if ([smb][share]) {
+      ruby {
+        id => "ruby_zeek_smb_mapping_shareCnt"
+        code => "event.set('[smb][shareCnt]', event.get('[smb][share]').length)"
       }
     }
 
@@ -3818,21 +3464,11 @@ filter {
     mutate { id => "mutate_split_zeek_smtp_path"
              split => { "[zeek_smtp][path]" => "," } }
 
-    # collect all FUIDs under the parent [zeek][fuid] array
-    if ([zeek_smtp][fuids]) {
-      mutate { id => "mutate_split_zeek_smtp_fuids"
-               split => { "[zeek_smtp][fuids]" => "," } }
-      mutate { id => "mutate_merge_zeek_smtp_fuids"
-               merge => { "[zeek][fuid]" => "[zeek_smtp][fuids]" } }
-    }
-
     if ([zeek_smtp][user_agent]) {
       mutate { id => "mutate_merge_zeek_smtp_user_agent"
                merge => { "[email][useragent]" => "[zeek_smtp][user_agent]" } }
-      ruby {
-        id => "ruby_zeek_smtp_useragentCnt"
-        code => "event.set('[email][useragentCnt]', event.get('[email][useragent]').length)"
-      }
+      mutate { id => "mutate_add_field_email_useragentCnt"
+               add_field => { "[email][useragentCnt]" => "1" } }
     }
 
     if ([zeek_smtp][from]) { mutate { id => "mutate_merge_zeek_smtp_from"
@@ -3876,10 +3512,8 @@ filter {
     if ([zeek_smtp][subject]) {
       mutate { id => "mutate_merge_zeek_smtp_subject"
                merge => { "[email][subject]" => "[zeek_smtp][subject]" } }
-      ruby {
-        id => "ruby_zeek_smtp_subjectCnt"
-        code => "event.set('[email][subjectCnt]', event.get('[email][subject]').length)"
-      }
+      mutate { id => "mutate_add_field_email_subjectCnt"
+               add_field => { "[email][subjectCnt]" => "1" } }
     }
 
     if ([zeek_smtp][msg_id]) {
@@ -3915,46 +3549,21 @@ filter {
                                       replace => { "[zeek_snmp][up_since]" => "%{[@metadata][snmp_time]}" } } }
     }
 
-    if ([zeek_snmp][version]) {
-      # collect protocol version under the parent zeek.service_version array
-      mutate { id => "mutate_merge_field_zeek_service_version_snmp"
-               merge => { "[zeek][service_version]" => "[zeek_snmp][version]" } }
-    }
-
-  } else if ([source] == "socks") {
-    #############################################################################################################################
-    # socks.log specific logic
-
-    if ([zeek_socks][version]) {
-      # collect protocol version under the parent zeek.service_version array
-      mutate { id => "mutate_merge_field_zeek_service_version_socks"
-               merge => { "[zeek][service_version]" => "[zeek_socks][version]" } }
-    }
-
   } else if ([source] == "ssh") {
     #############################################################################################################################
     # ssh.log specific logic
 
-    if ([zeek_ssh][version]) {
-      # collect protocol version under the parent zeek.service_version array
-      mutate { id => "mutate_merge_field_zeek_service_version_ssh"
-               merge => { "[zeek][service_version]" => "[zeek_ssh][version]" } }
-    }
-
     if ([zeek_ssh][server]) { mutate { id => "mutate_merge_zeek_ssh_server_version"
                                        merge => { "[ssh][version]" => "[zeek_ssh][server]" } } }
+
     if ([zeek_ssh][client]) { mutate { id => "mutate_merge_zeek_client_version"
                                        merge => { "[ssh][version]" => "[zeek_ssh][client]" } } }
-    if (![ssh][version]) and ([zeek_ssh][version]) {
-      mutate { id => "mutate_merge_zeek_ssh_version"
-               merge => { "[ssh][version]" => "[zeek_ssh][version]" } }
-    }
-    if ([ssh][version]) {
-      ruby {
-        id => "ruby_zeek_ssh_versionCnt"
-        code => "event.set('[ssh][versionCnt]', event.get('[ssh][version]').length)"
-      }
-    }
+
+    if (![ssh][version]) and ([zeek_ssh][version]) { mutate { id => "mutate_merge_zeek_ssh_version"
+                                                              merge => { "[ssh][version]" => "[zeek_ssh][version]" } } }
+
+    if ([ssh][version]) { mutate { id => "mutate_add_field_ssh_versionCnt"
+                                   add_field => { "[ssh][versionCnt]" => "1" } } }
 
     if ([zeek_ssh][host_key] and [zeek_ssh][host_key_alg]) {
       # this is stupid, the %{} doesn't seem to be liked by mutate.merge
@@ -3962,38 +3571,24 @@ filter {
                add_field => { "[@metadata][ssh_key_str]" => "%{[zeek_ssh][host_key_alg]} %{[zeek_ssh][host_key]}" } }
       mutate { id => "mutate_merge_zeek_ssh_key"
                merge => { "[ssh][key]" => "[@metadata][ssh_key_str]" } }
-      ruby {
-        id => "ruby_zeek_ssh_keyCnt"
-        code => "event.set('[ssh][keyCnt]', event.get('[ssh][key]').length)"
-      }
+      mutate { id => "mutate_add_field_ssh_keyCnt"
+               add_field => { "[ssh][keyCnt]" => "1" } }
     }
 
     # HASSH stuff (see https://github.com/salesforce/hassh/tree/master/bro)
 
     if ([zeek_ssh][hassh]) {
-      mutate {
-        id => "mutate_merge_zeek_ssh_hassh"
-        merge => {
-          "[ssh][hassh]" => "[zeek_ssh][hassh]"
-        }
-      }
-      mutate {
-        id => "mutate_add_field_zeek_ssh_hasshCnt"
-        add_field =>  { "[ssh][hasshCnt]" => "1" }
-      }
+      mutate { id => "mutate_merge_zeek_ssh_hassh"
+               merge => { "[ssh][hassh]" => "[zeek_ssh][hassh]" } }
+      mutate { id => "mutate_add_field_zeek_ssh_hasshCnt"
+               add_field =>  { "[ssh][hasshCnt]" => "1" } }
     }
 
     if ([zeek_ssh][hasshServer]) {
-      mutate {
-        id => "mutate_merge_zeek_ssh_hasshServer"
-        merge => {
-          "[ssh][hasshServer]" => "[zeek_ssh][hasshServer]"
-        }
-      }
-      mutate {
-        id => "mutate_add_field_zeek_ssh_hasshServerCnt"
-        add_field =>  { "[ssh][hasshServerCnt]" => "1" }
-      }
+      mutate { id => "mutate_merge_zeek_ssh_hasshServer"
+               merge => { "[ssh][hasshServer]" => "[zeek_ssh][hasshServer]" } }
+      mutate { id => "mutate_add_field_zeek_ssh_hasshServerCnt"
+               add_field =>  { "[ssh][hasshServerCnt]" => "1" } }
     }
 
     if ([zeek_ssh][hasshAlgorithms]) { mutate { id => "mutate_split_zeek_ssh_hasshAlgorithms"
@@ -4106,22 +3701,15 @@ filter {
     if ([zeek_ssl][ssl_version]) {
       mutate { id => "mutate_merge_zeek_ssl_version"
                merge => { "[tls][version]" => "[zeek_ssl][ssl_version]" } }
-      ruby {
-        id => "ruby_zeek_ssl_versionCnt"
-        code => "event.set('[tls][versionCnt]', event.get('[tls][version]').length)"
-      }
-      # collect protocol version under the parent zeek.service_version array
-      mutate { id => "mutate_merge_field_zeek_service_version_ssl"
-               merge => { "[zeek][service_version]" => "[zeek_ssl][ssl_version]" } }
+      mutate { id => "mutate_add_field_ssl_versionCnt"
+               add_field => { "[tls][versionCnt]" => "1" } }
     }
 
     if ([zeek_ssl][cipher]) {
       mutate { id => "mutate_merge_zeek_ssl_cipher"
                merge => { "[tls][cipher]" => "[zeek_ssl][cipher]" } }
-      ruby {
-        id => "ruby_zeek_ssl_cipherCnt"
-        code => "event.set('[tls][cipherCnt]', event.get('[tls][cipher]').length)"
-      }
+      mutate { id => "mutate_add_field_ssl_cipherCnt"
+               add_field => { "[tls][cipherCnt]" => "1" } }
     }
 
     if ([zeek_ssl][ja3]) {
@@ -4138,23 +3726,11 @@ filter {
                add_field => { "[tls][ja3sCnt]" => "1" } }
     }
 
-    # collect all FUIDs under the parent [zeek][fuid] array
-    if ([zeek_ssl][cert_chain_fuids]) {
-      mutate { id => "mutate_split_zeek_ssl_cert_chain_fuids"
-               split => { "[zeek_ssl][cert_chain_fuids]" => "," } }
-      mutate { id => "mutate_merge_zeek_ssl_cert_chain_fuids"
-               merge => { "[@metadata][cert_fuids]" => "[cert_chain_fuids]" } }
-    }
-    if ([zeek_ssl][client_cert_chain_fuids]) {
-      mutate { id => "mutate_split_zeek_ssl_client_cert_chain_fuids"
-               split => { "[zeek_ssl][client_cert_chain_fuids]" => "," } }
-      mutate { id => "mutate_merge_zeek_ssl_client_cert_chain_fuids"
-               merge => { "[@metadata][cert_fuids]" => "[zeek_ssl][client_cert_chain_fuids]" } }
-    }
-    if ([@metadata][cert_fuids]) {
-      mutate { id => "mutate_merge_zeek_ssl_fuids_to_fuid"
-               merge => { "[zeek][fuid]" => "[@metadata][cert_fuids]" } }
-    }
+    if ([zeek_ssl][cert_chain_fuids]) { mutate { id => "mutate_split_zeek_ssl_cert_chain_fuids"
+                                                 split => { "[zeek_ssl][cert_chain_fuids]" => "," } } }
+
+    if ([zeek_ssl][client_cert_chain_fuids]) { mutate { id => "mutate_split_zeek_ssl_client_cert_chain_fuids"
+                                                        split => { "[zeek_ssl][client_cert_chain_fuids]" => "," } } }
 
   } else if ([source] == "tds_rpc") {
     #############################################################################################################################
@@ -4296,13 +3872,6 @@ filter {
       }
     }
 
-    # collect all FUIDs under the parent [zeek][fuid] array
-    if ([zeek_x509][fuid]) {
-      mutate { id => "mutate_split_zeek_x509_fuid"
-               split => { "[zeek_x509][fuid]" => "," } }
-      mutate { id => "mutate_merge_zeek_x509_fuid"
-               merge => { "[zeek][fuid]" => "[zeek_x509][fuid]" } }
-    }
 
   } # end if/else if/else for specific log type logic
   #######################################################################################################
@@ -4334,14 +3903,4 @@ filter {
     }
   }
 
-  # set data types for fields that belong to various zeek logs
-  mutate {
-    id => "mutate_convert_zeek_misc"
-    convert => {
-      "[zeek][fuidCnt]" => "integer"
-      "[zeek][filenameCnt]" => "integer"
-      "[zeek][filetypeCnt]" => "integer"
-    }
-  }
-
 } # end Filter
diff --git a/logstash/pipelines/zeek/12_zeek_normalize.conf b/logstash/pipelines/zeek/12_zeek_normalize.conf
new file mode 100644
index 000000000..f7dc52e54
--- /dev/null
+++ b/logstash/pipelines/zeek/12_zeek_normalize.conf
@@ -0,0 +1,277 @@
+filter {
+
+  # Protocol/service version ##########################################################################################
+  # collect protocol version under the parent zeek.service_version array
+
+  if ([zeek_gquic][version])                    { mutate { id => "mutate_merge_normalize_zeek_gquic_version"
+                                                           merge => { "[zeek][service_version]" => "[zeek_gquic][version]" } } }
+
+  if ([zeek_http][version])                     { mutate { id => "mutate_merge_normalize_zeek_http_version"
+                                                           merge => { "[zeek][service_version]" => "[zeek_http][version]" } } }
+
+  if ([zeek_ntp][version])                      { mutate { id => "mutate_merge_normalize_zeek_ntp_version"
+                                                           merge => { "[zeek][service_version]" => "[zeek_ntp][version]" } } }
+
+  if ([zeek_profinet][block_version])           { mutate { id => "mutate_merge_normalize_zeek_profinet_block_version"
+                                                           merge => { "[zeek][service_version]" => "[zeek_profinet][block_version]" } } }
+
+  if ([zeek_profinet_dce_rpc][version])         { mutate { id => "mutate_merge_normalize_zeek_profinet_dce_rpc_version"
+                                                           merge => { "[zeek][service_version]" => "[zeek_profinet_dce_rpc][version]" } } }
+
+  if ([zeek_rfb]) {
+    ruby {
+      id => "ruby_zeek_field_zeek_service_version_rfb"
+      code => '
+        versions = Array.new
+        clientMajorVersion = event.get("[zeek_rfb][client_major_version]").sub!(/^0*/, "")
+        clientMinorVersion = event.get("[zeek_rfb][client_minor_version]").sub!(/^0*/, "")
+        serverMajorVersion = event.get("[zeek_rfb][server_major_version]").sub!(/^0*/, "")
+        serverMinorVersion = event.get("[zeek_rfb][server_minor_version]").sub!(/^0*/, "")
+        if clientMajorVersion then
+          versions << [clientMajorVersion, clientMinorVersion].join(".")
+        end
+        if serverMajorVersion then
+          versions << [serverMajorVersion, serverMinorVersion].join(".")
+        end
+        event.set("[zeek][service_version]", versions.uniq)'
+    }
+  }
+
+  if ([zeek_rdp][client_build])                 { mutate { id => "mutate_merge_normalize_zeek_rdp_client_build"
+                                                           merge => { "[zeek][service_version]" => "[zeek_rdp][client_build]" } } }
+
+  if ([zeek_sip][version])                      { mutate { id => "mutate_merge_normalize_zeek_sip_version"
+                                                           merge => { "[zeek][service_version]" => "[zeek_sip][version]" } } }
+
+  if ([zeek_smb_cmd][version])                  { mutate { id => "mutate_merge_normalize_zeek_smb_cmd_version"
+                                                           merge => { "[zeek][service_version]" => "[zeek_smb_cmd][version]" } } }
+
+  if ([zeek_snmp][version])                     { mutate { id => "mutate_merge_normalize_zeek_snmp_version"
+                                                           merge => { "[zeek][service_version]" => "[zeek_snmp][version]" } } }
+
+  if ([zeek_socks][version])                    { mutate { id => "mutate_merge_normalize_zeek_socks_version"
+                                                           merge => { "[zeek][service_version]" => "[zeek_socks][version]" } } }
+
+  if ([zeek_ssh][version])                      { mutate { id => "mutate_merge_normalize_zeek_ssh_version"
+                                                           merge => { "[zeek][service_version]" => "[zeek_ssh][version]" } } }
+
+  if ([zeek_ssl][ssl_version])                  { mutate { id => "mutate_merge_normalize_zeek_ssl_ssl_version"
+                                                           merge => { "[zeek][service_version]" => "[zeek_ssl][ssl_version]" } } }
+
+  if ([zeek][service_version]) {
+    ruby {
+      id => "ruby_zeek_service_version_uniq"
+      code => "event.set('[zeek][service_version]', event.get('[zeek][service_version]').uniq)"
+    }
+  }
+
+  # Action ############################################################################################################
+  # collect all actions/operations/commands under the parent [zeek][action] array
+
+  if ([zeek_bacnet][service_choice])            { mutate { id => "mutate_merge_normalize_zeek_bacnet_service_choice"
+                                                           merge => { "[zeek][action]" => "[zeek_bacnet][service_choice]" } } }
+
+  if ([zeek_cip][cip_service])                  { mutate { id => "mutate_merge_normalize_zeek_cip_cip_service"
+                                                           merge => { "[zeek][action]" => "[zeek_cip][cip_service]" } } }
+
+  if ([zeek_dce_rpc][operation])                { mutate { id => "mutate_merge_normalize_zeek_dce_rpc_operation"
+                                                           merge => { "[zeek][action]" => "[zeek_dce_rpc][operation]" } } }
+
+  if ([zeek_dnp3][fc_request])                  { mutate { id => "mutate_merge_normalize_zeek_dnp3_fc_request"
+                                                           merge => { "[zeek][action]" => "[zeek_dnp3][fc_request]" } } }
+
+  if ([zeek_enip][command])                     { mutate { id => "mutate_merge_normalize_zeek_enip_command"
+                                                           merge => { "[zeek][action]" => "[zeek_enip][command]" } } }
+
+  if ([zeek_ftp][command])                      { mutate { id => "mutate_merge_normalize_zeek_ftp_command"
+                                                           merge => { "[zeek][action]" => "[zeek_ftp][command]" } } }
+
+  if ([zeek_http][method])                      { mutate { id => "mutate_merge_normalize_zeek_http_method"
+                                                           merge => { "[zeek][action]" => "[zeek_http][method]" } } }
+
+  if ([zeek_irc][command])                      { mutate { id => "mutate_merge_normalize_zeek_irc_command"
+                                                           merge => { "[zeek][action]" => "[zeek_irc][command]" } } }
+
+  if ([zeek_iso_cotp][pdu_type])                { mutate { id => "mutate_merge_normalize_zeek_iso_cotp_pdu_type"
+                                                           merge => { "[zeek][action]" => "[zeek_iso_cotp][pdu_type]" } } }
+
+  if ([zeek_kerberos][request_type])            { mutate { id => "mutate_merge_normalize_zeek_kerberos_request_type"
+                                                           merge => { "[zeek][action]" => "[zeek_kerberos][request_type]" } } }
+
+  if ([zeek_ldap][operation])                   { mutate { id => "mutate_merge_normalize_zeek_ldap_operation"
+                                                           merge => { "[zeek][action]" => "[zeek_ldap][operation]" } } }
+
+  if ([zeek_modbus][func])                      { mutate { id => "mutate_merge_normalize_zeek_modbus_func"
+                                                           merge => { "[zeek][action]" => "[zeek_modbus][func]" } } }
+
+  if ([zeek_mqtt_publish][payload_dict][messageType]) {
+    # not sure if this is a standard or just the PCAPs I found :/
+    mutate { id => "mutate_merge_normalize_zeek_mqtt_publish_payload_dict_messageType"
+    merge => { "[zeek][action]" => "[zeek_mqtt_publish][payload_dict][messageType]" } }
+  }
+
+  if ([zeek_mqtt_subscribe][action])            { mutate { id => "mutate_merge_normalize_zeek_mqtt_subscribe_action"
+                                                           merge => { "[zeek][action]" => "[zeek_mqtt_subscribe][action]" } } }
+
+  if ([zeek_mysql][cmd])                        { mutate { id => "mutate_merge_normalize_zeek_mysql_cmd"
+                                                           merge => { "[zeek][action]" => "[zeek_mysql][cmd]" } } }
+
+  if ([zeek_ntp][mode_str])                     { mutate { id => "mutate_merge_normalize_zeek_ntp_mode_str"
+                                                           merge => { "[zeek][action]" => "[zeek_ntp][mode_str]" } } }
+
+  if ([zeek_profinet][operation_type])          { mutate { id => "mutate_merge_normalize_zeek_profinet_operation_type"
+                                                           merge => { "[zeek][action]" => "[zeek_profinet][operation_type]" } } }
+
+  if ([zeek_profinet_dce_rpc][operation])       { mutate { id => "mutate_merge_normalize_zeek_profinet_dce_rpc_operation"
+                                                           merge => { "[zeek][action]" => "[zeek_profinet_dce_rpc][operation]" } } }
+
+  if ([zeek_s7comm]) {
+    ruby {
+      # action = rosctr:mode:type:sub
+      id => "ruby_zeek_s7comm_generate_action"
+      code => "
+        actions = Array.new unless (actions = event.get('[zeek][action]'))
+        actions.append([event.get('[zeek_s7comm][rosctr]'),
+                        event.get('[zeek_s7comm][parameters][mode]'),
+                        event.get('[zeek_s7comm][parameters][type]'),
+                        event.get('[zeek_s7comm][parameters][sub]')].compact.join(':'))
+        event.set('[zeek][action]', actions)"
+    }
+  }
+
+  if ([zeek_sip][method])                       { mutate { id => "mutate_merge_normalize_zeek_sip_method"
+                                                           merge => { "[zeek][action]" => "[zeek_sip][method]" } } }
+
+  if ([zeek_smb_cmd][command]) or ([zeek_smb_cmd][sub_command]) {
+    # concatenate command and sub_command
+    mutate { id => "mutate_add_field_zeek_smb_cmd_combined"
+             add_field => { "[@metadata][zeek_smb_cmd_combined]" => "%{[zeek_smb_cmd][command]}:%{[zeek_smb_cmd][sub_command]}" } }
+    mutate { id => "mutate_merge_normalize_zeek_smb_cmd_command"
+             merge => { "[zeek][action]" => "[@metadata][zeek_smb_cmd_combined]" } }
+  }
+
+  if ([zeek_smb_files][action])                 { mutate { id => "mutate_merge_normalize_zeek_smb_files_action"
+                                                           merge => { "[zeek][action]" => "[zeek_smb_files][action]" } } }
+
+  if ([zeek_tds][command])                      { mutate { id => "mutate_merge_normalize_zeek_tds_command"
+                                                           merge => { "[zeek][action]" => "[zeek_tds][command]" } } }
+
+  if ([zeek_tds_rpc][procedure_name]) {
+
+    mutate { id => "mutate_add_field_zeek_tds_rpc_procedure_name_tmp"
+             add_field => { "[@metadata][zeek_tds_rpc_procedure_name_tmp]" => "%{[zeek_tds_rpc][procedure_name]}" } }
+
+    # remove everything after the first $
+    mutate { id => "mutate_gsub_field_zeek_tds_rpc_procedure_name_tmp"
+             gsub => [ "[@metadata][zeek_tds_rpc_procedure_name_tmp]", "\$.*", "" ] }
+
+    mutate { id => "mutate_merge_normalize_zeek_tds_rpc_procedure_name"
+             merge => { "[zeek][action]" => "[@metadata][zeek_tds_rpc_procedure_name_tmp]" } }
+  }
+
+
+  if ([zeek_tunnel][action])                    { mutate { id => "mutate_merge_normalize_zeek_tunnel_action"
+                                                           merge => { "[zeek][action]" => "[zeek_tunnel][action]" } } }
+
+  if ([zeek][action]) {
+    ruby {
+      id => "ruby_zeek_action_uniq"
+      code => "event.set('[zeek][action]', event.get('[zeek][action]').uniq)"
+    }
+  }
+
+  # FUIDs #############################################################################################################
+  # collect all other FUIDs under parent [zeek][fuid] array (some were already done at the root level in
+  # the "rename" in 11_zeek_logs.conf)
+
+  if ([zeek_files][parent_fuid])                { mutate { id => "mutate_merge_normalize_zeek_files_parent_fuid"
+                                                           merge => { "[zeek][fuid]" => "[zeek_files][parent_fuid]" } } }
+
+  if ([zeek_http][orig_fuids])                  { mutate { id => "mutate_merge_normalize_zeek_http_orig_fuids"
+                                                           merge => { "[zeek][fuid]" => "[zeek_http][orig_fuids]" } } }
+
+  if ([zeek_http][resp_fuids])                  { mutate { id => "mutate_merge_normalize_zeek_http_resp_fuids"
+                                                           merge => { "[zeek][fuid]" => "[zeek_http][resp_fuids]" } } }
+
+  if ([zeek_kerberos][client_cert_fuid])        { mutate { id => "mutate_merge_normalize_zeek_kerberos_client_cert_fuid"
+                                                           merge => { "[zeek][fuid]" => "[zeek_kerberos][client_cert_fuid]" } } }
+
+  if ([zeek_kerberos][server_cert_fuid])        { mutate { id => "mutate_merge_normalize_zeek_kerberos_server_cert_fuid"
+                                                           merge => { "[zeek][fuid]" => "[zeek_kerberos][server_cert_fuid]" } } }
+
+  if ([zeek_ssl][cert_chain_fuids])             { mutate { id => "mutate_merge_normalize_zeek_ssl_cert_chain_fuids"
+                                                           merge => { "[zeek][fuid]" => "[zeek_ssl][cert_chain_fuids]" } } }
+
+  if ([zeek_ssl][client_cert_chain_fuids])      { mutate { id => "mutate_merge_normalize_zeek_ssl_client_cert_chain_fuids"
+                                                           merge => { "[zeek][fuid]" => "[zeek_ssl][client_cert_chain_fuids]" } } }
+
+  if ([zeek][fuid]) {
+    ruby {
+      id => "ruby_zeek_fuid_uniq"
+      code => "event.set('[zeek][fuid]', event.get('[zeek][fuid]').uniq)"
+    }
+  }
+
+  # File/MIME types ###################################################################################################
+  # collect all file/MIME types under the parent [zeek][filetype] array
+
+  if ([zeek_files][mime_type])                  { mutate { id => "mutate_merge_normalize_zeek_files_mime_type"
+                                                           merge => { "[zeek][filetype]" => "[zeek_files][mime_type]" } } }
+
+  if ([zeek_ftp][mime_type])                    { mutate { id => "mutate_merge_normalize_zeek_ftp_mime_type"
+                                                           merge => { "[zeek][filetype]" => "[zeek_ftp][mime_type]" } } }
+
+  if ([zeek_http][orig_mime_types])             { mutate { id => "mutate_merge_normalize_zeek_http_orig_mime_types"
+                                                           merge => { "[zeek][filetype]" => "[zeek_http][orig_mime_types]" } } }
+
+  if ([zeek_http][resp_mime_types])             { mutate { id => "mutate_merge_normalize_zeek_http_resp_mime_types"
+                                                           merge => { "[zeek][filetype]" => "[zeek_http][resp_mime_types]" } } }
+
+  if ([zeek_irc][dcc_mime_type])                { mutate { id => "mutate_merge_normalize_zeek_irc_dcc_mime_type"
+                                                           merge => { "[zeek][filetype]" => "[zeek_irc][dcc_mime_type]" } } }
+
+  if ([zeek_intel][file_mime_type])             { mutate { id => "mutate_merge_normalize_zeek_intel_file_mime_type"
+                                                           merge => { "[zeek][filetype]" => "[zeek_intel][file_mime_type]" } } }
+
+  if ([zeek_notice][file_mime_type])            { mutate { id => "mutate_merge_normalize_zeek_notice_file_mime_type"
+                                                           merge => { "[zeek][filetype]" => "[zeek_notice][file_mime_type]" } } }
+
+  if ([zeek_sip][content_type])                 { mutate { id => "mutate_merge_normalize_zeek_sip_content_type"
+                                                           merge => { "[zeek][filetype]" => "[zeek_sip][content_type]" } } }
+
+  if ([zeek][filetype]) {
+    ruby {
+      id => "ruby_zeek_filetype_uniq"
+      code => "event.set('[zeek][filetype]', event.get('[zeek][filetype]').uniq)"
+    }
+  }
+
+  # Filenames #########################################################################################################
+  # collect all filenames under the parent [zeek][filename] array
+
+  if ([zeek_files][filename])                   { mutate { id => "mutate_merge_normalize_zeek_files_filename"
+                                                           merge => { "[zeek][filename]" => "[zeek_files][filename]" } } }
+
+  if ([zeek_http][orig_filenames])              { mutate { id => "mutate_merge_normalize_zeek_http_orig_filenames"
+                                                           merge => { "[zeek][filename]" => "[zeek_http][orig_filenames]" } } }
+
+  if ([zeek_http][resp_filenames])              { mutate { id => "mutate_merge_normalize_zeek_http_resp_filenames"
+                                                           merge => { "[zeek][filename]" => "[zeek_http][resp_filenames]" } } }
+
+  if ([zeek_irc][dcc_file_name])                { mutate { id => "mutate_merge_normalize_zeek_irc_dcc_file_name"
+                                                           merge => { "[zeek][filename]" => "[zeek_irc][dcc_file_name]" } } }
+
+  if ([zeek_smb_files][name])                   { mutate { id => "mutate_merge_normalize_zeek_smb_files_name"
+                                                           merge => { "[zeek][filename]" => "[zeek_smb_files][name]" } } }
+
+  if ([zeek_smb_files][prev_name])              { mutate { id => "mutate_merge_normalize_zeek_smb_files_prev_name"
+                                                           merge => { "[zeek][filename]" => "[zeek_smb_files][prev_name]" } } }
+
+  if ([zeek][filename]) {
+    ruby {
+      id => "ruby_zeek_filename_uniq"
+      code => "event.set('[zeek][filename]', event.get('[zeek][filename]').uniq)"
+    }
+  }
+
+}
\ No newline at end of file
diff --git a/logstash/pipelines/zeek/13_zeek_convert.conf b/logstash/pipelines/zeek/13_zeek_convert.conf
new file mode 100644
index 000000000..7b14756d8
--- /dev/null
+++ b/logstash/pipelines/zeek/13_zeek_convert.conf
@@ -0,0 +1,35 @@
+filter {
+
+  # set data types for fields that belong to various zeek logs
+  mutate {
+    id => "mutate_convert_zeek_bulk"
+    convert => {
+      "[zeek_dce_rpc][rtt]" => "float"
+      "[zeek_dns][rtt]" => "float"
+      "[zeek_ldap][message_id]" => "integer"
+      "[zeek_ldap][result_code]" => "integer"
+      "[zeek_modbus_register][delta]" => "float"
+      "[zeek_modbus_register][new_val]" => "integer"
+      "[zeek_modbus_register][old_val]" => "integer"
+      "[zeek_modbus_register][register]" => "integer"
+      "[zeek_mqtt_publish][payload_len]" => "integer"
+      "[zeek_mqtt_subscribe][granted_qos_level]" => "integer"
+      "[zeek_mqtt_subscribe][qos_levels]" => "integer"
+      "[zeek_ntp][mode]" => "integer"
+      "[zeek_ntp][num_exts]" => "float"
+      "[zeek_ntp][poll]" => "float"
+      "[zeek_ntp][precision]" => "float"
+      "[zeek_ntp][root_delay]" => "float"
+      "[zeek_ntp][root_disp]" => "float"
+      "[zeek_ntp][version]" => "integer"
+      "[zeek_s7comm][item_count]" => "integer"
+      "[zeek_signatures][host_count]" => "integer"
+      "[zeek_signatures][signature_count]" => "integer"
+      "[zeek_smb_cmd][rtt]" => "float"
+      "[zeek_smb_files][data_len_req]" => "integer"
+      "[zeek_smb_files][data_len_rsp]" => "integer"
+      "[zeek_smb_files][data_offset_req]" => "integer"
+    }
+  }
+
+}
\ No newline at end of file
diff --git a/moloch/wise/source.zeeklogs.js b/moloch/wise/source.zeeklogs.js
index da828a8ac..a1f6867b2 100755
--- a/moloch/wise/source.zeeklogs.js
+++ b/moloch/wise/source.zeeklogs.js
@@ -47,6 +47,7 @@ function ZeekLogs (api, section) {
   this.protoField = this.api.addField("field:zeek.proto;db:zeek.proto;kind:lotermfield;friendly:Protocol;help:Protocol");
   this.serviceField = this.api.addField("field:zeek.service;db:zeek.service;kind:termfield;friendly:Service;help:Service");
   this.service_versionField = this.api.addField("field:zeek.service_version;db:zeek.service_version;kind:termfield;friendly:Service Version;help:Service Version");
+  this.actionField = this.api.addField("field:zeek.action;db:zeek.action;kind:termfield;friendly:Action;help:Action");
   this.userField = this.api.addField("field:zeek.user;db:zeek.user;kind:termfield;friendly:User;help:User");
   this.passwordField = this.api.addField("field:zeek.password;db:zeek.password;kind:termfield;friendly:Password;help:Password");
   this.freq_score_v1 = this.api.addField("field:zeek.freq_score_v1;db:zeek_dns.freq_score_v1;kind:termfield;friendly:Freq Score v1;help:Freq Score v1");
@@ -166,7 +167,6 @@ function ZeekLogs (api, section) {
 
   // files.log
   // https://docs.zeek.org/en/stable/scripts/base/frameworks/files/main.zeek.html#type-Files::Info
-  this.files_fuidField = this.api.addField("field:zeek_files.fuid;db:zeek_files.fuid;kind:termfield;friendly:File ID;help:File ID");
   this.files_tx_hostsField = this.api.addField("field:zeek_files.tx_hosts;db:zeek_files.tx_hosts;kind:termfield;friendly:Transmitter;help:Transmitter");
   this.files_rx_hostsField = this.api.addField("field:zeek_files.rx_hosts;db:zeek_files.rx_hosts;kind:termfield;friendly:Receiver;help:Receiver");
   this.files_conn_uidsField = this.api.addField("field:zeek_files.conn_uids;db:zeek_files.conn_uids;kind:termfield;friendly:Connection ID;help:Connection ID");
@@ -203,7 +203,6 @@ function ZeekLogs (api, section) {
   this.ftp_data_channel_orig_hField = this.api.addField("field:zeek_ftp.data_channel_orig_h;db:zeek_ftp.data_channel_orig_h;kind:termfield;friendly:Data Originating Host;help:Data Originating Host");
   this.ftp_data_channel_resp_hField = this.api.addField("field:zeek_ftp.data_channel_resp_h;db:zeek_ftp.data_channel_resp_h;kind:termfield;friendly:Data Responding Host;help:Data Responding Host");
   this.ftp_data_channel_resp_pField = this.api.addField("field:zeek_ftp.data_channel_resp_p;db:zeek_ftp.data_channel_resp_p;kind:integer;friendly:Data Responding Port;help:Data Responding Port");
-  this.ftp_fuidField = this.api.addField("field:zeek_ftp.fuid;db:zeek_ftp.fuid;kind:termfield;friendly:File ID;help:File ID");
 
   // gquic.log
   // https://github.com/salesforce/GQUIC_Protocol_Analyzer/blob/master/scripts/Salesforce/GQUIC/main.bro
@@ -247,7 +246,6 @@ function ZeekLogs (api, section) {
   this.intel_seen_nodeField = this.api.addField("field:zeek_intel.seen_node;db:zeek_intel.seen_node;kind:termfield;friendly:Discovered Node;help:Discovered Node");
   this.intel_matchedField = this.api.addField("field:zeek_intel.matched;db:zeek_intel.matched;kind:termfield;friendly:Match Indicator;help:Match Indicator");
   this.intel_sourcesField = this.api.addField("field:zeek_intel.sources;db:zeek_intel.sources;kind:termfield;friendly:Match Source;help:Match Source");
-  this.intel_fuidField = this.api.addField("field:zeek_intel.fuid;db:zeek_intel.fuid;kind:termfield;friendly:File ID;help:File ID");
   this.intel_mimetypeField = this.api.addField("field:zeek_intel.mimetype;db:zeek_intel.mimetype;kind:termfield;friendly:File Magic;help:File Magic");
   this.intel_file_descriptionField = this.api.addField("field:zeek_intel.file_description;db:zeek_intel.file_description;kind:termfield;friendly:File Description;help:File Description");
 
@@ -260,7 +258,6 @@ function ZeekLogs (api, section) {
   this.irc_dcc_file_nameField = this.api.addField("field:zeek_irc.dcc_file_name;db:zeek_irc.dcc_file_name;kind:termfield;friendly:DCC Filename;help:DCC Filename");
   this.irc_dcc_file_sizeField = this.api.addField("field:zeek_irc.dcc_file_size;db:zeek_irc.dcc_file_size;kind:integer;friendly:DCC File Size;help:DCC File Size");
   this.irc_dcc_mime_typeField = this.api.addField("field:zeek_irc.dcc_mime_type;db:zeek_irc.dcc_mime_type;kind:termfield;friendly:DCC File Magic;help:DCC File Magic");
-  this.irc_fuidField = this.api.addField("field:zeek_irc.fuid;db:zeek_irc.fuid;kind:termfield;friendly:File ID;help:File ID");
 
   // iso_cotp.log
   // https://github.com/amzn/zeek-plugin-s7comm/blob/master/scripts/main.zeek
@@ -351,7 +348,6 @@ function ZeekLogs (api, section) {
 
   // notice.log
   // https://docs.zeek.org/en/stable/scripts/base/frameworks/notice/main.zeek.html#type-Notice::Info
-  this.notice_fuidField = this.api.addField("field:zeek_notice.fuid;db:zeek_notice.fuid;kind:termfield;friendly:File ID;help:File ID");
   this.notice_file_mime_typeField = this.api.addField("field:zeek_notice.file_mime_type;db:zeek_notice.file_mime_type;kind:termfield;friendly:File Magic;help:File Magic");
   this.notice_file_descField = this.api.addField("field:zeek_notice.file_desc;db:zeek_notice.file_desc;kind:termfield;friendly:File Description;help:File Description");
   this.notice_noteField = this.api.addField("field:zeek_notice.note;db:zeek_notice.note;kind:termfield;friendly:Notice Type;help:Notice Type");
@@ -400,7 +396,6 @@ function ZeekLogs (api, section) {
 
   // pe.log
   // https://docs.zeek.org/en/stable/scripts/base/files/pe/main.zeek.html#type-PE::Info
-  this.pe_fuidField = this.api.addField("field:zeek_pe.fuid;db:zeek_pe.fuid;kind:termfield;friendly:File ID;help:File ID");
   this.pe_machineField = this.api.addField("field:zeek_pe.machine;db:zeek_pe.machine;kind:termfield;friendly:Target Machine;help:Target Machine");
   this.pe_compile_tsField = this.api.addField("field:zeek_pe.compile_ts;db:zeek_pe.compile_ts;kind:termfield;friendly:Compile Timestamp;help:Compile Timestamp");
   this.pe_osField = this.api.addField("field:zeek_pe.os;db:zeek_pe.os;kind:termfield;friendly:Target OS;help:Target Operating System");
@@ -523,10 +518,10 @@ function ZeekLogs (api, section) {
   this.sip_request_body_lenField = this.api.addField("field:zeek_sip.request_body_len;db:zeek_sip.request_body_len;kind:integer;friendly:Request Body Length;help:Request Body Length");
   this.sip_response_body_lenField = this.api.addField("field:zeek_sip.response_body_len;db:zeek_sip.response_body_len;kind:integer;friendly:Response Body Length;help:Response Body Length");
   this.sip_content_typeField = this.api.addField("field:zeek_sip.content_type;db:zeek_sip.content_type;kind:termfield;friendly:Content Type Header;help:Content Type Header");
+  this.sip_versionField = this.api.addField("field:zeek_sip.version;db:zeek_sip.version;kind:termfield;friendly:Version;help:Version");
 
   // smb_files.log
   // https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html#type-SMB::FileInfo
-  this.smb_files_fuidField = this.api.addField("field:zeek_smb_files.fuid;db:zeek_smb_files.fuid;kind:termfield;friendly:File ID;help:File ID");
   this.smb_files_actionField = this.api.addField("field:zeek_smb_files.action;db:zeek_smb_files.action;kind:termfield;friendly:Action;help:Action");
   this.smb_files_pathField = this.api.addField("field:zeek_smb_files.path;db:zeek_smb_files.path;kind:termfield;friendly:File Path;help:File Path");
   this.smb_files_nameField = this.api.addField("field:zeek_smb_files.name;db:zeek_smb_files.name;kind:termfield;friendly:File Name;help:File Name");
@@ -568,7 +563,6 @@ function ZeekLogs (api, section) {
   this.smtp_pathField = this.api.addField("field:zeek_smtp.path;db:zeek_smtp.path;kind:termfield;friendly:Tranmission Path;help:Tranmission Path");
   this.smtp_user_agentField = this.api.addField("field:zeek_smtp.user_agent;db:zeek_smtp.user_agent;kind:termfield;friendly:User Agent;help:User Agent");
   this.smtp_tlsField = this.api.addField("field:zeek_smtp.tls;db:zeek_smtp.tls;kind:termfield;friendly:TLS;help:TLS");
-  this.smtp_fuidsField = this.api.addField("field:zeek_smtp.fuids;db:zeek_smtp.fuids;kind:termfield;friendly:File ID;help:File ID");
   this.smtp_is_webmailField = this.api.addField("field:zeek_smtp.is_webmail;db:zeek_smtp.is_webmail;kind:termfield;friendly:Is Webmail;help:Is Webmail");
 
   // snmp.log
@@ -742,7 +736,6 @@ function ZeekLogs (api, section) {
 
   // x509.log
   // https://docs.zeek.org/en/stable/scripts/base/files/x509/main.zeek.html#type-X509::Info
-  this.x509_fuidField = this.api.addField("field:zeek_x509.fuid;db:zeek_x509.fuid;kind:termfield;friendly:File ID;help:fuid");
   this.x509_certificate_versionField = this.api.addField("field:zeek_x509.certificate_version;db:zeek_x509.certificate_version;kind:integer;friendly:Version;help:Version");
   this.x509_certificate_serialField = this.api.addField("field:zeek_x509.certificate_serial;db:zeek_x509.certificate_serial;kind:termfield;friendly:Serial Number;help:Serial Number");
   this.x509_certificate_subject_fullField = this.api.addField("field:zeek_x509.certificate_subject_full;db:zeek_x509.certificate_subject_full;kind:termfield;friendly:Subject;help:Subject");
@@ -795,7 +788,7 @@ function ZeekLogs (api, section) {
   // add right-clicks for pivoting into Kibana from Moloch (see nginx.conf)
   var filterLabel = "Filter %DBFIELD% in Kibana";
   var filterUrl = "idmol2kib/filter?start=%ISOSTART%&stop=%ISOSTOP%&field=%DBFIELD%&value=%TEXT%";
-  var allFieldsStr = "communityId,host.name,ip.protocol,mac.dst,mac.src,node,oui.dst,oui.src,protocols,rootId,tags,zeek.community_id,zeek.destination_geo.city_name,zeek.destination_geo.country_name,zeek.destination_ip_reverse_dns,zeek.filename,zeek.filetype,zeek.fuid,zeek.logType,zeek.orig_h,zeek.orig_hostname,zeek.orig_l2_addr,zeek.orig_l2_oui,zeek.orig_p,zeek.orig_segment,zeek.proto,zeek.resp_h,zeek.resp_hostname,zeek.resp_l2_addr,zeek.resp_l2_oui,zeek.resp_p,zeek.resp_segment,zeek.service,zeek.service_version,zeek.source_geo.city_name,zeek.source_geo.country_name,zeek.source_ip_reverse_dns,zeek.ts,zeek.uid,zeek.user,zeek.password,zeek.freq_score_v1,zeek.freq_score_v2,zeek_bacnet.apdu_type,zeek_bacnet.bvlc_function,zeek_bacnet.bvlc_len,zeek_bacnet.data,zeek_bacnet.data_dict.date,zeek_bacnet.data_dict.low_limit,zeek_bacnet.data_dict.high_limit,zeek_bacnet.data_dict.object,zeek_bacnet.data_dict.property,zeek_bacnet.data_dict.result,zeek_bacnet.data_dict.time,zeek_bacnet.data_dict.ttl,zeek_bacnet.service_choice,zeek_cip.cip_service,zeek_cip.cip_tags,zeek_cip.status,zeek_conn.conn_state,zeek_conn.conn_state_description,zeek_conn.duration,zeek_conn.history,zeek_conn.inner_vlan,zeek_conn.local_orig,zeek_conn.local_resp,zeek_conn.missed_bytes,zeek_conn.orig_bytes,zeek_conn.orig_ip_bytes,zeek_conn.orig_pkts,zeek_conn.resp_bytes,zeek_conn.resp_ip_bytes,zeek_conn.resp_pkts,zeek_conn.tunnel_parents,zeek_conn.vlan,zeek_dce_rpc.endpoint,zeek_dce_rpc.named_pipe,zeek_dce_rpc.operation,zeek_dce_rpc.rtt,zeek_dhcp.assigned_ip,zeek_dhcp.lease_time,zeek_dhcp.mac,zeek_dhcp.trans_id,zeek_dnp3.fc_reply,zeek_dnp3.fc_request,zeek_dnp3.iin,zeek_dns.AA,zeek_dns.answers,zeek_dns.qclass,zeek_dns.qclass_name,zeek_dns.qtype,zeek_dns.qtype_name,zeek_dns.query,zeek_dns.RA,zeek_dns.rcode,zeek_dns.rcode_name,zeek_dns.RD,zeek_dns.rejected,zeek_dns.rtt,zeek_dns.TC,zeek_dns.trans_id,zeek_dns.TTLs,zeek_dns.Z,zeek_dpd.failure_reason,zeek_dpd.service,zeek_enip.command,zeek_enip.length,zeek_enip.options,zeek_enip.sender_context,zeek_enip.session_handle,zeek_enip.status,zeek_enip_list_identity.device_ip,zeek_enip_list_identity.device_type,zeek_enip_list_identity.product_code,zeek_enip_list_identity.product_name,zeek_enip_list_identity.revision,zeek_enip_list_identity.serial_number,zeek_enip_list_identity.state,zeek_enip_list_identity.status,zeek_enip_list_identity.vendor,zeek_files.analyzers,zeek_files.conn_uids,zeek_files.depth,zeek_files.duration,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size,zeek_files.filename,zeek_files.fuid,zeek_files.is_orig,zeek_files.local_orig,zeek_files.md5,zeek_files.mime_type,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.parent_fuid,zeek_files.rx_hosts,zeek_files.seen_bytes,zeek_files.sha1,zeek_files.sha256,zeek_files.source,zeek_files.timedout,zeek_files.total_bytes,zeek_files.tx_hosts,zeek_ftp.arg,zeek_ftp.command,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p,zeek_ftp.file_size,zeek_ftp.fuid,zeek_ftp.mime_type,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_gquic.cyu,zeek_gquic.cyutags,zeek_gquic.server_name,zeek_gquic.tag_count,zeek_gquic.user_agent,zeek_gquic.version,zeek_http.host,zeek_http.info_code,zeek_http.info_msg,zeek_http.method,zeek_http.orig_filenames,zeek_http.orig_fuids,zeek_http.orig_mime_types,zeek_http.origin,zeek_http.proxied,zeek_http.referrer,zeek_http.request_body_len,zeek_http.resp_filenames,zeek_http.resp_fuids,zeek_http.resp_mime_types,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.tags,zeek_http.trans_depth,zeek_http.uri,zeek_http.user_agent,zeek_http.version,zeek_intel.file_description,zeek_intel.fuid,zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.matched,zeek_intel.mimetype,zeek_intel.seen_node,zeek_intel.seen_where,zeek_intel.sources,zeek_irc.addl,zeek_irc.command,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type,zeek_irc.fuid,zeek_irc.nick,zeek_irc.value,zeek_iso_cotp.pdu_type,zeek_kerberos.cipher,zeek_kerberos.client_cert_fuid,zeek_kerberos.client_cert_subject,zeek_kerberos.cname,zeek_kerberos.error_msg,zeek_kerberos.forwardable,zeek_kerberos.from,zeek_kerberos.renewable,zeek_kerberos.server_cert_fuid,zeek_kerberos.server_cert_subject,zeek_kerberos.sname,zeek_kerberos.success,zeek_kerberos.till,zeek_known_certs.issuer_subject,zeek_known_certs.serial,zeek_known_certs.subject,zeek_known_modbus.device_type,zeek_ldap.message_id,zeek_ldap.operation,zeek_ldap.value,zeek_ldap.entry,zeek_ldap.result,zeek_ldap.result_code,zeek_ldap.error,zeek_modbus.exception,zeek_modbus.func,modbus_register_change.register,modbus_register_change.old_val,modbus_register_change.new_val,modbus_register_change.delta,zeek_mqtt_connect.client_id,zeek_mqtt_connect.connect_status,zeek_mqtt_connect.proto_name,zeek_mqtt_connect.proto_version,zeek_mqtt_connect.will_payload,zeek_mqtt_connect.will_topic,zeek_mqtt_publish.from_client,zeek_mqtt_publish.retain,zeek_mqtt_publish.qos,zeek_mqtt_publish.status,zeek_mqtt_publish.topic,zeek_mqtt_publish.payload,zeek_mqtt_publish.payload_len,zeek_mqtt_subscribe.action,zeek_mqtt_subscribe.topics,zeek_mqtt_subscribe.qos_levels,zeek_mqtt_subscribe.granted_qos_level,zeek_mqtt_subscribe.ack,zeek_mysql.arg,zeek_mysql.cmd,zeek_mysql.response,zeek_mysql.rows,zeek_mysql.success,zeek_notice.actions,zeek_notice.dropped,zeek_notice.dst,zeek_notice.file_desc,zeek_notice.file_mime_type,zeek_notice.fuid,zeek_notice.msg,zeek_notice.n,zeek_notice.note,zeek_notice.p,zeek_notice.peer_descr,zeek_notice.remote_location_city,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_country_code,zeek_notice.remote_location_latitude,zeek_notice.remote_location_longitude,zeek_notice.remote_location_region,zeek_notice.src,zeek_notice.sub,zeek_notice.suppress_for,zeek_ntlm.domain,zeek_ntlm.host,zeek_ntlm.status,zeek_ntlm.success,zeek_ntlm.server_nb_computer,zeek_ntlm.server_dns_computer,zeek_ntlm.server_tree,zeek_ntp.mode,zeek_ntp.mode_str,zeek_ntp.num_exts,zeek_ntp.org_time,zeek_ntp.poll,zeek_ntp.precision,zeek_ntp.rec_time,zeek_ntp.ref_id,zeek_ntp.ref_time,zeek_ntp.root_delay,zeek_ntp.root_disp,zeek_ntp.stratum,zeek_ntp.version,zeek_ntp.xmt_time,zeek_pe.compile_ts,zeek_pe.fuid,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.has_export_table,zeek_pe.has_import_table,zeek_pe.is_64bit,zeek_pe.is_exe,zeek_pe.machine,zeek_pe.os,zeek_pe.section_names,zeek_pe.subsystem,zeek_pe.uses_aslr,zeek_pe.uses_code_integrity,zeek_pe.uses_dep,zeek_pe.uses_seh,zeek_profinet.block_version,zeek_profinet.index,zeek_profinet.operation_type,zeek_profinet.slot_number,zeek_profinet.subslot_number,zeek_profinet_dce_rpc.activity_uuid,zeek_profinet_dce_rpc.interface_uuid,zeek_profinet_dce_rpc.object_uuid,zeek_profinet_dce_rpc.operation,zeek_profinet_dce_rpc.packet_type,zeek_profinet_dce_rpc.server_boot_time,zeek_profinet_dce_rpc.version,zeek_radius.connect_info,zeek_radius.framed_addr,zeek_radius.mac,zeek_radius.tunnel_client,zeek_radius.reply_msg,zeek_radius.result,zeek_radius.ttl,zeek_rdp.cert_count,zeek_rdp.cert_permanent,zeek_rdp.cert_type,zeek_rdp.client_build,zeek_rdp.client_channels,zeek_rdp.client_dig_product_id,zeek_rdp.client_name,zeek_rdp.cookie,zeek_rdp.desktop_height,zeek_rdp.desktop_width,zeek_rdp.encryption_level,zeek_rdp.encryption_method,zeek_rdp.keyboard_layout,zeek_rdp.requested_color_depth,zeek_rdp.result,zeek_rdp.security_protocol,zeek_rfb.auth,zeek_rfb.authentication_method,zeek_rfb.client_major_version,zeek_rfb.client_minor_version,zeek_rfb.desktop_name,zeek_rfb.height,zeek_rfb.server_major_version,zeek_rfb.server_minor_version,zeek_rfb.share_flag,zeek_rfb.width,zeek_s7comm.data_info,zeek_s7comm.item_count,zeek_s7comm.parameter,zeek_s7comm.parameters.class,zeek_s7comm.parameters.code,zeek_s7comm.parameters.group,zeek_s7comm.parameters.mode,zeek_s7comm.parameters.sub,zeek_s7comm.parameters.type,zeek_s7comm.rosctr,zeek_signatures.engine,zeek_signatures.event_message,zeek_signatures.hits,zeek_signatures.host_count,zeek_signatures.note,zeek_signatures.signature_count,zeek_signatures.signature_id,zeek_signatures.sub_message,zeek_sip.call_id,zeek_sip.content_type,zeek_sip.date,zeek_sip.method,zeek_sip.reply_to,zeek_sip.request_body_len,zeek_sip.request_from,zeek_sip.request_path,zeek_sip.request_to,zeek_sip.response_body_len,zeek_sip.response_from,zeek_sip.response_path,zeek_sip.response_to,zeek_sip.seq,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.subject,zeek_sip.trans_depth,zeek_sip.uri,zeek_sip.user_agent,zeek_sip.warning,zeek_smb_files.action,zeek_smb_files.fuid,zeek_smb_files.name,zeek_smb_files.path,zeek_smb_files.prev_name,zeek_smb_files.size,zeek_smb_files.times_accessed,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp,zeek_smb_files.times_created,zeek_smb_files.times_modified,zeek_smb_mapping.native_file_system,zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.share_type,zeek_smtp.cc,zeek_smtp.date,zeek_smtp.first_received,zeek_smtp.from,zeek_smtp.fuids,zeek_smtp.helo,zeek_smtp.in_reply_to,zeek_smtp.is_webmail,zeek_smtp.last_reply,zeek_smtp.mailfrom,zeek_smtp.msg_id,zeek_smtp.path,zeek_smtp.rcptto,zeek_smtp.reply_to,zeek_smtp.second_received,zeek_smtp.subject,zeek_smtp.tls,zeek_smtp.to,zeek_smtp.trans_depth,zeek_smtp.user_agent,zeek_smtp.x_originating_ip,zeek_snmp.community,zeek_snmp.display_string,zeek_snmp.duration,zeek_snmp.get_bulk_requests,zeek_snmp.get_requests,zeek_snmp.get_responses,zeek_snmp.set_requests,zeek_snmp.up_since,zeek_snmp.version,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.server_status,zeek_socks.version,zeek_software.name,zeek_software.software_type,zeek_software.unparsed_version,zeek_software.version_addl,zeek_software.version_major,zeek_software.version_minor,zeek_software.version_minor2,zeek_software.version_minor3,zeek_ssh.auth_attempts,zeek_ssh.auth_success,zeek_ssh.cipher_alg,zeek_ssh.client,zeek_ssh.compression_alg,zeek_ssh.cshka,zeek_ssh.direction,zeek_ssh.hassh,zeek_ssh.hasshAlgorithms,zeek_ssh.hasshServer,zeek_ssh.hasshServerAlgorithms,zeek_ssh.hasshVersion,zeek_ssh.host_key,zeek_ssh.host_key_alg,zeek_ssh.kex_alg,zeek_ssh.mac_alg,zeek_ssh.remote_location_city,zeek_ssh.remote_location_country_code,zeek_ssh.remote_location_latitude,zeek_ssh.remote_location_longitude,zeek_ssh.remote_location_region,zeek_ssh.server,zeek_ssh.sshka,zeek_ssh.version,zeek_ssl.cert_chain_fuids,zeek_ssl.cipher,zeek_ssl.client_cert_chain_fuids,zeek_ssl.client_issuer.C,zeek_ssl.client_issuer.CN,zeek_ssl.client_issuer.DC,zeek_ssl.client_issuer.emailAddress,zeek_ssl.client_issuer.GN,zeek_ssl.client_issuer.initials,zeek_ssl.client_issuer.L,zeek_ssl.client_issuer.O,zeek_ssl.client_issuer.OU,zeek_ssl.client_issuer.pseudonym,zeek_ssl.client_issuer.serialNumber,zeek_ssl.client_issuer.SN,zeek_ssl.client_issuer.ST,zeek_ssl.client_issuer.title,zeek_ssl.client_issuer_full,zeek_ssl.client_subject.C,zeek_ssl.client_subject.CN,zeek_ssl.client_subject.emailAddress,zeek_ssl.client_subject.GN,zeek_ssl.client_subject.initials,zeek_ssl.client_subject.L,zeek_ssl.client_subject.O,zeek_ssl.client_subject.OU,zeek_ssl.client_subject.pseudonym,zeek_ssl.client_subject.serialNumber,zeek_ssl.client_subject.SN,zeek_ssl.client_subject.ST,zeek_ssl.client_subject.title,zeek_ssl.client_subject_full,zeek_ssl.curve,zeek_ssl.established,zeek_ssl.issuer.C,zeek_ssl.issuer.CN,zeek_ssl.issuer.DC,zeek_ssl.issuer.emailAddress,zeek_ssl.issuer.GN,zeek_ssl.issuer.initials,zeek_ssl.issuer.L,zeek_ssl.issuer.O,zeek_ssl.issuer.OU,zeek_ssl.issuer.pseudonym,zeek_ssl.issuer.serialNumber,zeek_ssl.issuer.SN,zeek_ssl.issuer.ST,zeek_ssl.issuer.title,zeek_ssl.issuer_full,zeek_ssl.ja3,zeek_ssl.ja3_desc,zeek_ssl.ja3s,zeek_ssl.ja3s_desc,zeek_ssl.last_alert,zeek_ssl.next_protocol,zeek_ssl.resumed,zeek_ssl.server_name,zeek_ssl.ssl_version,zeek_ssl.subject.C,zeek_ssl.subject.CN,zeek_ssl.subject.emailAddress,zeek_ssl.subject.GN,zeek_ssl.subject.initials,zeek_ssl.subject.L,zeek_ssl.subject.O,zeek_ssl.subject.OU,zeek_ssl.subject.pseudonym,zeek_ssl.subject.serialNumber,zeek_ssl.subject.SN,zeek_ssl.subject.ST,zeek_ssl.subject.title,zeek_ssl.subject_full,zeek_ssl.validation_status,zeek_syslog.facility,zeek_syslog.message,zeek_syslog.severity,zeek_tds.command,zeek_tds_rpc.parameters,zeek_tds_rpc.procedure_name,zeek_tds_sql_batch.header_type,zeek_tds_sql_batch.query,zeek_tunnel.action,zeek_tunnel.tunnel_type,zeek_weird.addl,zeek_weird.name,zeek_weird.notice,zeek_weird.peer,zeek_x509.basic_constraints_ca,zeek_x509.basic_constraints_path_len,zeek_x509.certificate_curve,zeek_x509.certificate_exponent,zeek_x509.certificate_issuer.C,zeek_x509.certificate_issuer.CN,zeek_x509.certificate_issuer.emailAddress,zeek_x509.certificate_issuer.GN,zeek_x509.certificate_issuer.initials,zeek_x509.certificate_issuer.L,zeek_x509.certificate_issuer.O,zeek_x509.certificate_issuer.OU,zeek_x509.certificate_issuer.pseudonym,zeek_x509.certificate_issuer.serialNumber,zeek_x509.certificate_issuer.SN,zeek_x509.certificate_issuer.ST,zeek_x509.certificate_issuer.title,zeek_x509.certificate_issuer_full,zeek_x509.certificate_key_alg,zeek_x509.certificate_key_length,zeek_x509.certificate_key_type,zeek_x509.certificate_not_valid_after,zeek_x509.certificate_not_valid_before,zeek_x509.certificate_serial,zeek_x509.certificate_sig_alg,zeek_x509.certificate_subject.C,zeek_x509.certificate_subject.CN,zeek_x509.certificate_subject.DC,zeek_x509.certificate_subject.emailAddress,zeek_x509.certificate_subject.GN,zeek_x509.certificate_subject.initials,zeek_x509.certificate_subject.L,zeek_x509.certificate_subject.O,zeek_x509.certificate_subject.OU,zeek_x509.certificate_subject.pseudonym,zeek_x509.certificate_subject.serialNumber,zeek_x509.certificate_subject.SN,zeek_x509.certificate_subject.ST,zeek_x509.certificate_subject.title,zeek_x509.certificate_subject_full,zeek_x509.certificate_version,zeek_x509.fuid,zeek_x509.san_dns,zeek_x509.san_email,zeek_x509.san_ip,zeek_x509.san_uri";
+  var allFieldsStr = "communityId,host.name,ip.protocol,mac.dst,mac.src,node,oui.dst,oui.src,protocols,rootId,tags,zeek.action,zeek.community_id,zeek.destination_geo.city_name,zeek.destination_geo.country_name,zeek.destination_ip_reverse_dns,zeek.filename,zeek.filetype,zeek.fuid,zeek.logType,zeek.orig_h,zeek.orig_hostname,zeek.orig_l2_addr,zeek.orig_l2_oui,zeek.orig_p,zeek.orig_segment,zeek.proto,zeek.resp_h,zeek.resp_hostname,zeek.resp_l2_addr,zeek.resp_l2_oui,zeek.resp_p,zeek.resp_segment,zeek.service,zeek.service_version,zeek.source_geo.city_name,zeek.source_geo.country_name,zeek.source_ip_reverse_dns,zeek.ts,zeek.uid,zeek.user,zeek.password,zeek.freq_score_v1,zeek.freq_score_v2,zeek_bacnet.apdu_type,zeek_bacnet.bvlc_function,zeek_bacnet.bvlc_len,zeek_bacnet.data,zeek_bacnet.data_dict.date,zeek_bacnet.data_dict.low_limit,zeek_bacnet.data_dict.high_limit,zeek_bacnet.data_dict.object,zeek_bacnet.data_dict.property,zeek_bacnet.data_dict.result,zeek_bacnet.data_dict.time,zeek_bacnet.data_dict.ttl,zeek_bacnet.service_choice,zeek_cip.cip_service,zeek_cip.cip_tags,zeek_cip.status,zeek_conn.conn_state,zeek_conn.conn_state_description,zeek_conn.duration,zeek_conn.history,zeek_conn.inner_vlan,zeek_conn.local_orig,zeek_conn.local_resp,zeek_conn.missed_bytes,zeek_conn.orig_bytes,zeek_conn.orig_ip_bytes,zeek_conn.orig_pkts,zeek_conn.resp_bytes,zeek_conn.resp_ip_bytes,zeek_conn.resp_pkts,zeek_conn.tunnel_parents,zeek_conn.vlan,zeek_dce_rpc.endpoint,zeek_dce_rpc.named_pipe,zeek_dce_rpc.operation,zeek_dce_rpc.rtt,zeek_dhcp.assigned_ip,zeek_dhcp.lease_time,zeek_dhcp.mac,zeek_dhcp.trans_id,zeek_dnp3.fc_reply,zeek_dnp3.fc_request,zeek_dnp3.iin,zeek_dns.AA,zeek_dns.answers,zeek_dns.qclass,zeek_dns.qclass_name,zeek_dns.qtype,zeek_dns.qtype_name,zeek_dns.query,zeek_dns.RA,zeek_dns.rcode,zeek_dns.rcode_name,zeek_dns.RD,zeek_dns.rejected,zeek_dns.rtt,zeek_dns.TC,zeek_dns.trans_id,zeek_dns.TTLs,zeek_dns.Z,zeek_dpd.failure_reason,zeek_dpd.service,zeek_enip.command,zeek_enip.length,zeek_enip.options,zeek_enip.sender_context,zeek_enip.session_handle,zeek_enip.status,zeek_enip_list_identity.device_ip,zeek_enip_list_identity.device_type,zeek_enip_list_identity.product_code,zeek_enip_list_identity.product_name,zeek_enip_list_identity.revision,zeek_enip_list_identity.serial_number,zeek_enip_list_identity.state,zeek_enip_list_identity.status,zeek_enip_list_identity.vendor,zeek_files.analyzers,zeek_files.conn_uids,zeek_files.depth,zeek_files.duration,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size,zeek_files.filename,zeek_files.is_orig,zeek_files.local_orig,zeek_files.md5,zeek_files.mime_type,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.parent_fuid,zeek_files.rx_hosts,zeek_files.seen_bytes,zeek_files.sha1,zeek_files.sha256,zeek_files.source,zeek_files.timedout,zeek_files.total_bytes,zeek_files.tx_hosts,zeek_ftp.arg,zeek_ftp.command,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p,zeek_ftp.file_size,zeek_ftp.mime_type,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_gquic.cyu,zeek_gquic.cyutags,zeek_gquic.server_name,zeek_gquic.tag_count,zeek_gquic.user_agent,zeek_gquic.version,zeek_http.host,zeek_http.info_code,zeek_http.info_msg,zeek_http.method,zeek_http.orig_filenames,zeek_http.orig_fuids,zeek_http.orig_mime_types,zeek_http.origin,zeek_http.proxied,zeek_http.referrer,zeek_http.request_body_len,zeek_http.resp_filenames,zeek_http.resp_fuids,zeek_http.resp_mime_types,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.tags,zeek_http.trans_depth,zeek_http.uri,zeek_http.user_agent,zeek_http.version,zeek_intel.file_description,zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.matched,zeek_intel.mimetype,zeek_intel.seen_node,zeek_intel.seen_where,zeek_intel.sources,zeek_irc.addl,zeek_irc.command,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type,zeek_irc.nick,zeek_irc.value,zeek_iso_cotp.pdu_type,zeek_kerberos.cipher,zeek_kerberos.client_cert_fuid,zeek_kerberos.client_cert_subject,zeek_kerberos.cname,zeek_kerberos.error_msg,zeek_kerberos.forwardable,zeek_kerberos.from,zeek_kerberos.renewable,zeek_kerberos.server_cert_fuid,zeek_kerberos.server_cert_subject,zeek_kerberos.sname,zeek_kerberos.success,zeek_kerberos.till,zeek_known_certs.issuer_subject,zeek_known_certs.serial,zeek_known_certs.subject,zeek_known_modbus.device_type,zeek_ldap.message_id,zeek_ldap.operation,zeek_ldap.value,zeek_ldap.entry,zeek_ldap.result,zeek_ldap.result_code,zeek_ldap.error,zeek_modbus.exception,zeek_modbus.func,modbus_register_change.register,modbus_register_change.old_val,modbus_register_change.new_val,modbus_register_change.delta,zeek_mqtt_connect.client_id,zeek_mqtt_connect.connect_status,zeek_mqtt_connect.proto_name,zeek_mqtt_connect.proto_version,zeek_mqtt_connect.will_payload,zeek_mqtt_connect.will_topic,zeek_mqtt_publish.from_client,zeek_mqtt_publish.retain,zeek_mqtt_publish.qos,zeek_mqtt_publish.status,zeek_mqtt_publish.topic,zeek_mqtt_publish.payload,zeek_mqtt_publish.payload_len,zeek_mqtt_subscribe.action,zeek_mqtt_subscribe.topics,zeek_mqtt_subscribe.qos_levels,zeek_mqtt_subscribe.granted_qos_level,zeek_mqtt_subscribe.ack,zeek_mysql.arg,zeek_mysql.cmd,zeek_mysql.response,zeek_mysql.rows,zeek_mysql.success,zeek_notice.actions,zeek_notice.dropped,zeek_notice.dst,zeek_notice.file_desc,zeek_notice.file_mime_type,zeek_notice.msg,zeek_notice.n,zeek_notice.note,zeek_notice.p,zeek_notice.peer_descr,zeek_notice.remote_location_city,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_country_code,zeek_notice.remote_location_latitude,zeek_notice.remote_location_longitude,zeek_notice.remote_location_region,zeek_notice.src,zeek_notice.sub,zeek_notice.suppress_for,zeek_ntlm.domain,zeek_ntlm.host,zeek_ntlm.status,zeek_ntlm.success,zeek_ntlm.server_nb_computer,zeek_ntlm.server_dns_computer,zeek_ntlm.server_tree,zeek_ntp.mode,zeek_ntp.mode_str,zeek_ntp.num_exts,zeek_ntp.org_time,zeek_ntp.poll,zeek_ntp.precision,zeek_ntp.rec_time,zeek_ntp.ref_id,zeek_ntp.ref_time,zeek_ntp.root_delay,zeek_ntp.root_disp,zeek_ntp.stratum,zeek_ntp.version,zeek_ntp.xmt_time,zeek_pe.compile_ts,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.has_export_table,zeek_pe.has_import_table,zeek_pe.is_64bit,zeek_pe.is_exe,zeek_pe.machine,zeek_pe.os,zeek_pe.section_names,zeek_pe.subsystem,zeek_pe.uses_aslr,zeek_pe.uses_code_integrity,zeek_pe.uses_dep,zeek_pe.uses_seh,zeek_profinet.block_version,zeek_profinet.index,zeek_profinet.operation_type,zeek_profinet.slot_number,zeek_profinet.subslot_number,zeek_profinet_dce_rpc.activity_uuid,zeek_profinet_dce_rpc.interface_uuid,zeek_profinet_dce_rpc.object_uuid,zeek_profinet_dce_rpc.operation,zeek_profinet_dce_rpc.packet_type,zeek_profinet_dce_rpc.server_boot_time,zeek_profinet_dce_rpc.version,zeek_radius.connect_info,zeek_radius.framed_addr,zeek_radius.mac,zeek_radius.tunnel_client,zeek_radius.reply_msg,zeek_radius.result,zeek_radius.ttl,zeek_rdp.cert_count,zeek_rdp.cert_permanent,zeek_rdp.cert_type,zeek_rdp.client_build,zeek_rdp.client_channels,zeek_rdp.client_dig_product_id,zeek_rdp.client_name,zeek_rdp.cookie,zeek_rdp.desktop_height,zeek_rdp.desktop_width,zeek_rdp.encryption_level,zeek_rdp.encryption_method,zeek_rdp.keyboard_layout,zeek_rdp.requested_color_depth,zeek_rdp.result,zeek_rdp.security_protocol,zeek_rfb.auth,zeek_rfb.authentication_method,zeek_rfb.client_major_version,zeek_rfb.client_minor_version,zeek_rfb.desktop_name,zeek_rfb.height,zeek_rfb.server_major_version,zeek_rfb.server_minor_version,zeek_rfb.share_flag,zeek_rfb.width,zeek_s7comm.data_info,zeek_s7comm.item_count,zeek_s7comm.parameter,zeek_s7comm.parameters.class,zeek_s7comm.parameters.code,zeek_s7comm.parameters.group,zeek_s7comm.parameters.mode,zeek_s7comm.parameters.sub,zeek_s7comm.parameters.type,zeek_s7comm.rosctr,zeek_signatures.engine,zeek_signatures.event_message,zeek_signatures.hits,zeek_signatures.host_count,zeek_signatures.note,zeek_signatures.signature_count,zeek_signatures.signature_id,zeek_signatures.sub_message,zeek_sip.call_id,zeek_sip.content_type,zeek_sip.date,zeek_sip.method,zeek_sip.reply_to,zeek_sip.request_body_len,zeek_sip.request_from,zeek_sip.request_path,zeek_sip.request_to,zeek_sip.response_body_len,zeek_sip.response_from,zeek_sip.response_path,zeek_sip.response_to,zeek_sip.seq,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.subject,zeek_sip.trans_depth,zeek_sip.uri,zeek_sip.user_agent,zeek_sip.warning,zeek_sip.version,zeek_smb_files.action,zeek_smb_files.name,zeek_smb_files.path,zeek_smb_files.prev_name,zeek_smb_files.size,zeek_smb_files.times_accessed,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp,zeek_smb_files.times_created,zeek_smb_files.times_modified,zeek_smb_mapping.native_file_system,zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.share_type,zeek_smtp.cc,zeek_smtp.date,zeek_smtp.first_received,zeek_smtp.from,zeek_smtp.helo,zeek_smtp.in_reply_to,zeek_smtp.is_webmail,zeek_smtp.last_reply,zeek_smtp.mailfrom,zeek_smtp.msg_id,zeek_smtp.path,zeek_smtp.rcptto,zeek_smtp.reply_to,zeek_smtp.second_received,zeek_smtp.subject,zeek_smtp.tls,zeek_smtp.to,zeek_smtp.trans_depth,zeek_smtp.user_agent,zeek_smtp.x_originating_ip,zeek_snmp.community,zeek_snmp.display_string,zeek_snmp.duration,zeek_snmp.get_bulk_requests,zeek_snmp.get_requests,zeek_snmp.get_responses,zeek_snmp.set_requests,zeek_snmp.up_since,zeek_snmp.version,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.server_status,zeek_socks.version,zeek_software.name,zeek_software.software_type,zeek_software.unparsed_version,zeek_software.version_addl,zeek_software.version_major,zeek_software.version_minor,zeek_software.version_minor2,zeek_software.version_minor3,zeek_ssh.auth_attempts,zeek_ssh.auth_success,zeek_ssh.cipher_alg,zeek_ssh.client,zeek_ssh.compression_alg,zeek_ssh.cshka,zeek_ssh.direction,zeek_ssh.hassh,zeek_ssh.hasshAlgorithms,zeek_ssh.hasshServer,zeek_ssh.hasshServerAlgorithms,zeek_ssh.hasshVersion,zeek_ssh.host_key,zeek_ssh.host_key_alg,zeek_ssh.kex_alg,zeek_ssh.mac_alg,zeek_ssh.remote_location_city,zeek_ssh.remote_location_country_code,zeek_ssh.remote_location_latitude,zeek_ssh.remote_location_longitude,zeek_ssh.remote_location_region,zeek_ssh.server,zeek_ssh.sshka,zeek_ssh.version,zeek_ssl.cert_chain_fuids,zeek_ssl.cipher,zeek_ssl.client_cert_chain_fuids,zeek_ssl.client_issuer.C,zeek_ssl.client_issuer.CN,zeek_ssl.client_issuer.DC,zeek_ssl.client_issuer.emailAddress,zeek_ssl.client_issuer.GN,zeek_ssl.client_issuer.initials,zeek_ssl.client_issuer.L,zeek_ssl.client_issuer.O,zeek_ssl.client_issuer.OU,zeek_ssl.client_issuer.pseudonym,zeek_ssl.client_issuer.serialNumber,zeek_ssl.client_issuer.SN,zeek_ssl.client_issuer.ST,zeek_ssl.client_issuer.title,zeek_ssl.client_issuer_full,zeek_ssl.client_subject.C,zeek_ssl.client_subject.CN,zeek_ssl.client_subject.emailAddress,zeek_ssl.client_subject.GN,zeek_ssl.client_subject.initials,zeek_ssl.client_subject.L,zeek_ssl.client_subject.O,zeek_ssl.client_subject.OU,zeek_ssl.client_subject.pseudonym,zeek_ssl.client_subject.serialNumber,zeek_ssl.client_subject.SN,zeek_ssl.client_subject.ST,zeek_ssl.client_subject.title,zeek_ssl.client_subject_full,zeek_ssl.curve,zeek_ssl.established,zeek_ssl.issuer.C,zeek_ssl.issuer.CN,zeek_ssl.issuer.DC,zeek_ssl.issuer.emailAddress,zeek_ssl.issuer.GN,zeek_ssl.issuer.initials,zeek_ssl.issuer.L,zeek_ssl.issuer.O,zeek_ssl.issuer.OU,zeek_ssl.issuer.pseudonym,zeek_ssl.issuer.serialNumber,zeek_ssl.issuer.SN,zeek_ssl.issuer.ST,zeek_ssl.issuer.title,zeek_ssl.issuer_full,zeek_ssl.ja3,zeek_ssl.ja3_desc,zeek_ssl.ja3s,zeek_ssl.ja3s_desc,zeek_ssl.last_alert,zeek_ssl.next_protocol,zeek_ssl.resumed,zeek_ssl.server_name,zeek_ssl.ssl_version,zeek_ssl.subject.C,zeek_ssl.subject.CN,zeek_ssl.subject.emailAddress,zeek_ssl.subject.GN,zeek_ssl.subject.initials,zeek_ssl.subject.L,zeek_ssl.subject.O,zeek_ssl.subject.OU,zeek_ssl.subject.pseudonym,zeek_ssl.subject.serialNumber,zeek_ssl.subject.SN,zeek_ssl.subject.ST,zeek_ssl.subject.title,zeek_ssl.subject_full,zeek_ssl.validation_status,zeek_syslog.facility,zeek_syslog.message,zeek_syslog.severity,zeek_tds.command,zeek_tds_rpc.parameters,zeek_tds_rpc.procedure_name,zeek_tds_sql_batch.header_type,zeek_tds_sql_batch.query,zeek_tunnel.action,zeek_tunnel.tunnel_type,zeek_weird.addl,zeek_weird.name,zeek_weird.notice,zeek_weird.peer,zeek_x509.basic_constraints_ca,zeek_x509.basic_constraints_path_len,zeek_x509.certificate_curve,zeek_x509.certificate_exponent,zeek_x509.certificate_issuer.C,zeek_x509.certificate_issuer.CN,zeek_x509.certificate_issuer.emailAddress,zeek_x509.certificate_issuer.GN,zeek_x509.certificate_issuer.initials,zeek_x509.certificate_issuer.L,zeek_x509.certificate_issuer.O,zeek_x509.certificate_issuer.OU,zeek_x509.certificate_issuer.pseudonym,zeek_x509.certificate_issuer.serialNumber,zeek_x509.certificate_issuer.SN,zeek_x509.certificate_issuer.ST,zeek_x509.certificate_issuer.title,zeek_x509.certificate_issuer_full,zeek_x509.certificate_key_alg,zeek_x509.certificate_key_length,zeek_x509.certificate_key_type,zeek_x509.certificate_not_valid_after,zeek_x509.certificate_not_valid_before,zeek_x509.certificate_serial,zeek_x509.certificate_sig_alg,zeek_x509.certificate_subject.C,zeek_x509.certificate_subject.CN,zeek_x509.certificate_subject.DC,zeek_x509.certificate_subject.emailAddress,zeek_x509.certificate_subject.GN,zeek_x509.certificate_subject.initials,zeek_x509.certificate_subject.L,zeek_x509.certificate_subject.O,zeek_x509.certificate_subject.OU,zeek_x509.certificate_subject.pseudonym,zeek_x509.certificate_subject.serialNumber,zeek_x509.certificate_subject.SN,zeek_x509.certificate_subject.ST,zeek_x509.certificate_subject.title,zeek_x509.certificate_subject_full,zeek_x509.certificate_version,zeek_x509.san_dns,zeek_x509.san_email,zeek_x509.san_ip,zeek_x509.san_uri";
   this.api.addRightClick("malcolm_kibana_cat_ip",       {name:filterLabel, url:"idmol2kib/filter?start=%ISOSTART%&stop=%ISOSTOP%&field=%DBFIELD%&value=%TEXT%", category:"ip"});
   this.api.addRightClick("malcolm_kibana_cat_port",     {name:filterLabel, url:filterUrl, category:"port"});
   this.api.addRightClick("malcolm_kibana_cat_country",  {name:filterLabel, url:filterUrl, category:"country"});
@@ -821,7 +814,7 @@ function ZeekLogs (api, section) {
     "  if (session.zeek.orig_h || session.zeek.orig_p || session.zeek.orig_l2_addr || session.zeek.resp_h || " +
     "      session.zeek.resp_p || session.zeek.resp_l2_addr || session.zeek.proto || session.zeek.service || " +
     "      session.zeek.service_version || session.zeek.user || session.zeek.password || " +
-    "      session.zeek.freq_score_v1 || session.zeek.freq_score_v2 )\n" +
+    "      session.zeek.action || session.zeek.freq_score_v1 || session.zeek.freq_score_v2 )\n" +
     "    dl.sessionDetailMeta(suffix=\"Basic Connection Info\")\n" +
     "      +arrayList(session.zeek, 'orig_h', 'Originating Host', 'zeek.orig_h')\n" +
     "      +arrayList(session.zeek, 'orig_l2_addr', 'Originating MAC', 'zeek.orig_l2_addr')\n" +
@@ -844,6 +837,7 @@ function ZeekLogs (api, section) {
     "      +arrayList(session.zeek, 'proto', 'Protocol', 'zeek.proto')\n" +
     "      +arrayList(session.zeek, 'service', 'Service', 'zeek.service')\n" +
     "      +arrayList(session.zeek, 'service_version', 'Service Version', 'zeek.service_version')\n" +
+    "      +arrayList(session.zeek, 'action', 'Action', 'zeek.action')\n" +
     "      +arrayList(session.zeek, 'user', 'User', 'zeek.user')\n" +
     "      +arrayList(session.zeek, 'password', 'Password', 'zeek.password')\n" +
     "      +arrayList(session.zeek, 'freq_score_v1', 'Freq Score v1', 'zeek.freq_score_v1')\n" +
@@ -869,12 +863,12 @@ function ZeekLogs (api, section) {
   this.api.addView("zeek_dpd", "require:zeek_dpd;title:Zeek dpd.log;fields:zeek_dpd.service,zeek_dpd.failure_reason")
   this.api.addView("zeek_enip", "require:zeek_enip;title:Zeek enip.log;fields:zeek_enip.command,zeek_enip.length,zeek_enip.session_handle,zeek_enip.status,zeek_enip.sender_context,zeek_enip.options")
   this.api.addView("zeek_enip_list_identity", "require:zeek_enip_list_identity;title:Zeek enip_list_identity.log;fields:zeek_enip_list_identity.device_type,zeek_enip_list_identity.vendor,zeek_enip_list_identity.product_name,zeek_enip_list_identity.serial_number,zeek_enip_list_identity.product_code,zeek_enip_list_identity.revision,zeek_enip_list_identity.status,zeek_enip_list_identity.state,zeek_enip_list_identity.device_ip")
-  this.api.addView("zeek_files", "require:zeek_files;title:Zeek files.log;fields:zeek_files.fuid,zeek_files.tx_hosts,zeek_files.rx_hosts,zeek_files.conn_uids,zeek_files.source,zeek_files.depth,zeek_files.analyzers,zeek_files.mime_type,zeek_files.filename,zeek_files.duration,zeek_files.local_orig,zeek_files.is_orig,zeek_files.seen_bytes,zeek_files.total_bytes,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.timedout,zeek_files.parent_fuid,zeek_files.md5,zeek_files.sha1,zeek_files.sha256,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size")
-  this.api.addView("zeek_ftp", "require:zeek_ftp;title:Zeek ftp.log;fields:zeek_ftp.command,zeek_ftp.arg,zeek_ftp.mime_type,zeek_ftp.file_size,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p,zeek_ftp.fuid")
+  this.api.addView("zeek_files", "require:zeek_files;title:Zeek files.log;fields:zeek_files.tx_hosts,zeek_files.rx_hosts,zeek_files.conn_uids,zeek_files.source,zeek_files.depth,zeek_files.analyzers,zeek_files.mime_type,zeek_files.filename,zeek_files.duration,zeek_files.local_orig,zeek_files.is_orig,zeek_files.seen_bytes,zeek_files.total_bytes,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.timedout,zeek_files.parent_fuid,zeek_files.md5,zeek_files.sha1,zeek_files.sha256,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size")
+  this.api.addView("zeek_ftp", "require:zeek_ftp;title:Zeek ftp.log;fields:zeek_ftp.command,zeek_ftp.arg,zeek_ftp.mime_type,zeek_ftp.file_size,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p")
   this.api.addView("zeek_gquic", "require:zeek_gquic;title:Zeek gquic.log;fields:zeek_gquic.version,zeek_gquic.server_name,zeek_gquic.user_agent,zeek_gquic.tag_count,zeek_gquic.cyu,zeek_gquic.cyutags")
   this.api.addView("zeek_http", "require:zeek_http;title:Zeek http.log;fields:zeek_http.trans_depth,zeek_http.method,zeek_http.host,zeek_http.uri,zeek_http.origin,zeek_http.referrer,zeek_http.version,zeek_http.user_agent,zeek_http.request_body_len,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.info_code,zeek_http.info_msg,zeek_http.tags,zeek_http.proxied,zeek_http.orig_fuids,zeek_http.orig_filenames,zeek_http.orig_mime_types,zeek_http.resp_fuids,zeek_http.resp_filenames,zeek_http.resp_mime_types")
-  this.api.addView("zeek_intel", "require:zeek_intel;title:Zeek intel.log;fields:zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.seen_where,zeek_intel.seen_node,zeek_intel.matched,zeek_intel.sources,zeek_intel.fuid,zeek_intel.mimetype,zeek_intel.file_description")
-  this.api.addView("zeek_irc", "require:zeek_irc;title:Zeek irc.log;fields:zeek_irc.nick,zeek_irc.command,zeek_irc.value,zeek_irc.addl,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type,zeek_irc.fuid")
+  this.api.addView("zeek_intel", "require:zeek_intel;title:Zeek intel.log;fields:zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.seen_where,zeek_intel.seen_node,zeek_intel.matched,zeek_intel.sources,zeek_intel.mimetype,zeek_intel.file_description")
+  this.api.addView("zeek_irc", "require:zeek_irc;title:Zeek irc.log;fields:zeek_irc.nick,zeek_irc.command,zeek_irc.value,zeek_irc.addl,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type")
   this.api.addView("zeek_iso_cotp", "require:zeek_iso_cotp;title:Zeek iso_cotp.log;fields:zeek_iso_cotp.pdu_type")
   this.api.addView("zeek_kerberos", "require:zeek_kerberos;title:Zeek kerberos.log;fields:zeek_kerberos.cname,zeek_kerberos.sname,zeek_kerberos.success,zeek_kerberos.error_msg,zeek_kerberos.from,zeek_kerberos.till,zeek_kerberos.cipher,zeek_kerberos.forwardable,zeek_kerberos.renewable,zeek_kerberos.client_cert_subject,zeek_kerberos.client_cert_fuid,zeek_kerberos.server_cert_subject,zeek_kerberos.server_cert_fuid")
   this.api.addView("zeek_known_certs", "require:zeek_known_certs;title:Zeek known_certs.log;fields:zeek_known_certs.subject,zeek_known_certs.issuer_subject,zeek_known_certs.serial")
@@ -886,10 +880,10 @@ function ZeekLogs (api, section) {
   this.api.addView("zeek_mqtt_publish", "require:zeek_mqtt_publish;title:Zeek mqtt_publish.log;fields:zeek_mqtt_publish.from_client,zeek_mqtt_publish.retain,zeek_mqtt_publish.qos,zeek_mqtt_publish.status,zeek_mqtt_publish.topic,zeek_mqtt_publish.payload,zeek_mqtt_publish.payload_len")
   this.api.addView("zeek_mqtt_subscribe", "require:zeek_mqtt_subscribe;title:Zeek mqtt_subscribe.log;fields:zeek_mqtt_subscribe.action,zeek_mqtt_subscribe.topics,zeek_mqtt_subscribe.qos_levels,zeek_mqtt_subscribe.granted_qos_level,zeek_mqtt_subscribe.ack")
   this.api.addView("zeek_mysql", "require:zeek_mysql;title:Zeek mysql.log;fields:zeek_mysql.cmd,zeek_mysql.arg,zeek_mysql.success,zeek_mysql.rows,zeek_mysql.response")
-  this.api.addView("zeek_notice", "require:zeek_notice;title:Zeek notice.log;fields:zeek_notice.fuid,zeek_notice.file_mime_type,zeek_notice.file_desc,zeek_notice.note,zeek_notice.msg,zeek_notice.sub,zeek_notice.src,zeek_notice.dst,zeek_notice.p,zeek_notice.n,zeek_notice.peer_descr,zeek_notice.actions,zeek_notice.suppress_for,zeek_notice.dropped,zeek_notice.remote_location_country_code,zeek_notice.remote_location_region,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_longitude")
+  this.api.addView("zeek_notice", "require:zeek_notice;title:Zeek notice.log;fields:zeek_notice.file_mime_type,zeek_notice.file_desc,zeek_notice.note,zeek_notice.msg,zeek_notice.sub,zeek_notice.src,zeek_notice.dst,zeek_notice.p,zeek_notice.n,zeek_notice.peer_descr,zeek_notice.actions,zeek_notice.suppress_for,zeek_notice.dropped,zeek_notice.remote_location_country_code,zeek_notice.remote_location_region,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_longitude")
   this.api.addView("zeek_ntlm", "require:zeek_ntlm;title:Zeek ntlm.log;fields:zeek_ntlm.host,zeek_ntlm.domain,zeek_ntlm.success,zeek_ntlm.status,zeek_ntlm.server_nb_computer,zeek_ntlm.server_dns_computer,zeek_ntlm.server_tree")
   this.api.addView("zeek_ntp", "require:zeek_ntp;title:Zeek ntp.log;fields:zeek_ntp.version,zeek_ntp.mode,zeek_ntp.mode_str,zeek_ntp.stratum,zeek_ntp.poll,zeek_ntp.precision,zeek_ntp.root_delay,zeek_ntp.root_disp,zeek_ntp.ref_id,zeek_ntp.ref_time,zeek_ntp.org_time,zeek_ntp.rec_time,zeek_ntp.xmt_time,zeek_ntp.num_exts")
-  this.api.addView("zeek_pe", "require:zeek_pe;title:Zeek pe.log;fields:zeek_pe.fuid,zeek_pe.machine,zeek_pe.compile_ts,zeek_pe.os,zeek_pe.subsystem,zeek_pe.is_exe,zeek_pe.is_64bit,zeek_pe.uses_aslr,zeek_pe.uses_dep,zeek_pe.uses_code_integrity,zeek_pe.uses_seh,zeek_pe.has_import_table,zeek_pe.has_export_table,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.section_names")
+  this.api.addView("zeek_pe", "require:zeek_pe;title:Zeek pe.log;fields:zeek_pe.machine,zeek_pe.compile_ts,zeek_pe.os,zeek_pe.subsystem,zeek_pe.is_exe,zeek_pe.is_64bit,zeek_pe.uses_aslr,zeek_pe.uses_dep,zeek_pe.uses_code_integrity,zeek_pe.uses_seh,zeek_pe.has_import_table,zeek_pe.has_export_table,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.section_names")
   this.api.addView("zeek_profinet", "require:zeek_profinet;title:Zeek profinet.log;fields:zeek_profinet.operation_type,zeek_profinet.block_version,zeek_profinet.slot_number,zeek_profinet.subslot_number,zeek_profinet.index")
   this.api.addView("zeek_profinet_dce_rpc", "require:zeek_profinet_dce_rpc;title:Zeek profinet_dce_rpc.log;fields:zeek_profinet_dce_rpc.version,zeek_profinet_dce_rpc.packet_type,zeek_profinet_dce_rpc.object_uuid,zeek_profinet_dce_rpc.interface_uuid,zeek_profinet_dce_rpc.activity_uuid,zeek_profinet_dce_rpc.server_boot_time,zeek_profinet_dce_rpc.operation")
   this.api.addView("zeek_radius", "require:zeek_radius;title:Zeek radius.log;fields:zeek_radius.mac,zeek_radius.framed_addr,zeek_radius.tunnel_client,zeek_radius.connect_info,zeek_radius.reply_msg,zeek_radius.result,zeek_radius.ttl")
@@ -897,10 +891,10 @@ function ZeekLogs (api, section) {
   this.api.addView("zeek_rfb", "require:zeek_rfb;title:Zeek rfb.log;fields:zeek_rfb.client_major_version,zeek_rfb.client_minor_version,zeek_rfb.server_major_version,zeek_rfb.server_minor_version,zeek_rfb.authentication_method,zeek_rfb.auth,zeek_rfb.share_flag,zeek_rfb.desktop_name,zeek_rfb.width,zeek_rfb.height")
   this.api.addView("zeek_s7comm", "require:zeek_s7comm;title:Zeek s7comm.log;fields:zeek_s7comm.rosctr,zeek_s7comm.parameter,zeek_s7comm.parameters.class,zeek_s7comm.parameters.code,zeek_s7comm.parameters.group,zeek_s7comm.parameters.mode,zeek_s7comm.parameters.sub,zeek_s7comm.parameters.type,zeek_s7comm.item_count,zeek_s7comm.data_info")
   this.api.addView("zeek_signatures", "require:zeek_signatures;title:Zeek signatures.log;fields:zeek_signatures.note,zeek_signatures.signature_id,zeek_signatures.engine,zeek_signatures.event_message,zeek_signatures.sub_message,zeek_signatures.signature_count,zeek_signatures.host_count")
-  this.api.addView("zeek_sip", "require:zeek_sip;title:Zeek sip.log;fields:zeek_sip.trans_depth,zeek_sip.method,zeek_sip.uri,zeek_sip.date,zeek_sip.request_from,zeek_sip.request_to,zeek_sip.response_from,zeek_sip.response_to,zeek_sip.reply_to,zeek_sip.call_id,zeek_sip.seq,zeek_sip.subject,zeek_sip.request_path,zeek_sip.response_path,zeek_sip.user_agent,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.warning,zeek_sip.request_body_len,zeek_sip.response_body_len,zeek_sip.content_type")
-  this.api.addView("zeek_smb_files", "require:zeek_smb_files;title:Zeek smb_files.log;fields:zeek_smb_files.fuid,zeek_smb_files.action,zeek_smb_files.path,zeek_smb_files.name,zeek_smb_files.size,zeek_smb_files.prev_name,zeek_smb_files.times_modified,zeek_smb_files.times_accessed,zeek_smb_files.times_created,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp")
+  this.api.addView("zeek_sip", "require:zeek_sip;title:Zeek sip.log;fields:zeek_sip.trans_depth,zeek_sip.method,zeek_sip.uri,zeek_sip.date,zeek_sip.request_from,zeek_sip.request_to,zeek_sip.response_from,zeek_sip.response_to,zeek_sip.reply_to,zeek_sip.call_id,zeek_sip.seq,zeek_sip.subject,zeek_sip.request_path,zeek_sip.response_path,zeek_sip.user_agent,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.warning,zeek_sip.request_body_len,zeek_sip.response_body_len,zeek_sip.content_type,zeek_sip.version")
+  this.api.addView("zeek_smb_files", "require:zeek_smb_files;title:Zeek smb_files.log;fields:zeek_smb_files.action,zeek_smb_files.path,zeek_smb_files.name,zeek_smb_files.size,zeek_smb_files.prev_name,zeek_smb_files.times_modified,zeek_smb_files.times_accessed,zeek_smb_files.times_created,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp")
   this.api.addView("zeek_smb_mapping", "require:zeek_smb_mapping;title:Zeek smb_mapping.log;fields:zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.native_file_system,zeek_smb_mapping.share_type")
-  this.api.addView("zeek_smtp", "require:zeek_smtp;title:Zeek smtp.log;fields:zeek_smtp.trans_depth,zeek_smtp.helo,zeek_smtp.mailfrom,zeek_smtp.rcptto,zeek_smtp.date,zeek_smtp.from,zeek_smtp.to,zeek_smtp.cc,zeek_smtp.reply_to,zeek_smtp.msg_id,zeek_smtp.in_reply_to,zeek_smtp.subject,zeek_smtp.x_originating_ip,zeek_smtp.first_received,zeek_smtp.second_received,zeek_smtp.last_reply,zeek_smtp.path,zeek_smtp.user_agent,zeek_smtp.tls,zeek_smtp.fuids,zeek_smtp.is_webmail")
+  this.api.addView("zeek_smtp", "require:zeek_smtp;title:Zeek smtp.log;fields:zeek_smtp.trans_depth,zeek_smtp.helo,zeek_smtp.mailfrom,zeek_smtp.rcptto,zeek_smtp.date,zeek_smtp.from,zeek_smtp.to,zeek_smtp.cc,zeek_smtp.reply_to,zeek_smtp.msg_id,zeek_smtp.in_reply_to,zeek_smtp.subject,zeek_smtp.x_originating_ip,zeek_smtp.first_received,zeek_smtp.second_received,zeek_smtp.last_reply,zeek_smtp.path,zeek_smtp.user_agent,zeek_smtp.tls,zeek_smtp.is_webmail")
   this.api.addView("zeek_snmp", "require:zeek_snmp;title:Zeek snmp.log;fields:zeek_snmp.duration,zeek_snmp.version,zeek_snmp.community,zeek_snmp.get_requests,zeek_snmp.get_bulk_requests,zeek_snmp.get_responses,zeek_snmp.set_requests,zeek_snmp.display_string,zeek_snmp.up_since")
   this.api.addView("zeek_socks", "require:zeek_socks;title:Zeek socks.log;fields:zeek_socks.version,zeek_socks.server_status,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port")
   this.api.addView("zeek_software", "require:zeek_software;title:Zeek software.log;fields:zeek_software.software_type,zeek_software.name,zeek_software.version_major,zeek_software.version_minor,zeek_software.version_minor2,zeek_software.version_minor3,zeek_software.version_addl,zeek_software.unparsed_version")
@@ -912,7 +906,7 @@ function ZeekLogs (api, section) {
   this.api.addView("zeek_tds_sql_batch", "require:zeek_tds_sql_batch;title:Zeek tds_sql_batch.log;fields:zeek_tds_sql_batch.header_type,zeek_tds_sql_batch.query")
   this.api.addView("zeek_tunnel", "require:zeek_tunnel;title:Zeek tunnel.log;fields:zeek_tunnel.tunnel_type,zeek_tunnel.action")
   this.api.addView("zeek_weird", "require:zeek_weird;title:Zeek weird.log;fields:zeek_weird.name,zeek_weird.addl,zeek_weird.notice,zeek_weird.peer")
-  this.api.addView("zeek_x509", "require:zeek_x509;title:Zeek x509.log;fields:zeek_x509.fuid,zeek_x509.certificate_version,zeek_x509.certificate_serial,zeek_x509.certificate_subject.CN,zeek_x509.certificate_subject.C,zeek_x509.certificate_subject.O,zeek_x509.certificate_subject.OU,zeek_x509.certificate_subject.ST,zeek_x509.certificate_subject.SN,zeek_x509.certificate_subject.L,zeek_x509.certificate_subject.DC,zeek_x509.certificate_subject.GN,zeek_x509.certificate_subject.pseudonym,zeek_x509.certificate_subject.serialNumber,zeek_x509.certificate_subject.title,zeek_x509.certificate_subject.initials,zeek_x509.certificate_subject.emailAddress,zeek_x509.certificate_issuer.CN,zeek_x509.certificate_issuer.C,zeek_x509.certificate_issuer.O,zeek_x509.certificate_issuer.OU,zeek_x509.certificate_issuer.ST,zeek_x509.certificate_issuer.SN,zeek_x509.certificate_issuer.L,zeek_x509.certificate_issuer.GN,zeek_x509.certificate_issuer.pseudonym,zeek_x509.certificate_issuer.serialNumber,zeek_x509.certificate_issuer.title,zeek_x509.certificate_issuer.initials,zeek_x509.certificate_issuer.emailAddress,zeek_x509.certificate_not_valid_before,zeek_x509.certificate_not_valid_after,zeek_x509.certificate_key_alg,zeek_x509.certificate_sig_alg,zeek_x509.certificate_key_type,zeek_x509.certificate_key_length,zeek_x509.certificate_exponent,zeek_x509.certificate_curve,zeek_x509.san_dns,zeek_x509.san_uri,zeek_x509.san_email,zeek_x509.san_ip,zeek_x509.basic_constraints_ca,zeek_x509.basic_constraints_path_len")
+  this.api.addView("zeek_x509", "require:zeek_x509;title:Zeek x509.log;fields:zeek_x509.certificate_version,zeek_x509.certificate_serial,zeek_x509.certificate_subject.CN,zeek_x509.certificate_subject.C,zeek_x509.certificate_subject.O,zeek_x509.certificate_subject.OU,zeek_x509.certificate_subject.ST,zeek_x509.certificate_subject.SN,zeek_x509.certificate_subject.L,zeek_x509.certificate_subject.DC,zeek_x509.certificate_subject.GN,zeek_x509.certificate_subject.pseudonym,zeek_x509.certificate_subject.serialNumber,zeek_x509.certificate_subject.title,zeek_x509.certificate_subject.initials,zeek_x509.certificate_subject.emailAddress,zeek_x509.certificate_issuer.CN,zeek_x509.certificate_issuer.C,zeek_x509.certificate_issuer.O,zeek_x509.certificate_issuer.OU,zeek_x509.certificate_issuer.ST,zeek_x509.certificate_issuer.SN,zeek_x509.certificate_issuer.L,zeek_x509.certificate_issuer.GN,zeek_x509.certificate_issuer.pseudonym,zeek_x509.certificate_issuer.serialNumber,zeek_x509.certificate_issuer.title,zeek_x509.certificate_issuer.initials,zeek_x509.certificate_issuer.emailAddress,zeek_x509.certificate_not_valid_before,zeek_x509.certificate_not_valid_after,zeek_x509.certificate_key_alg,zeek_x509.certificate_sig_alg,zeek_x509.certificate_key_type,zeek_x509.certificate_key_length,zeek_x509.certificate_exponent,zeek_x509.certificate_curve,zeek_x509.san_dns,zeek_x509.san_uri,zeek_x509.san_email,zeek_x509.san_ip,zeek_x509.basic_constraints_ca,zeek_x509.basic_constraints_path_len")
 
   // Add the source as available
   this.api.addSource("zeek", this);

From 6f918d75440807a02c5f5865ba8b185976346d42 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 30 Jan 2020 15:42:57 -0700
Subject: [PATCH 055/183] fixes to SMB action mapping

---
 logstash/pipelines/zeek/11_zeek_logs.conf     |  7 ++++--
 .../pipelines/zeek/12_zeek_normalize.conf     | 22 +++++++++++--------
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index 11fb679be..6c86ad1b8 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -1797,7 +1797,7 @@ filter {
              gsub => [ "[zeek_cols][version]", "^SMB", "" ] }
 
     mutate { id => "mutate_gsub_zeek_smb_cmd_command"
-             gsub => [ "[zeek_cols][command]", "SMB::", "" ] }
+             gsub => [ "[zeek_cols][command]", "^SMB::", "" ] }
 
   } else if ([source] == "smb_files") {
     #############################################################################################################################
@@ -1875,7 +1875,7 @@ filter {
     }
 
     mutate { id => "mutate_gsub_zeek_smb_files_action"
-             gsub => [ "[zeek_cols][action]", "SMB::", "" ] }
+             gsub => [ "[zeek_cols][action]", "^SMB::", "" ] }
 
   } else if ([source] == "smb_mapping") {
     #############################################################################################################################
@@ -3326,6 +3326,9 @@ filter {
                    remove_field => [ "[zeek_smb_files][fuid]" ] }
         }
 
+        if ([zeek_smb_files][action]) { mutate { id => "mutate_gsub_zeek_smb_cmd_referenced_file_action"
+                                                 gsub => [ "[zeek_smb_files][action]", "^SMB::", "" ] } }
+
         # this timestamp conversion would have happened originally had this been its own line from smb_files
         if ([zeek_smb_files][ts]) {
           # convert @timestamp to UNIX to use native kibana features
diff --git a/logstash/pipelines/zeek/12_zeek_normalize.conf b/logstash/pipelines/zeek/12_zeek_normalize.conf
index f7dc52e54..57139b964 100644
--- a/logstash/pipelines/zeek/12_zeek_normalize.conf
+++ b/logstash/pipelines/zeek/12_zeek_normalize.conf
@@ -139,20 +139,24 @@ filter {
     }
   }
 
-  if ([zeek_sip][method])                       { mutate { id => "mutate_merge_normalize_zeek_sip_method"
-                                                           merge => { "[zeek][action]" => "[zeek_sip][method]" } } }
-
-  if ([zeek_smb_cmd][command]) or ([zeek_smb_cmd][sub_command]) {
-    # concatenate command and sub_command
-    mutate { id => "mutate_add_field_zeek_smb_cmd_combined"
-             add_field => { "[@metadata][zeek_smb_cmd_combined]" => "%{[zeek_smb_cmd][command]}:%{[zeek_smb_cmd][sub_command]}" } }
-    mutate { id => "mutate_merge_normalize_zeek_smb_cmd_command"
-             merge => { "[zeek][action]" => "[@metadata][zeek_smb_cmd_combined]" } }
+  if ([zeek_smb_cmd]) {
+    ruby {
+      # action = command:sub_command
+      id => "ruby_zeek_smb_cmd_generate_action"
+      code => "
+        actions = Array.new unless (actions = event.get('[zeek][action]'))
+        actions.append([event.get('[zeek_smb_cmd][command]'),
+                        event.get('[zeek_smb_cmd][sub_command]')].compact.join(':'))
+        event.set('[zeek][action]', actions)"
+    }
   }
 
   if ([zeek_smb_files][action])                 { mutate { id => "mutate_merge_normalize_zeek_smb_files_action"
                                                            merge => { "[zeek][action]" => "[zeek_smb_files][action]" } } }
 
+  if ([zeek_sip][method])                       { mutate { id => "mutate_merge_normalize_zeek_sip_method"
+                                                           merge => { "[zeek][action]" => "[zeek_sip][method]" } } }
+
   if ([zeek_tds][command])                      { mutate { id => "mutate_merge_normalize_zeek_tds_command"
                                                            merge => { "[zeek][action]" => "[zeek_tds][command]" } } }
 

From 78bcd8008e4a674c8b09eaf470da46e813a71b4f Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 3 Feb 2020 08:11:43 -0700
Subject: [PATCH 056/183] remove useless prefix before smb action

---
 logstash/pipelines/zeek/12_zeek_normalize.conf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/logstash/pipelines/zeek/12_zeek_normalize.conf b/logstash/pipelines/zeek/12_zeek_normalize.conf
index 57139b964..0ea15f2a0 100644
--- a/logstash/pipelines/zeek/12_zeek_normalize.conf
+++ b/logstash/pipelines/zeek/12_zeek_normalize.conf
@@ -144,9 +144,10 @@ filter {
       # action = command:sub_command
       id => "ruby_zeek_smb_cmd_generate_action"
       code => "
+        cmd = event.get('[zeek_smb_cmd][command]')
+        subCmd = event.get('[zeek_smb_cmd][sub_command]')
         actions = Array.new unless (actions = event.get('[zeek][action]'))
-        actions.append([event.get('[zeek_smb_cmd][command]'),
-                        event.get('[zeek_smb_cmd][sub_command]')].compact.join(':'))
+        actions.append((cmd =~ /^\s*transaction\d*\s*$/i) ? subCmd : [cmd, subCmd].compact.join(':'))
         event.set('[zeek][action]', actions)"
     }
   }

From 82aeb8d755b0f056ebc5c892388f99c50ebb2ed5 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 3 Feb 2020 09:40:57 -0700
Subject: [PATCH 057/183] exclude some domains from freq. analysis

---
 logstash/pipelines/enrichment/11_lookups.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index 805d1f841..112c28356 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -230,7 +230,7 @@ filter {
               scoresTmp = Array.new
               begin
                 event.get('[dns][host]').each { |query|
-                  if (query.length >= 4) then
+                  if (query.length >= 4) and (query !~ /(ip6\.int|ip6\.arpa|in-addr\.arpa|b32\.i2p)$/i) then
                     scoresTmp.clear
                     scoresTmp.concat(Net::HTTP.get_response(URI.parse('http://freq:10004/measure/' + query)).body.gsub(/(^\(|\)$|\s+)/, '').split(',').map(&:to_f))
                     if (scoresTmp.length == 2) then

From 6d8b70aef9da0e3458f9ccba2505948723fd9b6e Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 3 Feb 2020 10:13:37 -0700
Subject: [PATCH 058/183] utility script to repackage zeek logs for upload:

---
 scripts/package_zeek_logs.sh | 121 +++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)
 create mode 100755 scripts/package_zeek_logs.sh

diff --git a/scripts/package_zeek_logs.sh b/scripts/package_zeek_logs.sh
new file mode 100755
index 000000000..0c981eb3a
--- /dev/null
+++ b/scripts/package_zeek_logs.sh
@@ -0,0 +1,121 @@
+#!/bin/bash
+
+# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+
+# package up Zeek logs in a format more suitable for upload to Malcolm
+#
+# directory containing Zeek logs is a parent directory of directories/files named like smb_mapping.04/00/00-05/00/00.log.gz
+#
+
+set -e
+set -u
+set -o pipefail
+
+ENCODING="utf-8"
+
+# options
+# -v      (verbose)
+# -d dir  (base directory containing logs, e.g., the parent directory of smb_mapping.04/00/00-05/00/00.log.gz )
+
+# parse command-line options
+VERBOSE_FLAG=""
+LOG_BASE_DIR=$(pwd)
+while getopts 'vd:' OPTION; do
+  case "$OPTION" in
+    v)
+      VERBOSE_FLAG="-v"
+      ;;
+
+    d)
+      LOG_BASE_DIR="$OPTARG"
+      ;;
+
+    ?)
+      echo "script usage: $(basename $0) [-v] [-d directory]" >&2
+      exit 1
+      ;;
+  esac
+done
+shift "$(($OPTIND -1))"
+
+# fsize - display byte sizes human readable
+function fsize () {
+  echo "$1" | awk 'function human(x) {
+     s=" B   KiB MiB GiB TiB EiB PiB YiB ZiB"
+     while (x>=1024 && length(s)>1)
+           {x/=1024; s=substr(s,5)}
+     s=substr(s,1,4)
+     xf=(s==" B  ")?"%5d   ":"%0.2f"
+     return sprintf( xf"%s", x, s)
+  }
+  {gsub(/^[0-9]+/, human($1)); print}'
+}
+
+function fdir () {
+  [[ -f "$1" ]] && echo "$(dirname "$1")" || echo "$1"
+}
+
+# create a temporary directory to store our results in (make sure /tmp is big enough to extract all of these logs into!)
+WORKDIR="$(mktemp -d -t malcolm-zeek-XXXXXX)"
+
+# chdir to the base directory containing the logs
+pushd "$LOG_BASE_DIR" >/dev/null 2>&1
+FULL_PWD="$(realpath "$(pwd)")"
+
+# cleanup - on exit ensure the temporary directory is removed
+function cleanup {
+  popd >/dev/null 2>&1
+  if ! rm -rf "$WORKDIR"; then
+    echo "Failed to remove temporary directory '$WORKDIR'" >&2
+    exit 1
+  fi
+}
+
+if [ -d "$WORKDIR" ]; then
+  # ensure that if we "grabbed a lock", we release it (works for clean exit, SIGTERM, and SIGINT/Ctrl-C)
+  trap "cleanup" EXIT
+
+  #               year     month    day     type   hour.0   min.0    sec.0    hour.1   min.1    sec.1
+  PATTERN='(\./)?([0-9]+)-([0-9]+)-([0-9]+)/(.+)\.([0-9]+):([0-9]+):([0-9]+)-([0-9]+):([0-9]+):([0-9]+)\.log\.gz$'
+
+  # find and unzip the compressed zeek logs below this directory into temporary subdirectories that make sense
+  for GZ_LOG_FILE in $(find . -type f -name "*.log.gz"); do
+    GZ_LOG_FILE_SUBDIR="$(dirname "$GZ_LOG_FILE")"
+    GZ_LOG_FILE_DESTDIR="$WORKDIR"/"$GZ_LOG_FILE_SUBDIR"
+    mkdir -p "$GZ_LOG_FILE_DESTDIR"
+    if [[ $GZ_LOG_FILE =~ $PATTERN ]]; then
+      LOG_TYPE=${BASH_REMATCH[5]}
+      DIR_DATE=${BASH_REMATCH[2]}_${BASH_REMATCH[3]}_${BASH_REMATCH[4]}_${BASH_REMATCH[6]}
+      LOG_BASENAME="$(echo "$LOG_TYPE" | awk '{print tolower($0)}')".log
+      DIR_COUNT=0
+      while [[ true ]]; do
+        DEST_DIR="$WORKDIR"/$DIR_DATE.$(printf %02d $DIR_COUNT)
+        DEST_FILE="$DEST_DIR"/"$LOG_BASENAME"
+        if [[ -e "$DEST_FILE" ]]; then
+          DIR_COUNT=$((DIR_COUNT+1))
+        else
+          break
+        fi
+      done
+      mkdir -p "$DEST_DIR"/
+      gunzip --to-stdout "$GZ_LOG_FILE" > "$DEST_FILE"
+      if [[ -n $VERBOSE_FLAG ]]; then
+        FILE_TYPE="$(file -b "$DEST_FILE")"
+        FILE_SIZE="$(fsize $(stat --printf="%s" "$DEST_FILE"))"
+        echo "$DEST_FILE: $FILE_TYPE ($FILE_SIZE)"
+      fi
+    fi
+  done
+
+  # package up all of the log files in their respective directories under our temporary one
+  REPACKAGED_LOGS_TARBALL="$FULL_PWD"/zeek-logs-compressed-$(date +'%Y%m%d_%H%M%S').tar.gz
+  tar -c -z $VERBOSE_FLAG -C "$WORKDIR" -f $REPACKAGED_LOGS_TARBALL .
+  if [[ -n $VERBOSE_FLAG ]]; then
+    FILE_TYPE="$(file -b "$REPACKAGED_LOGS_TARBALL")"
+    FILE_SIZE="$(fsize $(stat --printf="%s" "$REPACKAGED_LOGS_TARBALL"))"
+    echo "$REPACKAGED_LOGS_TARBALL: $FILE_TYPE ($FILE_SIZE)"
+  else
+    echo "$REPACKAGED_LOGS_TARBALL"
+  fi
+
+fi
\ No newline at end of file

From 0c665726e5343f0c3b5e119d6cbc6e70ac943c68 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 3 Feb 2020 11:45:00 -0700
Subject: [PATCH 059/183] fix issue #111, moloch/etc mount in
 docker-compose.yml causes custom Zeek fields not to be loaded

---
 docker-compose.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index a1047d88d..4acb8720e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -302,7 +302,8 @@ services:
       - ./pcap:/data/pcap
       - ./moloch-logs:/data/moloch/logs
       - ./moloch-raw:/data/moloch/raw
-      - ./moloch/etc:/data/moloch/etc
+      - ./moloch/etc/config.ini:/data/moloch/etc/config.ini:ro
+      - ./moloch/etc/user_settings.json:/data/moloch/etc/user_settings.json:ro
       - ./moloch/wise/source.zeeklogs.js:/data/moloch/wiseService/source.zeeklogs.js:ro
   zeek:
     build:

From 6c246099d5208e2f5f6f37fa8e70c11a5ffbb782 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 3 Feb 2020 11:51:46 -0700
Subject: [PATCH 060/183] fix Malcolm issue #110, submitting hunt job crashes
 viewer unless Zeek logs are filtered out (temporary patch of fix for Moloch
 issue 1374, https://github.com/aol/moloch/issues/1374)

---
 ...hunt-fix-missing-fileId-1374-23bdf6c.patch | 54 +++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 moloch/patch/hunt-fix-missing-fileId-1374-23bdf6c.patch

diff --git a/moloch/patch/hunt-fix-missing-fileId-1374-23bdf6c.patch b/moloch/patch/hunt-fix-missing-fileId-1374-23bdf6c.patch
new file mode 100644
index 000000000..0903cf5a7
--- /dev/null
+++ b/moloch/patch/hunt-fix-missing-fileId-1374-23bdf6c.patch
@@ -0,0 +1,54 @@
+From 23bdf6c852359b8677bca61805126faab6a19b14 Mon Sep 17 00:00:00 2001
+From: Andy Wick <andywick@gmail.com>
+Date: Mon, 3 Feb 2020 13:04:40 -0500
+Subject: [PATCH] don't actually hunt sessions without fileId set fixes #1374
+
+---
+ CHANGELOG        | 5 +++++
+ viewer/viewer.js | 7 ++++++-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 46bbc77d..988f6e5c 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -18,6 +18,11 @@ Node Versions:
+ NOTICE: Restart wiseService before capture when upgrading
+ 
+ 2.3.0 2020/02/xx
++  - s3 - Fixes the problem where the s3 token expires during a capture (issue #1370)
++  - viewer - Fix decode crash (thanks mammo0)
++  - capture - New tcphealthcheck plugin (thanks fj604)
++  - viewer - initial pie chart
++  - viewer - fix viewer crash when hunting fake sessions (issue #1374)
+ 
+ 2.2.1 2020/01/21
+   - capture - fix --skip not working with ES 7.x
+diff --git a/viewer/viewer.js b/viewer/viewer.js
+index 176b249f..12e87a09 100644
+--- a/viewer/viewer.js
++++ b/viewer/viewer.js
+@@ -7210,6 +7210,11 @@ function runHuntJob (huntId, hunt, query, user) {
+       let sessionId = Db.session2Sid(hit);
+       let node = session.node;
+ 
++      // There is no files, this is a fake session, don't hunt it
++      if (session.fileId === undefined || session.fileId.length === 0) {
++          return updateHuntStats(hunt, huntId, session, searchedSessions, cb);
++      }
++
+       isLocalView(node, function () {
+         sessionHunt(sessionId, options, function (err, matched) {
+           if (err) {
+@@ -7347,7 +7352,7 @@ function processHuntJob (huntId, hunt) {
+             }
+           };
+ 
+-          query._source = ['lastPacket', 'node', 'huntId', 'huntName'];
++          query._source = ['lastPacket', 'node', 'huntId', 'huntName', 'fileId'];
+ 
+           if (Config.debug > 2) {
+             console.log('HUNT', hunt.name, hunt.userId, '- start:', new Date(hunt.lastPacketTime || hunt.query.startTime * 1000), 'stop:', new Date(hunt.query.stopTime * 1000));
+-- 
+2.20.1
+

From c55deded1c1a9d1d7e86b276cd9cbcbaeffe6a37 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 3 Feb 2020 12:27:28 -0700
Subject: [PATCH 061/183] Added smb_cmd fields to WISE

---
 moloch/wise/source.zeeklogs.js | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/moloch/wise/source.zeeklogs.js b/moloch/wise/source.zeeklogs.js
index a1f6867b2..9f096b552 100755
--- a/moloch/wise/source.zeeklogs.js
+++ b/moloch/wise/source.zeeklogs.js
@@ -520,6 +520,17 @@ function ZeekLogs (api, section) {
   this.sip_content_typeField = this.api.addField("field:zeek_sip.content_type;db:zeek_sip.content_type;kind:termfield;friendly:Content Type Header;help:Content Type Header");
   this.sip_versionField = this.api.addField("field:zeek_sip.version;db:zeek_sip.version;kind:termfield;friendly:Version;help:Version");
 
+  // smb_cmd.log
+  // https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html#type-SMB::CmdInfo
+  this.smb_cmd_commandField = this.api.addField("field:zeek_smb_cmd.command;db:zeek_smb_cmd.command;kind:termfield;friendly:Command;help:Command");
+  this.smb_cmd_sub_commandField = this.api.addField("field:zeek_smb_cmd.sub_command;db:zeek_smb_cmd.sub_command;kind:termfield;friendly:Subcommand;help:Subcommand");
+  this.smb_cmd_argumentField = this.api.addField("field:zeek_smb_cmd.argument;db:zeek_smb_cmd.argument;kind:termfield;friendly:Argument;help:Argument");
+  this.smb_cmd_statusField = this.api.addField("field:zeek_smb_cmd.status;db:zeek_smb_cmd.status;kind:termfield;friendly:Status;help:Status");
+  this.smb_cmd_rttField = this.api.addField("field:zeek_smb_cmd.rtt;db:zeek_smb_cmd.rtt;kind:termfield;friendly:Round Trip Time;help:Round Trip Time");
+  this.smb_cmd_versionField = this.api.addField("field:zeek_smb_cmd.version;db:zeek_smb_cmd.version;kind:termfield;friendly:Version;help:Version");
+  this.smb_cmd_treeField = this.api.addField("field:zeek_smb_cmd.tree;db:zeek_smb_cmd.tree;kind:termfield;friendly:Tree;help:Tree");
+  this.smb_cmd_tree_serviceField = this.api.addField("field:zeek_smb_cmd.tree_service;db:zeek_smb_cmd.tree_service;kind:termfield;friendly:Tree Service;help:Tree Service");
+
   // smb_files.log
   // https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html#type-SMB::FileInfo
   this.smb_files_actionField = this.api.addField("field:zeek_smb_files.action;db:zeek_smb_files.action;kind:termfield;friendly:Action;help:Action");
@@ -788,7 +799,7 @@ function ZeekLogs (api, section) {
   // add right-clicks for pivoting into Kibana from Moloch (see nginx.conf)
   var filterLabel = "Filter %DBFIELD% in Kibana";
   var filterUrl = "idmol2kib/filter?start=%ISOSTART%&stop=%ISOSTOP%&field=%DBFIELD%&value=%TEXT%";
-  var allFieldsStr = "communityId,host.name,ip.protocol,mac.dst,mac.src,node,oui.dst,oui.src,protocols,rootId,tags,zeek.action,zeek.community_id,zeek.destination_geo.city_name,zeek.destination_geo.country_name,zeek.destination_ip_reverse_dns,zeek.filename,zeek.filetype,zeek.fuid,zeek.logType,zeek.orig_h,zeek.orig_hostname,zeek.orig_l2_addr,zeek.orig_l2_oui,zeek.orig_p,zeek.orig_segment,zeek.proto,zeek.resp_h,zeek.resp_hostname,zeek.resp_l2_addr,zeek.resp_l2_oui,zeek.resp_p,zeek.resp_segment,zeek.service,zeek.service_version,zeek.source_geo.city_name,zeek.source_geo.country_name,zeek.source_ip_reverse_dns,zeek.ts,zeek.uid,zeek.user,zeek.password,zeek.freq_score_v1,zeek.freq_score_v2,zeek_bacnet.apdu_type,zeek_bacnet.bvlc_function,zeek_bacnet.bvlc_len,zeek_bacnet.data,zeek_bacnet.data_dict.date,zeek_bacnet.data_dict.low_limit,zeek_bacnet.data_dict.high_limit,zeek_bacnet.data_dict.object,zeek_bacnet.data_dict.property,zeek_bacnet.data_dict.result,zeek_bacnet.data_dict.time,zeek_bacnet.data_dict.ttl,zeek_bacnet.service_choice,zeek_cip.cip_service,zeek_cip.cip_tags,zeek_cip.status,zeek_conn.conn_state,zeek_conn.conn_state_description,zeek_conn.duration,zeek_conn.history,zeek_conn.inner_vlan,zeek_conn.local_orig,zeek_conn.local_resp,zeek_conn.missed_bytes,zeek_conn.orig_bytes,zeek_conn.orig_ip_bytes,zeek_conn.orig_pkts,zeek_conn.resp_bytes,zeek_conn.resp_ip_bytes,zeek_conn.resp_pkts,zeek_conn.tunnel_parents,zeek_conn.vlan,zeek_dce_rpc.endpoint,zeek_dce_rpc.named_pipe,zeek_dce_rpc.operation,zeek_dce_rpc.rtt,zeek_dhcp.assigned_ip,zeek_dhcp.lease_time,zeek_dhcp.mac,zeek_dhcp.trans_id,zeek_dnp3.fc_reply,zeek_dnp3.fc_request,zeek_dnp3.iin,zeek_dns.AA,zeek_dns.answers,zeek_dns.qclass,zeek_dns.qclass_name,zeek_dns.qtype,zeek_dns.qtype_name,zeek_dns.query,zeek_dns.RA,zeek_dns.rcode,zeek_dns.rcode_name,zeek_dns.RD,zeek_dns.rejected,zeek_dns.rtt,zeek_dns.TC,zeek_dns.trans_id,zeek_dns.TTLs,zeek_dns.Z,zeek_dpd.failure_reason,zeek_dpd.service,zeek_enip.command,zeek_enip.length,zeek_enip.options,zeek_enip.sender_context,zeek_enip.session_handle,zeek_enip.status,zeek_enip_list_identity.device_ip,zeek_enip_list_identity.device_type,zeek_enip_list_identity.product_code,zeek_enip_list_identity.product_name,zeek_enip_list_identity.revision,zeek_enip_list_identity.serial_number,zeek_enip_list_identity.state,zeek_enip_list_identity.status,zeek_enip_list_identity.vendor,zeek_files.analyzers,zeek_files.conn_uids,zeek_files.depth,zeek_files.duration,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size,zeek_files.filename,zeek_files.is_orig,zeek_files.local_orig,zeek_files.md5,zeek_files.mime_type,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.parent_fuid,zeek_files.rx_hosts,zeek_files.seen_bytes,zeek_files.sha1,zeek_files.sha256,zeek_files.source,zeek_files.timedout,zeek_files.total_bytes,zeek_files.tx_hosts,zeek_ftp.arg,zeek_ftp.command,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p,zeek_ftp.file_size,zeek_ftp.mime_type,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_gquic.cyu,zeek_gquic.cyutags,zeek_gquic.server_name,zeek_gquic.tag_count,zeek_gquic.user_agent,zeek_gquic.version,zeek_http.host,zeek_http.info_code,zeek_http.info_msg,zeek_http.method,zeek_http.orig_filenames,zeek_http.orig_fuids,zeek_http.orig_mime_types,zeek_http.origin,zeek_http.proxied,zeek_http.referrer,zeek_http.request_body_len,zeek_http.resp_filenames,zeek_http.resp_fuids,zeek_http.resp_mime_types,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.tags,zeek_http.trans_depth,zeek_http.uri,zeek_http.user_agent,zeek_http.version,zeek_intel.file_description,zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.matched,zeek_intel.mimetype,zeek_intel.seen_node,zeek_intel.seen_where,zeek_intel.sources,zeek_irc.addl,zeek_irc.command,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type,zeek_irc.nick,zeek_irc.value,zeek_iso_cotp.pdu_type,zeek_kerberos.cipher,zeek_kerberos.client_cert_fuid,zeek_kerberos.client_cert_subject,zeek_kerberos.cname,zeek_kerberos.error_msg,zeek_kerberos.forwardable,zeek_kerberos.from,zeek_kerberos.renewable,zeek_kerberos.server_cert_fuid,zeek_kerberos.server_cert_subject,zeek_kerberos.sname,zeek_kerberos.success,zeek_kerberos.till,zeek_known_certs.issuer_subject,zeek_known_certs.serial,zeek_known_certs.subject,zeek_known_modbus.device_type,zeek_ldap.message_id,zeek_ldap.operation,zeek_ldap.value,zeek_ldap.entry,zeek_ldap.result,zeek_ldap.result_code,zeek_ldap.error,zeek_modbus.exception,zeek_modbus.func,modbus_register_change.register,modbus_register_change.old_val,modbus_register_change.new_val,modbus_register_change.delta,zeek_mqtt_connect.client_id,zeek_mqtt_connect.connect_status,zeek_mqtt_connect.proto_name,zeek_mqtt_connect.proto_version,zeek_mqtt_connect.will_payload,zeek_mqtt_connect.will_topic,zeek_mqtt_publish.from_client,zeek_mqtt_publish.retain,zeek_mqtt_publish.qos,zeek_mqtt_publish.status,zeek_mqtt_publish.topic,zeek_mqtt_publish.payload,zeek_mqtt_publish.payload_len,zeek_mqtt_subscribe.action,zeek_mqtt_subscribe.topics,zeek_mqtt_subscribe.qos_levels,zeek_mqtt_subscribe.granted_qos_level,zeek_mqtt_subscribe.ack,zeek_mysql.arg,zeek_mysql.cmd,zeek_mysql.response,zeek_mysql.rows,zeek_mysql.success,zeek_notice.actions,zeek_notice.dropped,zeek_notice.dst,zeek_notice.file_desc,zeek_notice.file_mime_type,zeek_notice.msg,zeek_notice.n,zeek_notice.note,zeek_notice.p,zeek_notice.peer_descr,zeek_notice.remote_location_city,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_country_code,zeek_notice.remote_location_latitude,zeek_notice.remote_location_longitude,zeek_notice.remote_location_region,zeek_notice.src,zeek_notice.sub,zeek_notice.suppress_for,zeek_ntlm.domain,zeek_ntlm.host,zeek_ntlm.status,zeek_ntlm.success,zeek_ntlm.server_nb_computer,zeek_ntlm.server_dns_computer,zeek_ntlm.server_tree,zeek_ntp.mode,zeek_ntp.mode_str,zeek_ntp.num_exts,zeek_ntp.org_time,zeek_ntp.poll,zeek_ntp.precision,zeek_ntp.rec_time,zeek_ntp.ref_id,zeek_ntp.ref_time,zeek_ntp.root_delay,zeek_ntp.root_disp,zeek_ntp.stratum,zeek_ntp.version,zeek_ntp.xmt_time,zeek_pe.compile_ts,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.has_export_table,zeek_pe.has_import_table,zeek_pe.is_64bit,zeek_pe.is_exe,zeek_pe.machine,zeek_pe.os,zeek_pe.section_names,zeek_pe.subsystem,zeek_pe.uses_aslr,zeek_pe.uses_code_integrity,zeek_pe.uses_dep,zeek_pe.uses_seh,zeek_profinet.block_version,zeek_profinet.index,zeek_profinet.operation_type,zeek_profinet.slot_number,zeek_profinet.subslot_number,zeek_profinet_dce_rpc.activity_uuid,zeek_profinet_dce_rpc.interface_uuid,zeek_profinet_dce_rpc.object_uuid,zeek_profinet_dce_rpc.operation,zeek_profinet_dce_rpc.packet_type,zeek_profinet_dce_rpc.server_boot_time,zeek_profinet_dce_rpc.version,zeek_radius.connect_info,zeek_radius.framed_addr,zeek_radius.mac,zeek_radius.tunnel_client,zeek_radius.reply_msg,zeek_radius.result,zeek_radius.ttl,zeek_rdp.cert_count,zeek_rdp.cert_permanent,zeek_rdp.cert_type,zeek_rdp.client_build,zeek_rdp.client_channels,zeek_rdp.client_dig_product_id,zeek_rdp.client_name,zeek_rdp.cookie,zeek_rdp.desktop_height,zeek_rdp.desktop_width,zeek_rdp.encryption_level,zeek_rdp.encryption_method,zeek_rdp.keyboard_layout,zeek_rdp.requested_color_depth,zeek_rdp.result,zeek_rdp.security_protocol,zeek_rfb.auth,zeek_rfb.authentication_method,zeek_rfb.client_major_version,zeek_rfb.client_minor_version,zeek_rfb.desktop_name,zeek_rfb.height,zeek_rfb.server_major_version,zeek_rfb.server_minor_version,zeek_rfb.share_flag,zeek_rfb.width,zeek_s7comm.data_info,zeek_s7comm.item_count,zeek_s7comm.parameter,zeek_s7comm.parameters.class,zeek_s7comm.parameters.code,zeek_s7comm.parameters.group,zeek_s7comm.parameters.mode,zeek_s7comm.parameters.sub,zeek_s7comm.parameters.type,zeek_s7comm.rosctr,zeek_signatures.engine,zeek_signatures.event_message,zeek_signatures.hits,zeek_signatures.host_count,zeek_signatures.note,zeek_signatures.signature_count,zeek_signatures.signature_id,zeek_signatures.sub_message,zeek_sip.call_id,zeek_sip.content_type,zeek_sip.date,zeek_sip.method,zeek_sip.reply_to,zeek_sip.request_body_len,zeek_sip.request_from,zeek_sip.request_path,zeek_sip.request_to,zeek_sip.response_body_len,zeek_sip.response_from,zeek_sip.response_path,zeek_sip.response_to,zeek_sip.seq,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.subject,zeek_sip.trans_depth,zeek_sip.uri,zeek_sip.user_agent,zeek_sip.warning,zeek_sip.version,zeek_smb_files.action,zeek_smb_files.name,zeek_smb_files.path,zeek_smb_files.prev_name,zeek_smb_files.size,zeek_smb_files.times_accessed,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp,zeek_smb_files.times_created,zeek_smb_files.times_modified,zeek_smb_mapping.native_file_system,zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.share_type,zeek_smtp.cc,zeek_smtp.date,zeek_smtp.first_received,zeek_smtp.from,zeek_smtp.helo,zeek_smtp.in_reply_to,zeek_smtp.is_webmail,zeek_smtp.last_reply,zeek_smtp.mailfrom,zeek_smtp.msg_id,zeek_smtp.path,zeek_smtp.rcptto,zeek_smtp.reply_to,zeek_smtp.second_received,zeek_smtp.subject,zeek_smtp.tls,zeek_smtp.to,zeek_smtp.trans_depth,zeek_smtp.user_agent,zeek_smtp.x_originating_ip,zeek_snmp.community,zeek_snmp.display_string,zeek_snmp.duration,zeek_snmp.get_bulk_requests,zeek_snmp.get_requests,zeek_snmp.get_responses,zeek_snmp.set_requests,zeek_snmp.up_since,zeek_snmp.version,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.server_status,zeek_socks.version,zeek_software.name,zeek_software.software_type,zeek_software.unparsed_version,zeek_software.version_addl,zeek_software.version_major,zeek_software.version_minor,zeek_software.version_minor2,zeek_software.version_minor3,zeek_ssh.auth_attempts,zeek_ssh.auth_success,zeek_ssh.cipher_alg,zeek_ssh.client,zeek_ssh.compression_alg,zeek_ssh.cshka,zeek_ssh.direction,zeek_ssh.hassh,zeek_ssh.hasshAlgorithms,zeek_ssh.hasshServer,zeek_ssh.hasshServerAlgorithms,zeek_ssh.hasshVersion,zeek_ssh.host_key,zeek_ssh.host_key_alg,zeek_ssh.kex_alg,zeek_ssh.mac_alg,zeek_ssh.remote_location_city,zeek_ssh.remote_location_country_code,zeek_ssh.remote_location_latitude,zeek_ssh.remote_location_longitude,zeek_ssh.remote_location_region,zeek_ssh.server,zeek_ssh.sshka,zeek_ssh.version,zeek_ssl.cert_chain_fuids,zeek_ssl.cipher,zeek_ssl.client_cert_chain_fuids,zeek_ssl.client_issuer.C,zeek_ssl.client_issuer.CN,zeek_ssl.client_issuer.DC,zeek_ssl.client_issuer.emailAddress,zeek_ssl.client_issuer.GN,zeek_ssl.client_issuer.initials,zeek_ssl.client_issuer.L,zeek_ssl.client_issuer.O,zeek_ssl.client_issuer.OU,zeek_ssl.client_issuer.pseudonym,zeek_ssl.client_issuer.serialNumber,zeek_ssl.client_issuer.SN,zeek_ssl.client_issuer.ST,zeek_ssl.client_issuer.title,zeek_ssl.client_issuer_full,zeek_ssl.client_subject.C,zeek_ssl.client_subject.CN,zeek_ssl.client_subject.emailAddress,zeek_ssl.client_subject.GN,zeek_ssl.client_subject.initials,zeek_ssl.client_subject.L,zeek_ssl.client_subject.O,zeek_ssl.client_subject.OU,zeek_ssl.client_subject.pseudonym,zeek_ssl.client_subject.serialNumber,zeek_ssl.client_subject.SN,zeek_ssl.client_subject.ST,zeek_ssl.client_subject.title,zeek_ssl.client_subject_full,zeek_ssl.curve,zeek_ssl.established,zeek_ssl.issuer.C,zeek_ssl.issuer.CN,zeek_ssl.issuer.DC,zeek_ssl.issuer.emailAddress,zeek_ssl.issuer.GN,zeek_ssl.issuer.initials,zeek_ssl.issuer.L,zeek_ssl.issuer.O,zeek_ssl.issuer.OU,zeek_ssl.issuer.pseudonym,zeek_ssl.issuer.serialNumber,zeek_ssl.issuer.SN,zeek_ssl.issuer.ST,zeek_ssl.issuer.title,zeek_ssl.issuer_full,zeek_ssl.ja3,zeek_ssl.ja3_desc,zeek_ssl.ja3s,zeek_ssl.ja3s_desc,zeek_ssl.last_alert,zeek_ssl.next_protocol,zeek_ssl.resumed,zeek_ssl.server_name,zeek_ssl.ssl_version,zeek_ssl.subject.C,zeek_ssl.subject.CN,zeek_ssl.subject.emailAddress,zeek_ssl.subject.GN,zeek_ssl.subject.initials,zeek_ssl.subject.L,zeek_ssl.subject.O,zeek_ssl.subject.OU,zeek_ssl.subject.pseudonym,zeek_ssl.subject.serialNumber,zeek_ssl.subject.SN,zeek_ssl.subject.ST,zeek_ssl.subject.title,zeek_ssl.subject_full,zeek_ssl.validation_status,zeek_syslog.facility,zeek_syslog.message,zeek_syslog.severity,zeek_tds.command,zeek_tds_rpc.parameters,zeek_tds_rpc.procedure_name,zeek_tds_sql_batch.header_type,zeek_tds_sql_batch.query,zeek_tunnel.action,zeek_tunnel.tunnel_type,zeek_weird.addl,zeek_weird.name,zeek_weird.notice,zeek_weird.peer,zeek_x509.basic_constraints_ca,zeek_x509.basic_constraints_path_len,zeek_x509.certificate_curve,zeek_x509.certificate_exponent,zeek_x509.certificate_issuer.C,zeek_x509.certificate_issuer.CN,zeek_x509.certificate_issuer.emailAddress,zeek_x509.certificate_issuer.GN,zeek_x509.certificate_issuer.initials,zeek_x509.certificate_issuer.L,zeek_x509.certificate_issuer.O,zeek_x509.certificate_issuer.OU,zeek_x509.certificate_issuer.pseudonym,zeek_x509.certificate_issuer.serialNumber,zeek_x509.certificate_issuer.SN,zeek_x509.certificate_issuer.ST,zeek_x509.certificate_issuer.title,zeek_x509.certificate_issuer_full,zeek_x509.certificate_key_alg,zeek_x509.certificate_key_length,zeek_x509.certificate_key_type,zeek_x509.certificate_not_valid_after,zeek_x509.certificate_not_valid_before,zeek_x509.certificate_serial,zeek_x509.certificate_sig_alg,zeek_x509.certificate_subject.C,zeek_x509.certificate_subject.CN,zeek_x509.certificate_subject.DC,zeek_x509.certificate_subject.emailAddress,zeek_x509.certificate_subject.GN,zeek_x509.certificate_subject.initials,zeek_x509.certificate_subject.L,zeek_x509.certificate_subject.O,zeek_x509.certificate_subject.OU,zeek_x509.certificate_subject.pseudonym,zeek_x509.certificate_subject.serialNumber,zeek_x509.certificate_subject.SN,zeek_x509.certificate_subject.ST,zeek_x509.certificate_subject.title,zeek_x509.certificate_subject_full,zeek_x509.certificate_version,zeek_x509.san_dns,zeek_x509.san_email,zeek_x509.san_ip,zeek_x509.san_uri";
+  var allFieldsStr = "communityId,host.name,ip.protocol,mac.dst,mac.src,node,oui.dst,oui.src,protocols,rootId,tags,zeek.action,zeek.community_id,zeek.destination_geo.city_name,zeek.destination_geo.country_name,zeek.destination_ip_reverse_dns,zeek.filename,zeek.filetype,zeek.fuid,zeek.logType,zeek.orig_h,zeek.orig_hostname,zeek.orig_l2_addr,zeek.orig_l2_oui,zeek.orig_p,zeek.orig_segment,zeek.proto,zeek.resp_h,zeek.resp_hostname,zeek.resp_l2_addr,zeek.resp_l2_oui,zeek.resp_p,zeek.resp_segment,zeek.service,zeek.service_version,zeek.source_geo.city_name,zeek.source_geo.country_name,zeek.source_ip_reverse_dns,zeek.ts,zeek.uid,zeek.user,zeek.password,zeek.freq_score_v1,zeek.freq_score_v2,zeek_bacnet.apdu_type,zeek_bacnet.bvlc_function,zeek_bacnet.bvlc_len,zeek_bacnet.data,zeek_bacnet.data_dict.date,zeek_bacnet.data_dict.low_limit,zeek_bacnet.data_dict.high_limit,zeek_bacnet.data_dict.object,zeek_bacnet.data_dict.property,zeek_bacnet.data_dict.result,zeek_bacnet.data_dict.time,zeek_bacnet.data_dict.ttl,zeek_bacnet.service_choice,zeek_cip.cip_service,zeek_cip.cip_tags,zeek_cip.status,zeek_conn.conn_state,zeek_conn.conn_state_description,zeek_conn.duration,zeek_conn.history,zeek_conn.inner_vlan,zeek_conn.local_orig,zeek_conn.local_resp,zeek_conn.missed_bytes,zeek_conn.orig_bytes,zeek_conn.orig_ip_bytes,zeek_conn.orig_pkts,zeek_conn.resp_bytes,zeek_conn.resp_ip_bytes,zeek_conn.resp_pkts,zeek_conn.tunnel_parents,zeek_conn.vlan,zeek_dce_rpc.endpoint,zeek_dce_rpc.named_pipe,zeek_dce_rpc.operation,zeek_dce_rpc.rtt,zeek_dhcp.assigned_ip,zeek_dhcp.lease_time,zeek_dhcp.mac,zeek_dhcp.trans_id,zeek_dnp3.fc_reply,zeek_dnp3.fc_request,zeek_dnp3.iin,zeek_dns.AA,zeek_dns.answers,zeek_dns.qclass,zeek_dns.qclass_name,zeek_dns.qtype,zeek_dns.qtype_name,zeek_dns.query,zeek_dns.RA,zeek_dns.rcode,zeek_dns.rcode_name,zeek_dns.RD,zeek_dns.rejected,zeek_dns.rtt,zeek_dns.TC,zeek_dns.trans_id,zeek_dns.TTLs,zeek_dns.Z,zeek_dpd.failure_reason,zeek_dpd.service,zeek_enip.command,zeek_enip.length,zeek_enip.options,zeek_enip.sender_context,zeek_enip.session_handle,zeek_enip.status,zeek_enip_list_identity.device_ip,zeek_enip_list_identity.device_type,zeek_enip_list_identity.product_code,zeek_enip_list_identity.product_name,zeek_enip_list_identity.revision,zeek_enip_list_identity.serial_number,zeek_enip_list_identity.state,zeek_enip_list_identity.status,zeek_enip_list_identity.vendor,zeek_files.analyzers,zeek_files.conn_uids,zeek_files.depth,zeek_files.duration,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size,zeek_files.filename,zeek_files.is_orig,zeek_files.local_orig,zeek_files.md5,zeek_files.mime_type,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.parent_fuid,zeek_files.rx_hosts,zeek_files.seen_bytes,zeek_files.sha1,zeek_files.sha256,zeek_files.source,zeek_files.timedout,zeek_files.total_bytes,zeek_files.tx_hosts,zeek_ftp.arg,zeek_ftp.command,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p,zeek_ftp.file_size,zeek_ftp.mime_type,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_gquic.cyu,zeek_gquic.cyutags,zeek_gquic.server_name,zeek_gquic.tag_count,zeek_gquic.user_agent,zeek_gquic.version,zeek_http.host,zeek_http.info_code,zeek_http.info_msg,zeek_http.method,zeek_http.orig_filenames,zeek_http.orig_fuids,zeek_http.orig_mime_types,zeek_http.origin,zeek_http.proxied,zeek_http.referrer,zeek_http.request_body_len,zeek_http.resp_filenames,zeek_http.resp_fuids,zeek_http.resp_mime_types,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.tags,zeek_http.trans_depth,zeek_http.uri,zeek_http.user_agent,zeek_http.version,zeek_intel.file_description,zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.matched,zeek_intel.mimetype,zeek_intel.seen_node,zeek_intel.seen_where,zeek_intel.sources,zeek_irc.addl,zeek_irc.command,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type,zeek_irc.nick,zeek_irc.value,zeek_iso_cotp.pdu_type,zeek_kerberos.cipher,zeek_kerberos.client_cert_fuid,zeek_kerberos.client_cert_subject,zeek_kerberos.cname,zeek_kerberos.error_msg,zeek_kerberos.forwardable,zeek_kerberos.from,zeek_kerberos.renewable,zeek_kerberos.server_cert_fuid,zeek_kerberos.server_cert_subject,zeek_kerberos.sname,zeek_kerberos.success,zeek_kerberos.till,zeek_known_certs.issuer_subject,zeek_known_certs.serial,zeek_known_certs.subject,zeek_known_modbus.device_type,zeek_ldap.message_id,zeek_ldap.operation,zeek_ldap.value,zeek_ldap.entry,zeek_ldap.result,zeek_ldap.result_code,zeek_ldap.error,zeek_modbus.exception,zeek_modbus.func,modbus_register_change.register,modbus_register_change.old_val,modbus_register_change.new_val,modbus_register_change.delta,zeek_mqtt_connect.client_id,zeek_mqtt_connect.connect_status,zeek_mqtt_connect.proto_name,zeek_mqtt_connect.proto_version,zeek_mqtt_connect.will_payload,zeek_mqtt_connect.will_topic,zeek_mqtt_publish.from_client,zeek_mqtt_publish.retain,zeek_mqtt_publish.qos,zeek_mqtt_publish.status,zeek_mqtt_publish.topic,zeek_mqtt_publish.payload,zeek_mqtt_publish.payload_len,zeek_mqtt_subscribe.action,zeek_mqtt_subscribe.topics,zeek_mqtt_subscribe.qos_levels,zeek_mqtt_subscribe.granted_qos_level,zeek_mqtt_subscribe.ack,zeek_mysql.arg,zeek_mysql.cmd,zeek_mysql.response,zeek_mysql.rows,zeek_mysql.success,zeek_notice.actions,zeek_notice.dropped,zeek_notice.dst,zeek_notice.file_desc,zeek_notice.file_mime_type,zeek_notice.msg,zeek_notice.n,zeek_notice.note,zeek_notice.p,zeek_notice.peer_descr,zeek_notice.remote_location_city,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_country_code,zeek_notice.remote_location_latitude,zeek_notice.remote_location_longitude,zeek_notice.remote_location_region,zeek_notice.src,zeek_notice.sub,zeek_notice.suppress_for,zeek_ntlm.domain,zeek_ntlm.host,zeek_ntlm.status,zeek_ntlm.success,zeek_ntlm.server_nb_computer,zeek_ntlm.server_dns_computer,zeek_ntlm.server_tree,zeek_ntp.mode,zeek_ntp.mode_str,zeek_ntp.num_exts,zeek_ntp.org_time,zeek_ntp.poll,zeek_ntp.precision,zeek_ntp.rec_time,zeek_ntp.ref_id,zeek_ntp.ref_time,zeek_ntp.root_delay,zeek_ntp.root_disp,zeek_ntp.stratum,zeek_ntp.version,zeek_ntp.xmt_time,zeek_pe.compile_ts,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.has_export_table,zeek_pe.has_import_table,zeek_pe.is_64bit,zeek_pe.is_exe,zeek_pe.machine,zeek_pe.os,zeek_pe.section_names,zeek_pe.subsystem,zeek_pe.uses_aslr,zeek_pe.uses_code_integrity,zeek_pe.uses_dep,zeek_pe.uses_seh,zeek_profinet.block_version,zeek_profinet.index,zeek_profinet.operation_type,zeek_profinet.slot_number,zeek_profinet.subslot_number,zeek_profinet_dce_rpc.activity_uuid,zeek_profinet_dce_rpc.interface_uuid,zeek_profinet_dce_rpc.object_uuid,zeek_profinet_dce_rpc.operation,zeek_profinet_dce_rpc.packet_type,zeek_profinet_dce_rpc.server_boot_time,zeek_profinet_dce_rpc.version,zeek_radius.connect_info,zeek_radius.framed_addr,zeek_radius.mac,zeek_radius.tunnel_client,zeek_radius.reply_msg,zeek_radius.result,zeek_radius.ttl,zeek_rdp.cert_count,zeek_rdp.cert_permanent,zeek_rdp.cert_type,zeek_rdp.client_build,zeek_rdp.client_channels,zeek_rdp.client_dig_product_id,zeek_rdp.client_name,zeek_rdp.cookie,zeek_rdp.desktop_height,zeek_rdp.desktop_width,zeek_rdp.encryption_level,zeek_rdp.encryption_method,zeek_rdp.keyboard_layout,zeek_rdp.requested_color_depth,zeek_rdp.result,zeek_rdp.security_protocol,zeek_rfb.auth,zeek_rfb.authentication_method,zeek_rfb.client_major_version,zeek_rfb.client_minor_version,zeek_rfb.desktop_name,zeek_rfb.height,zeek_rfb.server_major_version,zeek_rfb.server_minor_version,zeek_rfb.share_flag,zeek_rfb.width,zeek_s7comm.data_info,zeek_s7comm.item_count,zeek_s7comm.parameter,zeek_s7comm.parameters.class,zeek_s7comm.parameters.code,zeek_s7comm.parameters.group,zeek_s7comm.parameters.mode,zeek_s7comm.parameters.sub,zeek_s7comm.parameters.type,zeek_s7comm.rosctr,zeek_signatures.engine,zeek_signatures.event_message,zeek_signatures.hits,zeek_signatures.host_count,zeek_signatures.note,zeek_signatures.signature_count,zeek_signatures.signature_id,zeek_signatures.sub_message,zeek_sip.call_id,zeek_sip.content_type,zeek_sip.date,zeek_sip.method,zeek_sip.reply_to,zeek_sip.request_body_len,zeek_sip.request_from,zeek_sip.request_path,zeek_sip.request_to,zeek_sip.response_body_len,zeek_sip.response_from,zeek_sip.response_path,zeek_sip.response_to,zeek_sip.seq,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.subject,zeek_sip.trans_depth,zeek_sip.uri,zeek_sip.user_agent,zeek_sip.warning,zeek_sip.version,zeek_smb_cmd.command,zeek_smb_cmd.sub_command,zeek_smb_cmd.argument,zeek_smb_cmd.status,zeek_smb_cmd.rtt,zeek_smb_cmd.version,zeek_smb_cmd.user,zeek_smb_cmd.tree,zeek_smb_cmd.tree_service,zeek_smb_files.action,zeek_smb_files.name,zeek_smb_files.path,zeek_smb_files.prev_name,zeek_smb_files.size,zeek_smb_files.times_accessed,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp,zeek_smb_files.times_created,zeek_smb_files.times_modified,zeek_smb_mapping.native_file_system,zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.share_type,zeek_smtp.cc,zeek_smtp.date,zeek_smtp.first_received,zeek_smtp.from,zeek_smtp.helo,zeek_smtp.in_reply_to,zeek_smtp.is_webmail,zeek_smtp.last_reply,zeek_smtp.mailfrom,zeek_smtp.msg_id,zeek_smtp.path,zeek_smtp.rcptto,zeek_smtp.reply_to,zeek_smtp.second_received,zeek_smtp.subject,zeek_smtp.tls,zeek_smtp.to,zeek_smtp.trans_depth,zeek_smtp.user_agent,zeek_smtp.x_originating_ip,zeek_snmp.community,zeek_snmp.display_string,zeek_snmp.duration,zeek_snmp.get_bulk_requests,zeek_snmp.get_requests,zeek_snmp.get_responses,zeek_snmp.set_requests,zeek_snmp.up_since,zeek_snmp.version,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.server_status,zeek_socks.version,zeek_software.name,zeek_software.software_type,zeek_software.unparsed_version,zeek_software.version_addl,zeek_software.version_major,zeek_software.version_minor,zeek_software.version_minor2,zeek_software.version_minor3,zeek_ssh.auth_attempts,zeek_ssh.auth_success,zeek_ssh.cipher_alg,zeek_ssh.client,zeek_ssh.compression_alg,zeek_ssh.cshka,zeek_ssh.direction,zeek_ssh.hassh,zeek_ssh.hasshAlgorithms,zeek_ssh.hasshServer,zeek_ssh.hasshServerAlgorithms,zeek_ssh.hasshVersion,zeek_ssh.host_key,zeek_ssh.host_key_alg,zeek_ssh.kex_alg,zeek_ssh.mac_alg,zeek_ssh.remote_location_city,zeek_ssh.remote_location_country_code,zeek_ssh.remote_location_latitude,zeek_ssh.remote_location_longitude,zeek_ssh.remote_location_region,zeek_ssh.server,zeek_ssh.sshka,zeek_ssh.version,zeek_ssl.cert_chain_fuids,zeek_ssl.cipher,zeek_ssl.client_cert_chain_fuids,zeek_ssl.client_issuer.C,zeek_ssl.client_issuer.CN,zeek_ssl.client_issuer.DC,zeek_ssl.client_issuer.emailAddress,zeek_ssl.client_issuer.GN,zeek_ssl.client_issuer.initials,zeek_ssl.client_issuer.L,zeek_ssl.client_issuer.O,zeek_ssl.client_issuer.OU,zeek_ssl.client_issuer.pseudonym,zeek_ssl.client_issuer.serialNumber,zeek_ssl.client_issuer.SN,zeek_ssl.client_issuer.ST,zeek_ssl.client_issuer.title,zeek_ssl.client_issuer_full,zeek_ssl.client_subject.C,zeek_ssl.client_subject.CN,zeek_ssl.client_subject.emailAddress,zeek_ssl.client_subject.GN,zeek_ssl.client_subject.initials,zeek_ssl.client_subject.L,zeek_ssl.client_subject.O,zeek_ssl.client_subject.OU,zeek_ssl.client_subject.pseudonym,zeek_ssl.client_subject.serialNumber,zeek_ssl.client_subject.SN,zeek_ssl.client_subject.ST,zeek_ssl.client_subject.title,zeek_ssl.client_subject_full,zeek_ssl.curve,zeek_ssl.established,zeek_ssl.issuer.C,zeek_ssl.issuer.CN,zeek_ssl.issuer.DC,zeek_ssl.issuer.emailAddress,zeek_ssl.issuer.GN,zeek_ssl.issuer.initials,zeek_ssl.issuer.L,zeek_ssl.issuer.O,zeek_ssl.issuer.OU,zeek_ssl.issuer.pseudonym,zeek_ssl.issuer.serialNumber,zeek_ssl.issuer.SN,zeek_ssl.issuer.ST,zeek_ssl.issuer.title,zeek_ssl.issuer_full,zeek_ssl.ja3,zeek_ssl.ja3_desc,zeek_ssl.ja3s,zeek_ssl.ja3s_desc,zeek_ssl.last_alert,zeek_ssl.next_protocol,zeek_ssl.resumed,zeek_ssl.server_name,zeek_ssl.ssl_version,zeek_ssl.subject.C,zeek_ssl.subject.CN,zeek_ssl.subject.emailAddress,zeek_ssl.subject.GN,zeek_ssl.subject.initials,zeek_ssl.subject.L,zeek_ssl.subject.O,zeek_ssl.subject.OU,zeek_ssl.subject.pseudonym,zeek_ssl.subject.serialNumber,zeek_ssl.subject.SN,zeek_ssl.subject.ST,zeek_ssl.subject.title,zeek_ssl.subject_full,zeek_ssl.validation_status,zeek_syslog.facility,zeek_syslog.message,zeek_syslog.severity,zeek_tds.command,zeek_tds_rpc.parameters,zeek_tds_rpc.procedure_name,zeek_tds_sql_batch.header_type,zeek_tds_sql_batch.query,zeek_tunnel.action,zeek_tunnel.tunnel_type,zeek_weird.addl,zeek_weird.name,zeek_weird.notice,zeek_weird.peer,zeek_x509.basic_constraints_ca,zeek_x509.basic_constraints_path_len,zeek_x509.certificate_curve,zeek_x509.certificate_exponent,zeek_x509.certificate_issuer.C,zeek_x509.certificate_issuer.CN,zeek_x509.certificate_issuer.emailAddress,zeek_x509.certificate_issuer.GN,zeek_x509.certificate_issuer.initials,zeek_x509.certificate_issuer.L,zeek_x509.certificate_issuer.O,zeek_x509.certificate_issuer.OU,zeek_x509.certificate_issuer.pseudonym,zeek_x509.certificate_issuer.serialNumber,zeek_x509.certificate_issuer.SN,zeek_x509.certificate_issuer.ST,zeek_x509.certificate_issuer.title,zeek_x509.certificate_issuer_full,zeek_x509.certificate_key_alg,zeek_x509.certificate_key_length,zeek_x509.certificate_key_type,zeek_x509.certificate_not_valid_after,zeek_x509.certificate_not_valid_before,zeek_x509.certificate_serial,zeek_x509.certificate_sig_alg,zeek_x509.certificate_subject.C,zeek_x509.certificate_subject.CN,zeek_x509.certificate_subject.DC,zeek_x509.certificate_subject.emailAddress,zeek_x509.certificate_subject.GN,zeek_x509.certificate_subject.initials,zeek_x509.certificate_subject.L,zeek_x509.certificate_subject.O,zeek_x509.certificate_subject.OU,zeek_x509.certificate_subject.pseudonym,zeek_x509.certificate_subject.serialNumber,zeek_x509.certificate_subject.SN,zeek_x509.certificate_subject.ST,zeek_x509.certificate_subject.title,zeek_x509.certificate_subject_full,zeek_x509.certificate_version,zeek_x509.san_dns,zeek_x509.san_email,zeek_x509.san_ip,zeek_x509.san_uri";
   this.api.addRightClick("malcolm_kibana_cat_ip",       {name:filterLabel, url:"idmol2kib/filter?start=%ISOSTART%&stop=%ISOSTOP%&field=%DBFIELD%&value=%TEXT%", category:"ip"});
   this.api.addRightClick("malcolm_kibana_cat_port",     {name:filterLabel, url:filterUrl, category:"port"});
   this.api.addRightClick("malcolm_kibana_cat_country",  {name:filterLabel, url:filterUrl, category:"country"});
@@ -892,6 +903,7 @@ function ZeekLogs (api, section) {
   this.api.addView("zeek_s7comm", "require:zeek_s7comm;title:Zeek s7comm.log;fields:zeek_s7comm.rosctr,zeek_s7comm.parameter,zeek_s7comm.parameters.class,zeek_s7comm.parameters.code,zeek_s7comm.parameters.group,zeek_s7comm.parameters.mode,zeek_s7comm.parameters.sub,zeek_s7comm.parameters.type,zeek_s7comm.item_count,zeek_s7comm.data_info")
   this.api.addView("zeek_signatures", "require:zeek_signatures;title:Zeek signatures.log;fields:zeek_signatures.note,zeek_signatures.signature_id,zeek_signatures.engine,zeek_signatures.event_message,zeek_signatures.sub_message,zeek_signatures.signature_count,zeek_signatures.host_count")
   this.api.addView("zeek_sip", "require:zeek_sip;title:Zeek sip.log;fields:zeek_sip.trans_depth,zeek_sip.method,zeek_sip.uri,zeek_sip.date,zeek_sip.request_from,zeek_sip.request_to,zeek_sip.response_from,zeek_sip.response_to,zeek_sip.reply_to,zeek_sip.call_id,zeek_sip.seq,zeek_sip.subject,zeek_sip.request_path,zeek_sip.response_path,zeek_sip.user_agent,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.warning,zeek_sip.request_body_len,zeek_sip.response_body_len,zeek_sip.content_type,zeek_sip.version")
+  this.api.addView("zeek_smb_cmd", "require:zeek_smb_cmd;title:Zeek smb_cmd.log;fields:zeek_smb_cmd.command,zeek_smb_cmd.sub_command,zeek_smb_cmd.argument,zeek_smb_cmd.status,zeek_smb_cmd.rtt,zeek_smb_cmd.version,zeek_smb_cmd.user,zeek_smb_cmd.tree,zeek_smb_cmd.tree_service")
   this.api.addView("zeek_smb_files", "require:zeek_smb_files;title:Zeek smb_files.log;fields:zeek_smb_files.action,zeek_smb_files.path,zeek_smb_files.name,zeek_smb_files.size,zeek_smb_files.prev_name,zeek_smb_files.times_modified,zeek_smb_files.times_accessed,zeek_smb_files.times_created,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp")
   this.api.addView("zeek_smb_mapping", "require:zeek_smb_mapping;title:Zeek smb_mapping.log;fields:zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.native_file_system,zeek_smb_mapping.share_type")
   this.api.addView("zeek_smtp", "require:zeek_smtp;title:Zeek smtp.log;fields:zeek_smtp.trans_depth,zeek_smtp.helo,zeek_smtp.mailfrom,zeek_smtp.rcptto,zeek_smtp.date,zeek_smtp.from,zeek_smtp.to,zeek_smtp.cc,zeek_smtp.reply_to,zeek_smtp.msg_id,zeek_smtp.in_reply_to,zeek_smtp.subject,zeek_smtp.x_originating_ip,zeek_smtp.first_received,zeek_smtp.second_received,zeek_smtp.last_reply,zeek_smtp.path,zeek_smtp.user_agent,zeek_smtp.tls,zeek_smtp.is_webmail")

From eb61debe2c669b796923553ccbe50e96d2cbef5e Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 3 Feb 2020 13:59:47 -0700
Subject: [PATCH 062/183] fix dashboard referring to zeek_smb.action ->
 zeek.action

---
 kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 107f40b32..1b5141069 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -226,7 +226,7 @@
       "version": "WzIyMiwxXQ==",
       "attributes": {
         "title": "SMB - Action",
-        "visState": "{\"title\":\"SMB - Action\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_smb.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+        "visState": "{\"title\":\"SMB - Action\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -306,7 +306,7 @@
       "updated_at": "2019-12-18T16:20:24.676Z",
       "version": "WzIyNSwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}",
+        "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}",
         "description": "",
         "title": "SMB - File/Path Summary",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}",

From 4ac2c77b5df4088a76a64ae2ecbed213ae829e34 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 3 Feb 2020 14:10:57 -0700
Subject: [PATCH 063/183] remove tunnel:: prefix from tunnel type

---
 logstash/pipelines/zeek/11_zeek_logs.conf | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index 6c86ad1b8..6ef1709f8 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -2331,6 +2331,13 @@ filter {
       }
     }
 
+
+    mutate { id => "mutate_gsub_zeek_tunnel_action"
+             gsub => [ "[zeek_cols][action]", "Tunnel::", "" ] }
+
+    mutate { id => "mutate_gsub_zeek_tunnel_type"
+             gsub => [ "[zeek_cols][tunnel_type]", "Tunnel::", "" ] }
+
     mutate {
       id => "mutate_add_fields_zeek_tunnel"
       add_field =>  { "[zeek_cols][service]" => "%{[zeek_cols][tunnel_type]}" }
@@ -2338,10 +2345,6 @@ filter {
 
     mutate { id => "mutate_lowercase_zeek_tunnel_service"
              lowercase => [ "[zeek_cols][service]" ] }
-    mutate { id => "mutate_gsub_zeek_tunnel_service"
-             gsub => [ "[zeek_cols][service]", "tunnel::", "" ] }
-    mutate { id => "mutate_gsub_zeek_tunnel_action"
-             gsub => [ "[zeek_cols][action]", "Tunnel::", "" ] }
 
   } else if ([source] == "weird") {
     #############################################################################################################################

From e043a1829d77d733ed65ad69307566384632bb2e Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 3 Feb 2020 14:50:23 -0700
Subject: [PATCH 064/183] added 'action' panel to overview

---
 .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json | 89 +++++++++++++------
 1 file changed, 60 insertions(+), 29 deletions(-)

diff --git a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index 38a9ecabf..508fdb255 100644
--- a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -4,18 +4,18 @@
     {
       "id": "0ad3d7c2-3441-485e-9dfe-dbb22e84e576",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:08.051Z",
-      "version": "WzU0LDFd",
+      "updated_at": "2020-02-03T21:46:06.285Z",
+      "version": "Wzg1NSwxXQ==",
       "attributes": {
         "title": "Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":32,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":132,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":28,\"h\":8,\"x\":20,\"y\":0,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"19\",\"gridData\":{\"w\":48,\"h\":16,\"x\":0,\"y\":56,\"i\":\"19\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"21\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"21\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"43\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"43\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"32\",\"gridData\":{\"w\":12,\"h\":8,\"x\":8,\"y\":0,\"i\":\"32\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"}]",
+        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":64,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":20,\"y\":0,\"w\":28,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":32,\"w\":48,\"h\":16,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":24,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":12,\"h\":8,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":24,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":20,\"y\":8,\"w\":16,\"h\":24,\"i\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\"},\"panelIndex\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -47,12 +47,17 @@
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5"
+          "id": "AWDGyaGxxQT5EBNmq3K9"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "AWDGyaGxxQT5EBNmq3K9"
+          "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5"
+        },
+        {
+          "name": "panel_7",
+          "type": "visualization",
+          "id": "77bd1870-46ce-11ea-91c3-61991161aaaf"
         }
       ],
       "migrationVersion": {
@@ -62,8 +67,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-03T19:36:03.659Z",
+      "version": "Wzc3OSwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -82,8 +87,8 @@
     {
       "id": "c97bc964-5319-41e7-ad22-db28156a2ac1",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyMSwxXQ==",
+      "updated_at": "2020-02-03T19:35:54.418Z",
+      "version": "WzcwMiwxXQ==",
       "attributes": {
         "sort": [
           [
@@ -121,8 +126,8 @@
     {
       "id": "470c6648-d66f-4fae-99af-061cab27065a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:08.051Z",
-      "version": "WzQ2LDFd",
+      "updated_at": "2020-02-03T19:35:08.294Z",
+      "version": "WzIxMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Total Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -148,8 +153,8 @@
     {
       "id": "3da52536-9455-4f8f-931a-14f4c04c636b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:08.051Z",
-      "version": "WzQ3LDFd",
+      "updated_at": "2020-02-03T19:35:08.294Z",
+      "version": "WzIxMywxXQ==",
       "attributes": {
         "title": "Connections - Service By Destination Country",
         "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.service\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}",
@@ -175,8 +180,8 @@
     {
       "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:08.051Z",
-      "version": "WzQ4LDFd",
+      "updated_at": "2020-02-03T19:35:08.294Z",
+      "version": "WzIxNCwxXQ==",
       "attributes": {
         "title": "Log Type",
         "visState": "{\"title\":\"Log Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.logType\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Type(s)\"}}]}",
@@ -199,11 +204,37 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "AWDGyaGxxQT5EBNmq3K9",
+      "type": "visualization",
+      "updated_at": "2020-02-03T19:35:08.294Z",
+      "version": "WzIxNiwxXQ==",
+      "attributes": {
+        "title": "Total Number of Logs",
+        "visState": "{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Number of Logs\"}}],\"listeners\":{}}",
+        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:08.051Z",
-      "version": "WzQ5LDFd",
+      "updated_at": "2020-02-03T19:35:08.294Z",
+      "version": "WzIxNSwxXQ==",
       "attributes": {
         "title": "DNS - Queries",
         "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dns.query\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}",
@@ -227,18 +258,18 @@
       }
     },
     {
-      "id": "AWDGyaGxxQT5EBNmq3K9",
+      "id": "77bd1870-46ce-11ea-91c3-61991161aaaf",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:08.051Z",
-      "version": "WzUwLDFd",
+      "updated_at": "2020-02-03T21:46:01.949Z",
+      "version": "Wzg1NCwxXQ==",
       "attributes": {
-        "title": "Total Number of Logs",
-        "visState": "{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Number of Logs\"}}],\"listeners\":{}}",
-        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
+        "title": "Actions",
+        "visState": "{\"title\":\"Actions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
@@ -255,8 +286,8 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-03T19:36:01.585Z",
+      "version": "Wzc2MiwxXQ==",
       "attributes": {
         "sort": [
           [
@@ -294,8 +325,8 @@
     {
       "id": "6b8b8d7e-49eb-46b6-8bbf-cdbf295bccbd",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:08.051Z",
-      "version": "WzUzLDFd",
+      "updated_at": "2020-02-03T19:35:08.294Z",
+      "version": "WzIxOCwxXQ==",
       "attributes": {
         "sort": [
           [

From 39573ef727e5c606dd68d59255ae97ec7416bc22 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 3 Feb 2020 14:57:44 -0700
Subject: [PATCH 065/183] added security overview dashboard (wip) to directory

---
 kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json | 2 +-
 kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json | 2 +-
 kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json | 2 +-
 kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json | 2 +-
 kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json | 2 +-
 kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json | 2 +-
 kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json | 2 +-
 kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json | 2 +-
 kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json | 2 +-
 kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json | 2 +-
 kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json | 2 +-
 kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json | 2 +-
 kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json | 2 +-
 kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json | 2 +-
 kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json | 2 +-
 kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json | 2 +-
 kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json | 2 +-
 kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json | 2 +-
 kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json | 2 +-
 kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json | 2 +-
 kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json | 2 +-
 kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json | 2 +-
 kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json | 2 +-
 kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json | 2 +-
 kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json | 2 +-
 kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json | 2 +-
 kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json | 2 +-
 kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json | 2 +-
 kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json | 2 +-
 kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json | 2 +-
 kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json | 2 +-
 kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json | 2 +-
 kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json | 2 +-
 kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json | 2 +-
 kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json | 2 +-
 kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json | 2 +-
 kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json | 2 +-
 kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json | 2 +-
 kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json | 2 +-
 kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json | 2 +-
 kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json | 2 +-
 kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json | 2 +-
 kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json | 2 +-
 kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json | 2 +-
 kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json | 2 +-
 kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json | 2 +-
 kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json | 2 +-
 kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json | 2 +-
 kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json | 2 +-
 kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json | 2 +-
 kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json | 2 +-
 59 files changed, 59 insertions(+), 59 deletions(-)

diff --git a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
index 383df668a..fa68bd2a5 100644
--- a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
+++ b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
@@ -76,7 +76,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
index a0b5fb65e..316f8cf4c 100644
--- a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
+++ b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
@@ -71,7 +71,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
index 1c6afb768..a54b7a84d 100644
--- a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
+++ b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
@@ -91,7 +91,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index 7dd8330c8..62d328223 100644
--- a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -71,7 +71,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index 508fdb255..a65e3eed9 100644
--- a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -71,7 +71,7 @@
       "version": "Wzc3OSwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
index ed3430204..3f1a0813d 100644
--- a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
+++ b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
@@ -68,7 +68,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
index a0c443d45..b9ed80445 100644
--- a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
+++ b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
@@ -106,7 +106,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
index 4068721e5..c313081c2 100644
--- a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
+++ b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
index b7166dee4..1dc560f5d 100644
--- a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
+++ b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
index e74245e43..a2a985007 100644
--- a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
+++ b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index 9b664c906..cfab571d7 100644
--- a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
index 2cec97baf..3eb5b5aee 100644
--- a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
+++ b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
index 195bf3e2e..a0dbb8b81 100644
--- a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
index e8ab6848c..cb59baf4f 100644
--- a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
index 4fe6a2dc5..ca40f4ba0 100644
--- a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
+++ b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
@@ -101,7 +101,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
index 86f1a27ff..ef7d98b51 100644
--- a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
+++ b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
@@ -98,7 +98,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
index 77bb347ea..d40c6c04d 100644
--- a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
@@ -66,7 +66,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
index 4bd23165e..8a9c5a2bf 100644
--- a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
+++ b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
@@ -96,7 +96,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
index 85e63de5f..dec2795ef 100644
--- a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
+++ b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
@@ -106,7 +106,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index a035eaa8d..b9ac5256d 100644
--- a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 1b5141069..c178500dd 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -125,7 +125,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
index 15a302270..146f8e38f 100644
--- a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
+++ b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
@@ -130,7 +130,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
index d8e76e6f8..309bf429f 100644
--- a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
+++ b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
index 048619661..d5d4de41c 100644
--- a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
+++ b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
@@ -93,7 +93,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
index 7b62e8ebf..4e353427e 100644
--- a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
+++ b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
@@ -91,7 +91,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index 45c9c6e7a..0cd422987 100644
--- a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
index abd234a92..09c9329a0 100644
--- a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
+++ b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
@@ -68,7 +68,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
index 662d538a7..892c25a65 100644
--- a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
+++ b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
@@ -61,7 +61,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
index ce199c1d1..8356837aa 100644
--- a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
+++ b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
@@ -76,7 +76,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index 34861ea02..8ee0d8e8c 100644
--- a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
index f1c2d9208..648350f3c 100644
--- a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
+++ b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
@@ -96,7 +96,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index c57632be4..799b7014c 100644
--- a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -106,7 +106,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
index 976898082..650001fbb 100644
--- a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
+++ b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
@@ -101,7 +101,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
index b29ab8dbf..6e63e7756 100644
--- a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
+++ b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
@@ -76,7 +76,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
index b29bc391d..1ff20250c 100644
--- a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
+++ b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
@@ -86,7 +86,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
index 452bebb42..e928e9ae8 100644
--- a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
+++ b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
@@ -56,7 +56,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
index 4152357e1..316855b38 100644
--- a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
+++ b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
@@ -76,7 +76,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index 75b5d0645..ae9634b83 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -91,7 +91,7 @@
       "version": "Wzc3NywxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
index b6f29ab97..a723bfebc 100644
--- a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
+++ b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
@@ -108,7 +108,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index c2f3660c4..affd4c527 100644
--- a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
index f46d049a9..13cb1544b 100644
--- a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index 17b697ec2..70587e21c 100644
--- a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -156,7 +156,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
index 7fa6a732e..a050e8da1 100644
--- a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
+++ b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
@@ -86,7 +86,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
index 00fde0bad..66f303267 100644
--- a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
+++ b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
index 6e1917e34..9b9280eda 100644
--- a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
+++ b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index 6749c245b..b40b83434 100644
--- a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
index bbcd37232..d8c48e463 100644
--- a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
+++ b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
@@ -106,7 +106,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
index 42259d51b..ca198f159 100644
--- a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
@@ -66,7 +66,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
index f50d9e94b..e33a27c6d 100644
--- a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
+++ b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json b/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
index 42d47b481..4903c25ef 100644
--- a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
+++ b/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
@@ -126,7 +126,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index 332203b06..bd89daecb 100644
--- a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
index 1200e30e6..c5d27c912 100644
--- a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
+++ b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
index 01a3383a8..0b44180b4 100644
--- a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
+++ b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
index b8fbe1d36..c10e99f66 100644
--- a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index 679477fcd..3cb068753 100644
--- a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
index c862ddd67..39ac2f378 100644
--- a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
+++ b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
@@ -123,7 +123,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
index 2b72cb10c..8a5a558e2 100644
--- a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
+++ b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
index 16cad4e83..bdd3ae192 100644
--- a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
+++ b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
@@ -101,7 +101,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
index 78494f26f..206c4360c 100644
--- a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
@@ -71,7 +71,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,

From 87ee07e81733a23ccd59fb5c92622b58cf19a84d Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 4 Feb 2020 07:56:30 -0700
Subject: [PATCH 066/183] more work on issue #108, create security overview
 dashboard in kibana

---
 .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json | 166 +++++++++++-------
 .../95479950-41f2-11ea-88fa-7151df485405.json | 101 ++++-------
 2 files changed, 134 insertions(+), 133 deletions(-)

diff --git a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index a65e3eed9..7758b4ad2 100644
--- a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -4,13 +4,13 @@
     {
       "id": "0ad3d7c2-3441-485e-9dfe-dbb22e84e576",
       "type": "dashboard",
-      "updated_at": "2020-02-03T21:46:06.285Z",
-      "version": "Wzg1NSwxXQ==",
+      "updated_at": "2020-02-04T14:45:22.131Z",
+      "version": "WzgxMiwxXQ==",
       "attributes": {
         "title": "Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":64,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":20,\"y\":0,\"w\":28,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":32,\"w\":48,\"h\":16,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":24,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":12,\"h\":8,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":24,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":20,\"y\":8,\"w\":16,\"h\":24,\"i\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\"},\"panelIndex\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":26,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":26,\"w\":36,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":11,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":11,\"h\":8,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":36,\"y\":26,\"w\":12,\"h\":18,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":19,\"y\":8,\"w\":13,\"h\":18,\"i\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\"},\"panelIndex\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":18,\"i\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\"},\"panelIndex\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":27,\"i\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\"},\"panelIndex\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -26,38 +26,43 @@
         },
         {
           "name": "panel_1",
-          "type": "search",
-          "id": "c97bc964-5319-41e7-ad22-db28156a2ac1"
+          "type": "visualization",
+          "id": "470c6648-d66f-4fae-99af-061cab27065a"
         },
         {
           "name": "panel_2",
           "type": "visualization",
-          "id": "470c6648-d66f-4fae-99af-061cab27065a"
+          "id": "3da52536-9455-4f8f-931a-14f4c04c636b"
         },
         {
           "name": "panel_3",
           "type": "visualization",
-          "id": "3da52536-9455-4f8f-931a-14f4c04c636b"
+          "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce"
         },
         {
           "name": "panel_4",
           "type": "visualization",
-          "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce"
+          "id": "AWDGyaGxxQT5EBNmq3K9"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "AWDGyaGxxQT5EBNmq3K9"
+          "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5"
+          "id": "750367f0-41f2-11ea-88fa-7151df485405"
         },
         {
           "name": "panel_7",
           "type": "visualization",
           "id": "77bd1870-46ce-11ea-91c3-61991161aaaf"
+        },
+        {
+          "name": "panel_8",
+          "type": "search",
+          "id": "c97bc964-5319-41e7-ad22-db28156a2ac1"
         }
       ],
       "migrationVersion": {
@@ -67,8 +72,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-02-03T19:36:03.659Z",
-      "version": "Wzc3OSwxXQ==",
+      "updated_at": "2020-02-04T14:21:03.422Z",
+      "version": "Wzc4MCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -84,49 +89,10 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "c97bc964-5319-41e7-ad22-db28156a2ac1",
-      "type": "search",
-      "updated_at": "2020-02-03T19:35:54.418Z",
-      "version": "WzcwMiwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "All Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "470c6648-d66f-4fae-99af-061cab27065a",
       "type": "visualization",
-      "updated_at": "2020-02-03T19:35:08.294Z",
+      "updated_at": "2020-02-04T14:20:08.110Z",
       "version": "WzIxMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Total Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
@@ -153,11 +119,11 @@
     {
       "id": "3da52536-9455-4f8f-931a-14f4c04c636b",
       "type": "visualization",
-      "updated_at": "2020-02-03T19:35:08.294Z",
-      "version": "WzIxMywxXQ==",
+      "updated_at": "2020-02-04T14:40:30.216Z",
+      "version": "WzgwNiwxXQ==",
       "attributes": {
         "title": "Connections - Service By Destination Country",
-        "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.service\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}",
+        "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitColumn\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":8,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}",
         "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
         "version": 1,
@@ -168,8 +134,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -180,7 +146,7 @@
     {
       "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce",
       "type": "visualization",
-      "updated_at": "2020-02-03T19:35:08.294Z",
+      "updated_at": "2020-02-04T14:20:08.110Z",
       "version": "WzIxNCwxXQ==",
       "attributes": {
         "title": "Log Type",
@@ -207,8 +173,8 @@
     {
       "id": "AWDGyaGxxQT5EBNmq3K9",
       "type": "visualization",
-      "updated_at": "2020-02-03T19:35:08.294Z",
-      "version": "WzIxNiwxXQ==",
+      "updated_at": "2020-02-04T14:20:08.110Z",
+      "version": "WzIxNSwxXQ==",
       "attributes": {
         "title": "Total Number of Logs",
         "visState": "{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Number of Logs\"}}],\"listeners\":{}}",
@@ -233,8 +199,8 @@
     {
       "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5",
       "type": "visualization",
-      "updated_at": "2020-02-03T19:35:08.294Z",
-      "version": "WzIxNSwxXQ==",
+      "updated_at": "2020-02-04T14:20:08.110Z",
+      "version": "WzIxNiwxXQ==",
       "attributes": {
         "title": "DNS - Queries",
         "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dns.query\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}",
@@ -257,11 +223,37 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "750367f0-41f2-11ea-88fa-7151df485405",
+      "type": "visualization",
+      "updated_at": "2020-02-04T14:37:31.909Z",
+      "version": "WzgwMywxXQ==",
+      "attributes": {
+        "title": "Application Protocol by Version",
+        "visState": "{\"title\":\"Application Protocol by Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol Version\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "77bd1870-46ce-11ea-91c3-61991161aaaf",
       "type": "visualization",
-      "updated_at": "2020-02-03T21:46:01.949Z",
-      "version": "Wzg1NCwxXQ==",
+      "updated_at": "2020-02-04T14:20:08.110Z",
+      "version": "WzIxNywxXQ==",
       "attributes": {
         "title": "Actions",
         "visState": "{\"title\":\"Actions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"}}]}",
@@ -283,11 +275,51 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "c97bc964-5319-41e7-ad22-db28156a2ac1",
+      "type": "search",
+      "updated_at": "2020-02-04T14:44:15.353Z",
+      "version": "WzgwOSwxXQ==",
+      "attributes": {
+        "title": "All Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.logType",
+          "zeek.service",
+          "zeek.action",
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":\"zeek.logType:*\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
+    },
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-03T19:36:01.585Z",
-      "version": "Wzc2MiwxXQ==",
+      "updated_at": "2020-02-04T14:21:01.381Z",
+      "version": "Wzc2MywxXQ==",
       "attributes": {
         "sort": [
           [
@@ -325,8 +357,8 @@
     {
       "id": "6b8b8d7e-49eb-46b6-8bbf-cdbf295bccbd",
       "type": "search",
-      "updated_at": "2020-02-03T19:35:08.294Z",
-      "version": "WzIxOCwxXQ==",
+      "updated_at": "2020-02-04T14:20:08.110Z",
+      "version": "WzIxOSwxXQ==",
       "attributes": {
         "sort": [
           [
diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index ae9634b83..5d2eeb905 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -4,13 +4,13 @@
     {
       "id": "95479950-41f2-11ea-88fa-7151df485405",
       "type": "dashboard",
-      "updated_at": "2020-01-28T22:42:16.269Z",
-      "version": "WzgxOCwxXQ==",
+      "updated_at": "2020-02-04T14:48:41.812Z",
+      "version": "WzgxNywxXQ==",
       "attributes": {
         "title": "Security Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":12,\"h\":23,\"i\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\"},\"panelIndex\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":20,\"y\":0,\"w\":15,\"h\":23,\"i\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\"},\"panelIndex\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":35,\"y\":0,\"w\":13,\"h\":23,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\"},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":15,\"h\":18,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\"},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":15,\"y\":23,\"w\":15,\"h\":37,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\"},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":30,\"y\":23,\"w\":9,\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\"},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":39,\"y\":23,\"w\":9,\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\"},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":41,\"w\":15,\"h\":19,\"i\":\"071a1c98-695f-4708-92c9-2c950e515131\"},\"panelIndex\":\"071a1c98-695f-4708-92c9-2c950e515131\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":30,\"y\":41,\"w\":18,\"h\":19,\"i\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\"},\"panelIndex\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":60,\"w\":15,\"h\":23,\"i\":\"94ee60c6-28b4-4042-8ecb-f49f9c7827df\"},\"panelIndex\":\"94ee60c6-28b4-4042-8ecb-f49f9c7827df\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":15,\"y\":60,\"w\":33,\"h\":23,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\"},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":12,\"h\":23,\"i\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\"},\"panelIndex\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":20,\"y\":0,\"w\":15,\"h\":23,\"i\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\"},\"panelIndex\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":35,\"y\":0,\"w\":13,\"h\":23,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\"},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":15,\"h\":18,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\"},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":15,\"y\":23,\"w\":15,\"h\":38,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\"},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":30,\"y\":23,\"w\":9,\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\"},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":39,\"y\":23,\"w\":9,\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\"},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":41,\"w\":15,\"h\":20,\"i\":\"071a1c98-695f-4708-92c9-2c950e515131\"},\"panelIndex\":\"071a1c98-695f-4708-92c9-2c950e515131\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":30,\"y\":41,\"w\":18,\"h\":20,\"i\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\"},\"panelIndex\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":61,\"w\":48,\"h\":19,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\"},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -72,11 +72,6 @@
         {
           "name": "panel_10",
           "type": "visualization",
-          "id": "750367f0-41f2-11ea-88fa-7151df485405"
-        },
-        {
-          "name": "panel_11",
-          "type": "visualization",
           "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405"
         }
       ],
@@ -87,8 +82,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:06:03.783Z",
-      "version": "Wzc3NywxXQ==",
+      "updated_at": "2020-02-04T14:21:03.422Z",
+      "version": "Wzc4MCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -107,8 +102,8 @@
     {
       "id": "a4f6eba0-41f5-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:05:42.216Z",
-      "version": "WzU1NSwxXQ==",
+      "updated_at": "2020-02-04T14:20:41.897Z",
+      "version": "WzU1NiwxXQ==",
       "attributes": {
         "title": "Notices by Category",
         "visState": "{\"title\":\"Notices by Category\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.note\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice Category\"}}]}",
@@ -134,8 +129,8 @@
     {
       "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:05:42.216Z",
-      "version": "WzU1NiwxXQ==",
+      "updated_at": "2020-02-04T14:20:41.897Z",
+      "version": "WzU1NywxXQ==",
       "attributes": {
         "title": "Signatures - Signature IDs",
         "visState": "{\"title\":\"Signatures - Signature IDs\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_signatures.signature_id\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature ID\"}}]}",
@@ -161,8 +156,8 @@
     {
       "id": "c5b1e590-41f3-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:05:42.216Z",
-      "version": "WzU1NywxXQ==",
+      "updated_at": "2020-02-04T14:20:41.897Z",
+      "version": "WzU1OCwxXQ==",
       "attributes": {
         "title": "Clear-text Transmission of Passwords ",
         "visState": "{\"title\":\"Clear-text Transmission of Passwords \",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Username\"}}]}",
@@ -187,16 +182,16 @@
     {
       "id": "e9f27fa0-41f8-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:23:16.384Z",
-      "version": "WzgwMiwxXQ==",
+      "updated_at": "2020-02-04T14:51:37.130Z",
+      "version": "WzgxOCwxXQ==",
       "attributes": {
         "title": "Outdated/Insecure Application Protocols",
-        "visState": "{\"title\":\"Outdated/Insecure Application Protocols\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol Version\"}}]}",
+        "visState": "{\"title\":\"Outdated/Insecure Application Protocols\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"(zeek.service:ssh AND zeek.service_version < 2) OR (zeek.service:smb AND zeek.service_version < 2) OR (zeek.service:tls AND NOT zeek.service_version:(*TLS*v12* OR *TLS*v13*)) OR (zeek.service:ntp AND zeek.service_version < 4) OR (zeek.service:rfb AND zeek.service_version < 3.8) OR (zeek.service:rdp AND zeek.service_version < 6.0) OR (zeek.service:snmp AND zeek.service_version < 3)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"(zeek.service:ssh AND zeek.service_version < 2) OR (zeek.service:smb AND zeek.service_version < 2) OR (zeek.service:tls AND NOT zeek.service_version:(*TLS*v12* OR *TLS*v13*)) OR (zeek.service:ntp AND zeek.service_version < 4) OR (zeek.service:rfb AND zeek.service_version < 3.8) OR (zeek.service:rdp AND zeek.service_version < 6.0) OR (zeek.service:snmp AND zeek.service_version < 3) OR (zeek.service:ftp)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
@@ -213,8 +208,8 @@
     {
       "id": "f7b3ba60-41f7-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:05:42.216Z",
-      "version": "WzU1OSwxXQ==",
+      "updated_at": "2020-02-04T14:20:41.897Z",
+      "version": "WzU2MCwxXQ==",
       "attributes": {
         "title": "Connections by Destination Country (region map)",
         "visState": "{\"title\":\"Connections by Destination Country (region map)\",\"type\":\"region_map\",\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Blues\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p><a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.maptiler.com\\\">MapTiler</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"http://localhost:28991/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Connections\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_code2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}",
@@ -240,8 +235,8 @@
     {
       "id": "0ffb5790-41f3-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:05:42.216Z",
-      "version": "WzU2MCwxXQ==",
+      "updated_at": "2020-02-04T14:20:41.897Z",
+      "version": "WzU2MSwxXQ==",
       "attributes": {
         "title": "Inbound External Traffic by Country",
         "visState": "{\"title\":\"Inbound External Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.source_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Originating Country\"}}]}",
@@ -266,8 +261,8 @@
     {
       "id": "4a183420-41f3-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:05:42.216Z",
-      "version": "WzU2MSwxXQ==",
+      "updated_at": "2020-02-04T14:20:41.897Z",
+      "version": "WzU2MiwxXQ==",
       "attributes": {
         "title": "Outbound Internal Traffic by Country",
         "visState": "{\"title\":\"Outbound Internal Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Responding Country\"}}]}",
@@ -292,8 +287,8 @@
     {
       "id": "69241a80-421d-11ea-9084-41ab7c5fff2e",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:27:47.367Z",
-      "version": "WzgwNiwxXQ==",
+      "updated_at": "2020-02-04T14:20:41.897Z",
+      "version": "WzU2MywxXQ==",
       "attributes": {
         "title": "DNS Queries by Randomness",
         "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"}}]}",
@@ -319,8 +314,8 @@
     {
       "id": "10a01120-41f5-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:40:58.288Z",
-      "version": "WzgxMiwxXQ==",
+      "updated_at": "2020-02-04T14:20:41.897Z",
+      "version": "WzU2NCwxXQ==",
       "attributes": {
         "title": "File Types Observed",
         "visState": "{\"title\":\"File Types Observed\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":56,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.filetype\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}}]}",
@@ -342,37 +337,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "750367f0-41f2-11ea-88fa-7151df485405",
-      "type": "visualization",
-      "updated_at": "2020-01-28T22:41:44.039Z",
-      "version": "WzgxNCwxXQ==",
-      "attributes": {
-        "title": "Application Protocol by Version",
-        "visState": "{\"title\":\"Application Protocol by Version\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol Version\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}",
-        "description": "",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
     {
       "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405",
       "type": "visualization",
-      "updated_at": "2020-01-28T22:05:42.216Z",
-      "version": "WzU2NCwxXQ==",
+      "updated_at": "2020-02-04T14:20:41.897Z",
+      "version": "WzU2NiwxXQ==",
       "attributes": {
         "title": "External Remote Access Over Time",
         "visState": "{\"title\":\"External Remote Access Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD\"}},\"params\":{\"date\":true,\"interval\":\"P30D\",\"intervalESValue\":30,\"intervalESUnit\":\"d\",\"format\":\"YYYY-MM-DD\",\"bounds\":{\"min\":\"1976-01-28T18:52:45.953Z\",\"max\":\"2020-01-28T18:52:45.953Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-44y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
@@ -398,8 +367,8 @@
     {
       "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c",
       "type": "search",
-      "updated_at": "2020-01-28T22:06:00.709Z",
-      "version": "Wzc1NCwxXQ==",
+      "updated_at": "2020-02-04T14:21:00.359Z",
+      "version": "Wzc1NywxXQ==",
       "attributes": {
         "title": "Notices - Logs",
         "description": "",
@@ -436,8 +405,8 @@
     {
       "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed",
       "type": "search",
-      "updated_at": "2020-01-28T22:05:42.216Z",
-      "version": "WzU2NiwxXQ==",
+      "updated_at": "2020-02-04T14:20:41.897Z",
+      "version": "WzU2OCwxXQ==",
       "attributes": {
         "title": "Signatures - Logs",
         "description": "",
@@ -473,8 +442,8 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-01-28T22:06:01.739Z",
-      "version": "Wzc2MCwxXQ==",
+      "updated_at": "2020-02-04T14:21:01.381Z",
+      "version": "Wzc2MywxXQ==",
       "attributes": {
         "sort": [
           [
@@ -512,8 +481,8 @@
     {
       "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e",
       "type": "search",
-      "updated_at": "2020-01-28T22:05:54.537Z",
-      "version": "WzcwOSwxXQ==",
+      "updated_at": "2020-02-04T14:20:54.154Z",
+      "version": "WzcxMiwxXQ==",
       "attributes": {
         "sort": [
           [

From 5aaea11e0541e998c99a17ada3457d8bb22331d5 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 4 Feb 2020 08:36:49 -0700
Subject: [PATCH 067/183] working on issue #109, create ICS security overview
 dashboard

---
 .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json | 290 ++++++++++++++++++
 1 file changed, 290 insertions(+)
 create mode 100644 kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json

diff --git a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
new file mode 100644
index 000000000..a95cadac4
--- /dev/null
+++ b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
@@ -0,0 +1,290 @@
+{
+  "version": "7.5.1",
+  "objects": [
+    {
+      "id": "4a4bde20-4760-11ea-949c-bbb5a9feecbf",
+      "type": "dashboard",
+      "updated_at": "2020-02-04T15:35:56.376Z",
+      "version": "Wzg3MywxXQ==",
+      "attributes": {
+        "title": "ICS/IoT Security Overview",
+        "hits": 0,
+        "description": "",
+        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":34,\"i\":\"02fde066-221d-4262-ae35-742f7bb8933c\"},\"panelIndex\":\"02fde066-221d-4262-ae35-742f7bb8933c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":16,\"i\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\"},\"panelIndex\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":16,\"w\":32,\"h\":18,\"i\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\"},\"panelIndex\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}},\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":16,\"h\":18,\"i\":\"f339fb9a-7660-4b97-9245-14116c969ec9\"},\"panelIndex\":\"f339fb9a-7660-4b97-9245-14116c969ec9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":34,\"w\":16,\"h\":18,\"i\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\"},\"panelIndex\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":34,\"w\":16,\"h\":18,\"i\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\"},\"panelIndex\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":27,\"i\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\"},\"panelIndex\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
+        "optionsJSON": "{\"useMargins\":true}",
+        "version": 1,
+        "timeRestore": false,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
+        }
+      },
+      "references": [
+        {
+          "name": "panel_0",
+          "type": "visualization",
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3"
+        },
+        {
+          "name": "panel_1",
+          "type": "visualization",
+          "id": "31e06210-4761-11ea-949c-bbb5a9feecbf"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "b614fcd0-4761-11ea-949c-bbb5a9feecbf"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "71d832b0-4763-11ea-949c-bbb5a9feecbf"
+        },
+        {
+          "name": "panel_4",
+          "type": "visualization",
+          "id": "f17fab90-4760-11ea-949c-bbb5a9feecbf"
+        },
+        {
+          "name": "panel_5",
+          "type": "visualization",
+          "id": "60e83820-4762-11ea-949c-bbb5a9feecbf"
+        },
+        {
+          "name": "panel_6",
+          "type": "visualization",
+          "id": "8253ab70-4762-11ea-949c-bbb5a9feecbf"
+        },
+        {
+          "name": "panel_7",
+          "type": "search",
+          "id": "1dc3dfb0-4760-11ea-949c-bbb5a9feecbf"
+        }
+      ],
+      "migrationVersion": {
+        "dashboard": "7.3.0"
+      }
+    },
+    {
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+      "type": "visualization",
+      "updated_at": "2020-02-04T14:21:03.422Z",
+      "version": "Wzc4MCwxXQ==",
+      "attributes": {
+        "title": "Zeek Logs",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "31e06210-4761-11ea-949c-bbb5a9feecbf",
+      "type": "visualization",
+      "updated_at": "2020-02-04T15:33:23.805Z",
+      "version": "Wzg2OCwxXQ==",
+      "attributes": {
+        "title": "ICS/IoT Log Counts",
+        "visState": "{\"title\":\"ICS/IoT Log Counts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}}}],\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}}}},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "1dc3dfb0-4760-11ea-949c-bbb5a9feecbf"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "b614fcd0-4761-11ea-949c-bbb5a9feecbf",
+      "type": "visualization",
+      "updated_at": "2020-02-04T15:19:18.045Z",
+      "version": "Wzg1MiwxXQ==",
+      "attributes": {
+        "title": "ICS/IoT Traffic Over Time",
+        "visState": "{\"title\":\"ICS/IoT Traffic Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD\"}},\"params\":{\"date\":true,\"interval\":\"P30D\",\"intervalESValue\":30,\"intervalESUnit\":\"d\",\"format\":\"YYYY-MM-DD\",\"bounds\":{\"min\":\"1976-02-04T15:18:33.141Z\",\"max\":\"2020-02-04T15:18:33.141Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-44y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "1dc3dfb0-4760-11ea-949c-bbb5a9feecbf"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "71d832b0-4763-11ea-949c-bbb5a9feecbf",
+      "type": "visualization",
+      "updated_at": "2020-02-04T15:31:42.555Z",
+      "version": "Wzg2NSwxXQ==",
+      "attributes": {
+        "title": "ICS/IoT External Traffic",
+        "visState": "{\"title\":\"ICS/IoT External Traffic\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Destination Country\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.source_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Country\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Destination Country\",\"missingBucket\":true,\"missingBucketLabel\":\"-\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"tags:(external_source OR external_destination)\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "1dc3dfb0-4760-11ea-949c-bbb5a9feecbf"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "f17fab90-4760-11ea-949c-bbb5a9feecbf",
+      "type": "visualization",
+      "updated_at": "2020-02-04T15:21:36.360Z",
+      "version": "Wzg1NSwxXQ==",
+      "attributes": {
+        "title": "ICS/IoT Actions",
+        "visState": "{\"title\":\"ICS/IoT Actions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "1dc3dfb0-4760-11ea-949c-bbb5a9feecbf"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "60e83820-4762-11ea-949c-bbb5a9feecbf",
+      "type": "visualization",
+      "updated_at": "2020-02-04T15:24:04.642Z",
+      "version": "Wzg1OSwxXQ==",
+      "attributes": {
+        "title": "ICS/IoT Source IP",
+        "visState": "{\"title\":\"ICS/IoT Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "1dc3dfb0-4760-11ea-949c-bbb5a9feecbf"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "8253ab70-4762-11ea-949c-bbb5a9feecbf",
+      "type": "visualization",
+      "updated_at": "2020-02-04T15:25:00.711Z",
+      "version": "Wzg2MCwxXQ==",
+      "attributes": {
+        "title": "ICS/IoT Destination IP",
+        "visState": "{\"title\":\"ICS/IoT Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "1dc3dfb0-4760-11ea-949c-bbb5a9feecbf"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "1dc3dfb0-4760-11ea-949c-bbb5a9feecbf",
+      "type": "search",
+      "updated_at": "2020-02-04T15:07:53.002Z",
+      "version": "WzgzOSwxXQ==",
+      "attributes": {
+        "title": "ICS/IoT Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "zeek.action",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"zeek.logType:(bacnet OR cip OR dnp3 OR enip* OR iso_cotp OR *modbus* OR mqtt* OR profinet* OR s7comm)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
+    }
+  ]
+}
\ No newline at end of file

From e91d467b0807a12ef41a954f9e3ead6e69408df9 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 4 Feb 2020 15:18:26 -0700
Subject: [PATCH 068/183] added ipv4/ipv6

---
 logstash/pipelines/enrichment/11_lookups.conf | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index 112c28356..20056813c 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -133,6 +133,16 @@ filter {
         }
       }
     }
+    cidr {
+      id      => "cidr_detect_network_type_ipv4_source"
+      add_field => { "[network][type]" => "ipv4" }
+      address => [ "%{srcIp}" ]
+      network => [ "0.0.0.0/0" ]
+    }
+    if (![network][type]) {
+      mutate { id => "mutate_add_network_type_ipv4_source"
+               add_field => { "[network][type]" => "ipv6" } }
+    }
   } # if ([srcIp])
 
   if ([dstIp]) {
@@ -197,7 +207,18 @@ filter {
           }
         }
       }
-
+    }
+    if (![network][type]) {
+      cidr {
+        id      => "cidr_detect_network_type_ipv4_dest"
+        add_field => { "[network][type]" => "ipv4" }
+        address => [ "%{dstIp}" ]
+        network => [ "0.0.0.0/0" ]
+      }
+      if (![network][type]) {
+        mutate { id => "mutate_add_network_type_ipv4_dest"
+                 add_field => { "[network][type]" => "ipv6" } }
+      }
     }
   } # if ([dstIp])
 

From 57e94d0ba9a26211d963501f446d823bf15803c8 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 4 Feb 2020 16:01:52 -0700
Subject: [PATCH 069/183] working on issue #109, create ICS security overview
 dashboard

---
 .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json | 179 +++++++++++++++---
 1 file changed, 156 insertions(+), 23 deletions(-)

diff --git a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
index a95cadac4..04768fb0f 100644
--- a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
+++ b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
@@ -4,13 +4,13 @@
     {
       "id": "4a4bde20-4760-11ea-949c-bbb5a9feecbf",
       "type": "dashboard",
-      "updated_at": "2020-02-04T15:35:56.376Z",
-      "version": "Wzg3MywxXQ==",
+      "updated_at": "2020-02-04T23:00:49.784Z",
+      "version": "WzgyNiwxXQ==",
       "attributes": {
         "title": "ICS/IoT Security Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":34,\"i\":\"02fde066-221d-4262-ae35-742f7bb8933c\"},\"panelIndex\":\"02fde066-221d-4262-ae35-742f7bb8933c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":16,\"i\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\"},\"panelIndex\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":16,\"w\":32,\"h\":18,\"i\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\"},\"panelIndex\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}},\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":16,\"h\":18,\"i\":\"f339fb9a-7660-4b97-9245-14116c969ec9\"},\"panelIndex\":\"f339fb9a-7660-4b97-9245-14116c969ec9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":34,\"w\":16,\"h\":18,\"i\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\"},\"panelIndex\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":34,\"w\":16,\"h\":18,\"i\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\"},\"panelIndex\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":27,\"i\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\"},\"panelIndex\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":34,\"i\":\"02fde066-221d-4262-ae35-742f7bb8933c\"},\"panelIndex\":\"02fde066-221d-4262-ae35-742f7bb8933c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":16,\"i\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\"},\"panelIndex\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":16,\"w\":32,\"h\":18,\"i\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\"},\"panelIndex\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":11,\"i\":\"bd55e05a-927a-4bcb-9cc8-7cee53bf8203\"},\"panelIndex\":\"bd55e05a-927a-4bcb-9cc8-7cee53bf8203\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":16,\"h\":18,\"i\":\"f339fb9a-7660-4b97-9245-14116c969ec9\"},\"panelIndex\":\"f339fb9a-7660-4b97-9245-14116c969ec9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":34,\"w\":20,\"h\":37,\"i\":\"ab1a666c-19f2-4954-81b7-18554a95818f\"},\"panelIndex\":\"ab1a666c-19f2-4954-81b7-18554a95818f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":18,\"i\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\"},\"panelIndex\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":52,\"w\":16,\"h\":19,\"i\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\"},\"panelIndex\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":36,\"y\":52,\"w\":12,\"h\":19,\"i\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\"},\"panelIndex\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":27,\"i\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\"},\"panelIndex\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -42,20 +42,35 @@
         {
           "name": "panel_4",
           "type": "visualization",
-          "id": "f17fab90-4760-11ea-949c-bbb5a9feecbf"
+          "id": "d6456b60-479e-11ea-86b0-e3b81eb90684"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "60e83820-4762-11ea-949c-bbb5a9feecbf"
+          "id": "f17fab90-4760-11ea-949c-bbb5a9feecbf"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "8253ab70-4762-11ea-949c-bbb5a9feecbf"
+          "id": "0db533e0-47a0-11ea-86b0-e3b81eb90684"
         },
         {
           "name": "panel_7",
+          "type": "visualization",
+          "id": "60e83820-4762-11ea-949c-bbb5a9feecbf"
+        },
+        {
+          "name": "panel_8",
+          "type": "visualization",
+          "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684"
+        },
+        {
+          "name": "panel_9",
+          "type": "visualization",
+          "id": "8253ab70-4762-11ea-949c-bbb5a9feecbf"
+        },
+        {
+          "name": "panel_10",
           "type": "search",
           "id": "1dc3dfb0-4760-11ea-949c-bbb5a9feecbf"
         }
@@ -67,8 +82,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-02-04T14:21:03.422Z",
-      "version": "Wzc4MCwxXQ==",
+      "updated_at": "2020-02-04T22:26:05.610Z",
+      "version": "Wzc4OSwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -87,8 +102,8 @@
     {
       "id": "31e06210-4761-11ea-949c-bbb5a9feecbf",
       "type": "visualization",
-      "updated_at": "2020-02-04T15:33:23.805Z",
-      "version": "Wzg2OCwxXQ==",
+      "updated_at": "2020-02-04T22:25:27.608Z",
+      "version": "WzQxMCwxXQ==",
       "attributes": {
         "title": "ICS/IoT Log Counts",
         "visState": "{\"title\":\"ICS/IoT Log Counts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}}}],\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}}}},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
@@ -114,8 +129,8 @@
     {
       "id": "b614fcd0-4761-11ea-949c-bbb5a9feecbf",
       "type": "visualization",
-      "updated_at": "2020-02-04T15:19:18.045Z",
-      "version": "Wzg1MiwxXQ==",
+      "updated_at": "2020-02-04T22:25:27.608Z",
+      "version": "WzQxMSwxXQ==",
       "attributes": {
         "title": "ICS/IoT Traffic Over Time",
         "visState": "{\"title\":\"ICS/IoT Traffic Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD\"}},\"params\":{\"date\":true,\"interval\":\"P30D\",\"intervalESValue\":30,\"intervalESUnit\":\"d\",\"format\":\"YYYY-MM-DD\",\"bounds\":{\"min\":\"1976-02-04T15:18:33.141Z\",\"max\":\"2020-02-04T15:18:33.141Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-44y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
@@ -141,11 +156,11 @@
     {
       "id": "71d832b0-4763-11ea-949c-bbb5a9feecbf",
       "type": "visualization",
-      "updated_at": "2020-02-04T15:31:42.555Z",
-      "version": "Wzg2NSwxXQ==",
+      "updated_at": "2020-02-04T22:47:01.917Z",
+      "version": "WzgxMiwxXQ==",
       "attributes": {
         "title": "ICS/IoT External Traffic",
-        "visState": "{\"title\":\"ICS/IoT External Traffic\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Destination Country\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.source_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Country\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Destination Country\",\"missingBucket\":true,\"missingBucketLabel\":\"-\"}}]}",
+        "visState": "{\"title\":\"ICS/IoT External Traffic\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Destination Country\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.source_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Country\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Destination Country\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Country\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "description": "",
         "version": 1,
@@ -165,11 +180,37 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "d6456b60-479e-11ea-86b0-e3b81eb90684",
+      "type": "visualization",
+      "updated_at": "2020-02-04T22:37:44.830Z",
+      "version": "WzgwNywxXQ==",
+      "attributes": {
+        "title": "Network Layer",
+        "visState": "{\"title\":\"Network Layer\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Layer\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "f17fab90-4760-11ea-949c-bbb5a9feecbf",
       "type": "visualization",
-      "updated_at": "2020-02-04T15:21:36.360Z",
-      "version": "Wzg1NSwxXQ==",
+      "updated_at": "2020-02-04T22:50:53.991Z",
+      "version": "WzgxOCwxXQ==",
       "attributes": {
         "title": "ICS/IoT Actions",
         "visState": "{\"title\":\"ICS/IoT Actions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}}]}",
@@ -192,11 +233,37 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "0db533e0-47a0-11ea-86b0-e3b81eb90684",
+      "type": "visualization",
+      "updated_at": "2020-02-04T22:50:09.107Z",
+      "version": "WzgxNywxXQ==",
+      "attributes": {
+        "title": "Non-ICS/IoT Protocols Observed",
+        "visState": "{\"title\":\"Non-ICS/IoT Protocols Observed\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"NOT zeek.logType:(bacnet OR cip OR dnp3 OR enip* iso_cotp OR *modbus* OR mqtt* OR profinet* OR s7comm)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "60e83820-4762-11ea-949c-bbb5a9feecbf",
       "type": "visualization",
-      "updated_at": "2020-02-04T15:24:04.642Z",
-      "version": "Wzg1OSwxXQ==",
+      "updated_at": "2020-02-04T22:25:27.608Z",
+      "version": "WzQxNCwxXQ==",
       "attributes": {
         "title": "ICS/IoT Source IP",
         "visState": "{\"title\":\"ICS/IoT Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}",
@@ -219,11 +286,38 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684",
+      "type": "visualization",
+      "updated_at": "2020-02-04T23:00:17.507Z",
+      "version": "WzgyNCwxXQ==",
+      "attributes": {
+        "title": "File Types by Transport",
+        "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.filetype\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_files.source\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "8253ab70-4762-11ea-949c-bbb5a9feecbf",
       "type": "visualization",
-      "updated_at": "2020-02-04T15:25:00.711Z",
-      "version": "Wzg2MCwxXQ==",
+      "updated_at": "2020-02-04T22:25:27.608Z",
+      "version": "WzQxNSwxXQ==",
       "attributes": {
         "title": "ICS/IoT Destination IP",
         "visState": "{\"title\":\"ICS/IoT Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}",
@@ -249,8 +343,8 @@
     {
       "id": "1dc3dfb0-4760-11ea-949c-bbb5a9feecbf",
       "type": "search",
-      "updated_at": "2020-02-04T15:07:53.002Z",
-      "version": "WzgzOSwxXQ==",
+      "updated_at": "2020-02-04T22:25:27.608Z",
+      "version": "WzQxNiwxXQ==",
       "attributes": {
         "title": "ICS/IoT Logs",
         "description": "",
@@ -285,6 +379,45 @@
       "migrationVersion": {
         "search": "7.4.0"
       }
+    },
+    {
+      "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459",
+      "type": "search",
+      "updated_at": "2020-02-04T22:25:45.061Z",
+      "version": "WzU4MywxXQ==",
+      "attributes": {
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "hits": 0,
+        "description": "",
+        "title": "Files - Logs",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:files\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        },
+        "columns": [
+          "zeek_files.tx_hosts",
+          "dstIp",
+          "zeek_files.source",
+          "zeek.uid",
+          "zeek.fuid",
+          "_id"
+        ]
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file

From ccc366158fc5bbb007caa530511514341a262912 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 4 Feb 2020 16:04:36 -0700
Subject: [PATCH 070/183] working on issue #109, create ICS security overview
 dashboard

---
 kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json | 2 +-
 kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json | 2 +-
 kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json | 2 +-
 kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json | 2 +-
 kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json | 2 +-
 kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json | 2 +-
 kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json | 2 +-
 kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json | 2 +-
 kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json | 2 +-
 kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json | 2 +-
 kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json | 2 +-
 kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json | 2 +-
 kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json | 2 +-
 kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json | 2 +-
 kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json | 2 +-
 kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json | 2 +-
 kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json | 2 +-
 kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json | 2 +-
 kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json | 2 +-
 kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json | 2 +-
 kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json | 2 +-
 kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json | 2 +-
 kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json | 2 +-
 kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json | 2 +-
 kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json | 2 +-
 kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json | 2 +-
 kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json | 2 +-
 kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json | 2 +-
 kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json | 2 +-
 kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json | 2 +-
 kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json | 2 +-
 kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json | 2 +-
 kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json | 2 +-
 kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json | 2 +-
 kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json | 2 +-
 kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json | 2 +-
 kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json | 2 +-
 kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json | 2 +-
 kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json | 2 +-
 kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json | 2 +-
 kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json | 2 +-
 kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json | 2 +-
 kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json | 2 +-
 kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json | 2 +-
 kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json | 2 +-
 kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json | 2 +-
 kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json | 2 +-
 kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json | 2 +-
 kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json | 2 +-
 kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json | 2 +-
 kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json | 2 +-
 kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json | 2 +-
 60 files changed, 60 insertions(+), 60 deletions(-)

diff --git a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
index fa68bd2a5..53bb30570 100644
--- a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
+++ b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
@@ -76,7 +76,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
index 316f8cf4c..35aad5c15 100644
--- a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
+++ b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
@@ -71,7 +71,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
index a54b7a84d..3e3f9ba46 100644
--- a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
+++ b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
@@ -91,7 +91,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index 62d328223..a601fe30a 100644
--- a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -71,7 +71,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index 7758b4ad2..a00c6326a 100644
--- a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -76,7 +76,7 @@
       "version": "Wzc4MCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
index 3f1a0813d..be69404db 100644
--- a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
+++ b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
@@ -68,7 +68,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
index b9ed80445..0bbebd6e8 100644
--- a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
+++ b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
@@ -106,7 +106,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
index c313081c2..e6480fc65 100644
--- a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
+++ b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
index 1dc560f5d..0737c2202 100644
--- a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
+++ b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
index a2a985007..8cdd8954f 100644
--- a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
+++ b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index cfab571d7..557c51f5f 100644
--- a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
index 3eb5b5aee..f7b537184 100644
--- a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
+++ b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
index a0dbb8b81..c21ef7ff3 100644
--- a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
index cb59baf4f..a7f1d32ec 100644
--- a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
index ca40f4ba0..2181f2e89 100644
--- a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
+++ b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
@@ -101,7 +101,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
index ef7d98b51..6b7b54a34 100644
--- a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
+++ b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
@@ -98,7 +98,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
index d40c6c04d..8524bcf8e 100644
--- a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
@@ -66,7 +66,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
index 8a9c5a2bf..7b2f3595f 100644
--- a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
+++ b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
@@ -96,7 +96,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
index dec2795ef..033fc4301 100644
--- a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
+++ b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
@@ -106,7 +106,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index b9ac5256d..b95b88097 100644
--- a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index c178500dd..ce5c5d8c4 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -125,7 +125,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
index 146f8e38f..add1ffb39 100644
--- a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
+++ b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
@@ -130,7 +130,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
index 04768fb0f..185268b62 100644
--- a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
+++ b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
@@ -86,7 +86,7 @@
       "version": "Wzc4OSwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
index 309bf429f..6ea7d6ab3 100644
--- a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
+++ b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
index d5d4de41c..aa1152931 100644
--- a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
+++ b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
@@ -93,7 +93,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
index 4e353427e..34b928d8d 100644
--- a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
+++ b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
@@ -91,7 +91,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index 0cd422987..aa72c0f3e 100644
--- a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
index 09c9329a0..5107aae6f 100644
--- a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
+++ b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
@@ -68,7 +68,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
index 892c25a65..2555f7060 100644
--- a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
+++ b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
@@ -61,7 +61,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
index 8356837aa..ba01ee3f8 100644
--- a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
+++ b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
@@ -76,7 +76,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index 8ee0d8e8c..ce31df63e 100644
--- a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
index 648350f3c..d868c6661 100644
--- a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
+++ b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
@@ -96,7 +96,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index 799b7014c..779254575 100644
--- a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -106,7 +106,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
index 650001fbb..2389f4647 100644
--- a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
+++ b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
@@ -101,7 +101,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
index 6e63e7756..9e5ad0b6e 100644
--- a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
+++ b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
@@ -76,7 +76,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
index 1ff20250c..62a72b6bf 100644
--- a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
+++ b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
@@ -86,7 +86,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
index e928e9ae8..4da7a4194 100644
--- a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
+++ b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
@@ -56,7 +56,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
index 316855b38..1592c7aa2 100644
--- a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
+++ b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
@@ -76,7 +76,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index 5d2eeb905..8f6d0eb32 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -86,7 +86,7 @@
       "version": "Wzc4MCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
index a723bfebc..d92d9eb83 100644
--- a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
+++ b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
@@ -108,7 +108,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index affd4c527..7f4adc5e5 100644
--- a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
index 13cb1544b..8ab0bf4b8 100644
--- a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index 70587e21c..a11bb462d 100644
--- a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -156,7 +156,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
index a050e8da1..27228afbe 100644
--- a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
+++ b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
@@ -86,7 +86,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
index 66f303267..a1f6486c9 100644
--- a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
+++ b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
index 9b9280eda..2dcda94a7 100644
--- a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
+++ b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index b40b83434..7b40ed109 100644
--- a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
index d8c48e463..aac77af5c 100644
--- a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
+++ b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
@@ -106,7 +106,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
index ca198f159..ef82f396d 100644
--- a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
@@ -66,7 +66,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
index e33a27c6d..dcf6060d4 100644
--- a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
+++ b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json b/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
index 4903c25ef..26ffe102b 100644
--- a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
+++ b/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
@@ -126,7 +126,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index bd89daecb..226384a57 100644
--- a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
index c5d27c912..1993827cf 100644
--- a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
+++ b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
index 0b44180b4..fadda154d 100644
--- a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
+++ b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
index c10e99f66..7f6544d3f 100644
--- a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index 3cb068753..bdcd3c499 100644
--- a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
index 39ac2f378..367d16a82 100644
--- a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
+++ b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
@@ -123,7 +123,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
index 8a5a558e2..d43e29bc4 100644
--- a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
+++ b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
index bdd3ae192..7c84abd06 100644
--- a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
+++ b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
@@ -101,7 +101,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
index 206c4360c..d40298038 100644
--- a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
@@ -71,7 +71,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,

From 9f9adc68c0625b9c1b783b54af23308ad2ecc6a6 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 5 Feb 2020 07:03:15 -0700
Subject: [PATCH 071/183] added network layer to connections

---
 .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json | 141 +++++++++++-------
 1 file changed, 86 insertions(+), 55 deletions(-)

diff --git a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index a11bb462d..4f62442fe 100644
--- a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -4,18 +4,18 @@
     {
       "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQ0MywxXQ==",
+      "updated_at": "2020-02-05T14:01:31.617Z",
+      "version": "WzgzNiwxXQ==",
       "attributes": {
         "title": "Connections",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":134,\"w\":16,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":134,\"w\":16,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":195,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":195,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":32,\"y\":195,\"w\":16,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":20,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"22\"},\"panelIndex\":\"22\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"23\"},\"panelIndex\":\"23\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"24\"},\"panelIndex\":\"24\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"gridData\":{\"x\":0,\"y\":215,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":0,\"y\":91,\"w\":19,\"h\":7,\"i\":\"26\"},\"panelIndex\":\"26\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_15\"},{\"gridData\":{\"x\":19,\"y\":73,\"w\":29,\"h\":25,\"i\":\"30\"},\"panelIndex\":\"30\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_16\"},{\"gridData\":{\"x\":32,\"y\":134,\"w\":16,\"h\":21,\"i\":\"31\"},\"panelIndex\":\"31\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":175,\"w\":24,\"h\":20,\"i\":\"32\"},\"panelIndex\":\"32\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_18\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":175,\"w\":24,\"h\":20,\"i\":\"33\"},\"panelIndex\":\"33\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_19\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":155,\"w\":24,\"h\":20,\"i\":\"34\"},\"panelIndex\":\"34\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_20\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":155,\"w\":24,\"h\":20,\"i\":\"35\"},\"panelIndex\":\"35\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_21\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":25,\"i\":\"36\"},\"panelIndex\":\"36\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_22\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":25,\"i\":\"37\"},\"panelIndex\":\"37\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_23\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":0,\"y\":73,\"w\":19,\"h\":18,\"i\":\"38\"},\"panelIndex\":\"38\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_24\"}]",
+        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":134,\"w\":16,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":134,\"w\":16,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":195,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":195,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":195,\"w\":16,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":20,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":215,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_13\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":91,\"w\":19,\"h\":7,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":19,\"y\":73,\"w\":29,\"h\":25,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":134,\"w\":16,\"h\":21,\"i\":\"31\"},\"panelIndex\":\"31\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":175,\"w\":24,\"h\":20,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_18\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":175,\"w\":24,\"h\":20,\"i\":\"33\"},\"panelIndex\":\"33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_19\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":155,\"w\":24,\"h\":20,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{},\"panelRefName\":\"panel_20\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":155,\"w\":24,\"h\":20,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{},\"panelRefName\":\"panel_21\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":25,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{},\"panelRefName\":\"panel_22\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":25,\"i\":\"37\"},\"panelIndex\":\"37\",\"embeddableConfig\":{},\"panelRefName\":\"panel_23\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":73,\"w\":19,\"h\":18,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_24\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":8,\"h\":14,\"i\":\"8f2034f5-d92d-4007-94b3-195b63354888\"},\"panelIndex\":\"8f2034f5-d92d-4007-94b3-195b63354888\",\"embeddableConfig\":{},\"panelRefName\":\"panel_25\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -143,6 +143,11 @@
           "name": "panel_24",
           "type": "visualization",
           "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b"
+        },
+        {
+          "name": "panel_25",
+          "type": "visualization",
+          "id": "d6456b60-479e-11ea-86b0-e3b81eb90684"
         }
       ],
       "migrationVersion": {
@@ -152,11 +157,11 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-04T23:06:19.018Z",
+      "version": "WzgyOCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -172,8 +177,8 @@
     {
       "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQxOSwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYxMCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -199,8 +204,8 @@
     {
       "id": "52013c7c-c554-450e-9198-dbafdc050459",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQyMCwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYxMSwxXQ==",
       "attributes": {
         "title": "Connections - Service By Destination Country",
         "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.service\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}",
@@ -226,8 +231,8 @@
     {
       "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQyMSwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYxMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -253,8 +258,8 @@
     {
       "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQyMiwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYxMywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -280,8 +285,8 @@
     {
       "id": "d25f4abc-24af-405e-a6f6-873277fe5771",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQyMywxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYxNCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.source_geo.country_code2\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}",
         "description": "",
@@ -307,8 +312,8 @@
     {
       "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQyNCwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYxNSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_conn.resp_bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}",
         "description": "",
@@ -334,8 +339,8 @@
     {
       "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQyNSwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYxNiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_conn.missed_bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}",
         "description": "",
@@ -361,8 +366,8 @@
     {
       "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQyNiwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYxNywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_conn.conn_state_description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection State Description\"}}],\"listeners\":{}}",
         "description": "",
@@ -388,8 +393,8 @@
     {
       "id": "73528008-f11d-4faa-8f69-a5bf23507b8f",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQyNywxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYxOCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.uid\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.uid\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}}],\"listeners\":{}}",
         "description": "",
@@ -415,8 +420,8 @@
     {
       "id": "faa08629-0011-4b38-8b74-3ba86b59155f",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQyOCwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYxOSwxXQ==",
       "attributes": {
         "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"totBytes\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"dstIp\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"dstIp\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":20},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\"}",
         "description": "",
@@ -442,8 +447,8 @@
     {
       "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQyOSwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYyMCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max totBytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}",
         "description": "",
@@ -469,8 +474,8 @@
     {
       "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQzMCwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYyMSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -496,8 +501,8 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-04T22:26:03.530Z",
+      "version": "Wzc3MiwxXQ==",
       "attributes": {
         "sort": [
           [
@@ -535,8 +540,8 @@
     {
       "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQzMiwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYyMywxXQ==",
       "attributes": {
         "title": "Connections - Maps",
         "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) | [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327)   \\n[Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) | [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644)   \\n[Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) | [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) | [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8)   \\n[Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) | [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8)   \\n[Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) | [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -555,8 +560,8 @@
     {
       "id": "AWDG71xFxQT5EBNmq336",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQzMywxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYyNCwxXQ==",
       "attributes": {
         "title": "Connections - Log Count",
         "visState": "{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -582,8 +587,8 @@
     {
       "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQzNCwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYyNSwxXQ==",
       "attributes": {
         "title": "Connections - Total Bytes Per Source/Destination IP Pair",
         "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"totBytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"srcIp\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"totBytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"dstIp\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"totBytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":15,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}",
@@ -609,8 +614,8 @@
     {
       "id": "568c74ff-3ef3-45ba-a178-0520633697bd",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQzNSwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYyNiwxXQ==",
       "attributes": {
         "title": "Connections - Destination Port",
         "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}",
@@ -636,8 +641,8 @@
     {
       "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQzNiwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYyNywxXQ==",
       "attributes": {
         "title": "Connections - Source MAC OUI",
         "visState": "{\"title\":\"Connections - Source MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.orig_l2_oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}",
@@ -663,8 +668,8 @@
     {
       "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQzNywxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYyOCwxXQ==",
       "attributes": {
         "title": "Connections - Destination MAC OUI",
         "visState": "{\"title\":\"Connections - Destination MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.resp_l2_oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}",
@@ -690,8 +695,8 @@
     {
       "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQzOCwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYyOSwxXQ==",
       "attributes": {
         "title": "Connections - Source MAC Address",
         "visState": "{\"title\":\"Connections - Source MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcMac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcOui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}",
@@ -717,8 +722,8 @@
     {
       "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQzOSwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYzMCwxXQ==",
       "attributes": {
         "title": "Connections - Destination MAC Address",
         "visState": "{\"title\":\"Connections - Destination MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstMac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstOui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}",
@@ -744,8 +749,8 @@
     {
       "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQ0MCwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYzMSwxXQ==",
       "attributes": {
         "title": "Connections - Top 10 - Total Bytes By Source MAC OUI",
         "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcOui\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"srcOui\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}",
@@ -771,8 +776,8 @@
     {
       "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQ0MSwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYzMiwxXQ==",
       "attributes": {
         "title": "Connections - Top 10 - Total Bytes By Destination MAC OUI",
         "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstOui\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dstOui\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}",
@@ -798,8 +803,8 @@
     {
       "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:45.186Z",
-      "version": "WzQ0MiwxXQ==",
+      "updated_at": "2020-02-04T22:25:48.157Z",
+      "version": "WzYzMywxXQ==",
       "attributes": {
         "title": "Connections - Protocol",
         "visState": "{\"title\":\"Connections - Protocol\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.proto\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
@@ -821,6 +826,32 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "d6456b60-479e-11ea-86b0-e3b81eb90684",
+      "type": "visualization",
+      "updated_at": "2020-02-04T22:37:44.830Z",
+      "version": "WzgwNywxXQ==",
+      "attributes": {
+        "title": "Network Layer",
+        "visState": "{\"title\":\"Network Layer\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Layer\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
     }
   ]
 }
\ No newline at end of file

From d571cb5efdf1726dbc5cdefc30731bc968c1a4ea Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 5 Feb 2020 07:08:43 -0700
Subject: [PATCH 072/183] fix max font size

---
 kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index 8f6d0eb32..71ff32957 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -318,7 +318,7 @@
       "version": "WzU2NCwxXQ==",
       "attributes": {
         "title": "File Types Observed",
-        "visState": "{\"title\":\"File Types Observed\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":56,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.filetype\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}}]}",
+        "visState": "{\"title\":\"File Types Observed\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":48,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.filetype\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,

From d732ba6fa71f38c06d0d26d61e1e1ec55d67acd3 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 5 Feb 2020 07:24:18 -0700
Subject: [PATCH 073/183] bring sensor local.zeek up to match malcolm's

---
 sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
index 4d6ce1bb9..e4de1b01f 100755
--- a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -88,12 +88,15 @@ redef SOCKS::default_capture_password = T;
 @load protocols/dhcp/software
 @load protocols/dns/detect-external-names
 @load protocols/ftp/detect
+@load protocols/ftp/detect-bruteforcing.zeek
 @load protocols/ftp/software
 @load protocols/http/detect-sqli
 @load protocols/http/detect-webapps
 @load protocols/http/software
 @load protocols/http/software-browser-plugins
 @load protocols/mysql/software
+@load protocols/ssl/weak-keys
+@load protocols/smb/log-cmds
 @load protocols/smtp/software
 @load protocols/ssh/detect-bruteforcing
 @load protocols/ssh/geo-data

From c634f0464552cc8f07365a3ad38b490b8dd20d67 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 5 Feb 2020 08:52:17 -0700
Subject: [PATCH 074/183] fixed spacing of navigation menu

---
 kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json | 2 +-
 kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json | 2 +-
 kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json | 2 +-
 kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json | 2 +-
 kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json | 2 +-
 kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json | 2 +-
 kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json | 2 +-
 kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json | 2 +-
 kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json | 2 +-
 kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json | 2 +-
 kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json | 2 +-
 kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json | 2 +-
 kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json | 2 +-
 kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json | 2 +-
 kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json | 2 +-
 kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json | 2 +-
 kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json | 2 +-
 kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json | 2 +-
 kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json | 2 +-
 kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json | 2 +-
 kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json | 2 +-
 kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json | 2 +-
 kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json | 2 +-
 kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json | 2 +-
 kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json | 2 +-
 kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json | 2 +-
 kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json | 2 +-
 kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json | 2 +-
 kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json | 2 +-
 kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json | 2 +-
 kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json | 2 +-
 kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json | 2 +-
 kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json | 2 +-
 kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json | 2 +-
 kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json | 2 +-
 kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json | 2 +-
 kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json | 2 +-
 kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json | 2 +-
 kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json | 2 +-
 kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json | 2 +-
 kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json | 2 +-
 kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json | 2 +-
 kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json | 2 +-
 kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json | 2 +-
 kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json | 2 +-
 kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json | 2 +-
 kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json | 2 +-
 kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json | 2 +-
 kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json | 2 +-
 kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json | 2 +-
 kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json | 2 +-
 kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json | 2 +-
 60 files changed, 60 insertions(+), 60 deletions(-)

diff --git a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
index 53bb30570..e35806296 100644
--- a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
+++ b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
@@ -76,7 +76,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
index 35aad5c15..514e41253 100644
--- a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
+++ b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
@@ -71,7 +71,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
index 3e3f9ba46..e69270866 100644
--- a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
+++ b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
@@ -91,7 +91,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index a601fe30a..72375e390 100644
--- a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -71,7 +71,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index a00c6326a..19e24785d 100644
--- a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -76,7 +76,7 @@
       "version": "Wzc4MCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
index be69404db..211608e93 100644
--- a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
+++ b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
@@ -68,7 +68,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
index 0bbebd6e8..f48a167e5 100644
--- a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
+++ b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
@@ -106,7 +106,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
index e6480fc65..43bf46423 100644
--- a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
+++ b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
index 0737c2202..fd3d858ba 100644
--- a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
+++ b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
index 8cdd8954f..176e74a58 100644
--- a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
+++ b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index 557c51f5f..315d58c04 100644
--- a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
index f7b537184..317f7564f 100644
--- a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
+++ b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
index c21ef7ff3..f49c82b0f 100644
--- a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
index a7f1d32ec..055c59d33 100644
--- a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
index 2181f2e89..b0dc8d2ba 100644
--- a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
+++ b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
@@ -101,7 +101,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
index 6b7b54a34..cd89e4801 100644
--- a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
+++ b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
@@ -98,7 +98,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
index 8524bcf8e..5987fa0f2 100644
--- a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
@@ -66,7 +66,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
index 7b2f3595f..01f7d7910 100644
--- a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
+++ b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
@@ -96,7 +96,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
index 033fc4301..b933b0b09 100644
--- a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
+++ b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
@@ -106,7 +106,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index b95b88097..d54e0fbef 100644
--- a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index ce5c5d8c4..2c2b5037b 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -125,7 +125,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
index add1ffb39..b6555f727 100644
--- a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
+++ b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
@@ -130,7 +130,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
index 185268b62..b0a6d900f 100644
--- a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
+++ b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
@@ -86,7 +86,7 @@
       "version": "Wzc4OSwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
index 6ea7d6ab3..abd83f106 100644
--- a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
+++ b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
index aa1152931..efaff92a4 100644
--- a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
+++ b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
@@ -93,7 +93,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
index 34b928d8d..d6279c569 100644
--- a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
+++ b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
@@ -91,7 +91,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index aa72c0f3e..06570be02 100644
--- a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
index 5107aae6f..fa502f941 100644
--- a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
+++ b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
@@ -68,7 +68,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
index 2555f7060..dda44b7c9 100644
--- a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
+++ b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
@@ -61,7 +61,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
index ba01ee3f8..ac12ba49b 100644
--- a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
+++ b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
@@ -76,7 +76,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index ce31df63e..f6326b21b 100644
--- a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
index d868c6661..8335726e5 100644
--- a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
+++ b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
@@ -96,7 +96,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index 779254575..c640cfe0f 100644
--- a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -106,7 +106,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
index 2389f4647..6ddb8236c 100644
--- a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
+++ b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
@@ -101,7 +101,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
index 9e5ad0b6e..d03cf9cf6 100644
--- a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
+++ b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
@@ -76,7 +76,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
index 62a72b6bf..3ab7a7a5f 100644
--- a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
+++ b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
@@ -86,7 +86,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
index 4da7a4194..786bf7900 100644
--- a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
+++ b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
@@ -56,7 +56,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
index 1592c7aa2..3d5c79c03 100644
--- a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
+++ b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
@@ -76,7 +76,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index 71ff32957..4dbd319c8 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -86,7 +86,7 @@
       "version": "Wzc4MCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
index d92d9eb83..71eb71c9a 100644
--- a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
+++ b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
@@ -108,7 +108,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index 7f4adc5e5..ff2f53315 100644
--- a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
index 8ab0bf4b8..aca9ad9c5 100644
--- a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index 4f62442fe..52d152e66 100644
--- a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -161,7 +161,7 @@
       "version": "WzgyOCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)    \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
index 27228afbe..f8e85ab23 100644
--- a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
+++ b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
@@ -86,7 +86,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
index a1f6486c9..9c57e1fc2 100644
--- a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
+++ b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
index 2dcda94a7..7e802bf4f 100644
--- a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
+++ b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index 7b40ed109..c6fe71c10 100644
--- a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
index aac77af5c..684a28843 100644
--- a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
+++ b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
@@ -106,7 +106,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
index ef82f396d..4aafe6509 100644
--- a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
@@ -66,7 +66,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
index dcf6060d4..f079ebb63 100644
--- a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
+++ b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json b/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
index 26ffe102b..f2813edfd 100644
--- a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
+++ b/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
@@ -126,7 +126,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index 226384a57..e014c26af 100644
--- a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
index 1993827cf..db86a671e 100644
--- a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
+++ b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
index fadda154d..974d776f2 100644
--- a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
+++ b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
index 7f6544d3f..4fe2b1b28 100644
--- a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
@@ -81,7 +81,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index bdcd3c499..2dd7fb9a9 100644
--- a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
index 367d16a82..34d936008 100644
--- a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
+++ b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
@@ -123,7 +123,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
index d43e29bc4..a9a0d2506 100644
--- a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
+++ b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
@@ -41,7 +41,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
index 7c84abd06..e8716af74 100644
--- a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
+++ b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
@@ -101,7 +101,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
index d40298038..2f7a95b9f 100644
--- a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
@@ -71,7 +71,7 @@
       "version": "WzU5OCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)\\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,

From a13d75a7818c597832c4bb8ed6842106bd6d55c6 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 5 Feb 2020 11:44:27 -0700
Subject: [PATCH 075/183] fix issue #112, region maps not working because of
 incorrect redirect

---
 Dockerfiles/kibana.Dockerfile  | 2 +-
 kibana/kibana-offline-maps.yml | 5 ++++-
 nginx/nginx.conf               | 8 +++++++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
index a7dd09f50..221fa45cf 100644
--- a/Dockerfiles/kibana.Dockerfile
+++ b/Dockerfiles/kibana.Dockerfile
@@ -72,7 +72,7 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     chown -R kibana:kibana /opt/kibana/dashboards /opt/maps /opt/kibana/config/kibana*.yml && \
     chmod 400 /opt/maps/* && \
     mkdir -p /var/log/supervisor && \
-    (echo -e "*/5 * * * * su -c /data/kibana-create-moloch-sessions-index.sh kibana >/dev/null 2>&1\n0 * * * * su -c /data/kibana_index_refresh.py kibana >/dev/null 2>&1\n" | crontab -) && \
+    (echo -e "*/2 * * * * su -c /data/kibana-create-moloch-sessions-index.sh kibana >/dev/null 2>&1\n0 * * * * su -c /data/kibana_index_refresh.py kibana >/dev/null 2>&1\n" | crontab -) && \
     cd /tmp && \
     echo "Installing ElastAlert plugin..." && \
       unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
diff --git a/kibana/kibana-offline-maps.yml b/kibana/kibana-offline-maps.yml
index 4ebc64dca..b40344f29 100644
--- a/kibana/kibana-offline-maps.yml
+++ b/kibana/kibana-offline-maps.yml
@@ -16,7 +16,7 @@ map.regionmap:
   includeElasticMapsService: false
   layers:
      - name: "World (offline)"
-       url: "http://localhost:${KIBANA_OFFLINE_REGION_MAPS_PORT}/world.geojson"
+       url: "/world.geojson"
        attribution: "https://exploratory.io/maps"
        fields:
           - name: "ISO_A2"
@@ -25,3 +25,6 @@ map.regionmap:
             description: "Country Code2"
           - name: "NAME"
             description: "Country Name"
+
+server.cors: true
+server.cors.origin: ['*']
\ No newline at end of file
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index efd402de6..e650536f7 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -142,7 +142,6 @@ http {
       proxy_set_header Host kibana.malcolm.local;
     }
 
-
     # already prepended /kibana to match the server.basePath in kibana's YML config file
     location /kibana {
       proxy_pass http://docker-kibana;
@@ -157,6 +156,13 @@ http {
       proxy_set_header Host kibana.malcolm.local;
     }
 
+    # offline region maps for kibana
+    location /world.geojson {
+      proxy_pass http://docker-kibana-maps;
+      proxy_redirect off;
+      proxy_set_header Host kibana.malcolm.local;
+    }
+
     location = /favicon.ico {
       alias /etc/nginx/favicon.ico;
     }

From 6fd7bb932ca75cdb9f694f2a7b44a92298736b3c Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 5 Feb 2020 11:45:34 -0700
Subject: [PATCH 076/183] fix issue #112, region maps not working because of
 incorrect redirect

---
 kibana/supervisord.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kibana/supervisord.conf b/kibana/supervisord.conf
index 80efd4126..0500de26f 100644
--- a/kibana/supervisord.conf
+++ b/kibana/supervisord.conf
@@ -30,7 +30,7 @@ stdout_logfile_maxbytes=0
 redirect_stderr=true
 
 [program:maps]
-command=/usr/bin/http-server /opt/maps --cors='*' -p %(ENV_KIBANA_OFFLINE_REGION_MAPS_PORT)s
+command=/usr/bin/http-server /opt/maps --cors='*' -d false -i false --no-dotfiles -p %(ENV_KIBANA_OFFLINE_REGION_MAPS_PORT)s
 user=kibana
 autostart=%(ENV_KIBANA_OFFLINE_REGION_MAPS)s
 startsecs=0

From 6ea8973036e9353ea974e7c75a59d7d53b3cac7f Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 5 Feb 2020 13:00:25 -0700
Subject: [PATCH 077/183] fix issue #112, region maps not working because of
 incorrect redirect

---
 kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json | 2 +-
 kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index 315d58c04..9ff9ba038 100644
--- a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -61,7 +61,7 @@
       "version": "WzExMiwxXQ==",
       "attributes": {
         "title": "Connections - Source - Sum of Total Bytes (region map)",
-        "visState": "{\"title\":\"Connections - Source - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"http://localhost:28991/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
+        "visState": "{\"title\":\"Connections - Source - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
         "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index d54e0fbef..8724fb65c 100644
--- a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -61,7 +61,7 @@
       "version": "WzIxNCwxXQ==",
       "attributes": {
         "title": "Connections - Source - Top Connection Duration (region map)",
-        "visState": "{\"title\":\"Connections - Source - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"http://localhost:28991/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
+        "visState": "{\"title\":\"Connections - Source - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
         "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index 06570be02..9cb2b5a94 100644
--- a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -61,7 +61,7 @@
       "version": "WzI3NSwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Originator Bytes (region map)",
-        "visState": "{\"title\":\"Connections - Destination - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"http://localhost:28991/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.orig_bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
+        "visState": "{\"title\":\"Connections - Destination - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.orig_bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
         "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index f6326b21b..e9683ca7b 100644
--- a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -61,7 +61,7 @@
       "version": "WzMwMCwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Responder Bytes (region map)",
-        "visState": "{\"title\":\"Connections - Destination - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"http://localhost:28991/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.resp_bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
+        "visState": "{\"title\":\"Connections - Destination - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.resp_bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
         "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index 4dbd319c8..95904b98b 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -212,7 +212,7 @@
       "version": "WzU2MCwxXQ==",
       "attributes": {
         "title": "Connections by Destination Country (region map)",
-        "visState": "{\"title\":\"Connections by Destination Country (region map)\",\"type\":\"region_map\",\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Blues\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p><a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.maptiler.com\\\">MapTiler</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"http://localhost:28991/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Connections\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_code2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}",
+        "visState": "{\"title\":\"Connections by Destination Country (region map)\",\"type\":\"region_map\",\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Blues\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p><a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.maptiler.com\\\">MapTiler</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Connections\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_code2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}",
         "uiStateJSON": "{\"mapZoom\":3,\"mapCenter\":[37.16031654673677,-5.7511603125000015]}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index ff2f53315..f9d01966a 100644
--- a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -61,7 +61,7 @@
       "version": "WzQwMiwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Sum of Total Bytes (region map)",
-        "visState": "{\"title\":\"Connections - Destination - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"http://localhost:28991/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
+        "visState": "{\"title\":\"Connections - Destination - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
         "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index c6fe71c10..3d8bf26ed 100644
--- a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -61,7 +61,7 @@
       "version": "WzQ3MiwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Top Connection Duration (region map)",
-        "visState": "{\"title\":\"Connections - Destination - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"http://localhost:28991/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
+        "visState": "{\"title\":\"Connections - Destination - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
         "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index e014c26af..fdec09b50 100644
--- a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -61,7 +61,7 @@
       "version": "WzUzNywxXQ==",
       "attributes": {
         "title": "Connections - Source - Originator Bytes (region map)",
-        "visState": "{\"title\":\"Connections - Source - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"http://localhost:28991/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.orig_bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
+        "visState": "{\"title\":\"Connections - Source - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.orig_bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
         "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index 2dd7fb9a9..47d080750 100644
--- a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -61,7 +61,7 @@
       "version": "WzU2MiwxXQ==",
       "attributes": {
         "title": "Connections - Source - Responder Bytes (region map)",
-        "visState": "{\"title\":\"Connections - Source - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"http://localhost:28991/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.resp_bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
+        "visState": "{\"title\":\"Connections - Source - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.resp_bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
         "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
         "description": "",
         "version": 1,

From ac93c4df198ef7b15866621d6569f5d4d5ff6e67 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 5 Feb 2020 13:20:16 -0700
Subject: [PATCH 078/183] fix issue #112, region maps not working because of
 incorrect redirect

---
 docker-compose-standalone-zeek-live.yml |  1 -
 docker-compose-standalone.yml           |  1 -
 docker-compose.yml                      |  1 -
 nginx/nginx.conf                        | 15 ---------------
 4 files changed, 18 deletions(-)

diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 0499b2560..47f40bb1b 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -397,7 +397,6 @@ services:
       - "8443:8443"
       - "9200:9200"
       - "9600:9600"
-      - "28991:28991"
     volumes:
       - nginx-log-path:/var/log/nginx:rw
       - /var/run/docker.sock:/tmp/docker.sock:ro
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 76813efa2..989d5484a 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -397,7 +397,6 @@ services:
       - "8443:8443"
       - "9200:9200"
       - "9600:9600"
-      - "28991:28991"
     volumes:
       - nginx-log-path:/var/log/nginx:rw
       - /var/run/docker.sock:/tmp/docker.sock:ro
diff --git a/docker-compose.yml b/docker-compose.yml
index 4acb8720e..ff5ef264d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -448,7 +448,6 @@ services:
       - "8443:8443"
       - "9200:9200"
       - "9600:9600"
-      - "28991:28991"
     volumes:
       - nginx-log-path:/var/log/nginx:rw
       - /var/run/docker.sock:/tmp/docker.sock:ro
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index e650536f7..0540a1549 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -245,21 +245,6 @@ http {
     }
   }
 
-  # Kibana offline map server
-  server {
-    listen 28991;
-
-    location = /favicon.ico {
-      alias /etc/nginx/favicon.ico;
-    }
-
-    location / {
-      proxy_pass http://docker-kibana-maps;
-      proxy_redirect off;
-      proxy_set_header Host kibana.malcolm.local;
-    }
-  }
-
   # Elasticsearch API
   server {
     listen 9200 ssl;

From 36bd5f4593b7b3fc877cd2711992bd82cc8a6c0b Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 6 Feb 2020 07:22:10 -0700
Subject: [PATCH 079/183] comments

---
 filebeat/scripts/filebeat-process-zeek-folder.sh | 2 --
 logstash/pipelines/zeek/11_zeek_logs.conf        | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/filebeat/scripts/filebeat-process-zeek-folder.sh b/filebeat/scripts/filebeat-process-zeek-folder.sh
index 83d62cc90..f11aea9d3 100755
--- a/filebeat/scripts/filebeat-process-zeek-folder.sh
+++ b/filebeat/scripts/filebeat-process-zeek-folder.sh
@@ -10,8 +10,6 @@
 # 1. move file to processed/ (preserving original subdirectory heirarchy, if any)
 # 2. calculate tags based on splitting the file path and filename (splitting on
 #    on [, -/_])
-# 3. TODO: create symlinks in /data/zeek/current/ so that filebeat can find and process them
-# 4. TODO: who cleans them up later?
 
 FILEBEAT_PREPARE_PROCESS_COUNT=1
 
diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index 6ef1709f8..559d9eb2f 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -2737,13 +2737,13 @@ filter {
   } else if ([source] == "dns") {
     #############################################################################################################################
     # dns.log specific logic
-    # todo: adjust this regex so it at least sort of catches IPv6 as well
 
     # this must be done because [dns][ip] only handles IPv4 or IPv6 addresses
     # but [answers] can contain hostnames as well
     if ([zeek_dns][answers]) {
       ruby {
         id => "ruby_zeek_dns_answers_ip_extract"
+        # todo: adjust this regex so it at least sort of catches IPv6 as well
         code => "event.set('[@metadata][answers_ip]', event.get('[zeek_dns][answers]').scan(/\d+\.\d+\.\d+\.\d+/).join(','))"
       }
       mutate { id => "mutate_split_zeek_dns_answers"

From cb3cccca07cdcb437fb4408d77247118aa6d2e78 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Fri, 7 Feb 2020 08:05:04 -0700
Subject: [PATCH 080/183] ignore logs that have been renamed and are in transit
 being archived

---
 logstash/pipelines/zeek/11_zeek_logs.conf | 34 ++++++++++++++---------
 1 file changed, 21 insertions(+), 13 deletions(-)

diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index 559d9eb2f..0e4cd4a2d 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -2401,22 +2401,30 @@ filter {
                             "[certCnt]" => "1" } }
 
   } else {
-    # some other unknown zeek log file. should start with ts at least!
-    csv {
-      id => "csv_zeek_unknown"
-      columns => [
-        "ts"]
 
-      # zeek's default delimiter is a literal tab, MAKE SURE YOUR EDITOR DOESN'T SCREW IT UP
-      separator => "	"
-      # there's no way to *disable* the csv quote char, so set it to something we'll never see
-      quote_char => ""
+    if ([source] =~ /\.\d{4}-\d{2}-\d{2}-\d{2}-\d{2}-\d{2}$/) {
+      # filebeat caught a file right in the middle of being renamed/moved (ie., renamed from conn.log to
+      # conn.2020-01-16-14-00-00.log). this has actually already been processed, so ignore this event.
+      drop { id => "drop_renamed_logfile" }
 
-      target => "[zeek_cols]"
-    }
+    } else {
+      # some other unknown zeek log file. should start with ts at least!
+      csv {
+        id => "csv_zeek_unknown"
+        columns => [
+          "ts"]
+
+        # zeek's default delimiter is a literal tab, MAKE SURE YOUR EDITOR DOESN'T SCREW IT UP
+        separator => "	"
+        # there's no way to *disable* the csv quote char, so set it to something we'll never see
+        quote_char => ""
+
+        target => "[zeek_cols]"
+      }
 
-    mutate { id => "mutate_add_tag_zeek_unknown"
-             add_tag => [ "_unknown_log_type" ] }
+      mutate { id => "mutate_add_tag_zeek_unknown"
+               add_tag => [ "_unknown_log_type" ] }
+    }
 
   } # if / else if for source type (conn.log, dns.log, etc.)
 

From 90b2ad931d6405dd889c7a795b2292987583818f Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Fri, 7 Feb 2020 10:51:34 -0700
Subject: [PATCH 081/183] updates to dashboards

---
 .../42e831b9-41a9-4f35-8b7d-e1566d368773.json |  92 +++++++++----
 .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json | 106 +++++++++-----
 .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json | 129 +++++++++---------
 3 files changed, 200 insertions(+), 127 deletions(-)

diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 2c2b5037b..0cd018425 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -4,18 +4,18 @@
     {
       "id": "42e831b9-41a9-4f35-8b7d-e1566d368773",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:24.676Z",
-      "version": "WzIyOCwxXQ==",
+      "updated_at": "2020-02-07T16:57:29.872Z",
+      "version": "WzgyOSwxXQ==",
       "attributes": {
         "title": "SMB",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":104,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":32,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":86,\"w\":48,\"h\":24,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":24,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":47,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":33,\"w\":8,\"h\":14,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":24,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":24,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":14,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":25,\"i\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\"},\"panelIndex\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -73,6 +73,11 @@
           "name": "panel_10",
           "type": "visualization",
           "id": "0fa8205d-717f-4385-a031-d15e5f1b6c08"
+        },
+        {
+          "name": "panel_11",
+          "type": "visualization",
+          "id": "b74e39c0-49ca-11ea-812f-2bc51df4ea1e"
         }
       ],
       "migrationVersion": {
@@ -82,8 +87,8 @@
     {
       "id": "e0cefef5-911e-4e38-a1ea-e67c982cb7c7",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:24.676Z",
-      "version": "WzIxNywxXQ==",
+      "updated_at": "2020-02-07T16:18:25.174Z",
+      "version": "WzM2OSwxXQ==",
       "attributes": {
         "sort": [
           [
@@ -121,8 +126,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-07T16:19:05.328Z",
+      "version": "Wzc5NCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -141,8 +146,8 @@
     {
       "id": "c4829cb4-ed05-4154-ab6c-9240f0ea0b04",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:24.676Z",
-      "version": "WzIxOSwxXQ==",
+      "updated_at": "2020-02-07T16:18:25.174Z",
+      "version": "WzM3MSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -168,8 +173,8 @@
     {
       "id": "3b82d24e-d3dd-48fa-a539-98a46ccbfd49",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:24.676Z",
-      "version": "WzIyMCwxXQ==",
+      "updated_at": "2020-02-07T16:18:25.174Z",
+      "version": "WzM3MiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -195,8 +200,8 @@
     {
       "id": "974779e2-ab49-4fe8-88db-bf5321664f1a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:24.676Z",
-      "version": "WzIyMSwxXQ==",
+      "updated_at": "2020-02-07T16:18:25.174Z",
+      "version": "WzM3MywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -222,11 +227,11 @@
     {
       "id": "3282a033-fff4-41cb-abe6-d896b4a2e03d",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:24.676Z",
-      "version": "WzIyMiwxXQ==",
+      "updated_at": "2020-02-07T16:52:14.672Z",
+      "version": "WzgyMCwxXQ==",
       "attributes": {
-        "title": "SMB - Action",
-        "visState": "{\"title\":\"SMB - Action\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+        "title": "SMB - Version",
+        "visState": "{\"title\":\"SMB - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SMB Version\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -237,8 +242,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "e0cefef5-911e-4e38-a1ea-e67c982cb7c7"
         }
       ],
@@ -249,8 +254,8 @@
     {
       "id": "02359f84-0114-4d9d-8731-2b6820722e32",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:24.676Z",
-      "version": "WzIyMywxXQ==",
+      "updated_at": "2020-02-07T16:18:25.174Z",
+      "version": "WzM3NSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - File Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}",
         "description": "",
@@ -276,8 +281,8 @@
     {
       "id": "c8f1ff18-93e9-4ce9-a188-c947f7dadc05",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:24.676Z",
-      "version": "WzIyNCwxXQ==",
+      "updated_at": "2020-02-07T16:18:25.174Z",
+      "version": "WzM3NiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}",
         "description": "",
@@ -303,8 +308,8 @@
     {
       "id": "24b9dbff-7362-4982-9ce7-660001594ff9",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:24.676Z",
-      "version": "WzIyNSwxXQ==",
+      "updated_at": "2020-02-07T16:18:25.174Z",
+      "version": "WzM3NywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -330,8 +335,8 @@
     {
       "id": "AWDHDfDkxQT5EBNmq4fQ",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:24.676Z",
-      "version": "WzIyNiwxXQ==",
+      "updated_at": "2020-02-07T16:18:25.174Z",
+      "version": "WzM3OCwxXQ==",
       "attributes": {
         "title": "SMB - Log Count",
         "visState": "{\"title\":\"SMB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -357,11 +362,11 @@
     {
       "id": "0fa8205d-717f-4385-a031-d15e5f1b6c08",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:24.676Z",
-      "version": "WzIyNywxXQ==",
+      "updated_at": "2020-02-07T16:53:56.975Z",
+      "version": "WzgyMiwxXQ==",
       "attributes": {
         "title": "SMB - Destination Port",
-        "visState": "{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}",
+        "visState": "{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "description": "",
         "version": 1,
@@ -372,8 +377,35 @@
       },
       "references": [
         {
+          "name": "search_0",
           "type": "search",
+          "id": "e0cefef5-911e-4e38-a1ea-e67c982cb7c7"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "b74e39c0-49ca-11ea-812f-2bc51df4ea1e",
+      "type": "visualization",
+      "updated_at": "2020-02-07T16:55:59.580Z",
+      "version": "WzgyNCwxXQ==",
+      "attributes": {
+        "title": "SMB Action",
+        "visState": "{\"title\":\"SMB Action\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
           "name": "search_0",
+          "type": "search",
           "id": "e0cefef5-911e-4e38-a1ea-e67c982cb7c7"
         }
       ],
diff --git a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
index b0a6d900f..31fdfa177 100644
--- a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
+++ b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
@@ -4,13 +4,13 @@
     {
       "id": "4a4bde20-4760-11ea-949c-bbb5a9feecbf",
       "type": "dashboard",
-      "updated_at": "2020-02-04T23:00:49.784Z",
-      "version": "WzgyNiwxXQ==",
+      "updated_at": "2020-02-07T16:34:48.441Z",
+      "version": "WzgxNCwxXQ==",
       "attributes": {
         "title": "ICS/IoT Security Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":34,\"i\":\"02fde066-221d-4262-ae35-742f7bb8933c\"},\"panelIndex\":\"02fde066-221d-4262-ae35-742f7bb8933c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":16,\"i\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\"},\"panelIndex\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":16,\"w\":32,\"h\":18,\"i\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\"},\"panelIndex\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":11,\"i\":\"bd55e05a-927a-4bcb-9cc8-7cee53bf8203\"},\"panelIndex\":\"bd55e05a-927a-4bcb-9cc8-7cee53bf8203\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":16,\"h\":18,\"i\":\"f339fb9a-7660-4b97-9245-14116c969ec9\"},\"panelIndex\":\"f339fb9a-7660-4b97-9245-14116c969ec9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":34,\"w\":20,\"h\":37,\"i\":\"ab1a666c-19f2-4954-81b7-18554a95818f\"},\"panelIndex\":\"ab1a666c-19f2-4954-81b7-18554a95818f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":18,\"i\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\"},\"panelIndex\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":52,\"w\":16,\"h\":19,\"i\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\"},\"panelIndex\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":36,\"y\":52,\"w\":12,\"h\":19,\"i\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\"},\"panelIndex\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":27,\"i\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\"},\"panelIndex\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":34,\"i\":\"02fde066-221d-4262-ae35-742f7bb8933c\"},\"panelIndex\":\"02fde066-221d-4262-ae35-742f7bb8933c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":16,\"i\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\"},\"panelIndex\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":16,\"w\":32,\"h\":18,\"i\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\"},\"panelIndex\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":11,\"i\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\"},\"panelIndex\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":16,\"h\":18,\"i\":\"f339fb9a-7660-4b97-9245-14116c969ec9\"},\"panelIndex\":\"f339fb9a-7660-4b97-9245-14116c969ec9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":34,\"w\":20,\"h\":37,\"i\":\"ab1a666c-19f2-4954-81b7-18554a95818f\"},\"panelIndex\":\"ab1a666c-19f2-4954-81b7-18554a95818f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":18,\"i\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\"},\"panelIndex\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":52,\"w\":16,\"h\":19,\"i\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\"},\"panelIndex\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":36,\"y\":52,\"w\":12,\"h\":19,\"i\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\"},\"panelIndex\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":27,\"i\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\"},\"panelIndex\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -42,7 +42,7 @@
         {
           "name": "panel_4",
           "type": "visualization",
-          "id": "d6456b60-479e-11ea-86b0-e3b81eb90684"
+          "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e"
         },
         {
           "name": "panel_5",
@@ -82,8 +82,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:26:05.610Z",
-      "version": "Wzc4OSwxXQ==",
+      "updated_at": "2020-02-07T16:19:05.328Z",
+      "version": "Wzc5NCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -102,7 +102,7 @@
     {
       "id": "31e06210-4761-11ea-949c-bbb5a9feecbf",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:27.608Z",
+      "updated_at": "2020-02-07T16:18:27.234Z",
       "version": "WzQxMCwxXQ==",
       "attributes": {
         "title": "ICS/IoT Log Counts",
@@ -129,7 +129,7 @@
     {
       "id": "b614fcd0-4761-11ea-949c-bbb5a9feecbf",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:27.608Z",
+      "updated_at": "2020-02-07T16:18:27.234Z",
       "version": "WzQxMSwxXQ==",
       "attributes": {
         "title": "ICS/IoT Traffic Over Time",
@@ -156,8 +156,8 @@
     {
       "id": "71d832b0-4763-11ea-949c-bbb5a9feecbf",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:47:01.917Z",
-      "version": "WzgxMiwxXQ==",
+      "updated_at": "2020-02-07T16:18:27.234Z",
+      "version": "WzQxMiwxXQ==",
       "attributes": {
         "title": "ICS/IoT External Traffic",
         "visState": "{\"title\":\"ICS/IoT External Traffic\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Destination Country\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.source_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Country\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Destination Country\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Country\"}}]}",
@@ -181,25 +181,26 @@
       }
     },
     {
-      "id": "d6456b60-479e-11ea-86b0-e3b81eb90684",
+      "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:37:44.830Z",
-      "version": "WzgwNywxXQ==",
+      "updated_at": "2020-02-07T16:34:15.061Z",
+      "version": "WzgxMywxXQ==",
       "attributes": {
         "title": "Network Layer",
         "visState": "{\"title\":\"Network Layer\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Layer\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
+        "uiStateJSON": "{}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
+          "name": "search_0",
+          "type": "search",
+          "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
       "migrationVersion": {
@@ -209,8 +210,8 @@
     {
       "id": "f17fab90-4760-11ea-949c-bbb5a9feecbf",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:50:53.991Z",
-      "version": "WzgxOCwxXQ==",
+      "updated_at": "2020-02-07T16:18:27.234Z",
+      "version": "WzQxNCwxXQ==",
       "attributes": {
         "title": "ICS/IoT Actions",
         "visState": "{\"title\":\"ICS/IoT Actions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}}]}",
@@ -236,8 +237,8 @@
     {
       "id": "0db533e0-47a0-11ea-86b0-e3b81eb90684",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:50:09.107Z",
-      "version": "WzgxNywxXQ==",
+      "updated_at": "2020-02-07T16:18:27.234Z",
+      "version": "WzQxNSwxXQ==",
       "attributes": {
         "title": "Non-ICS/IoT Protocols Observed",
         "visState": "{\"title\":\"Non-ICS/IoT Protocols Observed\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
@@ -262,8 +263,8 @@
     {
       "id": "60e83820-4762-11ea-949c-bbb5a9feecbf",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:27.608Z",
-      "version": "WzQxNCwxXQ==",
+      "updated_at": "2020-02-07T16:18:27.234Z",
+      "version": "WzQxNiwxXQ==",
       "attributes": {
         "title": "ICS/IoT Source IP",
         "visState": "{\"title\":\"ICS/IoT Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}",
@@ -289,8 +290,8 @@
     {
       "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684",
       "type": "visualization",
-      "updated_at": "2020-02-04T23:00:17.507Z",
-      "version": "WzgyNCwxXQ==",
+      "updated_at": "2020-02-07T16:18:27.234Z",
+      "version": "WzQxNywxXQ==",
       "attributes": {
         "title": "File Types by Transport",
         "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.filetype\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_files.source\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}",
@@ -316,8 +317,8 @@
     {
       "id": "8253ab70-4762-11ea-949c-bbb5a9feecbf",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:27.608Z",
-      "version": "WzQxNSwxXQ==",
+      "updated_at": "2020-02-07T16:18:27.234Z",
+      "version": "WzQxOCwxXQ==",
       "attributes": {
         "title": "ICS/IoT Destination IP",
         "visState": "{\"title\":\"ICS/IoT Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}",
@@ -343,8 +344,8 @@
     {
       "id": "1dc3dfb0-4760-11ea-949c-bbb5a9feecbf",
       "type": "search",
-      "updated_at": "2020-02-04T22:25:27.608Z",
-      "version": "WzQxNiwxXQ==",
+      "updated_at": "2020-02-07T16:18:27.234Z",
+      "version": "WzQxOSwxXQ==",
       "attributes": {
         "title": "ICS/IoT Logs",
         "description": "",
@@ -380,11 +381,50 @@
         "search": "7.4.0"
       }
     },
+    {
+      "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
+      "type": "search",
+      "updated_at": "2020-02-07T16:19:03.276Z",
+      "version": "Wzc3NywxXQ==",
+      "attributes": {
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "hits": 0,
+        "description": "",
+        "title": "Connections - Logs",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        },
+        "columns": [
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "zeek.uid",
+          "_id"
+        ]
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
+    },
     {
       "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459",
       "type": "search",
-      "updated_at": "2020-02-04T22:25:45.061Z",
-      "version": "WzU4MywxXQ==",
+      "updated_at": "2020-02-07T16:18:44.769Z",
+      "version": "WzU4NywxXQ==",
       "attributes": {
         "sort": [
           [
diff --git a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index 52d152e66..18afa9b3c 100644
--- a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -4,13 +4,13 @@
     {
       "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4",
       "type": "dashboard",
-      "updated_at": "2020-02-05T14:01:31.617Z",
-      "version": "WzgzNiwxXQ==",
+      "updated_at": "2020-02-07T16:35:58.688Z",
+      "version": "WzgxNiwxXQ==",
       "attributes": {
         "title": "Connections",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":134,\"w\":16,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":134,\"w\":16,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":195,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":195,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":195,\"w\":16,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":20,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":215,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_13\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":91,\"w\":19,\"h\":7,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":19,\"y\":73,\"w\":29,\"h\":25,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":134,\"w\":16,\"h\":21,\"i\":\"31\"},\"panelIndex\":\"31\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":175,\"w\":24,\"h\":20,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_18\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":175,\"w\":24,\"h\":20,\"i\":\"33\"},\"panelIndex\":\"33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_19\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":155,\"w\":24,\"h\":20,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{},\"panelRefName\":\"panel_20\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":155,\"w\":24,\"h\":20,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{},\"panelRefName\":\"panel_21\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":25,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{},\"panelRefName\":\"panel_22\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":25,\"i\":\"37\"},\"panelIndex\":\"37\",\"embeddableConfig\":{},\"panelRefName\":\"panel_23\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":73,\"w\":19,\"h\":18,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_24\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":8,\"h\":14,\"i\":\"8f2034f5-d92d-4007-94b3-195b63354888\"},\"panelIndex\":\"8f2034f5-d92d-4007-94b3-195b63354888\",\"embeddableConfig\":{},\"panelRefName\":\"panel_25\"}]",
+        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":134,\"w\":16,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":134,\"w\":16,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":195,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":195,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":195,\"w\":16,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":20,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":215,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_13\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":91,\"w\":19,\"h\":7,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":19,\"y\":73,\"w\":29,\"h\":25,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":134,\"w\":16,\"h\":21,\"i\":\"31\"},\"panelIndex\":\"31\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":175,\"w\":24,\"h\":20,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_18\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":175,\"w\":24,\"h\":20,\"i\":\"33\"},\"panelIndex\":\"33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_19\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":155,\"w\":24,\"h\":20,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{},\"panelRefName\":\"panel_20\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":155,\"w\":24,\"h\":20,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{},\"panelRefName\":\"panel_21\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":25,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{},\"panelRefName\":\"panel_22\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":25,\"i\":\"37\"},\"panelIndex\":\"37\",\"embeddableConfig\":{},\"panelRefName\":\"panel_23\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":73,\"w\":19,\"h\":18,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_24\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":8,\"h\":14,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\"},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"embeddableConfig\":{},\"panelRefName\":\"panel_25\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -147,7 +147,7 @@
         {
           "name": "panel_25",
           "type": "visualization",
-          "id": "d6456b60-479e-11ea-86b0-e3b81eb90684"
+          "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e"
         }
       ],
       "migrationVersion": {
@@ -157,11 +157,11 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-02-04T23:06:19.018Z",
-      "version": "WzgyOCwxXQ==",
+      "updated_at": "2020-02-07T16:19:05.328Z",
+      "version": "Wzc5NCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)    \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}",
+        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -177,8 +177,8 @@
     {
       "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYxMCwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYxNCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -204,8 +204,8 @@
     {
       "id": "52013c7c-c554-450e-9198-dbafdc050459",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYxMSwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYxNSwxXQ==",
       "attributes": {
         "title": "Connections - Service By Destination Country",
         "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.service\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}",
@@ -231,8 +231,8 @@
     {
       "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYxMiwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYxNiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -258,8 +258,8 @@
     {
       "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYxMywxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYxNywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -285,8 +285,8 @@
     {
       "id": "d25f4abc-24af-405e-a6f6-873277fe5771",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYxNCwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYxOCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.source_geo.country_code2\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}",
         "description": "",
@@ -312,8 +312,8 @@
     {
       "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYxNSwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYxOSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_conn.resp_bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}",
         "description": "",
@@ -339,8 +339,8 @@
     {
       "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYxNiwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYyMCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_conn.missed_bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}",
         "description": "",
@@ -366,8 +366,8 @@
     {
       "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYxNywxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYyMSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_conn.conn_state_description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection State Description\"}}],\"listeners\":{}}",
         "description": "",
@@ -393,8 +393,8 @@
     {
       "id": "73528008-f11d-4faa-8f69-a5bf23507b8f",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYxOCwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYyMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.uid\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.uid\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}}],\"listeners\":{}}",
         "description": "",
@@ -420,8 +420,8 @@
     {
       "id": "faa08629-0011-4b38-8b74-3ba86b59155f",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYxOSwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYyMywxXQ==",
       "attributes": {
         "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"totBytes\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"dstIp\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"dstIp\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":20},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\"}",
         "description": "",
@@ -447,8 +447,8 @@
     {
       "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYyMCwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYyNCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max totBytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}",
         "description": "",
@@ -474,8 +474,8 @@
     {
       "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYyMSwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYyNSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -501,8 +501,8 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-04T22:26:03.530Z",
-      "version": "Wzc3MiwxXQ==",
+      "updated_at": "2020-02-07T16:19:03.276Z",
+      "version": "Wzc3NywxXQ==",
       "attributes": {
         "sort": [
           [
@@ -540,8 +540,8 @@
     {
       "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYyMywxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYyNywxXQ==",
       "attributes": {
         "title": "Connections - Maps",
         "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) | [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327)   \\n[Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) | [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644)   \\n[Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) | [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) | [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8)   \\n[Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) | [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8)   \\n[Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) | [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -560,8 +560,8 @@
     {
       "id": "AWDG71xFxQT5EBNmq336",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYyNCwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYyOCwxXQ==",
       "attributes": {
         "title": "Connections - Log Count",
         "visState": "{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -587,8 +587,8 @@
     {
       "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYyNSwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYyOSwxXQ==",
       "attributes": {
         "title": "Connections - Total Bytes Per Source/Destination IP Pair",
         "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"totBytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"srcIp\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"totBytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"dstIp\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"totBytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":15,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}",
@@ -614,8 +614,8 @@
     {
       "id": "568c74ff-3ef3-45ba-a178-0520633697bd",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYyNiwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYzMCwxXQ==",
       "attributes": {
         "title": "Connections - Destination Port",
         "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}",
@@ -641,8 +641,8 @@
     {
       "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYyNywxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYzMSwxXQ==",
       "attributes": {
         "title": "Connections - Source MAC OUI",
         "visState": "{\"title\":\"Connections - Source MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.orig_l2_oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}",
@@ -668,8 +668,8 @@
     {
       "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYyOCwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYzMiwxXQ==",
       "attributes": {
         "title": "Connections - Destination MAC OUI",
         "visState": "{\"title\":\"Connections - Destination MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.resp_l2_oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}",
@@ -695,8 +695,8 @@
     {
       "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYyOSwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYzMywxXQ==",
       "attributes": {
         "title": "Connections - Source MAC Address",
         "visState": "{\"title\":\"Connections - Source MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcMac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcOui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}",
@@ -722,8 +722,8 @@
     {
       "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYzMCwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYzNCwxXQ==",
       "attributes": {
         "title": "Connections - Destination MAC Address",
         "visState": "{\"title\":\"Connections - Destination MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstMac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstOui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}",
@@ -749,8 +749,8 @@
     {
       "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYzMSwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYzNSwxXQ==",
       "attributes": {
         "title": "Connections - Top 10 - Total Bytes By Source MAC OUI",
         "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcOui\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"srcOui\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}",
@@ -776,8 +776,8 @@
     {
       "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYzMiwxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYzNiwxXQ==",
       "attributes": {
         "title": "Connections - Top 10 - Total Bytes By Destination MAC OUI",
         "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstOui\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dstOui\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}",
@@ -803,8 +803,8 @@
     {
       "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:25:48.157Z",
-      "version": "WzYzMywxXQ==",
+      "updated_at": "2020-02-07T16:18:47.877Z",
+      "version": "WzYzNywxXQ==",
       "attributes": {
         "title": "Connections - Protocol",
         "visState": "{\"title\":\"Connections - Protocol\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.proto\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
@@ -828,25 +828,26 @@
       }
     },
     {
-      "id": "d6456b60-479e-11ea-86b0-e3b81eb90684",
+      "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e",
       "type": "visualization",
-      "updated_at": "2020-02-04T22:37:44.830Z",
-      "version": "WzgwNywxXQ==",
+      "updated_at": "2020-02-07T16:34:15.061Z",
+      "version": "WzgxMywxXQ==",
       "attributes": {
         "title": "Network Layer",
         "visState": "{\"title\":\"Network Layer\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Layer\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
+        "uiStateJSON": "{}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
+          "name": "search_0",
+          "type": "search",
+          "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
       "migrationVersion": {

From 1636a3836d9443b6bfa88bc2fc445fa2852c8a9b Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Fri, 7 Feb 2020 12:56:42 -0700
Subject: [PATCH 082/183] fix kibana_index_refresh.py for python2

---
 kibana/scripts/kibana_index_refresh.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kibana/scripts/kibana_index_refresh.py b/kibana/scripts/kibana_index_refresh.py
index d0d7079bc..7d0d1ada6 100755
--- a/kibana/scripts/kibana_index_refresh.py
+++ b/kibana/scripts/kibana_index_refresh.py
@@ -84,7 +84,7 @@ def main():
     params={
       'type': 'index-pattern',
       'fields': 'id',
-      'search': f'"{args.index}"'
+      'search': '"{}"'.format(args.index)
     }
   )
   getIndexInfoResponse.raise_for_status()

From 9dfe53f131ac9efabe1aafe8c36813b53f4b2be7 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Fri, 7 Feb 2020 14:49:12 -0700
Subject: [PATCH 083/183] fix non-ics/iot protocols dashboard

---
 kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
index 31fdfa177..dd7935f2e 100644
--- a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
+++ b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
@@ -246,7 +246,7 @@
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"NOT zeek.logType:(bacnet OR cip OR dnp3 OR enip* iso_cotp OR *modbus* OR mqtt* OR profinet* OR s7comm)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"NOT zeek.service:(bacnet OR cip OR dnp3* OR enip OR cotp OR modbus OR mqtt OR profinet* OR s7comm)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [

From ef53f65224f6918afbc6f1c593e59f4d4d612a19 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 11 Feb 2020 10:58:22 -0700
Subject: [PATCH 084/183] bump version to 7.6.0 for elastic

---
 Dockerfiles/filebeat.Dockerfile               |   2 +-
 Dockerfiles/kibana.Dockerfile                 |  14 +-
 Dockerfiles/logstash.Dockerfile               |   2 +-
 README.md                                     |   4 +-
 docker-compose-standalone-zeek-live.yml       |   2 +-
 docker-compose-standalone.yml                 |   2 +-
 docker-compose.yml                            |   2 +-
 .../ebdca7741674eca4e1fadeca157f3ae6.svg      | 158 ------------------
 .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json |   2 +-
 .../05e3e000-f118-11e9-acda-83a8e29e1a24.json |   4 +-
 .../078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json |   2 +-
 .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json |   2 +-
 .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json |   4 +-
 .../0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json |   2 +-
 .../0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json |   2 +-
 .../11be6381-beef-40a7-bdce-88c5398392fc.json |   2 +-
 .../11ddd980-e388-11e9-b568-cf17de8e860c.json |   4 +-
 .../152f29dc-51a2-4f53-93e9-6e92765567b8.json |   4 +-
 .../1ce42250-3f99-11e9-a58e-8bdedb0915e8.json |   4 +-
 .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json |   2 +-
 .../29a1b290-eb98-11e9-a384-0fcf32210194.json |   4 +-
 .../2bec1490-eb94-11e9-a384-0fcf32210194.json |   4 +-
 .../2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json |   2 +-
 .../2d98bb8e-214c-4374-837b-20e1bcd63a5e.json |   2 +-
 .../32587740-ef88-11e9-b38a-2db3ee640e88.json |   4 +-
 .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json |   2 +-
 .../37041ee1-79c0-4684-a436-3173b0e89876.json |   2 +-
 .../39abfe30-3f99-11e9-a58e-8bdedb0915e8.json |   4 +-
 .../42e831b9-41a9-4f35-8b7d-e1566d368773.json |   4 +-
 .../432af556-c5c0-4cc3-8166-b274b4e3a406.json |   2 +-
 .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json |   4 +-
 .../4e5f106e-c60a-4226-8f64-d534abb912ab.json |   2 +-
 .../50ced171-1b10-4c3f-8b67-2db9635661a6.json |   2 +-
 .../543118a9-02d7-43fe-b669-b8652177fc37.json |   2 +-
 .../55e332d0-3f99-11e9-a58e-8bdedb0915e8.json |   4 +-
 .../60d78fbd-471c-4f59-a9e3-189b33a13644.json |   2 +-
 .../665d1610-523d-11e9-a30e-e3576242f3ed.json |   4 +-
 .../76f2f912-80da-44cd-ab66-6a73c8344cc3.json |   2 +-
 .../77fc9960-3f99-11e9-a58e-8bdedb0915e8.json |   4 +-
 .../7f41913f-cba8-43f5-82a8-241b7ead03e0.json |   2 +-
 .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json |   4 +-
 .../82da3101-2a9c-4ae2-bb61-d447a3fbe673.json |   2 +-
 .../870a5862-6c26-4a08-99fd-0c06cda85ba3.json |   2 +-
 .../87a32f90-ef58-11e9-974e-9d600036d105.json |   4 +-
 .../87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json |   2 +-
 .../92985909-dc29-4533-9e80-d3182a0ecf1d.json |   2 +-
 .../95479950-41f2-11ea-88fa-7151df485405.json |   4 +-
 .../9ee51f94-3316-4fc5-bd89-93a52af69714.json |   2 +-
 .../a16110b0-3f99-11e9-a58e-8bdedb0915e8.json |   4 +-
 .../a7514350-eba6-11e9-a384-0fcf32210194.json |   4 +-
 .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json |   4 +-
 .../ae79b7d1-4281-4095-b2f6-fa7eafda9970.json |   2 +-
 .../af5df620-eeb6-11e9-bdef-65a192b7f586.json |   4 +-
 .../b50c8d17-6ed3-4de6-aed4-5181032810b2.json |   2 +-
 .../b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json |   4 +-
 .../bb827f8e-639e-468c-93c8-9f5bc132eb8f.json |   2 +-
 .../bed185a0-ef82-11e9-b38a-2db3ee640e88.json |   4 +-
 .../caef3ade-d289-4d05-a511-149f3e97f238.json |   2 +-
 .../d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json |   2 +-
 .../d41fe630-3f98-11e9-a58e-8bdedb0915e8.json |   4 +-
 .../d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json |   2 +-
 .../e09a4b86-29b5-4256-bb3b-802ac9f90404.json |   2 +-
 .../e76d05c0-eb9f-11e9-a384-0fcf32210194.json |   4 +-
 .../ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json |   4 +-
 .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json |   2 +-
 .../f394057d-1b16-4174-b994-7045f423a416.json |   2 +-
 .../f77bf097-18a8-465c-b634-eb2acc7a4f26.json |   2 +-
 .../fa141950-ef89-11e9-b38a-2db3ee640e88.json |   4 +-
 .../hooks/normal/0910-agg-build.hook.chroot   |   2 +-
 .../Auditbeat-auditd-overview-custom.json     |   2 +-
 .../Filebeat-syslog-custom.json               |   2 +-
 sensor-iso/beats/Dockerfile                   |   2 +-
 sensor-iso/beats/beat-build.sh                |   2 +-
 .../normal/0910-sensor-build.hook.chroot      |   2 +-
 .../Auditbeat-auditd-overview-custom.json     |   2 +-
 .../Filebeat-syslog-custom.json               |   2 +-
 sensor-iso/docs/Notes.md                      |   2 +-
 .../heatbeat/protologbeat.template.json       |   2 +-
 78 files changed, 110 insertions(+), 270 deletions(-)
 delete mode 100644 docs/images/kibana/ebdca7741674eca4e1fadeca157f3ae6.svg

diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile
index 07a3a5226..c01a07ac3 100644
--- a/Dockerfiles/filebeat.Dockerfile
+++ b/Dockerfiles/filebeat.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/beats/filebeat-oss:7.5.1
+FROM docker.elastic.co/beats/filebeat-oss:7.6.0
 
 # Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
index 221fa45cf..d3168e328 100644
--- a/Dockerfiles/kibana.Dockerfile
+++ b/Dockerfiles/kibana.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/kibana/kibana-oss:7.5.1
+FROM docker.elastic.co/kibana/kibana-oss:7.6.0
 
 # Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
@@ -51,7 +51,7 @@ ADD https://github.com/bitsensor/elastalert-kibana-plugin/releases/download/1.1.
 
 # todo: these extra plugins are kind of gutted right now with 7.5.x, need to fix
 
-ADD https://github.com/prelert/kibana-swimlane-vis/releases/download/v7.5.1/prelert_swimlane_vis-7.5.1.zip /tmp/kibana-swimlane.zip
+ADD https://github.com/prelert/kibana-swimlane-vis/releases/download/v7.5.2/prelert_swimlane_vis-7.5.2.zip /tmp/kibana-swimlane.zip
 # ADD https://github.com/gwintzer/kibana-comments-app-plugin/releases/download/7.4.0/kibana-comments-app-plugin-7.4.0-latest.zip /tmp/kibana-comments.zip
 
 # see https://github.com/walterra/kibana-milestones-vis/issues/9
@@ -76,13 +76,13 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     cd /tmp && \
     echo "Installing ElastAlert plugin..." && \
       unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
-      sed -i "s/7\.5\.0/7\.5\.1/g" kibana/elastalert-kibana-plugin/package.json && \
+      sed -i "s/7\.5\.0/7\.6\.0/g" kibana/elastalert-kibana-plugin/package.json && \
       zip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
       /usr/share/kibana/bin/kibana-plugin install file:///tmp/elastalert-kibana-plugin.zip --allow-root && \
       rm -f /tmp/elastalert-kibana-plugin.zip && \
     echo "Installing Swimlanes visualization..." && \
       unzip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
-      sed -i "s/7\.5\.1/7\.5\.1/g" kibana/prelert_swimlane_vis/package.json && \
+      sed -i "s/7\.5\.1/7\.6\.0/g" kibana/prelert_swimlane_vis/package.json && \
       zip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
       /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
       bash -c "find /usr/share/kibana/plugins/prelert_swimlane_vis/ -type f -exec chmod 644 '{}' \;" && \
@@ -90,7 +90,7 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     ## && \
     ## echo "Installing Comments visualization..." && \
     ##   unzip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
-    ##   sed -i "s/7\.4\.0/7\.5\.1/g" kibana/kibana-comments-app-plugin/package.json && \
+    ##   sed -i "s/7\.4\.0/7\.6\.0/g" kibana/kibana-comments-app-plugin/package.json && \
     ##   zip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
     ##   /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-comments.zip --allow-root && \
     ##   rm -rf /tmp/kibana-comments.zip /tmp/kibana && \
@@ -98,13 +98,11 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     ## && \
     ## echo "Installing Milestones visualization..." && \
     ##  unzip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
-    ##  sed -i "s/7\.1\.1/7\.5\.1/g" kibana/kibana-milestones-vis/package.json && \
+    ##  sed -i "s/7\.1\.1/7\.6\.0/g" kibana/kibana-milestones-vis/package.json && \
     ##  zip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
     ##  /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-milestones.zip --allow-root && \
     ##  rm -rf /tmp/kibana-milestones.zip /tmp/kibana
 
-ADD docs/images/kibana/ebdca7741674eca4e1fadeca157f3ae6.svg /usr/share/kibana/optimize/bundles/ebdca7741674eca4e1fadeca157f3ae6.svg
-
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf", "-u", "root", "-n"]
 
 
diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile
index 4cb919ae5..efec7634a 100644
--- a/Dockerfiles/logstash.Dockerfile
+++ b/Dockerfiles/logstash.Dockerfile
@@ -42,7 +42,7 @@ RUN /bin/bash -lc "command curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -
     git clone --depth 1 https://github.com/mmguero/logstash-filter-ieee_oui.git /opt/logstash-filter-ieee_oui && \
     /bin/bash -lc "cd /opt/logstash-filter-ieee_oui && bundle install && gem build logstash-filter-ieee_oui.gemspec && bundle info logstash-filter-ieee_oui"
 
-FROM docker.elastic.co/logstash/logstash-oss:7.5.1
+FROM docker.elastic.co/logstash/logstash-oss:7.6.0
 USER root
 
 COPY --from=build /opt/logstash-filter-ieee_oui /opt/logstash-filter-ieee_oui
diff --git a/README.md b/README.md
index b6ae8fbe1..1f7dc6734 100644
--- a/README.md
+++ b/README.md
@@ -141,7 +141,7 @@ malcolmnetsec/nginx-proxy                           2.0.0               xxxxxxxx
 malcolmnetsec/elastalert                            2.0.0               xxxxxxxxxxxx        30 minutes ago      276MB
 malcolmnetsec/htadmin                               2.0.0               xxxxxxxxxxxx        31 minutes ago      256MB
 malcolmnetsec/freq                                  2.0.0               xxxxxxxxxxxx        32 minutes ago      188MB
-docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         825MB
+docker.elastic.co/elasticsearch/elasticsearch-oss   7.6.0               xxxxxxxxxxxx        5 weeks ago         825MB
 ```
 
 You must run [`auth_setup`](#AuthSetup) prior to running `docker-compose pull`. You should also ensure your system configuration and `docker-compose.yml` settings are tuned by running `./scripts/install.py` or `./scripts/install.py --configure` (see [System configuration and tuning](#ConfigAndTuning)).
@@ -1771,7 +1771,7 @@ malcolmnetsec/kibana-oss                            2.0.0               xxxxxxxx
 malcolmnetsec/filebeat-oss                          2.0.0               xxxxxxxxxxxx        11 days ago         459MB
 malcolmnetsec/elastalert                            2.0.0               xxxxxxxxxxxx        11 days ago         276MB
 malcolmnetsec/freq                                  2.0.0               xxxxxxxxxxxx        11 days ago         188MB
-docker.elastic.co/elasticsearch/elasticsearch-oss   7.5.1               xxxxxxxxxxxx        5 weeks ago         769MB
+docker.elastic.co/elasticsearch/elasticsearch-oss   7.6.0               xxxxxxxxxxxx        5 weeks ago         769MB
 ```
 
 Finally, we can start Malcolm. When Malcolm starts it will stream informational and debug messages to the console. If you wish, you can safely close the console or use `Ctrl+C` to stop these messages; Malcolm will continue running in the background.
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 47f40bb1b..273708ecb 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -98,7 +98,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.1
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.0
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 989d5484a..b5108b7ec 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -98,7 +98,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.1
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.0
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/docker-compose.yml b/docker-compose.yml
index ff5ef264d..f5d6a913a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -98,7 +98,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.1
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.0
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/docs/images/kibana/ebdca7741674eca4e1fadeca157f3ae6.svg b/docs/images/kibana/ebdca7741674eca4e1fadeca157f3ae6.svg
deleted file mode 100644
index c821d0e13..000000000
--- a/docs/images/kibana/ebdca7741674eca4e1fadeca157f3ae6.svg
+++ /dev/null
@@ -1,158 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:xlink="http://www.w3.org/1999/xlink"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   viewBox="0 0 147 51"
-   version="1.1"
-   id="svg14"
-   sodipodi:docname="ebdca7741674eca4e1fadeca157f3ae6.svg"
-   inkscape:version="0.92.1 r15371">
-  <metadata
-     id="metadata20">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title />
-      </cc:Work>
-    </rdf:RDF>
-  </metadata>
-  <defs
-     id="defs18" />
-  <sodipodi:namedview
-     pagecolor="#ffffff"
-     bordercolor="#666666"
-     borderopacity="1"
-     objecttolerance="10"
-     gridtolerance="10"
-     guidetolerance="10"
-     inkscape:pageopacity="0"
-     inkscape:pageshadow="2"
-     inkscape:window-width="2309"
-     inkscape:window-height="1062"
-     id="namedview16"
-     showgrid="false"
-     inkscape:zoom="7.2602824"
-     inkscape:cx="29.944128"
-     inkscape:cy="59.511355"
-     inkscape:window-x="8"
-     inkscape:window-y="32"
-     inkscape:window-maximized="0"
-     inkscape:current-layer="svg14"
-     inkscape:pagecheckerboard="true" />
-  <g
-     id="g3901"
-     transform="matrix(0.15027848,0,0,0.15027848,49.262456,29.778936)">
-    <text
-       inkscape:export-ydpi="96"
-       inkscape:export-xdpi="96"
-       id="text135"
-       y="49.527538"
-       x="159.83919"
-       style="font-style:normal;font-weight:normal;font-size:40px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none"
-       xml:space="preserve"><tspan
-         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:213.33332825px;line-height:1.25;font-family:'TeX Gyre Adventor';-inkscape-font-specification:'TeX Gyre Adventor Bold';text-align:center;letter-spacing:16px;text-anchor:middle"
-         y="49.527538"
-         x="167.83917"
-         id="tspan133"
-         sodipodi:role="line">Malc  lm</tspan></text>
-    <g
-       transform="translate(-343.21581,-578.47246)"
-       id="g45">
-      <g
-         transform="matrix(0.37234303,0,0,0.37234303,561.91556,455.05161)"
-         style="fill:none;stroke:#888888;stroke-width:0.75999999px"
-         id="g226"
-         inkscape:export-xdpi="96"
-         inkscape:export-ydpi="96">
-        <path
-           inkscape:connector-curvature="0"
-           d="M -59.34,433.6 559.26,76.4"
-           id="path220" />
-        <path
-           inkscape:connector-curvature="0"
-           d="M 559.3,433.6 -59.3,76.4"
-           id="path222" />
-        <path
-           inkscape:connector-curvature="0"
-           d="M 250,-102.2 V 612.2"
-           id="path224" />
-      </g>
-      <use
-         height="100%"
-         width="100%"
-         y="0"
-         x="0"
-         xlink:href="#a"
-         transform="matrix(-0.5,-0.866,0.866,-0.5,507.08003,1390.7296)"
-         id="use228"
-         inkscape:export-xdpi="96"
-         inkscape:export-ydpi="96" />
-      <use
-         height="100%"
-         width="100%"
-         y="0"
-         x="0"
-         xlink:href="#a"
-         transform="matrix(-0.5,0.866,-0.866,-0.5,1457.9239,256.2673)"
-         id="use230"
-         inkscape:export-xdpi="96"
-         inkscape:export-ydpi="96" />
-      <g
-         transform="matrix(0.37234303,0,0,0.37234303,561.91556,454.0515)"
-         id="a"
-         inkscape:export-xdpi="96"
-         inkscape:export-ydpi="96">
-        <path
-           style="fill:none;stroke:#888888;stroke-width:0.75999999px"
-           inkscape:connector-curvature="0"
-           d="M 329,140 H 250"
-           id="path232" />
-        <path
-           style="fill:#eedd77;fill-rule:evenodd;stroke:#000000"
-           inkscape:connector-curvature="0"
-           d="m 250,313.2 c 0,-5 -0.7,-10.2 -2,-15 -1.3,-4.8 -3.3,-9.7 -5.8,-14 -2.5,-4.3 -5.6,-8.5 -9.2,-12 -3.5,-3.5 -7.7,-6.7 -12,-9.2 -4.3,-2.5 -9.2,-4.5 -14,-5.8 -4.8,-1.3 -10,-2 -15,-2 -2.9,0 -6,0.2 -8.9,0.7 -1.1,-2.8 -2.4,-5.5 -3.9,-8.1 -2.5,-4.3 -5.6,-8.4 -9.2,-12 -3.5,-3.5 -7.7,-6.7 -12,-9.2 -4.3,-2.5 -9.2,-4.5 -14,-5.8 -4.8,-1.3 -10,-2 -15,-2 -5,0 -10.2,0.7 -15,2 -4.8,1.3 -9.7,3.3 -14,5.8 -4.33,2.5 -8.47,5.7 -12.01,9.2 -3.54,3.6 -6.72,7.7 -9.22,12 -2.5,4.4 -4.5,9.2 -5.79,14 -1.3,4.9 -1.98,10 -1.98,15 0,5 0.68,10.2 1.98,15 1.29,4.9 3.29,9.7 5.79,14 1.47,2.6 3.18,5.1 5.06,7.4 -1.88,2.3 -3.59,4.8 -5.06,7.4 -2.5,4.3 -4.5,9.1 -5.79,14 -1.3,4.8 -1.98,10 -1.98,15 0,5 0.68,10.2 1.98,15 6.33,23.6 25.48,46.2 45.82,61.8 -7.5,-5.8 -14.6,-12 -21.16,-18.6 C 84.5,394.7 72.69,379.3 63.4,363.2 59.08,355.7 55.64,347.4 53.41,339.1 51.17,330.8 50,321.8 50,313.2 c 0,-8.6 1.17,-17.5 3.41,-25.9 2.23,-8.3 5.67,-16.6 9.99,-24.1 4.31,-7.5 9.79,-14.6 15.89,-20.7 6.1,-6.1 13.24,-11.6 20.71,-15.9 7.5,-4.3 15.8,-7.8 24.1,-10 8.4,-2.2 17.3,-3.4 25.9,-3.4 8.6,0 17.5,1.2 25.9,3.4 8.3,2.2 16.6,5.7 24.1,10 7.5,4.3 14.6,9.8 20.7,15.9 6.1,6.1 11.6,13.2 15.9,20.7 4.3,7.5 7.8,15.8 10,24.1 2.2,8.4 3.4,17.3 3.4,25.9 z"
-           id="path234" />
-        <g
-           transform="matrix(2,0,0,2,-350,-260)"
-           id="g238">
-          <path
-             style="fill:none;stroke:#666666;stroke-width:0.5"
-             inkscape:connector-curvature="0"
-             d="m 300,286.6 c 0,-16.6 -12.8,-30.5 -27.5,-39 -14.7,-8.5 -33.1,-12.6 -47.5,-4.3 -3.6,2.1 -6.6,4.8 -9.2,7.9 -2.5,3.1 -4.6,6.7 -6.2,10.5 -1.6,3.8 -2.7,7.9 -3.5,12.1 -0.7,4.2 -1.1,8.6 -1.1,12.8 0,4.3 0.4,8.6 1.1,12.8 0.8,4.2 1.9,8.3 3.5,12.1 3.7,9 9.2,17.4 14.2,22.4 3.3,3.3 6.9,6.4 10.6,9.3"
-             id="path236" />
-        </g>
-        <path
-           style="fill:#eedd77;fill-rule:evenodd;stroke:#000000"
-           inkscape:connector-curvature="0"
-           d="m 436.6,363.2 c -9.3,16.1 -21.1,31.5 -34.2,44.6 -13.2,13.2 -28.6,25 -44.7,34.3 -16.1,9.3 -34,16.7 -51.9,21.5 -18,4.8 -37.2,7.3 -55.8,7.3 -18.6,0 -37.8,-2.5 -55.8,-7.3 -17.9,-4.8 -35.8,-12.2 -51.9,-21.5 -8.1,-4.7 -16,-9.9 -23.5,-15.7 -20.34,-15.6 -39.49,-38.2 -45.82,-61.8 -1.3,-4.8 -1.98,-10 -1.98,-15 0,-5 0.68,-10.2 1.98,-15 1.29,-4.9 3.29,-9.7 5.79,-14 1.47,-2.6 3.18,-5.1 5.06,-7.4 -1.88,-2.3 -3.59,-4.8 -5.06,-7.4 -2.5,-4.3 -4.5,-9.1 -5.79,-14 -1.3,-4.8 -1.98,-10 -1.98,-15 0,-5 0.68,-10.1 1.98,-15 1.29,-4.8 3.29,-9.6 5.79,-14 2.5,-4.3 5.68,-8.4 9.22,-12 3.54,-3.5 7.68,-6.7 12.01,-9.2 4.3,-2.5 9.2,-4.5 14,-5.8 4.8,-1.3 10,-2 15,-2 5,0 10.2,0.7 15,2 4.8,1.3 9.7,3.3 14,5.8 4.3,2.5 8.5,5.7 12,9.2 3.6,3.6 6.7,7.7 9.2,12 1.5,2.6 2.8,5.3 3.9,8.1 2.9,-0.5 6,-0.7 8.9,-0.7 5,0 10.2,0.7 15,2 4.8,1.3 9.7,3.3 14,5.8 4.3,2.5 8.5,5.7 12,9.2 3.6,3.5 6.7,7.7 9.2,12 2.5,4.3 4.5,9.2 5.8,14 1.3,4.8 2,10 2,15 0,8.6 1.2,17.6 3.4,25.9 2.2,8.3 5.7,16.6 10,24.1 4.3,7.5 9.8,14.6 15.9,20.7 6.1,6.1 13.2,11.6 20.7,15.9 7.5,4.3 15.8,7.8 24.1,10 8.4,2.2 17.3,3.4 25.9,3.4 8.6,0 17.5,-1.2 25.9,-3.4 8.3,-2.2 16.6,-5.7 24.1,-10 7.5,-4.3 14.6,-9.8 20.7,-15.9 6.1,-6.1 11.6,-13.2 15.9,-20.7 z m -102.9,68.9 c -5,-0.7 -10,-1.7 -14.8,-3 -10,-2.7 -19.9,-6.8 -28.9,-12 -9,-5.1 -17.5,-11.7 -24.9,-19 -7.3,-7.4 -13.8,-15.9 -19,-24.9 -5.2,-9 -9.3,-18.9 -12,-28.9 -2.7,-10 -4.1,-20.7 -4.1,-31.1 0,-3.3 -0.4,-6.7 -1.3,-9.8 -0.8,-3.2 -2.2,-6.4 -3.8,-9.2 -1.6,-2.8 -3.7,-5.5 -6,-7.9 -2.3,-2.3 -5.1,-4.4 -7.9,-6 -2.8,-1.6 -6,-3 -9.2,-3.8 -3.1,-0.8 -6.5,-1.3 -9.8,-1.3 -3.3,0 -6.7,0.5 -9.8,1.3 -3.2,0.8 -6.4,2.2 -9.2,3.8 -2.5,1.4 -4.9,3.2 -7,5.2 0.7,-2.8 1,-5.8 1,-8.7 0,-3.2 -0.4,-6.6 -1.3,-9.8 -0.8,-3.2 -2.2,-6.3 -3.8,-9.2 -1.6,-2.8 -3.7,-5.5 -6,-7.8 -2.3,-2.4 -5.1,-4.4 -7.9,-6.1 -2.8,-1.6 -6,-2.9 -9.2,-3.8 -3.1,-0.8 -6.5,-1.3 -9.8,-1.3 -3.3,0 -6.7,0.5 -9.8,1.3 -3.2,0.9 -6.4,2.2 -9.2,3.8 -2.8,1.7 -5.6,3.7 -7.9,6.1 -2.29,2.3 -4.37,5 -6.01,7.8 -1.64,2.9 -2.95,6 -3.79,9.2 -0.85,3.2 -1.3,6.6 -1.3,9.8 0,3.3 0.45,6.7 1.3,9.9 0.84,3.1 2.15,6.3 3.79,9.1 1.64,2.9 3.72,5.6 6.01,7.9 2.3,2.3 5.1,4.4 7.9,6 2.5,1.5 5.2,2.7 8,3.5 -2.8,0.8 -5.5,2 -8,3.5 -2.8,1.6 -5.6,3.7 -7.9,6 -2.29,2.3 -4.37,5 -6.01,7.9 -1.64,2.8 -2.95,6 -3.79,9.1 -0.85,3.2 -1.3,6.6 -1.3,9.9 0,3.3 0.45,6.6 1.3,9.8 4.54,17 20.9,37.5 38.7,51.1 6.8,5.3 14,10 21.3,14.3 14.6,8.4 30.8,15.1 47.1,19.5 16.3,4.3 33.7,6.6 50.6,6.6 16.9,0 34.3,-2.3 50.6,-6.6 11.2,-3 22.5,-7.2 33.1,-12.2 z"
-           id="path240" />
-        <path
-           style="fill:none;stroke:#000000;stroke-width:0.38"
-           inkscape:connector-curvature="0"
-           d="m 333.7,432.1 c 45.1,-6.6 78.1,-28.5 102.9,-68.9"
-           id="path242" />
-        <path
-           style="fill:none;stroke:#666666"
-           inkscape:connector-curvature="0"
-           d="M 116.2,313.2 H 60"
-           id="path244" />
-      </g>
-      <path
-         inkscape:connector-curvature="0"
-         style="fill:none;stroke:#666666;stroke-width:0.28298071"
-         d="m 692.04944,570.33422 h -74.09626 l 37.04813,-64.1547 z"
-         id="path247"
-         inkscape:export-xdpi="96"
-         inkscape:export-ydpi="96" />
-    </g>
-  </g>
-</svg>
diff --git a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
index e35806296..01370a563 100644
--- a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
+++ b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "024062a6-48d6-498f-a91a-3bf2da3a3cd3",
diff --git a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
index 514e41253..522f87185 100644
--- a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
+++ b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "05e3e000-f118-11e9-acda-83a8e29e1a24",
@@ -10,7 +10,7 @@
         "title": "LDAP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":18,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":27,\"w\":25,\"h\":27,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":25,\"y\":27,\"w\":23,\"h\":27,\"i\":\"9\"},\"version\":\"7.5.1\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":18,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":27,\"w\":25,\"h\":27,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":25,\"y\":27,\"w\":23,\"h\":27,\"i\":\"9\"},\"version\":\"7.6.0\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
index e69270866..e185f7a03 100644
--- a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
+++ b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b",
diff --git a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index 72375e390..68c5f6080 100644
--- a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "0a490422-0ce9-44bf-9a2d-19329ddde8c3",
diff --git a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index 19e24785d..e0c6c3a40 100644
--- a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "0ad3d7c2-3441-485e-9dfe-dbb22e84e576",
@@ -10,7 +10,7 @@
         "title": "Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":26,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":26,\"w\":36,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":11,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":11,\"h\":8,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":36,\"y\":26,\"w\":12,\"h\":18,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":19,\"y\":8,\"w\":13,\"h\":18,\"i\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\"},\"panelIndex\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":18,\"i\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\"},\"panelIndex\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":27,\"i\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\"},\"panelIndex\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":26,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":36,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":11,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":11,\"h\":8,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":26,\"w\":12,\"h\":18,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":19,\"y\":8,\"w\":13,\"h\":18,\"i\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\"},\"panelIndex\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":18,\"i\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\"},\"panelIndex\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":27,\"i\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\"},\"panelIndex\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
index 211608e93..42159a68a 100644
--- a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
+++ b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0",
diff --git a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
index f48a167e5..a2f841a35 100644
--- a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
+++ b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa",
diff --git a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
index 43bf46423..a85963cb3 100644
--- a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
+++ b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "11be6381-beef-40a7-bdce-88c5398392fc",
diff --git a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
index fd3d858ba..e25006381 100644
--- a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
+++ b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "11ddd980-e388-11e9-b568-cf17de8e860c",
@@ -10,7 +10,7 @@
         "title": "QUIC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"15\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"15\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"16\",\"w\":48,\"x\":0,\"y\":69},\"panelIndex\":\"16\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"17\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"18\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"18\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"19\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"19\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"20\",\"w\":20,\"x\":8,\"y\":29},\"panelIndex\":\"20\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"21\",\"w\":20,\"x\":28,\"y\":29},\"panelIndex\":\"21\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"22\",\"w\":40,\"x\":8,\"y\":49},\"panelIndex\":\"22\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":13,\"i\":\"23\",\"w\":8,\"x\":0,\"y\":56},\"panelIndex\":\"23\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"15\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"15\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"16\",\"w\":48,\"x\":0,\"y\":69},\"panelIndex\":\"16\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"17\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"18\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"18\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"19\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"20\",\"w\":20,\"x\":8,\"y\":29},\"panelIndex\":\"20\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"21\",\"w\":20,\"x\":28,\"y\":29},\"panelIndex\":\"21\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"22\",\"w\":40,\"x\":8,\"y\":49},\"panelIndex\":\"22\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":13,\"i\":\"23\",\"w\":8,\"x\":0,\"y\":56},\"panelIndex\":\"23\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
index 176e74a58..076f9d836 100644
--- a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
+++ b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "152f29dc-51a2-4f53-93e9-6e92765567b8",
@@ -10,7 +10,7 @@
         "title": "Modbus",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":53,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":20,\"x\":8,\"y\":33},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":13,\"i\":\"13\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"13\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":73},\"panelIndex\":\"14\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"15\",\"w\":17,\"x\":8,\"y\":13},\"panelIndex\":\"15\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":23,\"x\":25,\"y\":13},\"panelIndex\":\"16\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17\",\"w\":20,\"x\":28,\"y\":33},\"panelIndex\":\"17\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"18\",\"w\":27,\"x\":0,\"y\":53},\"panelIndex\":\"18\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"19\",\"w\":21,\"x\":27,\"y\":53},\"panelIndex\":\"19\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":53,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":20,\"x\":8,\"y\":33},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":13,\"i\":\"13\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":73},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"15\",\"w\":17,\"x\":8,\"y\":13},\"panelIndex\":\"15\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":23,\"x\":25,\"y\":13},\"panelIndex\":\"16\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17\",\"w\":20,\"x\":28,\"y\":33},\"panelIndex\":\"17\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"18\",\"w\":27,\"x\":0,\"y\":53},\"panelIndex\":\"18\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"19\",\"w\":21,\"x\":27,\"y\":53},\"panelIndex\":\"19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index 9ff9ba038..4fe24901e 100644
--- a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "1ce42250-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Sum of Total Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
index 317f7564f..e3d7c3b6d 100644
--- a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
+++ b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "1fff49f6-0199-4a0f-820b-721aff9ff1f1",
diff --git a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
index f49c82b0f..2cd6c5e2b 100644
--- a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "29a1b290-eb98-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "EtherNet/IP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":74,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":15,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":15,\"w\":18,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":15,\"w\":22,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":34,\"w\":18,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":22,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":8,\"y\":54,\"w\":22,\"h\":20,\"i\":\"9\"},\"version\":\"7.5.1\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":30,\"y\":54,\"w\":18,\"h\":20,\"i\":\"10\"},\"version\":\"7.5.1\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":74,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":15,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":15,\"w\":18,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":15,\"w\":22,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":34,\"w\":18,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":22,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":8,\"y\":54,\"w\":22,\"h\":20,\"i\":\"9\"},\"version\":\"7.6.0\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":30,\"y\":54,\"w\":18,\"h\":20,\"i\":\"10\"},\"version\":\"7.6.0\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
index 055c59d33..3644212d8 100644
--- a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "2bec1490-eb94-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "BACnet",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":73,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":25,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":25,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":25,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":53,\"w\":40,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":20,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":33,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":73,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":25,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":25,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":25,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":53,\"w\":40,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":20,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":33,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
index b0dc8d2ba..80427a222 100644
--- a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
+++ b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "2cf94cd0-ecab-40a5-95a7-8419f3a39cd9",
diff --git a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
index cd89e4801..6b10cda1e 100644
--- a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
+++ b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "2d98bb8e-214c-4374-837b-20e1bcd63a5e",
diff --git a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
index 5987fa0f2..21c0606a5 100644
--- a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "32587740-ef88-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream - RPC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":29,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"7\"},\"version\":\"7.5.1\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":29,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"7\"},\"version\":\"7.6.0\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
index 01f7d7910..775204526 100644
--- a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
+++ b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "36ed695f-edcc-47c1-b0ec-50d20c93ce0f",
diff --git a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
index b933b0b09..ab29da30c 100644
--- a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
+++ b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "37041ee1-79c0-4684-a436-3173b0e89876",
diff --git a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index 8724fb65c..2e3a08ff7 100644
--- a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "39abfe30-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Top Connection Duration (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 0cd018425..7e79f564c 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "42e831b9-41a9-4f35-8b7d-e1566d368773",
@@ -10,7 +10,7 @@
         "title": "SMB",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":86,\"w\":48,\"h\":24,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":24,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":47,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":33,\"w\":8,\"h\":14,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":24,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":24,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":14,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":25,\"i\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\"},\"panelIndex\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":86,\"w\":48,\"h\":24,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":24,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":47,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":33,\"w\":8,\"h\":14,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":24,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":24,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":14,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":25,\"i\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\"},\"panelIndex\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
index b6555f727..05774652f 100644
--- a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
+++ b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "432af556-c5c0-4cc3-8166-b274b4e3a406",
diff --git a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
index dd7935f2e..89ab82324 100644
--- a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
+++ b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "4a4bde20-4760-11ea-949c-bbb5a9feecbf",
@@ -10,7 +10,7 @@
         "title": "ICS/IoT Security Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":34,\"i\":\"02fde066-221d-4262-ae35-742f7bb8933c\"},\"panelIndex\":\"02fde066-221d-4262-ae35-742f7bb8933c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":16,\"i\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\"},\"panelIndex\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":16,\"w\":32,\"h\":18,\"i\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\"},\"panelIndex\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":11,\"i\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\"},\"panelIndex\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":16,\"h\":18,\"i\":\"f339fb9a-7660-4b97-9245-14116c969ec9\"},\"panelIndex\":\"f339fb9a-7660-4b97-9245-14116c969ec9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":34,\"w\":20,\"h\":37,\"i\":\"ab1a666c-19f2-4954-81b7-18554a95818f\"},\"panelIndex\":\"ab1a666c-19f2-4954-81b7-18554a95818f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":18,\"i\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\"},\"panelIndex\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":52,\"w\":16,\"h\":19,\"i\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\"},\"panelIndex\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":36,\"y\":52,\"w\":12,\"h\":19,\"i\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\"},\"panelIndex\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":27,\"i\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\"},\"panelIndex\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":34,\"i\":\"02fde066-221d-4262-ae35-742f7bb8933c\"},\"panelIndex\":\"02fde066-221d-4262-ae35-742f7bb8933c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":16,\"i\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\"},\"panelIndex\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":16,\"w\":32,\"h\":18,\"i\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\"},\"panelIndex\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":11,\"i\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\"},\"panelIndex\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":16,\"h\":18,\"i\":\"f339fb9a-7660-4b97-9245-14116c969ec9\"},\"panelIndex\":\"f339fb9a-7660-4b97-9245-14116c969ec9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":34,\"w\":20,\"h\":37,\"i\":\"ab1a666c-19f2-4954-81b7-18554a95818f\"},\"panelIndex\":\"ab1a666c-19f2-4954-81b7-18554a95818f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":18,\"i\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\"},\"panelIndex\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":52,\"w\":16,\"h\":19,\"i\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\"},\"panelIndex\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":52,\"w\":12,\"h\":19,\"i\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\"},\"panelIndex\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":27,\"i\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\"},\"panelIndex\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
index abd83f106..fb75c1816 100644
--- a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
+++ b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "4e5f106e-c60a-4226-8f64-d534abb912ab",
diff --git a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
index efaff92a4..0cfbb593e 100644
--- a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
+++ b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "50ced171-1b10-4c3f-8b67-2db9635661a6",
diff --git a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
index d6279c569..12cd7d009 100644
--- a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
+++ b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "543118a9-02d7-43fe-b669-b8652177fc37",
diff --git a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index 9cb2b5a94..001f54063 100644
--- a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "55e332d0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Originator Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
index fa502f941..ac44b0693 100644
--- a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
+++ b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "60d78fbd-471c-4f59-a9e3-189b33a13644",
diff --git a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
index dda44b7c9..d380dc0d7 100644
--- a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
+++ b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "665d1610-523d-11e9-a30e-e3576242f3ed",
@@ -10,7 +10,7 @@
         "title": "Signatures",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"9\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"10\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":48,\"i\":\"11\",\"w\":40,\"x\":8,\"y\":32},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"12\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"13\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"13\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"9\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"10\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":48,\"i\":\"11\",\"w\":40,\"x\":8,\"y\":32},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"13\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
index ac12ba49b..2881f7a5b 100644
--- a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
+++ b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "76f2f912-80da-44cd-ab66-6a73c8344cc3",
diff --git a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index e9683ca7b..e32fcc986 100644
--- a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "77fc9960-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Responder Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
index 8335726e5..b15f13623 100644
--- a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
+++ b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "7f41913f-cba8-43f5-82a8-241b7ead03e0",
diff --git a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index c640cfe0f..2783e2554 100644
--- a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb",
@@ -10,7 +10,7 @@
         "title": "SSL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"7\"},\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":124,\"w\":16,\"h\":24,\"i\":\"9\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":36,\"y\":124,\"w\":12,\"h\":24,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":16,\"y\":124,\"w\":20,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":24,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"14\"},\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":0,\"y\":148,\"w\":48,\"h\":72,\"i\":\"15\"},\"version\":\"7.5.1\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"19\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":24,\"i\":\"19\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"20\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"21\",\"gridData\":{\"x\":8,\"y\":32,\"w\":40,\"h\":24,\"i\":\"21\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"version\":\"7.5.1\",\"panelRefName\":\"panel_12\"},{\"gridData\":{\"x\":0,\"y\":104,\"w\":24,\"h\":20,\"i\":\"22\"},\"version\":\"7.5.1\",\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":24,\"y\":104,\"w\":24,\"h\":20,\"i\":\"23\"},\"version\":\"7.5.1\",\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]",
+        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"7\"},\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":124,\"w\":16,\"h\":24,\"i\":\"9\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":36,\"y\":124,\"w\":12,\"h\":24,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":16,\"y\":124,\"w\":20,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":24,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"14\"},\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":0,\"y\":148,\"w\":48,\"h\":72,\"i\":\"15\"},\"version\":\"7.6.0\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"19\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":24,\"i\":\"19\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"20\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"21\",\"gridData\":{\"x\":8,\"y\":32,\"w\":40,\"h\":24,\"i\":\"21\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_12\"},{\"gridData\":{\"x\":0,\"y\":104,\"w\":24,\"h\":20,\"i\":\"22\"},\"version\":\"7.6.0\",\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":24,\"y\":104,\"w\":24,\"h\":20,\"i\":\"23\"},\"version\":\"7.6.0\",\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
index 6ddb8236c..adeac2ff8 100644
--- a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
+++ b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "82da3101-2a9c-4ae2-bb61-d447a3fbe673",
diff --git a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
index d03cf9cf6..7d77706dc 100644
--- a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
+++ b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "870a5862-6c26-4a08-99fd-0c06cda85ba3",
diff --git a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
index 3ab7a7a5f..513dbff9e 100644
--- a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
+++ b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "87a32f90-ef58-11e9-974e-9d600036d105",
@@ -10,7 +10,7 @@
         "title": "MQTT",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":33,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":33,\"w\":17,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"x\":16,\"y\":53,\"w\":32,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":25,\"i\":\"12\"},\"version\":\"7.5.1\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":33,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":33,\"w\":17,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"x\":16,\"y\":53,\"w\":32,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":25,\"i\":\"12\"},\"version\":\"7.6.0\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
index 786bf7900..7b2cf3d40 100644
--- a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
+++ b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "87d990cc-9e0b-41e5-b8fe-b10ae1da0c85",
diff --git a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
index 3d5c79c03..70795fa03 100644
--- a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
+++ b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "92985909-dc29-4533-9e80-d3182a0ecf1d",
diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index 95904b98b..f916482f0 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "95479950-41f2-11ea-88fa-7151df485405",
@@ -10,7 +10,7 @@
         "title": "Security Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":12,\"h\":23,\"i\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\"},\"panelIndex\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":20,\"y\":0,\"w\":15,\"h\":23,\"i\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\"},\"panelIndex\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":35,\"y\":0,\"w\":13,\"h\":23,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\"},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":15,\"h\":18,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\"},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":15,\"y\":23,\"w\":15,\"h\":38,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\"},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":30,\"y\":23,\"w\":9,\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\"},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":39,\"y\":23,\"w\":9,\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\"},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":41,\"w\":15,\"h\":20,\"i\":\"071a1c98-695f-4708-92c9-2c950e515131\"},\"panelIndex\":\"071a1c98-695f-4708-92c9-2c950e515131\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":30,\"y\":41,\"w\":18,\"h\":20,\"i\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\"},\"panelIndex\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":61,\"w\":48,\"h\":19,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\"},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":12,\"h\":23,\"i\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\"},\"panelIndex\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":0,\"w\":15,\"h\":23,\"i\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\"},\"panelIndex\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":35,\"y\":0,\"w\":13,\"h\":23,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\"},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":15,\"h\":18,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\"},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":15,\"y\":23,\"w\":15,\"h\":38,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\"},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":30,\"y\":23,\"w\":9,\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\"},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":39,\"y\":23,\"w\":9,\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\"},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":41,\"w\":15,\"h\":20,\"i\":\"071a1c98-695f-4708-92c9-2c950e515131\"},\"panelIndex\":\"071a1c98-695f-4708-92c9-2c950e515131\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":30,\"y\":41,\"w\":18,\"h\":20,\"i\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\"},\"panelIndex\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":61,\"w\":48,\"h\":19,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\"},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
index 71eb71c9a..8ec0c01af 100644
--- a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
+++ b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "9ee51f94-3316-4fc5-bd89-93a52af69714",
diff --git a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index f9d01966a..a50193ee0 100644
--- a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "a16110b0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Sum of Total Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
index aca9ad9c5..5e9fbf234 100644
--- a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "a7514350-eba6-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "PROFINET",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":69,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":69,\"w\":48,\"h\":34,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":50,\"w\":19,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":50,\"w\":20,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":19,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":27,\"y\":33,\"w\":21,\"h\":17,\"i\":\"10\"},\"version\":\"7.5.1\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":69,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":69,\"w\":48,\"h\":34,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":50,\"w\":19,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":50,\"w\":20,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":19,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":27,\"y\":33,\"w\":21,\"h\":17,\"i\":\"10\"},\"version\":\"7.6.0\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index 18afa9b3c..37f2820fb 100644
--- a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4",
@@ -10,7 +10,7 @@
         "title": "Connections",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":134,\"w\":16,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":134,\"w\":16,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":195,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":16,\"y\":195,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":195,\"w\":16,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":20,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":215,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_13\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":91,\"w\":19,\"h\":7,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":19,\"y\":73,\"w\":29,\"h\":25,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":32,\"y\":134,\"w\":16,\"h\":21,\"i\":\"31\"},\"panelIndex\":\"31\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":175,\"w\":24,\"h\":20,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_18\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":175,\"w\":24,\"h\":20,\"i\":\"33\"},\"panelIndex\":\"33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_19\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":155,\"w\":24,\"h\":20,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{},\"panelRefName\":\"panel_20\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":155,\"w\":24,\"h\":20,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{},\"panelRefName\":\"panel_21\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":25,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{},\"panelRefName\":\"panel_22\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":25,\"i\":\"37\"},\"panelIndex\":\"37\",\"embeddableConfig\":{},\"panelRefName\":\"panel_23\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":73,\"w\":19,\"h\":18,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_24\"},{\"version\":\"7.5.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":8,\"h\":14,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\"},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"embeddableConfig\":{},\"panelRefName\":\"panel_25\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":134,\"w\":16,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":134,\"w\":16,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":195,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":195,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":195,\"w\":16,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":20,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":215,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":91,\"w\":19,\"h\":7,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":19,\"y\":73,\"w\":29,\"h\":25,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":134,\"w\":16,\"h\":21,\"i\":\"31\"},\"panelIndex\":\"31\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":175,\"w\":24,\"h\":20,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_18\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":175,\"w\":24,\"h\":20,\"i\":\"33\"},\"panelIndex\":\"33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_19\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":155,\"w\":24,\"h\":20,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{},\"panelRefName\":\"panel_20\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":155,\"w\":24,\"h\":20,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{},\"panelRefName\":\"panel_21\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":25,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{},\"panelRefName\":\"panel_22\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":25,\"i\":\"37\"},\"panelIndex\":\"37\",\"embeddableConfig\":{},\"panelRefName\":\"panel_23\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":19,\"h\":18,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_24\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":8,\"h\":14,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\"},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"embeddableConfig\":{},\"panelRefName\":\"panel_25\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
index f8e85ab23..39858ea57 100644
--- a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
+++ b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "ae79b7d1-4281-4095-b2f6-fa7eafda9970",
diff --git a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
index 9c57e1fc2..0dd84847a 100644
--- a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
+++ b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "af5df620-eeb6-11e9-bdef-65a192b7f586",
@@ -10,7 +10,7 @@
         "title": "NTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":29,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":28,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":8,\"w\":21,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":28,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":20,\"i\":\"13\"},\"version\":\"7.5.1\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":29,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":28,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":8,\"w\":21,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":28,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":20,\"i\":\"13\"},\"version\":\"7.6.0\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
index 7e802bf4f..805148564 100644
--- a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
+++ b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "b50c8d17-6ed3-4de6-aed4-5181032810b2",
diff --git a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index 3d8bf26ed..41ea06809 100644
--- a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "b9f247c0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Top Connection Duration (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
index 684a28843..09d5dcc90 100644
--- a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
+++ b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "bb827f8e-639e-468c-93c8-9f5bc132eb8f",
diff --git a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
index 4aafe6509..8785b1f0e 100644
--- a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "bed185a0-ef82-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":7,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":0,\"w\":33,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":11,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":35,\"y\":14,\"w\":13,\"h\":20,\"i\":\"7\"},\"version\":\"7.5.1\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":7,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":0,\"w\":33,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":11,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":35,\"y\":14,\"w\":13,\"h\":20,\"i\":\"7\"},\"version\":\"7.6.0\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
index f079ebb63..0123b019e 100644
--- a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
+++ b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "caef3ade-d289-4d05-a511-149f3e97f238",
diff --git a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json b/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
index f2813edfd..96f5562e0 100644
--- a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
+++ b/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "d15a9d40-5c3e-492f-8e17-67a5d6862a3a",
diff --git a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index fdec09b50..2a809b767 100644
--- a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "d41fe630-3f98-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Originator Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
index db86a671e..87df2b12e 100644
--- a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
+++ b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "d4fd6afd-15cb-42bf-8a25-03dd8e59b327",
diff --git a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
index 974d776f2..c2647b6c2 100644
--- a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
+++ b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "e09a4b86-29b5-4256-bb3b-802ac9f90404",
diff --git a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
index 4fe2b1b28..e2fc30fbe 100644
--- a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "e76d05c0-eb9f-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "S7comm",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":51,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":34,\"w\":20,\"h\":17,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":20,\"h\":17,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":14,\"w\":20,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":51,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":34,\"w\":20,\"h\":17,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":20,\"h\":17,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":14,\"w\":20,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index 47d080750..683c73e02 100644
--- a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "ed8a6640-3f98-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Responder Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.5.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
index 34d936008..dcea68147 100644
--- a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
+++ b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "f1f09567-fc7f-450b-a341-19d2f2bb468b",
diff --git a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
index a9a0d2506..f09acfefa 100644
--- a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
+++ b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "f394057d-1b16-4174-b994-7045f423a416",
diff --git a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
index e8716af74..b2a0aee9c 100644
--- a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
+++ b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "f77bf097-18a8-465c-b634-eb2acc7a4f26",
diff --git a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
index 2f7a95b9f..fa6914bdc 100644
--- a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "fa141950-ef89-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream - SQL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":47,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"2\",\"w\":48,\"x\":0,\"y\":47},\"panelIndex\":\"2\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":11,\"x\":21,\"y\":8},\"panelIndex\":\"6\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":40,\"x\":8,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.5.1\",\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":47,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"2\",\"w\":48,\"x\":0,\"y\":47},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":11,\"x\":21,\"y\":8},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":40,\"x\":8,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot b/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
index b2b91769e..c646bfa09 100755
--- a/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-BEATS_VER="7.5.1"
+BEATS_VER="7.6.0"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json b/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
index dc292c4e9..211da4133 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
+++ b/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "072befc0-ffba-11e8-a854-ad7782ef6a55",
diff --git a/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json b/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
index d2afbf94f..1c89ec697 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
+++ b/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "1ca59220-ffb0-11e8-a854-ad7782ef6a55",
diff --git a/sensor-iso/beats/Dockerfile b/sensor-iso/beats/Dockerfile
index 0a86b16c1..a2460d42c 100644
--- a/sensor-iso/beats/Dockerfile
+++ b/sensor-iso/beats/Dockerfile
@@ -28,7 +28,7 @@ RUN apt-get update && apt-get install -y \
     bash -c "curl https://glide.sh/get | bash"
 
 ENV BEATS=metricbeat
-ENV BEATS_VERSION=7.5.1
+ENV BEATS_VERSION=7.6.0
 
 ADD ./build.sh /build.sh
 RUN [ "chmod", "+x", "/build.sh" ]
diff --git a/sensor-iso/beats/beat-build.sh b/sensor-iso/beats/beat-build.sh
index 0241c2e99..1a343e932 100755
--- a/sensor-iso/beats/beat-build.sh
+++ b/sensor-iso/beats/beat-build.sh
@@ -2,7 +2,7 @@
 
 # Copyright (c) 2018 Battelle Energy Alliance, LLC.  All rights reserved.
 
-VERSION="7.5.1"
+VERSION="7.6.0"
 THIRD_PARTY_BRANCH="master"
 while getopts b:v:t: opts; do
    case ${opts} in
diff --git a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
index e4de1b01f..b17047537 100755
--- a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -11,7 +11,7 @@ ZEEK_PATCH_URLS=(
   # nothing here for now
 )
 
-BEATS_VER="7.5.1"
+BEATS_VER="7.6.0"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json b/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
index dc292c4e9..211da4133 100644
--- a/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
+++ b/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "072befc0-ffba-11e8-a854-ad7782ef6a55",
diff --git a/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json b/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
index d2afbf94f..1c89ec697 100644
--- a/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
+++ b/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.5.1",
+  "version": "7.6.0",
   "objects": [
     {
       "id": "1ca59220-ffb0-11e8-a854-ad7782ef6a55",
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index fb5889354..1e55ec163 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -1763,7 +1763,7 @@ The Elastic Stack's [Beats](https://www.elastic.co/products/beats) platform is a
 
 set -e
 
-BEATS_VER="7.5.1"
+BEATS_VER="7.6.0"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json b/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
index 5013a1251..2071d4820 100644
--- a/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
+++ b/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
@@ -2,7 +2,7 @@
   "index_patterns": ["protologbeat-*"],
   "mappings": {
     "_meta": {
-      "version": "7.5.1"
+      "version": "7.6.0"
     },
     "dynamic_templates": [{
       "strings_as_keyword": {

From 39617e39b172d977b2077fc9c75e42a96514282c Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 11 Feb 2020 13:33:49 -0700
Subject: [PATCH 085/183] working with es 7.6, but elastalert had to be
 temporarily disabled. will work on fixing this next

---
 Dockerfiles/kibana.Dockerfile  | 34 +++++++++++++++++-----------------
 kibana/kibana-offline-maps.yml |  4 ++--
 kibana/kibana-standard.yml     |  4 ++--
 3 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
index d3168e328..f56d8d686 100644
--- a/Dockerfiles/kibana.Dockerfile
+++ b/Dockerfiles/kibana.Dockerfile
@@ -47,11 +47,11 @@ ADD kibana/kibana-offline-maps.yml /opt/kibana/config/kibana-offline-maps.yml
 ADD kibana/supervisord.conf /etc/supervisord.conf
 ADD kibana/dashboards /opt/kibana/dashboards
 ADD kibana/maps /opt/maps
-ADD https://github.com/bitsensor/elastalert-kibana-plugin/releases/download/1.1.0/elastalert-kibana-plugin-1.1.0-7.5.0.zip /tmp/elastalert-kibana-plugin.zip
+# ADD https://github.com/bitsensor/elastalert-kibana-plugin/releases/download/1.1.0/elastalert-kibana-plugin-1.1.0-7.5.0.zip /tmp/elastalert-kibana-plugin.zip
 
 # todo: these extra plugins are kind of gutted right now with 7.5.x, need to fix
 
-ADD https://github.com/prelert/kibana-swimlane-vis/releases/download/v7.5.2/prelert_swimlane_vis-7.5.2.zip /tmp/kibana-swimlane.zip
+# ADD https://github.com/prelert/kibana-swimlane-vis/releases/download/v7.5.2/prelert_swimlane_vis-7.5.2.zip /tmp/kibana-swimlane.zip
 # ADD https://github.com/gwintzer/kibana-comments-app-plugin/releases/download/7.4.0/kibana-comments-app-plugin-7.4.0-latest.zip /tmp/kibana-comments.zip
 
 # see https://github.com/walterra/kibana-milestones-vis/issues/9
@@ -72,21 +72,21 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     chown -R kibana:kibana /opt/kibana/dashboards /opt/maps /opt/kibana/config/kibana*.yml && \
     chmod 400 /opt/maps/* && \
     mkdir -p /var/log/supervisor && \
-    (echo -e "*/2 * * * * su -c /data/kibana-create-moloch-sessions-index.sh kibana >/dev/null 2>&1\n0 * * * * su -c /data/kibana_index_refresh.py kibana >/dev/null 2>&1\n" | crontab -) && \
-    cd /tmp && \
-    echo "Installing ElastAlert plugin..." && \
-      unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
-      sed -i "s/7\.5\.0/7\.6\.0/g" kibana/elastalert-kibana-plugin/package.json && \
-      zip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
-      /usr/share/kibana/bin/kibana-plugin install file:///tmp/elastalert-kibana-plugin.zip --allow-root && \
-      rm -f /tmp/elastalert-kibana-plugin.zip && \
-    echo "Installing Swimlanes visualization..." && \
-      unzip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
-      sed -i "s/7\.5\.1/7\.6\.0/g" kibana/prelert_swimlane_vis/package.json && \
-      zip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
-      /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
-      bash -c "find /usr/share/kibana/plugins/prelert_swimlane_vis/ -type f -exec chmod 644 '{}' \;" && \
-      rm -f /tmp/kibana-swimlane.zip
+    (echo -e "*/2 * * * * su -c /data/kibana-create-moloch-sessions-index.sh kibana >/dev/null 2>&1\n0 * * * * su -c /data/kibana_index_refresh.py kibana >/dev/null 2>&1\n" | crontab -)
+    ## && \ cd /tmp && \
+    ## echo "Installing ElastAlert plugin..." && \
+    ##   unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
+    ##   sed -i "s/7\.5\.0/7\.6\.0/g" kibana/elastalert-kibana-plugin/package.json && \
+    ##   zip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
+    ##   /usr/share/kibana/bin/kibana-plugin install file:///tmp/elastalert-kibana-plugin.zip --allow-root && \
+    ##   rm -f /tmp/elastalert-kibana-plugin.zip && \
+    ## echo "Installing Swimlanes visualization..." && \
+    ##   unzip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
+    ##   sed -i "s/7\.5\.1/7\.6\.0/g" kibana/prelert_swimlane_vis/package.json && \
+    ##   zip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
+    ##   /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
+    ##   bash -c "find /usr/share/kibana/plugins/prelert_swimlane_vis/ -type f -exec chmod 644 '{}' \;" && \
+    ##   rm -f /tmp/kibana-swimlane.zip
     ## && \
     ## echo "Installing Comments visualization..." && \
     ##   unzip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
diff --git a/kibana/kibana-offline-maps.yml b/kibana/kibana-offline-maps.yml
index b40344f29..eb33b1bf4 100644
--- a/kibana/kibana-offline-maps.yml
+++ b/kibana/kibana-offline-maps.yml
@@ -8,8 +8,8 @@ server.rewriteBasePath: true
 elasticsearch.hosts: ["${ELASTICSEARCH_URL}"]
 elasticsearch.requestTimeout: 180000
 kibana.defaultAppId: "dashboard/${KIBANA_DEFAULT_DASHBOARD}"
-elastalert-kibana-plugin.serverHost: elastalert
-elastalert-kibana-plugin.serverPort: 3030
+# elastalert-kibana-plugin.serverHost: elastalert
+# elastalert-kibana-plugin.serverPort: 3030
 
 # offline region map
 map.regionmap:
diff --git a/kibana/kibana-standard.yml b/kibana/kibana-standard.yml
index e6699ce38..40385bff3 100644
--- a/kibana/kibana-standard.yml
+++ b/kibana/kibana-standard.yml
@@ -8,6 +8,6 @@ server.rewriteBasePath: true
 elasticsearch.hosts: ["${ELASTICSEARCH_URL}"]
 elasticsearch.requestTimeout: 180000
 kibana.defaultAppId: "dashboard/${KIBANA_DEFAULT_DASHBOARD}"
-elastalert-kibana-plugin.serverHost: elastalert
-elastalert-kibana-plugin.serverPort: 3030
+# elastalert-kibana-plugin.serverHost: elastalert
+# elastalert-kibana-plugin.serverPort: 3030
 

From e7e043e2b4d2b72a06396bc8cf29c1ba9b2acb7a Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 12 Feb 2020 07:36:01 -0700
Subject: [PATCH 086/183] don't include known_certs in outdated/insecure
 protocols

---
 kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index f916482f0..6b2f7400b 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -191,7 +191,7 @@
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"(zeek.service:ssh AND zeek.service_version < 2) OR (zeek.service:smb AND zeek.service_version < 2) OR (zeek.service:tls AND NOT zeek.service_version:(*TLS*v12* OR *TLS*v13*)) OR (zeek.service:ntp AND zeek.service_version < 4) OR (zeek.service:rfb AND zeek.service_version < 3.8) OR (zeek.service:rdp AND zeek.service_version < 6.0) OR (zeek.service:snmp AND zeek.service_version < 3) OR (zeek.service:ftp)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"(zeek.service:ssh AND zeek.service_version < 2) OR (zeek.service:smb AND zeek.service_version < 2) OR (zeek.service:tls AND zeek.service_version:* AND NOT zeek.service_version:(*TLS*v12* OR *TLS*v13*)) OR (zeek.service:ntp AND zeek.service_version < 4) OR (zeek.service:rfb AND zeek.service_version < 3.8) OR (zeek.service:rdp AND zeek.service_version < 6.0) OR (zeek.service:snmp AND zeek.service_version < 3) OR (zeek.service:ftp)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [

From a37e56d19fd45fe292ec8381ffdeb6b1faae7446 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 12 Feb 2020 14:41:39 -0700
Subject: [PATCH 087/183] Tons of work refining dashboards

---
 .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json | 136 +--
 .../078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json | 143 +--
 .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json | 121 +--
 .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json |  33 +-
 .../0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json | 195 ++--
 .../11be6381-beef-40a7-bdce-88c5398392fc.json | 151 ++--
 .../11ddd980-e388-11e9-b568-cf17de8e860c.json |  48 +-
 .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json | 142 +--
 .../29a1b290-eb98-11e9-a384-0fcf32210194.json |  96 +-
 .../2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json | 201 +++--
 .../2d98bb8e-214c-4374-837b-20e1bcd63a5e.json | 131 +--
 .../37041ee1-79c0-4684-a436-3173b0e89876.json | 205 +++--
 .../42e831b9-41a9-4f35-8b7d-e1566d368773.json | 165 ++--
 .../432af556-c5c0-4cc3-8166-b274b4e3a406.json | 159 ++--
 .../4e5f106e-c60a-4226-8f64-d534abb912ab.json | 142 +--
 .../50ced171-1b10-4c3f-8b67-2db9635661a6.json | 162 ++--
 .../543118a9-02d7-43fe-b669-b8652177fc37.json | 193 ++--
 .../665d1610-523d-11e9-a30e-e3576242f3ed.json |  32 +-
 .../76f2f912-80da-44cd-ab66-6a73c8344cc3.json | 133 +--
 .../7f41913f-cba8-43f5-82a8-241b7ead03e0.json | 217 ++---
 .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json | 253 ++++--
 .../82da3101-2a9c-4ae2-bb61-d447a3fbe673.json | 228 ++---
 .../870a5862-6c26-4a08-99fd-0c06cda85ba3.json | 131 +--
 .../87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json |  28 +-
 .../92985909-dc29-4533-9e80-d3182a0ecf1d.json | 198 ++--
 .../95479950-41f2-11ea-88fa-7151df485405.json |  31 +-
 .../9ee51f94-3316-4fc5-bd89-93a52af69714.json | 142 +--
 .../a7514350-eba6-11e9-a384-0fcf32210194.json |  56 +-
 .../ae79b7d1-4281-4095-b2f6-fa7eafda9970.json | 142 +--
 .../bb827f8e-639e-468c-93c8-9f5bc132eb8f.json | 199 ++---
 .../caef3ade-d289-4d05-a511-149f3e97f238.json | 280 ++++--
 .../d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json | 845 ------------------
 .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json |  94 +-
 .../f77bf097-18a8-465c-b634-eb2acc7a4f26.json | 212 ++---
 logstash/pipelines/zeek/11_zeek_logs.conf     |  30 +-
 moloch/wise/source.zeeklogs.js                |   6 +-
 36 files changed, 2520 insertions(+), 3160 deletions(-)
 delete mode 100644 kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json

diff --git a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
index 01370a563..e021e605b 100644
--- a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
+++ b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
@@ -4,18 +4,18 @@
     {
       "id": "024062a6-48d6-498f-a91a-3bf2da3a3cd3",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:03.894Z",
-      "version": "WzEyLDFd",
+      "updated_at": "2020-02-12T20:51:07.191Z",
+      "version": "WzEyMzIsMV0=",
       "attributes": {
         "title": "X.509",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"4\",\"gridData\":{\"w\":48,\"h\":68,\"x\":0,\"y\":96,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"zeek_x509.certificate_subject_full\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":20,\"h\":20,\"x\":8,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"8\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":20,\"h\":20,\"x\":28,\"y\":8,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":40,\"h\":20,\"x\":8,\"y\":28,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"12\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":17,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":25,\"y\":8,\"w\":23,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":40,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":86,\"w\":48,\"h\":39,\"i\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\"},\"panelIndex\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -31,38 +31,38 @@
         },
         {
           "name": "panel_2",
-          "type": "search",
-          "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b"
+          "type": "visualization",
+          "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7"
         },
         {
           "name": "panel_3",
           "type": "visualization",
-          "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7"
+          "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c"
         },
         {
           "name": "panel_4",
           "type": "visualization",
-          "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c"
+          "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1"
+          "id": "193088ad-5112-435f-9e9f-ec9127ff8665"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "193088ad-5112-435f-9e9f-ec9127ff8665"
+          "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66"
+          "id": "AWDHGklsxQT5EBNmq4wG"
         },
         {
           "name": "panel_8",
-          "type": "visualization",
-          "id": "AWDHGklsxQT5EBNmq4wG"
+          "type": "search",
+          "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b"
         }
       ],
       "migrationVersion": {
@@ -72,8 +72,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -92,8 +92,8 @@
     {
       "id": "0ce14883-eb54-4b30-aba0-b8b13021da11",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:03.894Z",
-      "version": "WzQsMV0=",
+      "updated_at": "2020-02-12T15:00:04.595Z",
+      "version": "WzY4LDFd",
       "attributes": {
         "visState": "{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -116,50 +116,14 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:03.894Z",
-      "version": "WzUsMV0=",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "X.509 - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:x509\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "host",
-          "zeek_x509.certificate_subject_full",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:03.894Z",
-      "version": "WzYsMV0=",
+      "updated_at": "2020-02-12T20:44:29.524Z",
+      "version": "WzEyMjAsMV0=",
       "attributes": {
         "title": "X.509 - Certificate Signing Algorithm",
-        "visState": "{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_x509.certificate_sig_alg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}]}",
+        "visState": "{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Algorithm\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_x509.certificate_sig_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -170,8 +134,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b"
         }
       ],
@@ -182,8 +146,8 @@
     {
       "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:03.894Z",
-      "version": "WzcsMV0=",
+      "updated_at": "2020-02-12T15:00:04.595Z",
+      "version": "WzcxLDFd",
       "attributes": {
         "visState": "{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_x509.certificate_subject_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}",
         "description": "",
@@ -209,8 +173,8 @@
     {
       "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:03.894Z",
-      "version": "WzgsMV0=",
+      "updated_at": "2020-02-12T15:00:04.595Z",
+      "version": "WzcyLDFd",
       "attributes": {
         "visState": "{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_x509.certificate_issuer_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}",
         "description": "",
@@ -236,8 +200,8 @@
     {
       "id": "193088ad-5112-435f-9e9f-ec9127ff8665",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:03.894Z",
-      "version": "WzksMV0=",
+      "updated_at": "2020-02-12T15:00:04.595Z",
+      "version": "WzczLDFd",
       "attributes": {
         "visState": "{\"title\":\"X.509 - Certificate Key Length\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_x509.certificate_key_length\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Key Length\"}}],\"listeners\":{}}",
         "description": "",
@@ -263,8 +227,8 @@
     {
       "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:03.894Z",
-      "version": "WzEwLDFd",
+      "updated_at": "2020-02-12T15:00:04.595Z",
+      "version": "Wzc0LDFd",
       "attributes": {
         "visState": "{\"title\":\"X.509 - Certificate Key Algorithm\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_x509.certificate_key_alg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}],\"listeners\":{}}",
         "description": "",
@@ -290,8 +254,8 @@
     {
       "id": "AWDHGklsxQT5EBNmq4wG",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:03.894Z",
-      "version": "WzExLDFd",
+      "updated_at": "2020-02-12T15:00:04.595Z",
+      "version": "Wzc1LDFd",
       "attributes": {
         "title": "X.509 - Log Count",
         "visState": "{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -313,6 +277,44 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b",
+      "type": "search",
+      "updated_at": "2020-02-12T20:48:49.559Z",
+      "version": "WzEyMzAsMV0=",
+      "attributes": {
+        "title": "X.509 - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek_x509.certificate_issuer.CN",
+          "zeek_x509.certificate_subject.CN",
+          "zeek_x509.certificate_sig_alg",
+          "zeek_x509.certificate_version",
+          "zeek.fuid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:x509\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
index e185f7a03..af04729b1 100644
--- a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
+++ b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
@@ -4,18 +4,18 @@
     {
       "id": "078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:05.966Z",
-      "version": "WzM0LDFd",
+      "updated_at": "2020-02-12T16:36:54.266Z",
+      "version": "WzkxNCwxXQ==",
       "attributes": {
         "title": "FTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":20,\"y\":8,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":32,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":8,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":56,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":56,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":32,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"zeek.fuid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"14\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"14\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"15\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":8,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":47,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":47,\"w\":16,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":16,\"h\":21,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":37,\"i\":\"8a83e818-c814-4c25-8740-932d60d2457d\"},\"panelIndex\":\"8a83e818-c814-4c25-8740-932d60d2457d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -61,23 +61,23 @@
         },
         {
           "name": "panel_8",
-          "type": "search",
-          "id": "16375cb7-a30d-466c-a936-f0a3651f9adb"
+          "type": "visualization",
+          "id": "c5fd6f1b-20d7-4b10-bf12-0647e7f90e31"
         },
         {
           "name": "panel_9",
           "type": "visualization",
-          "id": "c5fd6f1b-20d7-4b10-bf12-0647e7f90e31"
+          "id": "AWDG9sT_xQT5EBNmq4DI"
         },
         {
           "name": "panel_10",
           "type": "visualization",
-          "id": "AWDG9sT_xQT5EBNmq4DI"
+          "id": "de354920-cb6d-4f9c-9527-d24d314f7681"
         },
         {
           "name": "panel_11",
-          "type": "visualization",
-          "id": "de354920-cb6d-4f9c-9527-d24d314f7681"
+          "type": "search",
+          "id": "16375cb7-a30d-466c-a936-f0a3651f9adb"
         }
       ],
       "migrationVersion": {
@@ -87,8 +87,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -107,8 +107,8 @@
     {
       "id": "baba321a-1dff-4c11-a8e3-27a473aa89c2",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:05.966Z",
-      "version": "WzIzLDFd",
+      "updated_at": "2020-02-12T15:00:06.636Z",
+      "version": "Wzk3LDFd",
       "attributes": {
         "visState": "{\"title\":\"FTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -134,8 +134,8 @@
     {
       "id": "f62bf46a-59d2-4e7d-9916-a93b09ffb198",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:05.966Z",
-      "version": "WzI0LDFd",
+      "updated_at": "2020-02-12T15:00:06.636Z",
+      "version": "Wzk4LDFd",
       "attributes": {
         "visState": "{\"title\":\"FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ftp.arg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}",
         "description": "",
@@ -161,8 +161,8 @@
     {
       "id": "0c8976ab-d720-43b0-ba40-c5f1abdc86aa",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:05.966Z",
-      "version": "WzI1LDFd",
+      "updated_at": "2020-02-12T15:00:06.636Z",
+      "version": "Wzk5LDFd",
       "attributes": {
         "visState": "{\"title\":\"FTP - Reply Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ftp.reply_msg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply Message\"}}],\"listeners\":{}}",
         "description": "",
@@ -188,8 +188,8 @@
     {
       "id": "d77cf99c-45b3-4d2f-b348-dc08331ea6c1",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:05.966Z",
-      "version": "WzI2LDFd",
+      "updated_at": "2020-02-12T15:00:06.636Z",
+      "version": "WzEwMCwxXQ==",
       "attributes": {
         "title": "FTP - Reply Code",
         "visState": "{\"title\":\"FTP - Reply Code\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ftp.reply_code\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
@@ -215,8 +215,8 @@
     {
       "id": "2c30d743-052f-44bb-847c-dede4126a71d",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:05.966Z",
-      "version": "WzI3LDFd",
+      "updated_at": "2020-02-12T15:00:06.636Z",
+      "version": "WzEwMSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"FTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -242,8 +242,8 @@
     {
       "id": "cf6a7cf7-0105-42d4-9e0c-c732361a7de9",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:05.966Z",
-      "version": "WzI4LDFd",
+      "updated_at": "2020-02-12T15:00:06.636Z",
+      "version": "WzEwMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"FTP - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -269,8 +269,8 @@
     {
       "id": "9fe8ac77-cf19-473d-81cd-5fde544abed6",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:05.966Z",
-      "version": "WzI5LDFd",
+      "updated_at": "2020-02-12T15:00:06.636Z",
+      "version": "WzEwMywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"FTP - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.user\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}",
         "description": "",
@@ -293,50 +293,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "16375cb7-a30d-466c-a936-f0a3651f9adb",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:05.966Z",
-      "version": "WzMwLDFd",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "FTP - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:ftp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "zeek.fuid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "c5fd6f1b-20d7-4b10-bf12-0647e7f90e31",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:05.966Z",
-      "version": "WzMxLDFd",
+      "updated_at": "2020-02-12T15:00:06.636Z",
+      "version": "WzEwNSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"FTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
         "description": "",
@@ -362,8 +323,8 @@
     {
       "id": "AWDG9sT_xQT5EBNmq4DI",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:05.966Z",
-      "version": "WzMyLDFd",
+      "updated_at": "2020-02-12T15:00:06.636Z",
+      "version": "WzEwNiwxXQ==",
       "attributes": {
         "title": "FTP - Log Count",
         "visState": "{\"title\":\"FTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -389,8 +350,8 @@
     {
       "id": "de354920-cb6d-4f9c-9527-d24d314f7681",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:05.966Z",
-      "version": "WzMzLDFd",
+      "updated_at": "2020-02-12T15:00:06.636Z",
+      "version": "WzEwNywxXQ==",
       "attributes": {
         "title": "FTP - Command",
         "visState": "{\"title\":\"FTP - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ftp.command\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}",
@@ -412,6 +373,46 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "16375cb7-a30d-466c-a936-f0a3651f9adb",
+      "type": "search",
+      "updated_at": "2020-02-12T16:36:18.461Z",
+      "version": "WzkxMiwxXQ==",
+      "attributes": {
+        "title": "FTP - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_ftp.command",
+          "zeek_ftp.reply_code",
+          "zeek.uid",
+          "zeek.fuid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:ftp\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index 68c5f6080..679198b74 100644
--- a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -4,18 +4,18 @@
     {
       "id": "0a490422-0ce9-44bf-9a2d-19329ddde8c3",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:07.007Z",
-      "version": "WzQzLDFd",
+      "updated_at": "2020-02-12T15:44:07.661Z",
+      "version": "Wzg1MSwxXQ==",
       "attributes": {
         "title": "PE",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"zeek.fuid\",\"zeek_pe.machine\",\"zeek_pe.is_exe\",\"zeek_pe.is_64bit\",\"zeek_pe.subsystem\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":43,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":16,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":24,\"w\":20,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":24,\"w\":20,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":43,\"w\":48,\"h\":39,\"i\":\"7a770e13-2143-46e8-8e54-ae3cf477c4c4\"},\"panelIndex\":\"7a770e13-2143-46e8-8e54-ae3cf477c4c4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -41,23 +41,23 @@
         },
         {
           "name": "panel_4",
-          "type": "search",
-          "id": "13f6cda1-6b4d-4a7d-b72e-25eeabec8768"
+          "type": "visualization",
+          "id": "7c810b56-5297-4aed-abac-cff41dfa5c77"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "7c810b56-5297-4aed-abac-cff41dfa5c77"
+          "id": "0b774699-b798-40ae-ae92-2ac2a619eeb9"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "0b774699-b798-40ae-ae92-2ac2a619eeb9"
+          "id": "AWDHCUeZxQT5EBNmq4Xy"
         },
         {
           "name": "panel_7",
-          "type": "visualization",
-          "id": "AWDHCUeZxQT5EBNmq4Xy"
+          "type": "search",
+          "id": "13f6cda1-6b4d-4a7d-b72e-25eeabec8768"
         }
       ],
       "migrationVersion": {
@@ -67,8 +67,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -87,8 +87,8 @@
     {
       "id": "a44daac6-37e2-4fef-8b78-32232c4f32e8",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:07.007Z",
-      "version": "WzM2LDFd",
+      "updated_at": "2020-02-12T15:00:07.665Z",
+      "version": "WzExOCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"PE - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -114,8 +114,8 @@
     {
       "id": "6b1bf8b4-399b-4ef2-baeb-7f9b1740b657",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:07.007Z",
-      "version": "WzM3LDFd",
+      "updated_at": "2020-02-12T15:00:07.665Z",
+      "version": "WzExOSwxXQ==",
       "attributes": {
         "title": "PE - OS",
         "visState": "{\"title\":\"PE - OS\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_pe.os\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
@@ -141,8 +141,8 @@
     {
       "id": "59b3dd10-2de5-40d2-88ea-caf2bd3da549",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:07.007Z",
-      "version": "WzM4LDFd",
+      "updated_at": "2020-02-12T15:00:07.665Z",
+      "version": "WzEyMCwxXQ==",
       "attributes": {
         "title": "PE - Subsystem",
         "visState": "{\"title\":\"PE - Subsystem\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_pe.subsystem\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
@@ -165,47 +165,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "13f6cda1-6b4d-4a7d-b72e-25eeabec8768",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:07.007Z",
-      "version": "WzM5LDFd",
-      "attributes": {
-        "sort": [
-          [
-            "@timestamp",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "PE - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:pe\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "zeek_pe.machine",
-          "zeek.fuid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "7c810b56-5297-4aed-abac-cff41dfa5c77",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:07.007Z",
-      "version": "WzQwLDFd",
+      "updated_at": "2020-02-12T15:00:07.665Z",
+      "version": "WzEyMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"PE - Section Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_pe.section_names\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
         "description": "",
@@ -231,8 +195,8 @@
     {
       "id": "0b774699-b798-40ae-ae92-2ac2a619eeb9",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:07.007Z",
-      "version": "WzQxLDFd",
+      "updated_at": "2020-02-12T15:00:07.665Z",
+      "version": "WzEyMywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"PE - Machine\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_pe.machine\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Machine\"}}],\"listeners\":{}}",
         "description": "",
@@ -258,8 +222,8 @@
     {
       "id": "AWDHCUeZxQT5EBNmq4Xy",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:07.007Z",
-      "version": "WzQyLDFd",
+      "updated_at": "2020-02-12T15:00:07.665Z",
+      "version": "WzEyNCwxXQ==",
       "attributes": {
         "title": "PE - Log Count",
         "visState": "{\"title\":\"PE - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -281,6 +245,43 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "13f6cda1-6b4d-4a7d-b72e-25eeabec8768",
+      "type": "search",
+      "updated_at": "2020-02-12T15:43:23.994Z",
+      "version": "Wzg1MCwxXQ==",
+      "attributes": {
+        "title": "PE - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek_pe.machine",
+          "zeek_pe.os",
+          "zeek_pe.subsystem",
+          "zeek.fuid"
+        ],
+        "sort": [
+          [
+            "@timestamp",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:pe\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index e0c6c3a40..446ab5a41 100644
--- a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -216,7 +216,7 @@
         {
           "type": "search",
           "name": "search_0",
-          "id": "6b8b8d7e-49eb-46b6-8bbf-cdbf295bccbd"
+          "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e"
         }
       ],
       "migrationVersion": {
@@ -355,32 +355,31 @@
       }
     },
     {
-      "id": "6b8b8d7e-49eb-46b6-8bbf-cdbf295bccbd",
+      "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e",
       "type": "search",
-      "updated_at": "2020-02-04T14:20:08.110Z",
-      "version": "WzIxOSwxXQ==",
+      "updated_at": "2020-02-12T16:25:47.761Z",
+      "version": "WzkwMywxXQ==",
       "attributes": {
+        "title": "DNS - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "zeek_dns.query",
+          "zeek_dns.answers",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "DNS - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:dns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:dns\",\"time_zone\":\"America/Denver\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
index a2f841a35..cb7986950 100644
--- a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
+++ b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
@@ -4,18 +4,18 @@
     {
       "id": "0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "Wzc0LDFd",
+      "updated_at": "2020-02-12T19:07:43.219Z",
+      "version": "WzExMDAsMV0=",
       "attributes": {
         "title": "SIP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":72,\"w\":16,\"h\":24,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":16,\"y\":72,\"w\":16,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":20,\"y\":8,\"w\":12,\"h\":16,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"11\",\"gridData\":{\"x\":0,\"y\":96,\"w\":48,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"13\",\"gridData\":{\"x\":20,\"y\":48,\"w\":28,\"h\":24,\"i\":\"13\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":32,\"y\":24,\"w\":16,\"h\":24,\"i\":\"14\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":0,\"y\":48,\"w\":20,\"h\":24,\"i\":\"15\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"16\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":16,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"panelIndex\":\"17\",\"gridData\":{\"x\":0,\"y\":120,\"w\":48,\"h\":30,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"18\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":16,\"i\":\"18\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"19\",\"gridData\":{\"x\":32,\"y\":72,\"w\":16,\"h\":24,\"i\":\"19\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"},{\"panelIndex\":\"20\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"},{\"panelIndex\":\"21\",\"gridData\":{\"x\":8,\"y\":24,\"w\":24,\"h\":24,\"i\":\"21\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":63,\"w\":17,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":17,\"y\":63,\"w\":17,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":8,\"w\":12,\"h\":16,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":44,\"w\":23,\"h\":19,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":23,\"y\":44,\"w\":25,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":25,\"y\":24,\"w\":23,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":16,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":16,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":34,\"y\":63,\"w\":14,\"h\":19,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":24,\"w\":17,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":82,\"w\":48,\"h\":32,\"i\":\"986e38d3-b2fb-44cb-b4b3-efaa2d46ff62\"},\"panelIndex\":\"986e38d3-b2fb-44cb-b4b3-efaa2d46ff62\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -62,37 +62,32 @@
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "c0520b7a-6fb5-4f07-aebc-56dcb406c7e3"
+          "id": "068db209-7174-4082-a758-68c6b09224c6"
         },
         {
           "name": "panel_9",
           "type": "visualization",
-          "id": "068db209-7174-4082-a758-68c6b09224c6"
+          "id": "07d161d5-c6b3-4a51-bef7-d53a325e945a"
         },
         {
           "name": "panel_10",
-          "type": "search",
-          "id": "78fb078f-c0fe-4462-b72c-bccfd8329ca3"
+          "type": "visualization",
+          "id": "46d7e33f-ec02-41ab-977c-7e164c80f6ef"
         },
         {
           "name": "panel_11",
           "type": "visualization",
-          "id": "07d161d5-c6b3-4a51-bef7-d53a325e945a"
+          "id": "AWDHDNS4xQT5EBNmq4dF"
         },
         {
           "name": "panel_12",
           "type": "visualization",
-          "id": "46d7e33f-ec02-41ab-977c-7e164c80f6ef"
+          "id": "fff2c100-32e4-402c-98cc-4a977010a427"
         },
         {
           "name": "panel_13",
-          "type": "visualization",
-          "id": "AWDHDNS4xQT5EBNmq4dF"
-        },
-        {
-          "name": "panel_14",
-          "type": "visualization",
-          "id": "fff2c100-32e4-402c-98cc-4a977010a427"
+          "type": "search",
+          "id": "78fb078f-c0fe-4462-b72c-bccfd8329ca3"
         }
       ],
       "migrationVersion": {
@@ -102,8 +97,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -122,8 +117,8 @@
     {
       "id": "00051443-ad3a-4c91-81a8-928096b8d5c2",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzYwLDFd",
+      "updated_at": "2020-02-12T15:00:10.763Z",
+      "version": "WzE2OCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SIP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -149,8 +144,8 @@
     {
       "id": "2a9cf114-30d2-4b27-a71b-cde90dc26c9a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzYxLDFd",
+      "updated_at": "2020-02-12T15:00:10.763Z",
+      "version": "WzE2OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SIP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -176,8 +171,8 @@
     {
       "id": "d5c39a42-e7c1-447c-afce-53fea7e5d971",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzYyLDFd",
+      "updated_at": "2020-02-12T15:00:10.763Z",
+      "version": "WzE3MCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SIP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -203,11 +198,11 @@
     {
       "id": "72cf657f-b027-4d0b-814d-9bb3ebada4f6",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzYzLDFd",
+      "updated_at": "2020-02-12T18:51:05.966Z",
+      "version": "WzEwODMsMV0=",
       "attributes": {
         "title": "SIP - Destination Country",
-        "visState": "{\"title\":\"SIP - Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+        "visState": "{\"title\":\"SIP - Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"zeek.destination_geo.country_name: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -218,8 +213,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "78fb078f-c0fe-4462-b72c-bccfd8329ca3"
         }
       ],
@@ -230,8 +225,8 @@
     {
       "id": "1968f84a-1b85-44ea-b9ba-c6af98aeb8bb",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzY0LDFd",
+      "updated_at": "2020-02-12T15:00:10.763Z",
+      "version": "WzE3MiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SIP - Request Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_sip.request_path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Path\"}}],\"listeners\":{}}",
         "description": "",
@@ -257,8 +252,8 @@
     {
       "id": "7eb073ce-5c1f-4319-9eb8-1bf25399dcd9",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzY1LDFd",
+      "updated_at": "2020-02-12T15:00:10.763Z",
+      "version": "WzE3MywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_sip.uri\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}",
         "description": "",
@@ -284,8 +279,8 @@
     {
       "id": "f39d0316-33cd-4dc3-ad9d-bdf488f4e80c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzY2LDFd",
+      "updated_at": "2020-02-12T15:00:10.763Z",
+      "version": "WzE3NCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SIP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_sip.user_agent\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}",
         "description": "",
@@ -308,41 +303,14 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "c0520b7a-6fb5-4f07-aebc-56dcb406c7e3",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzY3LDFd",
-      "attributes": {
-        "visState": "{\"title\":\"SIP - Content Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_sip.content_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Content Type\"}}],\"listeners\":{}}",
-        "description": "",
-        "title": "SIP - Content Type",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "78fb078f-c0fe-4462-b72c-bccfd8329ca3"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
     {
       "id": "068db209-7174-4082-a758-68c6b09224c6",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzY4LDFd",
+      "updated_at": "2020-02-12T18:55:56.702Z",
+      "version": "WzEwODgsMV0=",
       "attributes": {
         "title": "SIP - Content Type",
-        "visState": "{\"title\":\"SIP - Content Type\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_sip.content_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+        "visState": "{\"title\":\"SIP - Content Type\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"zeek_sip.content_type: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_sip.content_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Content Type\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -353,8 +321,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "78fb078f-c0fe-4462-b72c-bccfd8329ca3"
         }
       ],
@@ -362,50 +330,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "78fb078f-c0fe-4462-b72c-bccfd8329ca3",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzY5LDFd",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "SIP - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:sip\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "07d161d5-c6b3-4a51-bef7-d53a325e945a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzcwLDFd",
+      "updated_at": "2020-02-12T15:00:10.763Z",
+      "version": "WzE3OCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SIP - Method\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_sip.method\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}",
         "description": "",
@@ -431,8 +360,8 @@
     {
       "id": "46d7e33f-ec02-41ab-977c-7e164c80f6ef",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzcxLDFd",
+      "updated_at": "2020-02-12T15:00:10.763Z",
+      "version": "WzE3OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
         "description": "",
@@ -458,8 +387,8 @@
     {
       "id": "AWDHDNS4xQT5EBNmq4dF",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzcyLDFd",
+      "updated_at": "2020-02-12T15:00:10.763Z",
+      "version": "WzE4MCwxXQ==",
       "attributes": {
         "title": "SIP - Log Count",
         "visState": "{\"title\":\"SIP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -485,8 +414,8 @@
     {
       "id": "fff2c100-32e4-402c-98cc-4a977010a427",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:10.133Z",
-      "version": "WzczLDFd",
+      "updated_at": "2020-02-12T15:00:10.763Z",
+      "version": "WzE4MSwxXQ==",
       "attributes": {
         "title": "SIP - Status",
         "visState": "{\"title\":\"SIP - Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_sip.status_code\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Code\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_sip.status_msg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}}]}",
@@ -508,6 +437,46 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "78fb078f-c0fe-4462-b72c-bccfd8329ca3",
+      "type": "search",
+      "updated_at": "2020-02-12T19:06:32.821Z",
+      "version": "WzEwOTksMV0=",
+      "attributes": {
+        "title": "SIP - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_sip.method",
+          "zeek_sip.content_type",
+          "zeek_sip.status_msg",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:sip\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
index a85963cb3..1983bda90 100644
--- a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
+++ b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
@@ -4,18 +4,18 @@
     {
       "id": "11be6381-beef-40a7-bdce-88c5398392fc",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:11.180Z",
-      "version": "Wzg1LDFd",
+      "updated_at": "2020-02-12T21:18:49.326Z",
+      "version": "WzEyNzAsMV0=",
       "attributes": {
         "title": "Tunnels",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":20,\"h\":20,\"x\":28,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":48,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"gridData\":{\"w\":20,\"h\":20,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":20,\"x\":8,\"y\":28,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":48,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":31,\"y\":8,\"w\":17,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":18,\"y\":48,\"w\":18,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":18,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":23,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":40,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":48,\"w\":12,\"h\":19,\"i\":\"bf1d77e6-2814-479a-8abc-6854aaba0d6d\"},\"panelIndex\":\"bf1d77e6-2814-479a-8abc-6854aaba0d6d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":36,\"i\":\"4c91cf0e-8f00-4682-88e9-e7a4da9cb818\"},\"panelIndex\":\"4c91cf0e-8f00-4682-88e9-e7a4da9cb818\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -46,18 +46,18 @@
         },
         {
           "name": "panel_5",
-          "type": "search",
-          "id": "f166f708-f838-4c50-84cc-1fb99f7d7060"
+          "type": "visualization",
+          "id": "7b5a1e84-eb4d-4a4f-9b8b-e325ff81d89a"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "7b5a1e84-eb4d-4a4f-9b8b-e325ff81d89a"
+          "id": "56a5dece-0790-4acc-b166-6628cf10a596"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "56a5dece-0790-4acc-b166-6628cf10a596"
+          "id": "AWDHFYrqxQT5EBNmq4qT"
         },
         {
           "name": "panel_8",
@@ -66,8 +66,8 @@
         },
         {
           "name": "panel_9",
-          "type": "visualization",
-          "id": "AWDHFYrqxQT5EBNmq4qT"
+          "type": "search",
+          "id": "f166f708-f838-4c50-84cc-1fb99f7d7060"
         }
       ],
       "migrationVersion": {
@@ -77,8 +77,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -97,8 +97,8 @@
     {
       "id": "ea729cd0-2c77-4c5a-8ffa-11ff19d1e369",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:11.180Z",
-      "version": "Wzc2LDFd",
+      "updated_at": "2020-02-12T15:00:11.808Z",
+      "version": "WzE5NCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Tunnels - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -124,8 +124,8 @@
     {
       "id": "ab721f9e-240e-4343-b71c-9c04d2d704f5",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:11.180Z",
-      "version": "Wzc3LDFd",
+      "updated_at": "2020-02-12T15:00:11.808Z",
+      "version": "WzE5NSwxXQ==",
       "attributes": {
         "title": "Tunnels - Type",
         "visState": "{\"title\":\"Tunnels - Type\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_tunnel.tunnel_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
@@ -151,8 +151,8 @@
     {
       "id": "018337e2-9178-4021-a36f-a1e7098b9b86",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:11.180Z",
-      "version": "Wzc4LDFd",
+      "updated_at": "2020-02-12T15:00:11.808Z",
+      "version": "WzE5NiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Tunnels - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -178,8 +178,8 @@
     {
       "id": "8eb2b344-150b-4163-b6c1-e686bb7027d5",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:11.180Z",
-      "version": "Wzc5LDFd",
+      "updated_at": "2020-02-12T15:00:11.808Z",
+      "version": "WzE5NywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Tunnels - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -202,50 +202,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "f166f708-f838-4c50-84cc-1fb99f7d7060",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:11.180Z",
-      "version": "WzgwLDFd",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "Tunnels - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:tunnel\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "7b5a1e84-eb4d-4a4f-9b8b-e325ff81d89a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:11.180Z",
-      "version": "WzgxLDFd",
+      "updated_at": "2020-02-12T15:00:11.808Z",
+      "version": "WzE5OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Tunnels - Country\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}",
         "description": "",
@@ -271,8 +232,8 @@
     {
       "id": "56a5dece-0790-4acc-b166-6628cf10a596",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:11.180Z",
-      "version": "WzgyLDFd",
+      "updated_at": "2020-02-12T15:00:11.808Z",
+      "version": "WzIwMCwxXQ==",
       "attributes": {
         "title": "Tunnels - Action",
         "visState": "{\"title\":\"Tunnels - Action\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_tunnel.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}}]}",
@@ -296,15 +257,15 @@
       }
     },
     {
-      "id": "f408c64e-1950-42b2-904a-cac7c4f11bc6",
+      "id": "AWDHFYrqxQT5EBNmq4qT",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:11.180Z",
-      "version": "WzgzLDFd",
+      "updated_at": "2020-02-12T15:00:11.808Z",
+      "version": "WzIwMiwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Tunnels - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
+        "title": "Tunnels - Log Count",
+        "visState": "{\"title\":\"Tunnels - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
+        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
         "description": "",
-        "title": "Tunnels - Destination Port",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -323,15 +284,15 @@
       }
     },
     {
-      "id": "AWDHFYrqxQT5EBNmq4qT",
+      "id": "f408c64e-1950-42b2-904a-cac7c4f11bc6",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:11.180Z",
-      "version": "Wzg0LDFd",
+      "updated_at": "2020-02-12T15:00:11.808Z",
+      "version": "WzIwMSwxXQ==",
       "attributes": {
-        "title": "Tunnels - Log Count",
-        "visState": "{\"title\":\"Tunnels - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
-        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
+        "visState": "{\"title\":\"Tunnels - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
         "description": "",
+        "title": "Tunnels - Destination Port",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -348,6 +309,46 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "f166f708-f838-4c50-84cc-1fb99f7d7060",
+      "type": "search",
+      "updated_at": "2020-02-12T21:17:37.122Z",
+      "version": "WzEyNjgsMV0=",
+      "attributes": {
+        "title": "Tunnels - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "zeek_tunnel.action",
+          "zeek_tunnel.tunnel_type",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:tunnel\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
index e25006381..5b36ce287 100644
--- a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
+++ b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
@@ -4,18 +4,18 @@
     {
       "id": "11ddd980-e388-11e9-b568-cf17de8e860c",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:12.222Z",
-      "version": "Wzk2LDFd",
+      "updated_at": "2020-02-12T18:05:52.591Z",
+      "version": "WzEwMDYsMV0=",
       "attributes": {
         "title": "QUIC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"15\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"15\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"16\",\"w\":48,\"x\":0,\"y\":69},\"panelIndex\":\"16\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"17\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"18\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"18\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"19\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"20\",\"w\":20,\"x\":8,\"y\":29},\"panelIndex\":\"20\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"21\",\"w\":20,\"x\":28,\"y\":29},\"panelIndex\":\"21\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"22\",\"w\":40,\"x\":8,\"y\":49},\"panelIndex\":\"22\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":13,\"i\":\"23\",\"w\":8,\"x\":0,\"y\":56},\"panelIndex\":\"23\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":36,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":9,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":23,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":9,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":20,\"h\":21,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":9,\"w\":20,\"h\":21,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":30,\"w\":20,\"h\":19,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":30,\"w\":20,\"h\":19,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":19,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":36,\"w\":8,\"h\":13,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -77,8 +77,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -97,8 +97,8 @@
     {
       "id": "a9a94150-e388-11e9-b568-cf17de8e860c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:12.222Z",
-      "version": "Wzg3LDFd",
+      "updated_at": "2020-02-12T15:00:12.835Z",
+      "version": "WzIxMSwxXQ==",
       "attributes": {
         "title": "QUIC - Log Count",
         "visState": "{\"title\":\"QUIC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}",
@@ -124,8 +124,8 @@
     {
       "id": "69939d90-e388-11e9-b568-cf17de8e860c",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:12.222Z",
-      "version": "Wzg4LDFd",
+      "updated_at": "2020-02-12T15:00:12.835Z",
+      "version": "WzIxMiwxXQ==",
       "attributes": {
         "title": "QUIC - Logs",
         "description": "",
@@ -163,8 +163,8 @@
     {
       "id": "42fea480-e389-11e9-b568-cf17de8e860c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:12.222Z",
-      "version": "Wzg5LDFd",
+      "updated_at": "2020-02-12T15:00:12.835Z",
+      "version": "WzIxMywxXQ==",
       "attributes": {
         "title": "QUIC - Log Count Over Time",
         "visState": "{\"title\":\"QUIC - Log Count Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\",\"mode\":\"relative\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"quic.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"QUIC Version\"}}]}",
@@ -190,8 +190,8 @@
     {
       "id": "2648ad80-e38a-11e9-b568-cf17de8e860c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:12.222Z",
-      "version": "WzkwLDFd",
+      "updated_at": "2020-02-12T15:00:12.835Z",
+      "version": "WzIxNCwxXQ==",
       "attributes": {
         "title": "QUIC - Source IP Address",
         "visState": "{\"title\":\"QUIC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}",
@@ -217,8 +217,8 @@
     {
       "id": "49d13470-e38a-11e9-b568-cf17de8e860c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:12.222Z",
-      "version": "WzkxLDFd",
+      "updated_at": "2020-02-12T15:00:12.835Z",
+      "version": "WzIxNSwxXQ==",
       "attributes": {
         "title": "QUIC - Destination IP Address",
         "visState": "{\"title\":\"QUIC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}",
@@ -244,8 +244,8 @@
     {
       "id": "919cb8b0-e38a-11e9-b568-cf17de8e860c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:12.222Z",
-      "version": "WzkyLDFd",
+      "updated_at": "2020-02-12T15:00:12.835Z",
+      "version": "WzIxNiwxXQ==",
       "attributes": {
         "title": "QUIC - User Agent",
         "visState": "{\"title\":\"QUIC - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"quic.useragent\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}",
@@ -271,8 +271,8 @@
     {
       "id": "be8b4120-e38a-11e9-b568-cf17de8e860c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:12.222Z",
-      "version": "WzkzLDFd",
+      "updated_at": "2020-02-12T15:00:12.835Z",
+      "version": "WzIxNywxXQ==",
       "attributes": {
         "title": "QUIC - Server Name",
         "visState": "{\"title\":\"QUIC - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"quic.host\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}",
@@ -298,8 +298,8 @@
     {
       "id": "2e6549a0-e38b-11e9-b568-cf17de8e860c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:12.222Z",
-      "version": "Wzk0LDFd",
+      "updated_at": "2020-02-12T15:00:12.835Z",
+      "version": "WzIxOCwxXQ==",
       "attributes": {
         "title": "QUIC - CYU Fingerprint",
         "visState": "{\"title\":\"QUIC - CYU Fingerprint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_gquic.cyutags\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint Tags\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_gquic.cyu\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint MD5\"}}]}",
@@ -325,8 +325,8 @@
     {
       "id": "7a6b6a50-e38b-11e9-b568-cf17de8e860c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:12.222Z",
-      "version": "Wzk1LDFd",
+      "updated_at": "2020-02-12T15:00:12.835Z",
+      "version": "WzIxOSwxXQ==",
       "attributes": {
         "title": "QUIC - Version",
         "visState": "{\"title\":\"QUIC - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"quic.version\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"QUIC Version\"}}]}",
diff --git a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
index e3d7c3b6d..cba65c9f7 100644
--- a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
+++ b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
@@ -4,18 +4,18 @@
     {
       "id": "1fff49f6-0199-4a0f-820b-721aff9ff1f1",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:15.324Z",
-      "version": "WzEyNSwxXQ==",
+      "updated_at": "2020-02-12T15:51:03.953Z",
+      "version": "Wzg2NCwxXQ==",
       "attributes": {
         "title": "Weird",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":80,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"10\",\"gridData\":{\"x\":8,\"y\":56,\"w\":40,\"h\":24,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"13\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":66,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":47,\"w\":40,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":35,\"i\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\"},\"panelIndex\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -46,28 +46,28 @@
         },
         {
           "name": "panel_5",
-          "type": "search",
-          "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71"
+          "type": "visualization",
+          "id": "a827f658-2190-4ec4-b330-96cdb93d97ed"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "a827f658-2190-4ec4-b330-96cdb93d97ed"
+          "id": "64ffd0d9-a0d7-4db6-bce0-c69b48ff0da6"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "64ffd0d9-a0d7-4db6-bce0-c69b48ff0da6"
+          "id": "AWDHGXk-xQT5EBNmq4uf"
         },
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "AWDHGXk-xQT5EBNmq4uf"
+          "id": "429d2522-67c6-44f5-aae8-f464d5815195"
         },
         {
           "name": "panel_9",
-          "type": "visualization",
-          "id": "429d2522-67c6-44f5-aae8-f464d5815195"
+          "type": "search",
+          "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71"
         }
       ],
       "migrationVersion": {
@@ -77,8 +77,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -97,8 +97,8 @@
     {
       "id": "2789890f-3187-449c-b0d7-a351975cbe13",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:15.324Z",
-      "version": "WzExNiwxXQ==",
+      "updated_at": "2020-02-12T15:00:15.936Z",
+      "version": "WzI2MCwxXQ==",
       "attributes": {
         "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"firstPacket per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Weird - Log Count Over Time\",\"type\":\"line\"}",
         "description": "",
@@ -124,8 +124,8 @@
     {
       "id": "259fa46e-2fde-41bb-b028-063a12cb4621",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:15.324Z",
-      "version": "WzExNywxXQ==",
+      "updated_at": "2020-02-12T15:00:15.936Z",
+      "version": "WzI2MSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Weird - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -151,8 +151,8 @@
     {
       "id": "84786f08-b68a-4524-8d2d-d44221f99060",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:15.324Z",
-      "version": "WzExOCwxXQ==",
+      "updated_at": "2020-02-12T15:00:15.936Z",
+      "version": "WzI2MiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Weird - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -178,13 +178,13 @@
     {
       "id": "c7fbd190-02fa-4eb5-ac5a-a4ad421a6a3b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:15.324Z",
-      "version": "WzExOSwxXQ==",
+      "updated_at": "2020-02-12T15:48:10.480Z",
+      "version": "Wzg1NywxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Weird - Notice Generated\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_weird.notice\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
-        "description": "",
         "title": "Weird - Notice Generated",
+        "visState": "{\"title\":\"Weird - Notice Generated\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"zeek_weird.notice: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_weird.notice\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
         "uiStateJSON": "{}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -193,8 +193,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71"
         }
       ],
@@ -202,50 +202,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:15.324Z",
-      "version": "WzEyMCwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "Weird - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:weird\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "a827f658-2190-4ec4-b330-96cdb93d97ed",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:15.324Z",
-      "version": "WzEyMSwxXQ==",
+      "updated_at": "2020-02-12T15:00:15.936Z",
+      "version": "WzI2NSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Weird - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_weird.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -271,8 +232,8 @@
     {
       "id": "64ffd0d9-a0d7-4db6-bce0-c69b48ff0da6",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:15.324Z",
-      "version": "WzEyMiwxXQ==",
+      "updated_at": "2020-02-12T15:00:15.936Z",
+      "version": "WzI2NiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Weird - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
         "description": "",
@@ -298,8 +259,8 @@
     {
       "id": "AWDHGXk-xQT5EBNmq4uf",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:15.324Z",
-      "version": "WzEyMywxXQ==",
+      "updated_at": "2020-02-12T15:00:15.936Z",
+      "version": "WzI2NywxXQ==",
       "attributes": {
         "title": "Weird - Log Count",
         "visState": "{\"title\":\"Weird - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -325,8 +286,8 @@
     {
       "id": "429d2522-67c6-44f5-aae8-f464d5815195",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:15.324Z",
-      "version": "WzEyNCwxXQ==",
+      "updated_at": "2020-02-12T15:00:15.936Z",
+      "version": "WzI2OCwxXQ==",
       "attributes": {
         "title": "Weird - Name",
         "visState": "{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_weird.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}",
@@ -348,6 +309,45 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71",
+      "type": "search",
+      "updated_at": "2020-02-12T15:50:09.109Z",
+      "version": "Wzg2MiwxXQ==",
+      "attributes": {
+        "title": "Weird - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "zeek_weird.name",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:weird\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
index 2cd6c5e2b..3958004e5 100644
--- a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
@@ -4,18 +4,18 @@
     {
       "id": "29a1b290-eb98-11e9-a384-0fcf32210194",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:16.354Z",
-      "version": "WzEzOSwxXQ==",
+      "updated_at": "2020-02-12T21:30:25.616Z",
+      "version": "WzEyODcsMV0=",
       "attributes": {
         "title": "EtherNet/IP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":74,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":15,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":15,\"w\":18,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":15,\"w\":22,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":34,\"w\":18,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":22,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":8,\"y\":54,\"w\":22,\"h\":20,\"i\":\"9\"},\"version\":\"7.6.0\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":30,\"y\":54,\"w\":18,\"h\":20,\"i\":\"10\"},\"version\":\"7.6.0\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":15,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":77,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":30,\"y\":15,\"w\":18,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":15,\"w\":22,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":31,\"y\":34,\"w\":17,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":31,\"h\":22,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":13,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":13,\"y\":56,\"w\":18,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":31,\"y\":56,\"w\":17,\"h\":21,\"i\":\"5c779394-cda6-4315-9bac-00c25d6c08a2\"},\"panelIndex\":\"5c779394-cda6-4315-9bac-00c25d6c08a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}"
         }
       },
       "references": [
@@ -68,6 +68,11 @@
           "name": "panel_9",
           "type": "visualization",
           "id": "28722f10-eb9f-11e9-a384-0fcf32210194"
+        },
+        {
+          "name": "panel_10",
+          "type": "visualization",
+          "id": "b65629c0-4dde-11ea-8336-d3388483188b"
         }
       ],
       "migrationVersion": {
@@ -77,8 +82,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -97,8 +102,8 @@
     {
       "id": "b2548270-eb98-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:16.354Z",
-      "version": "WzEyNywxXQ==",
+      "updated_at": "2020-02-12T15:00:16.963Z",
+      "version": "WzI3OSwxXQ==",
       "attributes": {
         "title": "EtherNet/IP - Log Count",
         "visState": "{\"title\":\"EtherNet/IP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Log Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.logType\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}",
@@ -128,8 +133,8 @@
     {
       "id": "3c2b11d0-eb99-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:16.354Z",
-      "version": "WzEyOCwxXQ==",
+      "updated_at": "2020-02-12T15:00:16.963Z",
+      "version": "WzI4MCwxXQ==",
       "attributes": {
         "title": "EtherNet/IP - Logs Over Time",
         "visState": "{\"title\":\"EtherNet/IP - Logs Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\",\"mode\":\"relative\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.logType\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}",
@@ -159,8 +164,8 @@
     {
       "id": "dbcc6540-eb99-11e9-a384-0fcf32210194",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:16.354Z",
-      "version": "WzEyOSwxXQ==",
+      "updated_at": "2020-02-12T15:00:16.963Z",
+      "version": "WzI4MSwxXQ==",
       "attributes": {
         "title": "EtherNet/IP and Related - Logs",
         "description": "",
@@ -198,8 +203,8 @@
     {
       "id": "9f3c4950-eb9a-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:16.354Z",
-      "version": "WzEzMCwxXQ==",
+      "updated_at": "2020-02-12T15:00:16.963Z",
+      "version": "WzI4MiwxXQ==",
       "attributes": {
         "title": "Common Industrial Protocol - Service",
         "visState": "{\"title\":\"Common Industrial Protocol - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_cip.cip_service\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CIP Service\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_cip.status\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}",
@@ -225,8 +230,8 @@
     {
       "id": "7199bdb0-eb9b-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:16.354Z",
-      "version": "WzEzMSwxXQ==",
+      "updated_at": "2020-02-12T15:00:16.963Z",
+      "version": "WzI4MywxXQ==",
       "attributes": {
         "title": "EtherNet/IP - Product",
         "visState": "{\"title\":\"EtherNet/IP - Product\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_enip_list_identity.vendor\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vendor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_enip_list_identity.product_name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Product\"}}]}",
@@ -252,8 +257,8 @@
     {
       "id": "f587d990-eb9b-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:16.354Z",
-      "version": "WzEzMiwxXQ==",
+      "updated_at": "2020-02-12T15:00:16.963Z",
+      "version": "WzI4NCwxXQ==",
       "attributes": {
         "title": "EtherNet/IP - Command",
         "visState": "{\"title\":\"EtherNet/IP - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_enip.command\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_enip.status\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}",
@@ -279,8 +284,8 @@
     {
       "id": "a0ef3e90-eb9c-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:16.354Z",
-      "version": "WzEzMywxXQ==",
+      "updated_at": "2020-02-12T15:00:16.963Z",
+      "version": "WzI4NSwxXQ==",
       "attributes": {
         "title": "EtherNet/IP - Product Revision",
         "visState": "{\"title\":\"EtherNet/IP - Product Revision\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_enip_list_identity.vendor\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Vendor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_enip_list_identity.product_name\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Product\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_enip_list_identity.revision\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revision\"}}]}",
@@ -306,11 +311,11 @@
     {
       "id": "0165b180-eb9f-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:16.354Z",
-      "version": "WzEzNCwxXQ==",
+      "updated_at": "2020-02-12T21:27:05.859Z",
+      "version": "WzEyODIsMV0=",
       "attributes": {
         "title": "EtherNet/IP - Source IP",
-        "visState": "{\"title\":\"EtherNet/IP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcPort\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}",
+        "visState": "{\"title\":\"EtherNet/IP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
         "description": "",
         "version": 1,
@@ -321,8 +326,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "dbcc6540-eb99-11e9-a384-0fcf32210194"
         }
       ],
@@ -333,8 +338,8 @@
     {
       "id": "28722f10-eb9f-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:16.354Z",
-      "version": "WzEzNSwxXQ==",
+      "updated_at": "2020-02-12T15:00:16.963Z",
+      "version": "WzI4NywxXQ==",
       "attributes": {
         "title": "EtherNet/IP - Destination IP",
         "visState": "{\"title\":\"EtherNet/IP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}",
@@ -357,11 +362,38 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "b65629c0-4dde-11ea-8336-d3388483188b",
+      "type": "visualization",
+      "updated_at": "2020-02-12T21:29:12.540Z",
+      "version": "WzEyODUsMV0=",
+      "attributes": {
+        "title": "EtherNet/IP - Status",
+        "visState": "{\"title\":\"EtherNet/IP - Status\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Status\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_enip.status\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":8,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "dbcc6540-eb99-11e9-a384-0fcf32210194"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "4c265380-eb97-11e9-a384-0fcf32210194",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:16.354Z",
-      "version": "WzEzNiwxXQ==",
+      "updated_at": "2020-02-12T15:00:16.963Z",
+      "version": "WzI4OCwxXQ==",
       "attributes": {
         "title": "Common Industrial Protocol - Logs",
         "description": "",
@@ -398,8 +430,8 @@
     {
       "id": "c0c732e0-eb97-11e9-a384-0fcf32210194",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:16.354Z",
-      "version": "WzEzNywxXQ==",
+      "updated_at": "2020-02-12T15:00:16.963Z",
+      "version": "WzI4OSwxXQ==",
       "attributes": {
         "title": "EtherNet/IP List Identity - Logs",
         "description": "",
@@ -437,8 +469,8 @@
     {
       "id": "7009cbb0-eb97-11e9-a384-0fcf32210194",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:16.354Z",
-      "version": "WzEzOCwxXQ==",
+      "updated_at": "2020-02-12T15:00:16.963Z",
+      "version": "WzI5MCwxXQ==",
       "attributes": {
         "title": "EtherNet/IP - Logs",
         "description": "",
diff --git a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
index 80427a222..002904280 100644
--- a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
+++ b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
@@ -4,18 +4,18 @@
     {
       "id": "2cf94cd0-ecab-40a5-95a7-8419f3a39cd9",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:18.416Z",
-      "version": "WzE2NSwxXQ==",
+      "updated_at": "2020-02-12T16:29:41.134Z",
+      "version": "WzkwOSwxXQ==",
       "attributes": {
         "title": "DNS",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":68,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":44,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":44,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":92,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":116,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"17\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"23\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"23\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"24\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":68,\"i\":\"24\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"panelIndex\":\"25\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":68,\"i\":\"25\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"panelIndex\":\"26\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":20,\"i\":\"26\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"27\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":20,\"i\":\"27\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"panelIndex\":\"28\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":20,\"i\":\"28\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":60,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":40,\"w\":20,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":40,\"w\":20,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":12,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":79,\"w\":48,\"h\":18,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":12,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":31,\"y\":60,\"w\":17,\"h\":19,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":20,\"w\":12,\"h\":20,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":20,\"w\":12,\"h\":20,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":20,\"w\":16,\"h\":20,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":60,\"w\":31,\"h\":19,\"i\":\"df0ca665-47a8-45ea-b2a1-739badb538dc\"},\"panelIndex\":\"df0ca665-47a8-45ea-b2a1-739badb538dc\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"asc\"}}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":97,\"w\":48,\"h\":41,\"i\":\"0b6ca6c5-38c1-4811-b40d-d1cd8229bb1f\"},\"panelIndex\":\"0b6ca6c5-38c1-4811-b40d-d1cd8229bb1f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -51,43 +51,43 @@
         },
         {
           "name": "panel_6",
-          "type": "search",
-          "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e"
+          "type": "visualization",
+          "id": "2699477d-e158-4174-97ee-e1438fed0fee"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "2699477d-e158-4174-97ee-e1438fed0fee"
+          "id": "AWDG9Qx0xQT5EBNmq3_2"
         },
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "AWDG9Qx0xQT5EBNmq3_2"
+          "id": "240930b9-d4ad-40b6-ae9f-f7c64ea9d0f7"
         },
         {
           "name": "panel_9",
           "type": "visualization",
-          "id": "a9504c4e-ac9e-4a43-9499-982f883604b1"
+          "id": "4b82b26a-3ceb-41a0-b0b5-6fb6e876b1c8"
         },
         {
           "name": "panel_10",
           "type": "visualization",
-          "id": "240930b9-d4ad-40b6-ae9f-f7c64ea9d0f7"
+          "id": "9d1204c9-7e26-44d3-a9be-eff725bf3f5b"
         },
         {
           "name": "panel_11",
           "type": "visualization",
-          "id": "4b82b26a-3ceb-41a0-b0b5-6fb6e876b1c8"
+          "id": "7dbb6c65-f197-4237-825c-fd102163a3bf"
         },
         {
           "name": "panel_12",
           "type": "visualization",
-          "id": "9d1204c9-7e26-44d3-a9be-eff725bf3f5b"
+          "id": "69241a80-421d-11ea-9084-41ab7c5fff2e"
         },
         {
           "name": "panel_13",
-          "type": "visualization",
-          "id": "7dbb6c65-f197-4237-825c-fd102163a3bf"
+          "type": "search",
+          "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e"
         }
       ],
       "migrationVersion": {
@@ -97,8 +97,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -117,8 +117,8 @@
     {
       "id": "a3d7ae56-264b-4e8f-9c45-242bff74179d",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyNSwxXQ==",
+      "updated_at": "2020-02-12T15:00:56.057Z",
+      "version": "WzcyMywxXQ==",
       "attributes": {
         "title": "DNS - Server",
         "visState": "{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}",
@@ -144,8 +144,8 @@
     {
       "id": "6d4ea29d-53c8-472b-acc3-c9257a7f0e91",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:18.416Z",
-      "version": "WzE1MywxXQ==",
+      "updated_at": "2020-02-12T15:00:19.037Z",
+      "version": "WzMyMCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DNS - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}",
         "description": "",
@@ -171,11 +171,11 @@
     {
       "id": "727d7b36-4153-4c51-b723-2700a3c815f1",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxOSwxXQ==",
+      "updated_at": "2020-02-12T16:19:22.378Z",
+      "version": "Wzg5NiwxXQ==",
       "attributes": {
         "title": "DNS - Query Class",
-        "visState": "{\"title\":\"DNS - Query Class\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_dns.qclass_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Class\"}}]}",
+        "visState": "{\"title\":\"DNS - Query Class\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Query Class\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_dns.qclass_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Query Class\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -186,8 +186,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e"
         }
       ],
@@ -198,8 +198,8 @@
     {
       "id": "8a3a0bd6-555d-45c6-bf3d-d2b8598e9926",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxMywxXQ==",
+      "updated_at": "2020-02-12T15:00:56.057Z",
+      "version": "WzcxMSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dns.query\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dns.answers\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}",
         "description": "",
@@ -225,8 +225,8 @@
     {
       "id": "adb769dc-8ac5-46fa-abb3-d16c638d8279",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:18.416Z",
-      "version": "WzE1NiwxXQ==",
+      "updated_at": "2020-02-12T15:00:19.037Z",
+      "version": "WzMyMywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DNS - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -249,50 +249,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUzMCwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "DNS - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:dns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "2699477d-e158-4174-97ee-e1438fed0fee",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:18.416Z",
-      "version": "WzE1OCwxXQ==",
+      "updated_at": "2020-02-12T15:00:19.037Z",
+      "version": "WzMyNSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DNS - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\"}}],\"listeners\":{}}",
         "description": "",
@@ -318,8 +279,8 @@
     {
       "id": "AWDG9Qx0xQT5EBNmq3_2",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:18.416Z",
-      "version": "WzE1OSwxXQ==",
+      "updated_at": "2020-02-12T15:00:19.037Z",
+      "version": "WzMyNiwxXQ==",
       "attributes": {
         "title": "DNS - Log Count",
         "visState": "{\"title\":\"DNS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -343,13 +304,13 @@
       }
     },
     {
-      "id": "a9504c4e-ac9e-4a43-9499-982f883604b1",
+      "id": "240930b9-d4ad-40b6-ae9f-f7c64ea9d0f7",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:18.416Z",
-      "version": "WzE2MCwxXQ==",
+      "updated_at": "2020-02-12T15:00:19.037Z",
+      "version": "WzMyOCwxXQ==",
       "attributes": {
-        "title": "DNS - Queries",
-        "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dns.query\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}",
+        "title": "DNS - Answers",
+        "visState": "{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dns.answers\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "description": "",
         "version": 1,
@@ -370,13 +331,13 @@
       }
     },
     {
-      "id": "240930b9-d4ad-40b6-ae9f-f7c64ea9d0f7",
+      "id": "4b82b26a-3ceb-41a0-b0b5-6fb6e876b1c8",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:18.416Z",
-      "version": "WzE2MSwxXQ==",
+      "updated_at": "2020-02-12T15:00:19.037Z",
+      "version": "WzMyOSwxXQ==",
       "attributes": {
-        "title": "DNS - Answers",
-        "visState": "{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dns.answers\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}",
+        "title": "DNS - Response Code (Name)",
+        "visState": "{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dns.rcode_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "description": "",
         "version": 1,
@@ -397,13 +358,13 @@
       }
     },
     {
-      "id": "4b82b26a-3ceb-41a0-b0b5-6fb6e876b1c8",
+      "id": "9d1204c9-7e26-44d3-a9be-eff725bf3f5b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:18.416Z",
-      "version": "WzE2MiwxXQ==",
+      "updated_at": "2020-02-12T15:00:19.037Z",
+      "version": "WzMzMCwxXQ==",
       "attributes": {
-        "title": "DNS - Response Code (Name)",
-        "visState": "{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dns.rcode_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}",
+        "title": "DNS - Query Type",
+        "visState": "{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dns.qtype_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "description": "",
         "version": 1,
@@ -424,14 +385,14 @@
       }
     },
     {
-      "id": "9d1204c9-7e26-44d3-a9be-eff725bf3f5b",
+      "id": "7dbb6c65-f197-4237-825c-fd102163a3bf",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:18.416Z",
-      "version": "WzE2MywxXQ==",
+      "updated_at": "2020-02-12T16:18:56.439Z",
+      "version": "Wzg5NSwxXQ==",
       "attributes": {
-        "title": "DNS - Query Type",
-        "visState": "{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dns.qtype_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "title": "DNS - Protocol",
+        "visState": "{\"title\":\"DNS - Protocol\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.proto\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
+        "uiStateJSON": "{}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -441,8 +402,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e"
         }
       ],
@@ -451,31 +412,69 @@
       }
     },
     {
-      "id": "7dbb6c65-f197-4237-825c-fd102163a3bf",
+      "id": "69241a80-421d-11ea-9084-41ab7c5fff2e",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:18.416Z",
-      "version": "WzE2NCwxXQ==",
+      "updated_at": "2020-02-12T15:00:43.723Z",
+      "version": "WzU3OSwxXQ==",
       "attributes": {
-        "title": "DNS - Protocol",
-        "visState": "{\"title\":\"DNS - Protocol\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.proto\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}]}",
-        "uiStateJSON": "{}",
+        "title": "DNS Queries by Randomness",
+        "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+          "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e"
         }
       ],
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e",
+      "type": "search",
+      "updated_at": "2020-02-12T16:25:47.761Z",
+      "version": "WzkwMywxXQ==",
+      "attributes": {
+        "title": "DNS - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "zeek_dns.query",
+          "zeek_dns.answers",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:dns\",\"time_zone\":\"America/Denver\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
index 6b10cda1e..5b78836ed 100644
--- a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
+++ b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
@@ -4,18 +4,18 @@
     {
       "id": "2d98bb8e-214c-4374-837b-20e1bcd63a5e",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:19.440Z",
-      "version": "WzE3NCwxXQ==",
+      "updated_at": "2020-02-12T16:15:28.816Z",
+      "version": "Wzg5MiwxXQ==",
       "attributes": {
         "title": "DHCP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":60,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"x\":0,\"y\":60,\"w\":48,\"h\":24,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"6\",\"gridData\":{\"x\":22,\"y\":36,\"w\":14,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":8,\"y\":36,\"w\":14,\"h\":24,\"i\":\"7\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":36,\"y\":36,\"w\":12,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"9\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":28,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":49,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":22,\"y\":28,\"w\":14,\"h\":21,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":14,\"h\":21,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":32,\"i\":\"6c78964f-d1c8-4790-bda7-8802a7ea8986\"},\"panelIndex\":\"6c78964f-d1c8-4790-bda7-8802a7ea8986\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -31,33 +31,33 @@
         },
         {
           "name": "panel_2",
-          "type": "search",
-          "id": "20ff62a1-06d6-4738-b611-945628d80305"
+          "type": "visualization",
+          "id": "82fff513-b971-452e-a0fb-492c3091b771"
         },
         {
           "name": "panel_3",
           "type": "visualization",
-          "id": "82fff513-b971-452e-a0fb-492c3091b771"
+          "id": "78b8c460-7dc9-4b76-9bc4-ea831c0d7802"
         },
         {
           "name": "panel_4",
           "type": "visualization",
-          "id": "78b8c460-7dc9-4b76-9bc4-ea831c0d7802"
+          "id": "23975603-24ed-40f6-bb45-0780f4645d92"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "23975603-24ed-40f6-bb45-0780f4645d92"
+          "id": "AWDG80RwxQT5EBNmq38x"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "AWDG80RwxQT5EBNmq38x"
+          "id": "1d178ca4-f067-4f46-bbc7-777a3fd69d47"
         },
         {
           "name": "panel_7",
-          "type": "visualization",
-          "id": "1d178ca4-f067-4f46-bbc7-777a3fd69d47"
+          "type": "search",
+          "id": "20ff62a1-06d6-4738-b611-945628d80305"
         }
       ],
       "migrationVersion": {
@@ -67,8 +67,8 @@
     {
       "id": "1c337cf4-8030-4760-9828-7c0f5305c5bb",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:19.440Z",
-      "version": "WzE2NiwxXQ==",
+      "updated_at": "2020-02-12T15:00:20.062Z",
+      "version": "WzMzMywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DHCP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -94,8 +94,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -111,50 +111,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "20ff62a1-06d6-4738-b611-945628d80305",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:19.440Z",
-      "version": "WzE2OCwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "DHCP - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:dhcp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "82fff513-b971-452e-a0fb-492c3091b771",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:19.440Z",
-      "version": "WzE2OSwxXQ==",
+      "updated_at": "2020-02-12T15:00:20.062Z",
+      "version": "WzMzNiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DHCP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -180,8 +141,8 @@
     {
       "id": "78b8c460-7dc9-4b76-9bc4-ea831c0d7802",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:19.440Z",
-      "version": "WzE3MCwxXQ==",
+      "updated_at": "2020-02-12T15:00:20.062Z",
+      "version": "WzMzNywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DHCP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -207,8 +168,8 @@
     {
       "id": "23975603-24ed-40f6-bb45-0780f4645d92",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:19.440Z",
-      "version": "WzE3MSwxXQ==",
+      "updated_at": "2020-02-12T15:00:20.062Z",
+      "version": "WzMzOCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DHCP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
         "description": "",
@@ -234,8 +195,8 @@
     {
       "id": "AWDG80RwxQT5EBNmq38x",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:19.440Z",
-      "version": "WzE3MiwxXQ==",
+      "updated_at": "2020-02-12T15:00:20.062Z",
+      "version": "WzMzOSwxXQ==",
       "attributes": {
         "title": "DHCP - Log Count",
         "visState": "{\"title\":\"DHCP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -261,8 +222,8 @@
     {
       "id": "1d178ca4-f067-4f46-bbc7-777a3fd69d47",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:19.440Z",
-      "version": "WzE3MywxXQ==",
+      "updated_at": "2020-02-12T15:00:20.062Z",
+      "version": "WzM0MCwxXQ==",
       "attributes": {
         "title": "DHCP - IP to MAC Assignment",
         "visState": "{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dhcp.assigned_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dhcp.mac\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}",
@@ -284,6 +245,46 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "20ff62a1-06d6-4738-b611-945628d80305",
+      "type": "search",
+      "updated_at": "2020-02-12T16:14:50.059Z",
+      "version": "Wzg5MSwxXQ==",
+      "attributes": {
+        "title": "DHCP - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek_dhcp.mac",
+          "zeek_dhcp.assigned_ip",
+          "dstIp",
+          "zeek_dhcp.host_name",
+          "zeek_dhcp.domain",
+          "zeek_dhcp.msg_types",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:dhcp\",\"time_zone\":\"America/Denver\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
index ab29da30c..e4f6eef92 100644
--- a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
+++ b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
@@ -4,18 +4,18 @@
     {
       "id": "37041ee1-79c0-4684-a436-3173b0e89876",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:22.627Z",
-      "version": "WzIxMiwxXQ==",
+      "updated_at": "2020-02-12T17:05:15.892Z",
+      "version": "WzkzNiwxXQ==",
       "attributes": {
         "title": "HTTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":52,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":88,\"w\":48,\"h\":24,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":112,\"w\":48,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":0,\"y\":136,\"w\":48,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":216,\"w\":48,\"h\":36,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek_http.resp_fuids\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"14\",\"gridData\":{\"x\":0,\"y\":52,\"w\":24,\"h\":24,\"i\":\"14\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":24,\"y\":52,\"w\":24,\"h\":24,\"i\":\"15\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"16\",\"gridData\":{\"x\":0,\"y\":188,\"w\":48,\"h\":28,\"i\":\"16\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"17\",\"gridData\":{\"x\":0,\"y\":160,\"w\":48,\"h\":28,\"i\":\"17\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"19\",\"gridData\":{\"x\":0,\"y\":76,\"w\":48,\"h\":12,\"i\":\"19\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"panelIndex\":\"20\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"20\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"21\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"embeddableConfig\":{\"vis\":{\"colors\":{\"Count\":\"#629E51\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"},{\"panelIndex\":\"23\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"23\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"},{\"panelIndex\":\"24\",\"gridData\":{\"x\":8,\"y\":28,\"w\":40,\"h\":24,\"i\":\"24\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":58,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":19,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":90,\"w\":24,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":90,\"w\":24,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":130,\"w\":48,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":58,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":58,\"w\":24,\"h\":20,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":20,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":150,\"w\":48,\"h\":22,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":78,\"w\":48,\"h\":12,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":19,\"w\":20,\"h\":20,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":19,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"vis\":{\"colors\":{\"Count\":\"#629E51\"}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":7,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":39,\"w\":40,\"h\":19,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":7,\"w\":8,\"h\":12,\"i\":\"70661228-52d4-4ecf-a5a4-139d0ecdd662\"},\"panelIndex\":\"70661228-52d4-4ecf-a5a4-139d0ecdd662\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":172,\"w\":48,\"h\":42,\"i\":\"7337ff11-23e0-4f6e-981f-a043f15e60cf\"},\"panelIndex\":\"7337ff11-23e0-4f6e-981f-a043f15e60cf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -46,53 +46,58 @@
         },
         {
           "name": "panel_5",
-          "type": "search",
-          "id": "1762ad89-2039-4d70-8c2d-60b3e5a2c381"
+          "type": "visualization",
+          "id": "2c18f5be-4023-40fb-8de6-7b490045520b"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "2c18f5be-4023-40fb-8de6-7b490045520b"
+          "id": "44d6d5ce-bdf6-46d3-ad97-a30ebda437fa"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "44d6d5ce-bdf6-46d3-ad97-a30ebda437fa"
+          "id": "3c7d9915-8fea-4423-82b6-44499820de71"
         },
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "3c7d9915-8fea-4423-82b6-44499820de71"
+          "id": "30bb6fc3-d33e-4aaf-b805-b8e10008e98b"
         },
         {
           "name": "panel_9",
           "type": "visualization",
-          "id": "30bb6fc3-d33e-4aaf-b805-b8e10008e98b"
+          "id": "e22ccafa-aad2-4897-8a15-ca114f31464c"
         },
         {
           "name": "panel_10",
           "type": "visualization",
-          "id": "e22ccafa-aad2-4897-8a15-ca114f31464c"
+          "id": "a6cacf2a-7cf5-4991-be10-474429651b51"
         },
         {
           "name": "panel_11",
           "type": "visualization",
-          "id": "a6cacf2a-7cf5-4991-be10-474429651b51"
+          "id": "054326f5-92f3-4202-a7cf-cc0d3eb92ad4"
         },
         {
           "name": "panel_12",
           "type": "visualization",
-          "id": "054326f5-92f3-4202-a7cf-cc0d3eb92ad4"
+          "id": "AWDG97t7xQT5EBNmq4E1"
         },
         {
           "name": "panel_13",
           "type": "visualization",
-          "id": "AWDG97t7xQT5EBNmq4E1"
+          "id": "eedbcaaf-1713-4ec2-acbd-b1e32a34579a"
         },
         {
           "name": "panel_14",
           "type": "visualization",
-          "id": "eedbcaaf-1713-4ec2-acbd-b1e32a34579a"
+          "id": "aa4a78f0-4db8-11ea-8336-d3388483188b"
+        },
+        {
+          "name": "panel_15",
+          "type": "search",
+          "id": "1762ad89-2039-4d70-8c2d-60b3e5a2c381"
         }
       ],
       "migrationVersion": {
@@ -102,8 +107,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -122,13 +127,13 @@
     {
       "id": "3b8fee79-8f9d-450a-8362-024c84656efb",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:22.627Z",
-      "version": "WzE5OCwxXQ==",
+      "updated_at": "2020-02-12T16:59:25.302Z",
+      "version": "WzkzMSwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"HTTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
-        "description": "",
-        "title": "HTTP - Log Count Over Time",
+        "title": "HTTP - Status Over Time",
+        "visState": "{\"title\":\"HTTP - Status Over Time\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"firstPacket per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD\"}},\"params\":{\"date\":true,\"interval\":\"P30D\",\"intervalESValue\":30,\"intervalESUnit\":\"d\",\"format\":\"YYYY-MM-DD\",\"bounds\":{\"min\":\"1976-02-12T16:47:29.688Z\",\"max\":\"2020-02-12T16:47:29.689Z\"}},\"label\":\"firstPacket per 30 days\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Status Code\",\"aggType\":\"terms\"}]},\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"labels\":{},\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-44y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_http.status_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status Code\"}}]}",
         "uiStateJSON": "{}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -137,8 +142,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "1762ad89-2039-4d70-8c2d-60b3e5a2c381"
         }
       ],
@@ -149,8 +154,8 @@
     {
       "id": "c3c266ad-58c5-45f4-a463-180b531bd96e",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxNiwxXQ==",
+      "updated_at": "2020-02-12T15:00:56.057Z",
+      "version": "WzcxNCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_http.host\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}",
         "description": "",
@@ -176,8 +181,8 @@
     {
       "id": "be7d9516-7555-407f-9971-0394c7e822e4",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxNywxXQ==",
+      "updated_at": "2020-02-12T15:00:56.057Z",
+      "version": "WzcxNSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_http.host\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}",
         "description": "",
@@ -202,8 +207,8 @@
     {
       "id": "9197cd63-7fe4-4c87-8fab-f7eaa8ca6252",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:22.627Z",
-      "version": "WzIwMSwxXQ==",
+      "updated_at": "2020-02-12T15:00:23.157Z",
+      "version": "WzM2OCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"HTTP - URIs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_http.uri\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}",
         "description": "",
@@ -226,50 +231,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "1762ad89-2039-4d70-8c2d-60b3e5a2c381",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUzMSwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "HTTP - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:http\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "dstIp",
-          "dstPort",
-          "zeek_http.resp_fuids",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "2c18f5be-4023-40fb-8de6-7b490045520b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxNCwxXQ==",
+      "updated_at": "2020-02-12T15:00:56.057Z",
+      "version": "WzcxMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -295,8 +261,8 @@
     {
       "id": "44d6d5ce-bdf6-46d3-ad97-a30ebda437fa",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxNSwxXQ==",
+      "updated_at": "2020-02-12T15:00:56.057Z",
+      "version": "WzcxMywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -322,8 +288,8 @@
     {
       "id": "3c7d9915-8fea-4423-82b6-44499820de71",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:22.627Z",
-      "version": "WzIwNSwxXQ==",
+      "updated_at": "2020-02-12T15:00:23.157Z",
+      "version": "WzM3MiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"HTTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_http.user_agent\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}",
         "description": "",
@@ -349,8 +315,8 @@
     {
       "id": "30bb6fc3-d33e-4aaf-b805-b8e10008e98b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:22.627Z",
-      "version": "WzIwNiwxXQ==",
+      "updated_at": "2020-02-12T15:00:23.157Z",
+      "version": "WzM3MywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"HTTP - Referrer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_http.referrer\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
         "description": "",
@@ -376,8 +342,8 @@
     {
       "id": "e22ccafa-aad2-4897-8a15-ca114f31464c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyMiwxXQ==",
+      "updated_at": "2020-02-12T15:00:56.057Z",
+      "version": "WzcyMCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"HTTP - MIME Type\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":40},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_http.resp_mime_types\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}",
         "description": "",
@@ -403,8 +369,8 @@
     {
       "id": "a6cacf2a-7cf5-4991-be10-474429651b51",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyMywxXQ==",
+      "updated_at": "2020-02-12T15:00:56.057Z",
+      "version": "WzcyMSwxXQ==",
       "attributes": {
         "title": "HTTP - Destination Port",
         "visState": "{\"title\":\"HTTP - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
@@ -430,8 +396,8 @@
     {
       "id": "054326f5-92f3-4202-a7cf-cc0d3eb92ad4",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:22.627Z",
-      "version": "WzIwOSwxXQ==",
+      "updated_at": "2020-02-12T15:00:23.157Z",
+      "version": "WzM3NiwxXQ==",
       "attributes": {
         "title": "HTTP - Destination Country",
         "visState": "{\"title\":\"HTTP - Destination Country\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":false,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}",
@@ -457,8 +423,8 @@
     {
       "id": "AWDG97t7xQT5EBNmq4E1",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:22.627Z",
-      "version": "WzIxMCwxXQ==",
+      "updated_at": "2020-02-12T15:00:23.157Z",
+      "version": "WzM3NywxXQ==",
       "attributes": {
         "title": "HTTP - Log Count",
         "visState": "{\"title\":\"HTTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -484,8 +450,8 @@
     {
       "id": "eedbcaaf-1713-4ec2-acbd-b1e32a34579a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:22.627Z",
-      "version": "WzIxMSwxXQ==",
+      "updated_at": "2020-02-12T15:00:23.157Z",
+      "version": "WzM3OCwxXQ==",
       "attributes": {
         "title": "HTTP  - Status and Method",
         "visState": "{\"title\":\"HTTP  - Status and Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_http.status_msg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Status Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_http.method\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}]}",
@@ -507,6 +473,73 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "aa4a78f0-4db8-11ea-8336-d3388483188b",
+      "type": "visualization",
+      "updated_at": "2020-02-12T16:57:54.485Z",
+      "version": "WzkyOSwxXQ==",
+      "attributes": {
+        "title": "HTTP - Unique Usernames and Passwords",
+        "visState": "{\"title\":\"HTTP - Unique Usernames and Passwords\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":48}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}},{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek.user\",\"customLabel\":\"Unique Usernames\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek.password\",\"customLabel\":\"Unique Cleartext Passwords\"}}]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "1762ad89-2039-4d70-8c2d-60b3e5a2c381"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "1762ad89-2039-4d70-8c2d-60b3e5a2c381",
+      "type": "search",
+      "updated_at": "2020-02-12T17:03:57.675Z",
+      "version": "WzkzNSwxXQ==",
+      "attributes": {
+        "title": "HTTP - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_http.host",
+          "zeek_http.status_msg",
+          "zeek.uid",
+          "zeek.fuid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:http\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 7e79f564c..0feee1791 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -4,13 +4,13 @@
     {
       "id": "42e831b9-41a9-4f35-8b7d-e1566d368773",
       "type": "dashboard",
-      "updated_at": "2020-02-07T16:57:29.872Z",
-      "version": "WzgyOSwxXQ==",
+      "updated_at": "2020-02-12T19:19:30.235Z",
+      "version": "WzExMTgsMV0=",
       "attributes": {
         "title": "SMB",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":86,\"w\":48,\"h\":24,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":24,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":47,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":33,\"w\":8,\"h\":14,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":24,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":24,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":14,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":25,\"i\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\"},\"panelIndex\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":13,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":53,\"w\":24,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":53,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":37,\"w\":16,\"h\":16,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":24,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":13,\"w\":24,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":72,\"w\":48,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":13,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":32,\"w\":8,\"h\":21,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":13,\"w\":16,\"h\":24,\"i\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\"},\"panelIndex\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":92,\"w\":48,\"h\":42,\"i\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\"},\"panelIndex\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -21,113 +21,74 @@
       "references": [
         {
           "name": "panel_0",
-          "type": "search",
-          "id": "e0cefef5-911e-4e38-a1ea-e67c982cb7c7"
-        },
-        {
-          "name": "panel_1",
           "type": "visualization",
           "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3"
         },
         {
-          "name": "panel_2",
+          "name": "panel_1",
           "type": "visualization",
           "id": "c4829cb4-ed05-4154-ab6c-9240f0ea0b04"
         },
         {
-          "name": "panel_3",
+          "name": "panel_2",
           "type": "visualization",
           "id": "3b82d24e-d3dd-48fa-a539-98a46ccbfd49"
         },
         {
-          "name": "panel_4",
+          "name": "panel_3",
           "type": "visualization",
           "id": "974779e2-ab49-4fe8-88db-bf5321664f1a"
         },
         {
-          "name": "panel_5",
+          "name": "panel_4",
           "type": "visualization",
           "id": "3282a033-fff4-41cb-abe6-d896b4a2e03d"
         },
         {
-          "name": "panel_6",
+          "name": "panel_5",
           "type": "visualization",
           "id": "02359f84-0114-4d9d-8731-2b6820722e32"
         },
         {
-          "name": "panel_7",
+          "name": "panel_6",
           "type": "visualization",
           "id": "c8f1ff18-93e9-4ce9-a188-c947f7dadc05"
         },
         {
-          "name": "panel_8",
+          "name": "panel_7",
           "type": "visualization",
           "id": "24b9dbff-7362-4982-9ce7-660001594ff9"
         },
         {
-          "name": "panel_9",
+          "name": "panel_8",
           "type": "visualization",
           "id": "AWDHDfDkxQT5EBNmq4fQ"
         },
         {
-          "name": "panel_10",
+          "name": "panel_9",
           "type": "visualization",
           "id": "0fa8205d-717f-4385-a031-d15e5f1b6c08"
         },
         {
-          "name": "panel_11",
+          "name": "panel_10",
           "type": "visualization",
           "id": "b74e39c0-49ca-11ea-812f-2bc51df4ea1e"
-        }
-      ],
-      "migrationVersion": {
-        "dashboard": "7.3.0"
-      }
-    },
-    {
-      "id": "e0cefef5-911e-4e38-a1ea-e67c982cb7c7",
-      "type": "search",
-      "updated_at": "2020-02-07T16:18:25.174Z",
-      "version": "WzM2OSwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "SMB - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"(zeek.logType:smb_cmd OR zeek.logType:smb_mapping OR zeek.logType:smb_files)\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
         {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
+          "name": "panel_11",
+          "type": "search",
+          "id": "e0cefef5-911e-4e38-a1ea-e67c982cb7c7"
         }
       ],
       "migrationVersion": {
-        "search": "7.4.0"
+        "dashboard": "7.3.0"
       }
     },
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:19:05.328Z",
-      "version": "Wzc5NCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -146,8 +107,8 @@
     {
       "id": "c4829cb4-ed05-4154-ab6c-9240f0ea0b04",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:25.174Z",
-      "version": "WzM3MSwxXQ==",
+      "updated_at": "2020-02-12T15:00:25.265Z",
+      "version": "WzM4NiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -173,8 +134,8 @@
     {
       "id": "3b82d24e-d3dd-48fa-a539-98a46ccbfd49",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:25.174Z",
-      "version": "WzM3MiwxXQ==",
+      "updated_at": "2020-02-12T15:00:25.265Z",
+      "version": "WzM4NywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -200,8 +161,8 @@
     {
       "id": "974779e2-ab49-4fe8-88db-bf5321664f1a",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:25.174Z",
-      "version": "WzM3MywxXQ==",
+      "updated_at": "2020-02-12T15:00:25.265Z",
+      "version": "WzM4OCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -227,12 +188,12 @@
     {
       "id": "3282a033-fff4-41cb-abe6-d896b4a2e03d",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:52:14.672Z",
-      "version": "WzgyMCwxXQ==",
+      "updated_at": "2020-02-12T19:18:50.700Z",
+      "version": "WzExMTYsMV0=",
       "attributes": {
         "title": "SMB - Version",
-        "visState": "{\"title\":\"SMB - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SMB Version\"}}]}",
-        "uiStateJSON": "{}",
+        "visState": "{\"title\":\"SMB - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"SMB Version\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SMB Version\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -254,8 +215,8 @@
     {
       "id": "02359f84-0114-4d9d-8731-2b6820722e32",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:25.174Z",
-      "version": "WzM3NSwxXQ==",
+      "updated_at": "2020-02-12T15:00:25.265Z",
+      "version": "WzM5MCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - File Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}",
         "description": "",
@@ -281,8 +242,8 @@
     {
       "id": "c8f1ff18-93e9-4ce9-a188-c947f7dadc05",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:25.174Z",
-      "version": "WzM3NiwxXQ==",
+      "updated_at": "2020-02-12T15:00:25.265Z",
+      "version": "WzM5MSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}",
         "description": "",
@@ -308,8 +269,8 @@
     {
       "id": "24b9dbff-7362-4982-9ce7-660001594ff9",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:25.174Z",
-      "version": "WzM3NywxXQ==",
+      "updated_at": "2020-02-12T15:00:25.265Z",
+      "version": "WzM5MiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -335,11 +296,11 @@
     {
       "id": "AWDHDfDkxQT5EBNmq4fQ",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:25.174Z",
-      "version": "WzM3OCwxXQ==",
+      "updated_at": "2020-02-12T19:15:37.317Z",
+      "version": "WzExMTIsMV0=",
       "attributes": {
         "title": "SMB - Log Count",
-        "visState": "{\"title\":\"SMB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
+        "visState": "{\"title\":\"SMB - Log Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":100}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#FB9E00\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":30}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}}}],\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}}},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.logType\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SMB Log Type\"}}]}",
         "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
         "description": "",
         "version": 1,
@@ -350,8 +311,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "e0cefef5-911e-4e38-a1ea-e67c982cb7c7"
         }
       ],
@@ -362,8 +323,8 @@
     {
       "id": "0fa8205d-717f-4385-a031-d15e5f1b6c08",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:53:56.975Z",
-      "version": "WzgyMiwxXQ==",
+      "updated_at": "2020-02-12T15:00:25.265Z",
+      "version": "WzM5NCwxXQ==",
       "attributes": {
         "title": "SMB - Destination Port",
         "visState": "{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}",
@@ -389,8 +350,8 @@
     {
       "id": "b74e39c0-49ca-11ea-812f-2bc51df4ea1e",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:55:59.580Z",
-      "version": "WzgyNCwxXQ==",
+      "updated_at": "2020-02-12T15:00:25.265Z",
+      "version": "WzM5NSwxXQ==",
       "attributes": {
         "title": "SMB Action",
         "visState": "{\"title\":\"SMB Action\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
@@ -412,6 +373,46 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "e0cefef5-911e-4e38-a1ea-e67c982cb7c7",
+      "type": "search",
+      "updated_at": "2020-02-12T19:13:30.989Z",
+      "version": "WzExMDksMV0=",
+      "attributes": {
+        "title": "SMB - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.logType",
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek.service_version",
+          "zeek.action",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"zeek.logType:smb*\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
index 05774652f..5d71a81a2 100644
--- a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
+++ b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
@@ -4,130 +4,91 @@
     {
       "id": "432af556-c5c0-4cc3-8166-b274b4e3a406",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:25.704Z",
-      "version": "WzI0MSwxXQ==",
+      "updated_at": "2020-02-12T16:06:03.870Z",
+      "version": "Wzg4MCwxXQ==",
       "attributes": {
         "title": "DCE/RPC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":104,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":80,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"panelIndex\":\"17\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":80,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":69,\"w\":24,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":69,\"w\":24,\"h\":21,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":41,\"i\":\"b3cbd28a-4659-4e23-bf69-106fad9d565c\"},\"panelIndex\":\"b3cbd28a-4659-4e23-bf69-106fad9d565c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
         {
           "name": "panel_0",
-          "type": "search",
-          "id": "bc940221-83d5-416e-a353-dc8fc2f84141"
-        },
-        {
-          "name": "panel_1",
           "type": "visualization",
           "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3"
         },
         {
-          "name": "panel_2",
+          "name": "panel_1",
           "type": "visualization",
           "id": "64e82156-689a-41fc-974f-efe021d73dc0"
         },
         {
-          "name": "panel_3",
+          "name": "panel_2",
           "type": "visualization",
           "id": "ea6fd4c1-04f0-450a-9b4b-ecb9db0117dc"
         },
         {
-          "name": "panel_4",
+          "name": "panel_3",
           "type": "visualization",
           "id": "6f4a3352-abb1-4a5e-8665-ab86954aed7d"
         },
         {
-          "name": "panel_5",
+          "name": "panel_4",
           "type": "visualization",
           "id": "8d57876a-ee4d-4843-8148-9ac644ce5b45"
         },
         {
-          "name": "panel_6",
+          "name": "panel_5",
           "type": "visualization",
           "id": "d3858962-fc17-4d6f-b933-e94f7ffc9ae3"
         },
         {
-          "name": "panel_7",
+          "name": "panel_6",
           "type": "visualization",
           "id": "52727beb-0e12-4ee5-a3d4-eebd93ee2dd3"
         },
         {
-          "name": "panel_8",
+          "name": "panel_7",
           "type": "visualization",
           "id": "b57e74bf-8024-44cd-b755-7d73e19588c2"
         },
         {
-          "name": "panel_9",
+          "name": "panel_8",
           "type": "visualization",
           "id": "AWDG8k4OxQT5EBNmq37a"
         },
         {
-          "name": "panel_10",
+          "name": "panel_9",
           "type": "visualization",
           "id": "30c677f4-d593-440c-b420-56532602853b"
         },
         {
-          "name": "panel_11",
+          "name": "panel_10",
           "type": "visualization",
           "id": "6b6bcbc1-6753-409f-86dd-f552195ccf03"
-        }
-      ],
-      "migrationVersion": {
-        "dashboard": "7.3.0"
-      }
-    },
-    {
-      "id": "bc940221-83d5-416e-a353-dc8fc2f84141",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:25.704Z",
-      "version": "WzIyOSwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "DCE/RPC - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:dce_rpc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
         {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
+          "name": "panel_11",
+          "type": "search",
+          "id": "bc940221-83d5-416e-a353-dc8fc2f84141"
         }
       ],
       "migrationVersion": {
-        "search": "7.4.0"
+        "dashboard": "7.3.0"
       }
     },
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -146,8 +107,8 @@
     {
       "id": "64e82156-689a-41fc-974f-efe021d73dc0",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:25.704Z",
-      "version": "WzIzMSwxXQ==",
+      "updated_at": "2020-02-12T15:00:26.285Z",
+      "version": "WzM5OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DCE/RPC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -173,8 +134,8 @@
     {
       "id": "ea6fd4c1-04f0-450a-9b4b-ecb9db0117dc",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:25.704Z",
-      "version": "WzIzMiwxXQ==",
+      "updated_at": "2020-02-12T15:00:26.285Z",
+      "version": "WzQwMCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DCE/RPC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -200,8 +161,8 @@
     {
       "id": "6f4a3352-abb1-4a5e-8665-ab86954aed7d",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:25.704Z",
-      "version": "WzIzMywxXQ==",
+      "updated_at": "2020-02-12T15:00:26.285Z",
+      "version": "WzQwMSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DCE/RPC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -227,8 +188,8 @@
     {
       "id": "8d57876a-ee4d-4843-8148-9ac644ce5b45",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:25.704Z",
-      "version": "WzIzNCwxXQ==",
+      "updated_at": "2020-02-12T15:00:26.285Z",
+      "version": "WzQwMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dce_rpc.endpoint\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}}],\"listeners\":{}}",
         "description": "",
@@ -254,8 +215,8 @@
     {
       "id": "d3858962-fc17-4d6f-b933-e94f7ffc9ae3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:25.704Z",
-      "version": "WzIzNSwxXQ==",
+      "updated_at": "2020-02-12T15:00:26.285Z",
+      "version": "WzQwMywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dce_rpc.named_pipe\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}",
         "description": "",
@@ -281,8 +242,8 @@
     {
       "id": "52727beb-0e12-4ee5-a3d4-eebd93ee2dd3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:25.704Z",
-      "version": "WzIzNiwxXQ==",
+      "updated_at": "2020-02-12T15:00:26.285Z",
+      "version": "WzQwNCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dce_rpc.operation\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}",
         "description": "",
@@ -308,8 +269,8 @@
     {
       "id": "b57e74bf-8024-44cd-b755-7d73e19588c2",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:25.704Z",
-      "version": "WzIzNywxXQ==",
+      "updated_at": "2020-02-12T15:00:26.285Z",
+      "version": "WzQwNSwxXQ==",
       "attributes": {
         "title": "DCE/RPC - Round Trip Time",
         "visState": "{\"title\":\"DCE/RPC - Round Trip Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dce_rpc.rtt\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Round Trip Time\"}}]}",
@@ -335,8 +296,8 @@
     {
       "id": "AWDG8k4OxQT5EBNmq37a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:25.704Z",
-      "version": "WzIzOCwxXQ==",
+      "updated_at": "2020-02-12T15:00:26.285Z",
+      "version": "WzQwNiwxXQ==",
       "attributes": {
         "title": "DCE/RPC - Log Count",
         "visState": "{\"title\":\"DCE/RPC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -362,8 +323,8 @@
     {
       "id": "30c677f4-d593-440c-b420-56532602853b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:25.704Z",
-      "version": "WzIzOSwxXQ==",
+      "updated_at": "2020-02-12T15:00:26.285Z",
+      "version": "WzQwNywxXQ==",
       "attributes": {
         "title": "DCE/RPC - Destination Port",
         "visState": "{\"title\":\"DCE/RPC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}",
@@ -389,8 +350,8 @@
     {
       "id": "6b6bcbc1-6753-409f-86dd-f552195ccf03",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:25.704Z",
-      "version": "WzI0MCwxXQ==",
+      "updated_at": "2020-02-12T15:00:26.285Z",
+      "version": "WzQwOCwxXQ==",
       "attributes": {
         "title": "DCE/RPC - Summary",
         "visState": "{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dce_rpc.endpoint\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dce_rpc.operation\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dce_rpc.named_pipe\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}",
@@ -412,6 +373,46 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "bc940221-83d5-416e-a353-dc8fc2f84141",
+      "type": "search",
+      "updated_at": "2020-02-12T16:05:11.823Z",
+      "version": "Wzg3OCwxXQ==",
+      "attributes": {
+        "title": "DCE/RPC - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "zeek_dce_rpc.operation",
+          "zeek_dce_rpc.endpoint",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":\"zeek.logType:dce_rpc\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
index fb75c1816..63f3fbab4 100644
--- a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
+++ b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
@@ -4,18 +4,18 @@
     {
       "id": "4e5f106e-c60a-4226-8f64-d534abb912ab",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:26.725Z",
-      "version": "WzI1MiwxXQ==",
+      "updated_at": "2020-02-12T19:47:20.532Z",
+      "version": "WzExNjIsMV0=",
       "attributes": {
         "title": "SNMP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":12,\"h\":24,\"x\":24,\"y\":32,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":32,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":8,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":21,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":37,\"y\":8,\"w\":11,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":21,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":22,\"y\":8,\"w\":15,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":39,\"i\":\"3c17aeed-cffb-4aaf-a3b3-710de42d206c\"},\"panelIndex\":\"3c17aeed-cffb-4aaf-a3b3-710de42d206c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -51,23 +51,23 @@
         },
         {
           "name": "panel_6",
-          "type": "search",
-          "id": "a7b5dae1-2f35-47c9-91ba-c8e8e66d10c8"
+          "type": "visualization",
+          "id": "9d7d51d5-9d5f-4fc1-a0fe-bffa6c7548a9"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "9d7d51d5-9d5f-4fc1-a0fe-bffa6c7548a9"
+          "id": "AWDHD-LfxQT5EBNmq4iB"
         },
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "AWDHD-LfxQT5EBNmq4iB"
+          "id": "72341dff-ce1a-4f9c-bf4b-5675409476a1"
         },
         {
           "name": "panel_9",
-          "type": "visualization",
-          "id": "72341dff-ce1a-4f9c-bf4b-5675409476a1"
+          "type": "search",
+          "id": "a7b5dae1-2f35-47c9-91ba-c8e8e66d10c8"
         }
       ],
       "migrationVersion": {
@@ -77,8 +77,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -97,8 +97,8 @@
     {
       "id": "96dc7277-2123-4a0d-9311-571a6dd9bb0a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:26.725Z",
-      "version": "WzI0MywxXQ==",
+      "updated_at": "2020-02-12T15:00:28.340Z",
+      "version": "WzQyNSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SNMP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -124,8 +124,8 @@
     {
       "id": "272670ef-2b43-45dc-b8ae-c7f2ead10348",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:26.725Z",
-      "version": "WzI0NCwxXQ==",
+      "updated_at": "2020-02-12T15:00:28.340Z",
+      "version": "WzQyNiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SNMP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -151,8 +151,8 @@
     {
       "id": "cf0c69f3-7cc6-4c70-a33a-154e77ca547a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:26.725Z",
-      "version": "WzI0NSwxXQ==",
+      "updated_at": "2020-02-12T15:00:28.340Z",
+      "version": "WzQyNywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SNMP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -178,8 +178,8 @@
     {
       "id": "f95dd65c-c240-4144-bd27-ff5692843e25",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:26.725Z",
-      "version": "WzI0NiwxXQ==",
+      "updated_at": "2020-02-12T15:00:28.340Z",
+      "version": "WzQyOCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SNMP - Session Duration\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_snmp.duration\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration\"}}],\"listeners\":{}}",
         "description": "",
@@ -205,13 +205,13 @@
     {
       "id": "14a4ae12-fc79-45a8-ad86-2c08a5118e37",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:26.725Z",
-      "version": "WzI0NywxXQ==",
+      "updated_at": "2020-02-12T19:43:33.030Z",
+      "version": "WzExNDksMV0=",
       "attributes": {
-        "visState": "{\"title\":\"SNMP - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_snmp.version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
-        "description": "",
         "title": "SNMP - Version",
-        "uiStateJSON": "{}",
+        "visState": "{\"title\":\"SNMP - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"zeek_snmp.version: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_snmp.version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SNMP Version\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -220,8 +220,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "a7b5dae1-2f35-47c9-91ba-c8e8e66d10c8"
         }
       ],
@@ -229,50 +229,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "a7b5dae1-2f35-47c9-91ba-c8e8e66d10c8",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:26.725Z",
-      "version": "WzI0OCwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "SNMP - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:snmp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "9d7d51d5-9d5f-4fc1-a0fe-bffa6c7548a9",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:26.725Z",
-      "version": "WzI0OSwxXQ==",
+      "updated_at": "2020-02-12T15:00:28.340Z",
+      "version": "WzQzMSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SNMP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
         "description": "",
@@ -298,8 +259,8 @@
     {
       "id": "AWDHD-LfxQT5EBNmq4iB",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:26.725Z",
-      "version": "WzI1MCwxXQ==",
+      "updated_at": "2020-02-12T15:00:28.340Z",
+      "version": "WzQzMiwxXQ==",
       "attributes": {
         "title": "SNMP - Log Count",
         "visState": "{\"title\":\"SNMP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -325,8 +286,8 @@
     {
       "id": "72341dff-ce1a-4f9c-bf4b-5675409476a1",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:26.725Z",
-      "version": "WzI1MSwxXQ==",
+      "updated_at": "2020-02-12T15:00:28.340Z",
+      "version": "WzQzMywxXQ==",
       "attributes": {
         "title": "SNMP - Community String",
         "visState": "{\"title\":\"SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_snmp.community\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Community String\"}}]}",
@@ -348,6 +309,45 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "a7b5dae1-2f35-47c9-91ba-c8e8e66d10c8",
+      "type": "search",
+      "updated_at": "2020-02-12T19:46:48.081Z",
+      "version": "WzExNjAsMV0=",
+      "attributes": {
+        "title": "SNMP - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_snmp.version",
+          "zeek_snmp.community",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:snmp\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
index 0cfbb593e..1b9763d0d 100644
--- a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
+++ b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
@@ -4,18 +4,18 @@
     {
       "id": "50ced171-1b10-4c3f-8b67-2db9635661a6",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:27.758Z",
-      "version": "WzI2MCwxXQ==",
+      "updated_at": "2020-02-12T17:54:05.240Z",
+      "version": "Wzk4MiwxXQ==",
       "attributes": {
         "title": "MySQL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":24,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true},\"legendOpen\":false},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":24,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":9,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":15,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":24,\"w\":48,\"h\":32,\"i\":\"04e96790-2a76-4656-956b-bdf780792c40\"},\"panelIndex\":\"04e96790-2a76-4656-956b-bdf780792c40\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":26,\"i\":\"27a5666b-5633-4982-b276-ecafa4a38b74\"},\"panelIndex\":\"27a5666b-5633-4982-b276-ecafa4a38b74\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -32,27 +32,22 @@
         {
           "name": "panel_2",
           "type": "visualization",
-          "id": "0229ca49-719d-4668-8fa0-a5b0777be627"
+          "id": "AWDHBRrrxQT5EBNmq4TI"
         },
         {
           "name": "panel_3",
-          "type": "search",
-          "id": "f4ad663c-8222-4f64-9f66-d4fa8b04c20a"
+          "type": "visualization",
+          "id": "3bfe2a4c-d202-49e0-8ebc-484e542f910f"
         },
         {
           "name": "panel_4",
           "type": "visualization",
-          "id": "AWDHBRrrxQT5EBNmq4TI"
+          "id": "f82136c0-4dbf-11ea-8336-d3388483188b"
         },
         {
           "name": "panel_5",
-          "type": "visualization",
-          "id": "e2396df9-49c7-445a-bb80-3ff4c1432912"
-        },
-        {
-          "name": "panel_6",
-          "type": "visualization",
-          "id": "3bfe2a4c-d202-49e0-8ebc-484e542f910f"
+          "type": "search",
+          "id": "f4ad663c-8222-4f64-9f66-d4fa8b04c20a"
         }
       ],
       "migrationVersion": {
@@ -62,13 +57,13 @@
     {
       "id": "a2e900c8-9dd9-490b-9043-a9b5034424b5",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:27.758Z",
-      "version": "WzI1MywxXQ==",
+      "updated_at": "2020-02-12T17:52:54.897Z",
+      "version": "Wzk4MCwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"MySQL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
-        "description": "",
         "title": "MySQL - Log Count Over Time",
+        "visState": "{\"title\":\"MySQL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"line\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD\"}},\"params\":{\"date\":true,\"interval\":\"P30D\",\"intervalESValue\":30,\"intervalESUnit\":\"d\",\"format\":\"YYYY-MM-DD\",\"bounds\":{\"min\":\"1976-02-12T17:52:43.825Z\",\"max\":\"2020-02-12T17:52:43.825Z\"}},\"label\":\"firstPacket per 30 days\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-44y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_mysql.cmd\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Command\"}}]}",
         "uiStateJSON": "{}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -77,8 +72,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "f4ad663c-8222-4f64-9f66-d4fa8b04c20a"
         }
       ],
@@ -89,8 +84,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -107,15 +102,15 @@
       }
     },
     {
-      "id": "0229ca49-719d-4668-8fa0-a5b0777be627",
+      "id": "AWDHBRrrxQT5EBNmq4TI",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:27.758Z",
-      "version": "WzI1NSwxXQ==",
+      "updated_at": "2020-02-12T15:00:29.369Z",
+      "version": "WzQzOSwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"MySQL - Command/Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_mysql.command\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_mysql.arg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}",
+        "title": "MySQL - Log Count",
+        "visState": "{\"title\":\"MySQL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
+        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
         "description": "",
-        "title": "MySQL - Command/Argument",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -134,64 +129,25 @@
       }
     },
     {
-      "id": "f4ad663c-8222-4f64-9f66-d4fa8b04c20a",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:27.758Z",
-      "version": "WzI1NiwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "MySQL - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:mysql\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
-    {
-      "id": "AWDHBRrrxQT5EBNmq4TI",
+      "id": "3bfe2a4c-d202-49e0-8ebc-484e542f910f",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:27.758Z",
-      "version": "WzI1NywxXQ==",
+      "updated_at": "2020-02-12T17:37:49.986Z",
+      "version": "Wzk2NiwxXQ==",
       "attributes": {
-        "title": "MySQL - Log Count",
-        "visState": "{\"title\":\"MySQL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
-        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
+        "title": "MySQL - Success",
+        "visState": "{\"title\":\"MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"zeek_mysql.success: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
+          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "f4ad663c-8222-4f64-9f66-d4fa8b04c20a"
         }
       ],
@@ -200,25 +156,25 @@
       }
     },
     {
-      "id": "e2396df9-49c7-445a-bb80-3ff4c1432912",
+      "id": "f82136c0-4dbf-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:27.758Z",
-      "version": "WzI1OCwxXQ==",
+      "updated_at": "2020-02-12T17:50:55.881Z",
+      "version": "Wzk3OCwxXQ==",
       "attributes": {
-        "title": "MySQL - Response",
-        "visState": "{\"title\":\"MySQL - Response\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_mysql.response\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "title": "MySQL - Commands",
+        "visState": "{\"title\":\"MySQL - Commands\",\"type\":\"table\",\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Argument\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Response\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Success\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_mysql.cmd\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_mysql.arg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Argument\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_mysql.response\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Response\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Success\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+          "searchSourceJSON": "{}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "f4ad663c-8222-4f64-9f66-d4fa8b04c20a"
         }
       ],
@@ -227,30 +183,42 @@
       }
     },
     {
-      "id": "3bfe2a4c-d202-49e0-8ebc-484e542f910f",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:27.758Z",
-      "version": "WzI1OSwxXQ==",
+      "id": "f4ad663c-8222-4f64-9f66-d4fa8b04c20a",
+      "type": "search",
+      "updated_at": "2020-02-12T17:43:24.227Z",
+      "version": "Wzk3MCwxXQ==",
       "attributes": {
-        "title": "MySQL - Success",
-        "visState": "{\"title\":\"MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_mysql.success\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
-        "uiStateJSON": "{}",
+        "title": "MySQL - Logs",
         "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_mysql.cmd",
+          "zeek_mysql.success",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
-        },
-        "savedSearchRefName": "search_0"
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:mysql\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
-          "type": "search",
-          "name": "search_0",
-          "id": "f4ad663c-8222-4f64-9f66-d4fa8b04c20a"
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
         }
       ],
       "migrationVersion": {
-        "visualization": "7.4.2"
+        "search": "7.4.0"
       }
     }
   ]
diff --git a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
index 12cd7d009..ec2f6d10e 100644
--- a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
+++ b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
@@ -4,18 +4,18 @@
     {
       "id": "543118a9-02d7-43fe-b669-b8652177fc37",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:28.779Z",
-      "version": "WzI3MywxXQ==",
+      "updated_at": "2020-02-12T18:02:40.275Z",
+      "version": "WzEwMDAsMV0=",
       "attributes": {
         "title": "NTLM",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":60,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"4\",\"gridData\":{\"x\":0,\"y\":84,\"w\":48,\"h\":24,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"5\",\"gridData\":{\"x\":32,\"y\":32,\"w\":16,\"h\":28,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":8,\"y\":32,\"w\":12,\"h\":28,\"i\":\"7\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":20,\"y\":32,\"w\":12,\"h\":28,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":16,\"y\":60,\"w\":16,\"h\":24,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":0,\"y\":60,\"w\":16,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"13\",\"gridData\":{\"x\":32,\"y\":60,\"w\":16,\"h\":24,\"i\":\"13\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":24,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"panelIndex\":\"15\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"16\",\"gridData\":{\"x\":8,\"y\":8,\"w\":24,\"h\":24,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":23,\"w\":16,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":12,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":27,\"w\":12,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":47,\"w\":16,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":47,\"w\":16,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":24,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":15,\"i\":\"810e5272-b5cd-4e76-b0cf-32cc7a3f57e8\"},\"panelIndex\":\"810e5272-b5cd-4e76-b0cf-32cc7a3f57e8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":40,\"i\":\"cac38fd6-65a1-4041-83e4-f95e0d136537\"},\"panelIndex\":\"cac38fd6-65a1-4041-83e4-f95e0d136537\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek_ntlm.host\",\"zeek_ntlm.domain\",\"zeek_ntlm.server_nb_computer\",\"zeek_ntlm.server_dns_computer\",\"zeek_ntlm.server_tree\",\"zeek.uid\"]},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -31,53 +31,53 @@
         },
         {
           "name": "panel_2",
-          "type": "search",
-          "id": "40c651a5-3e02-47b4-8d6b-8628a351007c"
+          "type": "visualization",
+          "id": "9500b522-519f-4219-8ba3-8f5fa5bc1452"
         },
         {
           "name": "panel_3",
           "type": "visualization",
-          "id": "9500b522-519f-4219-8ba3-8f5fa5bc1452"
+          "id": "cc045686-66be-4450-8d8a-90927323968d"
         },
         {
           "name": "panel_4",
           "type": "visualization",
-          "id": "cc045686-66be-4450-8d8a-90927323968d"
+          "id": "9e559bef-866f-4934-b1b5-4db5bf213664"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "9e559bef-866f-4934-b1b5-4db5bf213664"
+          "id": "706e217b-6d5c-4c74-b340-a34c9801e2dc"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "706e217b-6d5c-4c74-b340-a34c9801e2dc"
+          "id": "97f78ed5-c786-4e8d-924e-3c69f09cd79f"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "97f78ed5-c786-4e8d-924e-3c69f09cd79f"
+          "id": "03592efa-6618-4b50-8071-21accd137e30"
         },
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "03592efa-6618-4b50-8071-21accd137e30"
+          "id": "AWDHCEx7xQT5EBNmq4Vf"
         },
         {
           "name": "panel_9",
           "type": "visualization",
-          "id": "96ae9f6a-7b69-4bcb-afa8-96c34fb0aa80"
+          "id": "319e9e0b-b12e-4401-8833-3c62de2df7da"
         },
         {
           "name": "panel_10",
           "type": "visualization",
-          "id": "AWDHCEx7xQT5EBNmq4Vf"
+          "id": "110b46c0-4dc1-11ea-8336-d3388483188b"
         },
         {
           "name": "panel_11",
-          "type": "visualization",
-          "id": "319e9e0b-b12e-4401-8833-3c62de2df7da"
+          "type": "search",
+          "id": "40c651a5-3e02-47b4-8d6b-8628a351007c"
         }
       ],
       "migrationVersion": {
@@ -87,8 +87,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -107,8 +107,8 @@
     {
       "id": "7be3afad-a0db-466b-8dd1-3e04d5acea6b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:28.779Z",
-      "version": "WzI2MiwxXQ==",
+      "updated_at": "2020-02-12T15:00:30.401Z",
+      "version": "WzQ0NCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"NTLM - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -131,55 +131,16 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "40c651a5-3e02-47b4-8d6b-8628a351007c",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:28.779Z",
-      "version": "WzI2MywxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "NTLM - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:ntlm\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "9500b522-519f-4219-8ba3-8f5fa5bc1452",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:28.779Z",
-      "version": "WzI2NCwxXQ==",
+      "updated_at": "2020-02-12T17:58:15.812Z",
+      "version": "Wzk4NywxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ntlm.host\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}",
-        "description": "",
         "title": "NTLM - Hostname",
+        "visState": "{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Hostname\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ntlm.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -188,8 +149,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "40c651a5-3e02-47b4-8d6b-8628a351007c"
         }
       ],
@@ -200,8 +161,8 @@
     {
       "id": "cc045686-66be-4450-8d8a-90927323968d",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:28.779Z",
-      "version": "WzI2NSwxXQ==",
+      "updated_at": "2020-02-12T15:00:30.401Z",
+      "version": "WzQ0NywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"NTLM - Domain Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ntlm.domain\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}",
         "description": "",
@@ -227,8 +188,8 @@
     {
       "id": "9e559bef-866f-4934-b1b5-4db5bf213664",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:28.779Z",
-      "version": "WzI2NiwxXQ==",
+      "updated_at": "2020-02-12T15:00:30.401Z",
+      "version": "WzQ0OCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"NTLM - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.user\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}",
         "description": "",
@@ -254,8 +215,8 @@
     {
       "id": "706e217b-6d5c-4c74-b340-a34c9801e2dc",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:28.779Z",
-      "version": "WzI2NywxXQ==",
+      "updated_at": "2020-02-12T15:00:30.401Z",
+      "version": "WzQ0OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"NTLM - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -281,8 +242,8 @@
     {
       "id": "97f78ed5-c786-4e8d-924e-3c69f09cd79f",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:28.779Z",
-      "version": "WzI2OCwxXQ==",
+      "updated_at": "2020-02-12T15:00:30.401Z",
+      "version": "WzQ1MCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"NTLM - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -308,8 +269,8 @@
     {
       "id": "03592efa-6618-4b50-8071-21accd137e30",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:28.779Z",
-      "version": "WzI2OSwxXQ==",
+      "updated_at": "2020-02-12T15:00:30.401Z",
+      "version": "WzQ1MSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"NTLM - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
         "description": "",
@@ -333,15 +294,15 @@
       }
     },
     {
-      "id": "96ae9f6a-7b69-4bcb-afa8-96c34fb0aa80",
+      "id": "AWDHCEx7xQT5EBNmq4Vf",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:28.779Z",
-      "version": "WzI3MCwxXQ==",
+      "updated_at": "2020-02-12T15:00:30.401Z",
+      "version": "WzQ1MywxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"NTLM - Status\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Status\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ntlm.status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Status\"}}],\"listeners\":{}}",
+        "title": "NTLM - Log Count",
+        "visState": "{\"title\":\"NTLM - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
+        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
         "description": "",
-        "title": "NTLM - Status",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -360,18 +321,18 @@
       }
     },
     {
-      "id": "AWDHCEx7xQT5EBNmq4Vf",
+      "id": "319e9e0b-b12e-4401-8833-3c62de2df7da",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:28.779Z",
-      "version": "WzI3MSwxXQ==",
+      "updated_at": "2020-02-12T15:00:30.401Z",
+      "version": "WzQ1NCwxXQ==",
       "attributes": {
-        "title": "NTLM - Log Count",
-        "visState": "{\"title\":\"NTLM - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
-        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
+        "title": "NTLM - Hostname to Username",
+        "visState": "{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ntlm.host\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.user\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ntlm.domain\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
+          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
         },
         "savedSearchRefName": "search_0"
       },
@@ -387,31 +348,73 @@
       }
     },
     {
-      "id": "319e9e0b-b12e-4401-8833-3c62de2df7da",
+      "id": "110b46c0-4dc1-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:28.779Z",
-      "version": "WzI3MiwxXQ==",
+      "updated_at": "2020-02-12T17:56:59.820Z",
+      "version": "Wzk4NCwxXQ==",
       "attributes": {
-        "title": "NTLM - Hostname to Username",
-        "visState": "{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ntlm.host\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.user\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ntlm.domain\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "title": "NTLM - Success",
+        "visState": "{\"title\":\"NTLM - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Success\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ntlm.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+          "searchSourceJSON": "{}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "40c651a5-3e02-47b4-8d6b-8628a351007c"
         }
       ],
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "40c651a5-3e02-47b4-8d6b-8628a351007c",
+      "type": "search",
+      "updated_at": "2020-02-12T18:02:58.042Z",
+      "version": "WzEwMDIsMV0=",
+      "attributes": {
+        "title": "NTLM - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_ntlm.host",
+          "zeek_ntlm.domain",
+          "zeek_ntlm.server_nb_computer",
+          "zeek_ntlm.server_dns_computer",
+          "zeek_ntlm.server_tree",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:ntlm\",\"time_zone\":\"America/Denver\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
index d380dc0d7..5b223c65b 100644
--- a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
+++ b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
@@ -4,18 +4,18 @@
     {
       "id": "665d1610-523d-11e9-a30e-e3576242f3ed",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:31.866Z",
-      "version": "WzI4OCwxXQ==",
+      "updated_at": "2020-02-12T15:53:37.316Z",
+      "version": "Wzg2NSwxXQ==",
       "attributes": {
         "title": "Signatures",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":56,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"9\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"10\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":48,\"i\":\"11\",\"w\":40,\"x\":8,\"y\":32},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"13\",\"w\":20,\"x\":28,\"y\":8},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":32,\"w\":48,\"h\":48,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -57,8 +57,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -77,8 +77,8 @@
     {
       "id": "0927a2fa-f94e-4f68-a23b-5054ed2e171a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:31.866Z",
-      "version": "WzI4MywxXQ==",
+      "updated_at": "2020-02-12T15:00:33.475Z",
+      "version": "WzQ2NSwxXQ==",
       "attributes": {
         "title": "Signatures - Log Count Over Time",
         "visState": "{\"title\":\"Signatures - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}",
@@ -103,8 +103,8 @@
     {
       "id": "8356c570-523f-11e9-a30e-e3576242f3ed",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:31.866Z",
-      "version": "WzI4NCwxXQ==",
+      "updated_at": "2020-02-12T15:00:33.475Z",
+      "version": "WzQ2NiwxXQ==",
       "attributes": {
         "title": "Signatures - Log Count",
         "visState": "{\"title\":\"Signatures - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}}]}",
@@ -130,8 +130,8 @@
     {
       "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:31.866Z",
-      "version": "WzI4NSwxXQ==",
+      "updated_at": "2020-02-12T15:00:43.723Z",
+      "version": "WzU4MywxXQ==",
       "attributes": {
         "title": "Signatures - Logs",
         "description": "",
@@ -167,8 +167,8 @@
     {
       "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:31.866Z",
-      "version": "WzI4NiwxXQ==",
+      "updated_at": "2020-02-12T15:00:43.723Z",
+      "version": "WzU3MywxXQ==",
       "attributes": {
         "title": "Signatures - Signature IDs",
         "visState": "{\"title\":\"Signatures - Signature IDs\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_signatures.signature_id\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature ID\"}}]}",
@@ -194,8 +194,8 @@
     {
       "id": "39073d50-525e-11e9-9bd7-13d6d1bafa75",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:31.866Z",
-      "version": "WzI4NywxXQ==",
+      "updated_at": "2020-02-12T15:00:33.475Z",
+      "version": "WzQ2OSwxXQ==",
       "attributes": {
         "title": "Signatures - Engines",
         "visState": "{\"title\":\"Signatures - Engines\",\"type\":\"horizontal_bar\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"bottom\",\"orderBucketsBySum\":false,\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_signatures.engine\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Engines\"}}]}",
diff --git a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
index 2881f7a5b..712eef5fa 100644
--- a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
+++ b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
@@ -4,18 +4,18 @@
     {
       "id": "76f2f912-80da-44cd-ab66-6a73c8344cc3",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:32.890Z",
-      "version": "WzI5OCwxXQ==",
+      "updated_at": "2020-02-12T17:13:26.938Z",
+      "version": "Wzk0NCwxXQ==",
       "attributes": {
         "title": "IRC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"15\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"15\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":27,\"w\":12,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":12,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":27,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":37,\"i\":\"d32001ad-b1a2-4fde-8feb-c06e3a7b1f91\"},\"panelIndex\":\"d32001ad-b1a2-4fde-8feb-c06e3a7b1f91\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -41,28 +41,28 @@
         },
         {
           "name": "panel_4",
-          "type": "search",
-          "id": "5486b4b2-714d-45d1-b347-ab274894de1f"
+          "type": "visualization",
+          "id": "6544edd6-ae35-4e10-be83-ede9cb2a5fa2"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "6544edd6-ae35-4e10-be83-ede9cb2a5fa2"
+          "id": "AWDG_HoKxQT5EBNmq4KN"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "AWDG_HoKxQT5EBNmq4KN"
+          "id": "7a04aa5c-8e7f-4405-9291-2fa3ce1b6c7a"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "7a04aa5c-8e7f-4405-9291-2fa3ce1b6c7a"
+          "id": "91a1e5ab-35e4-4a8a-a26f-4b4c1b9bb8ec"
         },
         {
           "name": "panel_8",
-          "type": "visualization",
-          "id": "91a1e5ab-35e4-4a8a-a26f-4b4c1b9bb8ec"
+          "type": "search",
+          "id": "5486b4b2-714d-45d1-b347-ab274894de1f"
         }
       ],
       "migrationVersion": {
@@ -72,8 +72,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -92,8 +92,8 @@
     {
       "id": "97e59b5d-86f2-42e6-9dbb-67336dd6c38a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:32.890Z",
-      "version": "WzI5MCwxXQ==",
+      "updated_at": "2020-02-12T15:00:34.504Z",
+      "version": "WzQ3MiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"IRC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -119,8 +119,8 @@
     {
       "id": "46ada5c4-3522-4a0c-a2dd-279d59e23160",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:32.890Z",
-      "version": "WzI5MSwxXQ==",
+      "updated_at": "2020-02-12T15:00:34.504Z",
+      "version": "WzQ3MywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -146,8 +146,8 @@
     {
       "id": "3e7fcb65-15e8-4a05-92de-ee924c08d85c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:32.890Z",
-      "version": "WzI5MiwxXQ==",
+      "updated_at": "2020-02-12T15:00:34.504Z",
+      "version": "WzQ3NCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -170,50 +170,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "5486b4b2-714d-45d1-b347-ab274894de1f",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:32.890Z",
-      "version": "WzI5MywxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "IRC - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:irc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "6544edd6-ae35-4e10-be83-ede9cb2a5fa2",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:32.890Z",
-      "version": "WzI5NCwxXQ==",
+      "updated_at": "2020-02-12T15:00:34.504Z",
+      "version": "WzQ3NiwxXQ==",
       "attributes": {
         "title": "IRC - Destination Port",
         "visState": "{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}",
@@ -239,8 +200,8 @@
     {
       "id": "AWDG_HoKxQT5EBNmq4KN",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:32.890Z",
-      "version": "WzI5NSwxXQ==",
+      "updated_at": "2020-02-12T15:00:34.504Z",
+      "version": "WzQ3NywxXQ==",
       "attributes": {
         "title": "IRC - Log Count",
         "visState": "{\"title\":\"IRC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -266,8 +227,8 @@
     {
       "id": "7a04aa5c-8e7f-4405-9291-2fa3ce1b6c7a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:32.890Z",
-      "version": "WzI5NiwxXQ==",
+      "updated_at": "2020-02-12T15:00:34.504Z",
+      "version": "WzQ3OCwxXQ==",
       "attributes": {
         "title": "IRC - Destination Country",
         "visState": "{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.destination_geo.city_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}",
@@ -293,8 +254,8 @@
     {
       "id": "91a1e5ab-35e4-4a8a-a26f-4b4c1b9bb8ec",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:32.890Z",
-      "version": "WzI5NywxXQ==",
+      "updated_at": "2020-02-12T15:00:34.504Z",
+      "version": "WzQ3OSwxXQ==",
       "attributes": {
         "title": "IRC - Command",
         "visState": "{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_irc.command\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}",
@@ -316,6 +277,46 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "5486b4b2-714d-45d1-b347-ab274894de1f",
+      "type": "search",
+      "updated_at": "2020-02-12T17:12:29.165Z",
+      "version": "Wzk0MiwxXQ==",
+      "attributes": {
+        "title": "IRC - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_irc.nick",
+          "zeek_irc.command",
+          "zeek_irc.value",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:irc\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
index b15f13623..ba9305c55 100644
--- a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
+++ b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
@@ -4,18 +4,18 @@
     {
       "id": "7f41913f-cba8-43f5-82a8-241b7ead03e0",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:34.939Z",
-      "version": "WzMxNiwxXQ==",
+      "updated_at": "2020-02-12T18:38:06.748Z",
+      "version": "WzEwNjEsMV0=",
       "attributes": {
         "title": "RDP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"w\":12,\"h\":12,\"x\":36,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":12,\"h\":12,\"x\":8,\"y\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"w\":16,\"h\":12,\"x\":20,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":40,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":15,\"x\":0,\"y\":40},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":16,\"x\":15,\"y\":40},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":12,\"i\":\"7\",\"w\":11,\"x\":37,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"9\",\"w\":17,\"x\":31,\"y\":40},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":12,\"i\":\"10\",\"w\":15,\"x\":8,\"y\":8},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":12,\"i\":\"11\",\"w\":14,\"x\":23,\"y\":8},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":20},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"14\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17548109-6b40-41e7-997f-17290b9759ac\",\"w\":20,\"x\":28,\"y\":20},\"panelIndex\":\"17548109-6b40-41e7-997f-17290b9759ac\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":36,\"i\":\"c76b082d-e205-42f7-8c7a-46be60fccb19\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"c76b082d-e205-42f7-8c7a-46be60fccb19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -31,58 +31,53 @@
         },
         {
           "name": "panel_2",
-          "type": "search",
-          "id": "5697fae3-8fed-45cd-82e1-ba6f86a99bd3"
+          "type": "visualization",
+          "id": "171c1475-1288-4dab-b5f4-f2105c7167a5"
         },
         {
           "name": "panel_3",
           "type": "visualization",
-          "id": "171c1475-1288-4dab-b5f4-f2105c7167a5"
+          "id": "0a4694d9-2c36-48f3-979e-22548fff8fda"
         },
         {
           "name": "panel_4",
           "type": "visualization",
-          "id": "0a4694d9-2c36-48f3-979e-22548fff8fda"
+          "id": "7bb9def4-0e06-49ba-a83a-8223f34d7331"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "7bb9def4-0e06-49ba-a83a-8223f34d7331"
+          "id": "890ddd12-deb4-4608-890c-f0290dea3566"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "0f8faebc-f66b-45b0-9015-6fa5a4d8258a"
+          "id": "874675b5-bc49-4a3a-8d6e-a7efd713919e"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "890ddd12-deb4-4608-890c-f0290dea3566"
+          "id": "088c8f99-a90e-4a1e-b1a4-afd93ff076da"
         },
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "874675b5-bc49-4a3a-8d6e-a7efd713919e"
+          "id": "b4d98d1f-dad9-4883-95ff-f8edc0b23b34"
         },
         {
           "name": "panel_9",
           "type": "visualization",
-          "id": "088c8f99-a90e-4a1e-b1a4-afd93ff076da"
+          "id": "AWDHCvBexQT5EBNmq4aK"
         },
         {
           "name": "panel_10",
           "type": "visualization",
-          "id": "b4d98d1f-dad9-4883-95ff-f8edc0b23b34"
+          "id": "93df26c0-4dc6-11ea-8336-d3388483188b"
         },
         {
           "name": "panel_11",
-          "type": "visualization",
-          "id": "29c1e2ac-9a73-4a64-944d-d76135f41f30"
-        },
-        {
-          "name": "panel_12",
-          "type": "visualization",
-          "id": "AWDHCvBexQT5EBNmq4aK"
+          "type": "search",
+          "id": "5697fae3-8fed-45cd-82e1-ba6f86a99bd3"
         }
       ],
       "migrationVersion": {
@@ -92,8 +87,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -112,8 +107,8 @@
     {
       "id": "b4e1f8d3-fdd9-4a86-b907-0e432b1a6049",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:34.939Z",
-      "version": "WzMwNCwxXQ==",
+      "updated_at": "2020-02-12T15:00:36.543Z",
+      "version": "WzQ4NiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RDP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -136,50 +131,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "5697fae3-8fed-45cd-82e1-ba6f86a99bd3",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:34.939Z",
-      "version": "WzMwNSwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "RDP - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:rdp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "171c1475-1288-4dab-b5f4-f2105c7167a5",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:34.939Z",
-      "version": "WzMwNiwxXQ==",
+      "updated_at": "2020-02-12T15:00:36.543Z",
+      "version": "WzQ4OCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RDP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -205,8 +161,8 @@
     {
       "id": "0a4694d9-2c36-48f3-979e-22548fff8fda",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:34.939Z",
-      "version": "WzMwNywxXQ==",
+      "updated_at": "2020-02-12T15:00:36.543Z",
+      "version": "WzQ4OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -232,8 +188,8 @@
     {
       "id": "7bb9def4-0e06-49ba-a83a-8223f34d7331",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:34.939Z",
-      "version": "WzMwOCwxXQ==",
+      "updated_at": "2020-02-12T15:00:36.543Z",
+      "version": "WzQ5MCwxXQ==",
       "attributes": {
         "title": "RDP - Destination Port",
         "visState": "{\"title\":\"RDP - Destination Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
@@ -257,14 +213,14 @@
       }
     },
     {
-      "id": "0f8faebc-f66b-45b0-9015-6fa5a4d8258a",
+      "id": "890ddd12-deb4-4608-890c-f0290dea3566",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:34.939Z",
-      "version": "WzMwOSwxXQ==",
+      "updated_at": "2020-02-12T15:00:36.543Z",
+      "version": "WzQ5MiwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"RDP - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_rdp.client_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}",
+        "visState": "{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_rdp.cookie\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}",
         "description": "",
-        "title": "RDP - Client",
+        "title": "RDP - Cookie",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -284,25 +240,25 @@
       }
     },
     {
-      "id": "890ddd12-deb4-4608-890c-f0290dea3566",
+      "id": "874675b5-bc49-4a3a-8d6e-a7efd713919e",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:34.939Z",
-      "version": "WzMxMCwxXQ==",
+      "updated_at": "2020-02-12T18:37:47.020Z",
+      "version": "WzEwNTksMV0=",
       "attributes": {
-        "visState": "{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_rdp.cookie\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}",
+        "title": "RDP - Result",
+        "visState": "{\"title\":\"RDP - Result\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_rdp.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
         "description": "",
-        "title": "RDP - Cookie",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
+          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "5697fae3-8fed-45cd-82e1-ba6f86a99bd3"
         }
       ],
@@ -311,13 +267,13 @@
       }
     },
     {
-      "id": "874675b5-bc49-4a3a-8d6e-a7efd713919e",
+      "id": "088c8f99-a90e-4a1e-b1a4-afd93ff076da",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:34.939Z",
-      "version": "WzMxMSwxXQ==",
+      "updated_at": "2020-02-12T15:00:36.543Z",
+      "version": "WzQ5NCwxXQ==",
       "attributes": {
-        "title": "RDP - Client Build",
-        "visState": "{\"title\":\"RDP - Client Build\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_rdp.client_build\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client Build\"}}]}",
+        "title": "RDP - Keyboard Layout",
+        "visState": "{\"title\":\"RDP - Keyboard Layout\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_rdp.keyboard_layout\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Keyboard Layout\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -338,13 +294,13 @@
       }
     },
     {
-      "id": "088c8f99-a90e-4a1e-b1a4-afd93ff076da",
+      "id": "b4d98d1f-dad9-4883-95ff-f8edc0b23b34",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:34.939Z",
-      "version": "WzMxMiwxXQ==",
+      "updated_at": "2020-02-12T18:26:24.737Z",
+      "version": "WzEwMzAsMV0=",
       "attributes": {
-        "title": "RDP - Keyboard Layout",
-        "visState": "{\"title\":\"RDP - Keyboard Layout\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_rdp.keyboard_layout\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Keyboard Layout\"}}]}",
+        "title": "RDP - Client Version",
+        "visState": "{\"title\":\"RDP - Client Version\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Client\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_rdp.client_build\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Client\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -355,8 +311,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "5697fae3-8fed-45cd-82e1-ba6f86a99bd3"
         }
       ],
@@ -365,18 +321,18 @@
       }
     },
     {
-      "id": "b4d98d1f-dad9-4883-95ff-f8edc0b23b34",
+      "id": "AWDHCvBexQT5EBNmq4aK",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:34.939Z",
-      "version": "WzMxMywxXQ==",
+      "updated_at": "2020-02-12T15:00:36.543Z",
+      "version": "WzQ5NywxXQ==",
       "attributes": {
-        "title": "RDP - Result",
-        "visState": "{\"title\":\"RDP - Result\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_rdp.result\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Result\"}}]}",
-        "uiStateJSON": "{}",
+        "title": "RDP - Log Count",
+        "visState": "{\"title\":\"RDP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
+        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+          "searchSourceJSON": "{\"filter\":[]}"
         },
         "savedSearchRefName": "search_0"
       },
@@ -392,25 +348,25 @@
       }
     },
     {
-      "id": "29c1e2ac-9a73-4a64-944d-d76135f41f30",
+      "id": "93df26c0-4dc6-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:34.939Z",
-      "version": "WzMxNCwxXQ==",
+      "updated_at": "2020-02-12T18:36:26.796Z",
+      "version": "WzEwNTYsMV0=",
       "attributes": {
-        "title": "RDP - Encryption Level",
-        "visState": "{\"title\":\"RDP - Encryption Level\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Encryption Level\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_rdp.encryption_level\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Encryption Level\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "title": "RDP - Encryption",
+        "visState": "{\"title\":\"RDP - Encryption\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Encryption Level\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Encryption Method\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_rdp.encryption_level\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Encryption Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_rdp.encryption_method\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Encryption Method\"}}]}",
+        "uiStateJSON": "{}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+          "searchSourceJSON": "{}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "5697fae3-8fed-45cd-82e1-ba6f86a99bd3"
         }
       ],
@@ -419,30 +375,45 @@
       }
     },
     {
-      "id": "AWDHCvBexQT5EBNmq4aK",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:34.939Z",
-      "version": "WzMxNSwxXQ==",
+      "id": "5697fae3-8fed-45cd-82e1-ba6f86a99bd3",
+      "type": "search",
+      "updated_at": "2020-02-12T18:31:03.976Z",
+      "version": "WzEwNDcsMV0=",
       "attributes": {
-        "title": "RDP - Log Count",
-        "visState": "{\"title\":\"RDP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
-        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
+        "title": "RDP - Logs",
         "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_rdp.client_build",
+          "zeek_rdp.keyboard_layout",
+          "zeek_rdp.security_protocol",
+          "zeek_rdp.encryption_method",
+          "zeek_rdp.result",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:rdp\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
-          "type": "search",
-          "name": "search_0",
-          "id": "5697fae3-8fed-45cd-82e1-ba6f86a99bd3"
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
         }
       ],
       "migrationVersion": {
-        "visualization": "7.4.2"
+        "search": "7.4.0"
       }
     }
   ]
diff --git a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index 2783e2554..f0a246d56 100644
--- a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -4,18 +4,18 @@
     {
       "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:35.964Z",
-      "version": "WzMzMiwxXQ==",
+      "updated_at": "2020-02-12T20:43:16.229Z",
+      "version": "WzEyMTcsMV0=",
       "attributes": {
         "title": "SSL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"7\"},\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":124,\"w\":16,\"h\":24,\"i\":\"9\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":36,\"y\":124,\"w\":12,\"h\":24,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":16,\"y\":124,\"w\":20,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":24,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"14\"},\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":0,\"y\":148,\"w\":48,\"h\":72,\"i\":\"15\"},\"version\":\"7.6.0\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"19\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":24,\"i\":\"19\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"20\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"21\",\"gridData\":{\"x\":8,\"y\":32,\"w\":40,\"h\":24,\"i\":\"21\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"version\":\"7.6.0\",\"panelRefName\":\"panel_12\"},{\"gridData\":{\"x\":0,\"y\":104,\"w\":24,\"h\":20,\"i\":\"22\"},\"version\":\"7.6.0\",\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":24,\"y\":104,\"w\":24,\"h\":20,\"i\":\"23\"},\"version\":\"7.6.0\",\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":69,\"w\":30,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":108,\"w\":13,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":27,\"y\":108,\"w\":9,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":13,\"y\":108,\"w\":14,\"h\":19,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":19,\"y\":50,\"w\":29,\"h\":19,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":50,\"w\":19,\"h\":19,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":10,\"y\":32,\"w\":38,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":88,\"w\":24,\"h\":20,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":88,\"w\":24,\"h\":20,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":32,\"w\":10,\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\"},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":30,\"y\":69,\"w\":18,\"h\":19,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\"},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":108,\"w\":12,\"h\":19,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\"},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":127,\"w\":48,\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\"},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -66,33 +66,48 @@
         },
         {
           "name": "panel_9",
-          "type": "search",
-          "id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
+          "type": "visualization",
+          "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a"
         },
         {
           "name": "panel_10",
           "type": "visualization",
-          "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a"
+          "id": "AWDHElRWxQT5EBNmq4lz"
         },
         {
           "name": "panel_11",
           "type": "visualization",
-          "id": "AWDHElRWxQT5EBNmq4lz"
+          "id": "1567ea7f-8d0e-470b-adbf-f605dd68bdce"
         },
         {
           "name": "panel_12",
           "type": "visualization",
-          "id": "1567ea7f-8d0e-470b-adbf-f605dd68bdce"
+          "id": "371b06d0-72a1-11e9-b0f3-590266f42743"
         },
         {
           "name": "panel_13",
           "type": "visualization",
-          "id": "371b06d0-72a1-11e9-b0f3-590266f42743"
+          "id": "bdda87a0-72a0-11e9-b0f3-590266f42743"
         },
         {
           "name": "panel_14",
           "type": "visualization",
-          "id": "bdda87a0-72a0-11e9-b0f3-590266f42743"
+          "id": "41325860-4dd6-11ea-8336-d3388483188b"
+        },
+        {
+          "name": "panel_15",
+          "type": "visualization",
+          "id": "9c20d940-4dd6-11ea-8336-d3388483188b"
+        },
+        {
+          "name": "panel_16",
+          "type": "visualization",
+          "id": "f13ba720-4dd6-11ea-8336-d3388483188b"
+        },
+        {
+          "name": "panel_17",
+          "type": "search",
+          "id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
         }
       ],
       "migrationVersion": {
@@ -102,8 +117,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -122,8 +137,8 @@
     {
       "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:35.964Z",
-      "version": "WzMxOCwxXQ==",
+      "updated_at": "2020-02-12T15:00:37.571Z",
+      "version": "WzUwMCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -149,8 +164,8 @@
     {
       "id": "d988522e-b3a8-4d74-98d4-96aff3e0f3f9",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:35.964Z",
-      "version": "WzMxOSwxXQ==",
+      "updated_at": "2020-02-12T15:00:37.571Z",
+      "version": "WzUwMSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.subject_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}",
         "description": "",
@@ -176,8 +191,8 @@
     {
       "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:35.964Z",
-      "version": "WzMyMCwxXQ==",
+      "updated_at": "2020-02-12T15:00:37.571Z",
+      "version": "WzUwMiwxXQ==",
       "attributes": {
         "title": "SSL - Version",
         "visState": "{\"title\":\"SSL - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssl.ssl_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
@@ -203,8 +218,8 @@
     {
       "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:35.964Z",
-      "version": "WzMyMSwxXQ==",
+      "updated_at": "2020-02-12T15:00:37.571Z",
+      "version": "WzUwMywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -230,8 +245,8 @@
     {
       "id": "f81fe18d-c2ff-4757-9de3-8b943a759169",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:35.964Z",
-      "version": "WzMyMiwxXQ==",
+      "updated_at": "2020-02-12T15:00:37.571Z",
+      "version": "WzUwNCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
         "description": "",
@@ -257,8 +272,8 @@
     {
       "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:35.964Z",
-      "version": "WzMyMywxXQ==",
+      "updated_at": "2020-02-12T15:00:37.571Z",
+      "version": "WzUwNSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -284,8 +299,8 @@
     {
       "id": "8486949c-3592-4831-9020-59bfd968ccfa",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyNCwxXQ==",
+      "updated_at": "2020-02-12T15:00:56.057Z",
+      "version": "WzcyMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.server_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}",
         "description": "",
@@ -311,8 +326,8 @@
     {
       "id": "d7a673bc-4a11-423b-acd3-a446425551c1",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:35.964Z",
-      "version": "WzMyNSwxXQ==",
+      "updated_at": "2020-02-12T15:00:37.571Z",
+      "version": "WzUwNywxXQ==",
       "attributes": {
         "title": "SSL - Destination Country",
         "visState": "{\"title\":\"SSL - Destination Country\",\"type\":\"histogram\",\"params\":{\"addLegend\":false,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"zeek.destination_geo.country_name: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
@@ -335,50 +350,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "b945a684-0841-4e86-87aa-0f1af6fb6579",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUzMywxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "SSL - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:ssl\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:35.964Z",
-      "version": "WzMyNywxXQ==",
+      "updated_at": "2020-02-12T15:00:37.571Z",
+      "version": "WzUwOSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.validation_status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}",
         "description": "",
@@ -404,8 +380,8 @@
     {
       "id": "AWDHElRWxQT5EBNmq4lz",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:35.964Z",
-      "version": "WzMyOCwxXQ==",
+      "updated_at": "2020-02-12T15:00:37.571Z",
+      "version": "WzUxMCwxXQ==",
       "attributes": {
         "title": "SSL - Log Count",
         "visState": "{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -431,8 +407,8 @@
     {
       "id": "1567ea7f-8d0e-470b-adbf-f605dd68bdce",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:35.964Z",
-      "version": "WzMyOSwxXQ==",
+      "updated_at": "2020-02-12T15:00:37.571Z",
+      "version": "WzUxMSwxXQ==",
       "attributes": {
         "title": "SSL - Summary",
         "visState": "{\"title\":\"SSL - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.server_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.subject.CN\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.validation_status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.ssl_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS Version\"}}]}",
@@ -458,8 +434,8 @@
     {
       "id": "371b06d0-72a1-11e9-b0f3-590266f42743",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:35.964Z",
-      "version": "WzMzMCwxXQ==",
+      "updated_at": "2020-02-12T15:00:37.571Z",
+      "version": "WzUxMiwxXQ==",
       "attributes": {
         "title": "SSL - Client JA3 Lookup",
         "visState": "{\"title\":\"SSL - Client JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.ja3_desc\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client JA3 Lookup\"}}]}",
@@ -485,8 +461,8 @@
     {
       "id": "bdda87a0-72a0-11e9-b0f3-590266f42743",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:35.964Z",
-      "version": "WzMzMSwxXQ==",
+      "updated_at": "2020-02-12T15:00:37.571Z",
+      "version": "WzUxMywxXQ==",
       "attributes": {
         "title": "SSL - Server JA3 Lookup",
         "visState": "{\"title\":\"SSL - Server JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.ja3s_desc\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server JA3 Lookup\"}}]}",
@@ -508,6 +484,127 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "41325860-4dd6-11ea-8336-d3388483188b",
+      "type": "visualization",
+      "updated_at": "2020-02-12T20:28:40.038Z",
+      "version": "WzExOTksMV0=",
+      "attributes": {
+        "title": "SSL - Connection Established",
+        "visState": "{\"title\":\"SSL - Connection Established\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Established\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssl.established\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Established\"}}]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "9c20d940-4dd6-11ea-8336-d3388483188b",
+      "type": "visualization",
+      "updated_at": "2020-02-12T20:31:12.595Z",
+      "version": "WzEyMDMsMV0=",
+      "attributes": {
+        "title": "SSL - Elliptic Curve",
+        "visState": "{\"title\":\"SSL - Elliptic Curve\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Elliptic Curve\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssl.curve\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Elliptic Curve\"}}]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "f13ba720-4dd6-11ea-8336-d3388483188b",
+      "type": "visualization",
+      "updated_at": "2020-02-12T20:33:35.378Z",
+      "version": "WzEyMDUsMV0=",
+      "attributes": {
+        "title": "SSL - Next Protocol",
+        "visState": "{\"title\":\"SSL - Next Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.next_protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Next Protocol\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "b945a684-0841-4e86-87aa-0f1af6fb6579",
+      "type": "search",
+      "updated_at": "2020-02-12T20:42:31.012Z",
+      "version": "WzEyMTYsMV0=",
+      "attributes": {
+        "title": "SSL - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_ssl.server_name",
+          "zeek_ssl.validation_status",
+          "zeek_ssl.established",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:ssl\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
index adeac2ff8..d67ca606c 100644
--- a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
+++ b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
@@ -4,18 +4,18 @@
     {
       "id": "82da3101-2a9c-4ae2-bb61-d447a3fbe673",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzM0NywxXQ==",
+      "updated_at": "2020-02-12T17:35:19.152Z",
+      "version": "Wzk2MiwxXQ==",
       "attributes": {
         "title": "Kerberos",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek_kerberos.request_type\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":48,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":48,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":96,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":96,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":96,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":28,\"h\":24,\"x\":0,\"y\":72,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":72,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":25,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":25,\"w\":19,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":17,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":19,\"y\":25,\"w\":19,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":15,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":24,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":45,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":65,\"w\":28,\"h\":25,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":23,\"y\":8,\"w\":13,\"h\":17,\"i\":\"7d02cf7a-cad4-4b2c-822d-a255de92ce23\"},\"panelIndex\":\"7d02cf7a-cad4-4b2c-822d-a255de92ce23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":38,\"y\":25,\"w\":10,\"h\":20,\"i\":\"defd333f-2642-4357-822f-9fa6f09a9356\"},\"panelIndex\":\"defd333f-2642-4357-822f-9fa6f09a9356\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":65,\"w\":20,\"h\":25,\"i\":\"6f759830-50a0-41d2-a383-b8e307be3ba3\"},\"panelIndex\":\"6f759830-50a0-41d2-a383-b8e307be3ba3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":30,\"i\":\"f0a6a77c-c3fe-48e1-aa26-870211f54ecf\"},\"panelIndex\":\"f0a6a77c-c3fe-48e1-aa26-870211f54ecf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -31,63 +31,63 @@
         },
         {
           "name": "panel_2",
-          "type": "search",
-          "id": "e1bfade1-72ee-4093-9257-5d1921c71041"
+          "type": "visualization",
+          "id": "5a8ab6ad-ea8c-4d52-935e-82fbd2445ec3"
         },
         {
           "name": "panel_3",
           "type": "visualization",
-          "id": "5a8ab6ad-ea8c-4d52-935e-82fbd2445ec3"
+          "id": "0319fd42-76c4-4894-b7d8-2540537705ff"
         },
         {
           "name": "panel_4",
           "type": "visualization",
-          "id": "0319fd42-76c4-4894-b7d8-2540537705ff"
+          "id": "334efe47-3d71-4995-8f73-8945969c6879"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "334efe47-3d71-4995-8f73-8945969c6879"
+          "id": "8fdb77a7-748c-47a6-a1f9-31c4583f354d"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "8fdb77a7-748c-47a6-a1f9-31c4583f354d"
+          "id": "62d29d31-59dd-4339-9793-5df6bd4cde91"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "62d29d31-59dd-4339-9793-5df6bd4cde91"
+          "id": "2805b0f5-d7cf-4cbc-8ffe-d6b087fadb82"
         },
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "2805b0f5-d7cf-4cbc-8ffe-d6b087fadb82"
+          "id": "626b7405-7acb-4b43-a0de-44e1d92c7fbf"
         },
         {
           "name": "panel_9",
           "type": "visualization",
-          "id": "c0fc173f-0d69-4e8d-9f3a-1cbf5992df1b"
+          "id": "AWDG_UbkxQT5EBNmq4Lg"
         },
         {
           "name": "panel_10",
           "type": "visualization",
-          "id": "626b7405-7acb-4b43-a0de-44e1d92c7fbf"
+          "id": "2bf924c0-4dbc-11ea-8336-d3388483188b"
         },
         {
           "name": "panel_11",
           "type": "visualization",
-          "id": "4767e016-b8e7-48e2-be2c-d4b3d958879f"
+          "id": "c8180830-4dbc-11ea-8336-d3388483188b"
         },
         {
           "name": "panel_12",
           "type": "visualization",
-          "id": "d8e847de-d2f5-4585-9e9e-b9f172c16134"
+          "id": "51e6a850-4dbd-11ea-8336-d3388483188b"
         },
         {
           "name": "panel_13",
-          "type": "visualization",
-          "id": "AWDG_UbkxQT5EBNmq4Lg"
+          "type": "search",
+          "id": "e1bfade1-72ee-4093-9257-5d1921c71041"
         }
       ],
       "migrationVersion": {
@@ -97,8 +97,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -117,8 +117,8 @@
     {
       "id": "aaf2aff1-0941-4df3-9668-329601e90ea3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzMzNCwxXQ==",
+      "updated_at": "2020-02-12T15:00:38.595Z",
+      "version": "WzUxNiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Kerberos - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -141,51 +141,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "e1bfade1-72ee-4093-9257-5d1921c71041",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzMzNSwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "Kerberos - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:kerberos\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek_kerberos.request_type",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "5a8ab6ad-ea8c-4d52-935e-82fbd2445ec3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzMzNiwxXQ==",
+      "updated_at": "2020-02-12T15:00:38.595Z",
+      "version": "WzUxOCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_kerberos.cname\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}",
         "description": "",
@@ -211,12 +171,12 @@
     {
       "id": "0319fd42-76c4-4894-b7d8-2540537705ff",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzMzNywxXQ==",
+      "updated_at": "2020-02-12T17:15:35.671Z",
+      "version": "Wzk0NiwxXQ==",
       "attributes": {
         "title": "Kerberos - Success Status",
-        "visState": "{\"title\":\"Kerberos - Success Status\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_kerberos.success\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
-        "uiStateJSON": "{}",
+        "visState": "{\"title\":\"Kerberos - Success Status\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"zeek_kerberos.success: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_kerberos.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -226,8 +186,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "e1bfade1-72ee-4093-9257-5d1921c71041"
         }
       ],
@@ -238,8 +198,8 @@
     {
       "id": "334efe47-3d71-4995-8f73-8945969c6879",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzMzOCwxXQ==",
+      "updated_at": "2020-02-12T15:00:38.595Z",
+      "version": "WzUyMCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_kerberos.sname\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}",
         "description": "",
@@ -265,8 +225,8 @@
     {
       "id": "8fdb77a7-748c-47a6-a1f9-31c4583f354d",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzMzOSwxXQ==",
+      "updated_at": "2020-02-12T15:00:38.595Z",
+      "version": "WzUyMSwxXQ==",
       "attributes": {
         "title": "Kerberos - Cipher",
         "visState": "{\"title\":\"Kerberos - Cipher\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_kerberos.cipher\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
@@ -292,8 +252,8 @@
     {
       "id": "62d29d31-59dd-4339-9793-5df6bd4cde91",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzM0MCwxXQ==",
+      "updated_at": "2020-02-12T15:00:38.595Z",
+      "version": "WzUyMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Kerberos - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -319,8 +279,8 @@
     {
       "id": "2805b0f5-d7cf-4cbc-8ffe-d6b087fadb82",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzM0MSwxXQ==",
+      "updated_at": "2020-02-12T15:00:38.595Z",
+      "version": "WzUyMywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Kerberos - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -344,15 +304,15 @@
       }
     },
     {
-      "id": "c0fc173f-0d69-4e8d-9f3a-1cbf5992df1b",
+      "id": "626b7405-7acb-4b43-a0de-44e1d92c7fbf",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzM0MiwxXQ==",
+      "updated_at": "2020-02-12T17:31:02.545Z",
+      "version": "Wzk1OCwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Kerberos - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
-        "description": "",
-        "title": "Kerberos - Destination Port",
+        "title": "Kerberos - Service",
+        "visState": "{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Service\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_kerberos.sname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -361,8 +321,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "e1bfade1-72ee-4093-9257-5d1921c71041"
         }
       ],
@@ -371,15 +331,15 @@
       }
     },
     {
-      "id": "626b7405-7acb-4b43-a0de-44e1d92c7fbf",
+      "id": "AWDG_UbkxQT5EBNmq4Lg",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzM0MywxXQ==",
+      "updated_at": "2020-02-12T15:00:38.595Z",
+      "version": "WzUyOCwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_kerberos.sname\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}",
+        "title": "Kerberos - Log Count",
+        "visState": "{\"title\":\"Kerberos - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
+        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
         "description": "",
-        "title": "Kerberos - Service",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -398,25 +358,25 @@
       }
     },
     {
-      "id": "4767e016-b8e7-48e2-be2c-d4b3d958879f",
+      "id": "2bf924c0-4dbc-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzM0NCwxXQ==",
+      "updated_at": "2020-02-12T17:21:57.516Z",
+      "version": "Wzk1MSwxXQ==",
       "attributes": {
-        "title": "Kerberos - Request Type",
-        "visState": "{\"title\":\"Kerberos - Request Type\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_kerberos.request_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Type\"}}]}",
-        "uiStateJSON": "{}",
+        "title": "Kerberos - Request Types",
+        "visState": "{\"title\":\"Kerberos - Request Types\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Request Type\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_kerberos.request_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request Type\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "e1bfade1-72ee-4093-9257-5d1921c71041"
         }
       ],
@@ -425,25 +385,25 @@
       }
     },
     {
-      "id": "d8e847de-d2f5-4585-9e9e-b9f172c16134",
+      "id": "c8180830-4dbc-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzM0NSwxXQ==",
+      "updated_at": "2020-02-12T17:26:19.442Z",
+      "version": "Wzk1NCwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Kerberos - Renewable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_kerberos.renewable\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Renewable\"}}],\"listeners\":{}}",
+        "title": "Kerberos - Renewable Ticket Requested",
+        "visState": "{\"title\":\"Kerberos - Renewable Ticket Requested\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Renewable ticket requested\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_kerberos.renewable\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Renewable ticket requested\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
-        "title": "Kerberos - Renewable",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
+          "searchSourceJSON": "{}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "e1bfade1-72ee-4093-9257-5d1921c71041"
         }
       ],
@@ -452,31 +412,71 @@
       }
     },
     {
-      "id": "AWDG_UbkxQT5EBNmq4Lg",
+      "id": "51e6a850-4dbd-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:36.982Z",
-      "version": "WzM0NiwxXQ==",
+      "updated_at": "2020-02-12T17:30:10.645Z",
+      "version": "Wzk1NywxXQ==",
       "attributes": {
-        "title": "Kerberos - Log Count",
-        "visState": "{\"title\":\"Kerberos - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
-        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
+        "title": "Kerberos - Destination Ports",
+        "visState": "{\"title\":\"Kerberos - Destination Ports\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"log\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstPort\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
+          "searchSourceJSON": "{}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "e1bfade1-72ee-4093-9257-5d1921c71041"
         }
       ],
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "e1bfade1-72ee-4093-9257-5d1921c71041",
+      "type": "search",
+      "updated_at": "2020-02-12T17:34:34.569Z",
+      "version": "Wzk2MSwxXQ==",
+      "attributes": {
+        "title": "Kerberos - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_kerberos.request_type",
+          "zeek_kerberos.success",
+          "zeek_kerberos.error_msg",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:kerberos\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
index 7d77706dc..7a6beceb8 100644
--- a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
+++ b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
@@ -4,18 +4,18 @@
     {
       "id": "870a5862-6c26-4a08-99fd-0c06cda85ba3",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:38.006Z",
-      "version": "WzM1NywxXQ==",
+      "updated_at": "2020-02-12T21:24:41.208Z",
+      "version": "WzEyNzksMV0=",
       "attributes": {
         "title": "DNP3",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":8,\"y\":32,\"w\":12,\"h\":24,\"i\":\"7\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":20,\"y\":32,\"w\":12,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":24,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"x\":32,\"y\":32,\"w\":16,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"13\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"14\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":37,\"i\":\"20bab908-6058-4f9a-819b-de9011dd65b0\"},\"panelIndex\":\"20bab908-6058-4f9a-819b-de9011dd65b0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -41,28 +41,28 @@
         },
         {
           "name": "panel_4",
-          "type": "search",
-          "id": "cc135a63-3e30-4703-bc31-f7ac09c1d21a"
+          "type": "visualization",
+          "id": "5dec50f8-81f2-46f0-affd-2f945b6b7475"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "5dec50f8-81f2-46f0-affd-2f945b6b7475"
+          "id": "AWDG9DWvxQT5EBNmq3-m"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "AWDG9DWvxQT5EBNmq3-m"
+          "id": "46cd2e4c-ecfb-4fe9-ae51-28c2fecbffc0"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "46cd2e4c-ecfb-4fe9-ae51-28c2fecbffc0"
+          "id": "9422ff81-b007-4eef-aca1-1af16509ab8c"
         },
         {
           "name": "panel_8",
-          "type": "visualization",
-          "id": "9422ff81-b007-4eef-aca1-1af16509ab8c"
+          "type": "search",
+          "id": "cc135a63-3e30-4703-bc31-f7ac09c1d21a"
         }
       ],
       "migrationVersion": {
@@ -72,8 +72,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -92,8 +92,8 @@
     {
       "id": "ab886b44-653f-401f-aca3-a6edb990dff7",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:38.006Z",
-      "version": "WzM0OSwxXQ==",
+      "updated_at": "2020-02-12T15:00:39.630Z",
+      "version": "WzUzMSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DNP3 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -119,8 +119,8 @@
     {
       "id": "d34dd3b3-3861-4b9b-ba39-4ca7e15b3bdd",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:38.006Z",
-      "version": "WzM1MCwxXQ==",
+      "updated_at": "2020-02-12T15:00:39.630Z",
+      "version": "WzUzMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DNP3 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -146,8 +146,8 @@
     {
       "id": "131198e7-afc4-40be-bedd-2a3a3a2d511e",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:38.006Z",
-      "version": "WzM1MSwxXQ==",
+      "updated_at": "2020-02-12T15:00:39.630Z",
+      "version": "WzUzMywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DNP3 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -170,49 +170,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "cc135a63-3e30-4703-bc31-f7ac09c1d21a",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:38.006Z",
-      "version": "WzM1MiwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "DNP3 - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:dnp3\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "5dec50f8-81f2-46f0-affd-2f945b6b7475",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:38.006Z",
-      "version": "WzM1MywxXQ==",
+      "updated_at": "2020-02-12T15:00:39.630Z",
+      "version": "WzUzNSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"DNP3 - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
         "description": "",
@@ -238,8 +200,8 @@
     {
       "id": "AWDG9DWvxQT5EBNmq3-m",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:38.006Z",
-      "version": "WzM1NCwxXQ==",
+      "updated_at": "2020-02-12T15:00:39.630Z",
+      "version": "WzUzNiwxXQ==",
       "attributes": {
         "title": "DNP3 - Log Count",
         "visState": "{\"title\":\"DNP3 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -265,8 +227,8 @@
     {
       "id": "46cd2e4c-ecfb-4fe9-ae51-28c2fecbffc0",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:38.006Z",
-      "version": "WzM1NSwxXQ==",
+      "updated_at": "2020-02-12T15:00:39.630Z",
+      "version": "WzUzNywxXQ==",
       "attributes": {
         "title": "DNP3 - Function Request",
         "visState": "{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dnp3.fc_request\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request\"}}]}",
@@ -292,8 +254,8 @@
     {
       "id": "9422ff81-b007-4eef-aca1-1af16509ab8c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:38.006Z",
-      "version": "WzM1NiwxXQ==",
+      "updated_at": "2020-02-12T15:00:39.630Z",
+      "version": "WzUzOCwxXQ==",
       "attributes": {
         "title": "DNP3 - Function Reply",
         "visState": "{\"title\":\"DNP3 - Function Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dnp3.fc_reply\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply\"}}]}",
@@ -315,6 +277,45 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "cc135a63-3e30-4703-bc31-f7ac09c1d21a",
+      "type": "search",
+      "updated_at": "2020-02-12T21:24:03.851Z",
+      "version": "WzEyNzgsMV0=",
+      "attributes": {
+        "title": "DNP3 - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_dnp3.fc_request",
+          "zeek_dnp3.fc_reply",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:dnp3\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
index 7b2cf3d40..bf2bbf959 100644
--- a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
+++ b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
@@ -4,18 +4,18 @@
     {
       "id": "87d990cc-9e0b-41e5-b8fe-b10ae1da0c85",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:40.052Z",
-      "version": "WzM3OSwxXQ==",
+      "updated_at": "2020-02-12T15:46:24.829Z",
+      "version": "Wzg1NCwxXQ==",
       "attributes": {
         "title": "Software",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":48,\"h\":40,\"x\":0,\"y\":44,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"zeek_software.name\",\"zeek_software.software_type\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":40,\"h\":36,\"x\":8,\"y\":8,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"w\":48,\"h\":40,\"x\":0,\"y\":44,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"zeek_software.name\",\"zeek_software.software_type\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"w\":40,\"h\":36,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -52,8 +52,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -72,8 +72,8 @@
     {
       "id": "097640cc-167e-453d-bf5a-0e92ac1347fc",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:40.052Z",
-      "version": "WzM3NCwxXQ==",
+      "updated_at": "2020-02-12T15:00:41.675Z",
+      "version": "WzU1NiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Software - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -99,8 +99,8 @@
     {
       "id": "7d54b196-5c2b-485e-9798-f116fb668413",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:40.052Z",
-      "version": "WzM3NSwxXQ==",
+      "updated_at": "2020-02-12T15:00:41.675Z",
+      "version": "WzU1NywxXQ==",
       "attributes": {
         "title": "Software - Logs",
         "description": "",
@@ -135,8 +135,8 @@
     {
       "id": "AWDHEKJUxQT5EBNmq4jW",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:40.052Z",
-      "version": "WzM3NiwxXQ==",
+      "updated_at": "2020-02-12T15:00:41.675Z",
+      "version": "WzU1OCwxXQ==",
       "attributes": {
         "title": "Software - Log Count",
         "visState": "{\"title\":\"Software - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -162,8 +162,8 @@
     {
       "id": "bb882862-2f74-440a-bb62-41a9dca2b463",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:40.052Z",
-      "version": "WzM3OCwxXQ==",
+      "updated_at": "2020-02-12T15:00:41.675Z",
+      "version": "WzU1OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Software - Summary\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_software.software_type\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_software.name\",\"otherBucket\":false,\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_software.version_major\",\"otherBucket\":false,\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_software.version_minor\",\"otherBucket\":false,\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}",
         "description": "",
diff --git a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
index 70795fa03..2ae5c85fa 100644
--- a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
+++ b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
@@ -4,18 +4,18 @@
     {
       "id": "92985909-dc29-4533-9e80-d3182a0ecf1d",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:41.083Z",
-      "version": "WzM4OSwxXQ==",
+      "updated_at": "2020-02-12T21:10:50.462Z",
+      "version": "WzEyNjQsMV0=",
       "attributes": {
         "title": "Syslog",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":8,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":28,\"h\":24,\"x\":8,\"y\":8,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":12,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":12,\"y\":34,\"w\":12,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":34,\"w\":12,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":13,\"h\":26,\"i\":\"d1325585-cce1-46f1-acfd-59d64a8be83a\"},\"panelIndex\":\"d1325585-cce1-46f1-acfd-59d64a8be83a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":21,\"y\":8,\"w\":27,\"h\":26,\"i\":\"2abd9c38-fd1e-44fa-b391-ead499a92787\"},\"panelIndex\":\"2abd9c38-fd1e-44fa-b391-ead499a92787\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":20,\"i\":\"13e3b050-3d67-4745-a182-b462852a67ef\"},\"panelIndex\":\"13e3b050-3d67-4745-a182-b462852a67ef\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":44,\"i\":\"59631e23-e452-40a9-a9dd-7d432278d35f\"},\"panelIndex\":\"59631e23-e452-40a9-a9dd-7d432278d35f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -31,38 +31,43 @@
         },
         {
           "name": "panel_2",
-          "type": "search",
-          "id": "7d7fd24e-51be-4040-83b3-a6630e989e2d"
+          "type": "visualization",
+          "id": "46cba2ad-03cd-4eef-8e3a-c35ac3ac1b76"
         },
         {
           "name": "panel_3",
           "type": "visualization",
-          "id": "46cba2ad-03cd-4eef-8e3a-c35ac3ac1b76"
+          "id": "f54d6418-1499-4a14-9a8e-f706249b9962"
         },
         {
           "name": "panel_4",
           "type": "visualization",
-          "id": "f54d6418-1499-4a14-9a8e-f706249b9962"
+          "id": "6a006054-309e-447f-9371-99f119d18291"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "6a006054-309e-447f-9371-99f119d18291"
+          "id": "AWDHE-_wxQT5EBNmq4n3"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "ab31bef3-9eaf-458b-8ff8-6fba232a6a06"
+          "id": "eb455420-4dda-11ea-8336-d3388483188b"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "1c50098c-be32-4f8e-bdf3-d78c0bfa2c0c"
+          "id": "343952d0-4ddb-11ea-8336-d3388483188b"
         },
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "AWDHE-_wxQT5EBNmq4n3"
+          "id": "19044160-4dda-11ea-8336-d3388483188b"
+        },
+        {
+          "name": "panel_9",
+          "type": "search",
+          "id": "7d7fd24e-51be-4040-83b3-a6630e989e2d"
         }
       ],
       "migrationVersion": {
@@ -72,8 +77,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -92,8 +97,8 @@
     {
       "id": "cf553dfa-f641-47cf-916d-041cf46a80c4",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:41.083Z",
-      "version": "WzM4MSwxXQ==",
+      "updated_at": "2020-02-12T15:00:42.701Z",
+      "version": "WzU2MiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Syslog - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -117,52 +122,41 @@
       }
     },
     {
-      "id": "7d7fd24e-51be-4040-83b3-a6630e989e2d",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:41.083Z",
-      "version": "WzM4MiwxXQ==",
+      "id": "46cba2ad-03cd-4eef-8e3a-c35ac3ac1b76",
+      "type": "visualization",
+      "updated_at": "2020-02-12T15:00:42.701Z",
+      "version": "WzU2NCwxXQ==",
       "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
+        "visState": "{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
-        "title": "Syslog (Zeek) - Logs",
+        "title": "Syslog - Source IP Address",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:syslog\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"filter\":[]}"
         },
-        "columns": [
-          "srcIp",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+        "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
+          "type": "search",
+          "name": "search_0",
+          "id": "7d7fd24e-51be-4040-83b3-a6630e989e2d"
         }
       ],
       "migrationVersion": {
-        "search": "7.4.0"
+        "visualization": "7.4.2"
       }
     },
     {
-      "id": "46cba2ad-03cd-4eef-8e3a-c35ac3ac1b76",
+      "id": "f54d6418-1499-4a14-9a8e-f706249b9962",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:41.083Z",
-      "version": "WzM4MywxXQ==",
+      "updated_at": "2020-02-12T15:00:42.701Z",
+      "version": "WzU2NSwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
+        "visState": "{\"title\":\"Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
-        "title": "Syslog - Source IP Address",
+        "title": "Syslog - Destination IP Address",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -182,15 +176,15 @@
       }
     },
     {
-      "id": "f54d6418-1499-4a14-9a8e-f706249b9962",
+      "id": "6a006054-309e-447f-9371-99f119d18291",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:41.083Z",
-      "version": "WzM4NCwxXQ==",
+      "updated_at": "2020-02-12T21:00:07.262Z",
+      "version": "WzEyNTMsMV0=",
       "attributes": {
-        "visState": "{\"title\":\"Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
-        "description": "",
-        "title": "Syslog - Destination IP Address",
+        "title": "Syslog - Destination Port",
+        "visState": "{\"title\":\"Syslog - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -199,8 +193,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "7d7fd24e-51be-4040-83b3-a6630e989e2d"
         }
       ],
@@ -209,15 +203,15 @@
       }
     },
     {
-      "id": "6a006054-309e-447f-9371-99f119d18291",
+      "id": "AWDHE-_wxQT5EBNmq4n3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:41.083Z",
-      "version": "WzM4NSwxXQ==",
+      "updated_at": "2020-02-12T15:00:42.701Z",
+      "version": "WzU2OSwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Syslog - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
+        "title": "Syslog - Log Count",
+        "visState": "{\"title\":\"Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
+        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
         "description": "",
-        "title": "Syslog - Destination Port",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -236,25 +230,25 @@
       }
     },
     {
-      "id": "ab31bef3-9eaf-458b-8ff8-6fba232a6a06",
+      "id": "eb455420-4dda-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:41.083Z",
-      "version": "WzM4NiwxXQ==",
+      "updated_at": "2020-02-12T21:02:03.362Z",
+      "version": "WzEyNTUsMV0=",
       "attributes": {
-        "visState": "{\"title\":\"Syslog - Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.proto\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}",
+        "title": "Syslog - Severity",
+        "visState": "{\"title\":\"Syslog - Severity\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Severity\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_syslog.severity\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Severity\"}}]}",
+        "uiStateJSON": "{}",
         "description": "",
-        "title": "Syslog - Protocol",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
+          "searchSourceJSON": "{}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "7d7fd24e-51be-4040-83b3-a6630e989e2d"
         }
       ],
@@ -263,25 +257,25 @@
       }
     },
     {
-      "id": "1c50098c-be32-4f8e-bdf3-d78c0bfa2c0c",
+      "id": "343952d0-4ddb-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:41.083Z",
-      "version": "WzM4NywxXQ==",
+      "updated_at": "2020-02-12T21:08:28.776Z",
+      "version": "WzEyNjIsMV0=",
       "attributes": {
-        "visState": "{\"title\":\"Syslog - Severity\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Severity\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_syslog.severity\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Severity\"}}],\"listeners\":{}}",
+        "title": "Syslog - Facility",
+        "visState": "{\"title\":\"Syslog - Facility\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Facility\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_syslog.facility\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Facility\"}}]}",
+        "uiStateJSON": "{}",
         "description": "",
-        "title": "Syslog - Severity",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":false},\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
+          "searchSourceJSON": "{}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "7d7fd24e-51be-4040-83b3-a6630e989e2d"
         }
       ],
@@ -290,31 +284,71 @@
       }
     },
     {
-      "id": "AWDHE-_wxQT5EBNmq4n3",
+      "id": "19044160-4dda-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:41.083Z",
-      "version": "WzM4OCwxXQ==",
+      "updated_at": "2020-02-12T20:56:10.614Z",
+      "version": "WzEyMzgsMV0=",
       "attributes": {
-        "title": "Syslog - Log Count",
-        "visState": "{\"title\":\"Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
-        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
+        "title": "Syslog - Protocol",
+        "visState": "{\"title\":\"Syslog - Protocol\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"IP Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.proto\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
+          "searchSourceJSON": "{}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "7d7fd24e-51be-4040-83b3-a6630e989e2d"
         }
       ],
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "7d7fd24e-51be-4040-83b3-a6630e989e2d",
+      "type": "search",
+      "updated_at": "2020-02-12T20:58:39.964Z",
+      "version": "WzEyNTEsMV0=",
+      "attributes": {
+        "title": "Syslog (Zeek) - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_syslog.severity",
+          "zeek_syslog.facility",
+          "zeek_syslog.message",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:syslog\",\"time_zone\":\"America/Denver\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index 6b2f7400b..dd31da9f5 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -191,7 +191,7 @@
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"(zeek.service:ssh AND zeek.service_version < 2) OR (zeek.service:smb AND zeek.service_version < 2) OR (zeek.service:tls AND zeek.service_version:* AND NOT zeek.service_version:(*TLS*v12* OR *TLS*v13*)) OR (zeek.service:ntp AND zeek.service_version < 4) OR (zeek.service:rfb AND zeek.service_version < 3.8) OR (zeek.service:rdp AND zeek.service_version < 6.0) OR (zeek.service:snmp AND zeek.service_version < 3) OR (zeek.service:ftp)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"(NOT zeek.logType:known*) AND ((zeek.service:ssh AND zeek.service_version < 2) OR (zeek.service:smb AND zeek.service_version < 2) OR (zeek.service:tls AND NOT zeek.service_version:(*TLS*v12* OR *TLS*v13*)) OR (zeek.service:ntp AND zeek.service_version < 4) OR (zeek.service:rfb AND zeek.service_version < 3.8) OR (zeek.service:rdp AND zeek.service_version < 6.0) OR (zeek.service:snmp AND zeek.service_version < 3) OR (zeek.service:ftp))\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
@@ -481,30 +481,29 @@
     {
       "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e",
       "type": "search",
-      "updated_at": "2020-02-04T14:20:54.154Z",
-      "version": "WzcxMiwxXQ==",
+      "updated_at": "2020-02-12T16:25:47.761Z",
+      "version": "WzkwMywxXQ==",
       "attributes": {
+        "title": "DNS - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "zeek_dns.query",
+          "zeek_dns.answers",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "DNS - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:dns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:dns\",\"time_zone\":\"America/Denver\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
index 8ec0c01af..e6e44aeae 100644
--- a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
+++ b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
@@ -4,18 +4,18 @@
     {
       "id": "9ee51f94-3316-4fc5-bd89-93a52af69714",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:42.110Z",
-      "version": "WzQwMCwxXQ==",
+      "updated_at": "2020-02-12T15:38:15.432Z",
+      "version": "Wzg0MSwxXQ==",
       "attributes": {
         "title": "Files",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"zeek_files.tx_hosts\",\"dstIp\",\"zeek_files.source\",\"zeek.uid\",\"zeek.fuid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":48,\"i\":\"7\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":48,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"12\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":43,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":24,\"w\":20,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":43,\"w\":16,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":43,\"w\":16,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":16,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":43,\"w\":16,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":24,\"w\":20,\"h\":19,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":63,\"w\":48,\"h\":35,\"i\":\"8e4863be-7d69-4354-9eb4-4e30a7c983d6\"},\"panelIndex\":\"8e4863be-7d69-4354-9eb4-4e30a7c983d6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -31,43 +31,43 @@
         },
         {
           "name": "panel_2",
-          "type": "search",
-          "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459"
+          "type": "visualization",
+          "id": "66d5d357-edce-450d-b5be-a5a00190e153"
         },
         {
           "name": "panel_3",
           "type": "visualization",
-          "id": "66d5d357-edce-450d-b5be-a5a00190e153"
+          "id": "d3a0ac2e-73cf-462e-8b03-e6ff3b8612b7"
         },
         {
           "name": "panel_4",
           "type": "visualization",
-          "id": "d3a0ac2e-73cf-462e-8b03-e6ff3b8612b7"
+          "id": "9ba4473b-66f4-4aea-b19e-4309ec6534b8"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "9ba4473b-66f4-4aea-b19e-4309ec6534b8"
+          "id": "4474edda-47f0-4b74-b5d2-cbf012368c59"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "4474edda-47f0-4b74-b5d2-cbf012368c59"
+          "id": "b1cb0275-a84e-4ef3-ad40-b2b773be43ff"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "b1cb0275-a84e-4ef3-ad40-b2b773be43ff"
+          "id": "AWDG9goqxQT5EBNmq4BP"
         },
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "AWDG9goqxQT5EBNmq4BP"
+          "id": "5a4e8261-d65c-4b36-b3f4-5c272f18990f"
         },
         {
           "name": "panel_9",
-          "type": "visualization",
-          "id": "5a4e8261-d65c-4b36-b3f4-5c272f18990f"
+          "type": "search",
+          "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459"
         }
       ],
       "migrationVersion": {
@@ -77,8 +77,8 @@
     {
       "id": "aaa4fbb0-d5fe-4ef9-be76-405b977bcd5b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:42.110Z",
-      "version": "WzM5MCwxXQ==",
+      "updated_at": "2020-02-12T15:00:44.752Z",
+      "version": "WzU4NywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Files - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -104,8 +104,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -121,50 +121,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:42.110Z",
-      "version": "WzM5MiwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "Files - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:files\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "zeek_files.tx_hosts",
-          "dstIp",
-          "zeek_files.source",
-          "zeek.uid",
-          "zeek.fuid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "66d5d357-edce-450d-b5be-a5a00190e153",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:42.110Z",
-      "version": "WzM5MywxXQ==",
+      "updated_at": "2020-02-12T15:00:44.752Z",
+      "version": "WzU5MCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Files - Files By Size (Bytes)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_files.seen_bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Bytes Seen\"}}],\"listeners\":{}}",
         "description": "",
@@ -190,8 +151,8 @@
     {
       "id": "d3a0ac2e-73cf-462e-8b03-e6ff3b8612b7",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:42.110Z",
-      "version": "WzM5NCwxXQ==",
+      "updated_at": "2020-02-12T15:00:44.752Z",
+      "version": "WzU5MSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"FIles - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -217,8 +178,8 @@
     {
       "id": "9ba4473b-66f4-4aea-b19e-4309ec6534b8",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:42.110Z",
-      "version": "WzM5NSwxXQ==",
+      "updated_at": "2020-02-12T15:00:44.752Z",
+      "version": "WzU5MiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"FIles - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_files.tx_hosts\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -244,8 +205,8 @@
     {
       "id": "4474edda-47f0-4b74-b5d2-cbf012368c59",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:42.110Z",
-      "version": "WzM5NiwxXQ==",
+      "updated_at": "2020-02-12T15:00:44.752Z",
+      "version": "WzU5MywxXQ==",
       "attributes": {
         "title": "Files - MIME Type",
         "visState": "{\"title\":\"Files - MIME Type\",\"type\":\"histogram\",\"params\":{\"addLegend\":false,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"MIME Type\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_files.mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}]}",
@@ -271,8 +232,8 @@
     {
       "id": "b1cb0275-a84e-4ef3-ad40-b2b773be43ff",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:42.110Z",
-      "version": "WzM5NywxXQ==",
+      "updated_at": "2020-02-12T15:00:44.752Z",
+      "version": "WzU5NCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"FIles - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_files.mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}",
         "description": "",
@@ -298,8 +259,8 @@
     {
       "id": "AWDG9goqxQT5EBNmq4BP",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:42.110Z",
-      "version": "WzM5OCwxXQ==",
+      "updated_at": "2020-02-12T15:00:44.752Z",
+      "version": "WzU5NSwxXQ==",
       "attributes": {
         "title": "Files - Log Count",
         "visState": "{\"title\":\"Files - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -325,8 +286,8 @@
     {
       "id": "5a4e8261-d65c-4b36-b3f4-5c272f18990f",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:42.110Z",
-      "version": "WzM5OSwxXQ==",
+      "updated_at": "2020-02-12T15:00:44.752Z",
+      "version": "WzU5NiwxXQ==",
       "attributes": {
         "title": "Files - Source",
         "visState": "{\"title\":\"Files - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_files.source\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}",
@@ -348,6 +309,45 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459",
+      "type": "search",
+      "updated_at": "2020-02-12T15:36:31.616Z",
+      "version": "Wzg0MCwxXQ==",
+      "attributes": {
+        "title": "Files - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek_files.tx_hosts",
+          "dstIp",
+          "zeek_files.source",
+          "zeek_files.mime_type",
+          "zeek.uid",
+          "zeek.fuid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:files\",\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
index 5e9fbf234..0ff0fb0b6 100644
--- a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
@@ -4,18 +4,18 @@
     {
       "id": "a7514350-eba6-11e9-a384-0fcf32210194",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:44.165Z",
-      "version": "WzQxNywxXQ==",
+      "updated_at": "2020-02-12T21:37:07.159Z",
+      "version": "WzEyOTIsMV0=",
       "attributes": {
         "title": "PROFINET",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":69,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":69,\"w\":48,\"h\":34,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":50,\"w\":19,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":50,\"w\":20,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":19,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":27,\"y\":33,\"w\":21,\"h\":17,\"i\":\"10\"},\"version\":\"7.6.0\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":69,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":69,\"w\":48,\"h\":34,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":50,\"w\":19,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":27,\"y\":50,\"w\":21,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":33,\"w\":19,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":27,\"y\":33,\"w\":21,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -77,8 +77,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -97,8 +97,8 @@
     {
       "id": "bf41a680-eba6-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:44.165Z",
-      "version": "WzQwNiwxXQ==",
+      "updated_at": "2020-02-12T15:00:46.801Z",
+      "version": "WzYwMywxXQ==",
       "attributes": {
         "title": "PROFINET - Log Count",
         "visState": "{\"title\":\"PROFINET - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Log Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.logType\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}",
@@ -128,8 +128,8 @@
     {
       "id": "fcf95d10-eba6-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:44.165Z",
-      "version": "WzQwNywxXQ==",
+      "updated_at": "2020-02-12T15:00:46.801Z",
+      "version": "WzYwNCwxXQ==",
       "attributes": {
         "title": "PROFINET - Logs Over Time",
         "visState": "{\"title\":\"PROFINET - Logs Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\",\"mode\":\"relative\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.logType\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}",
@@ -159,8 +159,8 @@
     {
       "id": "a0a10870-eba5-11e9-a384-0fcf32210194",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:44.165Z",
-      "version": "WzQwOCwxXQ==",
+      "updated_at": "2020-02-12T15:00:46.801Z",
+      "version": "WzYwNSwxXQ==",
       "attributes": {
         "title": "PROFINET and Related - Logs",
         "description": "",
@@ -200,8 +200,8 @@
     {
       "id": "ec42baa0-eba8-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:44.165Z",
-      "version": "WzQwOSwxXQ==",
+      "updated_at": "2020-02-12T15:00:46.801Z",
+      "version": "WzYwNiwxXQ==",
       "attributes": {
         "title": "PROFINET - Source IP",
         "visState": "{\"title\":\"PROFINET - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcPort\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}",
@@ -227,8 +227,8 @@
     {
       "id": "0957f330-eba9-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:44.165Z",
-      "version": "WzQxMCwxXQ==",
+      "updated_at": "2020-02-12T15:00:46.801Z",
+      "version": "WzYwNywxXQ==",
       "attributes": {
         "title": "PROFINET - Destination IP",
         "visState": "{\"title\":\"PROFINET - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}",
@@ -254,8 +254,8 @@
     {
       "id": "41f36a70-ebaa-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:44.165Z",
-      "version": "WzQxMSwxXQ==",
+      "updated_at": "2020-02-12T15:00:46.801Z",
+      "version": "WzYwOCwxXQ==",
       "attributes": {
         "title": "PROFINET - Operation",
         "visState": "{\"title\":\"PROFINET - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_profinet.operation_type\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_profinet.index\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}}]}",
@@ -281,8 +281,8 @@
     {
       "id": "9dccb5f0-eba9-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:44.165Z",
-      "version": "WzQxMiwxXQ==",
+      "updated_at": "2020-02-12T15:00:46.801Z",
+      "version": "WzYwOSwxXQ==",
       "attributes": {
         "title": "PROFINET - Operation Details",
         "visState": "{\"title\":\"PROFINET - Operation Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_profinet.operation_type\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_profinet.index\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_profinet.slot_number\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Slot\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_profinet.subslot_number\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Subslot\"}}]}",
@@ -308,8 +308,8 @@
     {
       "id": "17319090-ebab-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:44.165Z",
-      "version": "WzQxMywxXQ==",
+      "updated_at": "2020-02-12T15:00:46.801Z",
+      "version": "WzYxMCwxXQ==",
       "attributes": {
         "title": "PROFINET DCE/RPC - Operation",
         "visState": "{\"title\":\"PROFINET DCE/RPC - Operation\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_profinet_dce_rpc.operation\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation\"}}]}",
@@ -335,8 +335,8 @@
     {
       "id": "8022cc90-ebab-11e9-a384-0fcf32210194",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:44.165Z",
-      "version": "WzQxNCwxXQ==",
+      "updated_at": "2020-02-12T15:00:46.801Z",
+      "version": "WzYxMSwxXQ==",
       "attributes": {
         "title": "PROFINET DCE/RPC - Packet Type",
         "visState": "{\"title\":\"PROFINET DCE/RPC - Packet Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_profinet_dce_rpc.packet_type\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Packet Type\"}}]}",
@@ -362,8 +362,8 @@
     {
       "id": "8524e670-eba5-11e9-a384-0fcf32210194",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:44.165Z",
-      "version": "WzQxNSwxXQ==",
+      "updated_at": "2020-02-12T15:00:46.801Z",
+      "version": "WzYxMiwxXQ==",
       "attributes": {
         "title": "PROFINET - Logs",
         "description": "",
@@ -403,8 +403,8 @@
     {
       "id": "96d31d60-eba5-11e9-a384-0fcf32210194",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:44.165Z",
-      "version": "WzQxNiwxXQ==",
+      "updated_at": "2020-02-12T15:00:46.801Z",
+      "version": "WzYxMywxXQ==",
       "attributes": {
         "title": "PROFINET DCE/RPC - Logs",
         "description": "",
diff --git a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
index 39858ea57..656166967 100644
--- a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
+++ b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
@@ -4,18 +4,18 @@
     {
       "id": "ae79b7d1-4281-4095-b2f6-fa7eafda9970",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:46.215Z",
-      "version": "WzQ1NSwxXQ==",
+      "updated_at": "2020-02-12T18:23:50.969Z",
+      "version": "WzEwMjYsMV0=",
       "attributes": {
         "title": "RADIUS",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":24,\"i\":\"9\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"12\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"15\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"panelIndex\":\"16\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":49,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":22,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":49,\"w\":24,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":49,\"w\":24,\"h\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":22,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":35,\"i\":\"1422b8a5-559d-4c37-91aa-cc36a293ddff\"},\"panelIndex\":\"1422b8a5-559d-4c37-91aa-cc36a293ddff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}"
         }
       },
       "references": [
@@ -51,28 +51,28 @@
         },
         {
           "name": "panel_6",
-          "type": "search",
-          "id": "33bc7949-5692-4044-9e3c-0791dc7d70c0"
+          "type": "visualization",
+          "id": "df8a9a16-7dc6-4004-91c0-337d7c7d6b4c"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "df8a9a16-7dc6-4004-91c0-337d7c7d6b4c"
+          "id": "AWDHCgWzxQT5EBNmq4Y5"
         },
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "AWDHCgWzxQT5EBNmq4Y5"
+          "id": "56f04556-a0c9-4b82-878b-8d5d9f29edd6"
         },
         {
           "name": "panel_9",
           "type": "visualization",
-          "id": "56f04556-a0c9-4b82-878b-8d5d9f29edd6"
+          "id": "0299c83a-bd6c-40e6-bd18-01ee324ae7b0"
         },
         {
           "name": "panel_10",
-          "type": "visualization",
-          "id": "0299c83a-bd6c-40e6-bd18-01ee324ae7b0"
+          "type": "search",
+          "id": "33bc7949-5692-4044-9e3c-0791dc7d70c0"
         }
       ],
       "migrationVersion": {
@@ -82,8 +82,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -102,8 +102,8 @@
     {
       "id": "4a3b4d78-6adc-4e6f-a7ae-180c6a58e49f",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:46.215Z",
-      "version": "WzQ0NSwxXQ==",
+      "updated_at": "2020-02-12T15:00:48.864Z",
+      "version": "WzY0MywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RADIUS - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -129,8 +129,8 @@
     {
       "id": "799ed170-b759-4b14-8a05-8fbdb356ec0e",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:46.215Z",
-      "version": "WzQ0NiwxXQ==",
+      "updated_at": "2020-02-12T15:00:48.864Z",
+      "version": "WzY0NCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RADIUS - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -156,8 +156,8 @@
     {
       "id": "6f92b5d9-82b3-477f-9cd5-a68d62a2c804",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:46.215Z",
-      "version": "WzQ0NywxXQ==",
+      "updated_at": "2020-02-12T15:00:48.864Z",
+      "version": "WzY0NSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RADIUS - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -183,8 +183,8 @@
     {
       "id": "45e768b2-e4b3-4e3f-8f1f-9a9300dedce6",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:46.215Z",
-      "version": "WzQ0OCwxXQ==",
+      "updated_at": "2020-02-12T15:00:48.864Z",
+      "version": "WzY0NiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RADIUS - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_radius.mac\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -210,8 +210,8 @@
     {
       "id": "5d64df1a-dc17-475a-ac3b-99e5c4c244f6",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:46.215Z",
-      "version": "WzQ0OSwxXQ==",
+      "updated_at": "2020-02-12T15:00:48.864Z",
+      "version": "WzY0NywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RADIUS - Connection Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_radius.connect_info\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection Info\"}}],\"listeners\":{}}",
         "description": "",
@@ -234,50 +234,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "33bc7949-5692-4044-9e3c-0791dc7d70c0",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:46.215Z",
-      "version": "WzQ1MCwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "RADIUS - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:radius\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "df8a9a16-7dc6-4004-91c0-337d7c7d6b4c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:46.215Z",
-      "version": "WzQ1MSwxXQ==",
+      "updated_at": "2020-02-12T15:00:48.864Z",
+      "version": "WzY0OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RADIUS - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
         "description": "",
@@ -303,8 +264,8 @@
     {
       "id": "AWDHCgWzxQT5EBNmq4Y5",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:46.215Z",
-      "version": "WzQ1MiwxXQ==",
+      "updated_at": "2020-02-12T15:00:48.864Z",
+      "version": "WzY1MCwxXQ==",
       "attributes": {
         "title": "RADIUS - Log Count",
         "visState": "{\"title\":\"RADIUS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -330,8 +291,8 @@
     {
       "id": "56f04556-a0c9-4b82-878b-8d5d9f29edd6",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:46.215Z",
-      "version": "WzQ1MywxXQ==",
+      "updated_at": "2020-02-12T15:00:48.864Z",
+      "version": "WzY1MSwxXQ==",
       "attributes": {
         "title": "RADIUS - Username",
         "visState": "{\"title\":\"RADIUS - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.user\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}",
@@ -357,8 +318,8 @@
     {
       "id": "0299c83a-bd6c-40e6-bd18-01ee324ae7b0",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:46.215Z",
-      "version": "WzQ1NCwxXQ==",
+      "updated_at": "2020-02-12T15:00:48.864Z",
+      "version": "WzY1MiwxXQ==",
       "attributes": {
         "title": "RADIUS - Authentication Result",
         "visState": "{\"title\":\"RADIUS - Authentication Result\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_radius.result\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
@@ -380,6 +341,47 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "33bc7949-5692-4044-9e3c-0791dc7d70c0",
+      "type": "search",
+      "updated_at": "2020-02-12T18:23:26.526Z",
+      "version": "WzEwMjUsMV0=",
+      "attributes": {
+        "title": "RADIUS - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek.user",
+          "zeek_radius.mac",
+          "zeek_radius.framed_addr",
+          "zeek_radius.result",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:radius\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
index 09d5dcc90..06c0bde06 100644
--- a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
+++ b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
@@ -4,18 +4,18 @@
     {
       "id": "bb827f8e-639e-468c-93c8-9f5bc132eb8f",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ5MCwxXQ==",
+      "updated_at": "2020-02-12T19:41:07.956Z",
+      "version": "WzExNDYsMV0=",
       "attributes": {
         "title": "SMTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":80,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":80,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":16,\"y\":56,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":104,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":20,\"i\":\"17\"},\"panelIndex\":\"17\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":20,\"i\":\"18\"},\"panelIndex\":\"18\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":56,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"20\"},\"panelIndex\":\"20\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":40,\"x\":8,\"y\":23},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"7\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"9\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"10\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"11\",\"w\":10,\"x\":28,\"y\":8},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":13,\"x\":0,\"y\":65},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"14\",\"w\":13,\"x\":13,\"y\":65},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":22,\"x\":26,\"y\":65},\"panelIndex\":\"16\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"19\",\"w\":8,\"x\":0,\"y\":29},\"panelIndex\":\"19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"20\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"20\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"633e2c8c-ef8e-48b1-b0a4-546a5adff4e4\",\"w\":10,\"x\":38,\"y\":8},\"panelIndex\":\"633e2c8c-ef8e-48b1-b0a4-546a5adff4e4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":40,\"i\":\"10319c5c-00bb-41a9-bbab-010e21fd4dfb\",\"w\":48,\"x\":0,\"y\":85},\"panelIndex\":\"10319c5c-00bb-41a9-bbab-010e21fd4dfb\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -66,33 +66,28 @@
         },
         {
           "name": "panel_9",
-          "type": "search",
-          "id": "c999cb1b-03c8-446e-92ea-addad33ac1ff"
+          "type": "visualization",
+          "id": "d622d8f0-64ce-45a6-8d66-9b04ddea2548"
         },
         {
           "name": "panel_10",
           "type": "visualization",
-          "id": "d622d8f0-64ce-45a6-8d66-9b04ddea2548"
+          "id": "70d51476-219d-4792-b5fd-aee9992e1345"
         },
         {
           "name": "panel_11",
           "type": "visualization",
-          "id": "bb1b9db7-3932-435c-b9bb-cdeaa004019b"
+          "id": "AWDHDsr0xQT5EBNmq4gw"
         },
         {
           "name": "panel_12",
           "type": "visualization",
-          "id": "30588ef1-65cf-46e5-bca7-79112123d6b6"
+          "id": "38de7940-4dcd-11ea-8336-d3388483188b"
         },
         {
           "name": "panel_13",
-          "type": "visualization",
-          "id": "70d51476-219d-4792-b5fd-aee9992e1345"
-        },
-        {
-          "name": "panel_14",
-          "type": "visualization",
-          "id": "AWDHDsr0xQT5EBNmq4gw"
+          "type": "search",
+          "id": "c999cb1b-03c8-446e-92ea-addad33ac1ff"
         }
       ],
       "migrationVersion": {
@@ -102,8 +97,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -122,8 +117,8 @@
     {
       "id": "815aba5e-16e2-4fa1-ab37-b09c39562fe4",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ3NiwxXQ==",
+      "updated_at": "2020-02-12T15:00:52.948Z",
+      "version": "WzY3NCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -149,8 +144,8 @@
     {
       "id": "63a89f9a-274c-4baa-9336-0d7cd6851bb6",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ3NywxXQ==",
+      "updated_at": "2020-02-12T15:00:52.948Z",
+      "version": "WzY3NSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smtp.subject\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SMTP\"}}],\"listeners\":{}}",
         "description": "",
@@ -176,11 +171,11 @@
     {
       "id": "7e16fa6b-1793-4dcd-a19b-ff251bbd0265",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ3OCwxXQ==",
+      "updated_at": "2020-02-12T19:21:30.644Z",
+      "version": "WzExMTksMV0=",
       "attributes": {
         "title": "SMTP  - Destination Country",
-        "visState": "{\"title\":\"SMTP  - Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}",
+        "visState": "{\"title\":\"SMTP  - Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Country\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -191,8 +186,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "c999cb1b-03c8-446e-92ea-addad33ac1ff"
         }
       ],
@@ -203,8 +198,8 @@
     {
       "id": "de856f53-42d1-4ffc-8182-5f275cf40006",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ3OSwxXQ==",
+      "updated_at": "2020-02-12T15:00:52.948Z",
+      "version": "WzY3NywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smtp.mailfrom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -230,8 +225,8 @@
     {
       "id": "45314b56-b8ba-4a89-9cb0-8d2a0e7ebd2e",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ4MCwxXQ==",
+      "updated_at": "2020-02-12T15:00:52.948Z",
+      "version": "WzY3OCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMTP - \\\"To\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smtp.rcptto\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"To\\\" Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -257,13 +252,13 @@
     {
       "id": "77e86ab5-725a-4512-8c05-5250529b4385",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ4MSwxXQ==",
+      "updated_at": "2020-02-12T19:22:32.887Z",
+      "version": "WzExMjIsMV0=",
       "attributes": {
-        "visState": "{\"title\":\"SMTP - TLS\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_smtp.tls\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
-        "description": "",
         "title": "SMTP - TLS",
-        "uiStateJSON": "{}",
+        "visState": "{\"title\":\"SMTP - TLS\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Using TLS\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_smtp.tls\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Using TLS\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -272,8 +267,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "c999cb1b-03c8-446e-92ea-addad33ac1ff"
         }
       ],
@@ -284,8 +279,8 @@
     {
       "id": "ab85a06b-e513-4c8b-b80b-7283f5f1b066",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ4MiwxXQ==",
+      "updated_at": "2020-02-12T15:00:52.948Z",
+      "version": "WzY4MCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -311,8 +306,8 @@
     {
       "id": "ceaa93c5-1a76-469b-b3b3-bf4f9d6315c5",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ4MywxXQ==",
+      "updated_at": "2020-02-12T15:00:52.948Z",
+      "version": "WzY4MSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -335,50 +330,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "c999cb1b-03c8-446e-92ea-addad33ac1ff",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ4NCwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "SMTP - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:smtp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "d622d8f0-64ce-45a6-8d66-9b04ddea2548",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ4NSwxXQ==",
+      "updated_at": "2020-02-12T15:00:52.948Z",
+      "version": "WzY4MywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smtp.user_agent\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
         "description": "",
@@ -402,15 +358,15 @@
       }
     },
     {
-      "id": "bb1b9db7-3932-435c-b9bb-cdeaa004019b",
+      "id": "70d51476-219d-4792-b5fd-aee9992e1345",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ4NiwxXQ==",
+      "updated_at": "2020-02-12T19:26:48.647Z",
+      "version": "WzExMjgsMV0=",
       "attributes": {
-        "visState": "{\"title\":\"SMTP - Webmail - True/False\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Webmail\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_smtp.is_webmail\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Webmail\"}}],\"listeners\":{}}",
+        "title": "SMTP - Destination Port",
+        "visState": "{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "description": "",
-        "title": "SMTP - Webmail - True/False",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -419,8 +375,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "c999cb1b-03c8-446e-92ea-addad33ac1ff"
         }
       ],
@@ -429,15 +385,15 @@
       }
     },
     {
-      "id": "30588ef1-65cf-46e5-bca7-79112123d6b6",
+      "id": "AWDHDsr0xQT5EBNmq4gw",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ4NywxXQ==",
+      "updated_at": "2020-02-12T15:00:52.948Z",
+      "version": "WzY4NywxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"SMTP - TLS - True/False\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"TLS\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_smtp.tls\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS\"}}],\"listeners\":{}}",
+        "title": "SMTP - Log Count",
+        "visState": "{\"title\":\"SMTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
+        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
         "description": "",
-        "title": "SMTP - TLS - True/False",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -456,15 +412,15 @@
       }
     },
     {
-      "id": "70d51476-219d-4792-b5fd-aee9992e1345",
+      "id": "38de7940-4dcd-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ4OCwxXQ==",
+      "updated_at": "2020-02-12T19:24:00.595Z",
+      "version": "WzExMjQsMV0=",
       "attributes": {
-        "visState": "{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
+        "title": "SMTP - Webmail",
+        "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Is Webmail\",\"field\":\"zeek_smtp.is_webmail\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Unknown\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/kibana\",\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\"}}},\"label\":\"Using TLS\",\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}},\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":true,\"truncate\":100,\"values\":false},\"legendPosition\":\"right\",\"type\":\"pie\"},\"title\":\"SMTP - Webmail\",\"type\":\"pie\"}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
-        "title": "SMTP - Destination Port",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -473,8 +429,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "c999cb1b-03c8-446e-92ea-addad33ac1ff"
         }
       ],
@@ -483,30 +439,43 @@
       }
     },
     {
-      "id": "AWDHDsr0xQT5EBNmq4gw",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:50.306Z",
-      "version": "WzQ4OSwxXQ==",
+      "id": "c999cb1b-03c8-446e-92ea-addad33ac1ff",
+      "type": "search",
+      "updated_at": "2020-02-12T19:39:39.650Z",
+      "version": "WzExNDMsMV0=",
       "attributes": {
-        "title": "SMTP - Log Count",
-        "visState": "{\"title\":\"SMTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
-        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
+        "title": "SMTP - Logs",
         "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek_smtp.x_originating_ip",
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_smtp.mailfrom",
+          "zeek_smtp.user_agent",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:smtp\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
-          "type": "search",
-          "name": "search_0",
-          "id": "c999cb1b-03c8-446e-92ea-addad33ac1ff"
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
         }
       ],
       "migrationVersion": {
-        "visualization": "7.4.2"
+        "search": "7.4.0"
       }
     }
   ]
diff --git a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
index 0123b019e..f497e2128 100644
--- a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
+++ b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
@@ -4,18 +4,18 @@
     {
       "id": "caef3ade-d289-4d05-a511-149f3e97f238",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:52.344Z",
-      "version": "WzUxMCwxXQ==",
+      "updated_at": "2020-02-12T20:23:39.553Z",
+      "version": "WzExOTcsMV0=",
       "attributes": {
         "title": "SSH",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":24,\"i\":\"12\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"13\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":24,\"i\":\"13\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":8,\"y\":8,\"w\":28,\"h\":24,\"i\":\"15\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":30,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":30,\"w\":17,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":17,\"y\":30,\"w\":17,\"h\":22,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":34,\"y\":30,\"w\":14,\"h\":22,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":52,\"w\":18,\"h\":21,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":8,\"w\":28,\"h\":22,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":22,\"i\":\"1becdc6f-a3f4-46f7-b5b0-72a67a679e0f\"},\"panelIndex\":\"1becdc6f-a3f4-46f7-b5b0-72a67a679e0f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":18,\"y\":52,\"w\":15,\"h\":21,\"i\":\"68d1576b-a947-46f9-a99d-b951a09a95c7\"},\"panelIndex\":\"68d1576b-a947-46f9-a99d-b951a09a95c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":33,\"y\":52,\"w\":15,\"h\":21,\"i\":\"4a419bd4-4f84-446b-b269-1f6f1c2c27fe\"},\"panelIndex\":\"4a419bd4-4f84-446b-b269-1f6f1c2c27fe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":24,\"h\":21,\"i\":\"db42e16c-0961-4dda-a58a-dd44b5197bcf\"},\"panelIndex\":\"db42e16c-0961-4dda-a58a-dd44b5197bcf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":73,\"w\":24,\"h\":21,\"i\":\"26424c79-7bf6-45f0-bf5c-ca687818490b\"},\"panelIndex\":\"26424c79-7bf6-45f0-bf5c-ca687818490b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":94,\"w\":48,\"h\":36,\"i\":\"4afc3dad-4ba2-4e21-9f31-87453145b668\"},\"panelIndex\":\"4afc3dad-4ba2-4e21-9f31-87453145b668\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -41,33 +41,53 @@
         },
         {
           "name": "panel_4",
-          "type": "search",
-          "id": "88a40703-9791-4f96-bc06-992f96c9b350"
+          "type": "visualization",
+          "id": "1b6d266e-e726-4fcb-b752-6cf55322c900"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "1b6d266e-e726-4fcb-b752-6cf55322c900"
+          "id": "4d7cb8d4-9f67-4469-b3f5-74d6fb942d35"
         },
         {
           "name": "panel_6",
           "type": "visualization",
-          "id": "78fd6107-9ac0-4415-b1ff-55da745835c8"
+          "id": "AWDHEYk4xQT5EBNmq4k5"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "4d7cb8d4-9f67-4469-b3f5-74d6fb942d35"
+          "id": "35ca43f9-14cc-4266-8a55-25f859530ba2"
         },
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "AWDHEYk4xQT5EBNmq4k5"
+          "id": "eba2e900-4dd0-11ea-8336-d3388483188b"
         },
         {
           "name": "panel_9",
           "type": "visualization",
-          "id": "35ca43f9-14cc-4266-8a55-25f859530ba2"
+          "id": "baa06220-4dd4-11ea-8336-d3388483188b"
+        },
+        {
+          "name": "panel_10",
+          "type": "visualization",
+          "id": "90422180-4dd4-11ea-8336-d3388483188b"
+        },
+        {
+          "name": "panel_11",
+          "type": "visualization",
+          "id": "3760b940-4dd5-11ea-8336-d3388483188b"
+        },
+        {
+          "name": "panel_12",
+          "type": "visualization",
+          "id": "562d3ec0-4dd5-11ea-8336-d3388483188b"
+        },
+        {
+          "name": "panel_13",
+          "type": "search",
+          "id": "88a40703-9791-4f96-bc06-992f96c9b350"
         }
       ],
       "migrationVersion": {
@@ -77,8 +97,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -97,8 +117,8 @@
     {
       "id": "14e6c4af-72c5-4ce3-94fc-0cb1d501af96",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:52.344Z",
-      "version": "WzUwMSwxXQ==",
+      "updated_at": "2020-02-12T15:00:55.035Z",
+      "version": "WzY5OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSH - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -124,8 +144,8 @@
     {
       "id": "17a08d5e-7ee7-43ed-b7f4-eaed153bdb7d",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:52.344Z",
-      "version": "WzUwMiwxXQ==",
+      "updated_at": "2020-02-12T15:00:55.035Z",
+      "version": "WzcwMCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSH - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -151,8 +171,8 @@
     {
       "id": "71ef0954-81c5-4953-b455-f996b21e8f08",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:52.344Z",
-      "version": "WzUwMywxXQ==",
+      "updated_at": "2020-02-12T15:00:55.035Z",
+      "version": "WzcwMSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -176,53 +196,41 @@
       }
     },
     {
-      "id": "88a40703-9791-4f96-bc06-992f96c9b350",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:52.344Z",
-      "version": "WzUwNCwxXQ==",
+      "id": "1b6d266e-e726-4fcb-b752-6cf55322c900",
+      "type": "visualization",
+      "updated_at": "2020-02-12T15:00:55.035Z",
+      "version": "WzcwMywxXQ==",
       "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
+        "visState": "{\"title\":\"SSH - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
         "description": "",
-        "title": "SSH - Logs",
+        "title": "SSH - Destination Port",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:ssh\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"filter\":[]}"
         },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+        "savedSearchRefName": "search_0"
       },
       "references": [
         {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
+          "type": "search",
+          "name": "search_0",
+          "id": "88a40703-9791-4f96-bc06-992f96c9b350"
         }
       ],
       "migrationVersion": {
-        "search": "7.4.0"
+        "visualization": "7.4.2"
       }
     },
     {
-      "id": "1b6d266e-e726-4fcb-b752-6cf55322c900",
+      "id": "4d7cb8d4-9f67-4469-b3f5-74d6fb942d35",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:52.344Z",
-      "version": "WzUwNSwxXQ==",
+      "updated_at": "2020-02-12T15:00:55.035Z",
+      "version": "WzcwNSwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"SSH - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
+        "visState": "{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssh.client\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssh.server\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}",
         "description": "",
-        "title": "SSH - Destination Port",
+        "title": "SSH - Client/Server",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -242,15 +250,15 @@
       }
     },
     {
-      "id": "78fd6107-9ac0-4415-b1ff-55da745835c8",
+      "id": "AWDHEYk4xQT5EBNmq4k5",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:52.344Z",
-      "version": "WzUwNiwxXQ==",
+      "updated_at": "2020-02-12T15:00:55.035Z",
+      "version": "WzcwNiwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"SSH - Authentication Success\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Authentication Success\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssh.auth_success\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Success\"}}],\"listeners\":{}}",
+        "title": "SSH - Log Count",
+        "visState": "{\"title\":\"SSH - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
+        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
         "description": "",
-        "title": "SSH - Authentication Success",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -269,18 +277,18 @@
       }
     },
     {
-      "id": "4d7cb8d4-9f67-4469-b3f5-74d6fb942d35",
+      "id": "35ca43f9-14cc-4266-8a55-25f859530ba2",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:52.344Z",
-      "version": "WzUwNywxXQ==",
+      "updated_at": "2020-02-12T15:00:55.035Z",
+      "version": "WzcwNywxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssh.client\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssh.server\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}",
-        "description": "",
-        "title": "SSH - Client/Server",
+        "title": "SSH -Server",
+        "visState": "{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssh.server\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
+          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
         },
         "savedSearchRefName": "search_0"
       },
@@ -296,25 +304,79 @@
       }
     },
     {
-      "id": "AWDHEYk4xQT5EBNmq4k5",
+      "id": "eba2e900-4dd0-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:52.344Z",
-      "version": "WzUwOCwxXQ==",
+      "updated_at": "2020-02-12T19:50:29.007Z",
+      "version": "WzExNjUsMV0=",
       "attributes": {
-        "title": "SSH - Log Count",
-        "visState": "{\"title\":\"SSH - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
-        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
+        "title": "SSH - Version",
+        "visState": "{\"title\":\"SSH - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"SSH Version\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssh.version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"SSH Version\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
+          "searchSourceJSON": "{}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "88a40703-9791-4f96-bc06-992f96c9b350"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "baa06220-4dd4-11ea-8336-d3388483188b",
+      "type": "visualization",
+      "updated_at": "2020-02-12T20:17:44.770Z",
+      "version": "WzExODgsMV0=",
+      "attributes": {
+        "title": "SSH - Client Algorithms",
+        "visState": "{\"title\":\"SSH - Client Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Algorithms Offered by Server\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssh.hasshAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Client\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
+          "name": "search_0",
           "type": "search",
+          "id": "88a40703-9791-4f96-bc06-992f96c9b350"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "90422180-4dd4-11ea-8336-d3388483188b",
+      "type": "visualization",
+      "updated_at": "2020-02-12T20:17:00.578Z",
+      "version": "WzExODcsMV0=",
+      "attributes": {
+        "title": "SSH - Server Algorithms",
+        "visState": "{\"title\":\"SSH - Server Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Algorithms Offered by Client\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssh.hasshServerAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Server\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
           "name": "search_0",
+          "type": "search",
           "id": "88a40703-9791-4f96-bc06-992f96c9b350"
         }
       ],
@@ -323,31 +385,99 @@
       }
     },
     {
-      "id": "35ca43f9-14cc-4266-8a55-25f859530ba2",
+      "id": "3760b940-4dd5-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:52.344Z",
-      "version": "WzUwOSwxXQ==",
+      "updated_at": "2020-02-12T20:22:30.387Z",
+      "version": "WzExOTQsMV0=",
       "attributes": {
-        "title": "SSH -Server",
-        "visState": "{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssh.server\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}",
+        "title": "SSH - HASSH Client Hash",
+        "visState": "{\"title\":\"SSH - HASSH Client Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssh.hassh\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Client Hash\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+          "searchSourceJSON": "{}"
         },
         "savedSearchRefName": "search_0"
       },
       "references": [
         {
+          "name": "search_0",
           "type": "search",
+          "id": "88a40703-9791-4f96-bc06-992f96c9b350"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "562d3ec0-4dd5-11ea-8336-d3388483188b",
+      "type": "visualization",
+      "updated_at": "2020-02-12T20:22:05.740Z",
+      "version": "WzExOTMsMV0=",
+      "attributes": {
+        "title": "SSH - HASSH Server Hash",
+        "visState": "{\"title\":\"SSH - HASSH Server Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssh.hasshServer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Server Hash\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
           "name": "search_0",
+          "type": "search",
           "id": "88a40703-9791-4f96-bc06-992f96c9b350"
         }
       ],
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "88a40703-9791-4f96-bc06-992f96c9b350",
+      "type": "search",
+      "updated_at": "2020-02-12T20:12:43.078Z",
+      "version": "WzExODEsMV0=",
+      "attributes": {
+        "title": "SSH - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_ssh.auth_success",
+          "zeek_ssh.sshka",
+          "zeek_ssh.cipher_alg",
+          "zeek_ssh.mac_alg",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:ssh\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json b/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
deleted file mode 100644
index 96f5562e0..000000000
--- a/kibana/dashboards/d15a9d40-5c3e-492f-8e17-67a5d6862a3a.json
+++ /dev/null
@@ -1,845 +0,0 @@
-{
-  "version": "7.6.0",
-  "objects": [
-    {
-      "id": "d15a9d40-5c3e-492f-8e17-67a5d6862a3a",
-      "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUzNSwxXQ==",
-      "attributes": {
-        "title": "Indicator",
-        "hits": 0,
-        "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"2\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":0,\"i\":\"2\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":120,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":144,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":144,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":180,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":180,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":120,\"i\":\"16\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"18\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"18\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"node\",\"alert_level\",\"description\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"19\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":204,\"i\":\"19\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"20\",\"gridData\":{\"w\":48,\"h\":12,\"x\":0,\"y\":168,\"i\":\"20\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"21\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":144,\"i\":\"21\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"panelIndex\":\"22\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":96,\"i\":\"22\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"},{\"panelIndex\":\"23\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":96,\"i\":\"23\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\"},{\"panelIndex\":\"24\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"24\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_15\"},{\"panelIndex\":\"26\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":0,\"i\":\"26\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_16\",\"embeddableConfig\":{}},{\"panelIndex\":\"27\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":72,\"i\":\"27\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_17\",\"embeddableConfig\":{}},{\"panelIndex\":\"28\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":72,\"i\":\"28\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_18\",\"embeddableConfig\":{}}]",
-        "optionsJSON": "{\"useMargins\":true}",
-        "version": 1,
-        "timeRestore": false,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
-        }
-      },
-      "references": [
-        {
-          "name": "panel_0",
-          "type": "visualization",
-          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3"
-        },
-        {
-          "name": "panel_1",
-          "type": "visualization",
-          "id": "4f606c47-ce70-4546-84c0-47d3fafb5751"
-        },
-        {
-          "name": "panel_2",
-          "type": "visualization",
-          "id": "8a3a0bd6-555d-45c6-bf3d-d2b8598e9926"
-        },
-        {
-          "name": "panel_3",
-          "type": "visualization",
-          "id": "2c18f5be-4023-40fb-8de6-7b490045520b"
-        },
-        {
-          "name": "panel_4",
-          "type": "visualization",
-          "id": "44d6d5ce-bdf6-46d3-ad97-a30ebda437fa"
-        },
-        {
-          "name": "panel_5",
-          "type": "visualization",
-          "id": "c3c266ad-58c5-45f4-a463-180b531bd96e"
-        },
-        {
-          "name": "panel_6",
-          "type": "visualization",
-          "id": "be7d9516-7555-407f-9971-0394c7e822e4"
-        },
-        {
-          "name": "panel_7",
-          "type": "visualization",
-          "id": "cc206fe4-dad8-4e98-8bee-648186e6f160"
-        },
-        {
-          "name": "panel_8",
-          "type": "visualization",
-          "id": "727d7b36-4153-4c51-b723-2700a3c815f1"
-        },
-        {
-          "name": "panel_9",
-          "type": "search",
-          "id": "58822c6d-5c84-4d33-a623-ce740be2c057"
-        },
-        {
-          "name": "panel_10",
-          "type": "search",
-          "id": "c97bc964-5319-41e7-ad22-db28156a2ac1"
-        },
-        {
-          "name": "panel_11",
-          "type": "visualization",
-          "id": "e22ccafa-aad2-4897-8a15-ca114f31464c"
-        },
-        {
-          "name": "panel_12",
-          "type": "visualization",
-          "id": "a6cacf2a-7cf5-4991-be10-474429651b51"
-        },
-        {
-          "name": "panel_13",
-          "type": "visualization",
-          "id": "8486949c-3592-4831-9020-59bfd968ccfa"
-        },
-        {
-          "name": "panel_14",
-          "type": "visualization",
-          "id": "a3d7ae56-264b-4e8f-9c45-242bff74179d"
-        },
-        {
-          "name": "panel_15",
-          "type": "visualization",
-          "id": "519823ff-ee5b-4051-9dd5-0467e595ab25"
-        },
-        {
-          "name": "panel_16",
-          "type": "visualization",
-          "id": "40d65c7d-c62a-4115-80dd-ba239ee74df6"
-        },
-        {
-          "name": "panel_17",
-          "type": "visualization",
-          "id": "45ccdb84-8eec-45ca-b7d3-dd8e28fa8ee7"
-        },
-        {
-          "name": "panel_18",
-          "type": "visualization",
-          "id": "cc670ed6-87d2-494e-91ee-4a84be7cadc4"
-        }
-      ],
-      "migrationVersion": {
-        "dashboard": "7.3.0"
-      }
-    },
-    {
-      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
-      "attributes": {
-        "title": "Zeek Logs",
-        "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
-        "uiStateJSON": "{}",
-        "description": "",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
-        }
-      },
-      "references": [],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "4f606c47-ce70-4546-84c0-47d3fafb5751",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxMiwxXQ==",
-      "attributes": {
-        "title": "Data Types",
-        "visState": "{\"title\":\"Data Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.logType\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Data Type\"}}],\"listeners\":{}}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-        "description": "",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "c97bc964-5319-41e7-ad22-db28156a2ac1"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "8a3a0bd6-555d-45c6-bf3d-d2b8598e9926",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxMywxXQ==",
-      "attributes": {
-        "visState": "{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dns.query\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_dns.answers\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}",
-        "description": "",
-        "title": "DNS - Query/Answer",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "2c18f5be-4023-40fb-8de6-7b490045520b",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxNCwxXQ==",
-      "attributes": {
-        "visState": "{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
-        "description": "",
-        "title": "HTTP - Source IP Address",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "1762ad89-2039-4d70-8c2d-60b3e5a2c381"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "44d6d5ce-bdf6-46d3-ad97-a30ebda437fa",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxNSwxXQ==",
-      "attributes": {
-        "visState": "{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
-        "description": "",
-        "title": "HTTP - Destination IP Address",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "1762ad89-2039-4d70-8c2d-60b3e5a2c381"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "c3c266ad-58c5-45f4-a463-180b531bd96e",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxNiwxXQ==",
-      "attributes": {
-        "visState": "{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_http.host\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}",
-        "description": "",
-        "title": "HTTP - Sites",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "1762ad89-2039-4d70-8c2d-60b3e5a2c381"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "be7d9516-7555-407f-9971-0394c7e822e4",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxNywxXQ==",
-      "attributes": {
-        "visState": "{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_http.host\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}",
-        "description": "",
-        "title": "HTTP - Sites Hosting EXEs",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"\\\"application/x-dosexec\\\"\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "cc206fe4-dad8-4e98-8bee-648186e6f160",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxOCwxXQ==",
-      "attributes": {
-        "visState": "{\"title\":\"NIDS - Alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
-        "description": "",
-        "title": "NIDS - Alerts",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "1a9147fe-9214-466e-9ae9-8e674a7a4631"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "727d7b36-4153-4c51-b723-2700a3c815f1",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUxOSwxXQ==",
-      "attributes": {
-        "title": "DNS - Query Class",
-        "visState": "{\"title\":\"DNS - Query Class\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_dns.qclass_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Class\"}}]}",
-        "uiStateJSON": "{}",
-        "description": "",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "58822c6d-5c84-4d33-a623-ce740be2c057",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyMCwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "OSSEC - Alerts",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[{\"meta\":{\"negate\":false,\"key\":\"tags\",\"value\":\"alert\",\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"tags\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query_string\":{\"query\":\"zeek.logType:ossec\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "alert_level",
-          "classification",
-          "description"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        },
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
-    {
-      "id": "c97bc964-5319-41e7-ad22-db28156a2ac1",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyMSwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "All Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
-    {
-      "id": "e22ccafa-aad2-4897-8a15-ca114f31464c",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyMiwxXQ==",
-      "attributes": {
-        "visState": "{\"title\":\"HTTP - MIME Type\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":40},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_http.resp_mime_types\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}",
-        "description": "",
-        "title": "HTTP - MIME Type",
-        "uiStateJSON": "{}",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "1762ad89-2039-4d70-8c2d-60b3e5a2c381"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "a6cacf2a-7cf5-4991-be10-474429651b51",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyMywxXQ==",
-      "attributes": {
-        "title": "HTTP - Destination Port",
-        "visState": "{\"title\":\"HTTP - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
-        "uiStateJSON": "{}",
-        "description": "",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "1762ad89-2039-4d70-8c2d-60b3e5a2c381"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "8486949c-3592-4831-9020-59bfd968ccfa",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyNCwxXQ==",
-      "attributes": {
-        "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.server_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}",
-        "description": "",
-        "title": "SSL - Server",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "a3d7ae56-264b-4e8f-9c45-242bff74179d",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyNSwxXQ==",
-      "attributes": {
-        "title": "DNS - Server",
-        "visState": "{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-        "description": "",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "519823ff-ee5b-4051-9dd5-0467e595ab25",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU2OSwxXQ==",
-      "attributes": {
-        "visState": "{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.note\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}}],\"listeners\":{}}",
-        "description": "",
-        "title": "Notices - Notice Type",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "40d65c7d-c62a-4115-80dd-ba239ee74df6",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyNywxXQ==",
-      "attributes": {
-        "title": "Sensors - Sensor and Services",
-        "visState": "{\"title\":\"Sensors - Sensor and Services\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sensor_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.service\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
-        "uiStateJSON": "{}",
-        "description": "",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "c97bc964-5319-41e7-ad22-db28156a2ac1"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "45ccdb84-8eec-45ca-b7d3-dd8e28fa8ee7",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyOCwxXQ==",
-      "attributes": {
-        "title": "Top 50 - Source IP Address",
-        "visState": "{\"title\":\"Top 50 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-        "description": "",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "cc670ed6-87d2-494e-91ee-4a84be7cadc4",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUyOSwxXQ==",
-      "attributes": {
-        "title": "Top 50 - Destination IP Address",
-        "visState": "{\"title\":\"Top 50 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-        "description": "",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUzMCwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "DNS - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:dns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
-    {
-      "id": "1762ad89-2039-4d70-8c2d-60b3e5a2c381",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUzMSwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "HTTP - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:http\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "dstIp",
-          "dstPort",
-          "zeek_http.resp_fuids",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
-    {
-      "id": "1a9147fe-9214-466e-9ae9-8e674a7a4631",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUzMiwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "NIDS - Alerts",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:snort\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
-    {
-      "id": "b945a684-0841-4e86-87aa-0f1af6fb6579",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:53.365Z",
-      "version": "WzUzMywxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "SSL - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:ssl\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
-    {
-      "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c",
-      "type": "search",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU3NSwxXQ==",
-      "attributes": {
-        "title": "Notices - Logs",
-        "description": "",
-        "hits": 0,
-        "columns": [
-          "zeek_notice.note",
-          "srcIp",
-          "dstIp",
-          "zeek.uid",
-          "_id"
-        ],
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    }
-  ]
-}
\ No newline at end of file
diff --git a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
index dcea68147..398c8f1b8 100644
--- a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
+++ b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
@@ -4,18 +4,18 @@
     {
       "id": "f1f09567-fc7f-450b-a341-19d2f2bb468b",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU3OCwxXQ==",
+      "updated_at": "2020-02-12T16:00:38.405Z",
+      "version": "Wzg3MywxXQ==",
       "attributes": {
         "title": "Notices",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":48,\"i\":\"7\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":48,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":72,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":72,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":136,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":32,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"15\",\"gridData\":{\"w\":48,\"h\":40,\"x\":0,\"y\":96,\"i\":\"15\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"17\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":160,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"panelIndex\":\"18\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"18\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"19\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"19\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":46,\"i\":\"5\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":24,\"x\":0,\"y\":46},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"8\",\"w\":24,\"x\":24,\"y\":46},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":25,\"i\":\"11\",\"w\":20,\"x\":0,\"y\":84},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":65},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":65},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"14\",\"w\":40,\"x\":8,\"y\":30},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":25,\"i\":\"15\",\"w\":28,\"x\":20,\"y\":84},\"panelIndex\":\"15\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":109},\"panelIndex\":\"17\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"18\",\"w\":26,\"x\":8,\"y\":11},\"panelIndex\":\"18\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":14,\"x\":34,\"y\":11},\"panelIndex\":\"19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_12\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}"
         }
       },
       "references": [
@@ -92,13 +92,13 @@
     {
       "id": "0455b814-9b8e-4895-985d-c0d484bb025c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU2NSwxXQ==",
+      "updated_at": "2020-02-12T16:00:04.619Z",
+      "version": "Wzg3MiwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
-        "description": "",
         "title": "Notices - Log Count Over Time",
+        "visState": "{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"line\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT1S\",\"intervalESValue\":1,\"intervalESUnit\":\"s\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2017-04-16T17:22:12.510Z\",\"max\":\"2017-04-16T17:23:40.195Z\"}},\"label\":\"firstPacket per second\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"2017-04-16T17:22:12.510Z\",\"to\":\"2017-04-16T17:23:40.195Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_notice.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}}]}",
         "uiStateJSON": "{}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -107,8 +107,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c"
         }
       ],
@@ -119,8 +119,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -139,8 +139,8 @@
     {
       "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU2NywxXQ==",
+      "updated_at": "2020-02-12T15:01:02.218Z",
+      "version": "Wzc2NSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -166,8 +166,8 @@
     {
       "id": "af961658-7f3d-4f88-b35f-76d1b6f49002",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU2OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:02.218Z",
+      "version": "Wzc2NiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -193,13 +193,13 @@
     {
       "id": "519823ff-ee5b-4051-9dd5-0467e595ab25",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU2OSwxXQ==",
+      "updated_at": "2020-02-12T15:20:49.594Z",
+      "version": "WzgxOCwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.note\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}}],\"listeners\":{}}",
-        "description": "",
         "title": "Notices - Notice Type",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "visState": "{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.sub_category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -208,8 +208,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c"
         }
       ],
@@ -220,8 +220,8 @@
     {
       "id": "8f4a6c67-6833-4c53-b874-4341df5f181d",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU3MCwxXQ==",
+      "updated_at": "2020-02-12T15:01:02.218Z",
+      "version": "Wzc2OCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.file_mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}",
         "description": "",
@@ -247,8 +247,8 @@
     {
       "id": "47adad3a-a0d2-46eb-a957-1886abd4472d",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU3MSwxXQ==",
+      "updated_at": "2020-02-12T15:01:02.218Z",
+      "version": "Wzc2OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.file_desc\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}",
         "description": "",
@@ -274,11 +274,11 @@
     {
       "id": "8a911a83-3962-44b8-be39-b54532f51b46",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU3MiwxXQ==",
+      "updated_at": "2020-02-12T15:23:50.918Z",
+      "version": "WzgyMiwxXQ==",
       "attributes": {
         "title": "Notice - Destination Port",
-        "visState": "{\"title\":\"Notice - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
+        "visState": "{\"title\":\"Notice - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstPort\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}",
         "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
         "version": 1,
@@ -289,8 +289,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c"
         }
       ],
@@ -301,8 +301,8 @@
     {
       "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU3MywxXQ==",
+      "updated_at": "2020-02-12T15:01:02.218Z",
+      "version": "Wzc3MSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Notice - Message/Sub-Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.msg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.sub\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sub-Message\"}}],\"listeners\":{}}",
         "description": "",
@@ -328,8 +328,8 @@
     {
       "id": "AWDG1uC-xQT5EBNmq3dP",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU3NCwxXQ==",
+      "updated_at": "2020-02-12T15:01:02.218Z",
+      "version": "Wzc3MiwxXQ==",
       "attributes": {
         "title": "Notices - Log Count",
         "visState": "{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -355,18 +355,18 @@
     {
       "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c",
       "type": "search",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU3NSwxXQ==",
+      "updated_at": "2020-02-12T15:26:25.765Z",
+      "version": "WzgyOSwxXQ==",
       "attributes": {
         "title": "Notices - Logs",
         "description": "",
         "hits": 0,
         "columns": [
-          "zeek_notice.note",
+          "zeek_notice.category",
+          "zeek_notice.sub_category",
           "srcIp",
           "dstIp",
-          "zeek.uid",
-          "_id"
+          "zeek.uid"
         ],
         "sort": [
           [
@@ -376,7 +376,7 @@
         ],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:notice\",\"default_field\":\"*\",\"time_zone\":\"America/Denver\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
@@ -393,12 +393,12 @@
     {
       "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU3NiwxXQ==",
+      "updated_at": "2020-02-12T15:23:03.456Z",
+      "version": "WzgyMSwxXQ==",
       "attributes": {
-        "title": "Notices - Notice Types",
-        "visState": "{\"title\":\"Notices - Notice Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.note\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Note\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "title": "Notices - Notice Types by Source and Destination",
+        "visState": "{\"title\":\"Notices - Notice Types by Source and Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Note\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.sub_category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -408,8 +408,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c"
         }
       ],
@@ -420,8 +420,8 @@
     {
       "id": "559cf002-6086-4655-908e-d1f757cd58a9",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:59.520Z",
-      "version": "WzU3NywxXQ==",
+      "updated_at": "2020-02-12T15:01:02.218Z",
+      "version": "Wzc3NSwxXQ==",
       "attributes": {
         "title": "Notices - Destination Country",
         "visState": "{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
diff --git a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
index b2a0aee9c..5edf91968 100644
--- a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
+++ b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
@@ -4,18 +4,18 @@
     {
       "id": "f77bf097-18a8-465c-b634-eb2acc7a4f26",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU5NywxXQ==",
+      "updated_at": "2020-02-12T18:49:35.910Z",
+      "version": "WzEwODEsMV0=",
       "attributes": {
         "title": "RFB",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":56,\"i\":\"6\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"8\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":104,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"11\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":56,\"i\":\"12\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":80,\"i\":\"13\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":80,\"i\":\"14\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"15\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":80,\"i\":\"15\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":40,\"h\":12,\"x\":8,\"y\":20,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"panelIndex\":\"17\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"17\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"legendOpen\":true,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":21,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":18,\"x\":0,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":48},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":48},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":48},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"14\",\"w\":15,\"x\":33,\"y\":27},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"15\",\"w\":15,\"x\":18,\"y\":27},\"panelIndex\":\"15\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"16\",\"w\":14,\"x\":34,\"y\":8},\"panelIndex\":\"16\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"17\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":38,\"i\":\"2e466042-c74a-4549-9419-847d918823ae\",\"w\":48,\"x\":0,\"y\":70},\"panelIndex\":\"2e466042-c74a-4549-9419-847d918823ae\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_12\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -37,57 +37,52 @@
         {
           "name": "panel_3",
           "type": "visualization",
-          "id": "b8b1ddc7-f115-4f44-98fb-8763a01aec3a"
+          "id": "5d961a31-c465-45eb-9e8f-2bbad058a4f8"
         },
         {
           "name": "panel_4",
           "type": "visualization",
-          "id": "5d961a31-c465-45eb-9e8f-2bbad058a4f8"
+          "id": "8efb6175-3c0d-45ac-ae17-2908b8b7ab33"
         },
         {
           "name": "panel_5",
           "type": "visualization",
-          "id": "8efb6175-3c0d-45ac-ae17-2908b8b7ab33"
+          "id": "cd575019-21e5-45be-8fb1-7b447cdf2c91"
         },
         {
           "name": "panel_6",
-          "type": "search",
-          "id": "161c6526-b634-4b79-8cb5-39b667eaa862"
+          "type": "visualization",
+          "id": "0ac25486-a491-4797-b40f-c83d7d14ded0"
         },
         {
           "name": "panel_7",
           "type": "visualization",
-          "id": "cd575019-21e5-45be-8fb1-7b447cdf2c91"
+          "id": "5cd98bd4-370d-4d9c-afeb-0018145f6e28"
         },
         {
           "name": "panel_8",
           "type": "visualization",
-          "id": "0ac25486-a491-4797-b40f-c83d7d14ded0"
+          "id": "c4b27ea5-7188-4c09-9754-ea3c67fe44de"
         },
         {
           "name": "panel_9",
           "type": "visualization",
-          "id": "5cd98bd4-370d-4d9c-afeb-0018145f6e28"
+          "id": "c46f1254-54b6-414b-88cc-69751026b0e0"
         },
         {
           "name": "panel_10",
           "type": "visualization",
-          "id": "c4b27ea5-7188-4c09-9754-ea3c67fe44de"
+          "id": "0537ea69-4e73-4055-92a8-b90369603b5a"
         },
         {
           "name": "panel_11",
           "type": "visualization",
-          "id": "c46f1254-54b6-414b-88cc-69751026b0e0"
+          "id": "AWDHC8iGxQT5EBNmq4bs"
         },
         {
           "name": "panel_12",
-          "type": "visualization",
-          "id": "0537ea69-4e73-4055-92a8-b90369603b5a"
-        },
-        {
-          "name": "panel_13",
-          "type": "visualization",
-          "id": "AWDHC8iGxQT5EBNmq4bs"
+          "type": "search",
+          "id": "161c6526-b634-4b79-8cb5-39b667eaa862"
         }
       ],
       "migrationVersion": {
@@ -97,8 +92,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:05.290Z",
+      "version": "Wzc5NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -117,8 +112,8 @@
     {
       "id": "ebfb6257-cd49-4120-aefb-e3ef95624acc",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU4NCwxXQ==",
+      "updated_at": "2020-02-12T15:01:04.271Z",
+      "version": "Wzc4MiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RFB - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -144,40 +139,13 @@
     {
       "id": "24fb5549-3160-41fb-901f-81c03c165e8c",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU4NSwxXQ==",
+      "updated_at": "2020-02-12T18:46:20.561Z",
+      "version": "WzEwNzEsMV0=",
       "attributes": {
-        "visState": "{\"title\":\"RFB - Authentication Status\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_rfb.auth\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Status\"}}],\"listeners\":{}}",
-        "description": "",
         "title": "RFB - Authentication Status",
-        "uiStateJSON": "{}",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[]}"
-        },
-        "savedSearchRefName": "search_0"
-      },
-      "references": [
-        {
-          "type": "search",
-          "name": "search_0",
-          "id": "161c6526-b634-4b79-8cb5-39b667eaa862"
-        }
-      ],
-      "migrationVersion": {
-        "visualization": "7.4.2"
-      }
-    },
-    {
-      "id": "b8b1ddc7-f115-4f44-98fb-8763a01aec3a",
-      "type": "visualization",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU4NiwxXQ==",
-      "attributes": {
-        "visState": "{\"title\":\"RFB - Authentication Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_rfb.authentication_method\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Method\"}}],\"listeners\":{}}",
+        "visState": "{\"title\":\"RFB - Authentication Status\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Authenticated\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_rfb.auth\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"F\",\"customLabel\":\"Authenticated\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
-        "title": "RFB - Authentication Method",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -186,8 +154,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "161c6526-b634-4b79-8cb5-39b667eaa862"
         }
       ],
@@ -198,13 +166,13 @@
     {
       "id": "5d961a31-c465-45eb-9e8f-2bbad058a4f8",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU4NywxXQ==",
+      "updated_at": "2020-02-12T18:40:36.801Z",
+      "version": "WzEwNjQsMV0=",
       "attributes": {
-        "visState": "{\"title\":\"RFB - Exclusive Session\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_rfb.share_flag\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
-        "description": "",
         "title": "RFB - Exclusive Session",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
+        "visState": "{\"title\":\"RFB - Exclusive Session\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"zeek_rfb.share_flag: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_rfb.share_flag\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Exclusive Session\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -213,8 +181,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "161c6526-b634-4b79-8cb5-39b667eaa862"
         }
       ],
@@ -225,8 +193,8 @@
     {
       "id": "8efb6175-3c0d-45ac-ae17-2908b8b7ab33",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU4OCwxXQ==",
+      "updated_at": "2020-02-12T15:01:04.271Z",
+      "version": "Wzc4NiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_rfb.desktop_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Desktop Name\"}}],\"listeners\":{}}",
         "description": "",
@@ -249,50 +217,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "161c6526-b634-4b79-8cb5-39b667eaa862",
-      "type": "search",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU4OSwxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "RFB - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:rfb\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "cd575019-21e5-45be-8fb1-7b447cdf2c91",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU5MCwxXQ==",
+      "updated_at": "2020-02-12T15:01:04.271Z",
+      "version": "Wzc4OCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RFB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -318,8 +247,8 @@
     {
       "id": "0ac25486-a491-4797-b40f-c83d7d14ded0",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU5MSwxXQ==",
+      "updated_at": "2020-02-12T15:01:04.271Z",
+      "version": "Wzc4OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RFB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -345,8 +274,8 @@
     {
       "id": "5cd98bd4-370d-4d9c-afeb-0018145f6e28",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU5MiwxXQ==",
+      "updated_at": "2020-02-12T15:01:04.271Z",
+      "version": "Wzc5MCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RFB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
         "description": "",
@@ -372,8 +301,8 @@
     {
       "id": "c4b27ea5-7188-4c09-9754-ea3c67fe44de",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU5MywxXQ==",
+      "updated_at": "2020-02-12T15:01:04.271Z",
+      "version": "Wzc5MSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_rfb.server_major_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_rfb.server_minor_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}",
         "description": "",
@@ -399,8 +328,8 @@
     {
       "id": "c46f1254-54b6-414b-88cc-69751026b0e0",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU5NCwxXQ==",
+      "updated_at": "2020-02-12T15:01:04.271Z",
+      "version": "Wzc5MiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_rfb.client_major_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_rfb.client_minor_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}",
         "description": "",
@@ -426,13 +355,13 @@
     {
       "id": "0537ea69-4e73-4055-92a8-b90369603b5a",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU5NSwxXQ==",
+      "updated_at": "2020-02-12T18:49:14.219Z",
+      "version": "WzEwODAsMV0=",
       "attributes": {
-        "visState": "{\"title\":\"RFB - Authentication Method\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_rfb.authentication_method\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}",
-        "description": "",
         "title": "RFB - Authentication Method",
+        "visState": "{\"title\":\"RFB - Authentication Method\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Method\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_rfb.authentication_method\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Method\"}}]}",
         "uiStateJSON": "{}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -441,8 +370,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "161c6526-b634-4b79-8cb5-39b667eaa862"
         }
       ],
@@ -453,8 +382,8 @@
     {
       "id": "AWDHC8iGxQT5EBNmq4bs",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:01.608Z",
-      "version": "WzU5NiwxXQ==",
+      "updated_at": "2020-02-12T15:01:04.271Z",
+      "version": "Wzc5NCwxXQ==",
       "attributes": {
         "title": "RFB - Log Count",
         "visState": "{\"title\":\"RFB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -476,6 +405,47 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "161c6526-b634-4b79-8cb5-39b667eaa862",
+      "type": "search",
+      "updated_at": "2020-02-12T18:48:16.263Z",
+      "version": "WzEwNzgsMV0=",
+      "attributes": {
+        "title": "RFB - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "dstIp",
+          "dstPort",
+          "zeek_rfb.desktop_name",
+          "zeek_rfb.authentication_method",
+          "zeek_rfb.auth",
+          "zeek_rfb.share_flag",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:rfb\",\"time_zone\":\"America/Denver\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index 0e4cd4a2d..b1b296c94 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -392,7 +392,7 @@ filter {
             id => "dissect_zeek_dhcp_1_with_all_fields"
             # zeek's default delimiter is a literal tab, MAKE SURE YOUR EDITOR DOESN'T SCREW IT UP
             mapping => {
-              "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uids]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][orig_l2_addr]}	%{[zeek_cols][host_name]}	%{[zeek_cols][client_fqdn]}	%{[zeek_cols][domain]}	%{[zeek_cols][requested_ip]}	%{[zeek_cols][assigned_ip]}	%{[zeek_cols][lease_time]}	%{[zeek_cols][client_message]}	%{[zeek_cols][server_message]}	%{[zeek_cols][msg_types]}	%{[zeek_cols][duration]}"
+              "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][orig_l2_addr]}	%{[zeek_cols][host_name]}	%{[zeek_cols][client_fqdn]}	%{[zeek_cols][domain]}	%{[zeek_cols][requested_ip]}	%{[zeek_cols][assigned_ip]}	%{[zeek_cols][lease_time]}	%{[zeek_cols][client_message]}	%{[zeek_cols][server_message]}	%{[zeek_cols][msg_types]}	%{[zeek_cols][duration]}"
             }
           }
 
@@ -422,18 +422,18 @@ filter {
       }
       ruby {
         id => "ruby_zip_zeek_dhcp"
-        init => "$zeek_dhcp_field_names = [ 'ts', 'uids', 'orig_h', 'resp_h', 'orig_l2_addr', 'host_name', 'client_fqdn', 'domain', 'requested_ip', 'assigned_ip', 'lease_time', 'client_message', 'server_message', 'msg_types', 'duration' ]"
+        init => "$zeek_dhcp_field_names = [ 'ts', 'uid', 'orig_h', 'resp_h', 'orig_l2_addr', 'host_name', 'client_fqdn', 'domain', 'requested_ip', 'assigned_ip', 'lease_time', 'client_message', 'server_message', 'msg_types', 'duration' ]"
         code => "event.set('[zeek_cols]', $zeek_dhcp_field_names.zip(event.get('[message]')).to_h)"
       }
     }
 
-    if ([zeek_cols][uids]) and ([zeek_cols][uids] != '(empty)') and ([zeek_cols][uids] != '') {
+    if ([zeek_cols][uid]) and ([zeek_cols][uid] != '(empty)') and ([zeek_cols][uid] != '') {
       mutate { id => "mutate_split_zeek_dhcp_uids"
-               split => { "[zeek_cols][uids]" => "," } }
+               split => { "[zeek_cols][uid]" => "," } }
     }
-    if ([zeek_cols][uids] and [zeek_cols][uids][0]) {
+    if ([zeek_cols][uid] and [zeek_cols][uid][0]) {
       mutate { id => "mutate_add_field_zeek_dhcp_uids"
-               add_field => { "[rootId]" => "%{[zeek_cols][uids][0]}" } }
+               add_field => { "[rootId]" => "%{[zeek_cols][uid][0]}" } }
     }
 
     if ((![zeek_cols][orig_p]) and (![zeek_cols][resp_p])) {
@@ -3075,6 +3075,20 @@ filter {
     mutate { id => "mutate_split_zeek_notice_actions"
              split => { "[zeek_notice][actions]" => "," } }
 
+    # split "Category::Subcategory" into two different fields
+    ruby {
+      id => "ruby_zeek_notice_category_extract"
+      code => "
+        if (noticeNote = event.get('[zeek_notice][note]')) and (noticeParts = noticeNote.split('::')) then
+          if (noticeParts.length >= 2) then
+            event.set('[zeek_notice][category]', noticeParts[0])
+            event.set('[zeek_notice][sub_category]', noticeParts[1])
+          elsif (noticeParts.length == 1) then
+            event.set('[zeek_notice][category]', noticeParts[0])
+          end
+        end"
+    }
+
   } else if ([source] == "ntp") {
     #############################################################################################################################
     # ntp.log specific logic
@@ -3204,6 +3218,10 @@ filter {
                merge => { "[radius][mac]" => "[zeek_radius][mac]" } }
       mutate { id => "mutate_add_field_radius_macCnt"
                add_field => { "[radius][macCnt]" => "1" } }
+      if (![zeek][orig_l2_addr]) {
+        mutate { id => "mutate_merge_zeek_radius_zeek_mac"
+                 merge => { "[zeek][orig_l2_addr]" => "[zeek_radius][mac]" } }
+      }
     }
 
   } else if ([source] == "rdp") {
diff --git a/moloch/wise/source.zeeklogs.js b/moloch/wise/source.zeeklogs.js
index 9f096b552..d98ce97d3 100755
--- a/moloch/wise/source.zeeklogs.js
+++ b/moloch/wise/source.zeeklogs.js
@@ -351,6 +351,8 @@ function ZeekLogs (api, section) {
   this.notice_file_mime_typeField = this.api.addField("field:zeek_notice.file_mime_type;db:zeek_notice.file_mime_type;kind:termfield;friendly:File Magic;help:File Magic");
   this.notice_file_descField = this.api.addField("field:zeek_notice.file_desc;db:zeek_notice.file_desc;kind:termfield;friendly:File Description;help:File Description");
   this.notice_noteField = this.api.addField("field:zeek_notice.note;db:zeek_notice.note;kind:termfield;friendly:Notice Type;help:Notice Type");
+  this.notice_categoryField = this.api.addField("field:zeek_notice.category;db:zeek_notice.category;kind:termfield;friendly:Category;help:Category");
+  this.notice_sub_categoryField = this.api.addField("field:zeek_notice.sub_category;db:zeek_notice.sub_category;kind:termfield;friendly:Subcategory;help:Subcategory");
   this.notice_msgField = this.api.addField("field:zeek_notice.msg;db:zeek_notice.msg;kind:termfield;friendly:Message;help:Message");
   this.notice_subField = this.api.addField("field:zeek_notice.sub;db:zeek_notice.sub;kind:termfield;friendly:Submessage;help:Submessage");
   this.notice_srcField = this.api.addField("field:zeek_notice.src;db:zeek_notice.src;kind:termfield;friendly:Notice Source;help:Notice Source");
@@ -799,7 +801,7 @@ function ZeekLogs (api, section) {
   // add right-clicks for pivoting into Kibana from Moloch (see nginx.conf)
   var filterLabel = "Filter %DBFIELD% in Kibana";
   var filterUrl = "idmol2kib/filter?start=%ISOSTART%&stop=%ISOSTOP%&field=%DBFIELD%&value=%TEXT%";
-  var allFieldsStr = "communityId,host.name,ip.protocol,mac.dst,mac.src,node,oui.dst,oui.src,protocols,rootId,tags,zeek.action,zeek.community_id,zeek.destination_geo.city_name,zeek.destination_geo.country_name,zeek.destination_ip_reverse_dns,zeek.filename,zeek.filetype,zeek.fuid,zeek.logType,zeek.orig_h,zeek.orig_hostname,zeek.orig_l2_addr,zeek.orig_l2_oui,zeek.orig_p,zeek.orig_segment,zeek.proto,zeek.resp_h,zeek.resp_hostname,zeek.resp_l2_addr,zeek.resp_l2_oui,zeek.resp_p,zeek.resp_segment,zeek.service,zeek.service_version,zeek.source_geo.city_name,zeek.source_geo.country_name,zeek.source_ip_reverse_dns,zeek.ts,zeek.uid,zeek.user,zeek.password,zeek.freq_score_v1,zeek.freq_score_v2,zeek_bacnet.apdu_type,zeek_bacnet.bvlc_function,zeek_bacnet.bvlc_len,zeek_bacnet.data,zeek_bacnet.data_dict.date,zeek_bacnet.data_dict.low_limit,zeek_bacnet.data_dict.high_limit,zeek_bacnet.data_dict.object,zeek_bacnet.data_dict.property,zeek_bacnet.data_dict.result,zeek_bacnet.data_dict.time,zeek_bacnet.data_dict.ttl,zeek_bacnet.service_choice,zeek_cip.cip_service,zeek_cip.cip_tags,zeek_cip.status,zeek_conn.conn_state,zeek_conn.conn_state_description,zeek_conn.duration,zeek_conn.history,zeek_conn.inner_vlan,zeek_conn.local_orig,zeek_conn.local_resp,zeek_conn.missed_bytes,zeek_conn.orig_bytes,zeek_conn.orig_ip_bytes,zeek_conn.orig_pkts,zeek_conn.resp_bytes,zeek_conn.resp_ip_bytes,zeek_conn.resp_pkts,zeek_conn.tunnel_parents,zeek_conn.vlan,zeek_dce_rpc.endpoint,zeek_dce_rpc.named_pipe,zeek_dce_rpc.operation,zeek_dce_rpc.rtt,zeek_dhcp.assigned_ip,zeek_dhcp.lease_time,zeek_dhcp.mac,zeek_dhcp.trans_id,zeek_dnp3.fc_reply,zeek_dnp3.fc_request,zeek_dnp3.iin,zeek_dns.AA,zeek_dns.answers,zeek_dns.qclass,zeek_dns.qclass_name,zeek_dns.qtype,zeek_dns.qtype_name,zeek_dns.query,zeek_dns.RA,zeek_dns.rcode,zeek_dns.rcode_name,zeek_dns.RD,zeek_dns.rejected,zeek_dns.rtt,zeek_dns.TC,zeek_dns.trans_id,zeek_dns.TTLs,zeek_dns.Z,zeek_dpd.failure_reason,zeek_dpd.service,zeek_enip.command,zeek_enip.length,zeek_enip.options,zeek_enip.sender_context,zeek_enip.session_handle,zeek_enip.status,zeek_enip_list_identity.device_ip,zeek_enip_list_identity.device_type,zeek_enip_list_identity.product_code,zeek_enip_list_identity.product_name,zeek_enip_list_identity.revision,zeek_enip_list_identity.serial_number,zeek_enip_list_identity.state,zeek_enip_list_identity.status,zeek_enip_list_identity.vendor,zeek_files.analyzers,zeek_files.conn_uids,zeek_files.depth,zeek_files.duration,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size,zeek_files.filename,zeek_files.is_orig,zeek_files.local_orig,zeek_files.md5,zeek_files.mime_type,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.parent_fuid,zeek_files.rx_hosts,zeek_files.seen_bytes,zeek_files.sha1,zeek_files.sha256,zeek_files.source,zeek_files.timedout,zeek_files.total_bytes,zeek_files.tx_hosts,zeek_ftp.arg,zeek_ftp.command,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p,zeek_ftp.file_size,zeek_ftp.mime_type,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_gquic.cyu,zeek_gquic.cyutags,zeek_gquic.server_name,zeek_gquic.tag_count,zeek_gquic.user_agent,zeek_gquic.version,zeek_http.host,zeek_http.info_code,zeek_http.info_msg,zeek_http.method,zeek_http.orig_filenames,zeek_http.orig_fuids,zeek_http.orig_mime_types,zeek_http.origin,zeek_http.proxied,zeek_http.referrer,zeek_http.request_body_len,zeek_http.resp_filenames,zeek_http.resp_fuids,zeek_http.resp_mime_types,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.tags,zeek_http.trans_depth,zeek_http.uri,zeek_http.user_agent,zeek_http.version,zeek_intel.file_description,zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.matched,zeek_intel.mimetype,zeek_intel.seen_node,zeek_intel.seen_where,zeek_intel.sources,zeek_irc.addl,zeek_irc.command,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type,zeek_irc.nick,zeek_irc.value,zeek_iso_cotp.pdu_type,zeek_kerberos.cipher,zeek_kerberos.client_cert_fuid,zeek_kerberos.client_cert_subject,zeek_kerberos.cname,zeek_kerberos.error_msg,zeek_kerberos.forwardable,zeek_kerberos.from,zeek_kerberos.renewable,zeek_kerberos.server_cert_fuid,zeek_kerberos.server_cert_subject,zeek_kerberos.sname,zeek_kerberos.success,zeek_kerberos.till,zeek_known_certs.issuer_subject,zeek_known_certs.serial,zeek_known_certs.subject,zeek_known_modbus.device_type,zeek_ldap.message_id,zeek_ldap.operation,zeek_ldap.value,zeek_ldap.entry,zeek_ldap.result,zeek_ldap.result_code,zeek_ldap.error,zeek_modbus.exception,zeek_modbus.func,modbus_register_change.register,modbus_register_change.old_val,modbus_register_change.new_val,modbus_register_change.delta,zeek_mqtt_connect.client_id,zeek_mqtt_connect.connect_status,zeek_mqtt_connect.proto_name,zeek_mqtt_connect.proto_version,zeek_mqtt_connect.will_payload,zeek_mqtt_connect.will_topic,zeek_mqtt_publish.from_client,zeek_mqtt_publish.retain,zeek_mqtt_publish.qos,zeek_mqtt_publish.status,zeek_mqtt_publish.topic,zeek_mqtt_publish.payload,zeek_mqtt_publish.payload_len,zeek_mqtt_subscribe.action,zeek_mqtt_subscribe.topics,zeek_mqtt_subscribe.qos_levels,zeek_mqtt_subscribe.granted_qos_level,zeek_mqtt_subscribe.ack,zeek_mysql.arg,zeek_mysql.cmd,zeek_mysql.response,zeek_mysql.rows,zeek_mysql.success,zeek_notice.actions,zeek_notice.dropped,zeek_notice.dst,zeek_notice.file_desc,zeek_notice.file_mime_type,zeek_notice.msg,zeek_notice.n,zeek_notice.note,zeek_notice.p,zeek_notice.peer_descr,zeek_notice.remote_location_city,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_country_code,zeek_notice.remote_location_latitude,zeek_notice.remote_location_longitude,zeek_notice.remote_location_region,zeek_notice.src,zeek_notice.sub,zeek_notice.suppress_for,zeek_ntlm.domain,zeek_ntlm.host,zeek_ntlm.status,zeek_ntlm.success,zeek_ntlm.server_nb_computer,zeek_ntlm.server_dns_computer,zeek_ntlm.server_tree,zeek_ntp.mode,zeek_ntp.mode_str,zeek_ntp.num_exts,zeek_ntp.org_time,zeek_ntp.poll,zeek_ntp.precision,zeek_ntp.rec_time,zeek_ntp.ref_id,zeek_ntp.ref_time,zeek_ntp.root_delay,zeek_ntp.root_disp,zeek_ntp.stratum,zeek_ntp.version,zeek_ntp.xmt_time,zeek_pe.compile_ts,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.has_export_table,zeek_pe.has_import_table,zeek_pe.is_64bit,zeek_pe.is_exe,zeek_pe.machine,zeek_pe.os,zeek_pe.section_names,zeek_pe.subsystem,zeek_pe.uses_aslr,zeek_pe.uses_code_integrity,zeek_pe.uses_dep,zeek_pe.uses_seh,zeek_profinet.block_version,zeek_profinet.index,zeek_profinet.operation_type,zeek_profinet.slot_number,zeek_profinet.subslot_number,zeek_profinet_dce_rpc.activity_uuid,zeek_profinet_dce_rpc.interface_uuid,zeek_profinet_dce_rpc.object_uuid,zeek_profinet_dce_rpc.operation,zeek_profinet_dce_rpc.packet_type,zeek_profinet_dce_rpc.server_boot_time,zeek_profinet_dce_rpc.version,zeek_radius.connect_info,zeek_radius.framed_addr,zeek_radius.mac,zeek_radius.tunnel_client,zeek_radius.reply_msg,zeek_radius.result,zeek_radius.ttl,zeek_rdp.cert_count,zeek_rdp.cert_permanent,zeek_rdp.cert_type,zeek_rdp.client_build,zeek_rdp.client_channels,zeek_rdp.client_dig_product_id,zeek_rdp.client_name,zeek_rdp.cookie,zeek_rdp.desktop_height,zeek_rdp.desktop_width,zeek_rdp.encryption_level,zeek_rdp.encryption_method,zeek_rdp.keyboard_layout,zeek_rdp.requested_color_depth,zeek_rdp.result,zeek_rdp.security_protocol,zeek_rfb.auth,zeek_rfb.authentication_method,zeek_rfb.client_major_version,zeek_rfb.client_minor_version,zeek_rfb.desktop_name,zeek_rfb.height,zeek_rfb.server_major_version,zeek_rfb.server_minor_version,zeek_rfb.share_flag,zeek_rfb.width,zeek_s7comm.data_info,zeek_s7comm.item_count,zeek_s7comm.parameter,zeek_s7comm.parameters.class,zeek_s7comm.parameters.code,zeek_s7comm.parameters.group,zeek_s7comm.parameters.mode,zeek_s7comm.parameters.sub,zeek_s7comm.parameters.type,zeek_s7comm.rosctr,zeek_signatures.engine,zeek_signatures.event_message,zeek_signatures.hits,zeek_signatures.host_count,zeek_signatures.note,zeek_signatures.signature_count,zeek_signatures.signature_id,zeek_signatures.sub_message,zeek_sip.call_id,zeek_sip.content_type,zeek_sip.date,zeek_sip.method,zeek_sip.reply_to,zeek_sip.request_body_len,zeek_sip.request_from,zeek_sip.request_path,zeek_sip.request_to,zeek_sip.response_body_len,zeek_sip.response_from,zeek_sip.response_path,zeek_sip.response_to,zeek_sip.seq,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.subject,zeek_sip.trans_depth,zeek_sip.uri,zeek_sip.user_agent,zeek_sip.warning,zeek_sip.version,zeek_smb_cmd.command,zeek_smb_cmd.sub_command,zeek_smb_cmd.argument,zeek_smb_cmd.status,zeek_smb_cmd.rtt,zeek_smb_cmd.version,zeek_smb_cmd.user,zeek_smb_cmd.tree,zeek_smb_cmd.tree_service,zeek_smb_files.action,zeek_smb_files.name,zeek_smb_files.path,zeek_smb_files.prev_name,zeek_smb_files.size,zeek_smb_files.times_accessed,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp,zeek_smb_files.times_created,zeek_smb_files.times_modified,zeek_smb_mapping.native_file_system,zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.share_type,zeek_smtp.cc,zeek_smtp.date,zeek_smtp.first_received,zeek_smtp.from,zeek_smtp.helo,zeek_smtp.in_reply_to,zeek_smtp.is_webmail,zeek_smtp.last_reply,zeek_smtp.mailfrom,zeek_smtp.msg_id,zeek_smtp.path,zeek_smtp.rcptto,zeek_smtp.reply_to,zeek_smtp.second_received,zeek_smtp.subject,zeek_smtp.tls,zeek_smtp.to,zeek_smtp.trans_depth,zeek_smtp.user_agent,zeek_smtp.x_originating_ip,zeek_snmp.community,zeek_snmp.display_string,zeek_snmp.duration,zeek_snmp.get_bulk_requests,zeek_snmp.get_requests,zeek_snmp.get_responses,zeek_snmp.set_requests,zeek_snmp.up_since,zeek_snmp.version,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.server_status,zeek_socks.version,zeek_software.name,zeek_software.software_type,zeek_software.unparsed_version,zeek_software.version_addl,zeek_software.version_major,zeek_software.version_minor,zeek_software.version_minor2,zeek_software.version_minor3,zeek_ssh.auth_attempts,zeek_ssh.auth_success,zeek_ssh.cipher_alg,zeek_ssh.client,zeek_ssh.compression_alg,zeek_ssh.cshka,zeek_ssh.direction,zeek_ssh.hassh,zeek_ssh.hasshAlgorithms,zeek_ssh.hasshServer,zeek_ssh.hasshServerAlgorithms,zeek_ssh.hasshVersion,zeek_ssh.host_key,zeek_ssh.host_key_alg,zeek_ssh.kex_alg,zeek_ssh.mac_alg,zeek_ssh.remote_location_city,zeek_ssh.remote_location_country_code,zeek_ssh.remote_location_latitude,zeek_ssh.remote_location_longitude,zeek_ssh.remote_location_region,zeek_ssh.server,zeek_ssh.sshka,zeek_ssh.version,zeek_ssl.cert_chain_fuids,zeek_ssl.cipher,zeek_ssl.client_cert_chain_fuids,zeek_ssl.client_issuer.C,zeek_ssl.client_issuer.CN,zeek_ssl.client_issuer.DC,zeek_ssl.client_issuer.emailAddress,zeek_ssl.client_issuer.GN,zeek_ssl.client_issuer.initials,zeek_ssl.client_issuer.L,zeek_ssl.client_issuer.O,zeek_ssl.client_issuer.OU,zeek_ssl.client_issuer.pseudonym,zeek_ssl.client_issuer.serialNumber,zeek_ssl.client_issuer.SN,zeek_ssl.client_issuer.ST,zeek_ssl.client_issuer.title,zeek_ssl.client_issuer_full,zeek_ssl.client_subject.C,zeek_ssl.client_subject.CN,zeek_ssl.client_subject.emailAddress,zeek_ssl.client_subject.GN,zeek_ssl.client_subject.initials,zeek_ssl.client_subject.L,zeek_ssl.client_subject.O,zeek_ssl.client_subject.OU,zeek_ssl.client_subject.pseudonym,zeek_ssl.client_subject.serialNumber,zeek_ssl.client_subject.SN,zeek_ssl.client_subject.ST,zeek_ssl.client_subject.title,zeek_ssl.client_subject_full,zeek_ssl.curve,zeek_ssl.established,zeek_ssl.issuer.C,zeek_ssl.issuer.CN,zeek_ssl.issuer.DC,zeek_ssl.issuer.emailAddress,zeek_ssl.issuer.GN,zeek_ssl.issuer.initials,zeek_ssl.issuer.L,zeek_ssl.issuer.O,zeek_ssl.issuer.OU,zeek_ssl.issuer.pseudonym,zeek_ssl.issuer.serialNumber,zeek_ssl.issuer.SN,zeek_ssl.issuer.ST,zeek_ssl.issuer.title,zeek_ssl.issuer_full,zeek_ssl.ja3,zeek_ssl.ja3_desc,zeek_ssl.ja3s,zeek_ssl.ja3s_desc,zeek_ssl.last_alert,zeek_ssl.next_protocol,zeek_ssl.resumed,zeek_ssl.server_name,zeek_ssl.ssl_version,zeek_ssl.subject.C,zeek_ssl.subject.CN,zeek_ssl.subject.emailAddress,zeek_ssl.subject.GN,zeek_ssl.subject.initials,zeek_ssl.subject.L,zeek_ssl.subject.O,zeek_ssl.subject.OU,zeek_ssl.subject.pseudonym,zeek_ssl.subject.serialNumber,zeek_ssl.subject.SN,zeek_ssl.subject.ST,zeek_ssl.subject.title,zeek_ssl.subject_full,zeek_ssl.validation_status,zeek_syslog.facility,zeek_syslog.message,zeek_syslog.severity,zeek_tds.command,zeek_tds_rpc.parameters,zeek_tds_rpc.procedure_name,zeek_tds_sql_batch.header_type,zeek_tds_sql_batch.query,zeek_tunnel.action,zeek_tunnel.tunnel_type,zeek_weird.addl,zeek_weird.name,zeek_weird.notice,zeek_weird.peer,zeek_x509.basic_constraints_ca,zeek_x509.basic_constraints_path_len,zeek_x509.certificate_curve,zeek_x509.certificate_exponent,zeek_x509.certificate_issuer.C,zeek_x509.certificate_issuer.CN,zeek_x509.certificate_issuer.emailAddress,zeek_x509.certificate_issuer.GN,zeek_x509.certificate_issuer.initials,zeek_x509.certificate_issuer.L,zeek_x509.certificate_issuer.O,zeek_x509.certificate_issuer.OU,zeek_x509.certificate_issuer.pseudonym,zeek_x509.certificate_issuer.serialNumber,zeek_x509.certificate_issuer.SN,zeek_x509.certificate_issuer.ST,zeek_x509.certificate_issuer.title,zeek_x509.certificate_issuer_full,zeek_x509.certificate_key_alg,zeek_x509.certificate_key_length,zeek_x509.certificate_key_type,zeek_x509.certificate_not_valid_after,zeek_x509.certificate_not_valid_before,zeek_x509.certificate_serial,zeek_x509.certificate_sig_alg,zeek_x509.certificate_subject.C,zeek_x509.certificate_subject.CN,zeek_x509.certificate_subject.DC,zeek_x509.certificate_subject.emailAddress,zeek_x509.certificate_subject.GN,zeek_x509.certificate_subject.initials,zeek_x509.certificate_subject.L,zeek_x509.certificate_subject.O,zeek_x509.certificate_subject.OU,zeek_x509.certificate_subject.pseudonym,zeek_x509.certificate_subject.serialNumber,zeek_x509.certificate_subject.SN,zeek_x509.certificate_subject.ST,zeek_x509.certificate_subject.title,zeek_x509.certificate_subject_full,zeek_x509.certificate_version,zeek_x509.san_dns,zeek_x509.san_email,zeek_x509.san_ip,zeek_x509.san_uri";
+  var allFieldsStr = "communityId,host.name,ip.protocol,mac.dst,mac.src,node,oui.dst,oui.src,protocols,rootId,tags,zeek.action,zeek.community_id,zeek.destination_geo.city_name,zeek.destination_geo.country_name,zeek.destination_ip_reverse_dns,zeek.filename,zeek.filetype,zeek.fuid,zeek.logType,zeek.orig_h,zeek.orig_hostname,zeek.orig_l2_addr,zeek.orig_l2_oui,zeek.orig_p,zeek.orig_segment,zeek.proto,zeek.resp_h,zeek.resp_hostname,zeek.resp_l2_addr,zeek.resp_l2_oui,zeek.resp_p,zeek.resp_segment,zeek.service,zeek.service_version,zeek.source_geo.city_name,zeek.source_geo.country_name,zeek.source_ip_reverse_dns,zeek.ts,zeek.uid,zeek.user,zeek.password,zeek.freq_score_v1,zeek.freq_score_v2,zeek_bacnet.apdu_type,zeek_bacnet.bvlc_function,zeek_bacnet.bvlc_len,zeek_bacnet.data,zeek_bacnet.data_dict.date,zeek_bacnet.data_dict.low_limit,zeek_bacnet.data_dict.high_limit,zeek_bacnet.data_dict.object,zeek_bacnet.data_dict.property,zeek_bacnet.data_dict.result,zeek_bacnet.data_dict.time,zeek_bacnet.data_dict.ttl,zeek_bacnet.service_choice,zeek_cip.cip_service,zeek_cip.cip_tags,zeek_cip.status,zeek_conn.conn_state,zeek_conn.conn_state_description,zeek_conn.duration,zeek_conn.history,zeek_conn.inner_vlan,zeek_conn.local_orig,zeek_conn.local_resp,zeek_conn.missed_bytes,zeek_conn.orig_bytes,zeek_conn.orig_ip_bytes,zeek_conn.orig_pkts,zeek_conn.resp_bytes,zeek_conn.resp_ip_bytes,zeek_conn.resp_pkts,zeek_conn.tunnel_parents,zeek_conn.vlan,zeek_dce_rpc.endpoint,zeek_dce_rpc.named_pipe,zeek_dce_rpc.operation,zeek_dce_rpc.rtt,zeek_dhcp.assigned_ip,zeek_dhcp.lease_time,zeek_dhcp.mac,zeek_dhcp.trans_id,zeek_dnp3.fc_reply,zeek_dnp3.fc_request,zeek_dnp3.iin,zeek_dns.AA,zeek_dns.answers,zeek_dns.qclass,zeek_dns.qclass_name,zeek_dns.qtype,zeek_dns.qtype_name,zeek_dns.query,zeek_dns.RA,zeek_dns.rcode,zeek_dns.rcode_name,zeek_dns.RD,zeek_dns.rejected,zeek_dns.rtt,zeek_dns.TC,zeek_dns.trans_id,zeek_dns.TTLs,zeek_dns.Z,zeek_dpd.failure_reason,zeek_dpd.service,zeek_enip.command,zeek_enip.length,zeek_enip.options,zeek_enip.sender_context,zeek_enip.session_handle,zeek_enip.status,zeek_enip_list_identity.device_ip,zeek_enip_list_identity.device_type,zeek_enip_list_identity.product_code,zeek_enip_list_identity.product_name,zeek_enip_list_identity.revision,zeek_enip_list_identity.serial_number,zeek_enip_list_identity.state,zeek_enip_list_identity.status,zeek_enip_list_identity.vendor,zeek_files.analyzers,zeek_files.conn_uids,zeek_files.depth,zeek_files.duration,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size,zeek_files.filename,zeek_files.is_orig,zeek_files.local_orig,zeek_files.md5,zeek_files.mime_type,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.parent_fuid,zeek_files.rx_hosts,zeek_files.seen_bytes,zeek_files.sha1,zeek_files.sha256,zeek_files.source,zeek_files.timedout,zeek_files.total_bytes,zeek_files.tx_hosts,zeek_ftp.arg,zeek_ftp.command,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p,zeek_ftp.file_size,zeek_ftp.mime_type,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_gquic.cyu,zeek_gquic.cyutags,zeek_gquic.server_name,zeek_gquic.tag_count,zeek_gquic.user_agent,zeek_gquic.version,zeek_http.host,zeek_http.info_code,zeek_http.info_msg,zeek_http.method,zeek_http.orig_filenames,zeek_http.orig_fuids,zeek_http.orig_mime_types,zeek_http.origin,zeek_http.proxied,zeek_http.referrer,zeek_http.request_body_len,zeek_http.resp_filenames,zeek_http.resp_fuids,zeek_http.resp_mime_types,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.tags,zeek_http.trans_depth,zeek_http.uri,zeek_http.user_agent,zeek_http.version,zeek_intel.file_description,zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.matched,zeek_intel.mimetype,zeek_intel.seen_node,zeek_intel.seen_where,zeek_intel.sources,zeek_irc.addl,zeek_irc.command,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type,zeek_irc.nick,zeek_irc.value,zeek_iso_cotp.pdu_type,zeek_kerberos.cipher,zeek_kerberos.client_cert_fuid,zeek_kerberos.client_cert_subject,zeek_kerberos.cname,zeek_kerberos.error_msg,zeek_kerberos.forwardable,zeek_kerberos.from,zeek_kerberos.renewable,zeek_kerberos.server_cert_fuid,zeek_kerberos.server_cert_subject,zeek_kerberos.sname,zeek_kerberos.success,zeek_kerberos.till,zeek_known_certs.issuer_subject,zeek_known_certs.serial,zeek_known_certs.subject,zeek_known_modbus.device_type,zeek_ldap.message_id,zeek_ldap.operation,zeek_ldap.value,zeek_ldap.entry,zeek_ldap.result,zeek_ldap.result_code,zeek_ldap.error,zeek_modbus.exception,zeek_modbus.func,modbus_register_change.register,modbus_register_change.old_val,modbus_register_change.new_val,modbus_register_change.delta,zeek_mqtt_connect.client_id,zeek_mqtt_connect.connect_status,zeek_mqtt_connect.proto_name,zeek_mqtt_connect.proto_version,zeek_mqtt_connect.will_payload,zeek_mqtt_connect.will_topic,zeek_mqtt_publish.from_client,zeek_mqtt_publish.retain,zeek_mqtt_publish.qos,zeek_mqtt_publish.status,zeek_mqtt_publish.topic,zeek_mqtt_publish.payload,zeek_mqtt_publish.payload_len,zeek_mqtt_subscribe.action,zeek_mqtt_subscribe.topics,zeek_mqtt_subscribe.qos_levels,zeek_mqtt_subscribe.granted_qos_level,zeek_mqtt_subscribe.ack,zeek_mysql.arg,zeek_mysql.cmd,zeek_mysql.response,zeek_mysql.rows,zeek_mysql.success,zeek_notice.actions,zeek_notice.category,zeek_notice.dropped,zeek_notice.dst,zeek_notice.file_desc,zeek_notice.file_mime_type,zeek_notice.msg,zeek_notice.n,zeek_notice.note,zeek_notice.p,zeek_notice.peer_descr,zeek_notice.remote_location_city,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_country_code,zeek_notice.remote_location_latitude,zeek_notice.remote_location_longitude,zeek_notice.remote_location_region,zeek_notice.src,zeek_notice.sub,zeek_notice.sub_category,zeek_notice.suppress_for,zeek_ntlm.domain,zeek_ntlm.host,zeek_ntlm.status,zeek_ntlm.success,zeek_ntlm.server_nb_computer,zeek_ntlm.server_dns_computer,zeek_ntlm.server_tree,zeek_ntp.mode,zeek_ntp.mode_str,zeek_ntp.num_exts,zeek_ntp.org_time,zeek_ntp.poll,zeek_ntp.precision,zeek_ntp.rec_time,zeek_ntp.ref_id,zeek_ntp.ref_time,zeek_ntp.root_delay,zeek_ntp.root_disp,zeek_ntp.stratum,zeek_ntp.version,zeek_ntp.xmt_time,zeek_pe.compile_ts,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.has_export_table,zeek_pe.has_import_table,zeek_pe.is_64bit,zeek_pe.is_exe,zeek_pe.machine,zeek_pe.os,zeek_pe.section_names,zeek_pe.subsystem,zeek_pe.uses_aslr,zeek_pe.uses_code_integrity,zeek_pe.uses_dep,zeek_pe.uses_seh,zeek_profinet.block_version,zeek_profinet.index,zeek_profinet.operation_type,zeek_profinet.slot_number,zeek_profinet.subslot_number,zeek_profinet_dce_rpc.activity_uuid,zeek_profinet_dce_rpc.interface_uuid,zeek_profinet_dce_rpc.object_uuid,zeek_profinet_dce_rpc.operation,zeek_profinet_dce_rpc.packet_type,zeek_profinet_dce_rpc.server_boot_time,zeek_profinet_dce_rpc.version,zeek_radius.connect_info,zeek_radius.framed_addr,zeek_radius.mac,zeek_radius.tunnel_client,zeek_radius.reply_msg,zeek_radius.result,zeek_radius.ttl,zeek_rdp.cert_count,zeek_rdp.cert_permanent,zeek_rdp.cert_type,zeek_rdp.client_build,zeek_rdp.client_channels,zeek_rdp.client_dig_product_id,zeek_rdp.client_name,zeek_rdp.cookie,zeek_rdp.desktop_height,zeek_rdp.desktop_width,zeek_rdp.encryption_level,zeek_rdp.encryption_method,zeek_rdp.keyboard_layout,zeek_rdp.requested_color_depth,zeek_rdp.result,zeek_rdp.security_protocol,zeek_rfb.auth,zeek_rfb.authentication_method,zeek_rfb.client_major_version,zeek_rfb.client_minor_version,zeek_rfb.desktop_name,zeek_rfb.height,zeek_rfb.server_major_version,zeek_rfb.server_minor_version,zeek_rfb.share_flag,zeek_rfb.width,zeek_s7comm.data_info,zeek_s7comm.item_count,zeek_s7comm.parameter,zeek_s7comm.parameters.class,zeek_s7comm.parameters.code,zeek_s7comm.parameters.group,zeek_s7comm.parameters.mode,zeek_s7comm.parameters.sub,zeek_s7comm.parameters.type,zeek_s7comm.rosctr,zeek_signatures.engine,zeek_signatures.event_message,zeek_signatures.hits,zeek_signatures.host_count,zeek_signatures.note,zeek_signatures.signature_count,zeek_signatures.signature_id,zeek_signatures.sub_message,zeek_sip.call_id,zeek_sip.content_type,zeek_sip.date,zeek_sip.method,zeek_sip.reply_to,zeek_sip.request_body_len,zeek_sip.request_from,zeek_sip.request_path,zeek_sip.request_to,zeek_sip.response_body_len,zeek_sip.response_from,zeek_sip.response_path,zeek_sip.response_to,zeek_sip.seq,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.subject,zeek_sip.trans_depth,zeek_sip.uri,zeek_sip.user_agent,zeek_sip.warning,zeek_sip.version,zeek_smb_cmd.command,zeek_smb_cmd.sub_command,zeek_smb_cmd.argument,zeek_smb_cmd.status,zeek_smb_cmd.rtt,zeek_smb_cmd.version,zeek_smb_cmd.user,zeek_smb_cmd.tree,zeek_smb_cmd.tree_service,zeek_smb_files.action,zeek_smb_files.name,zeek_smb_files.path,zeek_smb_files.prev_name,zeek_smb_files.size,zeek_smb_files.times_accessed,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp,zeek_smb_files.times_created,zeek_smb_files.times_modified,zeek_smb_mapping.native_file_system,zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.share_type,zeek_smtp.cc,zeek_smtp.date,zeek_smtp.first_received,zeek_smtp.from,zeek_smtp.helo,zeek_smtp.in_reply_to,zeek_smtp.is_webmail,zeek_smtp.last_reply,zeek_smtp.mailfrom,zeek_smtp.msg_id,zeek_smtp.path,zeek_smtp.rcptto,zeek_smtp.reply_to,zeek_smtp.second_received,zeek_smtp.subject,zeek_smtp.tls,zeek_smtp.to,zeek_smtp.trans_depth,zeek_smtp.user_agent,zeek_smtp.x_originating_ip,zeek_snmp.community,zeek_snmp.display_string,zeek_snmp.duration,zeek_snmp.get_bulk_requests,zeek_snmp.get_requests,zeek_snmp.get_responses,zeek_snmp.set_requests,zeek_snmp.up_since,zeek_snmp.version,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.server_status,zeek_socks.version,zeek_software.name,zeek_software.software_type,zeek_software.unparsed_version,zeek_software.version_addl,zeek_software.version_major,zeek_software.version_minor,zeek_software.version_minor2,zeek_software.version_minor3,zeek_ssh.auth_attempts,zeek_ssh.auth_success,zeek_ssh.cipher_alg,zeek_ssh.client,zeek_ssh.compression_alg,zeek_ssh.cshka,zeek_ssh.direction,zeek_ssh.hassh,zeek_ssh.hasshAlgorithms,zeek_ssh.hasshServer,zeek_ssh.hasshServerAlgorithms,zeek_ssh.hasshVersion,zeek_ssh.host_key,zeek_ssh.host_key_alg,zeek_ssh.kex_alg,zeek_ssh.mac_alg,zeek_ssh.remote_location_city,zeek_ssh.remote_location_country_code,zeek_ssh.remote_location_latitude,zeek_ssh.remote_location_longitude,zeek_ssh.remote_location_region,zeek_ssh.server,zeek_ssh.sshka,zeek_ssh.version,zeek_ssl.cert_chain_fuids,zeek_ssl.cipher,zeek_ssl.client_cert_chain_fuids,zeek_ssl.client_issuer.C,zeek_ssl.client_issuer.CN,zeek_ssl.client_issuer.DC,zeek_ssl.client_issuer.emailAddress,zeek_ssl.client_issuer.GN,zeek_ssl.client_issuer.initials,zeek_ssl.client_issuer.L,zeek_ssl.client_issuer.O,zeek_ssl.client_issuer.OU,zeek_ssl.client_issuer.pseudonym,zeek_ssl.client_issuer.serialNumber,zeek_ssl.client_issuer.SN,zeek_ssl.client_issuer.ST,zeek_ssl.client_issuer.title,zeek_ssl.client_issuer_full,zeek_ssl.client_subject.C,zeek_ssl.client_subject.CN,zeek_ssl.client_subject.emailAddress,zeek_ssl.client_subject.GN,zeek_ssl.client_subject.initials,zeek_ssl.client_subject.L,zeek_ssl.client_subject.O,zeek_ssl.client_subject.OU,zeek_ssl.client_subject.pseudonym,zeek_ssl.client_subject.serialNumber,zeek_ssl.client_subject.SN,zeek_ssl.client_subject.ST,zeek_ssl.client_subject.title,zeek_ssl.client_subject_full,zeek_ssl.curve,zeek_ssl.established,zeek_ssl.issuer.C,zeek_ssl.issuer.CN,zeek_ssl.issuer.DC,zeek_ssl.issuer.emailAddress,zeek_ssl.issuer.GN,zeek_ssl.issuer.initials,zeek_ssl.issuer.L,zeek_ssl.issuer.O,zeek_ssl.issuer.OU,zeek_ssl.issuer.pseudonym,zeek_ssl.issuer.serialNumber,zeek_ssl.issuer.SN,zeek_ssl.issuer.ST,zeek_ssl.issuer.title,zeek_ssl.issuer_full,zeek_ssl.ja3,zeek_ssl.ja3_desc,zeek_ssl.ja3s,zeek_ssl.ja3s_desc,zeek_ssl.last_alert,zeek_ssl.next_protocol,zeek_ssl.resumed,zeek_ssl.server_name,zeek_ssl.ssl_version,zeek_ssl.subject.C,zeek_ssl.subject.CN,zeek_ssl.subject.emailAddress,zeek_ssl.subject.GN,zeek_ssl.subject.initials,zeek_ssl.subject.L,zeek_ssl.subject.O,zeek_ssl.subject.OU,zeek_ssl.subject.pseudonym,zeek_ssl.subject.serialNumber,zeek_ssl.subject.SN,zeek_ssl.subject.ST,zeek_ssl.subject.title,zeek_ssl.subject_full,zeek_ssl.validation_status,zeek_syslog.facility,zeek_syslog.message,zeek_syslog.severity,zeek_tds.command,zeek_tds_rpc.parameters,zeek_tds_rpc.procedure_name,zeek_tds_sql_batch.header_type,zeek_tds_sql_batch.query,zeek_tunnel.action,zeek_tunnel.tunnel_type,zeek_weird.addl,zeek_weird.name,zeek_weird.notice,zeek_weird.peer,zeek_x509.basic_constraints_ca,zeek_x509.basic_constraints_path_len,zeek_x509.certificate_curve,zeek_x509.certificate_exponent,zeek_x509.certificate_issuer.C,zeek_x509.certificate_issuer.CN,zeek_x509.certificate_issuer.emailAddress,zeek_x509.certificate_issuer.GN,zeek_x509.certificate_issuer.initials,zeek_x509.certificate_issuer.L,zeek_x509.certificate_issuer.O,zeek_x509.certificate_issuer.OU,zeek_x509.certificate_issuer.pseudonym,zeek_x509.certificate_issuer.serialNumber,zeek_x509.certificate_issuer.SN,zeek_x509.certificate_issuer.ST,zeek_x509.certificate_issuer.title,zeek_x509.certificate_issuer_full,zeek_x509.certificate_key_alg,zeek_x509.certificate_key_length,zeek_x509.certificate_key_type,zeek_x509.certificate_not_valid_after,zeek_x509.certificate_not_valid_before,zeek_x509.certificate_serial,zeek_x509.certificate_sig_alg,zeek_x509.certificate_subject.C,zeek_x509.certificate_subject.CN,zeek_x509.certificate_subject.DC,zeek_x509.certificate_subject.emailAddress,zeek_x509.certificate_subject.GN,zeek_x509.certificate_subject.initials,zeek_x509.certificate_subject.L,zeek_x509.certificate_subject.O,zeek_x509.certificate_subject.OU,zeek_x509.certificate_subject.pseudonym,zeek_x509.certificate_subject.serialNumber,zeek_x509.certificate_subject.SN,zeek_x509.certificate_subject.ST,zeek_x509.certificate_subject.title,zeek_x509.certificate_subject_full,zeek_x509.certificate_version,zeek_x509.san_dns,zeek_x509.san_email,zeek_x509.san_ip,zeek_x509.san_uri";
   this.api.addRightClick("malcolm_kibana_cat_ip",       {name:filterLabel, url:"idmol2kib/filter?start=%ISOSTART%&stop=%ISOSTOP%&field=%DBFIELD%&value=%TEXT%", category:"ip"});
   this.api.addRightClick("malcolm_kibana_cat_port",     {name:filterLabel, url:filterUrl, category:"port"});
   this.api.addRightClick("malcolm_kibana_cat_country",  {name:filterLabel, url:filterUrl, category:"country"});
@@ -891,7 +893,7 @@ function ZeekLogs (api, section) {
   this.api.addView("zeek_mqtt_publish", "require:zeek_mqtt_publish;title:Zeek mqtt_publish.log;fields:zeek_mqtt_publish.from_client,zeek_mqtt_publish.retain,zeek_mqtt_publish.qos,zeek_mqtt_publish.status,zeek_mqtt_publish.topic,zeek_mqtt_publish.payload,zeek_mqtt_publish.payload_len")
   this.api.addView("zeek_mqtt_subscribe", "require:zeek_mqtt_subscribe;title:Zeek mqtt_subscribe.log;fields:zeek_mqtt_subscribe.action,zeek_mqtt_subscribe.topics,zeek_mqtt_subscribe.qos_levels,zeek_mqtt_subscribe.granted_qos_level,zeek_mqtt_subscribe.ack")
   this.api.addView("zeek_mysql", "require:zeek_mysql;title:Zeek mysql.log;fields:zeek_mysql.cmd,zeek_mysql.arg,zeek_mysql.success,zeek_mysql.rows,zeek_mysql.response")
-  this.api.addView("zeek_notice", "require:zeek_notice;title:Zeek notice.log;fields:zeek_notice.file_mime_type,zeek_notice.file_desc,zeek_notice.note,zeek_notice.msg,zeek_notice.sub,zeek_notice.src,zeek_notice.dst,zeek_notice.p,zeek_notice.n,zeek_notice.peer_descr,zeek_notice.actions,zeek_notice.suppress_for,zeek_notice.dropped,zeek_notice.remote_location_country_code,zeek_notice.remote_location_region,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_longitude")
+  this.api.addView("zeek_notice", "require:zeek_notice;title:Zeek notice.log;fields:zeek_notice.file_mime_type,zeek_notice.file_desc,zeek_notice.note,zeek_notice.msg,zeek_notice.sub,zeek_notice.src,zeek_notice.dst,zeek_notice.p,zeek_notice.n,zeek_notice.peer_descr,zeek_notice.actions,zeek_notice.suppress_for,zeek_notice.dropped,zeek_notice.remote_location_country_code,zeek_notice.remote_location_region,zeek_notice.remote_location_cityremote_location_latitude,zeek_notice.remote_location_longitude,zeek_notice.category,zeek_notice.sub_category")
   this.api.addView("zeek_ntlm", "require:zeek_ntlm;title:Zeek ntlm.log;fields:zeek_ntlm.host,zeek_ntlm.domain,zeek_ntlm.success,zeek_ntlm.status,zeek_ntlm.server_nb_computer,zeek_ntlm.server_dns_computer,zeek_ntlm.server_tree")
   this.api.addView("zeek_ntp", "require:zeek_ntp;title:Zeek ntp.log;fields:zeek_ntp.version,zeek_ntp.mode,zeek_ntp.mode_str,zeek_ntp.stratum,zeek_ntp.poll,zeek_ntp.precision,zeek_ntp.root_delay,zeek_ntp.root_disp,zeek_ntp.ref_id,zeek_ntp.ref_time,zeek_ntp.org_time,zeek_ntp.rec_time,zeek_ntp.xmt_time,zeek_ntp.num_exts")
   this.api.addView("zeek_pe", "require:zeek_pe;title:Zeek pe.log;fields:zeek_pe.machine,zeek_pe.compile_ts,zeek_pe.os,zeek_pe.subsystem,zeek_pe.is_exe,zeek_pe.is_64bit,zeek_pe.uses_aslr,zeek_pe.uses_dep,zeek_pe.uses_code_integrity,zeek_pe.uses_seh,zeek_pe.has_import_table,zeek_pe.has_export_table,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.section_names")

From 1098e5515d6958b155368afa8aa714e3d8cbf325 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 12 Feb 2020 16:27:10 -0700
Subject: [PATCH 088/183] tweak connections view

---
 .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json |  32 ++-
 .../0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json |  32 ++-
 .../1ce42250-3f99-11e9-a58e-8bdedb0915e8.json |  32 ++-
 .../39abfe30-3f99-11e9-a58e-8bdedb0915e8.json |  32 ++-
 .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json |  32 ++-
 .../55e332d0-3f99-11e9-a58e-8bdedb0915e8.json |  32 ++-
 .../60d78fbd-471c-4f59-a9e3-189b33a13644.json |  32 ++-
 .../77fc9960-3f99-11e9-a58e-8bdedb0915e8.json |  32 ++-
 .../95479950-41f2-11ea-88fa-7151df485405.json |  32 ++-
 .../a16110b0-3f99-11e9-a58e-8bdedb0915e8.json |  32 ++-
 .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json | 270 +++++++++---------
 .../b50c8d17-6ed3-4de6-aed4-5181032810b2.json |  32 ++-
 .../b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json |  32 ++-
 .../d41fe630-3f98-11e9-a58e-8bdedb0915e8.json |  32 ++-
 .../d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json |  32 ++-
 .../e09a4b86-29b5-4256-bb3b-802ac9f90404.json |  32 ++-
 .../ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json |  32 ++-
 .../f394057d-1b16-4174-b994-7045f423a416.json |  32 ++-
 18 files changed, 425 insertions(+), 389 deletions(-)

diff --git a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index 446ab5a41..079b4d53e 100644
--- a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -318,30 +318,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-04T14:21:01.381Z",
-      "version": "Wzc2MywxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
index 42159a68a..1379741fc 100644
--- a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
+++ b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index 4fe24901e..3798079d1 100644
--- a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index 2e3a08ff7..4eea985d4 100644
--- a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
index 89ab82324..f3e763b8e 100644
--- a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
+++ b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
@@ -384,30 +384,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-07T16:19:03.276Z",
-      "version": "Wzc3NywxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index 001f54063..377e4f1e7 100644
--- a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
index ac44b0693..0c723973c 100644
--- a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
+++ b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index e32fcc986..d64d1f39c 100644
--- a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index dd31da9f5..539e6547b 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -442,30 +442,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-04T14:21:01.381Z",
-      "version": "Wzc2MywxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index a50193ee0..21584f2d6 100644
--- a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index 37f2820fb..aa8856ecb 100644
--- a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -4,13 +4,13 @@
     {
       "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4",
       "type": "dashboard",
-      "updated_at": "2020-02-07T16:35:58.688Z",
-      "version": "WzgxNiwxXQ==",
+      "updated_at": "2020-02-12T23:24:16.730Z",
+      "version": "WzgzOCwxXQ==",
       "attributes": {
         "title": "Connections",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":134,\"w\":16,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":134,\"w\":16,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":195,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":195,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":195,\"w\":16,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":20,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":215,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"srcPort\",\"dstIp\",\"dstPort\",\"zeek.uid\",\"_id\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":91,\"w\":19,\"h\":7,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":19,\"y\":73,\"w\":29,\"h\":25,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":134,\"w\":16,\"h\":21,\"i\":\"31\"},\"panelIndex\":\"31\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":175,\"w\":24,\"h\":20,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_18\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":175,\"w\":24,\"h\":20,\"i\":\"33\"},\"panelIndex\":\"33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_19\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":155,\"w\":24,\"h\":20,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{},\"panelRefName\":\"panel_20\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":155,\"w\":24,\"h\":20,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{},\"panelRefName\":\"panel_21\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":25,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{},\"panelRefName\":\"panel_22\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":25,\"i\":\"37\"},\"panelIndex\":\"37\",\"embeddableConfig\":{},\"panelRefName\":\"panel_23\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":19,\"h\":18,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_24\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":8,\"h\":14,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\"},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"embeddableConfig\":{},\"panelRefName\":\"panel_25\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"h\":24,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":61},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":16,\"x\":0,\"y\":131},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":21,\"i\":\"9\",\"w\":16,\"x\":16,\"y\":131},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":192},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":192},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":192},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":25,\"i\":\"19\",\"w\":25,\"x\":23,\"y\":106},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":29,\"i\":\"21\",\"w\":19,\"x\":29,\"y\":8},\"panelIndex\":\"21\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":23,\"i\":\"22\",\"w\":17,\"x\":16,\"y\":83},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":23,\"i\":\"23\",\"w\":15,\"x\":33,\"y\":83},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":23,\"i\":\"24\",\"w\":16,\"x\":0,\"y\":83},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":13,\"i\":\"26\",\"w\":8,\"x\":0,\"y\":24},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":8,\"i\":\"29\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":25,\"i\":\"30\",\"w\":23,\"x\":0,\"y\":106},\"panelIndex\":\"30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":21,\"i\":\"31\",\"w\":16,\"x\":32,\"y\":131},\"panelIndex\":\"31\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"32\",\"w\":24,\"x\":0,\"y\":172},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"33\",\"w\":24,\"x\":24,\"y\":172},\"panelIndex\":\"33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_18\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"34\",\"w\":24,\"x\":0,\"y\":152},\"panelIndex\":\"34\",\"embeddableConfig\":{},\"panelRefName\":\"panel_19\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"35\",\"w\":24,\"x\":24,\"y\":152},\"panelIndex\":\"35\",\"embeddableConfig\":{},\"panelRefName\":\"panel_20\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":24,\"i\":\"36\",\"w\":24,\"x\":0,\"y\":37},\"panelIndex\":\"36\",\"embeddableConfig\":{},\"panelRefName\":\"panel_21\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":24,\"i\":\"37\",\"w\":24,\"x\":24,\"y\":37},\"panelIndex\":\"37\",\"embeddableConfig\":{},\"panelRefName\":\"panel_22\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":29,\"i\":\"38\",\"w\":12,\"x\":17,\"y\":8},\"panelIndex\":\"38\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"legendOpen\":true},\"panelRefName\":\"panel_23\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":29,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"w\":9,\"x\":8,\"y\":8},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"embeddableConfig\":{},\"panelRefName\":\"panel_24\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":37,\"i\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"w\":48,\"x\":0,\"y\":212},\"panelIndex\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_25\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -86,68 +86,68 @@
         },
         {
           "name": "panel_13",
-          "type": "search",
-          "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
+          "type": "visualization",
+          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
         },
         {
           "name": "panel_14",
           "type": "visualization",
-          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
+          "id": "AWDG71xFxQT5EBNmq336"
         },
         {
           "name": "panel_15",
           "type": "visualization",
-          "id": "AWDG71xFxQT5EBNmq336"
+          "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0"
         },
         {
           "name": "panel_16",
           "type": "visualization",
-          "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0"
+          "id": "568c74ff-3ef3-45ba-a178-0520633697bd"
         },
         {
           "name": "panel_17",
           "type": "visualization",
-          "id": "568c74ff-3ef3-45ba-a178-0520633697bd"
+          "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b"
         },
         {
           "name": "panel_18",
           "type": "visualization",
-          "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b"
+          "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b"
         },
         {
           "name": "panel_19",
           "type": "visualization",
-          "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b"
+          "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b"
         },
         {
           "name": "panel_20",
           "type": "visualization",
-          "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b"
+          "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b"
         },
         {
           "name": "panel_21",
           "type": "visualization",
-          "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b"
+          "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b"
         },
         {
           "name": "panel_22",
           "type": "visualization",
-          "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b"
+          "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b"
         },
         {
           "name": "panel_23",
           "type": "visualization",
-          "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b"
+          "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b"
         },
         {
           "name": "panel_24",
           "type": "visualization",
-          "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b"
+          "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e"
         },
         {
           "name": "panel_25",
-          "type": "visualization",
-          "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e"
+          "type": "search",
+          "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
       "migrationVersion": {
@@ -157,8 +157,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:19:05.328Z",
-      "version": "Wzc5NCwxXQ==",
+      "updated_at": "2020-02-12T22:17:04.378Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -177,8 +177,8 @@
     {
       "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYxNCwxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYxOSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -204,8 +204,8 @@
     {
       "id": "52013c7c-c554-450e-9198-dbafdc050459",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYxNSwxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYyMCwxXQ==",
       "attributes": {
         "title": "Connections - Service By Destination Country",
         "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.service\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}",
@@ -231,8 +231,8 @@
     {
       "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYxNiwxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYyMSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -258,8 +258,8 @@
     {
       "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYxNywxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYyMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -285,8 +285,8 @@
     {
       "id": "d25f4abc-24af-405e-a6f6-873277fe5771",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYxOCwxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYyMywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.source_geo.country_code2\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}",
         "description": "",
@@ -312,8 +312,8 @@
     {
       "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYxOSwxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYyNCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_conn.resp_bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}",
         "description": "",
@@ -339,8 +339,8 @@
     {
       "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYyMCwxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYyNSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_conn.missed_bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}",
         "description": "",
@@ -366,13 +366,13 @@
     {
       "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYyMSwxXQ==",
+      "updated_at": "2020-02-12T23:15:34.955Z",
+      "version": "WzgyNSwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_conn.conn_state_description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection State Description\"}}],\"listeners\":{}}",
-        "description": "",
         "title": "Connections - Connection State",
+        "visState": "{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Connection State Description\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_conn.conn_state_description\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State Description\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -381,8 +381,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -393,13 +393,13 @@
     {
       "id": "73528008-f11d-4faa-8f69-a5bf23507b8f",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYyMiwxXQ==",
+      "updated_at": "2020-02-12T23:05:22.182Z",
+      "version": "WzgxNiwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.uid\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.uid\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}}],\"listeners\":{}}",
-        "description": "",
         "title": "Connections - Top 10 - Total Bytes By Connection",
-        "uiStateJSON": "{}",
+        "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.uid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.uid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -408,8 +408,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -420,13 +420,13 @@
     {
       "id": "faa08629-0011-4b38-8b74-3ba86b59155f",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYyMywxXQ==",
+      "updated_at": "2020-02-12T23:11:06.696Z",
+      "version": "WzgyMiwxXQ==",
       "attributes": {
-        "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"totBytes\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"dstIp\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"dstIp\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":20},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\"}",
-        "description": "",
         "title": "Connections - Top 10 - Total Bytes By Destination IP",
+        "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}",
         "uiStateJSON": "{}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -435,8 +435,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -447,13 +447,13 @@
     {
       "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYyNCwxXQ==",
+      "updated_at": "2020-02-12T23:11:52.925Z",
+      "version": "WzgyMywxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max totBytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}",
-        "description": "",
         "title": "Connections - Top 10 - Total Bytes By Destination Port",
+        "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max totBytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Max totBytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dstPort\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstPort\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}",
         "uiStateJSON": "{}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -462,8 +462,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -474,13 +474,13 @@
     {
       "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYyNSwxXQ==",
+      "updated_at": "2020-02-12T23:10:07.685Z",
+      "version": "WzgxOSwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}",
-        "description": "",
         "title": "Connections - Top 10 - Total Bytes By Source IP",
+        "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}}]}",
         "uiStateJSON": "{}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -489,8 +489,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -498,58 +498,19 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
-      "type": "search",
-      "updated_at": "2020-02-07T16:19:03.276Z",
-      "version": "Wzc3NywxXQ==",
-      "attributes": {
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYyNywxXQ==",
+      "updated_at": "2020-02-12T23:18:28.303Z",
+      "version": "WzgyOCwxXQ==",
       "attributes": {
         "title": "Connections - Maps",
-        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) | [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327)   \\n[Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) | [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644)   \\n[Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) | [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) | [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8)   \\n[Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) | [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8)   \\n[Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) | [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
         }
       },
       "references": [],
@@ -560,8 +521,8 @@
     {
       "id": "AWDG71xFxQT5EBNmq336",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYyOCwxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYzMywxXQ==",
       "attributes": {
         "title": "Connections - Log Count",
         "visState": "{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -587,8 +548,8 @@
     {
       "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYyOSwxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYzNCwxXQ==",
       "attributes": {
         "title": "Connections - Total Bytes Per Source/Destination IP Pair",
         "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"totBytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"srcIp\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"totBytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"dstIp\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"totBytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":15,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}",
@@ -614,8 +575,8 @@
     {
       "id": "568c74ff-3ef3-45ba-a178-0520633697bd",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYzMCwxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYzNSwxXQ==",
       "attributes": {
         "title": "Connections - Destination Port",
         "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}",
@@ -641,8 +602,8 @@
     {
       "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYzMSwxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYzNiwxXQ==",
       "attributes": {
         "title": "Connections - Source MAC OUI",
         "visState": "{\"title\":\"Connections - Source MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.orig_l2_oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}",
@@ -668,8 +629,8 @@
     {
       "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYzMiwxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYzNywxXQ==",
       "attributes": {
         "title": "Connections - Destination MAC OUI",
         "visState": "{\"title\":\"Connections - Destination MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.resp_l2_oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}",
@@ -695,8 +656,8 @@
     {
       "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYzMywxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYzOCwxXQ==",
       "attributes": {
         "title": "Connections - Source MAC Address",
         "visState": "{\"title\":\"Connections - Source MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcMac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcOui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}",
@@ -722,8 +683,8 @@
     {
       "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYzNCwxXQ==",
+      "updated_at": "2020-02-12T22:16:47.983Z",
+      "version": "WzYzOSwxXQ==",
       "attributes": {
         "title": "Connections - Destination MAC Address",
         "visState": "{\"title\":\"Connections - Destination MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstMac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstOui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}",
@@ -749,11 +710,11 @@
     {
       "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYzNSwxXQ==",
+      "updated_at": "2020-02-12T23:03:16.658Z",
+      "version": "WzgxMiwxXQ==",
       "attributes": {
         "title": "Connections - Top 10 - Total Bytes By Source MAC OUI",
-        "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcOui\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"srcOui\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}",
+        "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcOui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"srcOui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -764,8 +725,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -776,11 +737,11 @@
     {
       "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYzNiwxXQ==",
+      "updated_at": "2020-02-12T23:04:08.623Z",
+      "version": "WzgxNCwxXQ==",
       "attributes": {
         "title": "Connections - Top 10 - Total Bytes By Destination MAC OUI",
-        "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstOui\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dstOui\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}",
+        "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstOui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dstOui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -791,8 +752,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -803,12 +764,12 @@
     {
       "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:18:47.877Z",
-      "version": "WzYzNywxXQ==",
+      "updated_at": "2020-02-12T23:21:45.676Z",
+      "version": "WzgzNCwxXQ==",
       "attributes": {
         "title": "Connections - Protocol",
-        "visState": "{\"title\":\"Connections - Protocol\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.proto\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
-        "uiStateJSON": "{}",
+        "visState": "{\"title\":\"Connections - Protocol\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.proto\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -818,8 +779,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -830,12 +791,12 @@
     {
       "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e",
       "type": "visualization",
-      "updated_at": "2020-02-07T16:34:15.061Z",
-      "version": "WzgxMywxXQ==",
+      "updated_at": "2020-02-12T23:21:07.483Z",
+      "version": "WzgzMiwxXQ==",
       "attributes": {
         "title": "Network Layer",
-        "visState": "{\"title\":\"Network Layer\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Layer\"}}]}",
-        "uiStateJSON": "{}",
+        "visState": "{\"title\":\"Network Layer\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Network Layer\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Layer\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -853,6 +814,47 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
+      "type": "search",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
+      "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
index 805148564..f96a027e6 100644
--- a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
+++ b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index 41ea06809..ec54663a9 100644
--- a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index 2a809b767..4965a0147 100644
--- a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
index 87df2b12e..ce49bace2 100644
--- a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
+++ b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
index c2647b6c2..25625ffaa 100644
--- a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
+++ b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index 683c73e02..3b30d08a9 100644
--- a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {
diff --git a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
index f09acfefa..1c658d8ec 100644
--- a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
+++ b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
@@ -84,30 +84,32 @@
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MSwxXQ==",
+      "updated_at": "2020-02-12T22:48:55.398Z",
+      "version": "WzgwMiwxXQ==",
       "attributes": {
+        "title": "Connections - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek.proto",
+          "zeek.service",
+          "srcIp",
+          "srcPort",
+          "dstIp",
+          "dstPort",
+          "totBytes",
+          "zeek.uid"
+        ],
         "sort": [
           [
             "firstPacket",
             "desc"
           ]
         ],
-        "hits": 0,
-        "description": "",
-        "title": "Connections - Logs",
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "columns": [
-          "srcIp",
-          "srcPort",
-          "dstIp",
-          "dstPort",
-          "zeek.uid",
-          "_id"
-        ]
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:conn\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
       },
       "references": [
         {

From 21444ac7e72bd2856ce6aaffb81e1a70d8716a22 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 13 Feb 2020 08:42:25 -0700
Subject: [PATCH 089/183] improved maps

---
 .../0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json | 86 +++++++++++++++--
 .../1ce42250-3f99-11e9-a58e-8bdedb0915e8.json | 92 ++++++++++++++++---
 .../39abfe30-3f99-11e9-a58e-8bdedb0915e8.json | 92 ++++++++++++++++---
 .../60d78fbd-471c-4f59-a9e3-189b33a13644.json | 86 +++++++++++++++--
 .../77fc9960-3f99-11e9-a58e-8bdedb0915e8.json | 86 +++++++++++++++--
 .../a16110b0-3f99-11e9-a58e-8bdedb0915e8.json | 92 ++++++++++++++++---
 .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json |  2 +-
 .../b50c8d17-6ed3-4de6-aed4-5181032810b2.json | 86 +++++++++++++++--
 .../b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json | 92 ++++++++++++++++---
 .../d41fe630-3f98-11e9-a58e-8bdedb0915e8.json | 92 ++++++++++++++++---
 .../d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json | 86 +++++++++++++++--
 .../e09a4b86-29b5-4256-bb3b-802ac9f90404.json | 86 +++++++++++++++--
 .../f394057d-1b16-4174-b994-7045f423a416.json | 86 +++++++++++++++--
 13 files changed, 928 insertions(+), 136 deletions(-)

diff --git a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
index 1379741fc..599e6309e 100644
--- a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
+++ b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
@@ -4,18 +4,18 @@
     {
       "id": "0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:09.090Z",
-      "version": "WzU4LDFd",
+      "updated_at": "2020-02-13T15:36:58.939Z",
+      "version": "WzkzMiwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Top Connection Duration",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"mapCenter\":[39.639537564366684,0.17578125],\"mapZoom\":2}},{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"2e33c0bf-ffb8-408b-ab32-0c6539074ea6\"},\"panelIndex\":\"2e33c0bf-ffb8-408b-ab32-0c6539074ea6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"92ba4d29-ba43-4806-b545-79f60788c795\"},\"panelIndex\":\"92ba4d29-ba43-4806-b545-79f60788c795\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -28,6 +28,16 @@
           "name": "panel_1",
           "type": "visualization",
           "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
         }
       ],
       "migrationVersion": {
@@ -37,8 +47,8 @@
     {
       "id": "53854a54-2b8b-474e-a36c-bce80276004e",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:09.090Z",
-      "version": "WzU1LDFd",
+      "updated_at": "2020-02-13T14:16:09.737Z",
+      "version": "WzEyMCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Destination - Top Connection Duration\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}",
         "description": "",
@@ -64,8 +74,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-13T14:17:04.192Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -81,11 +91,67 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49",
+      "type": "visualization",
+      "updated_at": "2020-02-13T15:17:58.982Z",
+      "version": "Wzg5NywxXQ==",
+      "attributes": {
+        "title": "Connections - Protocol Filters",
+        "visState": "{\"title\":\"Connections - Protocol Filters\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1581606976709\",\"fieldName\":\"network.type\",\"parent\":\"\",\"label\":\"Network Layer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1581606723028\",\"fieldName\":\"zeek.proto\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1581606665268\",\"fieldName\":\"zeek.service\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [
+        {
+          "name": "control_0_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_1_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_2_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
+      "type": "visualization",
+      "updated_at": "2020-02-13T14:16:47.803Z",
+      "version": "WzYzMSwxXQ==",
+      "attributes": {
+        "title": "Connections - Maps",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-12T22:48:55.398Z",
-      "version": "WzgwMiwxXQ==",
+      "updated_at": "2020-02-13T14:17:02.148Z",
+      "version": "Wzc2MCwxXQ==",
       "attributes": {
         "title": "Connections - Logs",
         "description": "",
diff --git a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index 3798079d1..ec1fee9fd 100644
--- a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -4,18 +4,18 @@
     {
       "id": "1ce42250-3f99-11e9-a58e-8bdedb0915e8",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:14.289Z",
-      "version": "WzExNCwxXQ==",
+      "updated_at": "2020-02-13T15:37:31.784Z",
+      "version": "WzkzNSwxXQ==",
       "attributes": {
         "title": "Connections - Source - Sum of Total Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"5cf06729-4907-4824-a561-a3c50a23136c\"},\"panelIndex\":\"5cf06729-4907-4824-a561-a3c50a23136c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"b397c221-819d-4fdd-b3e1-3a424d643ef0\"},\"panelIndex\":\"b397c221-819d-4fdd-b3e1-3a424d643ef0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"
         }
       },
       "references": [
@@ -28,6 +28,16 @@
           "name": "panel_1",
           "type": "visualization",
           "id": "997269c0-3f95-11e9-a58e-8bdedb0915e8"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
         }
       ],
       "migrationVersion": {
@@ -37,8 +47,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-13T14:17:04.192Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -57,12 +67,12 @@
     {
       "id": "997269c0-3f95-11e9-a58e-8bdedb0915e8",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:14.289Z",
-      "version": "WzExMiwxXQ==",
+      "updated_at": "2020-02-13T14:48:48.478Z",
+      "version": "Wzg3OCwxXQ==",
       "attributes": {
         "title": "Connections - Source - Sum of Total Bytes (region map)",
-        "visState": "{\"title\":\"Connections - Source - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
-        "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
+        "visState": "{\"title\":\"Connections - Source - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.maptiler.com\\\">MapTiler</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a>\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"sum\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
+        "uiStateJSON": "{\"mapCenter\":[37.87063517566466,16.347656250000004],\"mapZoom\":3}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -72,8 +82,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -81,11 +91,67 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49",
+      "type": "visualization",
+      "updated_at": "2020-02-13T15:17:58.982Z",
+      "version": "Wzg5NywxXQ==",
+      "attributes": {
+        "title": "Connections - Protocol Filters",
+        "visState": "{\"title\":\"Connections - Protocol Filters\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1581606976709\",\"fieldName\":\"network.type\",\"parent\":\"\",\"label\":\"Network Layer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1581606723028\",\"fieldName\":\"zeek.proto\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1581606665268\",\"fieldName\":\"zeek.service\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [
+        {
+          "name": "control_0_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_1_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_2_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
+      "type": "visualization",
+      "updated_at": "2020-02-13T14:16:47.803Z",
+      "version": "WzYzMSwxXQ==",
+      "attributes": {
+        "title": "Connections - Maps",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-12T22:48:55.398Z",
-      "version": "WzgwMiwxXQ==",
+      "updated_at": "2020-02-13T14:17:02.148Z",
+      "version": "Wzc2MCwxXQ==",
       "attributes": {
         "title": "Connections - Logs",
         "description": "",
diff --git a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index 4eea985d4..f67191346 100644
--- a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -4,18 +4,18 @@
     {
       "id": "39abfe30-3f99-11e9-a58e-8bdedb0915e8",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:23.645Z",
-      "version": "WzIxNiwxXQ==",
+      "updated_at": "2020-02-13T15:37:58.499Z",
+      "version": "WzkzNywxXQ==",
       "attributes": {
         "title": "Connections - Source - Top Connection Duration (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"2ed3d708-31cc-4504-87da-63a315c76e76\"},\"panelIndex\":\"2ed3d708-31cc-4504-87da-63a315c76e76\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"35ff09b6-1039-4b4e-9469-296245630598\"},\"panelIndex\":\"35ff09b6-1039-4b4e-9469-296245630598\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"
         }
       },
       "references": [
@@ -28,6 +28,16 @@
           "name": "panel_1",
           "type": "visualization",
           "id": "af00a490-3f96-11e9-a58e-8bdedb0915e8"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
         }
       ],
       "migrationVersion": {
@@ -37,8 +47,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-13T14:17:04.192Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -57,12 +67,12 @@
     {
       "id": "af00a490-3f96-11e9-a58e-8bdedb0915e8",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:23.645Z",
-      "version": "WzIxNCwxXQ==",
+      "updated_at": "2020-02-13T14:47:44.795Z",
+      "version": "Wzg3NCwxXQ==",
       "attributes": {
         "title": "Connections - Source - Top Connection Duration (region map)",
-        "visState": "{\"title\":\"Connections - Source - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
-        "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
+        "visState": "{\"title\":\"Connections - Source - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.maptiler.com\\\">MapTiler</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a>\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Longest Session (seconds)\",\"aggType\":\"max\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
+        "uiStateJSON": "{\"mapCenter\":[37.17328344112096,15.644531250000002],\"mapZoom\":3}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -72,8 +82,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -81,11 +91,67 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49",
+      "type": "visualization",
+      "updated_at": "2020-02-13T15:17:58.982Z",
+      "version": "Wzg5NywxXQ==",
+      "attributes": {
+        "title": "Connections - Protocol Filters",
+        "visState": "{\"title\":\"Connections - Protocol Filters\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1581606976709\",\"fieldName\":\"network.type\",\"parent\":\"\",\"label\":\"Network Layer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1581606723028\",\"fieldName\":\"zeek.proto\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1581606665268\",\"fieldName\":\"zeek.service\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [
+        {
+          "name": "control_0_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_1_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_2_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
+      "type": "visualization",
+      "updated_at": "2020-02-13T14:16:47.803Z",
+      "version": "WzYzMSwxXQ==",
+      "attributes": {
+        "title": "Connections - Maps",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-12T22:48:55.398Z",
-      "version": "WzgwMiwxXQ==",
+      "updated_at": "2020-02-13T14:17:02.148Z",
+      "version": "Wzc2MCwxXQ==",
       "attributes": {
         "title": "Connections - Logs",
         "description": "",
diff --git a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
index 0c723973c..9c57bad1a 100644
--- a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
+++ b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
@@ -4,18 +4,18 @@
     {
       "id": "60d78fbd-471c-4f59-a9e3-189b33a13644",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:30.834Z",
-      "version": "WzI4MSwxXQ==",
+      "updated_at": "2020-02-13T15:36:32.331Z",
+      "version": "WzkzMCwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Sum of Total Bytes",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"mapCenter\":[24.846565348219734,0.087890625],\"mapZoom\":2}},{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":39,\"h\":50,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"185e3f31-3f18-4df8-93c1-617c0323f051\"},\"panelIndex\":\"185e3f31-3f18-4df8-93c1-617c0323f051\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"887a57e9-3078-4fe1-9ea9-0ee63abe554f\"},\"panelIndex\":\"887a57e9-3078-4fe1-9ea9-0ee63abe554f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"
         }
       },
       "references": [
@@ -28,6 +28,16 @@
           "name": "panel_1",
           "type": "visualization",
           "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
         }
       ],
       "migrationVersion": {
@@ -37,8 +47,8 @@
     {
       "id": "7fe0a885-b172-48b9-ac34-0c8e8d5c2f82",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:30.834Z",
-      "version": "WzI3OCwxXQ==",
+      "updated_at": "2020-02-13T14:16:32.344Z",
+      "version": "WzQ2MCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Destination - Sum of Total Bytes\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}",
         "description": "",
@@ -64,8 +74,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-13T14:17:04.192Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -81,11 +91,67 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49",
+      "type": "visualization",
+      "updated_at": "2020-02-13T15:17:58.982Z",
+      "version": "Wzg5NywxXQ==",
+      "attributes": {
+        "title": "Connections - Protocol Filters",
+        "visState": "{\"title\":\"Connections - Protocol Filters\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1581606976709\",\"fieldName\":\"network.type\",\"parent\":\"\",\"label\":\"Network Layer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1581606723028\",\"fieldName\":\"zeek.proto\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1581606665268\",\"fieldName\":\"zeek.service\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [
+        {
+          "name": "control_0_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_1_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_2_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
+      "type": "visualization",
+      "updated_at": "2020-02-13T14:16:47.803Z",
+      "version": "WzYzMSwxXQ==",
+      "attributes": {
+        "title": "Connections - Maps",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-12T22:48:55.398Z",
-      "version": "WzgwMiwxXQ==",
+      "updated_at": "2020-02-13T14:17:02.148Z",
+      "version": "Wzc2MCwxXQ==",
       "attributes": {
         "title": "Connections - Logs",
         "description": "",
diff --git a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index d64d1f39c..84adc68f9 100644
--- a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -4,18 +4,18 @@
     {
       "id": "77fc9960-3f99-11e9-a58e-8bdedb0915e8",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:33.914Z",
-      "version": "WzMwMiwxXQ==",
+      "updated_at": "2020-02-13T15:37:23.331Z",
+      "version": "WzkzNCwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Responder Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"18ef74a3-0457-4cdd-acdc-2c0d967c4b7c\"},\"panelIndex\":\"18ef74a3-0457-4cdd-acdc-2c0d967c4b7c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"bf8d1e0a-e6dd-4ea2-8466-220565d99081\"},\"panelIndex\":\"bf8d1e0a-e6dd-4ea2-8466-220565d99081\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"
         }
       },
       "references": [
@@ -28,6 +28,16 @@
           "name": "panel_1",
           "type": "visualization",
           "id": "54431ec0-3f96-11e9-a58e-8bdedb0915e8"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
         }
       ],
       "migrationVersion": {
@@ -37,8 +47,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-13T14:17:04.192Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -57,8 +67,8 @@
     {
       "id": "54431ec0-3f96-11e9-a58e-8bdedb0915e8",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:33.914Z",
-      "version": "WzMwMCwxXQ==",
+      "updated_at": "2020-02-13T14:16:35.430Z",
+      "version": "WzQ4MiwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Responder Bytes (region map)",
         "visState": "{\"title\":\"Connections - Destination - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.resp_bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
@@ -81,11 +91,67 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49",
+      "type": "visualization",
+      "updated_at": "2020-02-13T15:17:58.982Z",
+      "version": "Wzg5NywxXQ==",
+      "attributes": {
+        "title": "Connections - Protocol Filters",
+        "visState": "{\"title\":\"Connections - Protocol Filters\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1581606976709\",\"fieldName\":\"network.type\",\"parent\":\"\",\"label\":\"Network Layer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1581606723028\",\"fieldName\":\"zeek.proto\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1581606665268\",\"fieldName\":\"zeek.service\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [
+        {
+          "name": "control_0_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_1_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_2_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
+      "type": "visualization",
+      "updated_at": "2020-02-13T14:16:47.803Z",
+      "version": "WzYzMSwxXQ==",
+      "attributes": {
+        "title": "Connections - Maps",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-12T22:48:55.398Z",
-      "version": "WzgwMiwxXQ==",
+      "updated_at": "2020-02-13T14:17:02.148Z",
+      "version": "Wzc2MCwxXQ==",
       "attributes": {
         "title": "Connections - Logs",
         "description": "",
diff --git a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index 21584f2d6..cf30b91ab 100644
--- a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -4,18 +4,18 @@
     {
       "id": "a16110b0-3f99-11e9-a58e-8bdedb0915e8",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:43.143Z",
-      "version": "WzQwNCwxXQ==",
+      "updated_at": "2020-02-13T15:37:51.002Z",
+      "version": "WzkzNiwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Sum of Total Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"95f9b964-c2a2-416b-9903-8b969247e1ab\"},\"panelIndex\":\"95f9b964-c2a2-416b-9903-8b969247e1ab\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"7f315dd1-7809-49af-bed1-edfa12322240\"},\"panelIndex\":\"7f315dd1-7809-49af-bed1-edfa12322240\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"
         }
       },
       "references": [
@@ -28,6 +28,16 @@
           "name": "panel_1",
           "type": "visualization",
           "id": "304de8c0-3f95-11e9-a58e-8bdedb0915e8"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
         }
       ],
       "migrationVersion": {
@@ -37,8 +47,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-13T14:17:04.192Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -57,12 +67,12 @@
     {
       "id": "304de8c0-3f95-11e9-a58e-8bdedb0915e8",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:43.143Z",
-      "version": "WzQwMiwxXQ==",
+      "updated_at": "2020-02-13T14:48:28.279Z",
+      "version": "Wzg3NywxXQ==",
       "attributes": {
         "title": "Connections - Destination - Sum of Total Bytes (region map)",
-        "visState": "{\"title\":\"Connections - Destination - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
-        "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
+        "visState": "{\"title\":\"Connections - Destination - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.maptiler.com\\\">MapTiler</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a>\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"sum\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Responder Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
+        "uiStateJSON": "{\"mapCenter\":[38.14774734584061,16.699218750000004],\"mapZoom\":3}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -72,8 +82,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -81,11 +91,67 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49",
+      "type": "visualization",
+      "updated_at": "2020-02-13T15:17:58.982Z",
+      "version": "Wzg5NywxXQ==",
+      "attributes": {
+        "title": "Connections - Protocol Filters",
+        "visState": "{\"title\":\"Connections - Protocol Filters\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1581606976709\",\"fieldName\":\"network.type\",\"parent\":\"\",\"label\":\"Network Layer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1581606723028\",\"fieldName\":\"zeek.proto\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1581606665268\",\"fieldName\":\"zeek.service\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [
+        {
+          "name": "control_0_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_1_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_2_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
+      "type": "visualization",
+      "updated_at": "2020-02-13T14:16:47.803Z",
+      "version": "WzYzMSwxXQ==",
+      "attributes": {
+        "title": "Connections - Maps",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-12T22:48:55.398Z",
-      "version": "WzgwMiwxXQ==",
+      "updated_at": "2020-02-13T14:17:02.148Z",
+      "version": "Wzc2MCwxXQ==",
       "attributes": {
         "title": "Connections - Logs",
         "description": "",
diff --git a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index aa8856ecb..5e5fb16b6 100644
--- a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -505,7 +505,7 @@
       "version": "WzgyOCwxXQ==",
       "attributes": {
         "title": "Connections - Maps",
-        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source: Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination: Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source: Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination: Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source: Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination: Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source: Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination: Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source: Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination: Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source: Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination: Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
index f96a027e6..06632dd42 100644
--- a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
+++ b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
@@ -4,18 +4,18 @@
     {
       "id": "b50c8d17-6ed3-4de6-aed4-5181032810b2",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:48.251Z",
-      "version": "WzQ3MCwxXQ==",
+      "updated_at": "2020-02-13T15:35:28.915Z",
+      "version": "WzkyNywxXQ==",
       "attributes": {
         "title": "Connections - Source - Originator Bytes",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"mapCenter\":[25.16517336866393,0.17578125],\"mapZoom\":2}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"5a871ebe-5904-4f52-ab3a-e3da4846933d\"},\"panelIndex\":\"5a871ebe-5904-4f52-ab3a-e3da4846933d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"3b635110-907e-457a-bfdf-b86a667a8483\"},\"panelIndex\":\"3b635110-907e-457a-bfdf-b86a667a8483\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"
         }
       },
       "references": [
@@ -28,6 +28,16 @@
           "name": "panel_1",
           "type": "visualization",
           "id": "e959f9f2-e154-417f-a530-e1d7744ab9e4"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
         }
       ],
       "migrationVersion": {
@@ -37,8 +47,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-13T14:17:04.192Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -57,8 +67,8 @@
     {
       "id": "e959f9f2-e154-417f-a530-e1d7744ab9e4",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:48.251Z",
-      "version": "WzQ2OCwxXQ==",
+      "updated_at": "2020-02-13T14:16:50.828Z",
+      "version": "WzY2OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Source - Originator Bytes\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.orig_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}",
         "description": "",
@@ -81,11 +91,67 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49",
+      "type": "visualization",
+      "updated_at": "2020-02-13T15:17:58.982Z",
+      "version": "Wzg5NywxXQ==",
+      "attributes": {
+        "title": "Connections - Protocol Filters",
+        "visState": "{\"title\":\"Connections - Protocol Filters\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1581606976709\",\"fieldName\":\"network.type\",\"parent\":\"\",\"label\":\"Network Layer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1581606723028\",\"fieldName\":\"zeek.proto\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1581606665268\",\"fieldName\":\"zeek.service\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [
+        {
+          "name": "control_0_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_1_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_2_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
+      "type": "visualization",
+      "updated_at": "2020-02-13T14:16:47.803Z",
+      "version": "WzYzMSwxXQ==",
+      "attributes": {
+        "title": "Connections - Maps",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-12T22:48:55.398Z",
-      "version": "WzgwMiwxXQ==",
+      "updated_at": "2020-02-13T14:17:02.148Z",
+      "version": "Wzc2MCwxXQ==",
       "attributes": {
         "title": "Connections - Logs",
         "description": "",
diff --git a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index ec54663a9..10a5098d8 100644
--- a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -4,18 +4,18 @@
     {
       "id": "b9f247c0-3f99-11e9-a58e-8bdedb0915e8",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:49.282Z",
-      "version": "WzQ3NCwxXQ==",
+      "updated_at": "2020-02-13T15:38:11.270Z",
+      "version": "WzkzOCwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Top Connection Duration (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"c96be8c5-f3a1-4d01-a747-66cc2d298318\"},\"panelIndex\":\"c96be8c5-f3a1-4d01-a747-66cc2d298318\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"266c822f-c268-4e47-a53e-90b6ecf74660\"},\"panelIndex\":\"266c822f-c268-4e47-a53e-90b6ecf74660\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"
         }
       },
       "references": [
@@ -28,6 +28,16 @@
           "name": "panel_1",
           "type": "visualization",
           "id": "9b1b6960-3f96-11e9-a58e-8bdedb0915e8"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
         }
       ],
       "migrationVersion": {
@@ -37,8 +47,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-13T14:17:04.192Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -57,12 +67,12 @@
     {
       "id": "9b1b6960-3f96-11e9-a58e-8bdedb0915e8",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:49.282Z",
-      "version": "WzQ3MiwxXQ==",
+      "updated_at": "2020-02-13T14:47:59.790Z",
+      "version": "Wzg3NSwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Top Connection Duration (region map)",
-        "visState": "{\"title\":\"Connections - Destination - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
-        "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
+        "visState": "{\"title\":\"Connections - Destination - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.maptiler.com\\\">MapTiler</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a>\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Longest Session (seconds)\",\"aggType\":\"max\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Responder Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
+        "uiStateJSON": "{\"mapCenter\":[38.28591031601368,16.875000000000004],\"mapZoom\":3}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -72,8 +82,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -81,11 +91,67 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49",
+      "type": "visualization",
+      "updated_at": "2020-02-13T15:17:58.982Z",
+      "version": "Wzg5NywxXQ==",
+      "attributes": {
+        "title": "Connections - Protocol Filters",
+        "visState": "{\"title\":\"Connections - Protocol Filters\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1581606976709\",\"fieldName\":\"network.type\",\"parent\":\"\",\"label\":\"Network Layer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1581606723028\",\"fieldName\":\"zeek.proto\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1581606665268\",\"fieldName\":\"zeek.service\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [
+        {
+          "name": "control_0_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_1_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_2_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
+      "type": "visualization",
+      "updated_at": "2020-02-13T14:16:47.803Z",
+      "version": "WzYzMSwxXQ==",
+      "attributes": {
+        "title": "Connections - Maps",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-12T22:48:55.398Z",
-      "version": "WzgwMiwxXQ==",
+      "updated_at": "2020-02-13T14:17:02.148Z",
+      "version": "Wzc2MCwxXQ==",
       "attributes": {
         "title": "Connections - Logs",
         "description": "",
diff --git a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index 4965a0147..947e103ff 100644
--- a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -4,18 +4,18 @@
     {
       "id": "d41fe630-3f98-11e9-a58e-8bdedb0915e8",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:54.394Z",
-      "version": "WzUzOSwxXQ==",
+      "updated_at": "2020-02-13T15:37:14.067Z",
+      "version": "WzkzMywxXQ==",
       "attributes": {
         "title": "Connections - Source - Originator Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"aa2d7102-11ce-426c-9979-82d5bd6d6d3b\"},\"panelIndex\":\"aa2d7102-11ce-426c-9979-82d5bd6d6d3b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"8519445c-b38a-4d86-bff3-e42b2b231ca4\"},\"panelIndex\":\"8519445c-b38a-4d86-bff3-e42b2b231ca4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"
         }
       },
       "references": [
@@ -28,6 +28,16 @@
           "name": "panel_1",
           "type": "visualization",
           "id": "89122c10-3f94-11e9-a58e-8bdedb0915e8"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
         }
       ],
       "migrationVersion": {
@@ -37,8 +47,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-13T14:17:04.192Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -57,12 +67,12 @@
     {
       "id": "89122c10-3f94-11e9-a58e-8bdedb0915e8",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:54.394Z",
-      "version": "WzUzNywxXQ==",
+      "updated_at": "2020-02-13T14:46:55.253Z",
+      "version": "Wzg3MCwxXQ==",
       "attributes": {
         "title": "Connections - Source - Originator Bytes (region map)",
-        "visState": "{\"title\":\"Connections - Source - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.orig_bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
-        "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
+        "visState": "{\"title\":\"Connections - Source - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.maptiler.com\\\">MapTiler</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a>\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Originator Bytes\",\"aggType\":\"cardinality\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.orig_bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
+        "uiStateJSON": "{\"mapCenter\":[37.73168660636539,16.171875000000004],\"mapZoom\":3}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -72,8 +82,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "52570870-e9d4-444f-a3df-e44c6757ed9f"
         }
       ],
@@ -81,11 +91,67 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49",
+      "type": "visualization",
+      "updated_at": "2020-02-13T15:17:58.982Z",
+      "version": "Wzg5NywxXQ==",
+      "attributes": {
+        "title": "Connections - Protocol Filters",
+        "visState": "{\"title\":\"Connections - Protocol Filters\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1581606976709\",\"fieldName\":\"network.type\",\"parent\":\"\",\"label\":\"Network Layer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1581606723028\",\"fieldName\":\"zeek.proto\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1581606665268\",\"fieldName\":\"zeek.service\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [
+        {
+          "name": "control_0_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_1_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_2_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
+      "type": "visualization",
+      "updated_at": "2020-02-13T14:16:47.803Z",
+      "version": "WzYzMSwxXQ==",
+      "attributes": {
+        "title": "Connections - Maps",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-12T22:48:55.398Z",
-      "version": "WzgwMiwxXQ==",
+      "updated_at": "2020-02-13T14:17:02.148Z",
+      "version": "Wzc2MCwxXQ==",
       "attributes": {
         "title": "Connections - Logs",
         "description": "",
diff --git a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
index ce49bace2..ce51f22a1 100644
--- a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
+++ b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
@@ -4,18 +4,18 @@
     {
       "id": "d4fd6afd-15cb-42bf-8a25-03dd8e59b327",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:55.423Z",
-      "version": "WzU0MywxXQ==",
+      "updated_at": "2020-02-13T15:35:20.365Z",
+      "version": "WzkyNiwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Responder Bytes",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"d4b659f9-f6be-441e-a6c4-ea4acab7619d\"},\"panelIndex\":\"d4b659f9-f6be-441e-a6c4-ea4acab7619d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"a23bbf3d-6744-4dc7-a46a-50f450b6bff4\"},\"panelIndex\":\"a23bbf3d-6744-4dc7-a46a-50f450b6bff4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -28,6 +28,16 @@
           "name": "panel_1",
           "type": "visualization",
           "id": "ba8e479e-49b0-427e-a919-72aa774cedba"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
         }
       ],
       "migrationVersion": {
@@ -37,8 +47,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-13T14:17:04.192Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -57,8 +67,8 @@
     {
       "id": "ba8e479e-49b0-427e-a919-72aa774cedba",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:55.423Z",
-      "version": "WzU0MSwxXQ==",
+      "updated_at": "2020-02-13T14:16:57.026Z",
+      "version": "WzcyMCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Destination - Responder Bytes\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.resp_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}",
         "description": "",
@@ -81,11 +91,67 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49",
+      "type": "visualization",
+      "updated_at": "2020-02-13T15:17:58.982Z",
+      "version": "Wzg5NywxXQ==",
+      "attributes": {
+        "title": "Connections - Protocol Filters",
+        "visState": "{\"title\":\"Connections - Protocol Filters\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1581606976709\",\"fieldName\":\"network.type\",\"parent\":\"\",\"label\":\"Network Layer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1581606723028\",\"fieldName\":\"zeek.proto\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1581606665268\",\"fieldName\":\"zeek.service\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [
+        {
+          "name": "control_0_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_1_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_2_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
+      "type": "visualization",
+      "updated_at": "2020-02-13T14:16:47.803Z",
+      "version": "WzYzMSwxXQ==",
+      "attributes": {
+        "title": "Connections - Maps",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-12T22:48:55.398Z",
-      "version": "WzgwMiwxXQ==",
+      "updated_at": "2020-02-13T14:17:02.148Z",
+      "version": "Wzc2MCwxXQ==",
       "attributes": {
         "title": "Connections - Logs",
         "description": "",
diff --git a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
index 25625ffaa..227f044d8 100644
--- a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
+++ b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
@@ -4,18 +4,18 @@
     {
       "id": "e09a4b86-29b5-4256-bb3b-802ac9f90404",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:20:56.449Z",
-      "version": "WzU0NywxXQ==",
+      "updated_at": "2020-02-13T15:36:49.938Z",
+      "version": "WzkzMSwxXQ==",
       "attributes": {
         "title": "Connections - Source - Top Connection Duration",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"mapCenter\":[14.604847155053898,0.17578125],\"mapZoom\":2}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"03359f20-178f-4878-b423-ec2b347e5d9a\"},\"panelIndex\":\"03359f20-178f-4878-b423-ec2b347e5d9a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"e854052a-b93b-4de5-8ae3-46cef99a54ce\"},\"panelIndex\":\"e854052a-b93b-4de5-8ae3-46cef99a54ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -28,6 +28,16 @@
           "name": "panel_1",
           "type": "visualization",
           "id": "66e7f9d4-2a90-4708-b313-ca1cc2dbd89f"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
         }
       ],
       "migrationVersion": {
@@ -37,8 +47,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-13T14:17:04.192Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -57,8 +67,8 @@
     {
       "id": "66e7f9d4-2a90-4708-b313-ca1cc2dbd89f",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:20:56.449Z",
-      "version": "WzU0NSwxXQ==",
+      "updated_at": "2020-02-13T14:16:58.049Z",
+      "version": "WzcyNCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Source - Top Connection Duration\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}",
         "description": "",
@@ -81,11 +91,67 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49",
+      "type": "visualization",
+      "updated_at": "2020-02-13T15:17:58.982Z",
+      "version": "Wzg5NywxXQ==",
+      "attributes": {
+        "title": "Connections - Protocol Filters",
+        "visState": "{\"title\":\"Connections - Protocol Filters\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1581606976709\",\"fieldName\":\"network.type\",\"parent\":\"\",\"label\":\"Network Layer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1581606723028\",\"fieldName\":\"zeek.proto\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1581606665268\",\"fieldName\":\"zeek.service\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [
+        {
+          "name": "control_0_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_1_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_2_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
+      "type": "visualization",
+      "updated_at": "2020-02-13T14:16:47.803Z",
+      "version": "WzYzMSwxXQ==",
+      "attributes": {
+        "title": "Connections - Maps",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-12T22:48:55.398Z",
-      "version": "WzgwMiwxXQ==",
+      "updated_at": "2020-02-13T14:17:02.148Z",
+      "version": "Wzc2MCwxXQ==",
       "attributes": {
         "title": "Connections - Logs",
         "description": "",
diff --git a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
index 1c658d8ec..9686a795e 100644
--- a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
+++ b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
@@ -4,18 +4,18 @@
     {
       "id": "f394057d-1b16-4174-b994-7045f423a416",
       "type": "dashboard",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MiwxXQ==",
+      "updated_at": "2020-02-13T15:36:21.456Z",
+      "version": "WzkyOSwxXQ==",
       "attributes": {
         "title": "Connections - Source - Sum of Total Bytes",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2}}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"0a22cd88-c236-4994-9b27-db3f5b731d7f\"},\"panelIndex\":\"0a22cd88-c236-4994-9b27-db3f5b731d7f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"4a3f5963-08e0-4206-aede-70e943fed585\"},\"panelIndex\":\"4a3f5963-08e0-4206-aede-70e943fed585\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
         }
       },
       "references": [
@@ -28,6 +28,16 @@
           "name": "panel_1",
           "type": "visualization",
           "id": "c964c032-31ce-4397-bac3-f6b625e66548"
+        },
+        {
+          "name": "panel_2",
+          "type": "visualization",
+          "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49"
+        },
+        {
+          "name": "panel_3",
+          "type": "visualization",
+          "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5"
         }
       ],
       "migrationVersion": {
@@ -37,8 +47,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:02.636Z",
-      "version": "WzU5OCwxXQ==",
+      "updated_at": "2020-02-13T14:17:04.192Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -57,8 +67,8 @@
     {
       "id": "c964c032-31ce-4397-bac3-f6b625e66548",
       "type": "visualization",
-      "updated_at": "2019-12-18T16:21:00.551Z",
-      "version": "WzU4MCwxXQ==",
+      "updated_at": "2020-02-13T14:17:02.148Z",
+      "version": "Wzc1OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Connections - Source - Sum of Total Bytes\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"totBytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}",
         "description": "",
@@ -81,11 +91,67 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "623ef480-4e73-11ea-b4e7-0f540ddf3a49",
+      "type": "visualization",
+      "updated_at": "2020-02-13T15:17:58.982Z",
+      "version": "Wzg5NywxXQ==",
+      "attributes": {
+        "title": "Connections - Protocol Filters",
+        "visState": "{\"title\":\"Connections - Protocol Filters\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1581606976709\",\"fieldName\":\"network.type\",\"parent\":\"\",\"label\":\"Network Layer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1581606723028\",\"fieldName\":\"zeek.proto\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1581606665268\",\"fieldName\":\"zeek.service\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [
+        {
+          "name": "control_0_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_1_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        },
+        {
+          "name": "control_2_index_pattern",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
+    {
+      "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5",
+      "type": "visualization",
+      "updated_at": "2020-02-13T14:16:47.803Z",
+      "version": "WzYzMSwxXQ==",
+      "attributes": {
+        "title": "Connections - Maps",
+        "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](/kibana/app/kibana#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0)   \\n#### Region Maps\\n[Source - Originator Bytes ](/kibana/app/kibana#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](/kibana/app/kibana#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](/kibana/app/kibana#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](/kibana/app/kibana#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](/kibana/app/kibana#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "uiStateJSON": "{}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        }
+      },
+      "references": [],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "52570870-e9d4-444f-a3df-e44c6757ed9f",
       "type": "search",
-      "updated_at": "2020-02-12T22:48:55.398Z",
-      "version": "WzgwMiwxXQ==",
+      "updated_at": "2020-02-13T14:17:02.148Z",
+      "version": "Wzc2MCwxXQ==",
       "attributes": {
         "title": "Connections - Logs",
         "description": "",

From 43e011b8bbba0f98f186a97a71b1f8e7568c8283 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 13 Feb 2020 10:46:36 -0700
Subject: [PATCH 090/183] remove warnings

---
 kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json | 2 +-
 kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index 377e4f1e7..3bf8a5d06 100644
--- a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -61,7 +61,7 @@
       "version": "WzI3NSwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Originator Bytes (region map)",
-        "visState": "{\"title\":\"Connections - Destination - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.orig_bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
+        "visState": "{\"title\":\"Connections - Destination - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.orig_bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
         "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index 84adc68f9..28e48fff9 100644
--- a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -71,7 +71,7 @@
       "version": "WzQ4MiwxXQ==",
       "attributes": {
         "title": "Connections - Destination - Responder Bytes (region map)",
-        "visState": "{\"title\":\"Connections - Destination - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.resp_bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
+        "visState": "{\"title\":\"Connections - Destination - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.resp_bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}",
         "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
         "description": "",
         "version": 1,
diff --git a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index 3b30d08a9..299eb4b65 100644
--- a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -61,7 +61,7 @@
       "version": "WzU2MiwxXQ==",
       "attributes": {
         "title": "Connections - Source - Responder Bytes (region map)",
-        "visState": "{\"title\":\"Connections - Source - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.resp_bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
+        "visState": "{\"title\":\"Connections - Source - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"zeek_conn.resp_bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcGEO\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}",
         "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}",
         "description": "",
         "version": 1,

From cd0ffef239da562dd96cea39a50c26d8fbe709be Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 13 Feb 2020 13:11:56 -0700
Subject: [PATCH 091/183] improvements to how notices can be used througout the
 other dashboards

---
 .../42e831b9-41a9-4f35-8b7d-e1566d368773.json | 130 ++++++++++----
 .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json | 158 +++++++++++++-----
 .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json |  72 ++++----
 logstash/pipelines/zeek/11_zeek_logs.conf     |  21 +++
 4 files changed, 271 insertions(+), 110 deletions(-)

diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 0feee1791..0dd078344 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -4,18 +4,18 @@
     {
       "id": "42e831b9-41a9-4f35-8b7d-e1566d368773",
       "type": "dashboard",
-      "updated_at": "2020-02-12T19:19:30.235Z",
-      "version": "WzExMTgsMV0=",
+      "updated_at": "2020-02-13T19:57:16.243Z",
+      "version": "Wzg2OCwxXQ==",
       "attributes": {
         "title": "SMB",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":13,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":53,\"w\":24,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":53,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":37,\"w\":16,\"h\":16,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":24,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":13,\"w\":24,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":72,\"w\":48,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":13,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":32,\"w\":8,\"h\":21,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":13,\"w\":16,\"h\":24,\"i\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\"},\"panelIndex\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":92,\"w\":48,\"h\":42,\"i\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\"},\"panelIndex\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":13,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":21,\"y\":13,\"w\":12,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":32,\"w\":20,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":20,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":70,\"w\":48,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":13,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":32,\"w\":8,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":13,\"w\":13,\"h\":19,\"i\":\"c9b45e56-7e2e-4949-ad5f-05504515cc70\"},\"panelIndex\":\"c9b45e56-7e2e-4949-ad5f-05504515cc70\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":33,\"y\":13,\"w\":15,\"h\":19,\"i\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\"},\"panelIndex\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":42,\"i\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\"},\"panelIndex\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}"
         }
       },
       "references": [
@@ -72,10 +72,15 @@
         {
           "name": "panel_10",
           "type": "visualization",
-          "id": "b74e39c0-49ca-11ea-812f-2bc51df4ea1e"
+          "id": "b9aaa580-4e9a-11ea-b504-97aa449f6abc"
         },
         {
           "name": "panel_11",
+          "type": "visualization",
+          "id": "b74e39c0-49ca-11ea-812f-2bc51df4ea1e"
+        },
+        {
+          "name": "panel_12",
           "type": "search",
           "id": "e0cefef5-911e-4e38-a1ea-e67c982cb7c7"
         }
@@ -87,8 +92,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:01:05.290Z",
-      "version": "Wzc5NiwxXQ==",
+      "updated_at": "2020-02-13T19:05:04.060Z",
+      "version": "WzgwMCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -107,8 +112,8 @@
     {
       "id": "c4829cb4-ed05-4154-ab6c-9240f0ea0b04",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:25.265Z",
-      "version": "WzM4NiwxXQ==",
+      "updated_at": "2020-02-13T19:04:25.042Z",
+      "version": "WzM5MiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -134,8 +139,8 @@
     {
       "id": "3b82d24e-d3dd-48fa-a539-98a46ccbfd49",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:25.265Z",
-      "version": "WzM4NywxXQ==",
+      "updated_at": "2020-02-13T19:04:25.042Z",
+      "version": "WzM5MywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -161,8 +166,8 @@
     {
       "id": "974779e2-ab49-4fe8-88db-bf5321664f1a",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:25.265Z",
-      "version": "WzM4OCwxXQ==",
+      "updated_at": "2020-02-13T19:04:25.042Z",
+      "version": "WzM5NCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -188,8 +193,8 @@
     {
       "id": "3282a033-fff4-41cb-abe6-d896b4a2e03d",
       "type": "visualization",
-      "updated_at": "2020-02-12T19:18:50.700Z",
-      "version": "WzExMTYsMV0=",
+      "updated_at": "2020-02-13T19:04:25.042Z",
+      "version": "WzM5NSwxXQ==",
       "attributes": {
         "title": "SMB - Version",
         "visState": "{\"title\":\"SMB - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"SMB Version\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.service_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SMB Version\"}}]}",
@@ -215,8 +220,8 @@
     {
       "id": "02359f84-0114-4d9d-8731-2b6820722e32",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:25.265Z",
-      "version": "WzM5MCwxXQ==",
+      "updated_at": "2020-02-13T19:04:25.042Z",
+      "version": "WzM5NiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - File Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}",
         "description": "",
@@ -242,8 +247,8 @@
     {
       "id": "c8f1ff18-93e9-4ce9-a188-c947f7dadc05",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:25.265Z",
-      "version": "WzM5MSwxXQ==",
+      "updated_at": "2020-02-13T19:04:25.042Z",
+      "version": "WzM5NywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}",
         "description": "",
@@ -269,8 +274,8 @@
     {
       "id": "24b9dbff-7362-4982-9ce7-660001594ff9",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:25.265Z",
-      "version": "WzM5MiwxXQ==",
+      "updated_at": "2020-02-13T19:04:25.042Z",
+      "version": "WzM5OCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -296,8 +301,8 @@
     {
       "id": "AWDHDfDkxQT5EBNmq4fQ",
       "type": "visualization",
-      "updated_at": "2020-02-12T19:15:37.317Z",
-      "version": "WzExMTIsMV0=",
+      "updated_at": "2020-02-13T19:04:25.042Z",
+      "version": "WzM5OSwxXQ==",
       "attributes": {
         "title": "SMB - Log Count",
         "visState": "{\"title\":\"SMB - Log Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":100}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#FB9E00\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":30}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}}}],\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}}},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.logType\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SMB Log Type\"}}]}",
@@ -323,8 +328,8 @@
     {
       "id": "0fa8205d-717f-4385-a031-d15e5f1b6c08",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:25.265Z",
-      "version": "WzM5NCwxXQ==",
+      "updated_at": "2020-02-13T19:04:25.042Z",
+      "version": "WzQwMCwxXQ==",
       "attributes": {
         "title": "SMB - Destination Port",
         "visState": "{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}",
@@ -347,14 +352,41 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "b9aaa580-4e9a-11ea-b504-97aa449f6abc",
+      "type": "visualization",
+      "updated_at": "2020-02-13T19:55:03.507Z",
+      "version": "Wzg2NCwxXQ==",
+      "attributes": {
+        "title": "SMB - Relevant Notices",
+        "visState": "{\"title\":\"SMB - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.sub_category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"zeek_notice.category:(EternalSafety OR SMB OR ATTACK)\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "b74e39c0-49ca-11ea-812f-2bc51df4ea1e",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:25.265Z",
-      "version": "WzM5NSwxXQ==",
+      "updated_at": "2020-02-13T19:56:04.804Z",
+      "version": "Wzg2NiwxXQ==",
       "attributes": {
         "title": "SMB Action",
-        "visState": "{\"title\":\"SMB Action\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
+        "visState": "{\"title\":\"SMB Action\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"zeek.action: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
         "description": "",
         "version": 1,
@@ -377,8 +409,8 @@
     {
       "id": "e0cefef5-911e-4e38-a1ea-e67c982cb7c7",
       "type": "search",
-      "updated_at": "2020-02-12T19:13:30.989Z",
-      "version": "WzExMDksMV0=",
+      "updated_at": "2020-02-13T19:04:25.042Z",
+      "version": "WzQwMiwxXQ==",
       "attributes": {
         "title": "SMB - Logs",
         "description": "",
@@ -413,6 +445,44 @@
       "migrationVersion": {
         "search": "7.4.0"
       }
+    },
+    {
+      "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c",
+      "type": "search",
+      "updated_at": "2020-02-13T19:05:00.984Z",
+      "version": "Wzc3NiwxXQ==",
+      "attributes": {
+        "title": "Notices - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek_notice.category",
+          "zeek_notice.sub_category",
+          "srcIp",
+          "dstIp",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:notice\",\"default_field\":\"*\",\"time_zone\":\"America/Denver\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index f0a246d56..53c1b9041 100644
--- a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -4,13 +4,13 @@
     {
       "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb",
       "type": "dashboard",
-      "updated_at": "2020-02-12T20:43:16.229Z",
-      "version": "WzEyMTcsMV0=",
+      "updated_at": "2020-02-13T20:07:58.919Z",
+      "version": "Wzg3NSwxXQ==",
       "attributes": {
         "title": "SSL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":69,\"w\":30,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":108,\"w\":13,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":27,\"y\":108,\"w\":9,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":13,\"y\":108,\"w\":14,\"h\":19,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":19,\"y\":50,\"w\":29,\"h\":19,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":50,\"w\":19,\"h\":19,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":10,\"y\":32,\"w\":38,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":88,\"w\":24,\"h\":20,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":88,\"w\":24,\"h\":20,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":32,\"w\":10,\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\"},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":30,\"y\":69,\"w\":18,\"h\":19,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\"},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":108,\"w\":12,\"h\":19,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\"},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":127,\"w\":48,\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\"},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":30,\"x\":0,\"y\":64},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":11,\"x\":37,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"9\",\"w\":13,\"x\":0,\"y\":103},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"10\",\"w\":9,\"x\":27,\"y\":103},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":14,\"x\":13,\"y\":103},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":29,\"x\":19,\"y\":45},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":16,\"x\":8,\"y\":8},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":19,\"x\":0,\"y\":45},\"panelIndex\":\"19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"20\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"20\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"gridData\":{\"h\":18,\"i\":\"21\",\"w\":38,\"x\":10,\"y\":27},\"panelIndex\":\"21\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"22\",\"w\":24,\"x\":0,\"y\":83},\"panelIndex\":\"22\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"23\",\"w\":24,\"x\":24,\"y\":83},\"panelIndex\":\"23\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"w\":13,\"x\":24,\"y\":8},\"panelIndex\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"w\":10,\"x\":0,\"y\":27},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":19,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"w\":18,\"x\":30,\"y\":64},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_16\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"w\":12,\"x\":36,\"y\":103},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"w\":48,\"x\":0,\"y\":122},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_18\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -92,20 +92,25 @@
         {
           "name": "panel_14",
           "type": "visualization",
-          "id": "41325860-4dd6-11ea-8336-d3388483188b"
+          "id": "fa696510-4e9b-11ea-b504-97aa449f6abc"
         },
         {
           "name": "panel_15",
           "type": "visualization",
-          "id": "9c20d940-4dd6-11ea-8336-d3388483188b"
+          "id": "41325860-4dd6-11ea-8336-d3388483188b"
         },
         {
           "name": "panel_16",
           "type": "visualization",
-          "id": "f13ba720-4dd6-11ea-8336-d3388483188b"
+          "id": "9c20d940-4dd6-11ea-8336-d3388483188b"
         },
         {
           "name": "panel_17",
+          "type": "visualization",
+          "id": "f13ba720-4dd6-11ea-8336-d3388483188b"
+        },
+        {
+          "name": "panel_18",
           "type": "search",
           "id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
         }
@@ -117,8 +122,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:01:05.290Z",
-      "version": "Wzc5NiwxXQ==",
+      "updated_at": "2020-02-13T19:05:04.060Z",
+      "version": "WzgwMCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -137,8 +142,8 @@
     {
       "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:37.571Z",
-      "version": "WzUwMCwxXQ==",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUwOSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -164,8 +169,8 @@
     {
       "id": "d988522e-b3a8-4d74-98d4-96aff3e0f3f9",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:37.571Z",
-      "version": "WzUwMSwxXQ==",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUxMCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.subject_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}",
         "description": "",
@@ -191,11 +196,11 @@
     {
       "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:37.571Z",
-      "version": "WzUwMiwxXQ==",
+      "updated_at": "2020-02-13T20:07:29.419Z",
+      "version": "Wzg3NCwxXQ==",
       "attributes": {
         "title": "SSL - Version",
-        "visState": "{\"title\":\"SSL - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssl.ssl_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+        "visState": "{\"title\":\"SSL - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"zeek_ssl.ssl_version: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssl.ssl_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -206,8 +211,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
         }
       ],
@@ -218,8 +223,8 @@
     {
       "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:37.571Z",
-      "version": "WzUwMywxXQ==",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUxMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -245,8 +250,8 @@
     {
       "id": "f81fe18d-c2ff-4757-9de3-8b943a759169",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:37.571Z",
-      "version": "WzUwNCwxXQ==",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUxMywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
         "description": "",
@@ -272,8 +277,8 @@
     {
       "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:37.571Z",
-      "version": "WzUwNSwxXQ==",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUxNCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -299,8 +304,8 @@
     {
       "id": "8486949c-3592-4831-9020-59bfd968ccfa",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:56.057Z",
-      "version": "WzcyMiwxXQ==",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUxNSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.server_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}",
         "description": "",
@@ -326,8 +331,8 @@
     {
       "id": "d7a673bc-4a11-423b-acd3-a446425551c1",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:37.571Z",
-      "version": "WzUwNywxXQ==",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUxNiwxXQ==",
       "attributes": {
         "title": "SSL - Destination Country",
         "visState": "{\"title\":\"SSL - Destination Country\",\"type\":\"histogram\",\"params\":{\"addLegend\":false,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"zeek.destination_geo.country_name: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
@@ -353,8 +358,8 @@
     {
       "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:37.571Z",
-      "version": "WzUwOSwxXQ==",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUxNywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.validation_status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}",
         "description": "",
@@ -380,8 +385,8 @@
     {
       "id": "AWDHElRWxQT5EBNmq4lz",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:37.571Z",
-      "version": "WzUxMCwxXQ==",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUxOCwxXQ==",
       "attributes": {
         "title": "SSL - Log Count",
         "visState": "{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -407,8 +412,8 @@
     {
       "id": "1567ea7f-8d0e-470b-adbf-f605dd68bdce",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:37.571Z",
-      "version": "WzUxMSwxXQ==",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUxOSwxXQ==",
       "attributes": {
         "title": "SSL - Summary",
         "visState": "{\"title\":\"SSL - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.server_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.subject.CN\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.validation_status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.ssl_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS Version\"}}]}",
@@ -434,8 +439,8 @@
     {
       "id": "371b06d0-72a1-11e9-b0f3-590266f42743",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:37.571Z",
-      "version": "WzUxMiwxXQ==",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUyMCwxXQ==",
       "attributes": {
         "title": "SSL - Client JA3 Lookup",
         "visState": "{\"title\":\"SSL - Client JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.ja3_desc\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client JA3 Lookup\"}}]}",
@@ -461,8 +466,8 @@
     {
       "id": "bdda87a0-72a0-11e9-b0f3-590266f42743",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:37.571Z",
-      "version": "WzUxMywxXQ==",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUyMSwxXQ==",
       "attributes": {
         "title": "SSL - Server JA3 Lookup",
         "visState": "{\"title\":\"SSL - Server JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.ja3s_desc\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server JA3 Lookup\"}}]}",
@@ -485,11 +490,38 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "fa696510-4e9b-11ea-b504-97aa449f6abc",
+      "type": "visualization",
+      "updated_at": "2020-02-13T20:04:01.633Z",
+      "version": "Wzg3MiwxXQ==",
+      "attributes": {
+        "title": "SSL - Relevant Notices",
+        "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.sub_category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"zeek_notice.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "41325860-4dd6-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2020-02-12T20:28:40.038Z",
-      "version": "WzExOTksMV0=",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUyMiwxXQ==",
       "attributes": {
         "title": "SSL - Connection Established",
         "visState": "{\"title\":\"SSL - Connection Established\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Established\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssl.established\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Established\"}}]}",
@@ -515,8 +547,8 @@
     {
       "id": "9c20d940-4dd6-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2020-02-12T20:31:12.595Z",
-      "version": "WzEyMDMsMV0=",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUyMywxXQ==",
       "attributes": {
         "title": "SSL - Elliptic Curve",
         "visState": "{\"title\":\"SSL - Elliptic Curve\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Elliptic Curve\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssl.curve\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Elliptic Curve\"}}]}",
@@ -542,8 +574,8 @@
     {
       "id": "f13ba720-4dd6-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2020-02-12T20:33:35.378Z",
-      "version": "WzEyMDUsMV0=",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUyNCwxXQ==",
       "attributes": {
         "title": "SSL - Next Protocol",
         "visState": "{\"title\":\"SSL - Next Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.next_protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Next Protocol\"}}]}",
@@ -569,8 +601,8 @@
     {
       "id": "b945a684-0841-4e86-87aa-0f1af6fb6579",
       "type": "search",
-      "updated_at": "2020-02-12T20:42:31.012Z",
-      "version": "WzEyMTYsMV0=",
+      "updated_at": "2020-02-13T19:04:37.359Z",
+      "version": "WzUyNSwxXQ==",
       "attributes": {
         "title": "SSL - Logs",
         "description": "",
@@ -605,6 +637,44 @@
       "migrationVersion": {
         "search": "7.4.0"
       }
+    },
+    {
+      "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c",
+      "type": "search",
+      "updated_at": "2020-02-13T19:05:00.984Z",
+      "version": "Wzc3NiwxXQ==",
+      "attributes": {
+        "title": "Notices - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek_notice.category",
+          "zeek_notice.sub_category",
+          "srcIp",
+          "dstIp",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:notice\",\"default_field\":\"*\",\"time_zone\":\"America/Denver\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file
diff --git a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
index 398c8f1b8..e7093cd9a 100644
--- a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
+++ b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
@@ -4,13 +4,13 @@
     {
       "id": "f1f09567-fc7f-450b-a341-19d2f2bb468b",
       "type": "dashboard",
-      "updated_at": "2020-02-12T16:00:38.405Z",
-      "version": "Wzg3MywxXQ==",
+      "updated_at": "2020-02-13T19:30:36.016Z",
+      "version": "WzgzNSwxXQ==",
       "attributes": {
         "title": "Notices",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":46,\"i\":\"5\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":24,\"x\":0,\"y\":46},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"8\",\"w\":24,\"x\":24,\"y\":46},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":25,\"i\":\"11\",\"w\":20,\"x\":0,\"y\":84},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":65},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":65},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"14\",\"w\":40,\"x\":8,\"y\":30},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":25,\"i\":\"15\",\"w\":28,\"x\":20,\"y\":84},\"panelIndex\":\"15\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":109},\"panelIndex\":\"17\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"18\",\"w\":26,\"x\":8,\"y\":11},\"panelIndex\":\"18\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":14,\"x\":34,\"y\":11},\"panelIndex\":\"19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_12\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"5\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":0,\"y\":30},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"8\",\"w\":13,\"x\":13,\"y\":30},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":17,\"x\":8,\"y\":11},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":67},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":67},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":11,\"x\":25,\"y\":11},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"15\",\"w\":48,\"x\":0,\"y\":49},\"panelIndex\":\"15\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":86},\"panelIndex\":\"17\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"18\",\"w\":22,\"x\":26,\"y\":30},\"panelIndex\":\"18\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":12,\"x\":36,\"y\":11},\"panelIndex\":\"19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_12\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -92,8 +92,8 @@
     {
       "id": "0455b814-9b8e-4895-985d-c0d484bb025c",
       "type": "visualization",
-      "updated_at": "2020-02-12T16:00:04.619Z",
-      "version": "Wzg3MiwxXQ==",
+      "updated_at": "2020-02-13T19:05:00.984Z",
+      "version": "Wzc2NiwxXQ==",
       "attributes": {
         "title": "Notices - Log Count Over Time",
         "visState": "{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"line\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT1S\",\"intervalESValue\":1,\"intervalESUnit\":\"s\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2017-04-16T17:22:12.510Z\",\"max\":\"2017-04-16T17:23:40.195Z\"}},\"label\":\"firstPacket per second\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"2017-04-16T17:22:12.510Z\",\"to\":\"2017-04-16T17:23:40.195Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_notice.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}}]}",
@@ -119,8 +119,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:01:05.290Z",
-      "version": "Wzc5NiwxXQ==",
+      "updated_at": "2020-02-13T19:05:04.060Z",
+      "version": "WzgwMCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -139,8 +139,8 @@
     {
       "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:01:02.218Z",
-      "version": "Wzc2NSwxXQ==",
+      "updated_at": "2020-02-13T19:05:00.984Z",
+      "version": "Wzc2OCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -166,8 +166,8 @@
     {
       "id": "af961658-7f3d-4f88-b35f-76d1b6f49002",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:01:02.218Z",
-      "version": "Wzc2NiwxXQ==",
+      "updated_at": "2020-02-13T19:05:00.984Z",
+      "version": "Wzc2OSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -193,8 +193,8 @@
     {
       "id": "519823ff-ee5b-4051-9dd5-0467e595ab25",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:20:49.594Z",
-      "version": "WzgxOCwxXQ==",
+      "updated_at": "2020-02-13T19:11:54.959Z",
+      "version": "WzgyMCwxXQ==",
       "attributes": {
         "title": "Notices - Notice Type",
         "visState": "{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.sub_category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}",
@@ -220,8 +220,8 @@
     {
       "id": "8f4a6c67-6833-4c53-b874-4341df5f181d",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:01:02.218Z",
-      "version": "Wzc2OCwxXQ==",
+      "updated_at": "2020-02-13T19:05:00.984Z",
+      "version": "Wzc3MSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.file_mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}",
         "description": "",
@@ -247,8 +247,8 @@
     {
       "id": "47adad3a-a0d2-46eb-a957-1886abd4472d",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:01:02.218Z",
-      "version": "Wzc2OSwxXQ==",
+      "updated_at": "2020-02-13T19:05:00.984Z",
+      "version": "Wzc3MiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.file_desc\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}",
         "description": "",
@@ -274,8 +274,8 @@
     {
       "id": "8a911a83-3962-44b8-be39-b54532f51b46",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:23:50.918Z",
-      "version": "WzgyMiwxXQ==",
+      "updated_at": "2020-02-13T19:05:00.984Z",
+      "version": "Wzc3MywxXQ==",
       "attributes": {
         "title": "Notice - Destination Port",
         "visState": "{\"title\":\"Notice - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstPort\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}",
@@ -301,13 +301,13 @@
     {
       "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:01:02.218Z",
-      "version": "Wzc3MSwxXQ==",
+      "updated_at": "2020-02-13T19:18:14.196Z",
+      "version": "WzgyNCwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"Notice - Message/Sub-Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.msg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.sub\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sub-Message\"}}],\"listeners\":{}}",
+        "title": "Notice - Message Details",
+        "visState": "{\"title\":\"Notice - Message Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Message\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Sub-Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Subcategory\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.sub_category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subcategory\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.sub\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Sub-Message\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}",
         "description": "",
-        "title": "Notice - Message/Sub-Message",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -316,8 +316,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c"
         }
       ],
@@ -328,8 +328,8 @@
     {
       "id": "AWDG1uC-xQT5EBNmq3dP",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:01:02.218Z",
-      "version": "Wzc3MiwxXQ==",
+      "updated_at": "2020-02-13T19:05:00.984Z",
+      "version": "Wzc3NSwxXQ==",
       "attributes": {
         "title": "Notices - Log Count",
         "visState": "{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -355,8 +355,8 @@
     {
       "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c",
       "type": "search",
-      "updated_at": "2020-02-12T15:26:25.765Z",
-      "version": "WzgyOSwxXQ==",
+      "updated_at": "2020-02-13T19:05:00.984Z",
+      "version": "Wzc3NiwxXQ==",
       "attributes": {
         "title": "Notices - Logs",
         "description": "",
@@ -393,8 +393,8 @@
     {
       "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:23:03.456Z",
-      "version": "WzgyMSwxXQ==",
+      "updated_at": "2020-02-13T19:05:00.984Z",
+      "version": "Wzc3NywxXQ==",
       "attributes": {
         "title": "Notices - Notice Types by Source and Destination",
         "visState": "{\"title\":\"Notices - Notice Types by Source and Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Note\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.sub_category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}",
@@ -420,12 +420,12 @@
     {
       "id": "559cf002-6086-4655-908e-d1f757cd58a9",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:01:02.218Z",
-      "version": "Wzc3NSwxXQ==",
+      "updated_at": "2020-02-13T19:30:22.862Z",
+      "version": "WzgzNCwxXQ==",
       "attributes": {
         "title": "Notices - Destination Country",
-        "visState": "{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "visState": "{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination Country\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
         "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
@@ -435,8 +435,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c"
         }
       ],
diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index b1b296c94..ad56b981a 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -3089,6 +3089,27 @@ filter {
         end"
     }
 
+    if ([zeek_notice][category] == "ATTACK") and ([zeek_notice][msg] =~ /(from|against|to)\s+host/) {
+      # ATTACK::Discovery - Detected activity from host 192.168.199.133, total attempts 5 within timeframe 5.0 mins
+      # but no IP addresses set :(
+      if (![srcIp]) {
+        grok {
+          id => "grok_zeek_notice_attack_src_hosts"
+          match => { "[zeek_notice][msg]" => [ "from%{SPACE}host%{SPACE}%{DATA:[srcIp]}%{SPACE}($|[^\d:\.\w-]+)" ] }
+        }
+        if ([srcIp]) { mutate { id => "mutate_add_field_zeek_orig_h_attack"
+                                add_field => { "[zeek][orig_h]"   => "%{[srcIp]}" } } }
+      }
+      if (![dstIp]) {
+        grok {
+          id => "grok_zeek_notice_attack_dst_hosts"
+          match => { "[zeek_notice][msg]" => [ "(against|to)%{SPACE}host%{SPACE}%{DATA:[dstIp]}%{SPACE}($|[^\d:\.\w-]+)" ] }
+        }
+        if ([dstIp]) { mutate { id => "mutate_add_field_zeek_resp_h_attack"
+                                add_field => { "[zeek][resp_h]"   => "%{[dstIp]}" } } }
+      }
+    }
+
   } else if ([source] == "ntp") {
     #############################################################################################################################
     # ntp.log specific logic

From 81408a567d2e421f1a6151f46788d0b377b10e9b Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 13 Feb 2020 13:18:51 -0700
Subject: [PATCH 092/183] improvements to how notices can be used througout the
 other dashboards

---
 .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json | 112 ++++++++++++++----
 1 file changed, 91 insertions(+), 21 deletions(-)

diff --git a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
index e021e605b..5bc3c655f 100644
--- a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
+++ b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
@@ -4,13 +4,13 @@
     {
       "id": "024062a6-48d6-498f-a91a-3bf2da3a3cd3",
       "type": "dashboard",
-      "updated_at": "2020-02-12T20:51:07.191Z",
-      "version": "WzEyMzIsMV0=",
+      "updated_at": "2020-02-13T20:18:00.229Z",
+      "version": "Wzg4NCwxXQ==",
       "attributes": {
         "title": "X.509",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":17,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":25,\"y\":8,\"w\":23,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":40,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":86,\"w\":48,\"h\":39,\"i\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\"},\"panelIndex\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":17,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":25,\"y\":8,\"w\":23,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":25,\"y\":28,\"w\":23,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":17,\"h\":20,\"i\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\"},\"panelIndex\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":86,\"w\":48,\"h\":39,\"i\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\"},\"panelIndex\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -61,6 +61,11 @@
         },
         {
           "name": "panel_8",
+          "type": "visualization",
+          "id": "fa696510-4e9b-11ea-b504-97aa449f6abc"
+        },
+        {
+          "name": "panel_9",
           "type": "search",
           "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b"
         }
@@ -72,8 +77,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:01:05.290Z",
-      "version": "Wzc5NiwxXQ==",
+      "updated_at": "2020-02-13T19:05:04.060Z",
+      "version": "WzgwMCwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -92,8 +97,8 @@
     {
       "id": "0ce14883-eb54-4b30-aba0-b8b13021da11",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:04.595Z",
-      "version": "WzY4LDFd",
+      "updated_at": "2020-02-13T19:04:04.463Z",
+      "version": "WzE3MCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -119,8 +124,8 @@
     {
       "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7",
       "type": "visualization",
-      "updated_at": "2020-02-12T20:44:29.524Z",
-      "version": "WzEyMjAsMV0=",
+      "updated_at": "2020-02-13T19:04:04.463Z",
+      "version": "WzE3MSwxXQ==",
       "attributes": {
         "title": "X.509 - Certificate Signing Algorithm",
         "visState": "{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Algorithm\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_x509.certificate_sig_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"}}]}",
@@ -146,8 +151,8 @@
     {
       "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:04.595Z",
-      "version": "WzcxLDFd",
+      "updated_at": "2020-02-13T19:04:04.463Z",
+      "version": "WzE3MiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_x509.certificate_subject_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}",
         "description": "",
@@ -173,8 +178,8 @@
     {
       "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:04.595Z",
-      "version": "WzcyLDFd",
+      "updated_at": "2020-02-13T19:04:04.463Z",
+      "version": "WzE3MywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_x509.certificate_issuer_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}",
         "description": "",
@@ -200,8 +205,8 @@
     {
       "id": "193088ad-5112-435f-9e9f-ec9127ff8665",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:04.595Z",
-      "version": "WzczLDFd",
+      "updated_at": "2020-02-13T19:04:04.463Z",
+      "version": "WzE3NCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"X.509 - Certificate Key Length\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_x509.certificate_key_length\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Key Length\"}}],\"listeners\":{}}",
         "description": "",
@@ -227,8 +232,8 @@
     {
       "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:04.595Z",
-      "version": "Wzc0LDFd",
+      "updated_at": "2020-02-13T19:04:04.463Z",
+      "version": "WzE3NSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"X.509 - Certificate Key Algorithm\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_x509.certificate_key_alg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}],\"listeners\":{}}",
         "description": "",
@@ -254,8 +259,8 @@
     {
       "id": "AWDHGklsxQT5EBNmq4wG",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:04.595Z",
-      "version": "Wzc1LDFd",
+      "updated_at": "2020-02-13T19:04:04.463Z",
+      "version": "WzE3NiwxXQ==",
       "attributes": {
         "title": "X.509 - Log Count",
         "visState": "{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -278,11 +283,38 @@
         "visualization": "7.4.2"
       }
     },
+    {
+      "id": "fa696510-4e9b-11ea-b504-97aa449f6abc",
+      "type": "visualization",
+      "updated_at": "2020-02-13T20:04:01.633Z",
+      "version": "Wzg3MiwxXQ==",
+      "attributes": {
+        "title": "SSL - Relevant Notices",
+        "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.sub_category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
+        "description": "",
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"zeek_notice.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0"
+      },
+      "references": [
+        {
+          "name": "search_0",
+          "type": "search",
+          "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c"
+        }
+      ],
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      }
+    },
     {
       "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b",
       "type": "search",
-      "updated_at": "2020-02-12T20:48:49.559Z",
-      "version": "WzEyMzAsMV0=",
+      "updated_at": "2020-02-13T19:04:04.463Z",
+      "version": "WzE3NywxXQ==",
       "attributes": {
         "title": "X.509 - Logs",
         "description": "",
@@ -315,6 +347,44 @@
       "migrationVersion": {
         "search": "7.4.0"
       }
+    },
+    {
+      "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c",
+      "type": "search",
+      "updated_at": "2020-02-13T19:05:00.984Z",
+      "version": "Wzc3NiwxXQ==",
+      "attributes": {
+        "title": "Notices - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "zeek_notice.category",
+          "zeek_notice.sub_category",
+          "srcIp",
+          "dstIp",
+          "zeek.uid"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:notice\",\"default_field\":\"*\",\"time_zone\":\"America/Denver\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file

From 00b46d0bcc57a455b1ff14eee93b01f5f83865ca Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 13 Feb 2020 13:57:14 -0700
Subject: [PATCH 093/183] do frequency analysis on zeek_ssl.server_name

---
 .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json | 92 +++++++++----------
 logstash/pipelines/enrichment/11_lookups.conf | 34 ++++---
 2 files changed, 67 insertions(+), 59 deletions(-)

diff --git a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index 53c1b9041..e0611a4b0 100644
--- a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -4,8 +4,8 @@
     {
       "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb",
       "type": "dashboard",
-      "updated_at": "2020-02-13T20:07:58.919Z",
-      "version": "Wzg3NSwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUxMSwxXQ==",
       "attributes": {
         "title": "SSL",
         "hits": 0,
@@ -122,8 +122,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:05:04.060Z",
-      "version": "WzgwMCwxXQ==",
+      "updated_at": "2020-02-13T20:45:03.886Z",
+      "version": "WzgwNiwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -142,8 +142,8 @@
     {
       "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUwOSwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUxMywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -169,8 +169,8 @@
     {
       "id": "d988522e-b3a8-4d74-98d4-96aff3e0f3f9",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUxMCwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUxNCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.subject_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}",
         "description": "",
@@ -196,8 +196,8 @@
     {
       "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f",
       "type": "visualization",
-      "updated_at": "2020-02-13T20:07:29.419Z",
-      "version": "Wzg3NCwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUxNSwxXQ==",
       "attributes": {
         "title": "SSL - Version",
         "visState": "{\"title\":\"SSL - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"zeek_ssl.ssl_version: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssl.ssl_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
@@ -223,8 +223,8 @@
     {
       "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUxMiwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUxNiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -250,8 +250,8 @@
     {
       "id": "f81fe18d-c2ff-4757-9de3-8b943a759169",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUxMywxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUxNywxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
         "description": "",
@@ -277,8 +277,8 @@
     {
       "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUxNCwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUxOCwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
         "description": "",
@@ -304,13 +304,13 @@
     {
       "id": "8486949c-3592-4831-9020-59bfd968ccfa",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUxNSwxXQ==",
+      "updated_at": "2020-02-13T20:54:48.292Z",
+      "version": "WzgyNSwxXQ==",
       "attributes": {
-        "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.server_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}",
-        "description": "",
         "title": "SSL - Server",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Server\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Randomness Score (method 1)\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.server_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 2)\"}}]}",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}",
+        "description": "",
         "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
@@ -319,8 +319,8 @@
       },
       "references": [
         {
-          "type": "search",
           "name": "search_0",
+          "type": "search",
           "id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
         }
       ],
@@ -331,8 +331,8 @@
     {
       "id": "d7a673bc-4a11-423b-acd3-a446425551c1",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUxNiwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUyMCwxXQ==",
       "attributes": {
         "title": "SSL - Destination Country",
         "visState": "{\"title\":\"SSL - Destination Country\",\"type\":\"histogram\",\"params\":{\"addLegend\":false,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"zeek.destination_geo.country_name: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
@@ -358,8 +358,8 @@
     {
       "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUxNywxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUyMSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.validation_status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}",
         "description": "",
@@ -385,8 +385,8 @@
     {
       "id": "AWDHElRWxQT5EBNmq4lz",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUxOCwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUyMiwxXQ==",
       "attributes": {
         "title": "SSL - Log Count",
         "visState": "{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -412,8 +412,8 @@
     {
       "id": "1567ea7f-8d0e-470b-adbf-f605dd68bdce",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUxOSwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUyMywxXQ==",
       "attributes": {
         "title": "SSL - Summary",
         "visState": "{\"title\":\"SSL - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.server_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.subject.CN\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.validation_status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.ssl_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS Version\"}}]}",
@@ -439,8 +439,8 @@
     {
       "id": "371b06d0-72a1-11e9-b0f3-590266f42743",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUyMCwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUyNCwxXQ==",
       "attributes": {
         "title": "SSL - Client JA3 Lookup",
         "visState": "{\"title\":\"SSL - Client JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.ja3_desc\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client JA3 Lookup\"}}]}",
@@ -466,8 +466,8 @@
     {
       "id": "bdda87a0-72a0-11e9-b0f3-590266f42743",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUyMSwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUyNSwxXQ==",
       "attributes": {
         "title": "SSL - Server JA3 Lookup",
         "visState": "{\"title\":\"SSL - Server JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.ja3s_desc\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server JA3 Lookup\"}}]}",
@@ -493,8 +493,8 @@
     {
       "id": "fa696510-4e9b-11ea-b504-97aa449f6abc",
       "type": "visualization",
-      "updated_at": "2020-02-13T20:04:01.633Z",
-      "version": "Wzg3MiwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUyNiwxXQ==",
       "attributes": {
         "title": "SSL - Relevant Notices",
         "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.sub_category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}",
@@ -520,8 +520,8 @@
     {
       "id": "41325860-4dd6-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUyMiwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUyNywxXQ==",
       "attributes": {
         "title": "SSL - Connection Established",
         "visState": "{\"title\":\"SSL - Connection Established\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Established\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssl.established\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Established\"}}]}",
@@ -547,8 +547,8 @@
     {
       "id": "9c20d940-4dd6-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUyMywxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUyOCwxXQ==",
       "attributes": {
         "title": "SSL - Elliptic Curve",
         "visState": "{\"title\":\"SSL - Elliptic Curve\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://localhost\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Elliptic Curve\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssl.curve\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Elliptic Curve\"}}]}",
@@ -574,8 +574,8 @@
     {
       "id": "f13ba720-4dd6-11ea-8336-d3388483188b",
       "type": "visualization",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUyNCwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUyOSwxXQ==",
       "attributes": {
         "title": "SSL - Next Protocol",
         "visState": "{\"title\":\"SSL - Next Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.next_protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Next Protocol\"}}]}",
@@ -601,8 +601,8 @@
     {
       "id": "b945a684-0841-4e86-87aa-0f1af6fb6579",
       "type": "search",
-      "updated_at": "2020-02-13T19:04:37.359Z",
-      "version": "WzUyNSwxXQ==",
+      "updated_at": "2020-02-13T20:44:37.133Z",
+      "version": "WzUzMCwxXQ==",
       "attributes": {
         "title": "SSL - Logs",
         "description": "",
@@ -641,8 +641,8 @@
     {
       "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c",
       "type": "search",
-      "updated_at": "2020-02-13T19:05:00.984Z",
-      "version": "Wzc3NiwxXQ==",
+      "updated_at": "2020-02-13T20:45:00.802Z",
+      "version": "Wzc4MiwxXQ==",
       "attributes": {
         "title": "Notices - Logs",
         "description": "",
diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index 20056813c..671cff3a2 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -224,19 +224,7 @@ filter {
 
   if ([dns][host]) {
     # if requested, look up DNS queries using freq_server.py to get entropy scores
-
-    # I would do this in an http filter, but it doesn't handle arrays
-    # http {
-    #   id => "rest_dns_freq_lookup"
-    #   url => "http://freq:10004/measure/%{[dns][host]}"
-    #   target_body => "[@metadata][dns_host_freq]"
-    # }
-    # if ([@metadata][dns_host_freq]) {
-    #   grok {
-    #     id => "grok_dns_freq_parse"
-    #     match => { "[@metadata][dns_host_freq]" => [ "^\(%{NUMBER:[zeek][freq_score_v1]}, %{NUMBER:[zeek][freq_score_v2]}\)$" ] }
-    #   }
-    # }
+    # I would do this in an http filter (like zeek_ssl.server_name)
     ruby {
         id => "ruby_dns_freq_lookup"
         init => "
@@ -352,6 +340,26 @@ filter {
 
   } # end if radius
 
+  if ([zeek_ssl][server_name]) {
+    mutate {
+      add_field => { "[@metadata][ENV_FREQ_LOOKUP]" => "${FREQ_LOOKUP:false}" }
+    }
+    if ([@metadata][ENV_FREQ_LOOKUP] == "true") {
+      # if requested, look up zeek_ssl.server_name queries using freq_server.py to get entropy scores
+      http {
+        id => "rest_zeek_ssl_server_name_freq_lookup"
+        url => "http://freq:10004/measure/%{[zeek_ssl][server_name]}"
+        target_body => "[@metadata][zeek_ssl_server_name_freq]"
+      }
+      if ([@metadata][zeek_ssl_server_name_freq]) {
+        grok {
+          id => "grok_zeek_ssl_server_name_freq_parse"
+          match => { "[@metadata][zeek_ssl_server_name_freq]" => [ "^\(%{NUMBER:[zeek][freq_score_v1]}, %{NUMBER:[zeek][freq_score_v2]}\)$" ] }
+        }
+      }
+    }
+  } # end if zeek_ssl.server_name
+
   ################################################################################################
 
   ######## JA3 community hashes lookup ###########################################################

From ae60cf27c82fbb6e3fa814601facbac3e06181b8 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 17 Feb 2020 07:53:57 -0700
Subject: [PATCH 094/183] merge src/dst mac/oui fields into network.mac and
 network.oui arrays, respectively to provide aggregated fields that can be
 used for asset inventory (issue 113)

---
 logstash/pipelines/enrichment/11_lookups.conf | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index 671cff3a2..a584a4553 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -6,6 +6,7 @@ filter {
 
   # if OUI lookup is requested, enable it
   mutate {
+    id => "mutate_add_field_env_logstash_oui_lookup"
     add_field => { "[@metadata][ENV_LOGSTASH_OUI_LOOKUP]" => "${LOGSTASH_OUI_LOOKUP:false}" }
   }
   if ([@metadata][ENV_LOGSTASH_OUI_LOOKUP] == "true") {
@@ -42,8 +43,16 @@ filter {
             add_field => { "[dhcp][ouiCnt]" => "%{[srcOuiCnt]}" }
           }
         }
+
+        # an aggregate field with both src/dst oui (for asset inventory)
+        mutate { id => "mutate_merge_field_combined_oui_src"
+                 merge => { "[network][oui]" => "[zeek][orig_l2_oui]" } }
       }
 
+      # an aggregate field with both src/dst mac (for asset inventory)
+      mutate { id => "mutate_merge_field_combined_mac_src"
+               merge => { "[network][mac]" => "[srcMac]" } }
+
     } # end if [srcMac]
 
     if ([dstMac]) and ([dstMac][0]) {
@@ -64,10 +73,32 @@ filter {
                  merge => { "[dstOui]" => "[zeek][resp_l2_oui]" } }
         mutate { id => "mutate_add_field_dstOuiCnt"
                  add_field => { "[dstOuiCnt]" => "1" } }
+
+        # an aggregate field with both src/dst oui (for asset inventory)
+        mutate { id => "mutate_merge_field_combined_oui_dst"
+                 merge => { "[network][oui]" => "[zeek][resp_l2_oui]" } }
       }
 
+      # an aggregate field with both src/dst mac (for asset inventory)
+      mutate { id => "mutate_merge_field_combined_mac_dst"
+               merge => { "[network][mac]" => "[dstMac]" } }
+
     } # end if [dstMac]
 
+    # deduplicate and clean up network.mac/network.oui
+    if ([network][mac]) {
+      ruby {
+        id => "ruby_network_mac_uniq"
+        code => "event.set('[network][mac]', (event.get('[network][mac]').map(&:downcase).uniq - ['ff:ff:ff:ff:ff:ff']))"
+      }
+    }
+    if ([network][oui]) {
+      ruby {
+        id => "ruby_network_oui_uniq"
+        code => "event.set('[network][oui]', event.get('[network][oui]').uniq)"
+      }
+    }
+
   } # end if ENV_LOGSTASH_OUI_LOOKUP
   ################################################################################################
 

From 8bdcefaed5d2be765f994abc0959fd713d0ea451 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 17 Feb 2020 11:34:09 -0700
Subject: [PATCH 095/183] experimenting with creating a merged network.mac_oui
 field that looks like this:

...
    "network": {
      "type": "ipv4",
      "mac_oui": {
        "00:10:db:ff:10:01": "Juniper Networks",
        "8c:85:90:65:85:8f": "Apple, Inc."
      }
    },
...

however, I may revert this for now because although this works kibana does't really play nicely with the data in visualizations
---
 kibana/scripts/kibana_index_refresh.py        | 17 +++++++
 logstash/pipelines/enrichment/11_lookups.conf | 47 +++++++------------
 2 files changed, 34 insertions(+), 30 deletions(-)

diff --git a/kibana/scripts/kibana_index_refresh.py b/kibana/scripts/kibana_index_refresh.py
index 7d0d1ada6..dbda6f78f 100755
--- a/kibana/scripts/kibana_index_refresh.py
+++ b/kibana/scripts/kibana_index_refresh.py
@@ -55,6 +55,8 @@ def main():
   parser.add_argument('-i', '--index', dest='index', metavar='<str>', type=str, default='sessions2-*', help='Index Pattern Name')
   parser.add_argument('-k', '--kibana', dest='url', metavar='<protocol://host:port>', type=str, default='http://localhost:5601/kibana', help='Kibana URL')
   parser.add_argument('-n', '--dry-run', dest='dryrun', type=str2bool, nargs='?', const=True, default=False, help="Dry run (no PUT)")
+  parser.add_argument('-f', '--filter-prefix', dest='filterPrefixes', type=str, nargs='*', default=['network.mac_oui.'], help="Exclude fields with these \"name\" prefixes")
+  parser.add_argument('-a', '--add-fields', dest='addFields', type=str, nargs='*', default=['network.mac_oui'], help="Add extra string fields with these \"name\" values")
   try:
     parser.error = parser.exit
     args = parser.parse_args()
@@ -101,6 +103,21 @@ def main():
                                               'meta_fields': ["_source","_id","_type","_index","_score"] })
     getFieldsResponse.raise_for_status()
     getFieldsList = getFieldsResponse.json()['fields']
+
+    # filter out the network.mac_oui.##:##:##:##:##:## from the fields for the index pattern
+    if isinstance(getFieldsList, list):
+      for namePrefix in args.filterPrefixes:
+        getFieldsList = [x for x in getFieldsList if ('name' in x) and (not x['name'].startswith(namePrefix))]
+
+    for addField in args.addFields:
+      getFieldsList.append({"name": addField,
+                            "type": "string",
+                            "esTypes": ["text"],
+                            "scripted": False,
+                            "searchable": True,
+                            "aggregatable": True,
+                            "readFromDocValues": True})
+
     if debug:
       eprint('{} would have {} fields'.format(args.index, len(getFieldsList)))
 
diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index a584a4553..599975a29 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -43,16 +43,7 @@ filter {
             add_field => { "[dhcp][ouiCnt]" => "%{[srcOuiCnt]}" }
           }
         }
-
-        # an aggregate field with both src/dst oui (for asset inventory)
-        mutate { id => "mutate_merge_field_combined_oui_src"
-                 merge => { "[network][oui]" => "[zeek][orig_l2_oui]" } }
       }
-
-      # an aggregate field with both src/dst mac (for asset inventory)
-      mutate { id => "mutate_merge_field_combined_mac_src"
-               merge => { "[network][mac]" => "[srcMac]" } }
-
     } # end if [srcMac]
 
     if ([dstMac]) and ([dstMac][0]) {
@@ -73,33 +64,29 @@ filter {
                  merge => { "[dstOui]" => "[zeek][resp_l2_oui]" } }
         mutate { id => "mutate_add_field_dstOuiCnt"
                  add_field => { "[dstOuiCnt]" => "1" } }
-
-        # an aggregate field with both src/dst oui (for asset inventory)
-        mutate { id => "mutate_merge_field_combined_oui_dst"
-                 merge => { "[network][oui]" => "[zeek][resp_l2_oui]" } }
       }
+    } # end if [dstMac]
 
-      # an aggregate field with both src/dst mac (for asset inventory)
-      mutate { id => "mutate_merge_field_combined_mac_dst"
-               merge => { "[network][mac]" => "[dstMac]" } }
+  } # end if ENV_LOGSTASH_OUI_LOOKUP
 
-    } # end if [dstMac]
 
-    # deduplicate and clean up network.mac/network.oui
-    if ([network][mac]) {
-      ruby {
-        id => "ruby_network_mac_uniq"
-        code => "event.set('[network][mac]', (event.get('[network][mac]').map(&:downcase).uniq - ['ff:ff:ff:ff:ff:ff']))"
-      }
-    }
-    if ([network][oui]) {
-      ruby {
-        id => "ruby_network_oui_uniq"
-        code => "event.set('[network][oui]', event.get('[network][oui]').uniq)"
-      }
+  if ([dstMac]) or ([srcMac]) {
+    ruby {
+      id => "ruby_src_dst_mac_combine"
+      code => "
+        macMap = Hash.new
+        if (srcMacs = event.get('[srcMac]')) and (srcMacs.length > 0) and (srcMac = srcMacs[0]) and (srcMac != 'ff:ff:ff:ff:ff:ff') then
+          srcOui = 'unknown' unless (srcOui = event.get('[zeek][orig_l2_oui]'))
+          macMap[srcMac] = srcOui
+        end
+        if (dstMacs = event.get('[dstMac]')) and (dstMacs.length > 0) and (dstMac = dstMacs[0]) and (dstMac != 'ff:ff:ff:ff:ff:ff') then
+          dstOui = 'unknown' unless (dstOui = event.get('[zeek][resp_l2_oui]'))
+          macMap[dstMac] = dstOui
+        end
+      event.set('[network][mac_oui]', macMap) unless (macMap.length == 0)"
     }
+  }
 
-  } # end if ENV_LOGSTASH_OUI_LOOKUP
   ################################################################################################
 
   ######## IP address class tagging, GeoIP/ASN lookups, and reverse DNS###########################

From fab58892a2c082db538a555e12fe03332cb7f632 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 17 Feb 2020 11:36:34 -0700
Subject: [PATCH 096/183] Revert "experimenting with creating a merged
 network.mac_oui field that looks like this:"

This reverts commit 8bdcefaed5d2be765f994abc0959fd713d0ea451.
---
 kibana/scripts/kibana_index_refresh.py        | 17 -------
 logstash/pipelines/enrichment/11_lookups.conf | 47 ++++++++++++-------
 2 files changed, 30 insertions(+), 34 deletions(-)

diff --git a/kibana/scripts/kibana_index_refresh.py b/kibana/scripts/kibana_index_refresh.py
index dbda6f78f..7d0d1ada6 100755
--- a/kibana/scripts/kibana_index_refresh.py
+++ b/kibana/scripts/kibana_index_refresh.py
@@ -55,8 +55,6 @@ def main():
   parser.add_argument('-i', '--index', dest='index', metavar='<str>', type=str, default='sessions2-*', help='Index Pattern Name')
   parser.add_argument('-k', '--kibana', dest='url', metavar='<protocol://host:port>', type=str, default='http://localhost:5601/kibana', help='Kibana URL')
   parser.add_argument('-n', '--dry-run', dest='dryrun', type=str2bool, nargs='?', const=True, default=False, help="Dry run (no PUT)")
-  parser.add_argument('-f', '--filter-prefix', dest='filterPrefixes', type=str, nargs='*', default=['network.mac_oui.'], help="Exclude fields with these \"name\" prefixes")
-  parser.add_argument('-a', '--add-fields', dest='addFields', type=str, nargs='*', default=['network.mac_oui'], help="Add extra string fields with these \"name\" values")
   try:
     parser.error = parser.exit
     args = parser.parse_args()
@@ -103,21 +101,6 @@ def main():
                                               'meta_fields': ["_source","_id","_type","_index","_score"] })
     getFieldsResponse.raise_for_status()
     getFieldsList = getFieldsResponse.json()['fields']
-
-    # filter out the network.mac_oui.##:##:##:##:##:## from the fields for the index pattern
-    if isinstance(getFieldsList, list):
-      for namePrefix in args.filterPrefixes:
-        getFieldsList = [x for x in getFieldsList if ('name' in x) and (not x['name'].startswith(namePrefix))]
-
-    for addField in args.addFields:
-      getFieldsList.append({"name": addField,
-                            "type": "string",
-                            "esTypes": ["text"],
-                            "scripted": False,
-                            "searchable": True,
-                            "aggregatable": True,
-                            "readFromDocValues": True})
-
     if debug:
       eprint('{} would have {} fields'.format(args.index, len(getFieldsList)))
 
diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index 599975a29..a584a4553 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -43,7 +43,16 @@ filter {
             add_field => { "[dhcp][ouiCnt]" => "%{[srcOuiCnt]}" }
           }
         }
+
+        # an aggregate field with both src/dst oui (for asset inventory)
+        mutate { id => "mutate_merge_field_combined_oui_src"
+                 merge => { "[network][oui]" => "[zeek][orig_l2_oui]" } }
       }
+
+      # an aggregate field with both src/dst mac (for asset inventory)
+      mutate { id => "mutate_merge_field_combined_mac_src"
+               merge => { "[network][mac]" => "[srcMac]" } }
+
     } # end if [srcMac]
 
     if ([dstMac]) and ([dstMac][0]) {
@@ -64,29 +73,33 @@ filter {
                  merge => { "[dstOui]" => "[zeek][resp_l2_oui]" } }
         mutate { id => "mutate_add_field_dstOuiCnt"
                  add_field => { "[dstOuiCnt]" => "1" } }
+
+        # an aggregate field with both src/dst oui (for asset inventory)
+        mutate { id => "mutate_merge_field_combined_oui_dst"
+                 merge => { "[network][oui]" => "[zeek][resp_l2_oui]" } }
       }
-    } # end if [dstMac]
 
-  } # end if ENV_LOGSTASH_OUI_LOOKUP
+      # an aggregate field with both src/dst mac (for asset inventory)
+      mutate { id => "mutate_merge_field_combined_mac_dst"
+               merge => { "[network][mac]" => "[dstMac]" } }
 
+    } # end if [dstMac]
 
-  if ([dstMac]) or ([srcMac]) {
-    ruby {
-      id => "ruby_src_dst_mac_combine"
-      code => "
-        macMap = Hash.new
-        if (srcMacs = event.get('[srcMac]')) and (srcMacs.length > 0) and (srcMac = srcMacs[0]) and (srcMac != 'ff:ff:ff:ff:ff:ff') then
-          srcOui = 'unknown' unless (srcOui = event.get('[zeek][orig_l2_oui]'))
-          macMap[srcMac] = srcOui
-        end
-        if (dstMacs = event.get('[dstMac]')) and (dstMacs.length > 0) and (dstMac = dstMacs[0]) and (dstMac != 'ff:ff:ff:ff:ff:ff') then
-          dstOui = 'unknown' unless (dstOui = event.get('[zeek][resp_l2_oui]'))
-          macMap[dstMac] = dstOui
-        end
-      event.set('[network][mac_oui]', macMap) unless (macMap.length == 0)"
+    # deduplicate and clean up network.mac/network.oui
+    if ([network][mac]) {
+      ruby {
+        id => "ruby_network_mac_uniq"
+        code => "event.set('[network][mac]', (event.get('[network][mac]').map(&:downcase).uniq - ['ff:ff:ff:ff:ff:ff']))"
+      }
+    }
+    if ([network][oui]) {
+      ruby {
+        id => "ruby_network_oui_uniq"
+        code => "event.set('[network][oui]', event.get('[network][oui]').uniq)"
+      }
     }
-  }
 
+  } # end if ENV_LOGSTASH_OUI_LOOKUP
   ################################################################################################
 
   ######## IP address class tagging, GeoIP/ASN lookups, and reverse DNS###########################

From 38386e6430f1c9d3b1d7ebff2f4f29a2ac037b37 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 17 Feb 2020 11:40:51 -0700
Subject: [PATCH 097/183] Revert "merge src/dst mac/oui fields into network.mac
 and network.oui arrays, respectively to provide aggregated fields that can be
 used for asset inventory (issue 113)"

This reverts commit ae60cf27c82fbb6e3fa814601facbac3e06181b8.
---
 logstash/pipelines/enrichment/11_lookups.conf | 30 -------------------
 1 file changed, 30 deletions(-)

diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index a584a4553..722da6cec 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -43,16 +43,8 @@ filter {
             add_field => { "[dhcp][ouiCnt]" => "%{[srcOuiCnt]}" }
           }
         }
-
-        # an aggregate field with both src/dst oui (for asset inventory)
-        mutate { id => "mutate_merge_field_combined_oui_src"
-                 merge => { "[network][oui]" => "[zeek][orig_l2_oui]" } }
       }
 
-      # an aggregate field with both src/dst mac (for asset inventory)
-      mutate { id => "mutate_merge_field_combined_mac_src"
-               merge => { "[network][mac]" => "[srcMac]" } }
-
     } # end if [srcMac]
 
     if ([dstMac]) and ([dstMac][0]) {
@@ -73,32 +65,10 @@ filter {
                  merge => { "[dstOui]" => "[zeek][resp_l2_oui]" } }
         mutate { id => "mutate_add_field_dstOuiCnt"
                  add_field => { "[dstOuiCnt]" => "1" } }
-
-        # an aggregate field with both src/dst oui (for asset inventory)
-        mutate { id => "mutate_merge_field_combined_oui_dst"
-                 merge => { "[network][oui]" => "[zeek][resp_l2_oui]" } }
       }
 
-      # an aggregate field with both src/dst mac (for asset inventory)
-      mutate { id => "mutate_merge_field_combined_mac_dst"
-               merge => { "[network][mac]" => "[dstMac]" } }
-
     } # end if [dstMac]
 
-    # deduplicate and clean up network.mac/network.oui
-    if ([network][mac]) {
-      ruby {
-        id => "ruby_network_mac_uniq"
-        code => "event.set('[network][mac]', (event.get('[network][mac]').map(&:downcase).uniq - ['ff:ff:ff:ff:ff:ff']))"
-      }
-    }
-    if ([network][oui]) {
-      ruby {
-        id => "ruby_network_oui_uniq"
-        code => "event.set('[network][oui]', event.get('[network][oui]').uniq)"
-      }
-    }
-
   } # end if ENV_LOGSTASH_OUI_LOOKUP
   ################################################################################################
 

From cc99d7d93fff6fed811535cfa3d8d7bad750e6e3 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 18 Feb 2020 09:09:18 -0700
Subject: [PATCH 098/183] make installer work better for vms

---
 .../0912-virtual-desktop-tools.hook.chroot    | 18 ++++
 .../0990-remove-unwanted-pkg.hook.chroot      |  2 +-
 .../config/includes.binary/boot/grub/grub.cfg |  5 +
 .../install/preseed_vmware.cfg                | 91 +++++++++++++++++++
 .../package-lists/desktopmanager.list.chroot  |  2 +
 5 files changed, 117 insertions(+), 1 deletion(-)
 create mode 100755 malcolm-iso/config/hooks/normal/0912-virtual-desktop-tools.hook.chroot
 create mode 100644 malcolm-iso/config/includes.binary/install/preseed_vmware.cfg

diff --git a/malcolm-iso/config/hooks/normal/0912-virtual-desktop-tools.hook.chroot b/malcolm-iso/config/hooks/normal/0912-virtual-desktop-tools.hook.chroot
new file mode 100755
index 000000000..d94ea7c7e
--- /dev/null
+++ b/malcolm-iso/config/hooks/normal/0912-virtual-desktop-tools.hook.chroot
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# vmware
+apt-get -y --no-install-recommends install open-vm-tools-desktop
+
+# virtualbox
+apt-get  -y --no-install-recommends install curl devscripts build-essential debian-keyring equivs
+mkdir -p /tmp/vbox-guest-deb
+cd /tmp/vbox-guest-deb
+dget http://deb.debian.org/debian/pool/contrib/v/virtualbox/$(curl -fsL 'http://deb.debian.org/debian/pool/contrib/v/virtualbox/' | grep -P 'href="virtualbox_[^"]*?\.dsc' | tail -n 1 | grep -Po '"virtualbox_.+?"' | tr -d '"')
+cd virtualbox*dfsg/
+mkdir -p /usr/share/man/man1
+mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -ir
+VBOX_PKG_VERSION=$(export $(grep -P '^VBOX_VERSION_(MAJOR|MINOR|BUILD)' Version.kmk | tr -d ' ') && echo "$VBOX_VERSION_MAJOR.$VBOX_VERSION_MINOR.$VBOX_VERSION_BUILD")
+DEBFULLNAME='Seth Grover' DEBEMAIL='malcolm.netsec@gmail.com' dch -bv $VBOX_PKG_VERSION-dfsg-2~~bpo10+1 --distribution buster-backports --force-distribution 'Unofficial backport'
+dpkg-buildpackage -b
+cd /tmp/vbox-guest-deb
+ls virtualbox-guest-*.deb | grep -Pv "\-(source|dgbsym)" | xargs dpkg -i
\ No newline at end of file
diff --git a/malcolm-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot b/malcolm-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
index 936d054c7..a593f3220 100755
--- a/malcolm-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # remove development packages
-apt-get -y --purge remove checkinstall $(dpkg --get-selections | grep -v deinstall$ | cut -f1 | grep -P -- '-dev(:\w+)?$') || true
+apt-get -y --purge remove build-essential checkinstall devscripts debian-keyring equivs $(dpkg --get-selections | grep -v deinstall$ | cut -f1 | grep -P -- '-dev(:\w+)?$') || true
 
 # remove unwanted packages
 apt-get -y --purge remove bluez-firmware \
diff --git a/malcolm-iso/config/includes.binary/boot/grub/grub.cfg b/malcolm-iso/config/includes.binary/boot/grub/grub.cfg
index 299529456..37131c27c 100644
--- a/malcolm-iso/config/includes.binary/boot/grub/grub.cfg
+++ b/malcolm-iso/config/includes.binary/boot/grub/grub.cfg
@@ -39,6 +39,11 @@ menuentry "Install Malcolm Base (advanced configuration)" {
   initrd  /install/initrd.gz
 }
 
+menuentry "Install Malcolm Base (virtual machine single partition quick install)" {
+  linux /install/vmlinuz auto=true priority=high vga=normal locales=en_US.UTF-8 keyboard-layouts=us preseed/file=/cdrom/install/preseed_vmware.cfg
+  initrd  /install/initrd.gz
+}
+
 menuentry "Rescue system in text mode" {
   linux /install/vmlinuz rescue/enable=true vga=normal
   initrd  /install/initrd.gz
diff --git a/malcolm-iso/config/includes.binary/install/preseed_vmware.cfg b/malcolm-iso/config/includes.binary/install/preseed_vmware.cfg
new file mode 100644
index 000000000..3859de118
--- /dev/null
+++ b/malcolm-iso/config/includes.binary/install/preseed_vmware.cfg
@@ -0,0 +1,91 @@
+# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+
+d-i debian-installer/locale string en_US.UTF-8
+d-i console-setup/ask_detect boolean false
+d-i keyboard-configuration/xkb-keymap skip-config
+d-i keyboard-configuration/layout string "American English"
+
+d-i preseed/include string preseed_base.cfg
+
+###################################################################################################
+# install root filesystem on smallest non-USB disk
+
+d-i partman/early_command string \
+  ROOT_DISK=$(parted_devices | egrep "^($(find /sys/block -mindepth 1 -maxdepth 1 -type l \( -name '[hs]d*' -o -name 'nvme*' \) -exec ls -l '{}' ';' | grep -v "usb" | sed 's@^.*\([hs]d[a-z]\+\|nvme[0-9]\+\).*$@/dev/\1@' | sed -e :a -e '$!N; s/\n/|/; ta'))" | sort -k2n | head -1 | cut -f1); \
+  pvremove -ff -y "$ROOT_DISK"*; \
+  debconf-set partman-auto/disk "$ROOT_DISK"; \
+  debconf-set grub-installer/bootdev "$ROOT_DISK"; \
+  sed -i.bak 's/-f $id\/skip_erase/-d $id/g' /lib/partman/lib/crypto-base.sh;
+
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean true
+
+d-i partman-auto/method string lvm
+d-i partman-auto-lvm/new_vg_name string main
+d-i partman-auto-lvm/guided_size string max
+
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+
+d-i partman-md/device_remove_md boolean true
+d-i partman-md/confirm boolean true
+d-i partman-md/confirm_nooverwrite boolean true
+
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+d-i partman-basicmethods/method_only boolean false
+d-i partman-efi/non_efi_system boolean true
+
+d-i partman-basicfilesystems/choose_label string gpt
+d-i partman-basicfilesystems/default_label string gpt
+d-i partman-partitioning/choose_label string gpt
+d-i partman-partitioning/default_label string gpt
+d-i partman/choose_label string gpt
+d-i partman/default_label string gpt
+
+d-i partman/mount_style select uuid
+
+d-i partman-auto/choose_recipe select custom
+d-i partman-auto/expert_recipe string          \
+  custom ::                                    \
+     1 1 1 free                                \
+       $bios_boot{ }                           \
+       method{ biosgrub }                      \
+     .                                         \
+     256 256 256 fat32                         \
+       $primary{ }                             \
+       $iflabel{ gpt }                         \
+       $reusemethod{ }                         \
+       method{ efi } format{ }                 \
+       mountpoint{ /boot/efi }                 \
+     .                                         \
+     1024 1024 1024 ext4                       \
+       $primary{ }                             \
+       $bootable{ }                            \
+       method{ format }                        \
+       format{ }                               \
+       use_filesystem{ }                       \
+       filesystem{ ext4 }                      \
+       mountpoint{ /boot }                     \
+     .                                         \
+     150% 150% 150% linux-swap                 \
+       $defaultignore{ }                       \
+       $lvmok{ }                               \
+       in_vg { main } lv_name{ swap }          \
+       method{ swap }                          \
+       format{ }                               \
+     .                                         \
+     12000 16000 1000000000  ext4              \
+       $defaultignore{ }                       \
+       $lvmok{ }                               \
+       in_vg { main } lv_name{ root }          \
+       method{ format }                        \
+       format{ }                               \
+       use_filesystem{ }                       \
+       filesystem{ ext4 }                      \
+       mountpoint{ / }                         \
+     .
+###################################################################################################
diff --git a/malcolm-iso/config/package-lists/desktopmanager.list.chroot b/malcolm-iso/config/package-lists/desktopmanager.list.chroot
index b723e3c11..0a72bec56 100644
--- a/malcolm-iso/config/package-lists/desktopmanager.list.chroot
+++ b/malcolm-iso/config/package-lists/desktopmanager.list.chroot
@@ -1,6 +1,7 @@
 arandr
 dconf-cli
 fonts-noto-color-emoji
+libnotify-bin
 lightdm
 lxde
 lxpanel
@@ -13,5 +14,6 @@ xinit
 xorg
 xscreensaver
 xserver-xorg
+xserver-xorg-core
 xserver-xorg-video-qxl
 xserver-xorg-video-vmware

From f8b501fdba3c583b89d616749743b47b46f6c1a3 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 18 Feb 2020 14:15:14 -0700
Subject: [PATCH 099/183] build virtualbox guest debs in a clean environment

---
 malcolm-iso/build.sh                          | 12 +++++-
 .../package-lists/desktopmanager.list.chroot  |  1 +
 malcolm-iso/vagrant/Vagrantfile               |  5 +++
 malcolm-iso/vbox-guest-build/Dockerfile       | 18 ++++++++
 .../vbox-guest-build/build-docker-image.sh    | 11 +++++
 .../build-vboxguest-deb.sh}                   | 41 ++++++++++++++++---
 6 files changed, 82 insertions(+), 6 deletions(-)
 create mode 100644 malcolm-iso/vbox-guest-build/Dockerfile
 create mode 100755 malcolm-iso/vbox-guest-build/build-docker-image.sh
 rename malcolm-iso/{config/hooks/normal/0912-virtual-desktop-tools.hook.chroot => vbox-guest-build/build-vboxguest-deb.sh} (67%)

diff --git a/malcolm-iso/build.sh b/malcolm-iso/build.sh
index 9e9200dc8..bd3031951 100755
--- a/malcolm-iso/build.sh
+++ b/malcolm-iso/build.sh
@@ -80,8 +80,18 @@ if [ -d "$WORKDIR" ]; then
   echo "firmware-misc-nonfree=$(dpkg -s firmware-misc-nonfree | grep ^Version: | cut -d' ' -f2)" >> ./config/package-lists/kernel.list.chroot
   echo "firmware-amd-graphics=$(dpkg -s firmware-amd-graphics | grep ^Version: | cut -d' ' -f2)" >> ./config/package-lists/kernel.list.chroot
 
+  # virtualbox-guest .deb package(s) in its own clean environment (rather than in hooks/)
+  mkdir -p ./config/packages.chroot/
+  bash "$SCRIPT_PATH/vbox-guest-build/build-docker-image.sh"
+  docker run --rm -v "$SCRIPT_PATH"/vbox-guest-build:/build vboxguest-build:latest -o /build
+  rm -f "$SCRIPT_PATH/vbox-guest-build"/*-source*.deb \
+        "$SCRIPT_PATH/vbox-guest-build"/*-dbgsym*.deb \
+        "$SCRIPT_PATH/vbox-guest-build"/virtualbox_*.deb \
+        "$SCRIPT_PATH/vbox-guest-build"/virtualbox-qt_*.deb
+  mv "$SCRIPT_PATH/vbox-guest-build"/*.deb ./config/packages.chroot/
+
   # grab things from the Malcolm parent directory into /etc/skel so the user's got it set up in their home/Malcolm dir
-  pushd "$SCRIPT_PATH/.." >/dev/null 2>&1
+  pushd "$SCRIPT_PATH/.." >/dev/null 2>&10
   MALCOLM_DEST_DIR="$WORKDIR/work/$IMAGE_NAME-Live-Build/config/includes.chroot/etc/skel/Malcolm"
   mkdir -p "$MALCOLM_DEST_DIR"
   mkdir -p "$MALCOLM_DEST_DIR/nginx/certs/"
diff --git a/malcolm-iso/config/package-lists/desktopmanager.list.chroot b/malcolm-iso/config/package-lists/desktopmanager.list.chroot
index 0a72bec56..0c481d516 100644
--- a/malcolm-iso/config/package-lists/desktopmanager.list.chroot
+++ b/malcolm-iso/config/package-lists/desktopmanager.list.chroot
@@ -6,6 +6,7 @@ lightdm
 lxde
 lxpanel
 lxsession
+open-vm-tools-desktop
 x11-apps
 x11-session-utils
 x11-xfs-utils
diff --git a/malcolm-iso/vagrant/Vagrantfile b/malcolm-iso/vagrant/Vagrantfile
index 21dc10f21..0c4bbb6e6 100644
--- a/malcolm-iso/vagrant/Vagrantfile
+++ b/malcolm-iso/vagrant/Vagrantfile
@@ -46,5 +46,10 @@ Vagrant.configure("2") do |config|
     apt-get update
     apt-get install -y \
       rsync git live-build debootstrap xorriso squashfs-tools genisoimage pandoc imagemagick
+    curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
+    add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
+    apt-get update
+    sudo apt-get install -y docker-ce docker-ce-cli containerd.io
+    usermod -a -G docker vagrant
   STEP2
 end
diff --git a/malcolm-iso/vbox-guest-build/Dockerfile b/malcolm-iso/vbox-guest-build/Dockerfile
new file mode 100644
index 000000000..7ea971e6e
--- /dev/null
+++ b/malcolm-iso/vbox-guest-build/Dockerfile
@@ -0,0 +1,18 @@
+FROM debian:buster-slim
+
+# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+
+LABEL maintainer="malcolm.netsec@gmail.com"
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \
+  apt-get -q update && \
+  apt-get install -q -y --no-install-recommends \
+      curl devscripts build-essential debian-keyring equivs && \
+  apt-get clean && \
+  rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+ADD build-vboxguest-deb.sh /usr/local/bin/
+
+ENTRYPOINT ["/bin/bash", "/usr/local/bin/build-vboxguest-deb.sh"]
diff --git a/malcolm-iso/vbox-guest-build/build-docker-image.sh b/malcolm-iso/vbox-guest-build/build-docker-image.sh
new file mode 100755
index 000000000..e9e63c4fb
--- /dev/null
+++ b/malcolm-iso/vbox-guest-build/build-docker-image.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+
+# force-navigate to script directory
+SCRIPT_PATH="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+pushd "$SCRIPT_PATH" >/dev/null 2>&1
+
+docker build -t vboxguest-build:latest .
+
+popd >/dev/null 2>&1
diff --git a/malcolm-iso/config/hooks/normal/0912-virtual-desktop-tools.hook.chroot b/malcolm-iso/vbox-guest-build/build-vboxguest-deb.sh
similarity index 67%
rename from malcolm-iso/config/hooks/normal/0912-virtual-desktop-tools.hook.chroot
rename to malcolm-iso/vbox-guest-build/build-vboxguest-deb.sh
index d94ea7c7e..432d71620 100755
--- a/malcolm-iso/config/hooks/normal/0912-virtual-desktop-tools.hook.chroot
+++ b/malcolm-iso/vbox-guest-build/build-vboxguest-deb.sh
@@ -1,18 +1,49 @@
 #!/bin/bash
 
-# vmware
-apt-get -y --no-install-recommends install open-vm-tools-desktop
+# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+
+OUTPUT_DIR="/tmp"
+unset VERBOSE
+
+while getopts o:v opts; do
+   case ${opts} in
+      o) OUTPUT_DIR=${OPTARG} ;;
+      v) VERBOSE=1 ;;
+   esac
+done
+
+set -e
+if [[ -n $VERBOSE ]]; then
+  set -x
+fi
+
+apt-get -y -q update
 
-# virtualbox
-apt-get  -y --no-install-recommends install curl devscripts build-essential debian-keyring equivs
 mkdir -p /tmp/vbox-guest-deb
+
 cd /tmp/vbox-guest-deb
+
 dget http://deb.debian.org/debian/pool/contrib/v/virtualbox/$(curl -fsL 'http://deb.debian.org/debian/pool/contrib/v/virtualbox/' | grep -P 'href="virtualbox_[^"]*?\.dsc' | tail -n 1 | grep -Po '"virtualbox_.+?"' | tr -d '"')
+
 cd virtualbox*dfsg/
+
 mkdir -p /usr/share/man/man1
+
 mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -ir
+
 VBOX_PKG_VERSION=$(export $(grep -P '^VBOX_VERSION_(MAJOR|MINOR|BUILD)' Version.kmk | tr -d ' ') && echo "$VBOX_VERSION_MAJOR.$VBOX_VERSION_MINOR.$VBOX_VERSION_BUILD")
+
 DEBFULLNAME='Seth Grover' DEBEMAIL='malcolm.netsec@gmail.com' dch -bv $VBOX_PKG_VERSION-dfsg-2~~bpo10+1 --distribution buster-backports --force-distribution 'Unofficial backport'
+
 dpkg-buildpackage -b
+
 cd /tmp/vbox-guest-deb
-ls virtualbox-guest-*.deb | grep -Pv "\-(source|dgbsym)" | xargs dpkg -i
\ No newline at end of file
+
+ls -l *.deb && mv -v *.deb "$OUTPUT_DIR"/
+
+cd /tmp
+
+if [[ -n $VERBOSE ]]; then
+  set +x
+fi
+set +e

From 5b2d18a28e3f4f929ac7190a5673f65408ecc0ce Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 18 Feb 2020 14:30:00 -0700
Subject: [PATCH 100/183] fixed vagrantfile for malcolm build

---
 malcolm-iso/vagrant/Vagrantfile | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/malcolm-iso/vagrant/Vagrantfile b/malcolm-iso/vagrant/Vagrantfile
index 0c4bbb6e6..0e33ddca4 100644
--- a/malcolm-iso/vagrant/Vagrantfile
+++ b/malcolm-iso/vagrant/Vagrantfile
@@ -1,3 +1,5 @@
+# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+
 unless Vagrant.has_plugin?("vagrant-reload")
   raise 'vagrant-reload plugin is not installed!'
 end
@@ -32,6 +34,8 @@ Vagrant.configure("2") do |config|
     apt-get update
     apt-get dist-upgrade -y
     sed -i "s/main/main contrib non-free/g" /etc/apt/sources.list
+    echo "deb http://httpredir.debian.org/debian/ buster-backports main contrib non-free" >> /etc/apt/sources.list
+    echo "deb-src http://httpredir.debian.org/debian/ buster-backports main contrib non-free" >> /etc/apt/sources.list
     apt-get update
     export KERNEL_VERSION=$(apt-cache search linux-image-4 | grep -Pv -- '(-(rt|cloud)-amd64|amd64-(dbg|unsigned))' | sort -r --sort=version | awk '{print $1}' | head -n 1 | sed 's/^linux-image-//' | sed 's/-amd64$//')
     apt-get install -y \
@@ -45,7 +49,8 @@ Vagrant.configure("2") do |config|
     export DEBIAN_FRONTEND=noninteractive
     apt-get update
     apt-get install -y \
-      rsync git live-build debootstrap xorriso squashfs-tools genisoimage pandoc imagemagick
+      rsync git live-build debootstrap xorriso squashfs-tools genisoimage pandoc imagemagick \
+      apt-transport-https ca-certificates curl gnupg2 software-properties-common
     curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
     add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
     apt-get update

From a3d8e08721b4388bf7ed779e378331a5bd0d279e Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 18 Feb 2020 14:49:28 -0700
Subject: [PATCH 101/183] only keep vmware/virtualbox guest packages in the
 right environments

---
 malcolm-iso/config/includes.binary/install/preseed_base.cfg | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/malcolm-iso/config/includes.binary/install/preseed_base.cfg b/malcolm-iso/config/includes.binary/install/preseed_base.cfg
index feef22f77..3ec9193f1 100644
--- a/malcolm-iso/config/includes.binary/install/preseed_base.cfg
+++ b/malcolm-iso/config/includes.binary/install/preseed_base.cfg
@@ -34,6 +34,8 @@ d-i preseed/late_command string \
   echo 'deb http://security.debian.org/debian-security buster/updates main contrib non-free' >> /target/etc/apt/sources.list; \
   echo 'deb http://deb.debian.org/debian buster-updates main contrib non-free' >> /target/etc/apt/sources.list; \
   in-target bash /usr/local/bin/agg-init.sh; \
+  in-target bash -c "(dmidecode -s system-product-name | grep -q VMware) || apt-get purge -y open-vm-tools-desktop"; \
+  in-target bash -c "(dmidecode -s system-product-name | grep -q VirtualBox) || apt-get purge -y virtualbox-dkms* virtualbox-guest*"; \
   in-target sed -r -i 's@(^.+\s+/(tmp|var/tmp)\s+ext4\s+.*defaults)@\1,nosuid,nodev,noexec@g' /etc/fstab; \
   in-target sed -r -i 's@(^.+/media/cdrom[0-9]*.+)(noauto)(.*)@\1\2,nosuid,nodev,noexec\3@g' /etc/fstab; \
   in-target sed -r -i 's@(^.+\s+/(home)\s+ext4\s+.*defaults)@\1,nosuid,nodev@g' /etc/fstab; \

From aca19a0057329baf750d90cdc01958766cdc4e54 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 18 Feb 2020 15:10:13 -0700
Subject: [PATCH 102/183] increase build memory requirements

---
 malcolm-iso/vagrant/Vagrantfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/malcolm-iso/vagrant/Vagrantfile b/malcolm-iso/vagrant/Vagrantfile
index 0e33ddca4..6b7b470b9 100644
--- a/malcolm-iso/vagrant/Vagrantfile
+++ b/malcolm-iso/vagrant/Vagrantfile
@@ -25,7 +25,7 @@ Vagrant.configure("2") do |config|
   end
 
   config.vm.provider "virtualbox" do |vb|
-    vb.memory = "4096"
+    vb.memory = "8192"
     vb.cpus = 4
   end
 

From 46314d5e2c28fe84f42cd4f19c0e10175b7f99a5 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 19 Feb 2020 10:40:08 -0700
Subject: [PATCH 103/183] fix typo

---
 malcolm-iso/build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/malcolm-iso/build.sh b/malcolm-iso/build.sh
index bd3031951..229d1206c 100755
--- a/malcolm-iso/build.sh
+++ b/malcolm-iso/build.sh
@@ -91,7 +91,7 @@ if [ -d "$WORKDIR" ]; then
   mv "$SCRIPT_PATH/vbox-guest-build"/*.deb ./config/packages.chroot/
 
   # grab things from the Malcolm parent directory into /etc/skel so the user's got it set up in their home/Malcolm dir
-  pushd "$SCRIPT_PATH/.." >/dev/null 2>&10
+  pushd "$SCRIPT_PATH/.." >/dev/null 2>&1
   MALCOLM_DEST_DIR="$WORKDIR/work/$IMAGE_NAME-Live-Build/config/includes.chroot/etc/skel/Malcolm"
   mkdir -p "$MALCOLM_DEST_DIR"
   mkdir -p "$MALCOLM_DEST_DIR/nginx/certs/"

From 482fd7b44740110bd811b05d466ea5cd436d9354 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 19 Feb 2020 15:05:40 -0700
Subject: [PATCH 104/183] updating sensor-iso to match malcolm-iso

---
 malcolm-iso/build.sh                          | 18 ++--
 .../0990-remove-unwanted-pkg.hook.chroot      |  3 +-
 .../includes.binary/install/preseed_base.cfg  |  2 +-
 .../config/package-lists/system.list.chroot   |  1 +
 sensor-iso/build.sh                           | 12 +++
 .../0990-remove-unwanted-pkg.hook.chroot      |  3 +-
 .../config/includes.binary/boot/grub/grub.cfg |  5 ++
 .../includes.binary/install/preseed_base.cfg  |  2 +
 .../install/preseed_vmware.cfg                | 90 +++++++++++++++++++
 .../package-lists/desktopmanager.list.chroot  |  3 +
 .../config/package-lists/system.list.chroot   |  1 +
 sensor-iso/vagrant/Vagrantfile                |  2 +-
 .../vbox-guest-build/Dockerfile               |  0
 .../vbox-guest-build/build-docker-image.sh    |  0
 .../vbox-guest-build/build-vboxguest-deb.sh   |  0
 15 files changed, 128 insertions(+), 14 deletions(-)
 create mode 100644 sensor-iso/config/includes.binary/install/preseed_vmware.cfg
 rename {malcolm-iso => shared}/vbox-guest-build/Dockerfile (100%)
 rename {malcolm-iso => shared}/vbox-guest-build/build-docker-image.sh (100%)
 rename {malcolm-iso => shared}/vbox-guest-build/build-vboxguest-deb.sh (100%)

diff --git a/malcolm-iso/build.sh b/malcolm-iso/build.sh
index 229d1206c..25fd8803a 100755
--- a/malcolm-iso/build.sh
+++ b/malcolm-iso/build.sh
@@ -50,6 +50,7 @@ if [ -d "$WORKDIR" ]; then
   mkdir -p ./output "./work/$IMAGE_NAME-Live-Build"
   pushd "./work/$IMAGE_NAME-Live-Build" >/dev/null 2>&1
   rsync -a "$SCRIPT_PATH/config" .
+  rsync -a "$SCRIPT_PATH/../shared/vbox-guest-build" .
 
   mkdir -p ./config/hooks/live
   pushd ./config/hooks/live
@@ -82,13 +83,14 @@ if [ -d "$WORKDIR" ]; then
 
   # virtualbox-guest .deb package(s) in its own clean environment (rather than in hooks/)
   mkdir -p ./config/packages.chroot/
-  bash "$SCRIPT_PATH/vbox-guest-build/build-docker-image.sh"
-  docker run --rm -v "$SCRIPT_PATH"/vbox-guest-build:/build vboxguest-build:latest -o /build
-  rm -f "$SCRIPT_PATH/vbox-guest-build"/*-source*.deb \
-        "$SCRIPT_PATH/vbox-guest-build"/*-dbgsym*.deb \
-        "$SCRIPT_PATH/vbox-guest-build"/virtualbox_*.deb \
-        "$SCRIPT_PATH/vbox-guest-build"/virtualbox-qt_*.deb
-  mv "$SCRIPT_PATH/vbox-guest-build"/*.deb ./config/packages.chroot/
+  bash ./vbox-guest-build/build-docker-image.sh
+  docker run --rm -v "$(pwd)"/vbox-guest-build:/build vboxguest-build:latest -o /build
+  rm -f ./vbox-guest-build/*-source*.deb \
+        ./vbox-guest-build/*-dbgsym*.deb \
+        ./vbox-guest-build/virtualbox_*.deb \
+        ./vbox-guest-build/virtualbox-dkms_*.deb \
+        ./vbox-guest-build/virtualbox-qt_*.deb
+  mv ./vbox-guest-build/*.deb ./config/packages.chroot/
 
   # grab things from the Malcolm parent directory into /etc/skel so the user's got it set up in their home/Malcolm dir
   pushd "$SCRIPT_PATH/.." >/dev/null 2>&1
@@ -170,7 +172,7 @@ if [ -d "$WORKDIR" ]; then
     --bootloaders "syslinux,grub-efi" \
     --memtest none \
     --chroot-filesystem squashfs \
-    --backports false \
+    --backports true \
     --security true \
     --updates true \
     --source false \
diff --git a/malcolm-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot b/malcolm-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
index a593f3220..42a615b15 100755
--- a/malcolm-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # remove development packages
-apt-get -y --purge remove build-essential checkinstall devscripts debian-keyring equivs $(dpkg --get-selections | grep -v deinstall$ | cut -f1 | grep -P -- '-dev(:\w+)?$') || true
+apt-get -y --purge remove build-essential $(dpkg --get-selections | grep -v deinstall$ | cut -f1 | grep -P -- '-dev(:\w+)?$' | grep -Pv -- '^(dpkg|libgcc)') || true
 
 # remove unwanted packages
 apt-get -y --purge remove bluez-firmware \
@@ -10,7 +10,6 @@ apt-get -y --purge remove bluez-firmware \
                           enchant \
                           ffmpeg \
                           gnome-accessibility-themes \
-                          gnome-user-guide \
                           gucharmap \
                           libasound2-plugins \
                           libcupsfilters1 \
diff --git a/malcolm-iso/config/includes.binary/install/preseed_base.cfg b/malcolm-iso/config/includes.binary/install/preseed_base.cfg
index 3ec9193f1..df10fa301 100644
--- a/malcolm-iso/config/includes.binary/install/preseed_base.cfg
+++ b/malcolm-iso/config/includes.binary/install/preseed_base.cfg
@@ -35,7 +35,7 @@ d-i preseed/late_command string \
   echo 'deb http://deb.debian.org/debian buster-updates main contrib non-free' >> /target/etc/apt/sources.list; \
   in-target bash /usr/local/bin/agg-init.sh; \
   in-target bash -c "(dmidecode -s system-product-name | grep -q VMware) || apt-get purge -y open-vm-tools-desktop"; \
-  in-target bash -c "(dmidecode -s system-product-name | grep -q VirtualBox) || apt-get purge -y virtualbox-dkms* virtualbox-guest*"; \
+  in-target bash -c "(dmidecode -s system-product-name | grep -q VirtualBox) || apt-get purge -y virtualbox-guest*"; \
   in-target sed -r -i 's@(^.+\s+/(tmp|var/tmp)\s+ext4\s+.*defaults)@\1,nosuid,nodev,noexec@g' /etc/fstab; \
   in-target sed -r -i 's@(^.+/media/cdrom[0-9]*.+)(noauto)(.*)@\1\2,nosuid,nodev,noexec\3@g' /etc/fstab; \
   in-target sed -r -i 's@(^.+\s+/(home)\s+ext4\s+.*defaults)@\1,nosuid,nodev@g' /etc/fstab; \
diff --git a/malcolm-iso/config/package-lists/system.list.chroot b/malcolm-iso/config/package-lists/system.list.chroot
index 8de13da7c..d66ceecfc 100644
--- a/malcolm-iso/config/package-lists/system.list.chroot
+++ b/malcolm-iso/config/package-lists/system.list.chroot
@@ -26,6 +26,7 @@ cryptsetup-bin
 curl
 debsums
 dialog
+dmidecode
 dosfstools
 ebtables
 efibootmgr
diff --git a/sensor-iso/build.sh b/sensor-iso/build.sh
index b3220fa46..a117af27d 100755
--- a/sensor-iso/build.sh
+++ b/sensor-iso/build.sh
@@ -38,6 +38,7 @@ if [ -d "$WORKDIR" ]; then
   mkdir -p ./output "./work/$IMAGE_NAME-Live-Build"
   pushd "./work/$IMAGE_NAME-Live-Build" >/dev/null 2>&1
   rsync -a "$SCRIPT_PATH/config" .
+  rsync -a "$SCRIPT_PATH/../shared/vbox-guest-build" .
 
   mkdir -p ./config/hooks/live
   pushd ./config/hooks/live
@@ -83,6 +84,17 @@ if [ -d "$WORKDIR" ]; then
   echo "firmware-misc-nonfree=$(dpkg -s firmware-misc-nonfree | grep ^Version: | cut -d' ' -f2)" >> ./config/package-lists/kernel.list.chroot
   echo "firmware-amd-graphics=$(dpkg -s firmware-amd-graphics | grep ^Version: | cut -d' ' -f2)" >> ./config/package-lists/kernel.list.chroot
 
+  # virtualbox-guest .deb package(s) in its own clean environment (rather than in hooks/)
+  mkdir -p ./config/packages.chroot/
+  bash ./vbox-guest-build/build-docker-image.sh
+  docker run --rm -v "$(pwd)"/vbox-guest-build:/build vboxguest-build:latest -o /build
+  rm -f ./vbox-guest-build/*-source*.deb \
+        ./vbox-guest-build/*-dbgsym*.deb \
+        ./vbox-guest-build/virtualbox_*.deb \
+        ./vbox-guest-build/virtualbox-dkms_*.deb \
+        ./vbox-guest-build/virtualbox-qt_*.deb
+  mv ./vbox-guest-build/*.deb ./config/packages.chroot/
+
   # copy the interface code into place for the resultant image
   mkdir -p ./config/includes.chroot/opt
   rsync -a "$SCRIPT_PATH/interface/" ./config/includes.chroot/opt/sensor/
diff --git a/sensor-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot b/sensor-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
index 16774d7f4..457c3bb6c 100755
--- a/sensor-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
@@ -4,7 +4,7 @@
 
 # remove development packages
 apt-get -y --purge remove checkinstall cmake gdb git libc6-dbg ninja-build \
-                    $(dpkg --get-selections | grep -Pv "(^libyaml-dev|deinstall$)" | cut -f1 | grep -P -- '-dev(:\w+)?$') || true
+                    $(dpkg --get-selections | grep -Pv "(^(libyaml-dev|dpkg|libgcc)|deinstall$)" | cut -f1 | grep -P -- '-dev(:\w+)?$') || true
 
 # remove unwanted packages
 apt-get -y --purge remove bluez-firmware \
@@ -13,7 +13,6 @@ apt-get -y --purge remove bluez-firmware \
                           enchant \
                           ffmpeg \
                           gnome-accessibility-themes \
-                          gnome-user-guide \
                           gucharmap \
                           libasound2-plugins \
                           libcupsfilters1 \
diff --git a/sensor-iso/config/includes.binary/boot/grub/grub.cfg b/sensor-iso/config/includes.binary/boot/grub/grub.cfg
index 59d92e57a..3e9fc23e8 100644
--- a/sensor-iso/config/includes.binary/boot/grub/grub.cfg
+++ b/sensor-iso/config/includes.binary/boot/grub/grub.cfg
@@ -46,6 +46,11 @@ menuentry "Install Hedgehog Linux (advanced configuration)" {
   initrd  /install/initrd.gz
 }
 
+menuentry "Install Hedgehog Linux (virtual machine single partition quick install)" {
+  linux /install/vmlinuz auto=true priority=critical vga=normal locales=en_US.UTF-8 keyboard-layouts=us preseed/file=/cdrom/install/preseed_vmware.cfg
+  initrd  /install/initrd.gz
+}
+
 menuentry "Rescue system in text mode" {
   linux /install/vmlinuz rescue/enable=true vga=normal
   initrd  /install/initrd.gz
diff --git a/sensor-iso/config/includes.binary/install/preseed_base.cfg b/sensor-iso/config/includes.binary/install/preseed_base.cfg
index cfa125cf4..a1fdf360b 100644
--- a/sensor-iso/config/includes.binary/install/preseed_base.cfg
+++ b/sensor-iso/config/includes.binary/install/preseed_base.cfg
@@ -37,6 +37,8 @@ d-i preseed/late_command string \
   echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' >> /target/etc/apt/sources.list; \
   in-target touch /etc/capture_storage_format; \
   in-target bash /usr/local/bin/sensor-init.sh; \
+  in-target bash -c "(dmidecode -s system-product-name | grep -q VMware) || apt-get purge -y open-vm-tools-desktop"; \
+  in-target bash -c "(dmidecode -s system-product-name | grep -q VirtualBox) || apt-get purge -y virtualbox-guest*"; \
   in-target sed -r -i 's@(^.+\s+/(tmp|var/tmp)\s+ext4\s+.*defaults)@\1,nosuid,nodev,noexec@g' /etc/fstab; \
   in-target sed -r -i 's@(^.+/media/cdrom[0-9]*.+)(noauto)(.*)@\1\2,nosuid,nodev,noexec\3@g' /etc/fstab; \
   in-target sed -r -i 's@(^.+\s+/(home)\s+ext4\s+.*defaults)@\1,nosuid,nodev@g' /etc/fstab; \
diff --git a/sensor-iso/config/includes.binary/install/preseed_vmware.cfg b/sensor-iso/config/includes.binary/install/preseed_vmware.cfg
new file mode 100644
index 000000000..097fbb754
--- /dev/null
+++ b/sensor-iso/config/includes.binary/install/preseed_vmware.cfg
@@ -0,0 +1,90 @@
+# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+
+d-i debian-installer/locale string en_US.UTF-8
+d-i console-setup/ask_detect boolean false
+d-i keyboard-configuration/xkb-keymap skip-config
+d-i keyboard-configuration/layout string "American English"
+
+d-i preseed/include string preseed_base.cfg
+
+###################################################################################################
+# install root filesystem on smallest non-USB disk
+
+d-i partman/early_command string \
+  SENSOR_ROOT_DISK=$(parted_devices | egrep "^($(find /sys/block -mindepth 1 -maxdepth 1 -type l \( -name '[hs]d*' -o -name 'nvme*' \) -exec ls -l '{}' ';' | grep -v "usb" | sed 's@^.*\([hs]d[a-z]\+\|nvme[0-9]\+\).*$@/dev/\1@' | sed -e :a -e '$!N; s/\n/|/; ta'))" | sort -k2n | head -1 | cut -f1); \
+  pvremove -ff -y "$SENSOR_ROOT_DISK"*; \
+  debconf-set partman-auto/disk "$SENSOR_ROOT_DISK"; \
+  debconf-set grub-installer/bootdev "$SENSOR_ROOT_DISK"; \
+  sed -i.bak 's/-f $id\/skip_erase/-d $id/g' /lib/partman/lib/crypto-base.sh;
+
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean true
+
+d-i partman-auto/method string lvm
+d-i partman-auto-lvm/new_vg_name string main
+
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+
+d-i partman-md/device_remove_md boolean true
+d-i partman-md/confirm boolean true
+d-i partman-md/confirm_nooverwrite boolean true
+
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+d-i partman-basicmethods/method_only boolean false
+d-i partman-efi/non_efi_system boolean true
+
+d-i partman-basicfilesystems/choose_label string gpt
+d-i partman-basicfilesystems/default_label string gpt
+d-i partman-partitioning/choose_label string gpt
+d-i partman-partitioning/default_label string gpt
+d-i partman/choose_label string gpt
+d-i partman/default_label string gpt
+
+d-i partman/mount_style select uuid
+
+d-i partman-auto/choose_recipe select custom
+d-i partman-auto/expert_recipe string          \
+  custom ::                                    \
+     1 1 1 free                                \
+       $bios_boot{ }                           \
+       method{ biosgrub }                      \
+     .                                         \
+     256 256 256 fat32                         \
+       $primary{ }                             \
+       $iflabel{ gpt }                         \
+       $reusemethod{ }                         \
+       method{ efi } format{ }                 \
+       mountpoint{ /boot/efi }                 \
+     .                                         \
+     1024 1024 1024 ext4                       \
+       $primary{ }                             \
+       $bootable{ }                            \
+       method{ format }                        \
+       format{ }                               \
+       use_filesystem{ }                       \
+       filesystem{ ext4 }                      \
+       mountpoint{ /boot }                     \
+     .                                         \
+     150% 150% 150% linux-swap                 \
+       $defaultignore{ }                       \
+       $lvmok{ }                               \
+       in_vg { main } lv_name{ swap }          \
+       method{ swap }                          \
+       format{ }                               \
+     .                                         \
+     12000 16000 1000000000  ext4              \
+       $defaultignore{ }                       \
+       $lvmok{ }                               \
+       in_vg { main } lv_name{ root }          \
+       method{ format }                        \
+       format{ }                               \
+       use_filesystem{ }                       \
+       filesystem{ ext4 }                      \
+       mountpoint{ / }                         \
+     .
+###################################################################################################
diff --git a/sensor-iso/config/package-lists/desktopmanager.list.chroot b/sensor-iso/config/package-lists/desktopmanager.list.chroot
index b723e3c11..0c481d516 100644
--- a/sensor-iso/config/package-lists/desktopmanager.list.chroot
+++ b/sensor-iso/config/package-lists/desktopmanager.list.chroot
@@ -1,10 +1,12 @@
 arandr
 dconf-cli
 fonts-noto-color-emoji
+libnotify-bin
 lightdm
 lxde
 lxpanel
 lxsession
+open-vm-tools-desktop
 x11-apps
 x11-session-utils
 x11-xfs-utils
@@ -13,5 +15,6 @@ xinit
 xorg
 xscreensaver
 xserver-xorg
+xserver-xorg-core
 xserver-xorg-video-qxl
 xserver-xorg-video-vmware
diff --git a/sensor-iso/config/package-lists/system.list.chroot b/sensor-iso/config/package-lists/system.list.chroot
index ca08b864b..81fc4b843 100644
--- a/sensor-iso/config/package-lists/system.list.chroot
+++ b/sensor-iso/config/package-lists/system.list.chroot
@@ -33,6 +33,7 @@ cryptsetup-bin
 curl
 debsums
 dialog
+dmidecode
 dosfstools
 ebtables
 efibootmgr
diff --git a/sensor-iso/vagrant/Vagrantfile b/sensor-iso/vagrant/Vagrantfile
index d2869545d..f04723742 100644
--- a/sensor-iso/vagrant/Vagrantfile
+++ b/sensor-iso/vagrant/Vagrantfile
@@ -25,7 +25,7 @@ Vagrant.configure("2") do |config|
   end
 
   config.vm.provider "virtualbox" do |vb|
-    vb.memory = "4096"
+    vb.memory = "8192"
     vb.cpus = 4
   end
 
diff --git a/malcolm-iso/vbox-guest-build/Dockerfile b/shared/vbox-guest-build/Dockerfile
similarity index 100%
rename from malcolm-iso/vbox-guest-build/Dockerfile
rename to shared/vbox-guest-build/Dockerfile
diff --git a/malcolm-iso/vbox-guest-build/build-docker-image.sh b/shared/vbox-guest-build/build-docker-image.sh
similarity index 100%
rename from malcolm-iso/vbox-guest-build/build-docker-image.sh
rename to shared/vbox-guest-build/build-docker-image.sh
diff --git a/malcolm-iso/vbox-guest-build/build-vboxguest-deb.sh b/shared/vbox-guest-build/build-vboxguest-deb.sh
similarity index 100%
rename from malcolm-iso/vbox-guest-build/build-vboxguest-deb.sh
rename to shared/vbox-guest-build/build-vboxguest-deb.sh

From dbe21f1b04cb580a6104b23a838ddacd7c5dea60 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 20 Feb 2020 07:30:42 -0700
Subject: [PATCH 105/183] fix relative path

---
 sensor-iso/build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sensor-iso/build.sh b/sensor-iso/build.sh
index a117af27d..0a18877f6 100755
--- a/sensor-iso/build.sh
+++ b/sensor-iso/build.sh
@@ -38,7 +38,7 @@ if [ -d "$WORKDIR" ]; then
   mkdir -p ./output "./work/$IMAGE_NAME-Live-Build"
   pushd "./work/$IMAGE_NAME-Live-Build" >/dev/null 2>&1
   rsync -a "$SCRIPT_PATH/config" .
-  rsync -a "$SCRIPT_PATH/../shared/vbox-guest-build" .
+  rsync -a "$SCRIPT_PATH/shared/vbox-guest-build" .
 
   mkdir -p ./config/hooks/live
   pushd ./config/hooks/live

From ff9484f12d623ad1e45c6f6748364d81667a63ba Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 20 Feb 2020 13:46:46 -0700
Subject: [PATCH 106/183] removed docker-gen in nginx container, we're not
 using it any more

---
 Dockerfiles/nginx.Dockerfile            |  6 +-----
 docker-compose-standalone-zeek-live.yml |  1 -
 docker-compose-standalone.yml           |  1 -
 docker-compose.yml                      |  1 -
 nginx/supervisord.conf                  | 10 ----------
 5 files changed, 1 insertion(+), 18 deletions(-)

diff --git a/Dockerfiles/nginx.Dockerfile b/Dockerfiles/nginx.Dockerfile
index fc8d8388e..7a5d18918 100644
--- a/Dockerfiles/nginx.Dockerfile
+++ b/Dockerfiles/nginx.Dockerfile
@@ -72,7 +72,6 @@ ENV DOCKER_GEN_VERSION=0.7.4
 ENV NGINX_AUTH_LDAP_BRANCH=master
 ENV NGINX_AUTH_PAM_BRANCH=master
 
-ADD https://github.com/jwilder/docker-gen/releases/download/$DOCKER_GEN_VERSION/docker-gen-alpine-linux-amd64-$DOCKER_GEN_VERSION.tar.gz /docker-gen-alpine-linux-amd64-$DOCKER_GEN_VERSION.tar.gz
 ADD https://codeload.github.com/kvspb/nginx-auth-ldap/tar.gz/$NGINX_AUTH_LDAP_BRANCH /nginx-auth-ldap.tar.gz
 ADD https://codeload.github.com/sto/ngx_http_auth_pam_module/tar.gz/$NGINX_AUTH_PAM_BRANCH /ngx_http_auth_pam_module.tar.gz
 ADD http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz /nginx.tar.gz
@@ -201,12 +200,11 @@ RUN set -x ; \
   apk add --no-cache --virtual .nginx-rundeps $runDeps ca-certificates bash wget openssl apache2-utils openldap linux-pam nss-pam-ldapd supervisor tzdata; \
   update-ca-certificates; \
   apk add --no-cache --allow-untrusted /tmp/stunnel-*.apk; \
-  tar -C /usr/local/bin -xzf /docker-gen-alpine-linux-amd64-$DOCKER_GEN_VERSION.tar.gz; \
   apk del .nginx-build-deps ; \
   apk del .gettext ; \
   mv /tmp/envsubst /usr/local/bin/ ; \
   mkdir -p /var/log/supervisor ; \
-  rm -rf /usr/src/* /var/tmp/* /var/cache/apk/* /tmp/stunnel-*.apk /nginx.tar.gz /nginx-auth-ldap.tar.gz /ngx_http_auth_pam_module.tar.gz /docker-gen-alpine-linux-amd64-$DOCKER_GEN_VERSION.tar.gz; \
+  rm -rf /usr/src/* /var/tmp/* /var/cache/apk/* /tmp/stunnel-*.apk /nginx.tar.gz /nginx-auth-ldap.tar.gz /ngx_http_auth_pam_module.tar.gz; \
   touch /etc/nginx/nginx_ldap.conf /etc/nginx/nginx_blank.conf;
 
 COPY --from=jwilder/nginx-proxy:alpine /app/nginx.tmpl /etc/nginx/
@@ -220,8 +218,6 @@ ADD docs/images/icon/favicon.ico /etc/nginx/favicon.ico
 
 EXPOSE 80
 
-ENV DOCKER_HOST unix:///tmp/docker.sock
-
 VOLUME ["/etc/nginx/certs", "/etc/nginx/dhparam"]
 
 ENTRYPOINT ["/usr/local/bin/docker_entrypoint.sh"]
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 273708ecb..83b156a74 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -399,7 +399,6 @@ services:
       - "9600:9600"
     volumes:
       - nginx-log-path:/var/log/nginx:rw
-      - /var/run/docker.sock:/tmp/docker.sock:ro
       - ./nginx/nginx_ldap.conf:/etc/nginx/nginx_ldap.conf:ro
       - ./nginx/htpasswd:/etc/nginx/.htpasswd:ro
       - ./nginx/certs:/etc/nginx/certs:ro
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index b5108b7ec..d77e472f0 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -399,7 +399,6 @@ services:
       - "9600:9600"
     volumes:
       - nginx-log-path:/var/log/nginx:rw
-      - /var/run/docker.sock:/tmp/docker.sock:ro
       - ./nginx/nginx_ldap.conf:/etc/nginx/nginx_ldap.conf:ro
       - ./nginx/htpasswd:/etc/nginx/.htpasswd:ro
       - ./nginx/certs:/etc/nginx/certs:ro
diff --git a/docker-compose.yml b/docker-compose.yml
index f5d6a913a..c6825f998 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -450,7 +450,6 @@ services:
       - "9600:9600"
     volumes:
       - nginx-log-path:/var/log/nginx:rw
-      - /var/run/docker.sock:/tmp/docker.sock:ro
       - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./nginx/nginx_ldap.conf:/etc/nginx/nginx_ldap.conf:ro
       - ./nginx/htpasswd:/etc/nginx/.htpasswd:ro
diff --git a/nginx/supervisord.conf b/nginx/supervisord.conf
index 81ae1d8aa..6767fbcef 100644
--- a/nginx/supervisord.conf
+++ b/nginx/supervisord.conf
@@ -50,16 +50,6 @@ stderr_logfile=/dev/null
 stdout_logfile_maxbytes=0
 redirect_stderr=false
 
-[program:dockergen]
-command=/usr/local/bin/docker-gen -watch -notify "nginx -s reload" /etc/nginx/nginx.tmpl /etc/nginx/conf.d/default.conf
-startsecs=5
-startretries=2000000000
-stopasgroup=true
-killasgroup=true
-stdout_logfile=/dev/fd/1
-stdout_logfile_maxbytes=0
-redirect_stderr=true
-
 [program:stunnel]
 command=/usr/bin/stunnel /etc/stunnel/stunnel.conf
 startsecs=10

From 1b1fb7cbf73f3b5a3401e45024ac64d608a1e43c Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 20 Feb 2020 13:47:05 -0700
Subject: [PATCH 107/183] update software saved search

---
 .../87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json | 105 +++++++++---------
 1 file changed, 53 insertions(+), 52 deletions(-)

diff --git a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
index bf2bbf959..8612e139d 100644
--- a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
+++ b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
@@ -4,13 +4,13 @@
     {
       "id": "87d990cc-9e0b-41e5-b8fe-b10ae1da0c85",
       "type": "dashboard",
-      "updated_at": "2020-02-12T15:46:24.829Z",
-      "version": "Wzg1NCwxXQ==",
+      "updated_at": "2020-02-20T20:23:48.015Z",
+      "version": "WzExNzUsMV0=",
       "attributes": {
         "title": "Software",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"w\":48,\"h\":40,\"x\":0,\"y\":44,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"zeek_software.name\",\"zeek_software.software_type\"],\"sort\":[\"firstPacket\",\"desc\"]},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"w\":40,\"h\":36,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":36,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":36,\"i\":\"f99c68bd-2da6-41d5-bbd1-45f85e79526c\"},\"panelIndex\":\"f99c68bd-2da6-41d5-bbd1-45f85e79526c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -31,18 +31,18 @@
         },
         {
           "name": "panel_2",
-          "type": "search",
-          "id": "7d54b196-5c2b-485e-9798-f116fb668413"
+          "type": "visualization",
+          "id": "AWDHEKJUxQT5EBNmq4jW"
         },
         {
           "name": "panel_3",
           "type": "visualization",
-          "id": "AWDHEKJUxQT5EBNmq4jW"
+          "id": "bb882862-2f74-440a-bb62-41a9dca2b463"
         },
         {
           "name": "panel_4",
-          "type": "visualization",
-          "id": "bb882862-2f74-440a-bb62-41a9dca2b463"
+          "type": "search",
+          "id": "7d54b196-5c2b-485e-9798-f116fb668413"
         }
       ],
       "migrationVersion": {
@@ -52,8 +52,8 @@
     {
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:01:05.290Z",
-      "version": "Wzc5NiwxXQ==",
+      "updated_at": "2020-02-20T19:39:06.465Z",
+      "version": "WzY0MSwxXQ==",
       "attributes": {
         "title": "Zeek Logs",
         "visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/kibana#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](/kibana/app/kibana#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](/kibana/app/kibana#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Connections](/kibana/app/kibana#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Files](/kibana/app/kibana#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](/kibana/app/kibana#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](/kibana/app/kibana#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n\\n[Notices](/kibana/app/kibana#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Weird](/kibana/app/kibana#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](/kibana/app/kibana#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Intel Feeds](/kibana/app/kibana#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/kibana#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](/kibana/app/kibana#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](/kibana/app/kibana#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](/kibana/app/kibana#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b)   ●   [HTTP](/kibana/app/kibana#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876)   ●   [IRC](/kibana/app/kibana#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](/kibana/app/kibana#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](/kibana/app/kibana#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MySQL](/kibana/app/kibana#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](/kibana/app/kibana#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](/kibana/app/kibana#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [QUIC](/kibana/app/kibana#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](/kibana/app/kibana#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](/kibana/app/kibana#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](/kibana/app/kibana#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](/kibana/app/kibana#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](/kibana/app/kibana#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](/kibana/app/kibana#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](/kibana/app/kibana#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](/kibana/app/kibana#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](/kibana/app/kibana#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/kibana#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [Syslog](/kibana/app/kibana#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](/kibana/app/kibana#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/kibana#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/kibana#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Tunnels](/kibana/app/kibana#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/kibana#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [DNP3](/kibana/app/kibana#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherNet/IP](/kibana/app/kibana#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [Modbus](/kibana/app/kibana#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [MQTT](/kibana/app/kibana#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [PROFINET](/kibana/app/kibana#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](/kibana/app/kibana#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
@@ -72,8 +72,8 @@
     {
       "id": "097640cc-167e-453d-bf5a-0e92ac1347fc",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:41.675Z",
-      "version": "WzU1NiwxXQ==",
+      "updated_at": "2020-02-20T19:38:43.667Z",
+      "version": "WzQwOSwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Software - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
         "description": "",
@@ -96,47 +96,11 @@
         "visualization": "7.4.2"
       }
     },
-    {
-      "id": "7d54b196-5c2b-485e-9798-f116fb668413",
-      "type": "search",
-      "updated_at": "2020-02-12T15:00:41.675Z",
-      "version": "WzU1NywxXQ==",
-      "attributes": {
-        "title": "Software - Logs",
-        "description": "",
-        "hits": 0,
-        "columns": [
-          "srcIp",
-          "zeek_software.name",
-          "zeek_software.software_type"
-        ],
-        "sort": [
-          [
-            "firstPacket",
-            "desc"
-          ]
-        ],
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"zeek.logType:software\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "sessions2-*"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.4.0"
-      }
-    },
     {
       "id": "AWDHEKJUxQT5EBNmq4jW",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:41.675Z",
-      "version": "WzU1OCwxXQ==",
+      "updated_at": "2020-02-20T19:38:43.667Z",
+      "version": "WzQxMSwxXQ==",
       "attributes": {
         "title": "Software - Log Count",
         "visState": "{\"title\":\"Software - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
@@ -162,8 +126,8 @@
     {
       "id": "bb882862-2f74-440a-bb62-41a9dca2b463",
       "type": "visualization",
-      "updated_at": "2020-02-12T15:00:41.675Z",
-      "version": "WzU1OSwxXQ==",
+      "updated_at": "2020-02-20T19:38:43.667Z",
+      "version": "WzQxMiwxXQ==",
       "attributes": {
         "visState": "{\"title\":\"Software - Summary\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_software.software_type\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_software.name\",\"otherBucket\":false,\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_software.version_major\",\"otherBucket\":false,\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_software.version_minor\",\"otherBucket\":false,\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}",
         "description": "",
@@ -185,6 +149,43 @@
       "migrationVersion": {
         "visualization": "7.4.2"
       }
+    },
+    {
+      "id": "7d54b196-5c2b-485e-9798-f116fb668413",
+      "type": "search",
+      "updated_at": "2020-02-20T20:23:14.902Z",
+      "version": "WzExNzMsMV0=",
+      "attributes": {
+        "title": "Software - Logs",
+        "description": "",
+        "hits": 0,
+        "columns": [
+          "srcIp",
+          "zeek_software.software_type",
+          "zeek_software.name",
+          "zeek_software.unparsed_version"
+        ],
+        "sort": [
+          [
+            "firstPacket",
+            "desc"
+          ]
+        ],
+        "version": 1,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:software\",\"analyze_wildcard\":true,\"time_zone\":\"America/Denver\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        }
+      },
+      "references": [
+        {
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern",
+          "id": "sessions2-*"
+        }
+      ],
+      "migrationVersion": {
+        "search": "7.4.0"
+      }
     }
   ]
 }
\ No newline at end of file

From d03081f3e64b030a2c93ac0e6d6c43331fc3715a Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Fri, 21 Feb 2020 08:28:29 -0700
Subject: [PATCH 108/183] Fixed installation of elastalert kibana plugin, but
 still broken due to this issue:
 https://github.com/bitsensor/elastalert-kibana-plugin/issues/141

---
 Dockerfiles/kibana.Dockerfile | 69 +++++++++++++++++++----------------
 1 file changed, 37 insertions(+), 32 deletions(-)

diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
index f56d8d686..1b6023f47 100644
--- a/Dockerfiles/kibana.Dockerfile
+++ b/Dockerfiles/kibana.Dockerfile
@@ -48,14 +48,15 @@ ADD kibana/supervisord.conf /etc/supervisord.conf
 ADD kibana/dashboards /opt/kibana/dashboards
 ADD kibana/maps /opt/maps
 # ADD https://github.com/bitsensor/elastalert-kibana-plugin/releases/download/1.1.0/elastalert-kibana-plugin-1.1.0-7.5.0.zip /tmp/elastalert-kibana-plugin.zip
+ADD https://github.com/gwintzer/kibana-comments-app-plugin/releases/download/7.4.0/kibana-comments-app-plugin-7.4.0-latest.zip /tmp/kibana-comments.zip
+
 
 # todo: these extra plugins are kind of gutted right now with 7.5.x, need to fix
 
 # ADD https://github.com/prelert/kibana-swimlane-vis/releases/download/v7.5.2/prelert_swimlane_vis-7.5.2.zip /tmp/kibana-swimlane.zip
-# ADD https://github.com/gwintzer/kibana-comments-app-plugin/releases/download/7.4.0/kibana-comments-app-plugin-7.4.0-latest.zip /tmp/kibana-comments.zip
 
 # see https://github.com/walterra/kibana-milestones-vis/issues/9
-#ADD https://github.com/walterra/kibana-milestones-vis/releases/download/v7.1.1/kibana-milestones-vis-7.1.1.zip /tmp/kibana-milestones.zip
+# ADD https://github.com/walterra/kibana-milestones-vis/releases/download/v7.1.1/kibana-milestones-vis-7.1.1.zip /tmp/kibana-milestones.zip
 
 # TODO: commented out because it's not optimizing in 6.6+ correctly
 # put these back in here and below in the build section:
@@ -72,36 +73,40 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     chown -R kibana:kibana /opt/kibana/dashboards /opt/maps /opt/kibana/config/kibana*.yml && \
     chmod 400 /opt/maps/* && \
     mkdir -p /var/log/supervisor && \
-    (echo -e "*/2 * * * * su -c /data/kibana-create-moloch-sessions-index.sh kibana >/dev/null 2>&1\n0 * * * * su -c /data/kibana_index_refresh.py kibana >/dev/null 2>&1\n" | crontab -)
-    ## && \ cd /tmp && \
-    ## echo "Installing ElastAlert plugin..." && \
-    ##   unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
-    ##   sed -i "s/7\.5\.0/7\.6\.0/g" kibana/elastalert-kibana-plugin/package.json && \
-    ##   zip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
-    ##   /usr/share/kibana/bin/kibana-plugin install file:///tmp/elastalert-kibana-plugin.zip --allow-root && \
-    ##   rm -f /tmp/elastalert-kibana-plugin.zip && \
-    ## echo "Installing Swimlanes visualization..." && \
-    ##   unzip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
-    ##   sed -i "s/7\.5\.1/7\.6\.0/g" kibana/prelert_swimlane_vis/package.json && \
-    ##   zip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
-    ##   /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
-    ##   bash -c "find /usr/share/kibana/plugins/prelert_swimlane_vis/ -type f -exec chmod 644 '{}' \;" && \
-    ##   rm -f /tmp/kibana-swimlane.zip
-    ## && \
-    ## echo "Installing Comments visualization..." && \
-    ##   unzip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
-    ##   sed -i "s/7\.4\.0/7\.6\.0/g" kibana/kibana-comments-app-plugin/package.json && \
-    ##   zip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
-    ##   /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-comments.zip --allow-root && \
-    ##   rm -rf /tmp/kibana-comments.zip /tmp/kibana && \
-    ## https://github.com/walterra/kibana-milestones-vis/issues/9
-    ## && \
-    ## echo "Installing Milestones visualization..." && \
-    ##  unzip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
-    ##  sed -i "s/7\.1\.1/7\.6\.0/g" kibana/kibana-milestones-vis/package.json && \
-    ##  zip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
-    ##  /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-milestones.zip --allow-root && \
-    ##  rm -rf /tmp/kibana-milestones.zip /tmp/kibana
+    (echo -e "*/2 * * * * su -c /data/kibana-create-moloch-sessions-index.sh kibana >/dev/null 2>&1\n0 * * * * su -c /data/kibana_index_refresh.py kibana >/dev/null 2>&1\n" | crontab -) && \
+    # cd /tmp && \
+    # echo "Installing ElastAlert plugin..." && \
+      # unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
+      # sed -i "s/7\.5\.0/7\.6\.0/g" kibana/elastalert-kibana-plugin/package.json && \
+      # zip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
+      # cd /usr/share/kibana/plugins && \
+      # /usr/share/kibana/bin/kibana-plugin install file:///tmp/elastalert-kibana-plugin.zip --allow-root && \
+      # rm -rf /tmp/elastalert-kibana-plugin.zip /tmp/kibana && \
+    cd /tmp && \
+    echo "Installing Comments visualization..." && \
+      unzip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
+      sed -i "s/7\.4\.0/7\.6\.0/g" kibana/kibana-comments-app-plugin/package.json && \
+      zip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
+      cd /usr/share/kibana/plugins && \
+      /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-comments.zip --allow-root && \
+      rm -rf /tmp/kibana-comments.zip /tmp/kibana
+    # && \ cd /tmp && \
+    # echo "Installing Swimlanes visualization..." && \
+      # unzip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
+      # sed -i "s/7\.5\.2/7\.6\.0/g" kibana/prelert_swimlane_vis/package.json && \
+      # zip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
+      # cd /usr/share/kibana/plugins && \
+      # /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
+      # bash -c "find /usr/share/kibana/plugins/prelert_swimlane_vis/ -type f -exec chmod 644 '{}' \;" && \
+      # rm -rf /tmp/kibana-swimlane.zip /tmp/kibana && \
+    # cd /tmp && \
+    # echo "Installing Milestones visualization..." && \
+      # unzip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
+      # sed -i "s/7\.1\.1/7\.6\.0/g" kibana/kibana-milestones-vis/package.json && \
+      # zip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
+      # cd /usr/share/kibana/plugins && \
+      # /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-milestones.zip --allow-root && \
+      # rm -rf /tmp/kibana-milestones.zip /tmp/kibana
 
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf", "-u", "root", "-n"]
 

From 94eb74a496c47d4ef7ffcce23b29eb72ce09ecff Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Fri, 21 Feb 2020 12:12:57 -0700
Subject: [PATCH 109/183] fix issue #104, Upload without trailing slash
 redirects to incorrect hostname and scheme

this fix includes a few things:

- modifying the index.html page to prepend "upload/" before relative HREF/SRC references
- removing some useless code in the file-upload default nginx config
- added the trailing slash to the proxy-pass directive for the upload section of the main nginx proxy
- handle "/server/php" as a separate proxy redirect as that's the XHR where the uploads seem to go
- remove the unused Moloch upload page
---
 Dockerfiles/moloch.Dockerfile             |  1 +
 file-upload/jquery-file-upload/index.html | 44 +++++++++++------------
 file-upload/nginx/sites-available/default |  6 ----
 moloch/patch/remove_upload.patch          | 24 +++++++++++++
 nginx/nginx.conf                          | 12 ++++++-
 5 files changed, 58 insertions(+), 29 deletions(-)
 create mode 100644 moloch/patch/remove_upload.patch

diff --git a/Dockerfiles/moloch.Dockerfile b/Dockerfiles/moloch.Dockerfile
index 99e31b66f..37aac0aea 100644
--- a/Dockerfiles/moloch.Dockerfile
+++ b/Dockerfiles/moloch.Dockerfile
@@ -77,6 +77,7 @@ RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list
     ln -sfr $MOLOCHDIR/bin/npx /usr/local/bin/npx && \
     python3 /data/bs4_remove_div.py -i ./viewer/vueapp/src/components/users/Users.vue -o ./viewer/vueapp/src/components/users/Users.new -c "new-user-form" && \
     mv -vf ./viewer/vueapp/src/components/users/Users.new ./viewer/vueapp/src/components/users/Users.vue && \
+    rm -rf ./viewer/vueapp/src/components/upload && \
     ./easybutton-build.sh --install && \
     npm cache clean --force && \
     bash -c "file ${MOLOCHDIR}/bin/* ${MOLOCHDIR}/node-v*/bin/* | grep 'ELF 64-bit' | sed 's/:.*//' | xargs -l -r strip -v --strip-unneeded"
diff --git a/file-upload/jquery-file-upload/index.html b/file-upload/jquery-file-upload/index.html
index 40245be48..90b2ea140 100644
--- a/file-upload/jquery-file-upload/index.html
+++ b/file-upload/jquery-file-upload/index.html
@@ -10,9 +10,9 @@
 <title>%SITE_NAME%</title>
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
 <!-- Bootstrap styles -->
-<link rel="stylesheet" href="bower_components/bootstrap/dist/css/bootstrap.min.css">
+<link rel="stylesheet" href="upload/bower_components/bootstrap/dist/css/bootstrap.min.css">
 <!-- bootstrap-tagsinput styles -->
-<link rel="stylesheet" href="bower_components/bootstrap-tagsinput/dist/bootstrap-tagsinput.css">
+<link rel="stylesheet" href="upload/bower_components/bootstrap-tagsinput/dist/bootstrap-tagsinput.css">
 <style media="screen" type="text/css">
 .bootstrap-tagsinput {
   width: 90%;
@@ -35,15 +35,15 @@
 }
 </style>
 <!-- Generic page styles -->
-<link rel="stylesheet" href="css/style.css">
+<link rel="stylesheet" href="upload/css/style.css">
 <!-- blueimp Gallery styles -->
-<link rel="stylesheet" href="bower_components/blueimp-gallery/css/blueimp-gallery.min.css">
+<link rel="stylesheet" href="upload/bower_components/blueimp-gallery/css/blueimp-gallery.min.css">
 <!-- CSS to style the file input field as button and adjust the Bootstrap progress bars -->
-<link rel="stylesheet" href="css/jquery.fileupload.css">
-<link rel="stylesheet" href="css/jquery.fileupload-ui.css">
+<link rel="stylesheet" href="upload/css/jquery.fileupload.css">
+<link rel="stylesheet" href="upload/css/jquery.fileupload-ui.css">
 <!-- CSS adjustments for browsers with JavaScript disabled -->
-<noscript><link rel="stylesheet" href="css/jquery.fileupload-noscript.css"></noscript>
-<noscript><link rel="stylesheet" href="css/jquery.fileupload-ui-noscript.css"></noscript>
+<noscript><link rel="stylesheet" href="upload/css/jquery.fileupload-noscript.css"></noscript>
+<noscript><link rel="stylesheet" href="upload/css/jquery.fileupload-ui-noscript.css"></noscript>
 <script>
 function toggle(checkboxID, toggleSelectID) {
     var checkbox = document.getElementById(checkboxID);
@@ -59,7 +59,7 @@
 </head>
 <body>
 <div class="container">
-    <img class="imgcenter" src="Malcolm_banner.png" alt="%SITE_NAME%">
+    <img class="imgcenter" src="upload/Malcolm_banner.png" alt="%SITE_NAME%">
     <div class="panel panel-default">
       <div class="panel-heading">
         <h3 class="panel-title center">%SITE_NAME%</h3>
@@ -68,7 +68,7 @@ <h3 class="panel-title center">%SITE_NAME%</h3>
     <br>
     <br>
     <!-- The file upload form used as target for the file upload widget -->
-    <form id="fileupload" action="/" method="POST" enctype="multipart/form-data">
+    <form id="fileupload" action="" method="POST" enctype="multipart/form-data">
         <!-- The fileupload-buttonbar contains buttons to add files and start/cancel the upload -->
         <div class="row fileupload-buttonbar">
             <div class="col-lg-7">
@@ -170,30 +170,30 @@ <h3 class="title"></h3>
     <tr class="template-download"/>
 {% } %}
 </script>
-<script src="bower_components/jquery/dist/jquery.min.js"></script>
+<script src="upload/bower_components/jquery/dist/jquery.min.js"></script>
 <!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included -->
-<script src="js/vendor/jquery.ui.widget.js"></script>
+<script src="upload/js/vendor/jquery.ui.widget.js"></script>
 <!-- The Templates plugin is included to render the upload/download listings -->
-<script src="bower_components/blueimp-tmpl/js/tmpl.min.js"></script>
+<script src="upload/bower_components/blueimp-tmpl/js/tmpl.min.js"></script>
 <!-- Bootstrap JS is not required, but included for the responsive demo navigation -->
-<script src="bower_components/bootstrap/dist/js/bootstrap.min.js"></script>
+<script src="upload/bower_components/bootstrap/dist/js/bootstrap.min.js"></script>
 <!-- blueimp Gallery script -->
-<script src="bower_components/blueimp-gallery/js/jquery.blueimp-gallery.min.js"></script>
+<script src="upload/bower_components/blueimp-gallery/js/jquery.blueimp-gallery.min.js"></script>
 <!-- bootstrap-tagsinput script -->
-<script src="bower_components/bootstrap-tagsinput/dist/bootstrap-tagsinput.min.js"></script>
+<script src="upload/bower_components/bootstrap-tagsinput/dist/bootstrap-tagsinput.min.js"></script>
 <!-- The Iframe Transport is required for browsers without support for XHR file uploads -->
-<script src="js/jquery.iframe-transport.js"></script>
+<script src="upload/js/jquery.iframe-transport.js"></script>
 <!-- The basic File Upload plugin -->
-<script src="js/jquery.fileupload.js"></script>
+<script src="upload/js/jquery.fileupload.js"></script>
 <!-- The File Upload processing plugin -->
-<script src="js/jquery.fileupload-process.js"></script>
+<script src="upload/js/jquery.fileupload-process.js"></script>
 <!-- The File Upload user interface plugin -->
-<script src="js/jquery.fileupload-ui.js"></script>
+<script src="upload/js/jquery.fileupload-ui.js"></script>
 <!-- The main application script -->
-<script src="js/main.js"></script>
+<script src="upload/js/main.js"></script>
 <!-- The XDomainRequest Transport is included for cross-domain file deletion for IE 8 and IE 9 -->
 <!--[if (gte IE 8)&(lt IE 10)]>
-<script src="js/cors/jquery.xdr-transport.js"></script>
+<script src="upload/js/cors/jquery.xdr-transport.js"></script>
 <![endif]-->
 </body>
 </html>
diff --git a/file-upload/nginx/sites-available/default b/file-upload/nginx/sites-available/default
index 0ae59e1f7..ac487a0de 100644
--- a/file-upload/nginx/sites-available/default
+++ b/file-upload/nginx/sites-available/default
@@ -8,12 +8,6 @@ server {
     root /var/www/upload;
     index index.php index.html index.htm;
 
-    server_name upload.malcolm.local;
-
-    location / {
-        try_files $uri $uri/ =404;
-    }
-
     location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_buffers 16 64k;
diff --git a/moloch/patch/remove_upload.patch b/moloch/patch/remove_upload.patch
new file mode 100644
index 000000000..8eb19d01d
--- /dev/null
+++ b/moloch/patch/remove_upload.patch
@@ -0,0 +1,24 @@
+diff --git a/viewer/vueapp/src/router/index.js b/viewer/vueapp/src/router/index.js
+index 02494926..a3c974f9 100644
+--- a/viewer/vueapp/src/router/index.js
++++ b/viewer/vueapp/src/router/index.js
+@@ -11,7 +11,6 @@ import Spiview from '@/components/spiview/Spiview';
+ import Spigraph from '@/components/spigraph/Spigraph';
+ import Connections from '@/components/connections/Connections';
+ import Settings from '@/components/settings/Settings';
+-import Upload from '@/components/upload/Upload';
+ import Hunt from '@/components/hunt/Hunt';
+ import Moloch404 from '@/components/utils/404';
+ 
+@@ -86,11 +85,6 @@ const router = new Router({
+       name: 'Settings',
+       component: Settings
+     },
+-    {
+-      path: '/upload',
+-      name: 'Upload',
+-      component: Upload
+-    },
+     {
+       path: '/hunt',
+       name: 'Hunt',
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 0540a1549..f7a2b6bf7 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -98,7 +98,17 @@ http {
     location /upload {
       proxy_http_version 1.1;
       proxy_set_header Connection "";
-      proxy_pass http://docker-upload;
+      proxy_pass http://docker-upload/;
+      proxy_redirect off;
+      proxy_set_header Host upload.malcolm.local;
+      proxy_request_buffering off;
+      proxy_buffering off;
+      client_max_body_size 20G;
+    }
+    location /server/php {
+      proxy_http_version 1.1;
+      proxy_set_header Connection "";
+      proxy_pass http://docker-upload/server/php/;
       proxy_redirect off;
       proxy_set_header Host upload.malcolm.local;
       proxy_request_buffering off;

From c3cb5ce7b1ae18de6e41d811622564734bbe327a Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Fri, 21 Feb 2020 12:28:38 -0700
Subject: [PATCH 110/183] update copyright

---
 Dockerfiles/curator.Dockerfile                                | 2 +-
 Dockerfiles/elastalert.Dockerfile                             | 2 +-
 Dockerfiles/file-monitor.Dockerfile                           | 2 +-
 Dockerfiles/file-upload.Dockerfile                            | 2 +-
 Dockerfiles/filebeat.Dockerfile                               | 2 +-
 Dockerfiles/freq.Dockerfile                                   | 2 +-
 Dockerfiles/htadmin.Dockerfile                                | 2 +-
 Dockerfiles/kibana.Dockerfile                                 | 2 +-
 Dockerfiles/logstash.Dockerfile                               | 2 +-
 Dockerfiles/moloch.Dockerfile                                 | 2 +-
 Dockerfiles/nginx.Dockerfile                                  | 2 +-
 Dockerfiles/pcap-capture.Dockerfile                           | 2 +-
 Dockerfiles/pcap-monitor.Dockerfile                           | 2 +-
 Dockerfiles/zeek.Dockerfile                                   | 2 +-
 License.txt                                                   | 4 ++--
 Notice.txt                                                    | 2 +-
 README.md                                                     | 2 +-
 curator/scripts/register-elasticsearch-snapshot-repo.sh       | 2 +-
 docker-compose-standalone-zeek-live.yml                       | 2 +-
 docker-compose-standalone.yml                                 | 2 +-
 docker-compose.yml                                            | 2 +-
 elastalert/elastalert-start.sh                                | 2 +-
 file-monitor/supervisord.conf                                 | 2 +-
 file-upload/docker-entrypoint.sh                              | 2 +-
 file-upload/jquery-file-upload/index.html                     | 2 +-
 file-upload/jquery-file-upload/index.php                      | 2 +-
 file-upload/supervisord.conf                                  | 2 +-
 filebeat/filebeat-nginx.yml                                   | 2 +-
 filebeat/filebeat.yml                                         | 2 +-
 filebeat/scripts/filebeat-clean-zeeklogs-processed-folder.py  | 2 +-
 filebeat/scripts/filebeat-process-zeek-folder-functions.sh    | 2 +-
 filebeat/scripts/filebeat-process-zeek-folder.sh              | 2 +-
 filebeat/scripts/filebeat-watch-zeeklogs-uploads-folder.sh    | 2 +-
 filebeat/scripts/zeek-log-field-bitmap.py                     | 2 +-
 filebeat/supervisord.conf                                     | 2 +-
 freq-server/supervisord.conf                                  | 2 +-
 htadmin/docker-entrypoint.sh                                  | 2 +-
 htadmin/supervisord.conf                                      | 2 +-
 kibana/scripts/kibana-create-moloch-sessions-index.sh         | 2 +-
 kibana/scripts/kibana.sh                                      | 2 +-
 kibana/supervisord.conf                                       | 2 +-
 logstash/pipelines/zeek/11_zeek_logs.conf                     | 2 +-
 logstash/scripts/ip-to-segment-logstash.py                    | 2 +-
 logstash/scripts/logstash-start.sh                            | 2 +-
 logstash/scripts/set_es_external_keystore.sh                  | 2 +-
 .../config/hooks/normal/0911-get-stig-scripts.hook.chroot     | 2 +-
 malcolm-iso/config/hooks/normal/0998-localepurge.hook.chroot  | 2 +-
 malcolm-iso/config/includes.binary/install/preseed.cfg        | 2 +-
 malcolm-iso/config/includes.binary/install/preseed_base.cfg   | 2 +-
 malcolm-iso/config/includes.binary/install/preseed_vmware.cfg | 2 +-
 malcolm-iso/vagrant/Vagrantfile                               | 2 +-
 moloch/scripts/initmoloch.sh                                  | 2 +-
 moloch/scripts/moloch-needs-upgrade.sh                        | 2 +-
 moloch/scripts/moloch_update_geo.sh                           | 2 +-
 moloch/scripts/viewer_service.sh                              | 2 +-
 moloch/scripts/wipemoloch.sh                                  | 2 +-
 moloch/scripts/wise_service.sh                                | 2 +-
 moloch/supervisord.conf                                       | 2 +-
 moloch/wise/source.zeeklogs.js                                | 2 +-
 nginx/nginx.conf                                              | 2 +-
 nginx/supervisord.conf                                        | 2 +-
 pcap-capture/scripts/netsniff-roll.sh                         | 2 +-
 pcap-capture/scripts/supervisor.sh                            | 2 +-
 pcap-capture/supervisord.conf                                 | 2 +-
 pcap-monitor/scripts/watch-pcap-uploads-folder.sh             | 2 +-
 pcap-monitor/supervisord.conf                                 | 2 +-
 scripts/build.sh                                              | 2 +-
 scripts/control.py                                            | 2 +-
 scripts/install.py                                            | 2 +-
 scripts/malcolm_appliance_packager.sh                         | 2 +-
 scripts/malcolm_common.py                                     | 2 +-
 scripts/package_zeek_logs.sh                                  | 2 +-
 sensor-iso/README.md                                          | 2 +-
 sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot  | 2 +-
 .../config/hooks/normal/0900-setup-rc-local.hook.chroot       | 2 +-
 sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot  | 2 +-
 .../config/hooks/normal/0911-get-stig-scripts.hook.chroot     | 2 +-
 .../config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot  | 2 +-
 .../config/hooks/normal/0991-security-performance.hook.chroot | 2 +-
 sensor-iso/config/hooks/normal/0992-login.hook.chroot         | 2 +-
 sensor-iso/config/hooks/normal/0998-localepurge.hook.chroot   | 2 +-
 sensor-iso/config/includes.binary/boot/grub/grub.cfg          | 2 +-
 sensor-iso/config/includes.binary/install/preseed.cfg         | 2 +-
 sensor-iso/config/includes.binary/install/preseed_base.cfg    | 2 +-
 sensor-iso/config/includes.binary/install/preseed_vmware.cfg  | 2 +-
 sensor-iso/config/includes.chroot/opt/zeek/bin/zeek.sh        | 2 +-
 sensor-iso/config/includes.chroot/opt/zeek/bin/zeekdeploy.sh  | 2 +-
 .../includes.chroot/opt/zeek/share/zeek/site/extractor.zeek   | 2 +-
 .../opt/zeek/share/zeek/site/extractor_params.zeek            | 2 +-
 sensor-iso/docs/Notes.md                                      | 2 +-
 .../interface/sensor_ctl/auditbeat/sensor_auditbeat_local.sh  | 2 +-
 sensor-iso/interface/sensor_ctl/clean.sh                      | 2 +-
 sensor-iso/interface/sensor_ctl/control.sh                    | 2 +-
 .../interface/sensor_ctl/extractor_override.interesting.zeek  | 2 +-
 .../filebeat-syslog/sensor_filebeat-syslog_local.sh           | 2 +-
 sensor-iso/interface/sensor_ctl/filebeat/filebeat.yml         | 2 +-
 .../interface/sensor_ctl/filebeat/sensor_filebeat_local.sh    | 2 +-
 .../interface/sensor_ctl/heatbeat/sensor_heatbeat_local.sh    | 2 +-
 .../sensor_ctl/metricbeat/sensor_metricbeat_local.sh          | 2 +-
 sensor-iso/interface/sensor_ctl/scripts/log_disk_space.sh     | 2 +-
 sensor-iso/interface/sensor_ctl/scripts/log_temperature.sh    | 2 +-
 .../sensor_ctl/supervisor.init/moloch_config_populate.sh      | 2 +-
 sensor-iso/interface/sensor_ctl/supervisor.sh                 | 2 +-
 sensor-iso/interface/sensor_interface/routes.py               | 2 +-
 sensor-iso/interface/sensor_interface/static/js/custom.js     | 2 +-
 sensor-iso/interface/sensor_interface/sysquery/sys_service.py | 2 +-
 sensor-iso/moloch/Dockerfile                                  | 2 +-
 sensor-iso/moloch/build-docker-image.sh                       | 2 +-
 sensor-iso/moloch/build-moloch-deb.sh                         | 2 +-
 sensor-iso/vagrant/Vagrantfile                                | 2 +-
 shared/bin/agg-init.sh                                        | 2 +-
 shared/bin/beat-log-temperature.py                            | 2 +-
 shared/bin/capture-format-wait.sh                             | 2 +-
 shared/bin/common-init.sh                                     | 2 +-
 shared/bin/configure-capture.py                               | 2 +-
 shared/bin/configure-interfaces.py                            | 2 +-
 shared/bin/cron_env_centos.sh                                 | 2 +-
 shared/bin/cron_env_deb.sh                                    | 2 +-
 shared/bin/docker-load-wait.sh                                | 2 +-
 shared/bin/elastic_search_status.sh                           | 2 +-
 shared/bin/fstab.py                                           | 2 +-
 shared/bin/malass_client.py                                   | 2 +-
 shared/bin/pcap_moloch_and_zeek_processor.py                  | 2 +-
 shared/bin/pcap_utils.py                                      | 2 +-
 shared/bin/pcap_watcher.py                                    | 2 +-
 shared/bin/preseed_late_user_config.sh                        | 2 +-
 shared/bin/prune_files.sh                                     | 2 +-
 shared/bin/sensor-capture-disk-config.py                      | 2 +-
 shared/bin/sensor-init.sh                                     | 2 +-
 shared/bin/sensorcommon.py                                    | 2 +-
 shared/bin/sensormetric.py                                    | 2 +-
 shared/bin/ufw_allow_viewer.sh                                | 2 +-
 shared/bin/zeek_carve_logger.py                               | 2 +-
 shared/bin/zeek_carve_scanner.py                              | 2 +-
 shared/bin/zeek_carve_utils.py                                | 2 +-
 shared/bin/zeek_carve_watcher.py                              | 2 +-
 shared/bin/zeek_install_plugins.sh                            | 2 +-
 shared/vbox-guest-build/Dockerfile                            | 2 +-
 shared/vbox-guest-build/build-docker-image.sh                 | 2 +-
 shared/vbox-guest-build/build-vboxguest-deb.sh                | 2 +-
 zeek/config/extractor.zeek                                    | 2 +-
 zeek/config/extractor_override.interesting.zeek               | 2 +-
 zeek/config/extractor_params.zeek                             | 2 +-
 zeek/supervisord.conf                                         | 2 +-
 144 files changed, 145 insertions(+), 145 deletions(-)

diff --git a/Dockerfiles/curator.Dockerfile b/Dockerfiles/curator.Dockerfile
index 8cc6969a9..6a8bfa096 100644
--- a/Dockerfiles/curator.Dockerfile
+++ b/Dockerfiles/curator.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:buster-slim
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/elastalert.Dockerfile b/Dockerfiles/elastalert.Dockerfile
index 1cbe1d181..99754c5bd 100644
--- a/Dockerfiles/elastalert.Dockerfile
+++ b/Dockerfiles/elastalert.Dockerfile
@@ -1,6 +1,6 @@
 FROM mmguero/elastalert:2.0.2
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/file-monitor.Dockerfile b/Dockerfiles/file-monitor.Dockerfile
index 0901ea7ba..66ecf6473 100644
--- a/Dockerfiles/file-monitor.Dockerfile
+++ b/Dockerfiles/file-monitor.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:buster-slim
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/file-upload.Dockerfile b/Dockerfiles/file-upload.Dockerfile
index 2c17f8dbf..4ea8f7f07 100644
--- a/Dockerfiles/file-upload.Dockerfile
+++ b/Dockerfiles/file-upload.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:buster-slim AS build
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile
index c01a07ac3..442a398f1 100644
--- a/Dockerfiles/filebeat.Dockerfile
+++ b/Dockerfiles/filebeat.Dockerfile
@@ -1,6 +1,6 @@
 FROM docker.elastic.co/beats/filebeat-oss:7.6.0
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/freq.Dockerfile b/Dockerfiles/freq.Dockerfile
index d4d3be88a..5f87f8be7 100644
--- a/Dockerfiles/freq.Dockerfile
+++ b/Dockerfiles/freq.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:buster-slim
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/htadmin.Dockerfile b/Dockerfiles/htadmin.Dockerfile
index f8276613b..89b771bae 100644
--- a/Dockerfiles/htadmin.Dockerfile
+++ b/Dockerfiles/htadmin.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:buster-slim
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
index 1b6023f47..281534b3f 100644
--- a/Dockerfiles/kibana.Dockerfile
+++ b/Dockerfiles/kibana.Dockerfile
@@ -1,6 +1,6 @@
 FROM docker.elastic.co/kibana/kibana-oss:7.6.0
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile
index efec7634a..bc0b8749f 100644
--- a/Dockerfiles/logstash.Dockerfile
+++ b/Dockerfiles/logstash.Dockerfile
@@ -1,6 +1,6 @@
 FROM centos:7 AS build
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/moloch.Dockerfile b/Dockerfiles/moloch.Dockerfile
index 37aac0aea..eca2ed4c0 100644
--- a/Dockerfiles/moloch.Dockerfile
+++ b/Dockerfiles/moloch.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:buster-slim AS build
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ENV DEBIAN_FRONTEND noninteractive
 
diff --git a/Dockerfiles/nginx.Dockerfile b/Dockerfiles/nginx.Dockerfile
index 7a5d18918..40a91529a 100644
--- a/Dockerfiles/nginx.Dockerfile
+++ b/Dockerfiles/nginx.Dockerfile
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ####################################################################################
 # thanks to:  nginx                       -  https://github.com/nginxinc/docker-nginx/blob/master/mainline/alpine/Dockerfile
diff --git a/Dockerfiles/pcap-capture.Dockerfile b/Dockerfiles/pcap-capture.Dockerfile
index 572d0a266..71bbfa016 100644
--- a/Dockerfiles/pcap-capture.Dockerfile
+++ b/Dockerfiles/pcap-capture.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:buster-slim
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/pcap-monitor.Dockerfile b/Dockerfiles/pcap-monitor.Dockerfile
index 1e7649438..c02a981bf 100644
--- a/Dockerfiles/pcap-monitor.Dockerfile
+++ b/Dockerfiles/pcap-monitor.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:buster-slim
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile
index bb1c1b5ee..e8920d8f6 100644
--- a/Dockerfiles/zeek.Dockerfile
+++ b/Dockerfiles/zeek.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:buster-slim AS build
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ENV DEBIAN_FRONTEND noninteractive
 
diff --git a/License.txt b/License.txt
index 4d044c4b5..ec86f9075 100644
--- a/License.txt
+++ b/License.txt
@@ -2,7 +2,7 @@ Software License Agreement
 
 For more information, please see DHS_TOU.pdf.
 
-Malcolm is Copyright (c) 2019 Battelle Energy Alliance, LLC, and is developed
+Malcolm is Copyright (c) 2020 Battelle Energy Alliance, LLC, and is developed
 and released through the cooperation of the Cybersecurity and Infrastructure
 Security Agency of the U.S. Department of Homeland Security. All rights reserved.
 
@@ -22,7 +22,7 @@ means, and for any purpose whatsoever.
 https://github.com/idaholab/Malcolm
 
 
-Copyright 2019 Battelle Energy Alliance, LLC
+Copyright 2020 Battelle Energy Alliance, LLC
 
 
 ALL RIGHTS RESERVED
diff --git a/Notice.txt b/Notice.txt
index 19d797946..30c7a7221 100644
--- a/Notice.txt
+++ b/Notice.txt
@@ -4,7 +4,7 @@ https://github.com/idaholab/Malcolm
 
 See License.txt for license terms.
 
-Malcolm is Copyright (c) 2019 Battelle Energy Alliance, LLC, and is developed
+Malcolm is Copyright (c) 2020 Battelle Energy Alliance, LLC, and is developed
 and released through the cooperation of the Cybersecurity and Infrastructure
 Security Agency of the U.S. Department of Homeland Security. All rights reserved.
 
diff --git a/README.md b/README.md
index 1f7dc6734..d3b81bd5a 100644
--- a/README.md
+++ b/README.md
@@ -1820,7 +1820,7 @@ You can now open a web browser and navigate to one of the [Malcolm user interfac
 
 ## <a name="Footer"></a>Copyright
 
-[Malcolm](https://github.com/idaholab/Malcolm) is Copyright 2019 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.
+[Malcolm](https://github.com/idaholab/Malcolm) is Copyright 2020 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.
 
 See [`License.txt`](./License.txt) for the terms of its release.
 
diff --git a/curator/scripts/register-elasticsearch-snapshot-repo.sh b/curator/scripts/register-elasticsearch-snapshot-repo.sh
index 883baf522..4564d4e54 100755
--- a/curator/scripts/register-elasticsearch-snapshot-repo.sh
+++ b/curator/scripts/register-elasticsearch-snapshot-repo.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [ $# -gt 0 ]; then
   ES_URL="$1"
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 83b156a74..03d0f210f 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 version: '3.7'
 
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index d77e472f0..809c227df 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 version: '3.7'
 
diff --git a/docker-compose.yml b/docker-compose.yml
index c6825f998..51d0065c4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 version: '3.7'
 
diff --git a/elastalert/elastalert-start.sh b/elastalert/elastalert-start.sh
index ec6991b6f..fffada6b8 100755
--- a/elastalert/elastalert-start.sh
+++ b/elastalert/elastalert-start.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set -e
 
diff --git a/file-monitor/supervisord.conf b/file-monitor/supervisord.conf
index 236e9528a..5cef37486 100644
--- a/file-monitor/supervisord.conf
+++ b/file-monitor/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/var/run/supervisor.sock   ; (the path to the socket file)
diff --git a/file-upload/docker-entrypoint.sh b/file-upload/docker-entrypoint.sh
index b15497a7d..96251eeda 100755
--- a/file-upload/docker-entrypoint.sh
+++ b/file-upload/docker-entrypoint.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 if [[ -z $SITE_NAME || -z $MALCOLM_USERNAME || -z $MALCOLM_PASSWORD ]]
diff --git a/file-upload/jquery-file-upload/index.html b/file-upload/jquery-file-upload/index.html
index 90b2ea140..dadbcae5b 100644
--- a/file-upload/jquery-file-upload/index.html
+++ b/file-upload/jquery-file-upload/index.html
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML>
-<!-- Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved. -->
+<!-- Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved. -->
 <html lang="en">
 <head>
 <!-- Force latest IE rendering engine or ChromeFrame if installed -->
diff --git a/file-upload/jquery-file-upload/index.php b/file-upload/jquery-file-upload/index.php
index ca9a3aa18..725a522f2 100644
--- a/file-upload/jquery-file-upload/index.php
+++ b/file-upload/jquery-file-upload/index.php
@@ -1,5 +1,5 @@
 <?php
-// Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+// Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 error_reporting(E_ALL | E_STRICT);
 require('UploadHandler.php');
 class CustomUploadHandler extends UploadHandler {
diff --git a/file-upload/supervisord.conf b/file-upload/supervisord.conf
index d507b5683..ff0d303a2 100644
--- a/file-upload/supervisord.conf
+++ b/file-upload/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/var/run/supervisor.sock   ; (the path to the socket file)
diff --git a/filebeat/filebeat-nginx.yml b/filebeat/filebeat-nginx.yml
index 91c92e851..cb9df4e72 100644
--- a/filebeat/filebeat-nginx.yml
+++ b/filebeat/filebeat-nginx.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 #================================ Modules ======================================
 filebeat.modules:
diff --git a/filebeat/filebeat.yml b/filebeat/filebeat.yml
index 23fab4d71..7299eb2ef 100644
--- a/filebeat/filebeat.yml
+++ b/filebeat/filebeat.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 logging.metrics.enabled: false
 
diff --git a/filebeat/scripts/filebeat-clean-zeeklogs-processed-folder.py b/filebeat/scripts/filebeat-clean-zeeklogs-processed-folder.py
index 395bf26cc..ddc5b1620 100755
--- a/filebeat/scripts/filebeat-clean-zeeklogs-processed-folder.py
+++ b/filebeat/scripts/filebeat-clean-zeeklogs-processed-folder.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 from __future__ import print_function
diff --git a/filebeat/scripts/filebeat-process-zeek-folder-functions.sh b/filebeat/scripts/filebeat-process-zeek-folder-functions.sh
index 6be174904..ab350ed03 100755
--- a/filebeat/scripts/filebeat-process-zeek-folder-functions.sh
+++ b/filebeat/scripts/filebeat-process-zeek-folder-functions.sh
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 function in_array() {
   local haystack="${1}[@]"
diff --git a/filebeat/scripts/filebeat-process-zeek-folder.sh b/filebeat/scripts/filebeat-process-zeek-folder.sh
index f11aea9d3..784ee2c06 100755
--- a/filebeat/scripts/filebeat-process-zeek-folder.sh
+++ b/filebeat/scripts/filebeat-process-zeek-folder.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 # for files (sort -V (natural)) under /data/zeek that:
diff --git a/filebeat/scripts/filebeat-watch-zeeklogs-uploads-folder.sh b/filebeat/scripts/filebeat-watch-zeeklogs-uploads-folder.sh
index 6466517e8..df3c993e4 100755
--- a/filebeat/scripts/filebeat-watch-zeeklogs-uploads-folder.sh
+++ b/filebeat/scripts/filebeat-watch-zeeklogs-uploads-folder.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 PROCESS_DIR=${FILEBEAT_ZEEK_DIR:-/data/zeek/}
diff --git a/filebeat/scripts/zeek-log-field-bitmap.py b/filebeat/scripts/zeek-log-field-bitmap.py
index fa0bb4dfb..0e6a6ff7c 100755
--- a/filebeat/scripts/zeek-log-field-bitmap.py
+++ b/filebeat/scripts/zeek-log-field-bitmap.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # parse the fields names from the header of of the log file and compare them to the
diff --git a/filebeat/supervisord.conf b/filebeat/supervisord.conf
index 1abdd91b3..2650ded0e 100644
--- a/filebeat/supervisord.conf
+++ b/filebeat/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/var/run/supervisor.sock   ; (the path to the socket file)
diff --git a/freq-server/supervisord.conf b/freq-server/supervisord.conf
index d27cea551..af652db7b 100644
--- a/freq-server/supervisord.conf
+++ b/freq-server/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/var/run/supervisor.sock   ; (the path to the socket file)
diff --git a/htadmin/docker-entrypoint.sh b/htadmin/docker-entrypoint.sh
index b15497a7d..96251eeda 100755
--- a/htadmin/docker-entrypoint.sh
+++ b/htadmin/docker-entrypoint.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 if [[ -z $SITE_NAME || -z $MALCOLM_USERNAME || -z $MALCOLM_PASSWORD ]]
diff --git a/htadmin/supervisord.conf b/htadmin/supervisord.conf
index 984807c7a..c81749341 100644
--- a/htadmin/supervisord.conf
+++ b/htadmin/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/var/run/supervisor.sock   ; (the path to the socket file)
diff --git a/kibana/scripts/kibana-create-moloch-sessions-index.sh b/kibana/scripts/kibana-create-moloch-sessions-index.sh
index 7d31570cd..b9142418c 100755
--- a/kibana/scripts/kibana-create-moloch-sessions-index.sh
+++ b/kibana/scripts/kibana-create-moloch-sessions-index.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 set -euo pipefail
diff --git a/kibana/scripts/kibana.sh b/kibana/scripts/kibana.sh
index db09dcf21..978dd8560 100755
--- a/kibana/scripts/kibana.sh
+++ b/kibana/scripts/kibana.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 echo "Giving Elasticsearch time to start before starting Kibana..."
 /data/elastic_search_status.sh 2>&1 && echo "Elasticsearch is running!"
diff --git a/kibana/supervisord.conf b/kibana/supervisord.conf
index 0500de26f..43d5be174 100644
--- a/kibana/supervisord.conf
+++ b/kibana/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/var/run/supervisor.sock   ; (the path to the socket file)
diff --git a/logstash/pipelines/zeek/11_zeek_logs.conf b/logstash/pipelines/zeek/11_zeek_logs.conf
index ad56b981a..25efdf272 100644
--- a/logstash/pipelines/zeek/11_zeek_logs.conf
+++ b/logstash/pipelines/zeek/11_zeek_logs.conf
@@ -8,7 +8,7 @@
 # this monstrosity can be used to profile:
 #   $ curl -XGET http://localhost:9600/_node/stats/pipelines | python -mjson.tool | grep -P '"(id|duration_in_millis)":' | sed "s/.*: //" | sed ':a;N;$!ba;s/",\n/ /g' | sed "s/[\",]//g" | awk -F " " '{printf("%s %s\n", $2, $1)}' | sort -n
 #
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/scripts/ip-to-segment-logstash.py b/logstash/scripts/ip-to-segment-logstash.py
index eae0795f1..2d96f4141 100755
--- a/logstash/scripts/ip-to-segment-logstash.py
+++ b/logstash/scripts/ip-to-segment-logstash.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python2
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 from __future__ import print_function
 
diff --git a/logstash/scripts/logstash-start.sh b/logstash/scripts/logstash-start.sh
index fb7979b80..477b78ee1 100755
--- a/logstash/scripts/logstash-start.sh
+++ b/logstash/scripts/logstash-start.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set -e
 
diff --git a/logstash/scripts/set_es_external_keystore.sh b/logstash/scripts/set_es_external_keystore.sh
index 1f87f56b0..185a00079 100755
--- a/logstash/scripts/set_es_external_keystore.sh
+++ b/logstash/scripts/set_es_external_keystore.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set -e
 
diff --git a/malcolm-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot b/malcolm-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot
index 9f02a6be0..ab545bd53 100755
--- a/malcolm-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # clone STIG-4-Debian and harbian-audit and clean up some stuff we don't need
 mkdir -p /opt
diff --git a/malcolm-iso/config/hooks/normal/0998-localepurge.hook.chroot b/malcolm-iso/config/hooks/normal/0998-localepurge.hook.chroot
index 37680b216..48e8ea2e3 100755
--- a/malcolm-iso/config/hooks/normal/0998-localepurge.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0998-localepurge.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # remove excess locales
 if [ -f /etc/localepurge-preseed.cfg ] ; then
diff --git a/malcolm-iso/config/includes.binary/install/preseed.cfg b/malcolm-iso/config/includes.binary/install/preseed.cfg
index 9d0092775..d1a4a66a7 100644
--- a/malcolm-iso/config/includes.binary/install/preseed.cfg
+++ b/malcolm-iso/config/includes.binary/install/preseed.cfg
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 d-i debian-installer/locale string en_US.UTF-8
 d-i console-setup/ask_detect boolean false
diff --git a/malcolm-iso/config/includes.binary/install/preseed_base.cfg b/malcolm-iso/config/includes.binary/install/preseed_base.cfg
index df10fa301..ba51b4b7d 100644
--- a/malcolm-iso/config/includes.binary/install/preseed_base.cfg
+++ b/malcolm-iso/config/includes.binary/install/preseed_base.cfg
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 d-i hw-detect/load_firmware boolean true
 d-i clock-setup/utc boolean true
diff --git a/malcolm-iso/config/includes.binary/install/preseed_vmware.cfg b/malcolm-iso/config/includes.binary/install/preseed_vmware.cfg
index 3859de118..ced2fc714 100644
--- a/malcolm-iso/config/includes.binary/install/preseed_vmware.cfg
+++ b/malcolm-iso/config/includes.binary/install/preseed_vmware.cfg
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 d-i debian-installer/locale string en_US.UTF-8
 d-i console-setup/ask_detect boolean false
diff --git a/malcolm-iso/vagrant/Vagrantfile b/malcolm-iso/vagrant/Vagrantfile
index 6b7b470b9..5151aed27 100644
--- a/malcolm-iso/vagrant/Vagrantfile
+++ b/malcolm-iso/vagrant/Vagrantfile
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 unless Vagrant.has_plugin?("vagrant-reload")
   raise 'vagrant-reload plugin is not installed!'
diff --git a/moloch/scripts/initmoloch.sh b/moloch/scripts/initmoloch.sh
index 28914ca78..f5af90edc 100755
--- a/moloch/scripts/initmoloch.sh
+++ b/moloch/scripts/initmoloch.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 rm -f $MOLOCHDIR/initialized $MOLOCHDIR/runwise
 
diff --git a/moloch/scripts/moloch-needs-upgrade.sh b/moloch/scripts/moloch-needs-upgrade.sh
index f79f0a3f7..d61d13497 100755
--- a/moloch/scripts/moloch-needs-upgrade.sh
+++ b/moloch/scripts/moloch-needs-upgrade.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # this script returns:
 #   0 - an UPGRADE IS NEEDED for Moloch indices
diff --git a/moloch/scripts/moloch_update_geo.sh b/moloch/scripts/moloch_update_geo.sh
index a195e9303..309ebc74d 100755
--- a/moloch/scripts/moloch_update_geo.sh
+++ b/moloch/scripts/moloch_update_geo.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 cd "/data/moloch/etc"
 
diff --git a/moloch/scripts/viewer_service.sh b/moloch/scripts/viewer_service.sh
index da6f19c3a..eea39a825 100755
--- a/moloch/scripts/viewer_service.sh
+++ b/moloch/scripts/viewer_service.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 while true; do
diff --git a/moloch/scripts/wipemoloch.sh b/moloch/scripts/wipemoloch.sh
index b1b0fec69..91d8fd94c 100755
--- a/moloch/scripts/wipemoloch.sh
+++ b/moloch/scripts/wipemoloch.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 echo "Checking Elasticsearch..."
diff --git a/moloch/scripts/wise_service.sh b/moloch/scripts/wise_service.sh
index 86d9d6fcd..ef4380dd4 100755
--- a/moloch/scripts/wise_service.sh
+++ b/moloch/scripts/wise_service.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 while true; do
diff --git a/moloch/supervisord.conf b/moloch/supervisord.conf
index 2cd500ae0..adccd3b80 100644
--- a/moloch/supervisord.conf
+++ b/moloch/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/var/run/supervisor.sock   ; (the path to the socket file)
diff --git a/moloch/wise/source.zeeklogs.js b/moloch/wise/source.zeeklogs.js
index d98ce97d3..ab7d12bcd 100755
--- a/moloch/wise/source.zeeklogs.js
+++ b/moloch/wise/source.zeeklogs.js
@@ -10,7 +10,7 @@ var wiseSource     = require('./wiseSource.js')
 // Data may be populated with Malcolm's Zeek Logstash filters:
 //   (particularly https://raw.githubusercontent.com/idaholab/Malcolm/master/logstash/pipeline-main/11_zeek_logs.conf)
 //
-// Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+// Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 // see https://raw.githubusercontent.com/idaholab/Malcolm/master/License.txt
 //////////////////////////////////////////////////////////////////////////////////
 function ZeekLogs (api, section) {
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index f7a2b6bf7..f336f7881 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 daemon off;
 
diff --git a/nginx/supervisord.conf b/nginx/supervisord.conf
index 6767fbcef..0382d9163 100644
--- a/nginx/supervisord.conf
+++ b/nginx/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/var/run/supervisor.sock   ; (the path to the socket file)
diff --git a/pcap-capture/scripts/netsniff-roll.sh b/pcap-capture/scripts/netsniff-roll.sh
index 0290b5851..3ebd50281 100755
--- a/pcap-capture/scripts/netsniff-roll.sh
+++ b/pcap-capture/scripts/netsniff-roll.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 lastmod(){
   expr $(date +%s) - $(stat -c %X "$1")
diff --git a/pcap-capture/scripts/supervisor.sh b/pcap-capture/scripts/supervisor.sh
index 8070480c0..c17490f1e 100755
--- a/pcap-capture/scripts/supervisor.sh
+++ b/pcap-capture/scripts/supervisor.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 set -e
diff --git a/pcap-capture/supervisord.conf b/pcap-capture/supervisord.conf
index c42ea2300..e779e8b99 100644
--- a/pcap-capture/supervisord.conf
+++ b/pcap-capture/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/var/run/supervisor.sock   ; (the path to the socket file)
diff --git a/pcap-monitor/scripts/watch-pcap-uploads-folder.sh b/pcap-monitor/scripts/watch-pcap-uploads-folder.sh
index f8eae211e..e751eef22 100755
--- a/pcap-monitor/scripts/watch-pcap-uploads-folder.sh
+++ b/pcap-monitor/scripts/watch-pcap-uploads-folder.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 PCAP_BASE_PATH=${PCAP_PATH:-"/pcap"}
 ZEEK_BASE_PATH=${ZEEK_PATH:-"/zeek"}
diff --git a/pcap-monitor/supervisord.conf b/pcap-monitor/supervisord.conf
index 15112edc6..50a95152c 100644
--- a/pcap-monitor/supervisord.conf
+++ b/pcap-monitor/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/var/run/supervisor.sock   ; (the path to the socket file)
diff --git a/scripts/build.sh b/scripts/build.sh
index c7964854c..044bc5472 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [ -z "$BASH_VERSION" ]; then
   echo "Wrong interpreter, please run \"$0\" with bash"
diff --git a/scripts/control.py b/scripts/control.py
index 3f54a5abe..82fdcfca4 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 from __future__ import print_function
 
diff --git a/scripts/install.py b/scripts/install.py
index a3bb7f658..7da37381a 100755
--- a/scripts/install.py
+++ b/scripts/install.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 from __future__ import print_function
 
diff --git a/scripts/malcolm_appliance_packager.sh b/scripts/malcolm_appliance_packager.sh
index 7c8b8f5a7..f5ba51763 100755
--- a/scripts/malcolm_appliance_packager.sh
+++ b/scripts/malcolm_appliance_packager.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [ -z "$BASH_VERSION" ]; then
   echo "Wrong interpreter, please run \"$0\" with bash"
diff --git a/scripts/malcolm_common.py b/scripts/malcolm_common.py
index 279cd3184..645f69bc9 100644
--- a/scripts/malcolm_common.py
+++ b/scripts/malcolm_common.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 from __future__ import print_function
 
diff --git a/scripts/package_zeek_logs.sh b/scripts/package_zeek_logs.sh
index 0c981eb3a..371902184 100755
--- a/scripts/package_zeek_logs.sh
+++ b/scripts/package_zeek_logs.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # package up Zeek logs in a format more suitable for upload to Malcolm
 #
diff --git a/sensor-iso/README.md b/sensor-iso/README.md
index 450ed3e0b..8866ddaed 100644
--- a/sensor-iso/README.md
+++ b/sensor-iso/README.md
@@ -557,7 +557,7 @@ If you are interesting in developing your own network traffic capture appliance
 
 # <a name="Footer"></a>Copyright
 
-Hedgehog Linux - part of [Malcolm](https://github.com/idaholab/Malcolm) - is Copyright 2019 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.
+Hedgehog Linux - part of [Malcolm](https://github.com/idaholab/Malcolm) - is Copyright 2020 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.
 
 See [`License.txt`](https://raw.githubusercontent.com/idaholab/Malcolm/master/License.txt) for the terms of its release.
 
diff --git a/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot b/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot
index 8b115387d..b643f901e 100755
--- a/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 export LC_ALL=C.UTF-8
 export LANG=C.UTF-8
diff --git a/sensor-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot b/sensor-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot
index ee7289e31..35e21e0c1 100755
--- a/sensor-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 sed -i 's/^exit 0//' /etc/rc.local 2>/dev/null
 
diff --git a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
index b17047537..edf6e4408 100755
--- a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 NETSNIFF_VER="0.6.6"
 NETSNIFF_URL="https://github.com/netsniff-ng/netsniff-ng/archive/v$NETSNIFF_VER.tar.gz"
diff --git a/sensor-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot b/sensor-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot
index 9f02a6be0..ab545bd53 100755
--- a/sensor-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # clone STIG-4-Debian and harbian-audit and clean up some stuff we don't need
 mkdir -p /opt
diff --git a/sensor-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot b/sensor-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
index 457c3bb6c..10461f70f 100755
--- a/sensor-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # remove development packages
 apt-get -y --purge remove checkinstall cmake gdb git libc6-dbg ninja-build \
diff --git a/sensor-iso/config/hooks/normal/0991-security-performance.hook.chroot b/sensor-iso/config/hooks/normal/0991-security-performance.hook.chroot
index acca9f652..a323eb0ff 100755
--- a/sensor-iso/config/hooks/normal/0991-security-performance.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0991-security-performance.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # enable firewall, disallow everything in except SSH
 /usr/sbin/ufw --force enable
diff --git a/sensor-iso/config/hooks/normal/0992-login.hook.chroot b/sensor-iso/config/hooks/normal/0992-login.hook.chroot
index fc60f37cd..45eea6439 100755
--- a/sensor-iso/config/hooks/normal/0992-login.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0992-login.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 sed -i 's/^#autologin-user=.*/autologin-user=sensor/' /etc/lightdm/lightdm.conf
 sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
diff --git a/sensor-iso/config/hooks/normal/0998-localepurge.hook.chroot b/sensor-iso/config/hooks/normal/0998-localepurge.hook.chroot
index 37680b216..48e8ea2e3 100755
--- a/sensor-iso/config/hooks/normal/0998-localepurge.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0998-localepurge.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # remove excess locales
 if [ -f /etc/localepurge-preseed.cfg ] ; then
diff --git a/sensor-iso/config/includes.binary/boot/grub/grub.cfg b/sensor-iso/config/includes.binary/boot/grub/grub.cfg
index 3e9fc23e8..7ac7ff551 100644
--- a/sensor-iso/config/includes.binary/boot/grub/grub.cfg
+++ b/sensor-iso/config/includes.binary/boot/grub/grub.cfg
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set default=0
 set timeout=-1
diff --git a/sensor-iso/config/includes.binary/install/preseed.cfg b/sensor-iso/config/includes.binary/install/preseed.cfg
index fb66ffed4..d43f02ad3 100644
--- a/sensor-iso/config/includes.binary/install/preseed.cfg
+++ b/sensor-iso/config/includes.binary/install/preseed.cfg
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 d-i debian-installer/locale string en_US.UTF-8
 d-i console-setup/ask_detect boolean false
diff --git a/sensor-iso/config/includes.binary/install/preseed_base.cfg b/sensor-iso/config/includes.binary/install/preseed_base.cfg
index a1fdf360b..b6aa69a7b 100644
--- a/sensor-iso/config/includes.binary/install/preseed_base.cfg
+++ b/sensor-iso/config/includes.binary/install/preseed_base.cfg
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 d-i netcfg/enable boolean false
 d-i netcfg/choose_interface select auto
diff --git a/sensor-iso/config/includes.binary/install/preseed_vmware.cfg b/sensor-iso/config/includes.binary/install/preseed_vmware.cfg
index 097fbb754..0a199b98c 100644
--- a/sensor-iso/config/includes.binary/install/preseed_vmware.cfg
+++ b/sensor-iso/config/includes.binary/install/preseed_vmware.cfg
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 d-i debian-installer/locale string en_US.UTF-8
 d-i console-setup/ask_detect boolean false
diff --git a/sensor-iso/config/includes.chroot/opt/zeek/bin/zeek.sh b/sensor-iso/config/includes.chroot/opt/zeek/bin/zeek.sh
index de064466d..507c9590c 100755
--- a/sensor-iso/config/includes.chroot/opt/zeek/bin/zeek.sh
+++ b/sensor-iso/config/includes.chroot/opt/zeek/bin/zeek.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # configuration variables may be specified in control_vars.conf rather than on the command line
 CONTROL_VARS_FILE="control_vars.conf"
diff --git a/sensor-iso/config/includes.chroot/opt/zeek/bin/zeekdeploy.sh b/sensor-iso/config/includes.chroot/opt/zeek/bin/zeekdeploy.sh
index e8c496490..1b7d9da2b 100755
--- a/sensor-iso/config/includes.chroot/opt/zeek/bin/zeekdeploy.sh
+++ b/sensor-iso/config/includes.chroot/opt/zeek/bin/zeekdeploy.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # get utilities for finding default zeek path and executable
 [[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
diff --git a/sensor-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor.zeek b/sensor-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor.zeek
index d481665c8..217e91494 100644
--- a/sensor-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor.zeek
+++ b/sensor-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor.zeek
@@ -1,6 +1,6 @@
 #!/usr/bin/env zeek
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 @load ./extractor_params
 
diff --git a/sensor-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor_params.zeek b/sensor-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor_params.zeek
index b1882f37c..9f5dd286f 100644
--- a/sensor-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor_params.zeek
+++ b/sensor-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor_params.zeek
@@ -1,6 +1,6 @@
 #!/usr/bin/env zeek
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 export {
   const extractor_extract_none      = "none" &redef;
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index 1e55ec163..61baae9a1 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -2175,7 +2175,7 @@ Hedgehog Linux targets the following guidelines for establishing a secure config
 
 # <a name="Footer"></a>Copyright
 
-Hedgehog Linux - part of [Malcolm](https://github.com/idaholab/Malcolm) - is Copyright 2019 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.
+Hedgehog Linux - part of [Malcolm](https://github.com/idaholab/Malcolm) - is Copyright 2020 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.
 
 See [`License.txt`](https://raw.githubusercontent.com/idaholab/Malcolm/master/License.txt) for the terms of its release.
 
diff --git a/sensor-iso/interface/sensor_ctl/auditbeat/sensor_auditbeat_local.sh b/sensor-iso/interface/sensor_ctl/auditbeat/sensor_auditbeat_local.sh
index c053b3540..ba8d45e29 100755
--- a/sensor-iso/interface/sensor_ctl/auditbeat/sensor_auditbeat_local.sh
+++ b/sensor-iso/interface/sensor_ctl/auditbeat/sensor_auditbeat_local.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # force-navigate to script directory (containing config file)
 [[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
diff --git a/sensor-iso/interface/sensor_ctl/clean.sh b/sensor-iso/interface/sensor_ctl/clean.sh
index 315332c55..32c495a3a 100755
--- a/sensor-iso/interface/sensor_ctl/clean.sh
+++ b/sensor-iso/interface/sensor_ctl/clean.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set -e
 
diff --git a/sensor-iso/interface/sensor_ctl/control.sh b/sensor-iso/interface/sensor_ctl/control.sh
index 113417739..843fd834a 100755
--- a/sensor-iso/interface/sensor_ctl/control.sh
+++ b/sensor-iso/interface/sensor_ctl/control.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set -e
 
diff --git a/sensor-iso/interface/sensor_ctl/extractor_override.interesting.zeek b/sensor-iso/interface/sensor_ctl/extractor_override.interesting.zeek
index a6a8d304b..45a92cba1 100644
--- a/sensor-iso/interface/sensor_ctl/extractor_override.interesting.zeek
+++ b/sensor-iso/interface/sensor_ctl/extractor_override.interesting.zeek
@@ -1,6 +1,6 @@
 #!/usr/bin/env zeek
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 export {
   redef extractor_always_extract_unknown = F;
diff --git a/sensor-iso/interface/sensor_ctl/filebeat-syslog/sensor_filebeat-syslog_local.sh b/sensor-iso/interface/sensor_ctl/filebeat-syslog/sensor_filebeat-syslog_local.sh
index c0bc6d066..d6f5f59e0 100755
--- a/sensor-iso/interface/sensor_ctl/filebeat-syslog/sensor_filebeat-syslog_local.sh
+++ b/sensor-iso/interface/sensor_ctl/filebeat-syslog/sensor_filebeat-syslog_local.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # force-navigate to script directory (containing config file)
 [[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
diff --git a/sensor-iso/interface/sensor_ctl/filebeat/filebeat.yml b/sensor-iso/interface/sensor_ctl/filebeat/filebeat.yml
index 3db0c1f31..f4ea38e31 100644
--- a/sensor-iso/interface/sensor_ctl/filebeat/filebeat.yml
+++ b/sensor-iso/interface/sensor_ctl/filebeat/filebeat.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 logging.metrics.enabled: false
 
diff --git a/sensor-iso/interface/sensor_ctl/filebeat/sensor_filebeat_local.sh b/sensor-iso/interface/sensor_ctl/filebeat/sensor_filebeat_local.sh
index 6f9c161e8..305df9981 100755
--- a/sensor-iso/interface/sensor_ctl/filebeat/sensor_filebeat_local.sh
+++ b/sensor-iso/interface/sensor_ctl/filebeat/sensor_filebeat_local.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [ -z "$CAPTURE_PATH" ]; then
   CAPTURE_PATH="$HOME/bro_logs"
diff --git a/sensor-iso/interface/sensor_ctl/heatbeat/sensor_heatbeat_local.sh b/sensor-iso/interface/sensor_ctl/heatbeat/sensor_heatbeat_local.sh
index 6b7e1e6cd..9c5e566f8 100755
--- a/sensor-iso/interface/sensor_ctl/heatbeat/sensor_heatbeat_local.sh
+++ b/sensor-iso/interface/sensor_ctl/heatbeat/sensor_heatbeat_local.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # force-navigate to script directory (containing config file)
 [[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
diff --git a/sensor-iso/interface/sensor_ctl/metricbeat/sensor_metricbeat_local.sh b/sensor-iso/interface/sensor_ctl/metricbeat/sensor_metricbeat_local.sh
index 2dd7285c2..0255838bb 100755
--- a/sensor-iso/interface/sensor_ctl/metricbeat/sensor_metricbeat_local.sh
+++ b/sensor-iso/interface/sensor_ctl/metricbeat/sensor_metricbeat_local.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # force-navigate to script directory (containing config file)
 [[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
diff --git a/sensor-iso/interface/sensor_ctl/scripts/log_disk_space.sh b/sensor-iso/interface/sensor_ctl/scripts/log_disk_space.sh
index 1a36ef84f..6a0e7d77b 100755
--- a/sensor-iso/interface/sensor_ctl/scripts/log_disk_space.sh
+++ b/sensor-iso/interface/sensor_ctl/scripts/log_disk_space.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 SPACE_STRING="$(/bin/df -lh --output=source,target,avail,size,pcent | tail -n +2 | grep '^/dev' |  tr -s ' ' ',' | cut -d, -f2,3,4,5 | sed 's/^/\[/' | sed 's/$/\]/' | tr '\n' '.')"
 logger "${SPACE_STRING}"
diff --git a/sensor-iso/interface/sensor_ctl/scripts/log_temperature.sh b/sensor-iso/interface/sensor_ctl/scripts/log_temperature.sh
index 9797f5c92..e5c434f98 100755
--- a/sensor-iso/interface/sensor_ctl/scripts/log_temperature.sh
+++ b/sensor-iso/interface/sensor_ctl/scripts/log_temperature.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 AVG_TEMP="$(sensors 2>/dev/null | grep '^Core\s[[:digit:]]\+:' | sed -e 's/[[:space:]]\+/,/g' | cut -d',' -f3 | sed "s/^\+//" | sed "s/°.*//" | awk '{ total += $1; count++ } END { if (count > 0) { print total/count } }')"
 HDD_TEMP="$(hddtemp /dev/sd? 2>/dev/null | grep -v "S\.M\.A\.R\.T\. not available" | sed 's/^/\[/' | sed 's/$/\]/' | tr '\n' ',' | sed 's/,$//')"
diff --git a/sensor-iso/interface/sensor_ctl/supervisor.init/moloch_config_populate.sh b/sensor-iso/interface/sensor_ctl/supervisor.init/moloch_config_populate.sh
index 10b8d6f9a..4a05a0a30 100755
--- a/sensor-iso/interface/sensor_ctl/supervisor.init/moloch_config_populate.sh
+++ b/sensor-iso/interface/sensor_ctl/supervisor.init/moloch_config_populate.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 export MOLOCH_HTTPS_FLAG=""
 
diff --git a/sensor-iso/interface/sensor_ctl/supervisor.sh b/sensor-iso/interface/sensor_ctl/supervisor.sh
index a8162643e..daec446a1 100755
--- a/sensor-iso/interface/sensor_ctl/supervisor.sh
+++ b/sensor-iso/interface/sensor_ctl/supervisor.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set -e
 
diff --git a/sensor-iso/interface/sensor_interface/routes.py b/sensor-iso/interface/sensor_interface/routes.py
index d7147a51a..dd9db6dc7 100644
--- a/sensor-iso/interface/sensor_interface/routes.py
+++ b/sensor-iso/interface/sensor_interface/routes.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import psutil, time, json, logging, os
 from .sysquery import sys_service as sys_s
diff --git a/sensor-iso/interface/sensor_interface/static/js/custom.js b/sensor-iso/interface/sensor_interface/static/js/custom.js
index ce75e1268..1f533513b 100644
--- a/sensor-iso/interface/sensor_interface/static/js/custom.js
+++ b/sensor-iso/interface/sensor_interface/static/js/custom.js
@@ -1,4 +1,4 @@
-// Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+// Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 function start_all() {
     var xhttp = new XMLHttpRequest();
diff --git a/sensor-iso/interface/sensor_interface/sysquery/sys_service.py b/sensor-iso/interface/sensor_interface/sysquery/sys_service.py
index f6484f1ec..874e43eb1 100644
--- a/sensor-iso/interface/sensor_interface/sysquery/sys_service.py
+++ b/sensor-iso/interface/sensor_interface/sysquery/sys_service.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import subprocess, json
 import os
diff --git a/sensor-iso/moloch/Dockerfile b/sensor-iso/moloch/Dockerfile
index 231459d1d..5266ee072 100644
--- a/sensor-iso/moloch/Dockerfile
+++ b/sensor-iso/moloch/Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:buster-slim
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 LABEL maintainer="malcolm.netsec@gmail.com"
 
diff --git a/sensor-iso/moloch/build-docker-image.sh b/sensor-iso/moloch/build-docker-image.sh
index 734efa473..1f08a41d4 100755
--- a/sensor-iso/moloch/build-docker-image.sh
+++ b/sensor-iso/moloch/build-docker-image.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # force-navigate to script directory
 SCRIPT_PATH="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
diff --git a/sensor-iso/moloch/build-moloch-deb.sh b/sensor-iso/moloch/build-moloch-deb.sh
index cde8736bd..97ceb55e8 100755
--- a/sensor-iso/moloch/build-moloch-deb.sh
+++ b/sensor-iso/moloch/build-moloch-deb.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 OUTPUT_DIR="/tmp"
 unset VERBOSE
diff --git a/sensor-iso/vagrant/Vagrantfile b/sensor-iso/vagrant/Vagrantfile
index f04723742..05b5c2cb3 100644
--- a/sensor-iso/vagrant/Vagrantfile
+++ b/sensor-iso/vagrant/Vagrantfile
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 unless Vagrant.has_plugin?("vagrant-reload")
   raise 'vagrant-reload plugin is not installed!'
diff --git a/shared/bin/agg-init.sh b/shared/bin/agg-init.sh
index 9d28eae31..192a7c965 100755
--- a/shared/bin/agg-init.sh
+++ b/shared/bin/agg-init.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 SCRIPT_PATH="$(dirname $(realpath -e "${BASH_SOURCE[0]}"))"
 
diff --git a/shared/bin/beat-log-temperature.py b/shared/bin/beat-log-temperature.py
index a7dc665c8..68be3e0ce 100755
--- a/shared/bin/beat-log-temperature.py
+++ b/shared/bin/beat-log-temperature.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3.7
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import os
 import re
diff --git a/shared/bin/capture-format-wait.sh b/shared/bin/capture-format-wait.sh
index e98f88cff..bc0571fb6 100755
--- a/shared/bin/capture-format-wait.sh
+++ b/shared/bin/capture-format-wait.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 function finish {
   pkill -f "zenity.*Preparing Storage"
diff --git a/shared/bin/common-init.sh b/shared/bin/common-init.sh
index 56669b145..00002602a 100755
--- a/shared/bin/common-init.sh
+++ b/shared/bin/common-init.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 declare -A IFACES
 
diff --git a/shared/bin/configure-capture.py b/shared/bin/configure-capture.py
index 804c65120..04981a17d 100755
--- a/shared/bin/configure-capture.py
+++ b/shared/bin/configure-capture.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3.7
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # script for configuring sensor capture and forwarding parameters
 
diff --git a/shared/bin/configure-interfaces.py b/shared/bin/configure-interfaces.py
index f3856db78..de4c87510 100755
--- a/shared/bin/configure-interfaces.py
+++ b/shared/bin/configure-interfaces.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3.7
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # script for configuring sensor network interface controller(s)
 
diff --git a/shared/bin/cron_env_centos.sh b/shared/bin/cron_env_centos.sh
index 8d1f6405d..69fc7970d 100755
--- a/shared/bin/cron_env_centos.sh
+++ b/shared/bin/cron_env_centos.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 printenv | sed -r "s/'/\\\'/gm" | sed -r "s/^([^=]+=)(.*)\$/\1'\2'/gm" > /etc/environment
diff --git a/shared/bin/cron_env_deb.sh b/shared/bin/cron_env_deb.sh
index f529febfe..65423c7d5 100755
--- a/shared/bin/cron_env_deb.sh
+++ b/shared/bin/cron_env_deb.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 printenv | sed -r "s/'/\\\'/gm" | sed -r "s/^([^=]+=)(.*)\$/\1'\2'/gm" > /etc/environment
diff --git a/shared/bin/docker-load-wait.sh b/shared/bin/docker-load-wait.sh
index 2c9ef6efb..48e7fcc42 100755
--- a/shared/bin/docker-load-wait.sh
+++ b/shared/bin/docker-load-wait.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 function finish {
   pkill -f "zenity.*Preparing Malcolm"
diff --git a/shared/bin/elastic_search_status.sh b/shared/bin/elastic_search_status.sh
index 286077073..14d08e35c 100755
--- a/shared/bin/elastic_search_status.sh
+++ b/shared/bin/elastic_search_status.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set -e
 
diff --git a/shared/bin/fstab.py b/shared/bin/fstab.py
index fe5c2e465..d8400caf4 100644
--- a/shared/bin/fstab.py
+++ b/shared/bin/fstab.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # fstab interpreter
 
diff --git a/shared/bin/malass_client.py b/shared/bin/malass_client.py
index bb4eca5e6..06395afc7 100644
--- a/shared/bin/malass_client.py
+++ b/shared/bin/malass_client.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3.7
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 """This script (malass_client.py) simulates the Malass 'file upload' HTML web form.
    The 'file upload' HTML form is used to 'upload a file', and several HTML form fields,
diff --git a/shared/bin/pcap_moloch_and_zeek_processor.py b/shared/bin/pcap_moloch_and_zeek_processor.py
index 678ce41b5..efab0a901 100755
--- a/shared/bin/pcap_moloch_and_zeek_processor.py
+++ b/shared/bin/pcap_moloch_and_zeek_processor.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Process queued files reported by pcap_watcher.py, using either moloch-capture or zeek to process
diff --git a/shared/bin/pcap_utils.py b/shared/bin/pcap_utils.py
index 3271657f4..abb5a949d 100644
--- a/shared/bin/pcap_utils.py
+++ b/shared/bin/pcap_utils.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import os
 import re
diff --git a/shared/bin/pcap_watcher.py b/shared/bin/pcap_watcher.py
index f7fa8b653..104a19d16 100755
--- a/shared/bin/pcap_watcher.py
+++ b/shared/bin/pcap_watcher.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Monitor a directory for PCAP files for processing (by publishing their filenames to a ZMQ socket)
diff --git a/shared/bin/preseed_late_user_config.sh b/shared/bin/preseed_late_user_config.sh
index 0edf41379..73ad4aa32 100755
--- a/shared/bin/preseed_late_user_config.sh
+++ b/shared/bin/preseed_late_user_config.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ##################################################################################
 # prompt whether to autologin or not
diff --git a/shared/bin/prune_files.sh b/shared/bin/prune_files.sh
index f84747408..31af00474 100755
--- a/shared/bin/prune_files.sh
+++ b/shared/bin/prune_files.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # recursion depth (1 = not recursive)
 DEPTH=1
diff --git a/shared/bin/sensor-capture-disk-config.py b/shared/bin/sensor-capture-disk-config.py
index 5d807ed02..34718ae8b 100755
--- a/shared/bin/sensor-capture-disk-config.py
+++ b/shared/bin/sensor-capture-disk-config.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3.7
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Detect, partition, and format devices to be used for sensor packet/log captures.
diff --git a/shared/bin/sensor-init.sh b/shared/bin/sensor-init.sh
index ec1d65e61..9d2db0cca 100755
--- a/shared/bin/sensor-init.sh
+++ b/shared/bin/sensor-init.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 SCRIPT_PATH="$(dirname $(realpath -e "${BASH_SOURCE[0]}"))"
 
diff --git a/shared/bin/sensorcommon.py b/shared/bin/sensorcommon.py
index 12d4c75ac..9e15886c5 100644
--- a/shared/bin/sensorcommon.py
+++ b/shared/bin/sensorcommon.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3.7
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import argparse
 import ipaddress
diff --git a/shared/bin/sensormetric.py b/shared/bin/sensormetric.py
index 0b7e0ca11..756675832 100644
--- a/shared/bin/sensormetric.py
+++ b/shared/bin/sensormetric.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3.7
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import subprocess
 import socket
diff --git a/shared/bin/ufw_allow_viewer.sh b/shared/bin/ufw_allow_viewer.sh
index 1fdd2cfa7..39832ae25 100644
--- a/shared/bin/ufw_allow_viewer.sh
+++ b/shared/bin/ufw_allow_viewer.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # manage a UFW rule for allowing a remote Moloch viewer instance (on the same host
 # to which moloch-capture is forwarding session logs) to connect to and
diff --git a/shared/bin/zeek_carve_logger.py b/shared/bin/zeek_carve_logger.py
index 7c5950769..d306251c2 100755
--- a/shared/bin/zeek_carve_logger.py
+++ b/shared/bin/zeek_carve_logger.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Monitor a directory for files extracted by zeek for processing
diff --git a/shared/bin/zeek_carve_scanner.py b/shared/bin/zeek_carve_scanner.py
index 2a1757221..d612a81c5 100755
--- a/shared/bin/zeek_carve_scanner.py
+++ b/shared/bin/zeek_carve_scanner.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Process queued files reported by zeek_carve_watcher.py, scanning them with the specified
diff --git a/shared/bin/zeek_carve_utils.py b/shared/bin/zeek_carve_utils.py
index 73138c21b..6f39460ee 100644
--- a/shared/bin/zeek_carve_utils.py
+++ b/shared/bin/zeek_carve_utils.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import clamd
 import hashlib
diff --git a/shared/bin/zeek_carve_watcher.py b/shared/bin/zeek_carve_watcher.py
index 5fb7a8d9a..64c729d76 100755
--- a/shared/bin/zeek_carve_watcher.py
+++ b/shared/bin/zeek_carve_watcher.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Monitor a directory for files extracted by zeek for processing
diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh
index 07a69b2e3..fb7f9c3fe 100755
--- a/shared/bin/zeek_install_plugins.sh
+++ b/shared/bin/zeek_install_plugins.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [ -z "$BASH_VERSION" ]; then
   echo "Wrong interpreter, please run \"$0\" with bash"
diff --git a/shared/vbox-guest-build/Dockerfile b/shared/vbox-guest-build/Dockerfile
index 7ea971e6e..886b6b24c 100644
--- a/shared/vbox-guest-build/Dockerfile
+++ b/shared/vbox-guest-build/Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:buster-slim
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 LABEL maintainer="malcolm.netsec@gmail.com"
 
diff --git a/shared/vbox-guest-build/build-docker-image.sh b/shared/vbox-guest-build/build-docker-image.sh
index e9e63c4fb..f3405fe34 100755
--- a/shared/vbox-guest-build/build-docker-image.sh
+++ b/shared/vbox-guest-build/build-docker-image.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # force-navigate to script directory
 SCRIPT_PATH="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
diff --git a/shared/vbox-guest-build/build-vboxguest-deb.sh b/shared/vbox-guest-build/build-vboxguest-deb.sh
index 432d71620..c34d0749d 100755
--- a/shared/vbox-guest-build/build-vboxguest-deb.sh
+++ b/shared/vbox-guest-build/build-vboxguest-deb.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 OUTPUT_DIR="/tmp"
 unset VERBOSE
diff --git a/zeek/config/extractor.zeek b/zeek/config/extractor.zeek
index d481665c8..217e91494 100644
--- a/zeek/config/extractor.zeek
+++ b/zeek/config/extractor.zeek
@@ -1,6 +1,6 @@
 #!/usr/bin/env zeek
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 @load ./extractor_params
 
diff --git a/zeek/config/extractor_override.interesting.zeek b/zeek/config/extractor_override.interesting.zeek
index a6a8d304b..45a92cba1 100644
--- a/zeek/config/extractor_override.interesting.zeek
+++ b/zeek/config/extractor_override.interesting.zeek
@@ -1,6 +1,6 @@
 #!/usr/bin/env zeek
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 export {
   redef extractor_always_extract_unknown = F;
diff --git a/zeek/config/extractor_params.zeek b/zeek/config/extractor_params.zeek
index 5adfa48dc..bc367a895 100644
--- a/zeek/config/extractor_params.zeek
+++ b/zeek/config/extractor_params.zeek
@@ -1,6 +1,6 @@
 #!/usr/bin/env zeek
 
-# Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 export {
   const extractor_extract_none      = "none" &redef;
diff --git a/zeek/supervisord.conf b/zeek/supervisord.conf
index f5349bb28..db115cde3 100644
--- a/zeek/supervisord.conf
+++ b/zeek/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2019 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/var/run/supervisor.sock   ; (the path to the socket file)

From f61fddb235271ef7a1e5fc659818445481bae103 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 24 Feb 2020 09:14:02 -0700
Subject: [PATCH 111/183] update style of upload screen to match the rest of
 the app

---
 Dockerfiles/file-upload.Dockerfile            |  9 ++++---
 .../jquery-file-upload/bootstrap.min.css      | 12 +++++++++
 file-upload/jquery-file-upload/index.html     | 27 ++++++++++++++-----
 3 files changed, 37 insertions(+), 11 deletions(-)
 create mode 100644 file-upload/jquery-file-upload/bootstrap.min.css

diff --git a/Dockerfiles/file-upload.Dockerfile b/Dockerfiles/file-upload.Dockerfile
index 4ea8f7f07..95b825d29 100644
--- a/Dockerfiles/file-upload.Dockerfile
+++ b/Dockerfiles/file-upload.Dockerfile
@@ -52,14 +52,15 @@ RUN apt-get update && \
     apt-get clean -y -q && \
     rm -rf /var/lib/apt/lists/*
 
-ADD file-upload/supervisord.conf /supervisord.conf
-ADD file-upload/jquery-file-upload/index.html /var/www/upload/index.html
 ADD docs/images/logo/Malcolm_banner.png /var/www/upload/Malcolm_banner.png
+ADD file-upload/docker-entrypoint.sh /docker-entrypoint.sh
+ADD file-upload/jquery-file-upload/bootstrap.min.css /var/www/upload/bower_components/bootstrap/dist/css/bootstrap.min.css
+ADD file-upload/jquery-file-upload/index.html /var/www/upload/index.html
 ADD file-upload/jquery-file-upload/index.php /var/www/upload/server/php/index.php
-ADD file-upload/php/php.ini /etc/php/7.3/fpm/php.ini
 ADD file-upload/nginx/sites-available/default /etc/nginx/sites-available/default
+ADD file-upload/php/php.ini /etc/php/7.3/fpm/php.ini
 ADD file-upload/sshd_config /tmp/sshd_config
-ADD file-upload/docker-entrypoint.sh /docker-entrypoint.sh
+ADD file-upload/supervisord.conf /supervisord.conf
 
 RUN mkdir -p /var/run/sshd /var/www/upload/server/php/chroot /run/php && \
   mv /var/www/upload/server/php/files /var/www/upload/server/php/chroot && \
diff --git a/file-upload/jquery-file-upload/bootstrap.min.css b/file-upload/jquery-file-upload/bootstrap.min.css
new file mode 100644
index 000000000..523da07bf
--- /dev/null
+++ b/file-upload/jquery-file-upload/bootstrap.min.css
@@ -0,0 +1,12 @@
+/*!
+ * Bootswatch v4.4.1
+ * Homepage: https://bootswatch.com
+ * Copyright 2012-2020 Thomas Park
+ * Licensed under MIT
+ * Based on Bootstrap
+*//*!
+ * Bootstrap v4.4.1 (https://getbootstrap.com/)
+ * Copyright 2011-2019 The Bootstrap Authors
+ * Copyright 2011-2019 Twitter, Inc.
+ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
+ */:root{--blue: #007bff;--indigo: #6610f2;--purple: #6f42c1;--pink: #e83e8c;--red: #ee5f5b;--orange: #fd7e14;--yellow: #f89406;--green: #62c462;--teal: #20c997;--cyan: #5bc0de;--white: #fff;--gray: #7A8288;--gray-dark: #3A3F44;--primary: #3A3F44;--secondary: #7A8288;--success: #62c462;--info: #5bc0de;--warning: #f89406;--danger: #ee5f5b;--light: #e9ecef;--dark: #272B30;--breakpoint-xs: 0;--breakpoint-sm: 576px;--breakpoint-md: 768px;--breakpoint-lg: 992px;--breakpoint-xl: 1200px;--font-family-sans-serif: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";--font-family-monospace: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace}*,*::before,*::after{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-family:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:rgba(0,0,0,0)}article,aside,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}body{margin:0;font-family:-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";font-size:0.9375rem;font-weight:400;line-height:1.5;color:#aaa;text-align:left;background-color:#272B30}[tabindex="-1"]:focus:not(:focus-visible){outline:0 !important}hr{-webkit-box-sizing:content-box;box-sizing:content-box;height:0;overflow:visible}h1,h2,h3,h4,h5,h6{margin-top:0;margin-bottom:0.5rem}p{margin-top:0;margin-bottom:1rem}abbr[title],abbr[data-original-title]{text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0;text-decoration-skip-ink:none}address{margin-bottom:1rem;font-style:normal;line-height:inherit}ol,ul,dl{margin-top:0;margin-bottom:1rem}ol ol,ul ul,ol ul,ul ol{margin-bottom:0}dt{font-weight:700}dd{margin-bottom:.5rem;margin-left:0}blockquote{margin:0 0 1rem}b,strong{font-weight:bolder}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}a{color:#fff;text-decoration:none;background-color:transparent}a:hover{color:#d9d9d9;text-decoration:underline}a:not([href]){color:inherit;text-decoration:none}a:not([href]):hover{color:inherit;text-decoration:none}pre,code,kbd,samp{font-family:SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;font-size:1em}pre{margin-top:0;margin-bottom:1rem;overflow:auto}figure{margin:0 0 1rem}img{vertical-align:middle;border-style:none}svg{overflow:hidden;vertical-align:middle}table{border-collapse:collapse}caption{padding-top:0.75rem;padding-bottom:0.75rem;color:#7A8288;text-align:left;caption-side:bottom}th{text-align:inherit}label{display:inline-block;margin-bottom:0.5rem}button{border-radius:0}button:focus{outline:1px dotted;outline:5px auto -webkit-focus-ring-color}input,button,select,optgroup,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,input{overflow:visible}button,select{text-transform:none}select{word-wrap:normal}button,[type="button"],[type="reset"],[type="submit"]{-webkit-appearance:button}button:not(:disabled),[type="button"]:not(:disabled),[type="reset"]:not(:disabled),[type="submit"]:not(:disabled){cursor:pointer}button::-moz-focus-inner,[type="button"]::-moz-focus-inner,[type="reset"]::-moz-focus-inner,[type="submit"]::-moz-focus-inner{padding:0;border-style:none}input[type="radio"],input[type="checkbox"]{-webkit-box-sizing:border-box;box-sizing:border-box;padding:0}input[type="date"],input[type="time"],input[type="datetime-local"],input[type="month"]{-webkit-appearance:listbox}textarea{overflow:auto;resize:vertical}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;max-width:100%;padding:0;margin-bottom:.5rem;font-size:1.5rem;line-height:inherit;color:inherit;white-space:normal}progress{vertical-align:baseline}[type="number"]::-webkit-inner-spin-button,[type="number"]::-webkit-outer-spin-button{height:auto}[type="search"]{outline-offset:-2px;-webkit-appearance:none}[type="search"]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{font:inherit;-webkit-appearance:button}output{display:inline-block}summary{display:list-item;cursor:pointer}template{display:none}[hidden]{display:none !important}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{margin-bottom:0.5rem;font-weight:500;line-height:1.2}h1,.h1{font-size:2.34375rem}h2,.h2{font-size:1.875rem}h3,.h3{font-size:1.640625rem}h4,.h4{font-size:1.40625rem}h5,.h5{font-size:1.171875rem}h6,.h6{font-size:0.9375rem}.lead{font-size:1.171875rem;font-weight:300}.display-1{font-size:6rem;font-weight:300;line-height:1.2}.display-2{font-size:5.5rem;font-weight:300;line-height:1.2}.display-3{font-size:4.5rem;font-weight:300;line-height:1.2}.display-4{font-size:3.5rem;font-weight:300;line-height:1.2}hr{margin-top:1rem;margin-bottom:1rem;border:0;border-top:1px solid rgba(0,0,0,0.1)}small,.small{font-size:80%;font-weight:400}mark,.mark{padding:0.2em;background-color:#fcf8e3}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none}.list-inline-item{display:inline-block}.list-inline-item:not(:last-child){margin-right:0.5rem}.initialism{font-size:90%;text-transform:uppercase}.blockquote{margin-bottom:1rem;font-size:1.171875rem}.blockquote-footer{display:block;font-size:80%;color:#7A8288}.blockquote-footer::before{content:"\2014\00A0"}.img-fluid{max-width:100%;height:auto}.img-thumbnail{padding:0.25rem;background-color:#272B30;border:1px solid #dee2e6;border-radius:0.25rem;max-width:100%;height:auto}.figure{display:inline-block}.figure-img{margin-bottom:0.5rem;line-height:1}.figure-caption{font-size:90%;color:#7A8288}code{font-size:87.5%;color:#e83e8c;word-wrap:break-word}a>code{color:inherit}kbd{padding:0.2rem 0.4rem;font-size:87.5%;color:#fff;background-color:#272B30;border-radius:0.2rem}kbd kbd{padding:0;font-size:100%;font-weight:700}pre{display:block;font-size:87.5%;color:inherit}pre code{font-size:inherit;color:inherit;word-break:normal}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{width:100%;padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-width: 576px){.container{max-width:540px}}@media (min-width: 768px){.container{max-width:720px}}@media (min-width: 992px){.container{max-width:960px}}@media (min-width: 1200px){.container{max-width:1140px}}.container-fluid,.container-sm,.container-md,.container-lg,.container-xl{width:100%;padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-width: 576px){.container,.container-sm{max-width:540px}}@media (min-width: 768px){.container,.container-sm,.container-md{max-width:720px}}@media (min-width: 992px){.container,.container-sm,.container-md,.container-lg{max-width:960px}}@media (min-width: 1200px){.container,.container-sm,.container-md,.container-lg,.container-xl{max-width:1140px}}.row{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;margin-right:-15px;margin-left:-15px}.no-gutters{margin-right:0;margin-left:0}.no-gutters>.col,.no-gutters>[class*="col-"]{padding-right:0;padding-left:0}.col-1,.col-2,.col-3,.col-4,.col-5,.col-6,.col-7,.col-8,.col-9,.col-10,.col-11,.col-12,.col,.col-auto,.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm,.col-sm-auto,.col-md-1,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-10,.col-md-11,.col-md-12,.col-md,.col-md-auto,.col-lg-1,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg,.col-lg-auto,.col-xl-1,.col-xl-2,.col-xl-3,.col-xl-4,.col-xl-5,.col-xl-6,.col-xl-7,.col-xl-8,.col-xl-9,.col-xl-10,.col-xl-11,.col-xl-12,.col-xl,.col-xl-auto{position:relative;width:100%;padding-right:15px;padding-left:15px}.col{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.row-cols-1>*{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.row-cols-2>*{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.row-cols-3>*{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.row-cols-4>*{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.row-cols-5>*{-webkit-box-flex:0;-ms-flex:0 0 20%;flex:0 0 20%;max-width:20%}.row-cols-6>*{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-1{-webkit-box-flex:0;-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-2{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-4{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-5{-webkit-box-flex:0;-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-7{-webkit-box-flex:0;-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-8{-webkit-box-flex:0;-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-10{-webkit-box-flex:0;-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-11{-webkit-box-flex:0;-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-1{margin-left:8.3333333333%}.offset-2{margin-left:16.6666666667%}.offset-3{margin-left:25%}.offset-4{margin-left:33.3333333333%}.offset-5{margin-left:41.6666666667%}.offset-6{margin-left:50%}.offset-7{margin-left:58.3333333333%}.offset-8{margin-left:66.6666666667%}.offset-9{margin-left:75%}.offset-10{margin-left:83.3333333333%}.offset-11{margin-left:91.6666666667%}@media (min-width: 576px){.col-sm{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.row-cols-sm-1>*{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.row-cols-sm-2>*{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.row-cols-sm-3>*{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.row-cols-sm-4>*{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.row-cols-sm-5>*{-webkit-box-flex:0;-ms-flex:0 0 20%;flex:0 0 20%;max-width:20%}.row-cols-sm-6>*{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-sm-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-sm-1{-webkit-box-flex:0;-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-sm-2{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-sm-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-sm-4{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-sm-5{-webkit-box-flex:0;-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-sm-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-sm-7{-webkit-box-flex:0;-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-sm-8{-webkit-box-flex:0;-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-sm-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-sm-10{-webkit-box-flex:0;-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-sm-11{-webkit-box-flex:0;-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-sm-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-sm-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-sm-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-sm-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-sm-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-sm-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-sm-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-sm-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-sm-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-sm-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-sm-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-sm-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-sm-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-sm-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-sm-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-sm-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-sm-0{margin-left:0}.offset-sm-1{margin-left:8.3333333333%}.offset-sm-2{margin-left:16.6666666667%}.offset-sm-3{margin-left:25%}.offset-sm-4{margin-left:33.3333333333%}.offset-sm-5{margin-left:41.6666666667%}.offset-sm-6{margin-left:50%}.offset-sm-7{margin-left:58.3333333333%}.offset-sm-8{margin-left:66.6666666667%}.offset-sm-9{margin-left:75%}.offset-sm-10{margin-left:83.3333333333%}.offset-sm-11{margin-left:91.6666666667%}}@media (min-width: 768px){.col-md{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.row-cols-md-1>*{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.row-cols-md-2>*{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.row-cols-md-3>*{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.row-cols-md-4>*{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.row-cols-md-5>*{-webkit-box-flex:0;-ms-flex:0 0 20%;flex:0 0 20%;max-width:20%}.row-cols-md-6>*{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-md-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-md-1{-webkit-box-flex:0;-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-md-2{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-md-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-md-4{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-md-5{-webkit-box-flex:0;-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-md-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-md-7{-webkit-box-flex:0;-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-md-8{-webkit-box-flex:0;-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-md-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-md-10{-webkit-box-flex:0;-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-md-11{-webkit-box-flex:0;-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-md-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-md-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-md-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-md-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-md-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-md-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-md-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-md-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-md-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-md-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-md-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-md-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-md-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-md-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-md-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-md-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-md-0{margin-left:0}.offset-md-1{margin-left:8.3333333333%}.offset-md-2{margin-left:16.6666666667%}.offset-md-3{margin-left:25%}.offset-md-4{margin-left:33.3333333333%}.offset-md-5{margin-left:41.6666666667%}.offset-md-6{margin-left:50%}.offset-md-7{margin-left:58.3333333333%}.offset-md-8{margin-left:66.6666666667%}.offset-md-9{margin-left:75%}.offset-md-10{margin-left:83.3333333333%}.offset-md-11{margin-left:91.6666666667%}}@media (min-width: 992px){.col-lg{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.row-cols-lg-1>*{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.row-cols-lg-2>*{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.row-cols-lg-3>*{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.row-cols-lg-4>*{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.row-cols-lg-5>*{-webkit-box-flex:0;-ms-flex:0 0 20%;flex:0 0 20%;max-width:20%}.row-cols-lg-6>*{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-lg-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-lg-1{-webkit-box-flex:0;-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-lg-2{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-lg-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-lg-4{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-lg-5{-webkit-box-flex:0;-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-lg-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-lg-7{-webkit-box-flex:0;-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-lg-8{-webkit-box-flex:0;-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-lg-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-lg-10{-webkit-box-flex:0;-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-lg-11{-webkit-box-flex:0;-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-lg-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-lg-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-lg-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-lg-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-lg-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-lg-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-lg-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-lg-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-lg-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-lg-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-lg-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-lg-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-lg-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-lg-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-lg-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-lg-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-lg-0{margin-left:0}.offset-lg-1{margin-left:8.3333333333%}.offset-lg-2{margin-left:16.6666666667%}.offset-lg-3{margin-left:25%}.offset-lg-4{margin-left:33.3333333333%}.offset-lg-5{margin-left:41.6666666667%}.offset-lg-6{margin-left:50%}.offset-lg-7{margin-left:58.3333333333%}.offset-lg-8{margin-left:66.6666666667%}.offset-lg-9{margin-left:75%}.offset-lg-10{margin-left:83.3333333333%}.offset-lg-11{margin-left:91.6666666667%}}@media (min-width: 1200px){.col-xl{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.row-cols-xl-1>*{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.row-cols-xl-2>*{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.row-cols-xl-3>*{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.row-cols-xl-4>*{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.row-cols-xl-5>*{-webkit-box-flex:0;-ms-flex:0 0 20%;flex:0 0 20%;max-width:20%}.row-cols-xl-6>*{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-xl-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-xl-1{-webkit-box-flex:0;-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-xl-2{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-xl-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-xl-4{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-xl-5{-webkit-box-flex:0;-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-xl-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-xl-7{-webkit-box-flex:0;-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-xl-8{-webkit-box-flex:0;-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-xl-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-xl-10{-webkit-box-flex:0;-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-xl-11{-webkit-box-flex:0;-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-xl-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-xl-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-xl-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-xl-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-xl-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-xl-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-xl-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-xl-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-xl-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-xl-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-xl-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-xl-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-xl-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-xl-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-xl-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-xl-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-xl-0{margin-left:0}.offset-xl-1{margin-left:8.3333333333%}.offset-xl-2{margin-left:16.6666666667%}.offset-xl-3{margin-left:25%}.offset-xl-4{margin-left:33.3333333333%}.offset-xl-5{margin-left:41.6666666667%}.offset-xl-6{margin-left:50%}.offset-xl-7{margin-left:58.3333333333%}.offset-xl-8{margin-left:66.6666666667%}.offset-xl-9{margin-left:75%}.offset-xl-10{margin-left:83.3333333333%}.offset-xl-11{margin-left:91.6666666667%}}.table{width:100%;margin-bottom:1rem;color:#fff}.table th,.table td{padding:0.75rem;vertical-align:top;border-top:1px solid rgba(0,0,0,0.6)}.table thead th{vertical-align:bottom;border-bottom:2px solid rgba(0,0,0,0.6)}.table tbody+tbody{border-top:2px solid rgba(0,0,0,0.6)}.table-sm th,.table-sm td{padding:0.3rem}.table-bordered{border:1px solid rgba(0,0,0,0.6)}.table-bordered th,.table-bordered td{border:1px solid rgba(0,0,0,0.6)}.table-bordered thead th,.table-bordered thead td{border-bottom-width:2px}.table-borderless th,.table-borderless td,.table-borderless thead th,.table-borderless tbody+tbody{border:0}.table-striped tbody tr:nth-of-type(odd){background-color:rgba(255,255,255,0.05)}.table-hover tbody tr:hover{color:#fff;background-color:rgba(255,255,255,0.075)}.table-primary,.table-primary>th,.table-primary>td{background-color:#c8c9cb}.table-primary th,.table-primary td,.table-primary thead th,.table-primary tbody+tbody{border-color:#999b9e}.table-hover .table-primary:hover{background-color:#bbbcbf}.table-hover .table-primary:hover>td,.table-hover .table-primary:hover>th{background-color:#bbbcbf}.table-secondary,.table-secondary>th,.table-secondary>td{background-color:#dadcde}.table-secondary th,.table-secondary td,.table-secondary thead th,.table-secondary tbody+tbody{border-color:#babec1}.table-hover .table-secondary:hover{background-color:#cdcfd2}.table-hover .table-secondary:hover>td,.table-hover .table-secondary:hover>th{background-color:#cdcfd2}.table-success,.table-success>th,.table-success>td{background-color:#d3eed3}.table-success th,.table-success td,.table-success thead th,.table-success tbody+tbody{border-color:#ade0ad}.table-hover .table-success:hover{background-color:#c1e7c1}.table-hover .table-success:hover>td,.table-hover .table-success:hover>th{background-color:#c1e7c1}.table-info,.table-info>th,.table-info>td{background-color:#d1edf6}.table-info th,.table-info td,.table-info thead th,.table-info tbody+tbody{border-color:#aadeee}.table-hover .table-info:hover{background-color:#bce5f2}.table-hover .table-info:hover>td,.table-hover .table-info:hover>th{background-color:#bce5f2}.table-warning,.table-warning>th,.table-warning>td{background-color:#fde1b9}.table-warning th,.table-warning td,.table-warning thead th,.table-warning tbody+tbody{border-color:#fbc77e}.table-hover .table-warning:hover{background-color:#fcd6a0}.table-hover .table-warning:hover>td,.table-hover .table-warning:hover>th{background-color:#fcd6a0}.table-danger,.table-danger>th,.table-danger>td{background-color:#fad2d1}.table-danger th,.table-danger td,.table-danger thead th,.table-danger tbody+tbody{border-color:#f6acaa}.table-hover .table-danger:hover{background-color:#f8bcba}.table-hover .table-danger:hover>td,.table-hover .table-danger:hover>th{background-color:#f8bcba}.table-light,.table-light>th,.table-light>td{background-color:#f9fafb}.table-light th,.table-light td,.table-light thead th,.table-light tbody+tbody{border-color:#f4f5f7}.table-hover .table-light:hover{background-color:#eaedf1}.table-hover .table-light:hover>td,.table-hover .table-light:hover>th{background-color:#eaedf1}.table-dark,.table-dark>th,.table-dark>td{background-color:#c3c4c5}.table-dark th,.table-dark td,.table-dark thead th,.table-dark tbody+tbody{border-color:#8f9193}.table-hover .table-dark:hover{background-color:#b6b7b8}.table-hover .table-dark:hover>td,.table-hover .table-dark:hover>th{background-color:#b6b7b8}.table-active,.table-active>th,.table-active>td{background-color:rgba(255,255,255,0.075)}.table-hover .table-active:hover{background-color:rgba(242,242,242,0.075)}.table-hover .table-active:hover>td,.table-hover .table-active:hover>th{background-color:rgba(242,242,242,0.075)}.table .thead-dark th{color:#fff;background-color:#3A3F44;border-color:rgba(0,0,0,0.6)}.table .thead-light th{color:#52575C;background-color:#e9ecef;border-color:rgba(0,0,0,0.6)}.table-dark{color:#fff;background-color:#3A3F44}.table-dark th,.table-dark td,.table-dark thead th{border-color:rgba(0,0,0,0.6)}.table-dark.table-bordered{border:0}.table-dark.table-striped tbody tr:nth-of-type(odd){background-color:rgba(255,255,255,0.05)}.table-dark.table-hover tbody tr:hover{color:#fff;background-color:rgba(255,255,255,0.075)}@media (max-width: 575.98px){.table-responsive-sm{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive-sm>.table-bordered{border:0}}@media (max-width: 767.98px){.table-responsive-md{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive-md>.table-bordered{border:0}}@media (max-width: 991.98px){.table-responsive-lg{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive-lg>.table-bordered{border:0}}@media (max-width: 1199.98px){.table-responsive-xl{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive-xl>.table-bordered{border:0}}.table-responsive{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive>.table-bordered{border:0}.form-control{display:block;width:100%;height:calc(1.5em + 1.5rem + 2px);padding:0.75rem 1rem;font-size:0.9375rem;font-weight:400;line-height:1.5;color:#52575C;background-color:#fff;background-clip:padding-box;border:1px solid #ced4da;border-radius:0.25rem;-webkit-transition:border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;transition:border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out}@media (prefers-reduced-motion: reduce){.form-control{-webkit-transition:none;transition:none}}.form-control::-ms-expand{background-color:transparent;border:0}.form-control:-moz-focusring{color:transparent;text-shadow:0 0 0 #52575C}.form-control:focus{color:#52575C;background-color:#fff;border-color:#757f89;outline:0;-webkit-box-shadow:0 0 0 0.2rem rgba(58,63,68,0.25);box-shadow:0 0 0 0.2rem rgba(58,63,68,0.25)}.form-control::-webkit-input-placeholder{color:#7A8288;opacity:1}.form-control::-ms-input-placeholder{color:#7A8288;opacity:1}.form-control::placeholder{color:#7A8288;opacity:1}.form-control:disabled,.form-control[readonly]{background-color:#ccc;opacity:1}select.form-control:focus::-ms-value{color:#52575C;background-color:#fff}.form-control-file,.form-control-range{display:block;width:100%}.col-form-label{padding-top:calc(0.75rem + 1px);padding-bottom:calc(0.75rem + 1px);margin-bottom:0;font-size:inherit;line-height:1.5}.col-form-label-lg{padding-top:calc(0.5rem + 1px);padding-bottom:calc(0.5rem + 1px);font-size:1.171875rem;line-height:1.5}.col-form-label-sm{padding-top:calc(0.25rem + 1px);padding-bottom:calc(0.25rem + 1px);font-size:0.8203125rem;line-height:1.5}.form-control-plaintext{display:block;width:100%;padding:0.75rem 0;margin-bottom:0;font-size:0.9375rem;line-height:1.5;color:#aaa;background-color:transparent;border:solid transparent;border-width:1px 0}.form-control-plaintext.form-control-sm,.form-control-plaintext.form-control-lg{padding-right:0;padding-left:0}.form-control-sm{height:calc(1.5em + 0.5rem + 2px);padding:0.25rem 0.5rem;font-size:0.8203125rem;line-height:1.5;border-radius:0.2rem}.form-control-lg{height:calc(1.5em + 1rem + 2px);padding:0.5rem 1rem;font-size:1.171875rem;line-height:1.5;border-radius:0.3rem}select.form-control[size],select.form-control[multiple]{height:auto}textarea.form-control{height:auto}.form-group{margin-bottom:1rem}.form-text{display:block;margin-top:0.25rem}.form-row{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;margin-right:-5px;margin-left:-5px}.form-row>.col,.form-row>[class*="col-"]{padding-right:5px;padding-left:5px}.form-check{position:relative;display:block;padding-left:1.25rem}.form-check-input{position:absolute;margin-top:0.3rem;margin-left:-1.25rem}.form-check-input[disabled] ~ .form-check-label,.form-check-input:disabled ~ .form-check-label{color:#7A8288}.form-check-label{margin-bottom:0}.form-check-inline{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;padding-left:0;margin-right:0.75rem}.form-check-inline .form-check-input{position:static;margin-top:0;margin-right:0.3125rem;margin-left:0}.valid-feedback{display:none;width:100%;margin-top:0.25rem;font-size:80%;color:#62c462}.valid-tooltip{position:absolute;top:100%;z-index:5;display:none;max-width:100%;padding:0.25rem 0.5rem;margin-top:.1rem;font-size:0.8203125rem;line-height:1.5;color:#fff;background-color:rgba(98,196,98,0.9);border-radius:0.25rem}.was-validated :valid ~ .valid-feedback,.was-validated :valid ~ .valid-tooltip,.is-valid ~ .valid-feedback,.is-valid ~ .valid-tooltip{display:block}.was-validated .form-control:valid,.form-control.is-valid{border-color:#62c462;padding-right:calc(1.5em + 1.5rem);background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='8' height='8' viewBox='0 0 8 8'%3e%3cpath fill='%2362c462' d='M2.3 6.73L.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1z'/%3e%3c/svg%3e");background-repeat:no-repeat;background-position:right calc(0.375em + 0.375rem) center;background-size:calc(0.75em + 0.75rem) calc(0.75em + 0.75rem)}.was-validated .form-control:valid:focus,.form-control.is-valid:focus{border-color:#62c462;-webkit-box-shadow:0 0 0 0.2rem rgba(98,196,98,0.25);box-shadow:0 0 0 0.2rem rgba(98,196,98,0.25)}.was-validated textarea.form-control:valid,textarea.form-control.is-valid{padding-right:calc(1.5em + 1.5rem);background-position:top calc(0.375em + 0.375rem) right calc(0.375em + 0.375rem)}.was-validated .custom-select:valid,.custom-select.is-valid{border-color:#62c462;padding-right:calc(0.75em + 3.125rem);background:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='4' height='5' viewBox='0 0 4 5'%3e%3cpath fill='%233A3F44' d='M2 0L0 2h4zm0 5L0 3h4z'/%3e%3c/svg%3e") no-repeat right 1rem center/8px 10px,url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='8' height='8' viewBox='0 0 8 8'%3e%3cpath fill='%2362c462' d='M2.3 6.73L.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1z'/%3e%3c/svg%3e") #fff no-repeat center right 2rem/calc(0.75em + 0.75rem) calc(0.75em + 0.75rem)}.was-validated .custom-select:valid:focus,.custom-select.is-valid:focus{border-color:#62c462;-webkit-box-shadow:0 0 0 0.2rem rgba(98,196,98,0.25);box-shadow:0 0 0 0.2rem rgba(98,196,98,0.25)}.was-validated .form-check-input:valid ~ .form-check-label,.form-check-input.is-valid ~ .form-check-label{color:#62c462}.was-validated .form-check-input:valid ~ .valid-feedback,.was-validated .form-check-input:valid ~ .valid-tooltip,.form-check-input.is-valid ~ .valid-feedback,.form-check-input.is-valid ~ .valid-tooltip{display:block}.was-validated .custom-control-input:valid ~ .custom-control-label,.custom-control-input.is-valid ~ .custom-control-label{color:#62c462}.was-validated .custom-control-input:valid ~ .custom-control-label::before,.custom-control-input.is-valid ~ .custom-control-label::before{border-color:#62c462}.was-validated .custom-control-input:valid:checked ~ .custom-control-label::before,.custom-control-input.is-valid:checked ~ .custom-control-label::before{border-color:#87d287;background-color:#87d287}.was-validated .custom-control-input:valid:focus ~ .custom-control-label::before,.custom-control-input.is-valid:focus ~ .custom-control-label::before{-webkit-box-shadow:0 0 0 0.2rem rgba(98,196,98,0.25);box-shadow:0 0 0 0.2rem rgba(98,196,98,0.25)}.was-validated .custom-control-input:valid:focus:not(:checked) ~ .custom-control-label::before,.custom-control-input.is-valid:focus:not(:checked) ~ .custom-control-label::before{border-color:#62c462}.was-validated .custom-file-input:valid ~ .custom-file-label,.custom-file-input.is-valid ~ .custom-file-label{border-color:#62c462}.was-validated .custom-file-input:valid:focus ~ .custom-file-label,.custom-file-input.is-valid:focus ~ .custom-file-label{border-color:#62c462;-webkit-box-shadow:0 0 0 0.2rem rgba(98,196,98,0.25);box-shadow:0 0 0 0.2rem rgba(98,196,98,0.25)}.invalid-feedback{display:none;width:100%;margin-top:0.25rem;font-size:80%;color:#ee5f5b}.invalid-tooltip{position:absolute;top:100%;z-index:5;display:none;max-width:100%;padding:0.25rem 0.5rem;margin-top:.1rem;font-size:0.8203125rem;line-height:1.5;color:#fff;background-color:rgba(238,95,91,0.9);border-radius:0.25rem}.was-validated :invalid ~ .invalid-feedback,.was-validated :invalid ~ .invalid-tooltip,.is-invalid ~ .invalid-feedback,.is-invalid ~ .invalid-tooltip{display:block}.was-validated .form-control:invalid,.form-control.is-invalid{border-color:#ee5f5b;padding-right:calc(1.5em + 1.5rem);background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23ee5f5b' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ee5f5b' stroke='none'/%3e%3c/svg%3e");background-repeat:no-repeat;background-position:right calc(0.375em + 0.375rem) center;background-size:calc(0.75em + 0.75rem) calc(0.75em + 0.75rem)}.was-validated .form-control:invalid:focus,.form-control.is-invalid:focus{border-color:#ee5f5b;-webkit-box-shadow:0 0 0 0.2rem rgba(238,95,91,0.25);box-shadow:0 0 0 0.2rem rgba(238,95,91,0.25)}.was-validated textarea.form-control:invalid,textarea.form-control.is-invalid{padding-right:calc(1.5em + 1.5rem);background-position:top calc(0.375em + 0.375rem) right calc(0.375em + 0.375rem)}.was-validated .custom-select:invalid,.custom-select.is-invalid{border-color:#ee5f5b;padding-right:calc(0.75em + 3.125rem);background:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='4' height='5' viewBox='0 0 4 5'%3e%3cpath fill='%233A3F44' d='M2 0L0 2h4zm0 5L0 3h4z'/%3e%3c/svg%3e") no-repeat right 1rem center/8px 10px,url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23ee5f5b' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ee5f5b' stroke='none'/%3e%3c/svg%3e") #fff no-repeat center right 2rem/calc(0.75em + 0.75rem) calc(0.75em + 0.75rem)}.was-validated .custom-select:invalid:focus,.custom-select.is-invalid:focus{border-color:#ee5f5b;-webkit-box-shadow:0 0 0 0.2rem rgba(238,95,91,0.25);box-shadow:0 0 0 0.2rem rgba(238,95,91,0.25)}.was-validated .form-check-input:invalid ~ .form-check-label,.form-check-input.is-invalid ~ .form-check-label{color:#ee5f5b}.was-validated .form-check-input:invalid ~ .invalid-feedback,.was-validated .form-check-input:invalid ~ .invalid-tooltip,.form-check-input.is-invalid ~ .invalid-feedback,.form-check-input.is-invalid ~ .invalid-tooltip{display:block}.was-validated .custom-control-input:invalid ~ .custom-control-label,.custom-control-input.is-invalid ~ .custom-control-label{color:#ee5f5b}.was-validated .custom-control-input:invalid ~ .custom-control-label::before,.custom-control-input.is-invalid ~ .custom-control-label::before{border-color:#ee5f5b}.was-validated .custom-control-input:invalid:checked ~ .custom-control-label::before,.custom-control-input.is-invalid:checked ~ .custom-control-label::before{border-color:#f38c89;background-color:#f38c89}.was-validated .custom-control-input:invalid:focus ~ .custom-control-label::before,.custom-control-input.is-invalid:focus ~ .custom-control-label::before{-webkit-box-shadow:0 0 0 0.2rem rgba(238,95,91,0.25);box-shadow:0 0 0 0.2rem rgba(238,95,91,0.25)}.was-validated .custom-control-input:invalid:focus:not(:checked) ~ .custom-control-label::before,.custom-control-input.is-invalid:focus:not(:checked) ~ .custom-control-label::before{border-color:#ee5f5b}.was-validated .custom-file-input:invalid ~ .custom-file-label,.custom-file-input.is-invalid ~ .custom-file-label{border-color:#ee5f5b}.was-validated .custom-file-input:invalid:focus ~ .custom-file-label,.custom-file-input.is-invalid:focus ~ .custom-file-label{border-color:#ee5f5b;-webkit-box-shadow:0 0 0 0.2rem rgba(238,95,91,0.25);box-shadow:0 0 0 0.2rem rgba(238,95,91,0.25)}.form-inline{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.form-inline .form-check{width:100%}@media (min-width: 576px){.form-inline label{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;margin-bottom:0}.form-inline .form-group{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center;margin-bottom:0}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-plaintext{display:inline-block}.form-inline .input-group,.form-inline .custom-select{width:auto}.form-inline .form-check{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;width:auto;padding-left:0}.form-inline .form-check-input{position:relative;-ms-flex-negative:0;flex-shrink:0;margin-top:0;margin-right:0.25rem;margin-left:0}.form-inline .custom-control{-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.form-inline .custom-control-label{margin-bottom:0}}.btn{display:inline-block;font-weight:400;color:#aaa;text-align:center;vertical-align:middle;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-color:transparent;border:1px solid transparent;padding:0.75rem 1rem;font-size:0.9375rem;line-height:1.5;border-radius:0.25rem;-webkit-transition:color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;transition:color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out}@media (prefers-reduced-motion: reduce){.btn{-webkit-transition:none;transition:none}}.btn:hover{color:#aaa;text-decoration:none}.btn:focus,.btn.focus{outline:0;-webkit-box-shadow:0 0 0 0.2rem rgba(58,63,68,0.25);box-shadow:0 0 0 0.2rem rgba(58,63,68,0.25)}.btn.disabled,.btn:disabled{opacity:0.65}a.btn.disabled,fieldset:disabled a.btn{pointer-events:none}.btn-primary{color:#fff;background-color:#3A3F44;border-color:#3A3F44}.btn-primary:hover{color:#fff;background-color:#282c2f;border-color:#232628}.btn-primary:focus,.btn-primary.focus{color:#fff;background-color:#282c2f;border-color:#232628;-webkit-box-shadow:0 0 0 0.2rem rgba(88,92,96,0.5);box-shadow:0 0 0 0.2rem rgba(88,92,96,0.5)}.btn-primary.disabled,.btn-primary:disabled{color:#fff;background-color:#3A3F44;border-color:#3A3F44}.btn-primary:not(:disabled):not(.disabled):active,.btn-primary:not(:disabled):not(.disabled).active,.show>.btn-primary.dropdown-toggle{color:#fff;background-color:#232628;border-color:#1d1f22}.btn-primary:not(:disabled):not(.disabled):active:focus,.btn-primary:not(:disabled):not(.disabled).active:focus,.show>.btn-primary.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(88,92,96,0.5);box-shadow:0 0 0 0.2rem rgba(88,92,96,0.5)}.btn-secondary{color:#fff;background-color:#7A8288;border-color:#7A8288}.btn-secondary:hover{color:#fff;background-color:#686f74;border-color:#62686d}.btn-secondary:focus,.btn-secondary.focus{color:#fff;background-color:#686f74;border-color:#62686d;-webkit-box-shadow:0 0 0 0.2rem rgba(142,149,154,0.5);box-shadow:0 0 0 0.2rem rgba(142,149,154,0.5)}.btn-secondary.disabled,.btn-secondary:disabled{color:#fff;background-color:#7A8288;border-color:#7A8288}.btn-secondary:not(:disabled):not(.disabled):active,.btn-secondary:not(:disabled):not(.disabled).active,.show>.btn-secondary.dropdown-toggle{color:#fff;background-color:#62686d;border-color:#5c6267}.btn-secondary:not(:disabled):not(.disabled):active:focus,.btn-secondary:not(:disabled):not(.disabled).active:focus,.show>.btn-secondary.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(142,149,154,0.5);box-shadow:0 0 0 0.2rem rgba(142,149,154,0.5)}.btn-success{color:#fff;background-color:#62c462;border-color:#62c462}.btn-success:hover{color:#fff;background-color:#46ba46;border-color:#42b142}.btn-success:focus,.btn-success.focus{color:#fff;background-color:#46ba46;border-color:#42b142;-webkit-box-shadow:0 0 0 0.2rem rgba(122,205,122,0.5);box-shadow:0 0 0 0.2rem rgba(122,205,122,0.5)}.btn-success.disabled,.btn-success:disabled{color:#fff;background-color:#62c462;border-color:#62c462}.btn-success:not(:disabled):not(.disabled):active,.btn-success:not(:disabled):not(.disabled).active,.show>.btn-success.dropdown-toggle{color:#fff;background-color:#42b142;border-color:#3fa73f}.btn-success:not(:disabled):not(.disabled):active:focus,.btn-success:not(:disabled):not(.disabled).active:focus,.show>.btn-success.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(122,205,122,0.5);box-shadow:0 0 0 0.2rem rgba(122,205,122,0.5)}.btn-info{color:#fff;background-color:#5bc0de;border-color:#5bc0de}.btn-info:hover{color:#fff;background-color:#3bb4d8;border-color:#31b0d5}.btn-info:focus,.btn-info.focus{color:#fff;background-color:#3bb4d8;border-color:#31b0d5;-webkit-box-shadow:0 0 0 0.2rem rgba(116,201,227,0.5);box-shadow:0 0 0 0.2rem rgba(116,201,227,0.5)}.btn-info.disabled,.btn-info:disabled{color:#fff;background-color:#5bc0de;border-color:#5bc0de}.btn-info:not(:disabled):not(.disabled):active,.btn-info:not(:disabled):not(.disabled).active,.show>.btn-info.dropdown-toggle{color:#fff;background-color:#31b0d5;border-color:#2aaacf}.btn-info:not(:disabled):not(.disabled):active:focus,.btn-info:not(:disabled):not(.disabled).active:focus,.show>.btn-info.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(116,201,227,0.5);box-shadow:0 0 0 0.2rem rgba(116,201,227,0.5)}.btn-warning{color:#fff;background-color:#f89406;border-color:#f89406}.btn-warning:hover{color:#fff;background-color:#d37e05;border-color:#c67605}.btn-warning:focus,.btn-warning.focus{color:#fff;background-color:#d37e05;border-color:#c67605;-webkit-box-shadow:0 0 0 0.2rem rgba(249,164,43,0.5);box-shadow:0 0 0 0.2rem rgba(249,164,43,0.5)}.btn-warning.disabled,.btn-warning:disabled{color:#fff;background-color:#f89406;border-color:#f89406}.btn-warning:not(:disabled):not(.disabled):active,.btn-warning:not(:disabled):not(.disabled).active,.show>.btn-warning.dropdown-toggle{color:#fff;background-color:#c67605;border-color:#ba6f04}.btn-warning:not(:disabled):not(.disabled):active:focus,.btn-warning:not(:disabled):not(.disabled).active:focus,.show>.btn-warning.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(249,164,43,0.5);box-shadow:0 0 0 0.2rem rgba(249,164,43,0.5)}.btn-danger{color:#fff;background-color:#ee5f5b;border-color:#ee5f5b}.btn-danger:hover{color:#fff;background-color:#ea3d38;border-color:#e9322d}.btn-danger:focus,.btn-danger.focus{color:#fff;background-color:#ea3d38;border-color:#e9322d;-webkit-box-shadow:0 0 0 0.2rem rgba(241,119,116,0.5);box-shadow:0 0 0 0.2rem rgba(241,119,116,0.5)}.btn-danger.disabled,.btn-danger:disabled{color:#fff;background-color:#ee5f5b;border-color:#ee5f5b}.btn-danger:not(:disabled):not(.disabled):active,.btn-danger:not(:disabled):not(.disabled).active,.show>.btn-danger.dropdown-toggle{color:#fff;background-color:#e9322d;border-color:#e82721}.btn-danger:not(:disabled):not(.disabled):active:focus,.btn-danger:not(:disabled):not(.disabled).active:focus,.show>.btn-danger.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(241,119,116,0.5);box-shadow:0 0 0 0.2rem rgba(241,119,116,0.5)}.btn-light{color:#272B30;background-color:#e9ecef;border-color:#e9ecef}.btn-light:hover{color:#272B30;background-color:#d3d9df;border-color:#cbd3da}.btn-light:focus,.btn-light.focus{color:#272B30;background-color:#d3d9df;border-color:#cbd3da;-webkit-box-shadow:0 0 0 0.2rem rgba(204,207,210,0.5);box-shadow:0 0 0 0.2rem rgba(204,207,210,0.5)}.btn-light.disabled,.btn-light:disabled{color:#272B30;background-color:#e9ecef;border-color:#e9ecef}.btn-light:not(:disabled):not(.disabled):active,.btn-light:not(:disabled):not(.disabled).active,.show>.btn-light.dropdown-toggle{color:#272B30;background-color:#cbd3da;border-color:#c4ccd4}.btn-light:not(:disabled):not(.disabled):active:focus,.btn-light:not(:disabled):not(.disabled).active:focus,.show>.btn-light.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(204,207,210,0.5);box-shadow:0 0 0 0.2rem rgba(204,207,210,0.5)}.btn-dark{color:#fff;background-color:#272B30;border-color:#272B30}.btn-dark:hover{color:#fff;background-color:#16181b;border-color:#101214}.btn-dark:focus,.btn-dark.focus{color:#fff;background-color:#16181b;border-color:#101214;-webkit-box-shadow:0 0 0 0.2rem rgba(71,75,79,0.5);box-shadow:0 0 0 0.2rem rgba(71,75,79,0.5)}.btn-dark.disabled,.btn-dark:disabled{color:#fff;background-color:#272B30;border-color:#272B30}.btn-dark:not(:disabled):not(.disabled):active,.btn-dark:not(:disabled):not(.disabled).active,.show>.btn-dark.dropdown-toggle{color:#fff;background-color:#101214;border-color:#0a0b0d}.btn-dark:not(:disabled):not(.disabled):active:focus,.btn-dark:not(:disabled):not(.disabled).active:focus,.show>.btn-dark.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(71,75,79,0.5);box-shadow:0 0 0 0.2rem rgba(71,75,79,0.5)}.btn-outline-primary{color:#3A3F44;border-color:#3A3F44}.btn-outline-primary:hover{color:#fff;background-color:#3A3F44;border-color:#3A3F44}.btn-outline-primary:focus,.btn-outline-primary.focus{-webkit-box-shadow:0 0 0 0.2rem rgba(58,63,68,0.5);box-shadow:0 0 0 0.2rem rgba(58,63,68,0.5)}.btn-outline-primary.disabled,.btn-outline-primary:disabled{color:#3A3F44;background-color:transparent}.btn-outline-primary:not(:disabled):not(.disabled):active,.btn-outline-primary:not(:disabled):not(.disabled).active,.show>.btn-outline-primary.dropdown-toggle{color:#fff;background-color:#3A3F44;border-color:#3A3F44}.btn-outline-primary:not(:disabled):not(.disabled):active:focus,.btn-outline-primary:not(:disabled):not(.disabled).active:focus,.show>.btn-outline-primary.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(58,63,68,0.5);box-shadow:0 0 0 0.2rem rgba(58,63,68,0.5)}.btn-outline-secondary{color:#7A8288;border-color:#7A8288}.btn-outline-secondary:hover{color:#fff;background-color:#7A8288;border-color:#7A8288}.btn-outline-secondary:focus,.btn-outline-secondary.focus{-webkit-box-shadow:0 0 0 0.2rem rgba(122,130,136,0.5);box-shadow:0 0 0 0.2rem rgba(122,130,136,0.5)}.btn-outline-secondary.disabled,.btn-outline-secondary:disabled{color:#7A8288;background-color:transparent}.btn-outline-secondary:not(:disabled):not(.disabled):active,.btn-outline-secondary:not(:disabled):not(.disabled).active,.show>.btn-outline-secondary.dropdown-toggle{color:#fff;background-color:#7A8288;border-color:#7A8288}.btn-outline-secondary:not(:disabled):not(.disabled):active:focus,.btn-outline-secondary:not(:disabled):not(.disabled).active:focus,.show>.btn-outline-secondary.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(122,130,136,0.5);box-shadow:0 0 0 0.2rem rgba(122,130,136,0.5)}.btn-outline-success{color:#62c462;border-color:#62c462}.btn-outline-success:hover{color:#fff;background-color:#62c462;border-color:#62c462}.btn-outline-success:focus,.btn-outline-success.focus{-webkit-box-shadow:0 0 0 0.2rem rgba(98,196,98,0.5);box-shadow:0 0 0 0.2rem rgba(98,196,98,0.5)}.btn-outline-success.disabled,.btn-outline-success:disabled{color:#62c462;background-color:transparent}.btn-outline-success:not(:disabled):not(.disabled):active,.btn-outline-success:not(:disabled):not(.disabled).active,.show>.btn-outline-success.dropdown-toggle{color:#fff;background-color:#62c462;border-color:#62c462}.btn-outline-success:not(:disabled):not(.disabled):active:focus,.btn-outline-success:not(:disabled):not(.disabled).active:focus,.show>.btn-outline-success.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(98,196,98,0.5);box-shadow:0 0 0 0.2rem rgba(98,196,98,0.5)}.btn-outline-info{color:#5bc0de;border-color:#5bc0de}.btn-outline-info:hover{color:#fff;background-color:#5bc0de;border-color:#5bc0de}.btn-outline-info:focus,.btn-outline-info.focus{-webkit-box-shadow:0 0 0 0.2rem rgba(91,192,222,0.5);box-shadow:0 0 0 0.2rem rgba(91,192,222,0.5)}.btn-outline-info.disabled,.btn-outline-info:disabled{color:#5bc0de;background-color:transparent}.btn-outline-info:not(:disabled):not(.disabled):active,.btn-outline-info:not(:disabled):not(.disabled).active,.show>.btn-outline-info.dropdown-toggle{color:#fff;background-color:#5bc0de;border-color:#5bc0de}.btn-outline-info:not(:disabled):not(.disabled):active:focus,.btn-outline-info:not(:disabled):not(.disabled).active:focus,.show>.btn-outline-info.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(91,192,222,0.5);box-shadow:0 0 0 0.2rem rgba(91,192,222,0.5)}.btn-outline-warning{color:#f89406;border-color:#f89406}.btn-outline-warning:hover{color:#fff;background-color:#f89406;border-color:#f89406}.btn-outline-warning:focus,.btn-outline-warning.focus{-webkit-box-shadow:0 0 0 0.2rem rgba(248,148,6,0.5);box-shadow:0 0 0 0.2rem rgba(248,148,6,0.5)}.btn-outline-warning.disabled,.btn-outline-warning:disabled{color:#f89406;background-color:transparent}.btn-outline-warning:not(:disabled):not(.disabled):active,.btn-outline-warning:not(:disabled):not(.disabled).active,.show>.btn-outline-warning.dropdown-toggle{color:#fff;background-color:#f89406;border-color:#f89406}.btn-outline-warning:not(:disabled):not(.disabled):active:focus,.btn-outline-warning:not(:disabled):not(.disabled).active:focus,.show>.btn-outline-warning.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(248,148,6,0.5);box-shadow:0 0 0 0.2rem rgba(248,148,6,0.5)}.btn-outline-danger{color:#ee5f5b;border-color:#ee5f5b}.btn-outline-danger:hover{color:#fff;background-color:#ee5f5b;border-color:#ee5f5b}.btn-outline-danger:focus,.btn-outline-danger.focus{-webkit-box-shadow:0 0 0 0.2rem rgba(238,95,91,0.5);box-shadow:0 0 0 0.2rem rgba(238,95,91,0.5)}.btn-outline-danger.disabled,.btn-outline-danger:disabled{color:#ee5f5b;background-color:transparent}.btn-outline-danger:not(:disabled):not(.disabled):active,.btn-outline-danger:not(:disabled):not(.disabled).active,.show>.btn-outline-danger.dropdown-toggle{color:#fff;background-color:#ee5f5b;border-color:#ee5f5b}.btn-outline-danger:not(:disabled):not(.disabled):active:focus,.btn-outline-danger:not(:disabled):not(.disabled).active:focus,.show>.btn-outline-danger.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(238,95,91,0.5);box-shadow:0 0 0 0.2rem rgba(238,95,91,0.5)}.btn-outline-light{color:#e9ecef;border-color:#e9ecef}.btn-outline-light:hover{color:#272B30;background-color:#e9ecef;border-color:#e9ecef}.btn-outline-light:focus,.btn-outline-light.focus{-webkit-box-shadow:0 0 0 0.2rem rgba(233,236,239,0.5);box-shadow:0 0 0 0.2rem rgba(233,236,239,0.5)}.btn-outline-light.disabled,.btn-outline-light:disabled{color:#e9ecef;background-color:transparent}.btn-outline-light:not(:disabled):not(.disabled):active,.btn-outline-light:not(:disabled):not(.disabled).active,.show>.btn-outline-light.dropdown-toggle{color:#272B30;background-color:#e9ecef;border-color:#e9ecef}.btn-outline-light:not(:disabled):not(.disabled):active:focus,.btn-outline-light:not(:disabled):not(.disabled).active:focus,.show>.btn-outline-light.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(233,236,239,0.5);box-shadow:0 0 0 0.2rem rgba(233,236,239,0.5)}.btn-outline-dark{color:#272B30;border-color:#272B30}.btn-outline-dark:hover{color:#fff;background-color:#272B30;border-color:#272B30}.btn-outline-dark:focus,.btn-outline-dark.focus{-webkit-box-shadow:0 0 0 0.2rem rgba(39,43,48,0.5);box-shadow:0 0 0 0.2rem rgba(39,43,48,0.5)}.btn-outline-dark.disabled,.btn-outline-dark:disabled{color:#272B30;background-color:transparent}.btn-outline-dark:not(:disabled):not(.disabled):active,.btn-outline-dark:not(:disabled):not(.disabled).active,.show>.btn-outline-dark.dropdown-toggle{color:#fff;background-color:#272B30;border-color:#272B30}.btn-outline-dark:not(:disabled):not(.disabled):active:focus,.btn-outline-dark:not(:disabled):not(.disabled).active:focus,.show>.btn-outline-dark.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 0.2rem rgba(39,43,48,0.5);box-shadow:0 0 0 0.2rem rgba(39,43,48,0.5)}.btn-link{font-weight:400;color:#fff;text-decoration:none}.btn-link:hover{color:#d9d9d9;text-decoration:underline}.btn-link:focus,.btn-link.focus{text-decoration:underline;-webkit-box-shadow:none;box-shadow:none}.btn-link:disabled,.btn-link.disabled{color:#7A8288;pointer-events:none}.btn-lg,.btn-group-lg>.btn{padding:0.5rem 1rem;font-size:1.171875rem;line-height:1.5;border-radius:0.3rem}.btn-sm,.btn-group-sm>.btn{padding:0.25rem 0.5rem;font-size:0.8203125rem;line-height:1.5;border-radius:0.2rem}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:0.5rem}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{-webkit-transition:opacity 0.15s linear;transition:opacity 0.15s linear}@media (prefers-reduced-motion: reduce){.fade{-webkit-transition:none;transition:none}}.fade:not(.show){opacity:0}.collapse:not(.show){display:none}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition:height 0.35s ease;transition:height 0.35s ease}@media (prefers-reduced-motion: reduce){.collapsing{-webkit-transition:none;transition:none}}.dropup,.dropright,.dropdown,.dropleft{position:relative}.dropdown-toggle{white-space:nowrap}.dropdown-toggle::after{display:inline-block;margin-left:0.255em;vertical-align:0.255em;content:"";border-top:0.3em solid;border-right:0.3em solid transparent;border-bottom:0;border-left:0.3em solid transparent}.dropdown-toggle:empty::after{margin-left:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:10rem;padding:0.5rem 0;margin:0.125rem 0 0;font-size:0.9375rem;color:#aaa;text-align:left;list-style:none;background-color:#3A3F44;background-clip:padding-box;border:1px solid rgba(0,0,0,0.6);border-radius:0.25rem}.dropdown-menu-left{right:auto;left:0}.dropdown-menu-right{right:0;left:auto}@media (min-width: 576px){.dropdown-menu-sm-left{right:auto;left:0}.dropdown-menu-sm-right{right:0;left:auto}}@media (min-width: 768px){.dropdown-menu-md-left{right:auto;left:0}.dropdown-menu-md-right{right:0;left:auto}}@media (min-width: 992px){.dropdown-menu-lg-left{right:auto;left:0}.dropdown-menu-lg-right{right:0;left:auto}}@media (min-width: 1200px){.dropdown-menu-xl-left{right:auto;left:0}.dropdown-menu-xl-right{right:0;left:auto}}.dropup .dropdown-menu{top:auto;bottom:100%;margin-top:0;margin-bottom:0.125rem}.dropup .dropdown-toggle::after{display:inline-block;margin-left:0.255em;vertical-align:0.255em;content:"";border-top:0;border-right:0.3em solid transparent;border-bottom:0.3em solid;border-left:0.3em solid transparent}.dropup .dropdown-toggle:empty::after{margin-left:0}.dropright .dropdown-menu{top:0;right:auto;left:100%;margin-top:0;margin-left:0.125rem}.dropright .dropdown-toggle::after{display:inline-block;margin-left:0.255em;vertical-align:0.255em;content:"";border-top:0.3em solid transparent;border-right:0;border-bottom:0.3em solid transparent;border-left:0.3em solid}.dropright .dropdown-toggle:empty::after{margin-left:0}.dropright .dropdown-toggle::after{vertical-align:0}.dropleft .dropdown-menu{top:0;right:100%;left:auto;margin-top:0;margin-right:0.125rem}.dropleft .dropdown-toggle::after{display:inline-block;margin-left:0.255em;vertical-align:0.255em;content:""}.dropleft .dropdown-toggle::after{display:none}.dropleft .dropdown-toggle::before{display:inline-block;margin-right:0.255em;vertical-align:0.255em;content:"";border-top:0.3em solid transparent;border-right:0.3em solid;border-bottom:0.3em solid transparent}.dropleft .dropdown-toggle:empty::after{margin-left:0}.dropleft .dropdown-toggle::before{vertical-align:0}.dropdown-menu[x-placement^="top"],.dropdown-menu[x-placement^="right"],.dropdown-menu[x-placement^="bottom"],.dropdown-menu[x-placement^="left"]{right:auto;bottom:auto}.dropdown-divider{height:0;margin:0.5rem 0;overflow:hidden;border-top:1px solid rgba(0,0,0,0.15)}.dropdown-item{display:block;width:100%;padding:0.25rem 1.5rem;clear:both;font-weight:400;color:#aaa;text-align:inherit;white-space:nowrap;background-color:transparent;border:0}.dropdown-item:hover,.dropdown-item:focus{color:#fff;text-decoration:none;background-color:#272B30}.dropdown-item.active,.dropdown-item:active{color:#fff;text-decoration:none;background-color:#3A3F44}.dropdown-item.disabled,.dropdown-item:disabled{color:#7A8288;pointer-events:none;background-color:transparent}.dropdown-menu.show{display:block}.dropdown-header{display:block;padding:0.5rem 1.5rem;margin-bottom:0;font-size:0.8203125rem;color:#7A8288;white-space:nowrap}.dropdown-item-text{display:block;padding:0.25rem 1.5rem;color:#aaa}.btn-group,.btn-group-vertical{position:relative;display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover{z-index:1}.btn-group>.btn:focus,.btn-group>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn:focus,.btn-group-vertical>.btn:active,.btn-group-vertical>.btn.active{z-index:1}.btn-toolbar{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.btn-toolbar .input-group{width:auto}.btn-group>.btn:not(:first-child),.btn-group>.btn-group:not(:first-child){margin-left:-1px}.btn-group>.btn:not(:last-child):not(.dropdown-toggle),.btn-group>.btn-group:not(:last-child)>.btn{border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn:not(:first-child),.btn-group>.btn-group:not(:first-child)>.btn{border-top-left-radius:0;border-bottom-left-radius:0}.dropdown-toggle-split{padding-right:0.75rem;padding-left:0.75rem}.dropdown-toggle-split::after,.dropup .dropdown-toggle-split::after,.dropright .dropdown-toggle-split::after{margin-left:0}.dropleft .dropdown-toggle-split::before{margin-right:0}.btn-sm+.dropdown-toggle-split,.btn-group-sm>.btn+.dropdown-toggle-split{padding-right:0.375rem;padding-left:0.375rem}.btn-lg+.dropdown-toggle-split,.btn-group-lg>.btn+.dropdown-toggle-split{padding-right:0.75rem;padding-left:0.75rem}.btn-group-vertical{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group{width:100%}.btn-group-vertical>.btn:not(:first-child),.btn-group-vertical>.btn-group:not(:first-child){margin-top:-1px}.btn-group-vertical>.btn:not(:last-child):not(.dropdown-toggle),.btn-group-vertical>.btn-group:not(:last-child)>.btn{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:not(:first-child),.btn-group-vertical>.btn-group:not(:first-child)>.btn{border-top-left-radius:0;border-top-right-radius:0}.btn-group-toggle>.btn,.btn-group-toggle>.btn-group>.btn{margin-bottom:0}.btn-group-toggle>.btn input[type="radio"],.btn-group-toggle>.btn input[type="checkbox"],.btn-group-toggle>.btn-group>.btn input[type="radio"],.btn-group-toggle>.btn-group>.btn input[type="checkbox"]{position:absolute;clip:rect(0, 0, 0, 0);pointer-events:none}.input-group{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;width:100%}.input-group>.form-control,.input-group>.form-control-plaintext,.input-group>.custom-select,.input-group>.custom-file{position:relative;-webkit-box-flex:1;-ms-flex:1 1 0%;flex:1 1 0%;min-width:0;margin-bottom:0}.input-group>.form-control+.form-control,.input-group>.form-control+.custom-select,.input-group>.form-control+.custom-file,.input-group>.form-control-plaintext+.form-control,.input-group>.form-control-plaintext+.custom-select,.input-group>.form-control-plaintext+.custom-file,.input-group>.custom-select+.form-control,.input-group>.custom-select+.custom-select,.input-group>.custom-select+.custom-file,.input-group>.custom-file+.form-control,.input-group>.custom-file+.custom-select,.input-group>.custom-file+.custom-file{margin-left:-1px}.input-group>.form-control:focus,.input-group>.custom-select:focus,.input-group>.custom-file .custom-file-input:focus ~ .custom-file-label{z-index:3}.input-group>.custom-file .custom-file-input:focus{z-index:4}.input-group>.form-control:not(:last-child),.input-group>.custom-select:not(:last-child){border-top-right-radius:0;border-bottom-right-radius:0}.input-group>.form-control:not(:first-child),.input-group>.custom-select:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.input-group>.custom-file{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.input-group>.custom-file:not(:last-child) .custom-file-label,.input-group>.custom-file:not(:last-child) .custom-file-label::after{border-top-right-radius:0;border-bottom-right-radius:0}.input-group>.custom-file:not(:first-child) .custom-file-label{border-top-left-radius:0;border-bottom-left-radius:0}.input-group-prepend,.input-group-append{display:-webkit-box;display:-ms-flexbox;display:flex}.input-group-prepend .btn,.input-group-append .btn{position:relative;z-index:2}.input-group-prepend .btn:focus,.input-group-append .btn:focus{z-index:3}.input-group-prepend .btn+.btn,.input-group-prepend .btn+.input-group-text,.input-group-prepend .input-group-text+.input-group-text,.input-group-prepend .input-group-text+.btn,.input-group-append .btn+.btn,.input-group-append .btn+.input-group-text,.input-group-append .input-group-text+.input-group-text,.input-group-append .input-group-text+.btn{margin-left:-1px}.input-group-prepend{margin-right:-1px}.input-group-append{margin-left:-1px}.input-group-text{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;padding:0.75rem 1rem;margin-bottom:0;font-size:0.9375rem;font-weight:400;line-height:1.5;color:#52575C;text-align:center;white-space:nowrap;background-color:#e9ecef;border:1px solid #ced4da;border-radius:0.25rem}.input-group-text input[type="radio"],.input-group-text input[type="checkbox"]{margin-top:0}.input-group-lg>.form-control:not(textarea),.input-group-lg>.custom-select{height:calc(1.5em + 1rem + 2px)}.input-group-lg>.form-control,.input-group-lg>.custom-select,.input-group-lg>.input-group-prepend>.input-group-text,.input-group-lg>.input-group-append>.input-group-text,.input-group-lg>.input-group-prepend>.btn,.input-group-lg>.input-group-append>.btn{padding:0.5rem 1rem;font-size:1.171875rem;line-height:1.5;border-radius:0.3rem}.input-group-sm>.form-control:not(textarea),.input-group-sm>.custom-select{height:calc(1.5em + 0.5rem + 2px)}.input-group-sm>.form-control,.input-group-sm>.custom-select,.input-group-sm>.input-group-prepend>.input-group-text,.input-group-sm>.input-group-append>.input-group-text,.input-group-sm>.input-group-prepend>.btn,.input-group-sm>.input-group-append>.btn{padding:0.25rem 0.5rem;font-size:0.8203125rem;line-height:1.5;border-radius:0.2rem}.input-group-lg>.custom-select,.input-group-sm>.custom-select{padding-right:2rem}.input-group>.input-group-prepend>.btn,.input-group>.input-group-prepend>.input-group-text,.input-group>.input-group-append:not(:last-child)>.btn,.input-group>.input-group-append:not(:last-child)>.input-group-text,.input-group>.input-group-append:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group>.input-group-append:last-child>.input-group-text:not(:last-child){border-top-right-radius:0;border-bottom-right-radius:0}.input-group>.input-group-append>.btn,.input-group>.input-group-append>.input-group-text,.input-group>.input-group-prepend:not(:first-child)>.btn,.input-group>.input-group-prepend:not(:first-child)>.input-group-text,.input-group>.input-group-prepend:first-child>.btn:not(:first-child),.input-group>.input-group-prepend:first-child>.input-group-text:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.custom-control{position:relative;display:block;min-height:1.40625rem;padding-left:1.5rem}.custom-control-inline{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;margin-right:1rem}.custom-control-input{position:absolute;left:0;z-index:-1;width:1rem;height:1.203125rem;opacity:0}.custom-control-input:checked ~ .custom-control-label::before{color:#fff;border-color:#3A3F44;background-color:#3A3F44}.custom-control-input:focus ~ .custom-control-label::before{-webkit-box-shadow:0 0 0 0.2rem rgba(58,63,68,0.25);box-shadow:0 0 0 0.2rem rgba(58,63,68,0.25)}.custom-control-input:focus:not(:checked) ~ .custom-control-label::before{border-color:#757f89}.custom-control-input:not(:disabled):active ~ .custom-control-label::before{color:#fff;background-color:#9098a0;border-color:#9098a0}.custom-control-input[disabled] ~ .custom-control-label,.custom-control-input:disabled ~ .custom-control-label{color:#7A8288}.custom-control-input[disabled] ~ .custom-control-label::before,.custom-control-input:disabled ~ .custom-control-label::before{background-color:#ccc}.custom-control-label{position:relative;margin-bottom:0;vertical-align:top}.custom-control-label::before{position:absolute;top:0.203125rem;left:-1.5rem;display:block;width:1rem;height:1rem;pointer-events:none;content:"";background-color:#fff;border:#999 solid 1px}.custom-control-label::after{position:absolute;top:0.203125rem;left:-1.5rem;display:block;width:1rem;height:1rem;content:"";background:no-repeat 50% / 50% 50%}.custom-checkbox .custom-control-label::before{border-radius:0.25rem}.custom-checkbox .custom-control-input:checked ~ .custom-control-label::after{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='8' height='8' viewBox='0 0 8 8'%3e%3cpath fill='%23fff' d='M6.564.75l-3.59 3.612-1.538-1.55L0 4.26l2.974 2.99L8 2.193z'/%3e%3c/svg%3e")}.custom-checkbox .custom-control-input:indeterminate ~ .custom-control-label::before{border-color:#3A3F44;background-color:#3A3F44}.custom-checkbox .custom-control-input:indeterminate ~ .custom-control-label::after{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='4' height='4' viewBox='0 0 4 4'%3e%3cpath stroke='%23fff' d='M0 2h4'/%3e%3c/svg%3e")}.custom-checkbox .custom-control-input:disabled:checked ~ .custom-control-label::before{background-color:rgba(58,63,68,0.5)}.custom-checkbox .custom-control-input:disabled:indeterminate ~ .custom-control-label::before{background-color:rgba(58,63,68,0.5)}.custom-radio .custom-control-label::before{border-radius:50%}.custom-radio .custom-control-input:checked ~ .custom-control-label::after{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' viewBox='-4 -4 8 8'%3e%3ccircle r='3' fill='%23fff'/%3e%3c/svg%3e")}.custom-radio .custom-control-input:disabled:checked ~ .custom-control-label::before{background-color:rgba(58,63,68,0.5)}.custom-switch{padding-left:2.25rem}.custom-switch .custom-control-label::before{left:-2.25rem;width:1.75rem;pointer-events:all;border-radius:0.5rem}.custom-switch .custom-control-label::after{top:calc(0.203125rem + 2px);left:calc(-2.25rem + 2px);width:calc(1rem - 4px);height:calc(1rem - 4px);background-color:#999;border-radius:0.5rem;-webkit-transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-transform 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-transform 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:transform 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;transition:transform 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out, -webkit-transform 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out}@media (prefers-reduced-motion: reduce){.custom-switch .custom-control-label::after{-webkit-transition:none;transition:none}}.custom-switch .custom-control-input:checked ~ .custom-control-label::after{background-color:#fff;-webkit-transform:translateX(0.75rem);transform:translateX(0.75rem)}.custom-switch .custom-control-input:disabled:checked ~ .custom-control-label::before{background-color:rgba(58,63,68,0.5)}.custom-select{display:inline-block;width:100%;height:calc(1.5em + 1.5rem + 2px);padding:0.75rem 2rem 0.75rem 1rem;font-size:0.9375rem;font-weight:400;line-height:1.5;color:#52575C;vertical-align:middle;background:#fff url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='4' height='5' viewBox='0 0 4 5'%3e%3cpath fill='%233A3F44' d='M2 0L0 2h4zm0 5L0 3h4z'/%3e%3c/svg%3e") no-repeat right 1rem center/8px 10px;border:1px solid #ced4da;border-radius:0.25rem;-webkit-appearance:none;-moz-appearance:none;appearance:none}.custom-select:focus{border-color:#757f89;outline:0;-webkit-box-shadow:0 0 0 0.2rem rgba(58,63,68,0.25);box-shadow:0 0 0 0.2rem rgba(58,63,68,0.25)}.custom-select:focus::-ms-value{color:#52575C;background-color:#fff}.custom-select[multiple],.custom-select[size]:not([size="1"]){height:auto;padding-right:1rem;background-image:none}.custom-select:disabled{color:#7A8288;background-color:#e9ecef}.custom-select::-ms-expand{display:none}.custom-select:-moz-focusring{color:transparent;text-shadow:0 0 0 #52575C}.custom-select-sm{height:calc(1.5em + 0.5rem + 2px);padding-top:0.25rem;padding-bottom:0.25rem;padding-left:0.5rem;font-size:0.8203125rem}.custom-select-lg{height:calc(1.5em + 1rem + 2px);padding-top:0.5rem;padding-bottom:0.5rem;padding-left:1rem;font-size:1.171875rem}.custom-file{position:relative;display:inline-block;width:100%;height:calc(1.5em + 1.5rem + 2px);margin-bottom:0}.custom-file-input{position:relative;z-index:2;width:100%;height:calc(1.5em + 1.5rem + 2px);margin:0;opacity:0}.custom-file-input:focus ~ .custom-file-label{border-color:#757f89;-webkit-box-shadow:0 0 0 0.2rem rgba(58,63,68,0.25);box-shadow:0 0 0 0.2rem rgba(58,63,68,0.25)}.custom-file-input[disabled] ~ .custom-file-label,.custom-file-input:disabled ~ .custom-file-label{background-color:#ccc}.custom-file-input:lang(en) ~ .custom-file-label::after{content:"Browse"}.custom-file-input ~ .custom-file-label[data-browse]::after{content:attr(data-browse)}.custom-file-label{position:absolute;top:0;right:0;left:0;z-index:1;height:calc(1.5em + 1.5rem + 2px);padding:0.75rem 1rem;font-weight:400;line-height:1.5;color:#52575C;background-color:#fff;border:1px solid #ced4da;border-radius:0.25rem}.custom-file-label::after{position:absolute;top:0;right:0;bottom:0;z-index:3;display:block;height:calc(1.5em + 1.5rem);padding:0.75rem 1rem;line-height:1.5;color:#52575C;content:"Browse";background-color:#e9ecef;border-left:inherit;border-radius:0 0.25rem 0.25rem 0}.custom-range{width:100%;height:1.4rem;padding:0;background-color:transparent;-webkit-appearance:none;-moz-appearance:none;appearance:none}.custom-range:focus{outline:none}.custom-range:focus::-webkit-slider-thumb{-webkit-box-shadow:0 0 0 1px #272B30,0 0 0 0.2rem rgba(58,63,68,0.25);box-shadow:0 0 0 1px #272B30,0 0 0 0.2rem rgba(58,63,68,0.25)}.custom-range:focus::-moz-range-thumb{box-shadow:0 0 0 1px #272B30,0 0 0 0.2rem rgba(58,63,68,0.25)}.custom-range:focus::-ms-thumb{box-shadow:0 0 0 1px #272B30,0 0 0 0.2rem rgba(58,63,68,0.25)}.custom-range::-moz-focus-outer{border:0}.custom-range::-webkit-slider-thumb{width:1rem;height:1rem;margin-top:-0.25rem;background-color:#3A3F44;border:0;border-radius:1rem;-webkit-transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;-webkit-appearance:none;appearance:none}@media (prefers-reduced-motion: reduce){.custom-range::-webkit-slider-thumb{-webkit-transition:none;transition:none}}.custom-range::-webkit-slider-thumb:active{background-color:#9098a0}.custom-range::-webkit-slider-runnable-track{width:100%;height:0.5rem;color:transparent;cursor:pointer;background-color:#dee2e6;border-color:transparent;border-radius:1rem}.custom-range::-moz-range-thumb{width:1rem;height:1rem;background-color:#3A3F44;border:0;border-radius:1rem;-webkit-transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;-moz-appearance:none;appearance:none}@media (prefers-reduced-motion: reduce){.custom-range::-moz-range-thumb{-webkit-transition:none;transition:none}}.custom-range::-moz-range-thumb:active{background-color:#9098a0}.custom-range::-moz-range-track{width:100%;height:0.5rem;color:transparent;cursor:pointer;background-color:#dee2e6;border-color:transparent;border-radius:1rem}.custom-range::-ms-thumb{width:1rem;height:1rem;margin-top:0;margin-right:0.2rem;margin-left:0.2rem;background-color:#3A3F44;border:0;border-radius:1rem;-webkit-transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;appearance:none}@media (prefers-reduced-motion: reduce){.custom-range::-ms-thumb{-webkit-transition:none;transition:none}}.custom-range::-ms-thumb:active{background-color:#9098a0}.custom-range::-ms-track{width:100%;height:0.5rem;color:transparent;cursor:pointer;background-color:transparent;border-color:transparent;border-width:0.5rem}.custom-range::-ms-fill-lower{background-color:#dee2e6;border-radius:1rem}.custom-range::-ms-fill-upper{margin-right:15px;background-color:#dee2e6;border-radius:1rem}.custom-range:disabled::-webkit-slider-thumb{background-color:#999}.custom-range:disabled::-webkit-slider-runnable-track{cursor:default}.custom-range:disabled::-moz-range-thumb{background-color:#999}.custom-range:disabled::-moz-range-track{cursor:default}.custom-range:disabled::-ms-thumb{background-color:#999}.custom-control-label::before,.custom-file-label,.custom-select{-webkit-transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;transition:background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out}@media (prefers-reduced-motion: reduce){.custom-control-label::before,.custom-file-label,.custom-select{-webkit-transition:none;transition:none}}.nav{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;padding-left:0;margin-bottom:0;list-style:none}.nav-link{display:block;padding:0.5rem 1rem}.nav-link:hover,.nav-link:focus{text-decoration:none}.nav-link.disabled{color:#7A8288;pointer-events:none;cursor:default}.nav-tabs{border-bottom:1px solid rgba(0,0,0,0.6)}.nav-tabs .nav-item{margin-bottom:-1px}.nav-tabs .nav-link{border:1px solid transparent;border-top-left-radius:0.25rem;border-top-right-radius:0.25rem}.nav-tabs .nav-link:hover,.nav-tabs .nav-link:focus{border-color:rgba(0,0,0,0.6)}.nav-tabs .nav-link.disabled{color:#7A8288;background-color:transparent;border-color:transparent}.nav-tabs .nav-link.active,.nav-tabs .nav-item.show .nav-link{color:#fff;background-color:#272B30;border-color:rgba(0,0,0,0.6)}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-left-radius:0;border-top-right-radius:0}.nav-pills .nav-link{border-radius:0.25rem}.nav-pills .nav-link.active,.nav-pills .show>.nav-link{color:#fff;background-color:#3A3F44}.nav-fill .nav-item{-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;text-align:center}.nav-justified .nav-item{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;text-align:center}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.navbar{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;padding:0 1rem}.navbar .container,.navbar .container-fluid,.navbar .container-sm,.navbar .container-md,.navbar .container-lg,.navbar .container-xl{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between}.navbar-brand{display:inline-block;padding-top:0.32421875rem;padding-bottom:0.32421875rem;margin-right:1rem;font-size:1.171875rem;line-height:inherit;white-space:nowrap}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}.navbar-nav{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;padding-left:0;margin-bottom:0;list-style:none}.navbar-nav .nav-link{padding-right:0;padding-left:0}.navbar-nav .dropdown-menu{position:static;float:none}.navbar-text{display:inline-block;padding-top:0.5rem;padding-bottom:0.5rem}.navbar-collapse{-ms-flex-preferred-size:100%;flex-basis:100%;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.navbar-toggler{padding:0.25rem 0.75rem;font-size:1.171875rem;line-height:1;background-color:transparent;border:1px solid transparent;border-radius:0.25rem}.navbar-toggler:hover,.navbar-toggler:focus{text-decoration:none}.navbar-toggler-icon{display:inline-block;width:1.5em;height:1.5em;vertical-align:middle;content:"";background:no-repeat center center;background-size:100% 100%}@media (max-width: 575.98px){.navbar-expand-sm>.container,.navbar-expand-sm>.container-fluid,.navbar-expand-sm>.container-sm,.navbar-expand-sm>.container-md,.navbar-expand-sm>.container-lg,.navbar-expand-sm>.container-xl{padding-right:0;padding-left:0}}@media (min-width: 576px){.navbar-expand-sm{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-sm .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.navbar-expand-sm .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-sm .navbar-nav .nav-link{padding-right:0.5rem;padding-left:0.5rem}.navbar-expand-sm>.container,.navbar-expand-sm>.container-fluid,.navbar-expand-sm>.container-sm,.navbar-expand-sm>.container-md,.navbar-expand-sm>.container-lg,.navbar-expand-sm>.container-xl{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-sm .navbar-collapse{display:-webkit-box !important;display:-ms-flexbox !important;display:flex !important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-sm .navbar-toggler{display:none}}@media (max-width: 767.98px){.navbar-expand-md>.container,.navbar-expand-md>.container-fluid,.navbar-expand-md>.container-sm,.navbar-expand-md>.container-md,.navbar-expand-md>.container-lg,.navbar-expand-md>.container-xl{padding-right:0;padding-left:0}}@media (min-width: 768px){.navbar-expand-md{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-md .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.navbar-expand-md .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-md .navbar-nav .nav-link{padding-right:0.5rem;padding-left:0.5rem}.navbar-expand-md>.container,.navbar-expand-md>.container-fluid,.navbar-expand-md>.container-sm,.navbar-expand-md>.container-md,.navbar-expand-md>.container-lg,.navbar-expand-md>.container-xl{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-md .navbar-collapse{display:-webkit-box !important;display:-ms-flexbox !important;display:flex !important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-md .navbar-toggler{display:none}}@media (max-width: 991.98px){.navbar-expand-lg>.container,.navbar-expand-lg>.container-fluid,.navbar-expand-lg>.container-sm,.navbar-expand-lg>.container-md,.navbar-expand-lg>.container-lg,.navbar-expand-lg>.container-xl{padding-right:0;padding-left:0}}@media (min-width: 992px){.navbar-expand-lg{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-lg .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.navbar-expand-lg .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-lg .navbar-nav .nav-link{padding-right:0.5rem;padding-left:0.5rem}.navbar-expand-lg>.container,.navbar-expand-lg>.container-fluid,.navbar-expand-lg>.container-sm,.navbar-expand-lg>.container-md,.navbar-expand-lg>.container-lg,.navbar-expand-lg>.container-xl{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-lg .navbar-collapse{display:-webkit-box !important;display:-ms-flexbox !important;display:flex !important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-lg .navbar-toggler{display:none}}@media (max-width: 1199.98px){.navbar-expand-xl>.container,.navbar-expand-xl>.container-fluid,.navbar-expand-xl>.container-sm,.navbar-expand-xl>.container-md,.navbar-expand-xl>.container-lg,.navbar-expand-xl>.container-xl{padding-right:0;padding-left:0}}@media (min-width: 1200px){.navbar-expand-xl{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-xl .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.navbar-expand-xl .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-xl .navbar-nav .nav-link{padding-right:0.5rem;padding-left:0.5rem}.navbar-expand-xl>.container,.navbar-expand-xl>.container-fluid,.navbar-expand-xl>.container-sm,.navbar-expand-xl>.container-md,.navbar-expand-xl>.container-lg,.navbar-expand-xl>.container-xl{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-xl .navbar-collapse{display:-webkit-box !important;display:-ms-flexbox !important;display:flex !important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-xl .navbar-toggler{display:none}}.navbar-expand{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand>.container,.navbar-expand>.container-fluid,.navbar-expand>.container-sm,.navbar-expand>.container-md,.navbar-expand>.container-lg,.navbar-expand>.container-xl{padding-right:0;padding-left:0}.navbar-expand .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.navbar-expand .navbar-nav .dropdown-menu{position:absolute}.navbar-expand .navbar-nav .nav-link{padding-right:0.5rem;padding-left:0.5rem}.navbar-expand>.container,.navbar-expand>.container-fluid,.navbar-expand>.container-sm,.navbar-expand>.container-md,.navbar-expand>.container-lg,.navbar-expand>.container-xl{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand .navbar-collapse{display:-webkit-box !important;display:-ms-flexbox !important;display:flex !important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand .navbar-toggler{display:none}.navbar-light .navbar-brand{color:#3A3F44}.navbar-light .navbar-brand:hover,.navbar-light .navbar-brand:focus{color:#3A3F44}.navbar-light .navbar-nav .nav-link{color:rgba(0,0,0,0.5)}.navbar-light .navbar-nav .nav-link:hover,.navbar-light .navbar-nav .nav-link:focus{color:#3A3F44}.navbar-light .navbar-nav .nav-link.disabled{color:rgba(0,0,0,0.3)}.navbar-light .navbar-nav .show>.nav-link,.navbar-light .navbar-nav .active>.nav-link,.navbar-light .navbar-nav .nav-link.show,.navbar-light .navbar-nav .nav-link.active{color:#3A3F44}.navbar-light .navbar-toggler{color:rgba(0,0,0,0.5);border-color:rgba(0,0,0,0.1)}.navbar-light .navbar-toggler-icon{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='30' height='30' viewBox='0 0 30 30'%3e%3cpath stroke='rgba(0, 0, 0, 0.5)' stroke-linecap='round' stroke-miterlimit='10' stroke-width='2' d='M4 7h22M4 15h22M4 23h22'/%3e%3c/svg%3e")}.navbar-light .navbar-text{color:rgba(0,0,0,0.5)}.navbar-light .navbar-text a{color:#3A3F44}.navbar-light .navbar-text a:hover,.navbar-light .navbar-text a:focus{color:#3A3F44}.navbar-dark .navbar-brand{color:#fff}.navbar-dark .navbar-brand:hover,.navbar-dark .navbar-brand:focus{color:#fff}.navbar-dark .navbar-nav .nav-link{color:rgba(255,255,255,0.5)}.navbar-dark .navbar-nav .nav-link:hover,.navbar-dark .navbar-nav .nav-link:focus{color:#fff}.navbar-dark .navbar-nav .nav-link.disabled{color:rgba(255,255,255,0.25)}.navbar-dark .navbar-nav .show>.nav-link,.navbar-dark .navbar-nav .active>.nav-link,.navbar-dark .navbar-nav .nav-link.show,.navbar-dark .navbar-nav .nav-link.active{color:#fff}.navbar-dark .navbar-toggler{color:rgba(255,255,255,0.5);border-color:rgba(255,255,255,0.1)}.navbar-dark .navbar-toggler-icon{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='30' height='30' viewBox='0 0 30 30'%3e%3cpath stroke='rgba(255, 255, 255, 0.5)' stroke-linecap='round' stroke-miterlimit='10' stroke-width='2' d='M4 7h22M4 15h22M4 23h22'/%3e%3c/svg%3e")}.navbar-dark .navbar-text{color:rgba(255,255,255,0.5)}.navbar-dark .navbar-text a{color:#fff}.navbar-dark .navbar-text a:hover,.navbar-dark .navbar-text a:focus{color:#fff}.card{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;min-width:0;word-wrap:break-word;background-color:#32383e;background-clip:border-box;border:1px solid rgba(0,0,0,0.6);border-radius:0.25rem}.card>hr{margin-right:0;margin-left:0}.card>.list-group:first-child .list-group-item:first-child{border-top-left-radius:0.25rem;border-top-right-radius:0.25rem}.card>.list-group:last-child .list-group-item:last-child{border-bottom-right-radius:0.25rem;border-bottom-left-radius:0.25rem}.card-body{-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;min-height:1px;padding:1.25rem}.card-title{margin-bottom:0.75rem}.card-subtitle{margin-top:-0.375rem;margin-bottom:0}.card-text:last-child{margin-bottom:0}.card-link:hover{text-decoration:none}.card-link+.card-link{margin-left:1.25rem}.card-header{padding:0.75rem 1.25rem;margin-bottom:0;background-color:#515960;border-bottom:1px solid rgba(0,0,0,0.6)}.card-header:first-child{border-radius:calc(0.25rem - 1px) calc(0.25rem - 1px) 0 0}.card-header+.list-group .list-group-item:first-child{border-top:0}.card-footer{padding:0.75rem 1.25rem;background-color:#515960;border-top:1px solid rgba(0,0,0,0.6)}.card-footer:last-child{border-radius:0 0 calc(0.25rem - 1px) calc(0.25rem - 1px)}.card-header-tabs{margin-right:-0.625rem;margin-bottom:-0.75rem;margin-left:-0.625rem;border-bottom:0}.card-header-pills{margin-right:-0.625rem;margin-left:-0.625rem}.card-img-overlay{position:absolute;top:0;right:0;bottom:0;left:0;padding:1.25rem}.card-img,.card-img-top,.card-img-bottom{-ms-flex-negative:0;flex-shrink:0;width:100%}.card-img,.card-img-top{border-top-left-radius:calc(0.25rem - 1px);border-top-right-radius:calc(0.25rem - 1px)}.card-img,.card-img-bottom{border-bottom-right-radius:calc(0.25rem - 1px);border-bottom-left-radius:calc(0.25rem - 1px)}.card-deck .card{margin-bottom:15px}@media (min-width: 576px){.card-deck{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap;margin-right:-15px;margin-left:-15px}.card-deck .card{-webkit-box-flex:1;-ms-flex:1 0 0%;flex:1 0 0%;margin-right:15px;margin-bottom:0;margin-left:15px}}.card-group>.card{margin-bottom:15px}@media (min-width: 576px){.card-group{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap}.card-group>.card{-webkit-box-flex:1;-ms-flex:1 0 0%;flex:1 0 0%;margin-bottom:0}.card-group>.card+.card{margin-left:0;border-left:0}.card-group>.card:not(:last-child){border-top-right-radius:0;border-bottom-right-radius:0}.card-group>.card:not(:last-child) .card-img-top,.card-group>.card:not(:last-child) .card-header{border-top-right-radius:0}.card-group>.card:not(:last-child) .card-img-bottom,.card-group>.card:not(:last-child) .card-footer{border-bottom-right-radius:0}.card-group>.card:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.card-group>.card:not(:first-child) .card-img-top,.card-group>.card:not(:first-child) .card-header{border-top-left-radius:0}.card-group>.card:not(:first-child) .card-img-bottom,.card-group>.card:not(:first-child) .card-footer{border-bottom-left-radius:0}}.card-columns .card{margin-bottom:0.75rem}@media (min-width: 576px){.card-columns{-webkit-column-count:3;column-count:3;-webkit-column-gap:1.25rem;column-gap:1.25rem;orphans:1;widows:1}.card-columns .card{display:inline-block;width:100%}}.accordion>.card{overflow:hidden}.accordion>.card:not(:last-of-type){border-bottom:0;border-bottom-right-radius:0;border-bottom-left-radius:0}.accordion>.card:not(:first-of-type){border-top-left-radius:0;border-top-right-radius:0}.accordion>.card>.card-header{border-radius:0;margin-bottom:-1px}.breadcrumb{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;padding:0.75rem 1rem;margin-bottom:1rem;list-style:none;background-color:#e9ecef;border-radius:0.25rem}.breadcrumb-item+.breadcrumb-item{padding-left:0.5rem}.breadcrumb-item+.breadcrumb-item::before{display:inline-block;padding-right:0.5rem;color:#7A8288;content:"/"}.breadcrumb-item+.breadcrumb-item:hover::before{text-decoration:underline}.breadcrumb-item+.breadcrumb-item:hover::before{text-decoration:none}.breadcrumb-item.active{color:#999}.pagination{display:-webkit-box;display:-ms-flexbox;display:flex;padding-left:0;list-style:none;border-radius:0.25rem}.page-link{position:relative;display:block;padding:0.5rem 0.75rem;margin-left:-1px;line-height:1.25;color:#fff;background-color:transparent;border:1px solid rgba(0,0,0,0.6)}.page-link:hover{z-index:2;color:#fff;text-decoration:none;background-color:transparent;border-color:rgba(0,0,0,0.6)}.page-link:focus{z-index:3;outline:0;-webkit-box-shadow:0 0 0 0.2rem rgba(58,63,68,0.25);box-shadow:0 0 0 0.2rem rgba(58,63,68,0.25)}.page-item:first-child .page-link{margin-left:0;border-top-left-radius:0.25rem;border-bottom-left-radius:0.25rem}.page-item:last-child .page-link{border-top-right-radius:0.25rem;border-bottom-right-radius:0.25rem}.page-item.active .page-link{z-index:3;color:#fff;background-color:transparent;border-color:rgba(0,0,0,0.6)}.page-item.disabled .page-link{color:#7A8288;pointer-events:none;cursor:auto;background-color:transparent;border-color:rgba(0,0,0,0.6)}.pagination-lg .page-link{padding:0.75rem 1.5rem;font-size:1.171875rem;line-height:1.5}.pagination-lg .page-item:first-child .page-link{border-top-left-radius:0.3rem;border-bottom-left-radius:0.3rem}.pagination-lg .page-item:last-child .page-link{border-top-right-radius:0.3rem;border-bottom-right-radius:0.3rem}.pagination-sm .page-link{padding:0.25rem 0.5rem;font-size:0.8203125rem;line-height:1.5}.pagination-sm .page-item:first-child .page-link{border-top-left-radius:0.2rem;border-bottom-left-radius:0.2rem}.pagination-sm .page-item:last-child .page-link{border-top-right-radius:0.2rem;border-bottom-right-radius:0.2rem}.badge{display:inline-block;padding:0.25em 0.4em;font-size:75%;font-weight:700;line-height:1;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:0.25rem;-webkit-transition:color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;transition:color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;transition:color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out}@media (prefers-reduced-motion: reduce){.badge{-webkit-transition:none;transition:none}}a.badge:hover,a.badge:focus{text-decoration:none}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.badge-pill{padding-right:0.6em;padding-left:0.6em;border-radius:10rem}.badge-primary{color:#fff;background-color:#3A3F44}a.badge-primary:hover,a.badge-primary:focus{color:#fff;background-color:#232628}a.badge-primary:focus,a.badge-primary.focus{outline:0;-webkit-box-shadow:0 0 0 0.2rem rgba(58,63,68,0.5);box-shadow:0 0 0 0.2rem rgba(58,63,68,0.5)}.badge-secondary{color:#fff;background-color:#7A8288}a.badge-secondary:hover,a.badge-secondary:focus{color:#fff;background-color:#62686d}a.badge-secondary:focus,a.badge-secondary.focus{outline:0;-webkit-box-shadow:0 0 0 0.2rem rgba(122,130,136,0.5);box-shadow:0 0 0 0.2rem rgba(122,130,136,0.5)}.badge-success{color:#fff;background-color:#62c462}a.badge-success:hover,a.badge-success:focus{color:#fff;background-color:#42b142}a.badge-success:focus,a.badge-success.focus{outline:0;-webkit-box-shadow:0 0 0 0.2rem rgba(98,196,98,0.5);box-shadow:0 0 0 0.2rem rgba(98,196,98,0.5)}.badge-info{color:#fff;background-color:#5bc0de}a.badge-info:hover,a.badge-info:focus{color:#fff;background-color:#31b0d5}a.badge-info:focus,a.badge-info.focus{outline:0;-webkit-box-shadow:0 0 0 0.2rem rgba(91,192,222,0.5);box-shadow:0 0 0 0.2rem rgba(91,192,222,0.5)}.badge-warning{color:#fff;background-color:#f89406}a.badge-warning:hover,a.badge-warning:focus{color:#fff;background-color:#c67605}a.badge-warning:focus,a.badge-warning.focus{outline:0;-webkit-box-shadow:0 0 0 0.2rem rgba(248,148,6,0.5);box-shadow:0 0 0 0.2rem rgba(248,148,6,0.5)}.badge-danger{color:#fff;background-color:#ee5f5b}a.badge-danger:hover,a.badge-danger:focus{color:#fff;background-color:#e9322d}a.badge-danger:focus,a.badge-danger.focus{outline:0;-webkit-box-shadow:0 0 0 0.2rem rgba(238,95,91,0.5);box-shadow:0 0 0 0.2rem rgba(238,95,91,0.5)}.badge-light{color:#272B30;background-color:#e9ecef}a.badge-light:hover,a.badge-light:focus{color:#272B30;background-color:#cbd3da}a.badge-light:focus,a.badge-light.focus{outline:0;-webkit-box-shadow:0 0 0 0.2rem rgba(233,236,239,0.5);box-shadow:0 0 0 0.2rem rgba(233,236,239,0.5)}.badge-dark{color:#fff;background-color:#272B30}a.badge-dark:hover,a.badge-dark:focus{color:#fff;background-color:#101214}a.badge-dark:focus,a.badge-dark.focus{outline:0;-webkit-box-shadow:0 0 0 0.2rem rgba(39,43,48,0.5);box-shadow:0 0 0 0.2rem rgba(39,43,48,0.5)}.jumbotron{padding:2rem 1rem;margin-bottom:2rem;background-color:#1c1e22;border-radius:0.3rem}@media (min-width: 576px){.jumbotron{padding:4rem 2rem}}.jumbotron-fluid{padding-right:0;padding-left:0;border-radius:0}.alert{position:relative;padding:0.75rem 1.25rem;margin-bottom:1rem;border:1px solid transparent;border-radius:0.25rem}.alert-heading{color:inherit}.alert-link{font-weight:700}.alert-dismissible{padding-right:3.90625rem}.alert-dismissible .close{position:absolute;top:0;right:0;padding:0.75rem 1.25rem;color:inherit}.alert-primary{color:#1e2123;background-color:#d8d9da;border-color:#c8c9cb}.alert-primary hr{border-top-color:#bbbcbf}.alert-primary .alert-link{color:#060708}.alert-secondary{color:#3f4447;background-color:#e4e6e7;border-color:#dadcde}.alert-secondary hr{border-top-color:#cdcfd2}.alert-secondary .alert-link{color:#272a2c}.alert-success{color:#336633;background-color:#e0f3e0;border-color:#d3eed3}.alert-success hr{border-top-color:#c1e7c1}.alert-success .alert-link{color:#224422}.alert-info{color:#2f6473;background-color:#def2f8;border-color:#d1edf6}.alert-info hr{border-top-color:#bce5f2}.alert-info .alert-link{color:#20454f}.alert-warning{color:#814d03;background-color:#feeacd;border-color:#fde1b9}.alert-warning hr{border-top-color:#fcd6a0}.alert-warning .alert-link{color:#4f2f02}.alert-danger{color:#7c312f;background-color:#fcdfde;border-color:#fad2d1}.alert-danger hr{border-top-color:#f8bcba}.alert-danger .alert-link{color:#572221}.alert-light{color:#797b7c;background-color:#fbfbfc;border-color:#f9fafb}.alert-light hr{border-top-color:#eaedf1}.alert-light .alert-link{color:#606162}.alert-dark{color:#141619;background-color:#d4d5d6;border-color:#c3c4c5}.alert-dark hr{border-top-color:#b6b7b8}.alert-dark .alert-link{color:black}@-webkit-keyframes progress-bar-stripes{from{background-position:1rem 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:1rem 0}to{background-position:0 0}}.progress{display:-webkit-box;display:-ms-flexbox;display:flex;height:1rem;overflow:hidden;font-size:0.703125rem;background-color:#1c1e22;border-radius:0.25rem}.progress-bar{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;overflow:hidden;color:#7A8288;text-align:center;white-space:nowrap;background-color:#3A3F44;-webkit-transition:width 0.6s ease;transition:width 0.6s ease}@media (prefers-reduced-motion: reduce){.progress-bar{-webkit-transition:none;transition:none}}.progress-bar-striped{background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-size:1rem 1rem}.progress-bar-animated{-webkit-animation:progress-bar-stripes 1s linear infinite;animation:progress-bar-stripes 1s linear infinite}@media (prefers-reduced-motion: reduce){.progress-bar-animated{-webkit-animation:none;animation:none}}.media{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start}.media-body{-webkit-box-flex:1;-ms-flex:1;flex:1}.list-group{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;padding-left:0;margin-bottom:0}.list-group-item-action{width:100%;color:#fff;text-align:inherit}.list-group-item-action:hover,.list-group-item-action:focus{z-index:1;color:#fff;text-decoration:none;background-color:#3e444c}.list-group-item-action:active{color:#aaa;background-color:#e9ecef}.list-group-item{position:relative;display:block;padding:0.75rem 1.25rem;background-color:#32383e;border:1px solid rgba(0,0,0,0.6)}.list-group-item:first-child{border-top-left-radius:0.25rem;border-top-right-radius:0.25rem}.list-group-item:last-child{border-bottom-right-radius:0.25rem;border-bottom-left-radius:0.25rem}.list-group-item.disabled,.list-group-item:disabled{color:#52575C;pointer-events:none;background-color:#32383e}.list-group-item.active{z-index:2;color:#fff;background-color:#3e444c;border-color:rgba(0,0,0,0.6)}.list-group-item+.list-group-item{border-top-width:0}.list-group-item+.list-group-item.active{margin-top:-1px;border-top-width:1px}.list-group-horizontal{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal .list-group-item:first-child{border-bottom-left-radius:0.25rem;border-top-right-radius:0}.list-group-horizontal .list-group-item:last-child{border-top-right-radius:0.25rem;border-bottom-left-radius:0}.list-group-horizontal .list-group-item.active{margin-top:0}.list-group-horizontal .list-group-item+.list-group-item{border-top-width:1px;border-left-width:0}.list-group-horizontal .list-group-item+.list-group-item.active{margin-left:-1px;border-left-width:1px}@media (min-width: 576px){.list-group-horizontal-sm{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal-sm .list-group-item:first-child{border-bottom-left-radius:0.25rem;border-top-right-radius:0}.list-group-horizontal-sm .list-group-item:last-child{border-top-right-radius:0.25rem;border-bottom-left-radius:0}.list-group-horizontal-sm .list-group-item.active{margin-top:0}.list-group-horizontal-sm .list-group-item+.list-group-item{border-top-width:1px;border-left-width:0}.list-group-horizontal-sm .list-group-item+.list-group-item.active{margin-left:-1px;border-left-width:1px}}@media (min-width: 768px){.list-group-horizontal-md{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal-md .list-group-item:first-child{border-bottom-left-radius:0.25rem;border-top-right-radius:0}.list-group-horizontal-md .list-group-item:last-child{border-top-right-radius:0.25rem;border-bottom-left-radius:0}.list-group-horizontal-md .list-group-item.active{margin-top:0}.list-group-horizontal-md .list-group-item+.list-group-item{border-top-width:1px;border-left-width:0}.list-group-horizontal-md .list-group-item+.list-group-item.active{margin-left:-1px;border-left-width:1px}}@media (min-width: 992px){.list-group-horizontal-lg{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal-lg .list-group-item:first-child{border-bottom-left-radius:0.25rem;border-top-right-radius:0}.list-group-horizontal-lg .list-group-item:last-child{border-top-right-radius:0.25rem;border-bottom-left-radius:0}.list-group-horizontal-lg .list-group-item.active{margin-top:0}.list-group-horizontal-lg .list-group-item+.list-group-item{border-top-width:1px;border-left-width:0}.list-group-horizontal-lg .list-group-item+.list-group-item.active{margin-left:-1px;border-left-width:1px}}@media (min-width: 1200px){.list-group-horizontal-xl{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal-xl .list-group-item:first-child{border-bottom-left-radius:0.25rem;border-top-right-radius:0}.list-group-horizontal-xl .list-group-item:last-child{border-top-right-radius:0.25rem;border-bottom-left-radius:0}.list-group-horizontal-xl .list-group-item.active{margin-top:0}.list-group-horizontal-xl .list-group-item+.list-group-item{border-top-width:1px;border-left-width:0}.list-group-horizontal-xl .list-group-item+.list-group-item.active{margin-left:-1px;border-left-width:1px}}.list-group-flush .list-group-item{border-right-width:0;border-left-width:0;border-radius:0}.list-group-flush .list-group-item:first-child{border-top-width:0}.list-group-flush:last-child .list-group-item:last-child{border-bottom-width:0}.list-group-item-primary{color:#1e2123;background-color:#c8c9cb}.list-group-item-primary.list-group-item-action:hover,.list-group-item-primary.list-group-item-action:focus{color:#1e2123;background-color:#bbbcbf}.list-group-item-primary.list-group-item-action.active{color:#fff;background-color:#1e2123;border-color:#1e2123}.list-group-item-secondary{color:#3f4447;background-color:#dadcde}.list-group-item-secondary.list-group-item-action:hover,.list-group-item-secondary.list-group-item-action:focus{color:#3f4447;background-color:#cdcfd2}.list-group-item-secondary.list-group-item-action.active{color:#fff;background-color:#3f4447;border-color:#3f4447}.list-group-item-success{color:#336633;background-color:#d3eed3}.list-group-item-success.list-group-item-action:hover,.list-group-item-success.list-group-item-action:focus{color:#336633;background-color:#c1e7c1}.list-group-item-success.list-group-item-action.active{color:#fff;background-color:#336633;border-color:#336633}.list-group-item-info{color:#2f6473;background-color:#d1edf6}.list-group-item-info.list-group-item-action:hover,.list-group-item-info.list-group-item-action:focus{color:#2f6473;background-color:#bce5f2}.list-group-item-info.list-group-item-action.active{color:#fff;background-color:#2f6473;border-color:#2f6473}.list-group-item-warning{color:#814d03;background-color:#fde1b9}.list-group-item-warning.list-group-item-action:hover,.list-group-item-warning.list-group-item-action:focus{color:#814d03;background-color:#fcd6a0}.list-group-item-warning.list-group-item-action.active{color:#fff;background-color:#814d03;border-color:#814d03}.list-group-item-danger{color:#7c312f;background-color:#fad2d1}.list-group-item-danger.list-group-item-action:hover,.list-group-item-danger.list-group-item-action:focus{color:#7c312f;background-color:#f8bcba}.list-group-item-danger.list-group-item-action.active{color:#fff;background-color:#7c312f;border-color:#7c312f}.list-group-item-light{color:#797b7c;background-color:#f9fafb}.list-group-item-light.list-group-item-action:hover,.list-group-item-light.list-group-item-action:focus{color:#797b7c;background-color:#eaedf1}.list-group-item-light.list-group-item-action.active{color:#fff;background-color:#797b7c;border-color:#797b7c}.list-group-item-dark{color:#141619;background-color:#c3c4c5}.list-group-item-dark.list-group-item-action:hover,.list-group-item-dark.list-group-item-action:focus{color:#141619;background-color:#b6b7b8}.list-group-item-dark.list-group-item-action.active{color:#fff;background-color:#141619;border-color:#141619}.close{float:right;font-size:1.40625rem;font-weight:700;line-height:1;color:#000;text-shadow:0 1px 0 #fff;opacity:.5}.close:hover{color:#000;text-decoration:none}.close:not(:disabled):not(.disabled):hover,.close:not(:disabled):not(.disabled):focus{opacity:.75}button.close{padding:0;background-color:transparent;border:0;-webkit-appearance:none;-moz-appearance:none;appearance:none}a.close.disabled{pointer-events:none}.toast{max-width:350px;overflow:hidden;font-size:0.875rem;background-color:#32383e;background-clip:padding-box;border:1px solid rgba(0,0,0,0.2);-webkit-box-shadow:0 0.25rem 0.75rem rgba(0,0,0,0.1);box-shadow:0 0.25rem 0.75rem rgba(0,0,0,0.1);-webkit-backdrop-filter:blur(10px);backdrop-filter:blur(10px);opacity:0;border-radius:0.25rem}.toast:not(:last-child){margin-bottom:0.75rem}.toast.showing{opacity:1}.toast.show{display:block;opacity:1}.toast.hide{display:none}.toast-header{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;padding:0.25rem 0.75rem;color:#aaa;background-color:#32383e;background-clip:padding-box;border-bottom:1px solid rgba(0,0,0,0.2)}.toast-body{padding:0.75rem}.modal-open{overflow:hidden}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal{position:fixed;top:0;left:0;z-index:1050;display:none;width:100%;height:100%;overflow:hidden;outline:0}.modal-dialog{position:relative;width:auto;margin:0.5rem;pointer-events:none}.modal.fade .modal-dialog{-webkit-transition:-webkit-transform 0.3s ease-out;transition:-webkit-transform 0.3s ease-out;transition:transform 0.3s ease-out;transition:transform 0.3s ease-out, -webkit-transform 0.3s ease-out;-webkit-transform:translate(0, -50px);transform:translate(0, -50px)}@media (prefers-reduced-motion: reduce){.modal.fade .modal-dialog{-webkit-transition:none;transition:none}}.modal.show .modal-dialog{-webkit-transform:none;transform:none}.modal.modal-static .modal-dialog{-webkit-transform:scale(1.02);transform:scale(1.02)}.modal-dialog-scrollable{display:-webkit-box;display:-ms-flexbox;display:flex;max-height:calc(100% - 1rem)}.modal-dialog-scrollable .modal-content{max-height:calc(100vh - 1rem);overflow:hidden}.modal-dialog-scrollable .modal-header,.modal-dialog-scrollable .modal-footer{-ms-flex-negative:0;flex-shrink:0}.modal-dialog-scrollable .modal-body{overflow-y:auto}.modal-dialog-centered{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;min-height:calc(100% - 1rem)}.modal-dialog-centered::before{display:block;height:calc(100vh - 1rem);content:""}.modal-dialog-centered.modal-dialog-scrollable{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;height:100%}.modal-dialog-centered.modal-dialog-scrollable .modal-content{max-height:none}.modal-dialog-centered.modal-dialog-scrollable::before{content:none}.modal-content{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;width:100%;pointer-events:auto;background-color:#32383e;background-clip:padding-box;border:1px solid rgba(0,0,0,0.2);border-radius:0.3rem;outline:0}.modal-backdrop{position:fixed;top:0;left:0;z-index:1040;width:100vw;height:100vh;background-color:#000}.modal-backdrop.fade{opacity:0}.modal-backdrop.show{opacity:0.5}.modal-header{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;padding:1rem 1rem;border-bottom:1px solid rgba(0,0,0,0.2);border-top-left-radius:calc(0.3rem - 1px);border-top-right-radius:calc(0.3rem - 1px)}.modal-header .close{padding:1rem 1rem;margin:-1rem -1rem -1rem auto}.modal-title{margin-bottom:0;line-height:1.5}.modal-body{position:relative;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;padding:1rem}.modal-footer{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:end;-ms-flex-pack:end;justify-content:flex-end;padding:0.75rem;border-top:1px solid rgba(0,0,0,0.2);border-bottom-right-radius:calc(0.3rem - 1px);border-bottom-left-radius:calc(0.3rem - 1px)}.modal-footer>*{margin:0.25rem}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width: 576px){.modal-dialog{max-width:500px;margin:1.75rem auto}.modal-dialog-scrollable{max-height:calc(100% - 3.5rem)}.modal-dialog-scrollable .modal-content{max-height:calc(100vh - 3.5rem)}.modal-dialog-centered{min-height:calc(100% - 3.5rem)}.modal-dialog-centered::before{height:calc(100vh - 3.5rem)}.modal-sm{max-width:300px}}@media (min-width: 992px){.modal-lg,.modal-xl{max-width:800px}}@media (min-width: 1200px){.modal-xl{max-width:1140px}}.tooltip{position:absolute;z-index:1070;display:block;margin:0;font-family:-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";font-style:normal;font-weight:400;line-height:1.5;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;white-space:normal;line-break:auto;font-size:0.8203125rem;word-wrap:break-word;opacity:0}.tooltip.show{opacity:0.9}.tooltip .arrow{position:absolute;display:block;width:0.8rem;height:0.4rem}.tooltip .arrow::before{position:absolute;content:"";border-color:transparent;border-style:solid}.bs-tooltip-top,.bs-tooltip-auto[x-placement^="top"]{padding:0.4rem 0}.bs-tooltip-top .arrow,.bs-tooltip-auto[x-placement^="top"] .arrow{bottom:0}.bs-tooltip-top .arrow::before,.bs-tooltip-auto[x-placement^="top"] .arrow::before{top:0;border-width:0.4rem 0.4rem 0;border-top-color:#000}.bs-tooltip-right,.bs-tooltip-auto[x-placement^="right"]{padding:0 0.4rem}.bs-tooltip-right .arrow,.bs-tooltip-auto[x-placement^="right"] .arrow{left:0;width:0.4rem;height:0.8rem}.bs-tooltip-right .arrow::before,.bs-tooltip-auto[x-placement^="right"] .arrow::before{right:0;border-width:0.4rem 0.4rem 0.4rem 0;border-right-color:#000}.bs-tooltip-bottom,.bs-tooltip-auto[x-placement^="bottom"]{padding:0.4rem 0}.bs-tooltip-bottom .arrow,.bs-tooltip-auto[x-placement^="bottom"] .arrow{top:0}.bs-tooltip-bottom .arrow::before,.bs-tooltip-auto[x-placement^="bottom"] .arrow::before{bottom:0;border-width:0 0.4rem 0.4rem;border-bottom-color:#000}.bs-tooltip-left,.bs-tooltip-auto[x-placement^="left"]{padding:0 0.4rem}.bs-tooltip-left .arrow,.bs-tooltip-auto[x-placement^="left"] .arrow{right:0;width:0.4rem;height:0.8rem}.bs-tooltip-left .arrow::before,.bs-tooltip-auto[x-placement^="left"] .arrow::before{left:0;border-width:0.4rem 0 0.4rem 0.4rem;border-left-color:#000}.tooltip-inner{max-width:200px;padding:0.25rem 0.5rem;color:#fff;text-align:center;background-color:#000;border-radius:0.25rem}.popover{position:absolute;top:0;left:0;z-index:1060;display:block;max-width:276px;font-family:-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";font-style:normal;font-weight:400;line-height:1.5;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;white-space:normal;line-break:auto;font-size:0.8203125rem;word-wrap:break-word;background-color:#32383e;background-clip:padding-box;border:1px solid rgba(0,0,0,0.2);border-radius:0.3rem}.popover .arrow{position:absolute;display:block;width:1rem;height:0.5rem;margin:0 0.3rem}.popover .arrow::before,.popover .arrow::after{position:absolute;display:block;content:"";border-color:transparent;border-style:solid}.bs-popover-top,.bs-popover-auto[x-placement^="top"]{margin-bottom:0.5rem}.bs-popover-top>.arrow,.bs-popover-auto[x-placement^="top"]>.arrow{bottom:calc(-0.5rem - 1px)}.bs-popover-top>.arrow::before,.bs-popover-auto[x-placement^="top"]>.arrow::before{bottom:0;border-width:0.5rem 0.5rem 0;border-top-color:rgba(0,0,0,0.25)}.bs-popover-top>.arrow::after,.bs-popover-auto[x-placement^="top"]>.arrow::after{bottom:1px;border-width:0.5rem 0.5rem 0;border-top-color:#32383e}.bs-popover-right,.bs-popover-auto[x-placement^="right"]{margin-left:0.5rem}.bs-popover-right>.arrow,.bs-popover-auto[x-placement^="right"]>.arrow{left:calc(-0.5rem - 1px);width:0.5rem;height:1rem;margin:0.3rem 0}.bs-popover-right>.arrow::before,.bs-popover-auto[x-placement^="right"]>.arrow::before{left:0;border-width:0.5rem 0.5rem 0.5rem 0;border-right-color:rgba(0,0,0,0.25)}.bs-popover-right>.arrow::after,.bs-popover-auto[x-placement^="right"]>.arrow::after{left:1px;border-width:0.5rem 0.5rem 0.5rem 0;border-right-color:#32383e}.bs-popover-bottom,.bs-popover-auto[x-placement^="bottom"]{margin-top:0.5rem}.bs-popover-bottom>.arrow,.bs-popover-auto[x-placement^="bottom"]>.arrow{top:calc(-0.5rem - 1px)}.bs-popover-bottom>.arrow::before,.bs-popover-auto[x-placement^="bottom"]>.arrow::before{top:0;border-width:0 0.5rem 0.5rem 0.5rem;border-bottom-color:rgba(0,0,0,0.25)}.bs-popover-bottom>.arrow::after,.bs-popover-auto[x-placement^="bottom"]>.arrow::after{top:1px;border-width:0 0.5rem 0.5rem 0.5rem;border-bottom-color:#32383e}.bs-popover-bottom .popover-header::before,.bs-popover-auto[x-placement^="bottom"] .popover-header::before{position:absolute;top:0;left:50%;display:block;width:1rem;margin-left:-0.5rem;content:"";border-bottom:1px solid #2c3036}.bs-popover-left,.bs-popover-auto[x-placement^="left"]{margin-right:0.5rem}.bs-popover-left>.arrow,.bs-popover-auto[x-placement^="left"]>.arrow{right:calc(-0.5rem - 1px);width:0.5rem;height:1rem;margin:0.3rem 0}.bs-popover-left>.arrow::before,.bs-popover-auto[x-placement^="left"]>.arrow::before{right:0;border-width:0.5rem 0 0.5rem 0.5rem;border-left-color:rgba(0,0,0,0.25)}.bs-popover-left>.arrow::after,.bs-popover-auto[x-placement^="left"]>.arrow::after{right:1px;border-width:0.5rem 0 0.5rem 0.5rem;border-left-color:#32383e}.popover-header{padding:0.5rem 0.75rem;margin-bottom:0;font-size:0.9375rem;background-color:#2c3036;border-bottom:1px solid #202328;border-top-left-radius:calc(0.3rem - 1px);border-top-right-radius:calc(0.3rem - 1px)}.popover-header:empty{display:none}.popover-body{padding:0.5rem 0.75rem;color:#aaa}.carousel{position:relative}.carousel.pointer-event{-ms-touch-action:pan-y;touch-action:pan-y}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner::after{display:block;clear:both;content:""}.carousel-item{position:relative;display:none;float:left;width:100%;margin-right:-100%;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-transition:-webkit-transform 0.6s ease-in-out;transition:-webkit-transform 0.6s ease-in-out;transition:transform 0.6s ease-in-out;transition:transform 0.6s ease-in-out, -webkit-transform 0.6s ease-in-out}@media (prefers-reduced-motion: reduce){.carousel-item{-webkit-transition:none;transition:none}}.carousel-item.active,.carousel-item-next,.carousel-item-prev{display:block}.carousel-item-next:not(.carousel-item-left),.active.carousel-item-right{-webkit-transform:translateX(100%);transform:translateX(100%)}.carousel-item-prev:not(.carousel-item-right),.active.carousel-item-left{-webkit-transform:translateX(-100%);transform:translateX(-100%)}.carousel-fade .carousel-item{opacity:0;-webkit-transition-property:opacity;transition-property:opacity;-webkit-transform:none;transform:none}.carousel-fade .carousel-item.active,.carousel-fade .carousel-item-next.carousel-item-left,.carousel-fade .carousel-item-prev.carousel-item-right{z-index:1;opacity:1}.carousel-fade .active.carousel-item-left,.carousel-fade .active.carousel-item-right{z-index:0;opacity:0;-webkit-transition:opacity 0s 0.6s;transition:opacity 0s 0.6s}@media (prefers-reduced-motion: reduce){.carousel-fade .active.carousel-item-left,.carousel-fade .active.carousel-item-right{-webkit-transition:none;transition:none}}.carousel-control-prev,.carousel-control-next{position:absolute;top:0;bottom:0;z-index:1;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;width:15%;color:#fff;text-align:center;opacity:0.5;-webkit-transition:opacity 0.15s ease;transition:opacity 0.15s ease}@media (prefers-reduced-motion: reduce){.carousel-control-prev,.carousel-control-next{-webkit-transition:none;transition:none}}.carousel-control-prev:hover,.carousel-control-prev:focus,.carousel-control-next:hover,.carousel-control-next:focus{color:#fff;text-decoration:none;outline:0;opacity:0.9}.carousel-control-prev{left:0}.carousel-control-next{right:0}.carousel-control-prev-icon,.carousel-control-next-icon{display:inline-block;width:20px;height:20px;background:no-repeat 50% / 100% 100%}.carousel-control-prev-icon{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' fill='%23fff' width='8' height='8' viewBox='0 0 8 8'%3e%3cpath d='M5.25 0l-4 4 4 4 1.5-1.5L4.25 4l2.5-2.5L5.25 0z'/%3e%3c/svg%3e")}.carousel-control-next-icon{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' fill='%23fff' width='8' height='8' viewBox='0 0 8 8'%3e%3cpath d='M2.75 0l-1.5 1.5L3.75 4l-2.5 2.5L2.75 8l4-4-4-4z'/%3e%3c/svg%3e")}.carousel-indicators{position:absolute;right:0;bottom:0;left:0;z-index:15;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;padding-left:0;margin-right:15%;margin-left:15%;list-style:none}.carousel-indicators li{-webkit-box-sizing:content-box;box-sizing:content-box;-webkit-box-flex:0;-ms-flex:0 1 auto;flex:0 1 auto;width:30px;height:3px;margin-right:3px;margin-left:3px;text-indent:-999px;cursor:pointer;background-color:#fff;background-clip:padding-box;border-top:10px solid transparent;border-bottom:10px solid transparent;opacity:.5;-webkit-transition:opacity 0.6s ease;transition:opacity 0.6s ease}@media (prefers-reduced-motion: reduce){.carousel-indicators li{-webkit-transition:none;transition:none}}.carousel-indicators .active{opacity:1}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center}@-webkit-keyframes spinner-border{to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes spinner-border{to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}.spinner-border{display:inline-block;width:2rem;height:2rem;vertical-align:text-bottom;border:0.25em solid currentColor;border-right-color:transparent;border-radius:50%;-webkit-animation:spinner-border .75s linear infinite;animation:spinner-border .75s linear infinite}.spinner-border-sm{width:1rem;height:1rem;border-width:0.2em}@-webkit-keyframes spinner-grow{0%{-webkit-transform:scale(0);transform:scale(0)}50%{opacity:1}}@keyframes spinner-grow{0%{-webkit-transform:scale(0);transform:scale(0)}50%{opacity:1}}.spinner-grow{display:inline-block;width:2rem;height:2rem;vertical-align:text-bottom;background-color:currentColor;border-radius:50%;opacity:0;-webkit-animation:spinner-grow .75s linear infinite;animation:spinner-grow .75s linear infinite}.spinner-grow-sm{width:1rem;height:1rem}.align-baseline{vertical-align:baseline !important}.align-top{vertical-align:top !important}.align-middle{vertical-align:middle !important}.align-bottom{vertical-align:bottom !important}.align-text-bottom{vertical-align:text-bottom !important}.align-text-top{vertical-align:text-top !important}.bg-primary{background-color:#3A3F44 !important}a.bg-primary:hover,a.bg-primary:focus,button.bg-primary:hover,button.bg-primary:focus{background-color:#232628 !important}.bg-secondary{background-color:#7A8288 !important}a.bg-secondary:hover,a.bg-secondary:focus,button.bg-secondary:hover,button.bg-secondary:focus{background-color:#62686d !important}.bg-success{background-color:#62c462 !important}a.bg-success:hover,a.bg-success:focus,button.bg-success:hover,button.bg-success:focus{background-color:#42b142 !important}.bg-info{background-color:#5bc0de !important}a.bg-info:hover,a.bg-info:focus,button.bg-info:hover,button.bg-info:focus{background-color:#31b0d5 !important}.bg-warning{background-color:#f89406 !important}a.bg-warning:hover,a.bg-warning:focus,button.bg-warning:hover,button.bg-warning:focus{background-color:#c67605 !important}.bg-danger{background-color:#ee5f5b !important}a.bg-danger:hover,a.bg-danger:focus,button.bg-danger:hover,button.bg-danger:focus{background-color:#e9322d !important}.bg-light{background-color:#e9ecef !important}a.bg-light:hover,a.bg-light:focus,button.bg-light:hover,button.bg-light:focus{background-color:#cbd3da !important}.bg-dark{background-color:#272B30 !important}a.bg-dark:hover,a.bg-dark:focus,button.bg-dark:hover,button.bg-dark:focus{background-color:#101214 !important}.bg-white{background-color:#fff !important}.bg-transparent{background-color:transparent !important}.border{border:1px solid #dee2e6 !important}.border-top{border-top:1px solid #dee2e6 !important}.border-right{border-right:1px solid #dee2e6 !important}.border-bottom{border-bottom:1px solid #dee2e6 !important}.border-left{border-left:1px solid #dee2e6 !important}.border-0{border:0 !important}.border-top-0{border-top:0 !important}.border-right-0{border-right:0 !important}.border-bottom-0{border-bottom:0 !important}.border-left-0{border-left:0 !important}.border-primary{border-color:#3A3F44 !important}.border-secondary{border-color:#7A8288 !important}.border-success{border-color:#62c462 !important}.border-info{border-color:#5bc0de !important}.border-warning{border-color:#f89406 !important}.border-danger{border-color:#ee5f5b !important}.border-light{border-color:#e9ecef !important}.border-dark{border-color:#272B30 !important}.border-white{border-color:#fff !important}.rounded-sm{border-radius:0.2rem !important}.rounded{border-radius:0.25rem !important}.rounded-top{border-top-left-radius:0.25rem !important;border-top-right-radius:0.25rem !important}.rounded-right{border-top-right-radius:0.25rem !important;border-bottom-right-radius:0.25rem !important}.rounded-bottom{border-bottom-right-radius:0.25rem !important;border-bottom-left-radius:0.25rem !important}.rounded-left{border-top-left-radius:0.25rem !important;border-bottom-left-radius:0.25rem !important}.rounded-lg{border-radius:0.3rem !important}.rounded-circle{border-radius:50% !important}.rounded-pill{border-radius:50rem !important}.rounded-0{border-radius:0 !important}.clearfix::after{display:block;clear:both;content:""}.d-none{display:none !important}.d-inline{display:inline !important}.d-inline-block{display:inline-block !important}.d-block{display:block !important}.d-table{display:table !important}.d-table-row{display:table-row !important}.d-table-cell{display:table-cell !important}.d-flex{display:-webkit-box !important;display:-ms-flexbox !important;display:flex !important}.d-inline-flex{display:-webkit-inline-box !important;display:-ms-inline-flexbox !important;display:inline-flex !important}@media (min-width: 576px){.d-sm-none{display:none !important}.d-sm-inline{display:inline !important}.d-sm-inline-block{display:inline-block !important}.d-sm-block{display:block !important}.d-sm-table{display:table !important}.d-sm-table-row{display:table-row !important}.d-sm-table-cell{display:table-cell !important}.d-sm-flex{display:-webkit-box !important;display:-ms-flexbox !important;display:flex !important}.d-sm-inline-flex{display:-webkit-inline-box !important;display:-ms-inline-flexbox !important;display:inline-flex !important}}@media (min-width: 768px){.d-md-none{display:none !important}.d-md-inline{display:inline !important}.d-md-inline-block{display:inline-block !important}.d-md-block{display:block !important}.d-md-table{display:table !important}.d-md-table-row{display:table-row !important}.d-md-table-cell{display:table-cell !important}.d-md-flex{display:-webkit-box !important;display:-ms-flexbox !important;display:flex !important}.d-md-inline-flex{display:-webkit-inline-box !important;display:-ms-inline-flexbox !important;display:inline-flex !important}}@media (min-width: 992px){.d-lg-none{display:none !important}.d-lg-inline{display:inline !important}.d-lg-inline-block{display:inline-block !important}.d-lg-block{display:block !important}.d-lg-table{display:table !important}.d-lg-table-row{display:table-row !important}.d-lg-table-cell{display:table-cell !important}.d-lg-flex{display:-webkit-box !important;display:-ms-flexbox !important;display:flex !important}.d-lg-inline-flex{display:-webkit-inline-box !important;display:-ms-inline-flexbox !important;display:inline-flex !important}}@media (min-width: 1200px){.d-xl-none{display:none !important}.d-xl-inline{display:inline !important}.d-xl-inline-block{display:inline-block !important}.d-xl-block{display:block !important}.d-xl-table{display:table !important}.d-xl-table-row{display:table-row !important}.d-xl-table-cell{display:table-cell !important}.d-xl-flex{display:-webkit-box !important;display:-ms-flexbox !important;display:flex !important}.d-xl-inline-flex{display:-webkit-inline-box !important;display:-ms-inline-flexbox !important;display:inline-flex !important}}@media print{.d-print-none{display:none !important}.d-print-inline{display:inline !important}.d-print-inline-block{display:inline-block !important}.d-print-block{display:block !important}.d-print-table{display:table !important}.d-print-table-row{display:table-row !important}.d-print-table-cell{display:table-cell !important}.d-print-flex{display:-webkit-box !important;display:-ms-flexbox !important;display:flex !important}.d-print-inline-flex{display:-webkit-inline-box !important;display:-ms-inline-flexbox !important;display:inline-flex !important}}.embed-responsive{position:relative;display:block;width:100%;padding:0;overflow:hidden}.embed-responsive::before{display:block;content:""}.embed-responsive .embed-responsive-item,.embed-responsive iframe,.embed-responsive embed,.embed-responsive object,.embed-responsive video{position:absolute;top:0;bottom:0;left:0;width:100%;height:100%;border:0}.embed-responsive-21by9::before{padding-top:42.8571428571%}.embed-responsive-16by9::before{padding-top:56.25%}.embed-responsive-4by3::before{padding-top:75%}.embed-responsive-1by1::before{padding-top:100%}.flex-row{-webkit-box-orient:horizontal !important;-webkit-box-direction:normal !important;-ms-flex-direction:row !important;flex-direction:row !important}.flex-column{-webkit-box-orient:vertical !important;-webkit-box-direction:normal !important;-ms-flex-direction:column !important;flex-direction:column !important}.flex-row-reverse{-webkit-box-orient:horizontal !important;-webkit-box-direction:reverse !important;-ms-flex-direction:row-reverse !important;flex-direction:row-reverse !important}.flex-column-reverse{-webkit-box-orient:vertical !important;-webkit-box-direction:reverse !important;-ms-flex-direction:column-reverse !important;flex-direction:column-reverse !important}.flex-wrap{-ms-flex-wrap:wrap !important;flex-wrap:wrap !important}.flex-nowrap{-ms-flex-wrap:nowrap !important;flex-wrap:nowrap !important}.flex-wrap-reverse{-ms-flex-wrap:wrap-reverse !important;flex-wrap:wrap-reverse !important}.flex-fill{-webkit-box-flex:1 !important;-ms-flex:1 1 auto !important;flex:1 1 auto !important}.flex-grow-0{-webkit-box-flex:0 !important;-ms-flex-positive:0 !important;flex-grow:0 !important}.flex-grow-1{-webkit-box-flex:1 !important;-ms-flex-positive:1 !important;flex-grow:1 !important}.flex-shrink-0{-ms-flex-negative:0 !important;flex-shrink:0 !important}.flex-shrink-1{-ms-flex-negative:1 !important;flex-shrink:1 !important}.justify-content-start{-webkit-box-pack:start !important;-ms-flex-pack:start !important;justify-content:flex-start !important}.justify-content-end{-webkit-box-pack:end !important;-ms-flex-pack:end !important;justify-content:flex-end !important}.justify-content-center{-webkit-box-pack:center !important;-ms-flex-pack:center !important;justify-content:center !important}.justify-content-between{-webkit-box-pack:justify !important;-ms-flex-pack:justify !important;justify-content:space-between !important}.justify-content-around{-ms-flex-pack:distribute !important;justify-content:space-around !important}.align-items-start{-webkit-box-align:start !important;-ms-flex-align:start !important;align-items:flex-start !important}.align-items-end{-webkit-box-align:end !important;-ms-flex-align:end !important;align-items:flex-end !important}.align-items-center{-webkit-box-align:center !important;-ms-flex-align:center !important;align-items:center !important}.align-items-baseline{-webkit-box-align:baseline !important;-ms-flex-align:baseline !important;align-items:baseline !important}.align-items-stretch{-webkit-box-align:stretch !important;-ms-flex-align:stretch !important;align-items:stretch !important}.align-content-start{-ms-flex-line-pack:start !important;align-content:flex-start !important}.align-content-end{-ms-flex-line-pack:end !important;align-content:flex-end !important}.align-content-center{-ms-flex-line-pack:center !important;align-content:center !important}.align-content-between{-ms-flex-line-pack:justify !important;align-content:space-between !important}.align-content-around{-ms-flex-line-pack:distribute !important;align-content:space-around !important}.align-content-stretch{-ms-flex-line-pack:stretch !important;align-content:stretch !important}.align-self-auto{-ms-flex-item-align:auto !important;align-self:auto !important}.align-self-start{-ms-flex-item-align:start !important;align-self:flex-start !important}.align-self-end{-ms-flex-item-align:end !important;align-self:flex-end !important}.align-self-center{-ms-flex-item-align:center !important;align-self:center !important}.align-self-baseline{-ms-flex-item-align:baseline !important;align-self:baseline !important}.align-self-stretch{-ms-flex-item-align:stretch !important;align-self:stretch !important}@media (min-width: 576px){.flex-sm-row{-webkit-box-orient:horizontal !important;-webkit-box-direction:normal !important;-ms-flex-direction:row !important;flex-direction:row !important}.flex-sm-column{-webkit-box-orient:vertical !important;-webkit-box-direction:normal !important;-ms-flex-direction:column !important;flex-direction:column !important}.flex-sm-row-reverse{-webkit-box-orient:horizontal !important;-webkit-box-direction:reverse !important;-ms-flex-direction:row-reverse !important;flex-direction:row-reverse !important}.flex-sm-column-reverse{-webkit-box-orient:vertical !important;-webkit-box-direction:reverse !important;-ms-flex-direction:column-reverse !important;flex-direction:column-reverse !important}.flex-sm-wrap{-ms-flex-wrap:wrap !important;flex-wrap:wrap !important}.flex-sm-nowrap{-ms-flex-wrap:nowrap !important;flex-wrap:nowrap !important}.flex-sm-wrap-reverse{-ms-flex-wrap:wrap-reverse !important;flex-wrap:wrap-reverse !important}.flex-sm-fill{-webkit-box-flex:1 !important;-ms-flex:1 1 auto !important;flex:1 1 auto !important}.flex-sm-grow-0{-webkit-box-flex:0 !important;-ms-flex-positive:0 !important;flex-grow:0 !important}.flex-sm-grow-1{-webkit-box-flex:1 !important;-ms-flex-positive:1 !important;flex-grow:1 !important}.flex-sm-shrink-0{-ms-flex-negative:0 !important;flex-shrink:0 !important}.flex-sm-shrink-1{-ms-flex-negative:1 !important;flex-shrink:1 !important}.justify-content-sm-start{-webkit-box-pack:start !important;-ms-flex-pack:start !important;justify-content:flex-start !important}.justify-content-sm-end{-webkit-box-pack:end !important;-ms-flex-pack:end !important;justify-content:flex-end !important}.justify-content-sm-center{-webkit-box-pack:center !important;-ms-flex-pack:center !important;justify-content:center !important}.justify-content-sm-between{-webkit-box-pack:justify !important;-ms-flex-pack:justify !important;justify-content:space-between !important}.justify-content-sm-around{-ms-flex-pack:distribute !important;justify-content:space-around !important}.align-items-sm-start{-webkit-box-align:start !important;-ms-flex-align:start !important;align-items:flex-start !important}.align-items-sm-end{-webkit-box-align:end !important;-ms-flex-align:end !important;align-items:flex-end !important}.align-items-sm-center{-webkit-box-align:center !important;-ms-flex-align:center !important;align-items:center !important}.align-items-sm-baseline{-webkit-box-align:baseline !important;-ms-flex-align:baseline !important;align-items:baseline !important}.align-items-sm-stretch{-webkit-box-align:stretch !important;-ms-flex-align:stretch !important;align-items:stretch !important}.align-content-sm-start{-ms-flex-line-pack:start !important;align-content:flex-start !important}.align-content-sm-end{-ms-flex-line-pack:end !important;align-content:flex-end !important}.align-content-sm-center{-ms-flex-line-pack:center !important;align-content:center !important}.align-content-sm-between{-ms-flex-line-pack:justify !important;align-content:space-between !important}.align-content-sm-around{-ms-flex-line-pack:distribute !important;align-content:space-around !important}.align-content-sm-stretch{-ms-flex-line-pack:stretch !important;align-content:stretch !important}.align-self-sm-auto{-ms-flex-item-align:auto !important;align-self:auto !important}.align-self-sm-start{-ms-flex-item-align:start !important;align-self:flex-start !important}.align-self-sm-end{-ms-flex-item-align:end !important;align-self:flex-end !important}.align-self-sm-center{-ms-flex-item-align:center !important;align-self:center !important}.align-self-sm-baseline{-ms-flex-item-align:baseline !important;align-self:baseline !important}.align-self-sm-stretch{-ms-flex-item-align:stretch !important;align-self:stretch !important}}@media (min-width: 768px){.flex-md-row{-webkit-box-orient:horizontal !important;-webkit-box-direction:normal !important;-ms-flex-direction:row !important;flex-direction:row !important}.flex-md-column{-webkit-box-orient:vertical !important;-webkit-box-direction:normal !important;-ms-flex-direction:column !important;flex-direction:column !important}.flex-md-row-reverse{-webkit-box-orient:horizontal !important;-webkit-box-direction:reverse !important;-ms-flex-direction:row-reverse !important;flex-direction:row-reverse !important}.flex-md-column-reverse{-webkit-box-orient:vertical !important;-webkit-box-direction:reverse !important;-ms-flex-direction:column-reverse !important;flex-direction:column-reverse !important}.flex-md-wrap{-ms-flex-wrap:wrap !important;flex-wrap:wrap !important}.flex-md-nowrap{-ms-flex-wrap:nowrap !important;flex-wrap:nowrap !important}.flex-md-wrap-reverse{-ms-flex-wrap:wrap-reverse !important;flex-wrap:wrap-reverse !important}.flex-md-fill{-webkit-box-flex:1 !important;-ms-flex:1 1 auto !important;flex:1 1 auto !important}.flex-md-grow-0{-webkit-box-flex:0 !important;-ms-flex-positive:0 !important;flex-grow:0 !important}.flex-md-grow-1{-webkit-box-flex:1 !important;-ms-flex-positive:1 !important;flex-grow:1 !important}.flex-md-shrink-0{-ms-flex-negative:0 !important;flex-shrink:0 !important}.flex-md-shrink-1{-ms-flex-negative:1 !important;flex-shrink:1 !important}.justify-content-md-start{-webkit-box-pack:start !important;-ms-flex-pack:start !important;justify-content:flex-start !important}.justify-content-md-end{-webkit-box-pack:end !important;-ms-flex-pack:end !important;justify-content:flex-end !important}.justify-content-md-center{-webkit-box-pack:center !important;-ms-flex-pack:center !important;justify-content:center !important}.justify-content-md-between{-webkit-box-pack:justify !important;-ms-flex-pack:justify !important;justify-content:space-between !important}.justify-content-md-around{-ms-flex-pack:distribute !important;justify-content:space-around !important}.align-items-md-start{-webkit-box-align:start !important;-ms-flex-align:start !important;align-items:flex-start !important}.align-items-md-end{-webkit-box-align:end !important;-ms-flex-align:end !important;align-items:flex-end !important}.align-items-md-center{-webkit-box-align:center !important;-ms-flex-align:center !important;align-items:center !important}.align-items-md-baseline{-webkit-box-align:baseline !important;-ms-flex-align:baseline !important;align-items:baseline !important}.align-items-md-stretch{-webkit-box-align:stretch !important;-ms-flex-align:stretch !important;align-items:stretch !important}.align-content-md-start{-ms-flex-line-pack:start !important;align-content:flex-start !important}.align-content-md-end{-ms-flex-line-pack:end !important;align-content:flex-end !important}.align-content-md-center{-ms-flex-line-pack:center !important;align-content:center !important}.align-content-md-between{-ms-flex-line-pack:justify !important;align-content:space-between !important}.align-content-md-around{-ms-flex-line-pack:distribute !important;align-content:space-around !important}.align-content-md-stretch{-ms-flex-line-pack:stretch !important;align-content:stretch !important}.align-self-md-auto{-ms-flex-item-align:auto !important;align-self:auto !important}.align-self-md-start{-ms-flex-item-align:start !important;align-self:flex-start !important}.align-self-md-end{-ms-flex-item-align:end !important;align-self:flex-end !important}.align-self-md-center{-ms-flex-item-align:center !important;align-self:center !important}.align-self-md-baseline{-ms-flex-item-align:baseline !important;align-self:baseline !important}.align-self-md-stretch{-ms-flex-item-align:stretch !important;align-self:stretch !important}}@media (min-width: 992px){.flex-lg-row{-webkit-box-orient:horizontal !important;-webkit-box-direction:normal !important;-ms-flex-direction:row !important;flex-direction:row !important}.flex-lg-column{-webkit-box-orient:vertical !important;-webkit-box-direction:normal !important;-ms-flex-direction:column !important;flex-direction:column !important}.flex-lg-row-reverse{-webkit-box-orient:horizontal !important;-webkit-box-direction:reverse !important;-ms-flex-direction:row-reverse !important;flex-direction:row-reverse !important}.flex-lg-column-reverse{-webkit-box-orient:vertical !important;-webkit-box-direction:reverse !important;-ms-flex-direction:column-reverse !important;flex-direction:column-reverse !important}.flex-lg-wrap{-ms-flex-wrap:wrap !important;flex-wrap:wrap !important}.flex-lg-nowrap{-ms-flex-wrap:nowrap !important;flex-wrap:nowrap !important}.flex-lg-wrap-reverse{-ms-flex-wrap:wrap-reverse !important;flex-wrap:wrap-reverse !important}.flex-lg-fill{-webkit-box-flex:1 !important;-ms-flex:1 1 auto !important;flex:1 1 auto !important}.flex-lg-grow-0{-webkit-box-flex:0 !important;-ms-flex-positive:0 !important;flex-grow:0 !important}.flex-lg-grow-1{-webkit-box-flex:1 !important;-ms-flex-positive:1 !important;flex-grow:1 !important}.flex-lg-shrink-0{-ms-flex-negative:0 !important;flex-shrink:0 !important}.flex-lg-shrink-1{-ms-flex-negative:1 !important;flex-shrink:1 !important}.justify-content-lg-start{-webkit-box-pack:start !important;-ms-flex-pack:start !important;justify-content:flex-start !important}.justify-content-lg-end{-webkit-box-pack:end !important;-ms-flex-pack:end !important;justify-content:flex-end !important}.justify-content-lg-center{-webkit-box-pack:center !important;-ms-flex-pack:center !important;justify-content:center !important}.justify-content-lg-between{-webkit-box-pack:justify !important;-ms-flex-pack:justify !important;justify-content:space-between !important}.justify-content-lg-around{-ms-flex-pack:distribute !important;justify-content:space-around !important}.align-items-lg-start{-webkit-box-align:start !important;-ms-flex-align:start !important;align-items:flex-start !important}.align-items-lg-end{-webkit-box-align:end !important;-ms-flex-align:end !important;align-items:flex-end !important}.align-items-lg-center{-webkit-box-align:center !important;-ms-flex-align:center !important;align-items:center !important}.align-items-lg-baseline{-webkit-box-align:baseline !important;-ms-flex-align:baseline !important;align-items:baseline !important}.align-items-lg-stretch{-webkit-box-align:stretch !important;-ms-flex-align:stretch !important;align-items:stretch !important}.align-content-lg-start{-ms-flex-line-pack:start !important;align-content:flex-start !important}.align-content-lg-end{-ms-flex-line-pack:end !important;align-content:flex-end !important}.align-content-lg-center{-ms-flex-line-pack:center !important;align-content:center !important}.align-content-lg-between{-ms-flex-line-pack:justify !important;align-content:space-between !important}.align-content-lg-around{-ms-flex-line-pack:distribute !important;align-content:space-around !important}.align-content-lg-stretch{-ms-flex-line-pack:stretch !important;align-content:stretch !important}.align-self-lg-auto{-ms-flex-item-align:auto !important;align-self:auto !important}.align-self-lg-start{-ms-flex-item-align:start !important;align-self:flex-start !important}.align-self-lg-end{-ms-flex-item-align:end !important;align-self:flex-end !important}.align-self-lg-center{-ms-flex-item-align:center !important;align-self:center !important}.align-self-lg-baseline{-ms-flex-item-align:baseline !important;align-self:baseline !important}.align-self-lg-stretch{-ms-flex-item-align:stretch !important;align-self:stretch !important}}@media (min-width: 1200px){.flex-xl-row{-webkit-box-orient:horizontal !important;-webkit-box-direction:normal !important;-ms-flex-direction:row !important;flex-direction:row !important}.flex-xl-column{-webkit-box-orient:vertical !important;-webkit-box-direction:normal !important;-ms-flex-direction:column !important;flex-direction:column !important}.flex-xl-row-reverse{-webkit-box-orient:horizontal !important;-webkit-box-direction:reverse !important;-ms-flex-direction:row-reverse !important;flex-direction:row-reverse !important}.flex-xl-column-reverse{-webkit-box-orient:vertical !important;-webkit-box-direction:reverse !important;-ms-flex-direction:column-reverse !important;flex-direction:column-reverse !important}.flex-xl-wrap{-ms-flex-wrap:wrap !important;flex-wrap:wrap !important}.flex-xl-nowrap{-ms-flex-wrap:nowrap !important;flex-wrap:nowrap !important}.flex-xl-wrap-reverse{-ms-flex-wrap:wrap-reverse !important;flex-wrap:wrap-reverse !important}.flex-xl-fill{-webkit-box-flex:1 !important;-ms-flex:1 1 auto !important;flex:1 1 auto !important}.flex-xl-grow-0{-webkit-box-flex:0 !important;-ms-flex-positive:0 !important;flex-grow:0 !important}.flex-xl-grow-1{-webkit-box-flex:1 !important;-ms-flex-positive:1 !important;flex-grow:1 !important}.flex-xl-shrink-0{-ms-flex-negative:0 !important;flex-shrink:0 !important}.flex-xl-shrink-1{-ms-flex-negative:1 !important;flex-shrink:1 !important}.justify-content-xl-start{-webkit-box-pack:start !important;-ms-flex-pack:start !important;justify-content:flex-start !important}.justify-content-xl-end{-webkit-box-pack:end !important;-ms-flex-pack:end !important;justify-content:flex-end !important}.justify-content-xl-center{-webkit-box-pack:center !important;-ms-flex-pack:center !important;justify-content:center !important}.justify-content-xl-between{-webkit-box-pack:justify !important;-ms-flex-pack:justify !important;justify-content:space-between !important}.justify-content-xl-around{-ms-flex-pack:distribute !important;justify-content:space-around !important}.align-items-xl-start{-webkit-box-align:start !important;-ms-flex-align:start !important;align-items:flex-start !important}.align-items-xl-end{-webkit-box-align:end !important;-ms-flex-align:end !important;align-items:flex-end !important}.align-items-xl-center{-webkit-box-align:center !important;-ms-flex-align:center !important;align-items:center !important}.align-items-xl-baseline{-webkit-box-align:baseline !important;-ms-flex-align:baseline !important;align-items:baseline !important}.align-items-xl-stretch{-webkit-box-align:stretch !important;-ms-flex-align:stretch !important;align-items:stretch !important}.align-content-xl-start{-ms-flex-line-pack:start !important;align-content:flex-start !important}.align-content-xl-end{-ms-flex-line-pack:end !important;align-content:flex-end !important}.align-content-xl-center{-ms-flex-line-pack:center !important;align-content:center !important}.align-content-xl-between{-ms-flex-line-pack:justify !important;align-content:space-between !important}.align-content-xl-around{-ms-flex-line-pack:distribute !important;align-content:space-around !important}.align-content-xl-stretch{-ms-flex-line-pack:stretch !important;align-content:stretch !important}.align-self-xl-auto{-ms-flex-item-align:auto !important;align-self:auto !important}.align-self-xl-start{-ms-flex-item-align:start !important;align-self:flex-start !important}.align-self-xl-end{-ms-flex-item-align:end !important;align-self:flex-end !important}.align-self-xl-center{-ms-flex-item-align:center !important;align-self:center !important}.align-self-xl-baseline{-ms-flex-item-align:baseline !important;align-self:baseline !important}.align-self-xl-stretch{-ms-flex-item-align:stretch !important;align-self:stretch !important}}.float-left{float:left !important}.float-right{float:right !important}.float-none{float:none !important}@media (min-width: 576px){.float-sm-left{float:left !important}.float-sm-right{float:right !important}.float-sm-none{float:none !important}}@media (min-width: 768px){.float-md-left{float:left !important}.float-md-right{float:right !important}.float-md-none{float:none !important}}@media (min-width: 992px){.float-lg-left{float:left !important}.float-lg-right{float:right !important}.float-lg-none{float:none !important}}@media (min-width: 1200px){.float-xl-left{float:left !important}.float-xl-right{float:right !important}.float-xl-none{float:none !important}}.overflow-auto{overflow:auto !important}.overflow-hidden{overflow:hidden !important}.position-static{position:static !important}.position-relative{position:relative !important}.position-absolute{position:absolute !important}.position-fixed{position:fixed !important}.position-sticky{position:-webkit-sticky !important;position:sticky !important}.fixed-top{position:fixed;top:0;right:0;left:0;z-index:1030}.fixed-bottom{position:fixed;right:0;bottom:0;left:0;z-index:1030}@supports (position: -webkit-sticky) or (position: sticky){.sticky-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0, 0, 0, 0);white-space:nowrap;border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;overflow:visible;clip:auto;white-space:normal}.shadow-sm{-webkit-box-shadow:0 0.125rem 0.25rem rgba(0,0,0,0.075) !important;box-shadow:0 0.125rem 0.25rem rgba(0,0,0,0.075) !important}.shadow{-webkit-box-shadow:0 0.5rem 1rem rgba(0,0,0,0.15) !important;box-shadow:0 0.5rem 1rem rgba(0,0,0,0.15) !important}.shadow-lg{-webkit-box-shadow:0 1rem 3rem rgba(0,0,0,0.175) !important;box-shadow:0 1rem 3rem rgba(0,0,0,0.175) !important}.shadow-none{-webkit-box-shadow:none !important;box-shadow:none !important}.w-25{width:25% !important}.w-50{width:50% !important}.w-75{width:75% !important}.w-100{width:100% !important}.w-auto{width:auto !important}.h-25{height:25% !important}.h-50{height:50% !important}.h-75{height:75% !important}.h-100{height:100% !important}.h-auto{height:auto !important}.mw-100{max-width:100% !important}.mh-100{max-height:100% !important}.min-vw-100{min-width:100vw !important}.min-vh-100{min-height:100vh !important}.vw-100{width:100vw !important}.vh-100{height:100vh !important}.stretched-link::after{position:absolute;top:0;right:0;bottom:0;left:0;z-index:1;pointer-events:auto;content:"";background-color:rgba(0,0,0,0)}.m-0{margin:0 !important}.mt-0,.my-0{margin-top:0 !important}.mr-0,.mx-0{margin-right:0 !important}.mb-0,.my-0{margin-bottom:0 !important}.ml-0,.mx-0{margin-left:0 !important}.m-1{margin:0.25rem !important}.mt-1,.my-1{margin-top:0.25rem !important}.mr-1,.mx-1{margin-right:0.25rem !important}.mb-1,.my-1{margin-bottom:0.25rem !important}.ml-1,.mx-1{margin-left:0.25rem !important}.m-2{margin:0.5rem !important}.mt-2,.my-2{margin-top:0.5rem !important}.mr-2,.mx-2{margin-right:0.5rem !important}.mb-2,.my-2{margin-bottom:0.5rem !important}.ml-2,.mx-2{margin-left:0.5rem !important}.m-3{margin:1rem !important}.mt-3,.my-3{margin-top:1rem !important}.mr-3,.mx-3{margin-right:1rem !important}.mb-3,.my-3{margin-bottom:1rem !important}.ml-3,.mx-3{margin-left:1rem !important}.m-4{margin:1.5rem !important}.mt-4,.my-4{margin-top:1.5rem !important}.mr-4,.mx-4{margin-right:1.5rem !important}.mb-4,.my-4{margin-bottom:1.5rem !important}.ml-4,.mx-4{margin-left:1.5rem !important}.m-5{margin:3rem !important}.mt-5,.my-5{margin-top:3rem !important}.mr-5,.mx-5{margin-right:3rem !important}.mb-5,.my-5{margin-bottom:3rem !important}.ml-5,.mx-5{margin-left:3rem !important}.p-0{padding:0 !important}.pt-0,.py-0{padding-top:0 !important}.pr-0,.px-0{padding-right:0 !important}.pb-0,.py-0{padding-bottom:0 !important}.pl-0,.px-0{padding-left:0 !important}.p-1{padding:0.25rem !important}.pt-1,.py-1{padding-top:0.25rem !important}.pr-1,.px-1{padding-right:0.25rem !important}.pb-1,.py-1{padding-bottom:0.25rem !important}.pl-1,.px-1{padding-left:0.25rem !important}.p-2{padding:0.5rem !important}.pt-2,.py-2{padding-top:0.5rem !important}.pr-2,.px-2{padding-right:0.5rem !important}.pb-2,.py-2{padding-bottom:0.5rem !important}.pl-2,.px-2{padding-left:0.5rem !important}.p-3{padding:1rem !important}.pt-3,.py-3{padding-top:1rem !important}.pr-3,.px-3{padding-right:1rem !important}.pb-3,.py-3{padding-bottom:1rem !important}.pl-3,.px-3{padding-left:1rem !important}.p-4{padding:1.5rem !important}.pt-4,.py-4{padding-top:1.5rem !important}.pr-4,.px-4{padding-right:1.5rem !important}.pb-4,.py-4{padding-bottom:1.5rem !important}.pl-4,.px-4{padding-left:1.5rem !important}.p-5{padding:3rem !important}.pt-5,.py-5{padding-top:3rem !important}.pr-5,.px-5{padding-right:3rem !important}.pb-5,.py-5{padding-bottom:3rem !important}.pl-5,.px-5{padding-left:3rem !important}.m-n1{margin:-0.25rem !important}.mt-n1,.my-n1{margin-top:-0.25rem !important}.mr-n1,.mx-n1{margin-right:-0.25rem !important}.mb-n1,.my-n1{margin-bottom:-0.25rem !important}.ml-n1,.mx-n1{margin-left:-0.25rem !important}.m-n2{margin:-0.5rem !important}.mt-n2,.my-n2{margin-top:-0.5rem !important}.mr-n2,.mx-n2{margin-right:-0.5rem !important}.mb-n2,.my-n2{margin-bottom:-0.5rem !important}.ml-n2,.mx-n2{margin-left:-0.5rem !important}.m-n3{margin:-1rem !important}.mt-n3,.my-n3{margin-top:-1rem !important}.mr-n3,.mx-n3{margin-right:-1rem !important}.mb-n3,.my-n3{margin-bottom:-1rem !important}.ml-n3,.mx-n3{margin-left:-1rem !important}.m-n4{margin:-1.5rem !important}.mt-n4,.my-n4{margin-top:-1.5rem !important}.mr-n4,.mx-n4{margin-right:-1.5rem !important}.mb-n4,.my-n4{margin-bottom:-1.5rem !important}.ml-n4,.mx-n4{margin-left:-1.5rem !important}.m-n5{margin:-3rem !important}.mt-n5,.my-n5{margin-top:-3rem !important}.mr-n5,.mx-n5{margin-right:-3rem !important}.mb-n5,.my-n5{margin-bottom:-3rem !important}.ml-n5,.mx-n5{margin-left:-3rem !important}.m-auto{margin:auto !important}.mt-auto,.my-auto{margin-top:auto !important}.mr-auto,.mx-auto{margin-right:auto !important}.mb-auto,.my-auto{margin-bottom:auto !important}.ml-auto,.mx-auto{margin-left:auto !important}@media (min-width: 576px){.m-sm-0{margin:0 !important}.mt-sm-0,.my-sm-0{margin-top:0 !important}.mr-sm-0,.mx-sm-0{margin-right:0 !important}.mb-sm-0,.my-sm-0{margin-bottom:0 !important}.ml-sm-0,.mx-sm-0{margin-left:0 !important}.m-sm-1{margin:0.25rem !important}.mt-sm-1,.my-sm-1{margin-top:0.25rem !important}.mr-sm-1,.mx-sm-1{margin-right:0.25rem !important}.mb-sm-1,.my-sm-1{margin-bottom:0.25rem !important}.ml-sm-1,.mx-sm-1{margin-left:0.25rem !important}.m-sm-2{margin:0.5rem !important}.mt-sm-2,.my-sm-2{margin-top:0.5rem !important}.mr-sm-2,.mx-sm-2{margin-right:0.5rem !important}.mb-sm-2,.my-sm-2{margin-bottom:0.5rem !important}.ml-sm-2,.mx-sm-2{margin-left:0.5rem !important}.m-sm-3{margin:1rem !important}.mt-sm-3,.my-sm-3{margin-top:1rem !important}.mr-sm-3,.mx-sm-3{margin-right:1rem !important}.mb-sm-3,.my-sm-3{margin-bottom:1rem !important}.ml-sm-3,.mx-sm-3{margin-left:1rem !important}.m-sm-4{margin:1.5rem !important}.mt-sm-4,.my-sm-4{margin-top:1.5rem !important}.mr-sm-4,.mx-sm-4{margin-right:1.5rem !important}.mb-sm-4,.my-sm-4{margin-bottom:1.5rem !important}.ml-sm-4,.mx-sm-4{margin-left:1.5rem !important}.m-sm-5{margin:3rem !important}.mt-sm-5,.my-sm-5{margin-top:3rem !important}.mr-sm-5,.mx-sm-5{margin-right:3rem !important}.mb-sm-5,.my-sm-5{margin-bottom:3rem !important}.ml-sm-5,.mx-sm-5{margin-left:3rem !important}.p-sm-0{padding:0 !important}.pt-sm-0,.py-sm-0{padding-top:0 !important}.pr-sm-0,.px-sm-0{padding-right:0 !important}.pb-sm-0,.py-sm-0{padding-bottom:0 !important}.pl-sm-0,.px-sm-0{padding-left:0 !important}.p-sm-1{padding:0.25rem !important}.pt-sm-1,.py-sm-1{padding-top:0.25rem !important}.pr-sm-1,.px-sm-1{padding-right:0.25rem !important}.pb-sm-1,.py-sm-1{padding-bottom:0.25rem !important}.pl-sm-1,.px-sm-1{padding-left:0.25rem !important}.p-sm-2{padding:0.5rem !important}.pt-sm-2,.py-sm-2{padding-top:0.5rem !important}.pr-sm-2,.px-sm-2{padding-right:0.5rem !important}.pb-sm-2,.py-sm-2{padding-bottom:0.5rem !important}.pl-sm-2,.px-sm-2{padding-left:0.5rem !important}.p-sm-3{padding:1rem !important}.pt-sm-3,.py-sm-3{padding-top:1rem !important}.pr-sm-3,.px-sm-3{padding-right:1rem !important}.pb-sm-3,.py-sm-3{padding-bottom:1rem !important}.pl-sm-3,.px-sm-3{padding-left:1rem !important}.p-sm-4{padding:1.5rem !important}.pt-sm-4,.py-sm-4{padding-top:1.5rem !important}.pr-sm-4,.px-sm-4{padding-right:1.5rem !important}.pb-sm-4,.py-sm-4{padding-bottom:1.5rem !important}.pl-sm-4,.px-sm-4{padding-left:1.5rem !important}.p-sm-5{padding:3rem !important}.pt-sm-5,.py-sm-5{padding-top:3rem !important}.pr-sm-5,.px-sm-5{padding-right:3rem !important}.pb-sm-5,.py-sm-5{padding-bottom:3rem !important}.pl-sm-5,.px-sm-5{padding-left:3rem !important}.m-sm-n1{margin:-0.25rem !important}.mt-sm-n1,.my-sm-n1{margin-top:-0.25rem !important}.mr-sm-n1,.mx-sm-n1{margin-right:-0.25rem !important}.mb-sm-n1,.my-sm-n1{margin-bottom:-0.25rem !important}.ml-sm-n1,.mx-sm-n1{margin-left:-0.25rem !important}.m-sm-n2{margin:-0.5rem !important}.mt-sm-n2,.my-sm-n2{margin-top:-0.5rem !important}.mr-sm-n2,.mx-sm-n2{margin-right:-0.5rem !important}.mb-sm-n2,.my-sm-n2{margin-bottom:-0.5rem !important}.ml-sm-n2,.mx-sm-n2{margin-left:-0.5rem !important}.m-sm-n3{margin:-1rem !important}.mt-sm-n3,.my-sm-n3{margin-top:-1rem !important}.mr-sm-n3,.mx-sm-n3{margin-right:-1rem !important}.mb-sm-n3,.my-sm-n3{margin-bottom:-1rem !important}.ml-sm-n3,.mx-sm-n3{margin-left:-1rem !important}.m-sm-n4{margin:-1.5rem !important}.mt-sm-n4,.my-sm-n4{margin-top:-1.5rem !important}.mr-sm-n4,.mx-sm-n4{margin-right:-1.5rem !important}.mb-sm-n4,.my-sm-n4{margin-bottom:-1.5rem !important}.ml-sm-n4,.mx-sm-n4{margin-left:-1.5rem !important}.m-sm-n5{margin:-3rem !important}.mt-sm-n5,.my-sm-n5{margin-top:-3rem !important}.mr-sm-n5,.mx-sm-n5{margin-right:-3rem !important}.mb-sm-n5,.my-sm-n5{margin-bottom:-3rem !important}.ml-sm-n5,.mx-sm-n5{margin-left:-3rem !important}.m-sm-auto{margin:auto !important}.mt-sm-auto,.my-sm-auto{margin-top:auto !important}.mr-sm-auto,.mx-sm-auto{margin-right:auto !important}.mb-sm-auto,.my-sm-auto{margin-bottom:auto !important}.ml-sm-auto,.mx-sm-auto{margin-left:auto !important}}@media (min-width: 768px){.m-md-0{margin:0 !important}.mt-md-0,.my-md-0{margin-top:0 !important}.mr-md-0,.mx-md-0{margin-right:0 !important}.mb-md-0,.my-md-0{margin-bottom:0 !important}.ml-md-0,.mx-md-0{margin-left:0 !important}.m-md-1{margin:0.25rem !important}.mt-md-1,.my-md-1{margin-top:0.25rem !important}.mr-md-1,.mx-md-1{margin-right:0.25rem !important}.mb-md-1,.my-md-1{margin-bottom:0.25rem !important}.ml-md-1,.mx-md-1{margin-left:0.25rem !important}.m-md-2{margin:0.5rem !important}.mt-md-2,.my-md-2{margin-top:0.5rem !important}.mr-md-2,.mx-md-2{margin-right:0.5rem !important}.mb-md-2,.my-md-2{margin-bottom:0.5rem !important}.ml-md-2,.mx-md-2{margin-left:0.5rem !important}.m-md-3{margin:1rem !important}.mt-md-3,.my-md-3{margin-top:1rem !important}.mr-md-3,.mx-md-3{margin-right:1rem !important}.mb-md-3,.my-md-3{margin-bottom:1rem !important}.ml-md-3,.mx-md-3{margin-left:1rem !important}.m-md-4{margin:1.5rem !important}.mt-md-4,.my-md-4{margin-top:1.5rem !important}.mr-md-4,.mx-md-4{margin-right:1.5rem !important}.mb-md-4,.my-md-4{margin-bottom:1.5rem !important}.ml-md-4,.mx-md-4{margin-left:1.5rem !important}.m-md-5{margin:3rem !important}.mt-md-5,.my-md-5{margin-top:3rem !important}.mr-md-5,.mx-md-5{margin-right:3rem !important}.mb-md-5,.my-md-5{margin-bottom:3rem !important}.ml-md-5,.mx-md-5{margin-left:3rem !important}.p-md-0{padding:0 !important}.pt-md-0,.py-md-0{padding-top:0 !important}.pr-md-0,.px-md-0{padding-right:0 !important}.pb-md-0,.py-md-0{padding-bottom:0 !important}.pl-md-0,.px-md-0{padding-left:0 !important}.p-md-1{padding:0.25rem !important}.pt-md-1,.py-md-1{padding-top:0.25rem !important}.pr-md-1,.px-md-1{padding-right:0.25rem !important}.pb-md-1,.py-md-1{padding-bottom:0.25rem !important}.pl-md-1,.px-md-1{padding-left:0.25rem !important}.p-md-2{padding:0.5rem !important}.pt-md-2,.py-md-2{padding-top:0.5rem !important}.pr-md-2,.px-md-2{padding-right:0.5rem !important}.pb-md-2,.py-md-2{padding-bottom:0.5rem !important}.pl-md-2,.px-md-2{padding-left:0.5rem !important}.p-md-3{padding:1rem !important}.pt-md-3,.py-md-3{padding-top:1rem !important}.pr-md-3,.px-md-3{padding-right:1rem !important}.pb-md-3,.py-md-3{padding-bottom:1rem !important}.pl-md-3,.px-md-3{padding-left:1rem !important}.p-md-4{padding:1.5rem !important}.pt-md-4,.py-md-4{padding-top:1.5rem !important}.pr-md-4,.px-md-4{padding-right:1.5rem !important}.pb-md-4,.py-md-4{padding-bottom:1.5rem !important}.pl-md-4,.px-md-4{padding-left:1.5rem !important}.p-md-5{padding:3rem !important}.pt-md-5,.py-md-5{padding-top:3rem !important}.pr-md-5,.px-md-5{padding-right:3rem !important}.pb-md-5,.py-md-5{padding-bottom:3rem !important}.pl-md-5,.px-md-5{padding-left:3rem !important}.m-md-n1{margin:-0.25rem !important}.mt-md-n1,.my-md-n1{margin-top:-0.25rem !important}.mr-md-n1,.mx-md-n1{margin-right:-0.25rem !important}.mb-md-n1,.my-md-n1{margin-bottom:-0.25rem !important}.ml-md-n1,.mx-md-n1{margin-left:-0.25rem !important}.m-md-n2{margin:-0.5rem !important}.mt-md-n2,.my-md-n2{margin-top:-0.5rem !important}.mr-md-n2,.mx-md-n2{margin-right:-0.5rem !important}.mb-md-n2,.my-md-n2{margin-bottom:-0.5rem !important}.ml-md-n2,.mx-md-n2{margin-left:-0.5rem !important}.m-md-n3{margin:-1rem !important}.mt-md-n3,.my-md-n3{margin-top:-1rem !important}.mr-md-n3,.mx-md-n3{margin-right:-1rem !important}.mb-md-n3,.my-md-n3{margin-bottom:-1rem !important}.ml-md-n3,.mx-md-n3{margin-left:-1rem !important}.m-md-n4{margin:-1.5rem !important}.mt-md-n4,.my-md-n4{margin-top:-1.5rem !important}.mr-md-n4,.mx-md-n4{margin-right:-1.5rem !important}.mb-md-n4,.my-md-n4{margin-bottom:-1.5rem !important}.ml-md-n4,.mx-md-n4{margin-left:-1.5rem !important}.m-md-n5{margin:-3rem !important}.mt-md-n5,.my-md-n5{margin-top:-3rem !important}.mr-md-n5,.mx-md-n5{margin-right:-3rem !important}.mb-md-n5,.my-md-n5{margin-bottom:-3rem !important}.ml-md-n5,.mx-md-n5{margin-left:-3rem !important}.m-md-auto{margin:auto !important}.mt-md-auto,.my-md-auto{margin-top:auto !important}.mr-md-auto,.mx-md-auto{margin-right:auto !important}.mb-md-auto,.my-md-auto{margin-bottom:auto !important}.ml-md-auto,.mx-md-auto{margin-left:auto !important}}@media (min-width: 992px){.m-lg-0{margin:0 !important}.mt-lg-0,.my-lg-0{margin-top:0 !important}.mr-lg-0,.mx-lg-0{margin-right:0 !important}.mb-lg-0,.my-lg-0{margin-bottom:0 !important}.ml-lg-0,.mx-lg-0{margin-left:0 !important}.m-lg-1{margin:0.25rem !important}.mt-lg-1,.my-lg-1{margin-top:0.25rem !important}.mr-lg-1,.mx-lg-1{margin-right:0.25rem !important}.mb-lg-1,.my-lg-1{margin-bottom:0.25rem !important}.ml-lg-1,.mx-lg-1{margin-left:0.25rem !important}.m-lg-2{margin:0.5rem !important}.mt-lg-2,.my-lg-2{margin-top:0.5rem !important}.mr-lg-2,.mx-lg-2{margin-right:0.5rem !important}.mb-lg-2,.my-lg-2{margin-bottom:0.5rem !important}.ml-lg-2,.mx-lg-2{margin-left:0.5rem !important}.m-lg-3{margin:1rem !important}.mt-lg-3,.my-lg-3{margin-top:1rem !important}.mr-lg-3,.mx-lg-3{margin-right:1rem !important}.mb-lg-3,.my-lg-3{margin-bottom:1rem !important}.ml-lg-3,.mx-lg-3{margin-left:1rem !important}.m-lg-4{margin:1.5rem !important}.mt-lg-4,.my-lg-4{margin-top:1.5rem !important}.mr-lg-4,.mx-lg-4{margin-right:1.5rem !important}.mb-lg-4,.my-lg-4{margin-bottom:1.5rem !important}.ml-lg-4,.mx-lg-4{margin-left:1.5rem !important}.m-lg-5{margin:3rem !important}.mt-lg-5,.my-lg-5{margin-top:3rem !important}.mr-lg-5,.mx-lg-5{margin-right:3rem !important}.mb-lg-5,.my-lg-5{margin-bottom:3rem !important}.ml-lg-5,.mx-lg-5{margin-left:3rem !important}.p-lg-0{padding:0 !important}.pt-lg-0,.py-lg-0{padding-top:0 !important}.pr-lg-0,.px-lg-0{padding-right:0 !important}.pb-lg-0,.py-lg-0{padding-bottom:0 !important}.pl-lg-0,.px-lg-0{padding-left:0 !important}.p-lg-1{padding:0.25rem !important}.pt-lg-1,.py-lg-1{padding-top:0.25rem !important}.pr-lg-1,.px-lg-1{padding-right:0.25rem !important}.pb-lg-1,.py-lg-1{padding-bottom:0.25rem !important}.pl-lg-1,.px-lg-1{padding-left:0.25rem !important}.p-lg-2{padding:0.5rem !important}.pt-lg-2,.py-lg-2{padding-top:0.5rem !important}.pr-lg-2,.px-lg-2{padding-right:0.5rem !important}.pb-lg-2,.py-lg-2{padding-bottom:0.5rem !important}.pl-lg-2,.px-lg-2{padding-left:0.5rem !important}.p-lg-3{padding:1rem !important}.pt-lg-3,.py-lg-3{padding-top:1rem !important}.pr-lg-3,.px-lg-3{padding-right:1rem !important}.pb-lg-3,.py-lg-3{padding-bottom:1rem !important}.pl-lg-3,.px-lg-3{padding-left:1rem !important}.p-lg-4{padding:1.5rem !important}.pt-lg-4,.py-lg-4{padding-top:1.5rem !important}.pr-lg-4,.px-lg-4{padding-right:1.5rem !important}.pb-lg-4,.py-lg-4{padding-bottom:1.5rem !important}.pl-lg-4,.px-lg-4{padding-left:1.5rem !important}.p-lg-5{padding:3rem !important}.pt-lg-5,.py-lg-5{padding-top:3rem !important}.pr-lg-5,.px-lg-5{padding-right:3rem !important}.pb-lg-5,.py-lg-5{padding-bottom:3rem !important}.pl-lg-5,.px-lg-5{padding-left:3rem !important}.m-lg-n1{margin:-0.25rem !important}.mt-lg-n1,.my-lg-n1{margin-top:-0.25rem !important}.mr-lg-n1,.mx-lg-n1{margin-right:-0.25rem !important}.mb-lg-n1,.my-lg-n1{margin-bottom:-0.25rem !important}.ml-lg-n1,.mx-lg-n1{margin-left:-0.25rem !important}.m-lg-n2{margin:-0.5rem !important}.mt-lg-n2,.my-lg-n2{margin-top:-0.5rem !important}.mr-lg-n2,.mx-lg-n2{margin-right:-0.5rem !important}.mb-lg-n2,.my-lg-n2{margin-bottom:-0.5rem !important}.ml-lg-n2,.mx-lg-n2{margin-left:-0.5rem !important}.m-lg-n3{margin:-1rem !important}.mt-lg-n3,.my-lg-n3{margin-top:-1rem !important}.mr-lg-n3,.mx-lg-n3{margin-right:-1rem !important}.mb-lg-n3,.my-lg-n3{margin-bottom:-1rem !important}.ml-lg-n3,.mx-lg-n3{margin-left:-1rem !important}.m-lg-n4{margin:-1.5rem !important}.mt-lg-n4,.my-lg-n4{margin-top:-1.5rem !important}.mr-lg-n4,.mx-lg-n4{margin-right:-1.5rem !important}.mb-lg-n4,.my-lg-n4{margin-bottom:-1.5rem !important}.ml-lg-n4,.mx-lg-n4{margin-left:-1.5rem !important}.m-lg-n5{margin:-3rem !important}.mt-lg-n5,.my-lg-n5{margin-top:-3rem !important}.mr-lg-n5,.mx-lg-n5{margin-right:-3rem !important}.mb-lg-n5,.my-lg-n5{margin-bottom:-3rem !important}.ml-lg-n5,.mx-lg-n5{margin-left:-3rem !important}.m-lg-auto{margin:auto !important}.mt-lg-auto,.my-lg-auto{margin-top:auto !important}.mr-lg-auto,.mx-lg-auto{margin-right:auto !important}.mb-lg-auto,.my-lg-auto{margin-bottom:auto !important}.ml-lg-auto,.mx-lg-auto{margin-left:auto !important}}@media (min-width: 1200px){.m-xl-0{margin:0 !important}.mt-xl-0,.my-xl-0{margin-top:0 !important}.mr-xl-0,.mx-xl-0{margin-right:0 !important}.mb-xl-0,.my-xl-0{margin-bottom:0 !important}.ml-xl-0,.mx-xl-0{margin-left:0 !important}.m-xl-1{margin:0.25rem !important}.mt-xl-1,.my-xl-1{margin-top:0.25rem !important}.mr-xl-1,.mx-xl-1{margin-right:0.25rem !important}.mb-xl-1,.my-xl-1{margin-bottom:0.25rem !important}.ml-xl-1,.mx-xl-1{margin-left:0.25rem !important}.m-xl-2{margin:0.5rem !important}.mt-xl-2,.my-xl-2{margin-top:0.5rem !important}.mr-xl-2,.mx-xl-2{margin-right:0.5rem !important}.mb-xl-2,.my-xl-2{margin-bottom:0.5rem !important}.ml-xl-2,.mx-xl-2{margin-left:0.5rem !important}.m-xl-3{margin:1rem !important}.mt-xl-3,.my-xl-3{margin-top:1rem !important}.mr-xl-3,.mx-xl-3{margin-right:1rem !important}.mb-xl-3,.my-xl-3{margin-bottom:1rem !important}.ml-xl-3,.mx-xl-3{margin-left:1rem !important}.m-xl-4{margin:1.5rem !important}.mt-xl-4,.my-xl-4{margin-top:1.5rem !important}.mr-xl-4,.mx-xl-4{margin-right:1.5rem !important}.mb-xl-4,.my-xl-4{margin-bottom:1.5rem !important}.ml-xl-4,.mx-xl-4{margin-left:1.5rem !important}.m-xl-5{margin:3rem !important}.mt-xl-5,.my-xl-5{margin-top:3rem !important}.mr-xl-5,.mx-xl-5{margin-right:3rem !important}.mb-xl-5,.my-xl-5{margin-bottom:3rem !important}.ml-xl-5,.mx-xl-5{margin-left:3rem !important}.p-xl-0{padding:0 !important}.pt-xl-0,.py-xl-0{padding-top:0 !important}.pr-xl-0,.px-xl-0{padding-right:0 !important}.pb-xl-0,.py-xl-0{padding-bottom:0 !important}.pl-xl-0,.px-xl-0{padding-left:0 !important}.p-xl-1{padding:0.25rem !important}.pt-xl-1,.py-xl-1{padding-top:0.25rem !important}.pr-xl-1,.px-xl-1{padding-right:0.25rem !important}.pb-xl-1,.py-xl-1{padding-bottom:0.25rem !important}.pl-xl-1,.px-xl-1{padding-left:0.25rem !important}.p-xl-2{padding:0.5rem !important}.pt-xl-2,.py-xl-2{padding-top:0.5rem !important}.pr-xl-2,.px-xl-2{padding-right:0.5rem !important}.pb-xl-2,.py-xl-2{padding-bottom:0.5rem !important}.pl-xl-2,.px-xl-2{padding-left:0.5rem !important}.p-xl-3{padding:1rem !important}.pt-xl-3,.py-xl-3{padding-top:1rem !important}.pr-xl-3,.px-xl-3{padding-right:1rem !important}.pb-xl-3,.py-xl-3{padding-bottom:1rem !important}.pl-xl-3,.px-xl-3{padding-left:1rem !important}.p-xl-4{padding:1.5rem !important}.pt-xl-4,.py-xl-4{padding-top:1.5rem !important}.pr-xl-4,.px-xl-4{padding-right:1.5rem !important}.pb-xl-4,.py-xl-4{padding-bottom:1.5rem !important}.pl-xl-4,.px-xl-4{padding-left:1.5rem !important}.p-xl-5{padding:3rem !important}.pt-xl-5,.py-xl-5{padding-top:3rem !important}.pr-xl-5,.px-xl-5{padding-right:3rem !important}.pb-xl-5,.py-xl-5{padding-bottom:3rem !important}.pl-xl-5,.px-xl-5{padding-left:3rem !important}.m-xl-n1{margin:-0.25rem !important}.mt-xl-n1,.my-xl-n1{margin-top:-0.25rem !important}.mr-xl-n1,.mx-xl-n1{margin-right:-0.25rem !important}.mb-xl-n1,.my-xl-n1{margin-bottom:-0.25rem !important}.ml-xl-n1,.mx-xl-n1{margin-left:-0.25rem !important}.m-xl-n2{margin:-0.5rem !important}.mt-xl-n2,.my-xl-n2{margin-top:-0.5rem !important}.mr-xl-n2,.mx-xl-n2{margin-right:-0.5rem !important}.mb-xl-n2,.my-xl-n2{margin-bottom:-0.5rem !important}.ml-xl-n2,.mx-xl-n2{margin-left:-0.5rem !important}.m-xl-n3{margin:-1rem !important}.mt-xl-n3,.my-xl-n3{margin-top:-1rem !important}.mr-xl-n3,.mx-xl-n3{margin-right:-1rem !important}.mb-xl-n3,.my-xl-n3{margin-bottom:-1rem !important}.ml-xl-n3,.mx-xl-n3{margin-left:-1rem !important}.m-xl-n4{margin:-1.5rem !important}.mt-xl-n4,.my-xl-n4{margin-top:-1.5rem !important}.mr-xl-n4,.mx-xl-n4{margin-right:-1.5rem !important}.mb-xl-n4,.my-xl-n4{margin-bottom:-1.5rem !important}.ml-xl-n4,.mx-xl-n4{margin-left:-1.5rem !important}.m-xl-n5{margin:-3rem !important}.mt-xl-n5,.my-xl-n5{margin-top:-3rem !important}.mr-xl-n5,.mx-xl-n5{margin-right:-3rem !important}.mb-xl-n5,.my-xl-n5{margin-bottom:-3rem !important}.ml-xl-n5,.mx-xl-n5{margin-left:-3rem !important}.m-xl-auto{margin:auto !important}.mt-xl-auto,.my-xl-auto{margin-top:auto !important}.mr-xl-auto,.mx-xl-auto{margin-right:auto !important}.mb-xl-auto,.my-xl-auto{margin-bottom:auto !important}.ml-xl-auto,.mx-xl-auto{margin-left:auto !important}}.text-monospace{font-family:SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace !important}.text-justify{text-align:justify !important}.text-wrap{white-space:normal !important}.text-nowrap{white-space:nowrap !important}.text-truncate{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.text-left{text-align:left !important}.text-right{text-align:right !important}.text-center{text-align:center !important}@media (min-width: 576px){.text-sm-left{text-align:left !important}.text-sm-right{text-align:right !important}.text-sm-center{text-align:center !important}}@media (min-width: 768px){.text-md-left{text-align:left !important}.text-md-right{text-align:right !important}.text-md-center{text-align:center !important}}@media (min-width: 992px){.text-lg-left{text-align:left !important}.text-lg-right{text-align:right !important}.text-lg-center{text-align:center !important}}@media (min-width: 1200px){.text-xl-left{text-align:left !important}.text-xl-right{text-align:right !important}.text-xl-center{text-align:center !important}}.text-lowercase{text-transform:lowercase !important}.text-uppercase{text-transform:uppercase !important}.text-capitalize{text-transform:capitalize !important}.font-weight-light{font-weight:300 !important}.font-weight-lighter{font-weight:lighter !important}.font-weight-normal{font-weight:400 !important}.font-weight-bold{font-weight:700 !important}.font-weight-bolder{font-weight:bolder !important}.font-italic{font-style:italic !important}.text-white{color:#fff !important}.text-primary{color:#3A3F44 !important}a.text-primary:hover,a.text-primary:focus{color:#17191b !important}.text-secondary{color:#7A8288 !important}a.text-secondary:hover,a.text-secondary:focus{color:#565b60 !important}.text-success{color:#62c462 !important}a.text-success:hover,a.text-success:focus{color:#3b9e3b !important}.text-info{color:#5bc0de !important}a.text-info:hover,a.text-info:focus{color:#28a1c5 !important}.text-warning{color:#f89406 !important}a.text-warning:hover,a.text-warning:focus{color:#ad6704 !important}.text-danger{color:#ee5f5b !important}a.text-danger:hover,a.text-danger:focus{color:#e51d18 !important}.text-light{color:#e9ecef !important}a.text-light:hover,a.text-light:focus{color:#bdc6cf !important}.text-dark{color:#272B30 !important}a.text-dark:hover,a.text-dark:focus{color:#050506 !important}.text-body{color:#aaa !important}.text-muted{color:#7A8288 !important}.text-black-50{color:rgba(0,0,0,0.5) !important}.text-white-50{color:rgba(255,255,255,0.5) !important}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.text-decoration-none{text-decoration:none !important}.text-break{word-break:break-word !important;overflow-wrap:break-word !important}.text-reset{color:inherit !important}.visible{visibility:visible !important}.invisible{visibility:hidden !important}@media print{*,*::before,*::after{text-shadow:none !important;-webkit-box-shadow:none !important;box-shadow:none !important}a:not(.btn){text-decoration:underline}abbr[title]::after{content:" (" attr(title) ")"}pre{white-space:pre-wrap !important}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}@page{size:a3}body{min-width:992px !important}.container{min-width:992px !important}.navbar{display:none}.badge{border:1px solid #000}.table{border-collapse:collapse !important}.table td,.table th{background-color:#fff !important}.table-bordered th,.table-bordered td{border:1px solid #dee2e6 !important}.table-dark{color:inherit}.table-dark th,.table-dark td,.table-dark thead th,.table-dark tbody+tbody{border-color:rgba(0,0,0,0.6)}.table .thead-dark th{color:inherit;border-color:rgba(0,0,0,0.6)}}.navbar{border:1px solid rgba(0,0,0,0.6);text-shadow:1px 1px 1px rgba(0,0,0,0.3)}.navbar .container{padding:0}.navbar .navbar-toggler{border-color:rgba(0,0,0,0.6)}.navbar-fixed-top{border-width:0 0 1px 0}.navbar-fixed-bottom{border-width:1px 0 0 0}.navbar .nav-link{padding:1rem;border-left:1px solid rgba(255,255,255,0.1);border-right:1px solid rgba(0,0,0,0.2)}.navbar .nav-link:hover,.navbar .nav-link:focus{background-image:-webkit-gradient(linear, left top, left bottom, from(#101112), color-stop(40%, #17191b), to(#1b1e20));background-image:linear-gradient(#101112, #17191b 40%, #1b1e20);background-repeat:no-repeat;-webkit-filter:none;filter:none;border-left:1px solid rgba(0,0,0,0.2)}.navbar-brand{padding:0.75rem 1rem calc(54px - 0.75rem - 30px);margin-right:0;border-right:1px solid rgba(0,0,0,0.2)}.navbar .nav-item.active .nav-link{background-color:rgba(0,0,0,0.3);border-left:1px solid rgba(0,0,0,0.2)}.navbar-nav .nav-item+.nav-item{margin-left:0}.navbar.bg-light{text-shadow:1px 1px 1px rgba(0,0,0,0.1)}.navbar.bg-light .nav-link:hover,.navbar.bg-light .nav-link:focus{background-image:-webkit-gradient(linear, left top, left bottom, from(#4e5458), color-stop(40%, #565b60), to(#5b6165));background-image:linear-gradient(#4e5458, #565b60 40%, #5b6165);background-repeat:no-repeat;-webkit-filter:none;filter:none;border-left:1px solid rgba(0,0,0,0.2)}@media (max-width: 576px){.navbar-expand-sm .navbar-brand,.navbar-expand-sm .nav-link{border:none !important}}@media (max-width: 768px){.navbar-expand-md .navbar-brand,.navbar-expand-md .nav-link{border:none !important}}@media (max-width: 992px){.navbar-expand-lg .navbar-brand,.navbar-expand-lg .nav-link{border:none !important}}.btn{border-color:rgba(0,0,0,0.6);text-shadow:1px 1px 1px rgba(0,0,0,0.3)}.btn:not([disabled]):not(.disabled).active,.btn.disabled{border-color:rgba(0,0,0,0.6);-webkit-box-shadow:none;box-shadow:none}.btn:hover,.btn:focus,.btn:not([disabled]):not(.disabled):active,.btn:not([disabled]):not(.disabled):active:hover,.btn:not([disabled]):not(.disabled).active:hover{border-color:rgba(0,0,0,0.6)}.btn-primary{background-image:-webkit-gradient(linear, left top, left bottom, from(#484e55), color-stop(60%, #3A3F44), to(#313539));background-image:linear-gradient(#484e55, #3A3F44 60%, #313539);background-repeat:no-repeat;-webkit-filter:none;filter:none}.btn-primary:not([disabled]):not(.disabled):hover,.btn-primary:not([disabled]):not(.disabled):focus,.btn-primary:not([disabled]):not(.disabled):active:hover,.btn-primary:not([disabled]):not(.disabled).active:hover{background-image:-webkit-gradient(linear, left top, left bottom, from(#101112), color-stop(40%, #17191b), to(#1b1e20));background-image:linear-gradient(#101112, #17191b 40%, #1b1e20);background-repeat:no-repeat;-webkit-filter:none;filter:none}.btn-secondary{background-image:-webkit-gradient(linear, left top, left bottom, from(#8a9196), color-stop(60%, #7A8288), to(#70787d));background-image:linear-gradient(#8a9196, #7A8288 60%, #70787d);background-repeat:no-repeat;-webkit-filter:none;filter:none}.btn-secondary:not([disabled]):not(.disabled):hover,.btn-secondary:not([disabled]):not(.disabled):focus,.btn-secondary:not([disabled]):not(.disabled):active,.btn-secondary:not([disabled]):not(.disabled).active{background-image:-webkit-gradient(linear, left top, left bottom, from(#4e5458), color-stop(40%, #565b60), to(#5b6165));background-image:linear-gradient(#4e5458, #565b60 40%, #5b6165);background-repeat:no-repeat;-webkit-filter:none;filter:none}.btn-success{background-image:-webkit-gradient(linear, left top, left bottom, from(#78cc78), color-stop(60%, #62c462), to(#53be53));background-image:linear-gradient(#78cc78, #62c462 60%, #53be53);background-repeat:no-repeat;-webkit-filter:none;filter:none;color:#fff}.btn-success:not([disabled]):not(.disabled):hover,.btn-success:not([disabled]):not(.disabled):focus,.btn-success:not([disabled]):not(.disabled):active,.btn-success:not([disabled]):not(.disabled).active{background-image:-webkit-gradient(linear, left top, left bottom, from(#379337), color-stop(40%, #3b9e3b), to(#3ea63e));background-image:linear-gradient(#379337, #3b9e3b 40%, #3ea63e);background-repeat:no-repeat;-webkit-filter:none;filter:none}.btn-info{background-image:-webkit-gradient(linear, left top, left bottom, from(#74cae3), color-stop(60%, #5bc0de), to(#4ab9db));background-image:linear-gradient(#74cae3, #5bc0de 60%, #4ab9db);background-repeat:no-repeat;-webkit-filter:none;filter:none;color:#fff}.btn-info:not([disabled]):not(.disabled):hover,.btn-info:not([disabled]):not(.disabled):focus,.btn-info:not([disabled]):not(.disabled):active,.btn-info:not([disabled]):not(.disabled).active{background-image:-webkit-gradient(linear, left top, left bottom, from(#2596b8), color-stop(40%, #28a1c5), to(#29a8cd));background-image:linear-gradient(#2596b8, #28a1c5 40%, #29a8cd);background-repeat:no-repeat;-webkit-filter:none;filter:none}.btn-warning{background-image:-webkit-gradient(linear, left top, left bottom, from(#faa123), color-stop(60%, #f89406), to(#e48806));background-image:linear-gradient(#faa123, #f89406 60%, #e48806);background-repeat:no-repeat;-webkit-filter:none;filter:none;color:#fff}.btn-warning:not([disabled]):not(.disabled):hover,.btn-warning:not([disabled]):not(.disabled):focus,.btn-warning:not([disabled]):not(.disabled):active,.btn-warning:not([disabled]):not(.disabled).active{background-image:-webkit-gradient(linear, left top, left bottom, from(#9e5f04), color-stop(40%, #ad6704), to(#b76d04));background-image:linear-gradient(#9e5f04, #ad6704 40%, #b76d04);background-repeat:no-repeat;-webkit-filter:none;filter:none}.btn-danger{background-image:-webkit-gradient(linear, left top, left bottom, from(#f17a77), color-stop(60%, #ee5f5b), to(#ec4d49));background-image:linear-gradient(#f17a77, #ee5f5b 60%, #ec4d49);background-repeat:no-repeat;-webkit-filter:none;filter:none}.btn-danger:not([disabled]):not(.disabled):hover,.btn-danger:not([disabled]):not(.disabled):focus,.btn-danger:not([disabled]):not(.disabled):active,.btn-danger:not([disabled]):not(.disabled).active{background-image:-webkit-gradient(linear, left top, left bottom, from(#d71c16), color-stop(40%, #e51d18), to(#e8241f));background-image:linear-gradient(#d71c16, #e51d18 40%, #e8241f);background-repeat:no-repeat;-webkit-filter:none;filter:none}.btn-link,.btn-link:hover{border-color:transparent}.btn-group .btn.active,.btn-group-vertical .btn.active{border-color:rgba(0,0,0,0.6)}h1,h2,h3,h4,h5,h6{text-shadow:-1px -1px 0 rgba(0,0,0,0.3)}.table-primary,.table-secondary,.table-success,.table-info,.table-warning,.table-danger{color:#fff}.table-primary,.table-primary>th,.table-primary>td{background-color:#3A3F44}.table-secondary,.table-secondary>th,.table-secondary>td{background-color:#7A8288}.table-light,.table-light>th,.table-light>td{background-color:#e9ecef}.table-dark,.table-dark>th,.table-dark>td{background-color:#272B30}.table-success,.table-success>th,.table-success>td{background-color:#62c462}.table-info,.table-info>th,.table-info>td{background-color:#5bc0de}.table-danger,.table-danger>th,.table-danger>td{background-color:#ee5f5b}.table-warning,.table-warning>th,.table-warning>td{background-color:#f89406}.table-active,.table-active>th,.table-active>td{background-color:rgba(255,255,255,0.075)}.table-hover .table-primary:hover,.table-hover .table-primary:hover>th,.table-hover .table-primary:hover>td{background-color:#2e3236}.table-hover .table-secondary:hover,.table-hover .table-secondary:hover>th,.table-hover .table-secondary:hover>td{background-color:#6e757b}.table-hover .table-light:hover,.table-hover .table-light:hover>th,.table-hover .table-light:hover>td{background-color:#dadfe4}.table-hover .table-dark:hover,.table-hover .table-dark:hover>th,.table-hover .table-dark:hover>td{background-color:#1c1e22}.table-hover .table-success:hover,.table-hover .table-success:hover>th,.table-hover .table-success:hover>td{background-color:#4fbd4f}.table-hover .table-info:hover,.table-hover .table-info:hover>th,.table-hover .table-info:hover>td{background-color:#46b8da}.table-hover .table-danger:hover,.table-hover .table-danger:hover>th,.table-hover .table-danger:hover>td{background-color:#ec4844}.table-hover .table-warning:hover,.table-hover .table-warning:hover>th,.table-hover .table-warning:hover>td{background-color:#df8505}.table-hover .table-active:hover,.table-hover .table-active:hover>th,.table-hover .table-active:hover>td{background-color:rgba(255,255,255,0.075)}legend{color:#fff}.input-group-addon{background-image:-webkit-gradient(linear, left top, left bottom, from(#8a9196), color-stop(60%, #7A8288), to(#70787d));background-image:linear-gradient(#8a9196, #7A8288 60%, #70787d);background-repeat:no-repeat;-webkit-filter:none;filter:none;text-shadow:1px 1px 1px rgba(0,0,0,0.3);color:#fff}.nav-tabs .nav-link{background-image:-webkit-gradient(linear, left top, left bottom, from(#101112), color-stop(40%, #17191b), to(#1b1e20));background-image:linear-gradient(#101112, #17191b 40%, #1b1e20);background-repeat:no-repeat;-webkit-filter:none;filter:none;border:1px solid rgba(0,0,0,0.6)}.nav-tabs .nav-link:not([disabled]):not(.disabled):hover,.nav-tabs .nav-link:not([disabled]):not(.disabled):focus,.nav-tabs .nav-link:not([disabled]):not(.disabled):active,.nav-tabs .nav-link:not([disabled]):not(.disabled).active{background-image:-webkit-gradient(linear, left top, left bottom, from(#484e55), color-stop(60%, #3A3F44), to(#313539));background-image:linear-gradient(#484e55, #3A3F44 60%, #313539);background-repeat:no-repeat;-webkit-filter:none;filter:none}.nav-tabs .nav-link.disabled{border:1px solid rgba(0,0,0,0.6)}.nav-tabs .nav-link,.nav-tabs .nav-link:hover{color:#fff}.nav-pills .nav-link{background-image:-webkit-gradient(linear, left top, left bottom, from(#484e55), color-stop(60%, #3A3F44), to(#313539));background-image:linear-gradient(#484e55, #3A3F44 60%, #313539);background-repeat:no-repeat;-webkit-filter:none;filter:none;border:1px solid rgba(0,0,0,0.6);text-shadow:1px 1px 1px rgba(0,0,0,0.3);color:#fff}.nav-pills .nav-link:hover{background-image:-webkit-gradient(linear, left top, left bottom, from(#101112), color-stop(40%, #17191b), to(#1b1e20));background-image:linear-gradient(#101112, #17191b 40%, #1b1e20);background-repeat:no-repeat;-webkit-filter:none;filter:none;border:1px solid rgba(0,0,0,0.6)}.nav-pills .nav-link.active,.nav-pills .nav-link:hover{background-color:transparent;background-image:-webkit-gradient(linear, left top, left bottom, from(#101112), color-stop(40%, #17191b), to(#1b1e20));background-image:linear-gradient(#101112, #17191b 40%, #1b1e20);background-repeat:no-repeat;-webkit-filter:none;filter:none;border:1px solid rgba(0,0,0,0.6)}.nav-pills .nav-link.disabled,.nav-pills .nav-link.disabled:hover{background-image:-webkit-gradient(linear, left top, left bottom, from(#484e55), color-stop(60%, #3A3F44), to(#313539));background-image:linear-gradient(#484e55, #3A3F44 60%, #313539);background-repeat:no-repeat;-webkit-filter:none;filter:none;color:#7A8288}.pagination .page-link{text-shadow:1px 1px 1px rgba(0,0,0,0.3);background-image:-webkit-gradient(linear, left top, left bottom, from(#484e55), color-stop(60%, #3A3F44), to(#313539));background-image:linear-gradient(#484e55, #3A3F44 60%, #313539);background-repeat:no-repeat;-webkit-filter:none;filter:none}.pagination .page-link:hover{background-image:-webkit-gradient(linear, left top, left bottom, from(#101112), color-stop(40%, #17191b), to(#1b1e20));background-image:linear-gradient(#101112, #17191b 40%, #1b1e20);background-repeat:no-repeat;-webkit-filter:none;filter:none;text-decoration:none}.pagination .page-item.active .page-link{background-image:-webkit-gradient(linear, left top, left bottom, from(#101112), color-stop(40%, #17191b), to(#1b1e20));background-image:linear-gradient(#101112, #17191b 40%, #1b1e20);background-repeat:no-repeat;-webkit-filter:none;filter:none}.pagination .page-item.disabled .page-link{background-image:-webkit-gradient(linear, left top, left bottom, from(#484e55), color-stop(60%, #3A3F44), to(#313539));background-image:linear-gradient(#484e55, #3A3F44 60%, #313539);background-repeat:no-repeat;-webkit-filter:none;filter:none}.breadcrumb{border:1px solid rgba(0,0,0,0.6);text-shadow:1px 1px 1px rgba(0,0,0,0.3);background-color:transparent;background-image:-webkit-gradient(linear, left top, left bottom, from(#484e55), color-stop(60%, #3A3F44), to(#313539));background-image:linear-gradient(#484e55, #3A3F44 60%, #313539);background-repeat:no-repeat;-webkit-filter:none;filter:none}.breadcrumb a,.breadcrumb a:hover{color:#fff}.alert .close{color:#000;text-decoration:none}.alert{border:none;color:#fff}.alert a,.alert .alert-link{color:#fff;text-decoration:underline}.alert-primary{background-color:#3A3F44}.alert-secondary{background-color:#7A8288}.alert-success{background-color:#62c462}.alert-info{background-color:#5bc0de}.alert-warning{background-color:#f89406}.alert-danger{background-color:#ee5f5b}.alert-light{background-color:#e9ecef}.alert-dark{background-color:#272B30}.alert-light,.alert-light a:not(.btn),.alert-light .alert-link{color:#272B30}.badge-success,.badge-warning,.badge-info{color:#fff}.jumbotron{border:1px solid rgba(0,0,0,0.6)}.list-group-item:hover{background-color:#1c1e22}
diff --git a/file-upload/jquery-file-upload/index.html b/file-upload/jquery-file-upload/index.html
index dadbcae5b..aa95a3d09 100644
--- a/file-upload/jquery-file-upload/index.html
+++ b/file-upload/jquery-file-upload/index.html
@@ -20,8 +20,21 @@
 .bootstrap-tagsinput .tag {
   margin-right: 2px;
   margin-left: 2px;
-  color: white;
-  background-color: #6A5ACD;
+  color: #fff;
+  background-image: linear-gradient(#78cc78, #62c462 60%, #53be53);
+  background-repeat: no-repeat;
+}
+.label {
+  display: inline;
+  padding: .2em .6em .3em;
+  font-size: 100%;
+  font-weight: 700;
+  line-height: 1;
+  color: #fff;
+  text-align: center;
+  white-space: nowrap;
+  vertical-align: baseline;
+  border-radius: .25em;
 }
 .center {
   text-align: center;
@@ -73,16 +86,16 @@ <h3 class="panel-title center">%SITE_NAME%</h3>
         <div class="row fileupload-buttonbar">
             <div class="col-lg-7">
                 <!-- The fileinput-button span is used to style the file input field as button -->
-                <span class="btn btn-success fileinput-button">
+                <span class="btn btn-info fileinput-button">
                     <i class="glyphicon glyphicon-plus"></i>
                     <span>Add files...</span>
                     <input type="file" name="files[]" multiple>
                 </span>
-                <button type="submit" class="btn btn-primary start">
+                <button type="submit" class="btn btn-success start">
                     <i class="glyphicon glyphicon-upload"></i>
                     <span>Start upload</span>
                 </button>
-                <button type="reset" class="btn btn-warning cancel">
+                <button type="reset" class="btn btn-danger cancel">
                     <i class="glyphicon glyphicon-ban-circle"></i>
                     <span>Cancel upload</span>
                 </button>&nbsp;&nbsp;
@@ -149,13 +162,13 @@ <h3 class="title"></h3>
         </td>
         <td>
             {% if (!i && !o.options.autoUpload) { %}
-                <button class="btn btn-primary start" disabled>
+                <button class="btn btn-success start" disabled>
                     <i class="glyphicon glyphicon-upload"></i>
                     <span>Start</span>
                 </button>
             {% } %}
             {% if (!i) { %}
-                <button class="btn btn-warning cancel">
+                <button class="btn btn-danger cancel">
                     <i class="glyphicon glyphicon-ban-circle"></i>
                     <span>Cancel</span>
                 </button>

From 2a519042f41a84d7ef7bfe2b4631bf703a6b6ec8 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 24 Feb 2020 15:26:31 -0700
Subject: [PATCH 112/183] working on network diff code (wip)

---
 moloch/network_diff/viewer.js | 8950 +++++++++++++++++++++++++++++++++
 1 file changed, 8950 insertions(+)
 create mode 100644 moloch/network_diff/viewer.js

diff --git a/moloch/network_diff/viewer.js b/moloch/network_diff/viewer.js
new file mode 100644
index 000000000..fb480e568
--- /dev/null
+++ b/moloch/network_diff/viewer.js
@@ -0,0 +1,8950 @@
+/******************************************************************************/
+/* viewer.js  -- The main moloch app
+ *
+ * Copyright 2012-2016 AOL Inc. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this Software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+const MIN_DB_VERSION = 62;
+
+//// Modules
+//////////////////////////////////////////////////////////////////////////////////
+try {
+var Config         = require('./config.js'),
+    express        = require('express'),
+    stylus         = require('stylus'),
+    util           = require('util'),
+    fs             = require('fs-ext'),
+    async          = require('async'),
+    url            = require('url'),
+    dns            = require('dns'),
+    Pcap           = require('./pcap.js'),
+    Db             = require('./db.js'),
+    molochparser   = require('./molochparser.js'),
+    passport       = require('passport'),
+    DigestStrategy = require('passport-http').DigestStrategy,
+    molochversion  = require('./version'),
+    http           = require('http'),
+    pug            = require('pug'),
+    https          = require('https'),
+    EventEmitter   = require('events').EventEmitter,
+    PNG            = require('pngjs').PNG,
+    decode         = require('./decode.js'),
+    onHeaders      = require('on-headers'),
+    glob           = require('glob'),
+    unzip          = require('unzip'),
+    helmet         = require('helmet'),
+    uuid           = require('uuidv4').default,
+    RE2            = require('re2');
+} catch (e) {
+  console.log ("ERROR - Couldn't load some dependancies, maybe need to 'npm update' inside viewer directory", e);
+  process.exit(1);
+  throw new Error("Exiting");
+}
+
+if (typeof express !== "function") {
+  console.log("ERROR - Need to run 'npm update' in viewer directory");
+  process.exit(1);
+  throw new Error("Exiting");
+}
+var app = express();
+
+//////////////////////////////////////////////////////////////////////////////////
+//// Config
+//////////////////////////////////////////////////////////////////////////////////
+var internals = {
+  CYBERCHEFVERSION: '9.11.7',
+  elasticBase: Config.getArray('elasticsearch', ',', 'http://localhost:9200'),
+  esQueryTimeout: Config.get("elasticsearchTimeout", 300) + 's',
+  userNameHeader: Config.get("userNameHeader"),
+  requiredAuthHeader: Config.get("requiredAuthHeader"),
+  requiredAuthHeaderVal: Config.get("requiredAuthHeaderVal"),
+  userAutoCreateTmpl: Config.get("userAutoCreateTmpl"),
+  esAdminUsers: Config.get('multiES', false)?[]:Config.getArray('esAdminUsers', ',', ''),
+  httpAgent:   new http.Agent({keepAlive: true, keepAliveMsecs:5000, maxSockets: 40}),
+  httpsAgent:  new https.Agent({keepAlive: true, keepAliveMsecs:5000, maxSockets: 40, rejectUnauthorized: !Config.insecure}),
+  previousNodesStats: [],
+  caTrustCerts: {},
+  cronRunning: false,
+  rightClicks: {},
+  pluginEmitter: new EventEmitter(),
+  writers: {},
+  oldDBFields: {},
+  isLocalViewRegExp: Config.get("isLocalViewRegExp")?new RE2(Config.get("isLocalViewRegExp")):undefined,
+  uploadLimits: {
+  },
+
+  cronTimeout: +Config.get("dbFlushTimeout", 5) + // How long capture holds items
+               60 +                               // How long before ES reindexs
+               20,                                // Transmit and extra time
+
+//http://garethrees.org/2007/11/14/pngcrush/
+  emptyPNG: Buffer.from("iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQABDQottAAAAABJRU5ErkJggg==", 'base64'),
+  PNG_LINE_WIDTH: 256,
+  runningHuntJob: undefined,
+  proccessHuntJobsInitialized: false,
+  notifiers: undefined,
+  prefix: Config.get('prefix', ''),
+  lookupTypeMap: {
+    ip: 'ip',
+    integer: 'number',
+    termfield: 'string',
+    uptermfield: 'string',
+    lotermfield: 'string'
+  },
+  anonymousUser: {
+    userId: 'anonymous',
+    enabled: true,
+    createEnabled: false,
+    webEnabled: true,
+    headerAuthEnabled: false,
+    emailSearch: true,
+    removeEnabled: true,
+    packetSearch: true,
+    settings: {},
+    welcomeMsgNum: 1,
+    found: true
+  }
+};
+
+// make sure there's an _ after the prefix
+if (internals.prefix && !internals.prefix.endsWith('_')) {
+  internals.prefix = `${internals.prefix}_`;
+}
+
+if (Config.get("uploadFileSizeLimit")) {
+  internals.uploadLimits.fileSize = parseInt(Config.get("uploadFileSizeLimit"));
+}
+
+if (internals.elasticBase[0].lastIndexOf('http', 0) !== 0) {
+  internals.elasticBase[0] = "http://" + internals.elasticBase[0];
+}
+
+function isProduction() {
+  return app.get('env') === 'production';
+}
+
+function userCleanup(suser) {
+  suser.settings = suser.settings || {};
+  if (suser.emailSearch === undefined) { suser.emailSearch = false; }
+  if (suser.removeEnabled === undefined) { suser.removeEnabled = false; }
+  // if multies and not users elasticsearch, disable admin privelages
+  if (Config.get('multiES', false) && !Config.get('usersElasticsearch')) {
+    suser.createEnabled = false;
+  }
+  let now = Date.now();
+  let timespan = Config.get('regressionTests', false) ? 1 : 60000;
+  // update user lastUsed time if not mutiES and it hasn't been udpated in more than a minute
+  if (!Config.get('multiES', false) && (!suser.lastUsed || (now - suser.lastUsed) > timespan)) {
+    suser.lastUsed = now;
+    Db.setLastUsed(suser.userId, now, function (err, info) {
+      if (Config.debug && err) {
+        console.log('DEBUG - user lastUsed update error', err, info);
+      }
+    });
+  }
+}
+
+passport.use(new DigestStrategy({qop: 'auth', realm: Config.get("httpRealm", "Moloch")},
+  function(userid, done) {
+    Db.getUserCache(userid, function(err, suser) {
+      if (err && !suser) {return done(err);}
+      if (!suser || !suser.found) {console.log("User", userid, "doesn't exist"); return done(null, false);}
+      if (!suser._source.enabled) {console.log("User", userid, "not enabled"); return done("Not enabled");}
+
+      userCleanup(suser._source);
+
+      return done(null, suser._source, {ha1: Config.store2ha1(suser._source.passStore)});
+    });
+  },
+  function (options, done) {
+      //TODO:  Should check nonce here
+      return done(null, true);
+  }
+));
+
+// app.configure
+var logger = require("morgan");
+var favicon = require("serve-favicon");
+var bodyParser = require('body-parser');
+var multer = require('multer');
+var methodOverride = require('method-override');
+var compression = require('compression');
+
+app.enable("jsonp callback");
+app.set('views', __dirname + '/views');
+app.set('view engine', 'pug');
+app.locals.molochversion =  molochversion.version;
+app.locals.isIndex = false;
+app.locals.basePath = Config.basePath();
+app.locals.elasticBase = internals.elasticBase[0];
+app.locals.allowUploads = Config.get("uploadCommand") !== undefined;
+app.locals.molochClusters = Config.configMap("moloch-clusters");
+
+app.use(favicon(__dirname + '/public/favicon.ico'));
+app.use(passport.initialize());
+
+const iframeOption = Config.get('iframe', 'deny');
+if (iframeOption === 'sameorigin' || iframeOption === 'deny') {
+  app.use(helmet.frameguard({ action: iframeOption }));
+} else {
+  app.use(helmet.frameguard({
+    action: 'allow-from',
+    domain: iframeOption
+  }));
+}
+
+app.use(helmet.hidePoweredBy());
+app.use(helmet.xssFilter());
+if (Config.get('hstsHeader', false) && Config.isHTTPS()) {
+  app.use(helmet.hsts({
+    maxAge: 31536000,
+    includeSubDomains: true
+  }));
+}
+// calculate nonce
+app.use((req, res, next) => {
+  res.locals.nonce = Buffer.from(uuid()).toString('base64');
+  next();
+});
+// define csp headers
+const cspHeader = helmet.contentSecurityPolicy({
+  directives: {
+    defaultSrc: ["'self'"],
+    /* can remove unsafe-inline for css when this is fixed
+    https://github.com/vuejs/vue-style-loader/issues/33 */
+    styleSrc: ["'self'", "'unsafe-inline'"],
+    scriptSrc: ["'self'", "'unsafe-eval'", (req, res) => `'nonce-${res.locals.nonce}'`],
+    objectSrc: ["'none'"],
+    imgSrc: ["'self'", 'data:']
+  }
+});
+const unsafeInlineCspHeader = helmet.contentSecurityPolicy({
+  directives: {
+    defaultSrc: ["'self'"],
+    styleSrc: ["'self'", "'unsafe-inline'"],
+    scriptSrc: ["'self'", "'unsafe-eval'", "'unsafe-inline'"],
+    objectSrc: ["'self'", 'data:'],
+    workerSrc: ["'self'", 'data:', 'blob:'],
+    imgSrc: ["'self'", 'data:'],
+    fontSrc: ["'self'", 'data:']
+  }
+});
+
+function molochError (status, text) {
+  /* jshint validthis: true */
+  this.status(status || 403);
+  return this.send(JSON.stringify({ success: false, text: text }));
+}
+
+app.use(function(req, res, next) {
+  res.molochError = molochError;
+
+  if (res.setTimeout) {
+    res.setTimeout(10 * 60 * 1000); // Increase default from 2 min to 10 min
+  }
+
+  req.url = req.url.replace(Config.basePath(), "/");
+  return next();
+});
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded({ limit: "5mb", extended: true }));
+//app.use(multer({dest: Config.get("pcapDir")}));
+
+// send req to access log file or stdout
+var _stream = process.stdout;
+var _accesslogfile = Config.get("accessLogFile");
+if (_accesslogfile) {
+  _stream = fs.createWriteStream(_accesslogfile, {flags: 'a'});
+}
+
+
+app.use(logger(':date :username \x1b[1m:method\x1b[0m \x1b[33m:url\x1b[0m :status :res[content-length] bytes :response-time ms',{stream: _stream}));
+app.use(compression());
+app.use(methodOverride());
+
+
+app.use('/font-awesome', express.static(__dirname + '/../node_modules/font-awesome', { maxAge: 600 * 1000}));
+app.use('/bootstrap', express.static(__dirname + '/node_modules/bootstrap', { maxAge: 600 * 1000}));
+
+app.use("/", express.static(__dirname + '/public', { maxAge: 600 * 1000}));
+
+if (Config.get("passwordSecret")) {
+  app.locals.alwaysShowESStatus = false;
+  app.use(function(req, res, next) {
+    // 200 for NS
+    if (req.url === "/_ns_/nstest.html") {
+      return res.end();
+    }
+
+    // No auth for eshealth.json or parliament.json
+    if (req.url.match(/^\/(parliament|eshealth).json/)) {
+      return next();
+    }
+
+    // S2S Auth
+    if (req.headers['x-moloch-auth']) {
+      var obj = Config.auth2obj(req.headers['x-moloch-auth'], false);
+      obj.path = obj.path.replace(Config.basePath(), "/");
+      if (obj.path !== req.url) {
+        console.log("ERROR - mismatch url", obj.path, req.url);
+        return res.send("Unauthorized based on bad url, check logs on ", Config.hostName());
+      }
+      if (Math.abs(Date.now() - obj.date) > 120000) { // Request has to be +- 2 minutes
+        console.log("ERROR - Denying server to server based on timestamp, are clocks out of sync?", Date.now(), obj.date);
+        return res.send("Unauthorized based on timestamp - check that all moloch viewer machines have accurate clocks");
+      }
+
+      // Don't look up user for receiveSession
+      if (req.url.match(/^\/receiveSession/)) {
+        return next();
+      }
+
+      Db.getUserCache(obj.user, function(err, suser) {
+        if (err) {return res.send("ERROR - x-moloch getUser - user: " + obj.user + " err:" + err);}
+        if (!suser || !suser.found) {return res.send(obj.user + " doesn't exist");}
+        if (!suser._source.enabled) {return res.send(obj.user + " not enabled");}
+        userCleanup(suser._source);
+        req.user = suser._source;
+        return next();
+      });
+      return;
+    }
+
+    if (req.url.match(/^\/receiveSession/)) {
+      return res.send('receiveSession only allowed s2s');
+    }
+
+    function ucb (err, suser, userName) {
+      if (err) { return res.send(`ERROR - getUser - user: ${userName} err: ${err}`); }
+      if (!suser || !suser.found) { return res.send(`${userName} doesn't exist`); }
+      if (!suser._source.enabled) { return res.send(`${userName} not enabled`); }
+      if (!suser._source.headerAuthEnabled) { return res.send(`${userName} header auth not enabled`); }
+
+      userCleanup(suser._source);
+      req.user = suser._source;
+      return next();
+    }
+
+    // Header auth
+    if (internals.userNameHeader !== undefined) {
+      if (req.headers[internals.userNameHeader] !== undefined) {
+        // Check if we require a certain header+value to be present
+        // as in the case of an apache plugin that sends AD groups
+        if (internals.requiredAuthHeader !== undefined && internals.requiredAuthHeaderVal !== undefined) {
+          let authHeader = req.headers[internals.requiredAuthHeader];
+          if (authHeader === undefined) {
+             return res.send('Missing authorization header');
+          }
+          let authorized = false;
+          authHeader.split(',').forEach(headerVal => {
+             if (headerVal.trim() === internals.requiredAuthHeaderVal) {
+                authorized = true;
+             }
+          });
+          if (!authorized) {
+              return res.send('Not authorized');
+          }
+        }
+
+        const userName = req.headers[internals.userNameHeader];
+
+        Db.getUserCache(userName, (err, suser) => {
+          if (internals.userAutoCreateTmpl === undefined) {
+             return ucb(err, suser, userName);
+          } else if ((err && err.toString().includes('Not Found')) ||
+             (!suser || !suser.found)) { // Try dynamic creation
+             /* jslint evil: true */
+             let nuser = JSON.parse(new Function('return `' +
+                   internals.userAutoCreateTmpl + '`;').call(req.headers));
+             Db.setUser(userName, nuser, (err, info) => {
+               if (err) {
+                 console.log('Elastic search error adding user: (' +  userName + '):(' + JSON.stringify(nuser) + '):' + err);
+               } else {
+                 console.log('Added user:' + userName + ':' + JSON.stringify(nuser));
+               }
+               return Db.getUserCache(userName, ucb);
+             });
+          } else {
+             return ucb(err, suser, userName);
+          }
+        });
+        return;
+      } else if (Config.debug) {
+        console.log('DEBUG - Couldn\'t find userNameHeader of', internals.userNameHeader, 'in', req.headers, 'for', req.url);
+      }
+    }
+
+
+    // Browser auth
+    req.url = req.url.replace("/", Config.basePath());
+    passport.authenticate('digest', {session: false})(req, res, function (err) {
+      req.url = req.url.replace(Config.basePath(), "/");
+      if (err) { return res.molochError(200, err); }
+      else { return next(); }
+    });
+  });
+} else if (Config.get("regressionTests", false)) {
+  console.log('WARNING - The setting "regressionTests" is set to true, do NOT use in production, for testing only');
+  app.locals.alwaysShowESStatus = true;
+  app.locals.noPasswordSecret   = true;
+  app.use(function(req, res, next) {
+    var username = req.query.molochRegressionUser || "anonymous";
+    req.user = {userId: username, enabled: true, createEnabled: username === "anonymous", webEnabled: true, headerAuthEnabled: false, emailSearch: true, removeEnabled: true, packetSearch: true, settings: {}, welcomeMsgNum: 1};
+    Db.getUserCache(username, function(err, suser) {
+      if (!err && suser && suser.found) {
+        userCleanup(suser._source);
+        req.user = suser._source;
+      }
+      next();
+    });
+  });
+} else {
+  /* Shared password isn't set, who cares about auth, db is only used for settings */
+  console.log('WARNING - The setting "passwordSecret" is not set, all access is anonymous');
+  app.locals.alwaysShowESStatus = true;
+  app.locals.noPasswordSecret   = true;
+  app.use(function(req, res, next) {
+    req.user = internals.anonymousUser;
+    Db.getUserCache('anonymous', (err, suser) => {
+      if (!err && suser && suser.found) {
+        req.user.settings = suser._source.settings || {};
+        req.user.views = suser._source.views;
+      }
+      next();
+    });
+  });
+}
+
+// check for anonymous mode before fetching user cache and return anonymous
+// user or the user requested by the userId
+function getUserCacheIncAnon (userId, cb) {
+  if (app.locals.noPasswordSecret) { // user is anonymous
+    Db.getUserCache('anonymous', (err, anonUser) => {
+      let anon = internals.anonymousUser;
+
+      if (!err && anonUser && anonUser.found) {
+        anon.settings = anonUser._source.settings || {};
+        anon.views = anonUser._source.views;
+      }
+
+      return cb(null, anon);
+    });
+  } else {
+    Db.getUserCache(userId, (err, user) => {
+      let found = user.found;
+      user = user._source;
+      if (user) { user.found = found; }
+      return cb(err, user);
+    });
+  }
+}
+
+// add lookups for queries
+app.use(function (req, res, next) {
+  if (!req.user) { return next(); }
+  Db.getLookupsCache(req.user.userId, (err, lookupsMap) => {
+    req.lookups = lookupsMap || {};
+    return next();
+  });
+});
+
+app.use(function(req, res, next) {
+  if (!req.user || !req.user.userId) {
+    return next();
+  }
+
+  var mrc = {};
+
+  mrc.httpAuthorizationDecode = {fields: "http.authorization", func: `{
+    if (value.substring(0,5) === "Basic")
+      return {name: "Decoded:", value: atob(value.substring(6))};
+    return undefined;
+  }`};
+  mrc.bodyHashMd5 = {category: "md5", url: "/%NODE%/%ID%/bodyHash/%TEXT%", name: "Download File"};
+  mrc.bodyHashSha256 = {category: "sha256", url: "/%NODE%/%ID%/bodyHash/%TEXT%", name: "Download File"};
+
+  for (var key in internals.rightClicks) {
+    var rc = internals.rightClicks[key];
+    if (!rc.users || rc.users[req.user.userId]) {
+      mrc[key] = rc;
+    }
+  }
+  app.locals.molochRightClick = mrc;
+  next();
+});
+
+logger.token('username', function(req, res){ return req.user?req.user.userId:"-"; });
+
+// Explicit sigint handler for running under docker
+// See https://github.com/nodejs/node/issues/4182
+process.on('SIGINT', function() {
+    process.exit();
+});
+
+function loadFields() {
+  Db.loadFields(function (err, data) {
+    if (err) {data = [];}
+    else {data = data.hits.hits;}
+
+    // Everything will use dbField2 as dbField
+    for (let i = 0, ilen = data.length; i < ilen; i++) {
+      internals.oldDBFields[data[i]._source.dbField] = data[i]._source;
+      data[i]._source.dbField = data[i]._source.dbField2;
+      if (data[i]._source.portField2) {
+        data[i]._source.portField = data[i]._source.portField2;
+      } else {
+        delete data[i]._source.portField;
+      }
+      delete data[i]._source.rawField;
+    }
+    Config.loadFields(data);
+    app.locals.fieldsMap = JSON.stringify(Config.getFieldsMap());
+    app.locals.fieldsArr = Config.getFields().sort(function(a,b) {return (a.exp > b.exp?1:-1);});
+    createSessionDetail();
+  });
+}
+
+function loadPlugins() {
+  var api = {
+    registerWriter: function(str, info) {
+      internals.writers[str] = info;
+    },
+    getDb: function() { return Db; },
+    getPcap: function() { return Pcap; },
+  };
+  var plugins = Config.getArray('viewerPlugins', ';', '');
+  var dirs = Config.getArray('pluginsDir', ';', '/data/moloch/plugins');
+  plugins.forEach(function (plugin) {
+    plugin = plugin.trim();
+    if (plugin === "") {
+      return;
+    }
+    var found = false;
+    dirs.forEach(function (dir) {
+      dir = dir.trim();
+      if (found || dir === "") {
+        return;
+      }
+      if (fs.existsSync(dir + "/" + plugin)) {
+        found = true;
+        var p = require(dir + "/" + plugin);
+        p.init(Config, internals.pluginEmitter, api);
+      }
+    });
+    if (!found) {
+      console.log("WARNING - Couldn't find plugin", plugin, "in", dirs);
+    }
+  });
+}
+
+//////////////////////////////////////////////////////////////////////////////////
+//// Utility
+//////////////////////////////////////////////////////////////////////////////////
+function safeStr(str) {
+  return str.replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/\"/g,'&quot;').replace(/\'/g, '&#39;').replace(/\//g, '&#47;');
+}
+
+// https://medium.com/dailyjs/rewriting-javascript-converting-an-array-of-objects-to-an-object-ec579cafbfc7
+function arrayToObject(array, key)
+{
+  return array.reduce((obj, item) => {
+    obj[item[key]] = item;
+      return obj;
+  }, {});
+}
+
+function queryValueToArray(val) {
+  if (val === undefined || val === null) {
+    return [];
+  }
+  if (!Array.isArray(val)) {
+    val = [val];
+  }
+  return val.join(",").split(",");
+}
+
+function errorString(err, result) {
+  var str;
+  if (err && typeof err === "string") {
+    str = err;
+  } else if (err && typeof err.message === "string") {
+    str = err.message;
+  } else if (result && result.error) {
+    str = result.error;
+  } else {
+    str = "Unknown issue, check logs";
+    console.log(err, result);
+  }
+
+  if (str.match("IndexMissingException")) {
+    return "Moloch's Elasticsearch database has no matching session indices for timeframe selected";
+  } else {
+    return "Elasticsearch error: " + str;
+  }
+}
+
+function parseCustomView(key, input) {
+  var fieldsMap = Config.getFieldsMap();
+
+  var match = input.match(/require:([^;]+)/);
+  if (!match) {
+    console.log(`custom-view ${key} missing require section`);
+    process.exit(1);
+  }
+  var require = match[1];
+
+  match = input.match(/title:([^;]+)/);
+  var title = match[1] || key;
+
+  match = input.match(/fields:([^;]+)/);
+  if (!match) {
+    console.log(`custom-view ${key} missing fields section`);
+    process.exit(1);
+  }
+  var fields = match[1];
+
+  var output = `  if (session.${require})\n    div.sessionDetailMeta.bold ${title}\n    dl.sessionDetailMeta\n`;
+
+  for (let field of fields.split(",")) {
+    let info = fieldsMap[field];
+    if (!info) {
+      continue;
+    }
+    var parts = splitRemain(info.dbField, '.', 1);
+    if (parts.length === 1) {
+      output += `      +arrayList(session, '${parts[0]}', '${info.friendlyName}', '${field}')\n`;
+    } else {
+      output += `      +arrayList(session.${parts[0]}, '${parts[1]}', '${info.friendlyName}', '${field}')\n`;
+    }
+  }
+
+  return output;
+}
+
+function createSessionDetail() {
+  var found = {};
+  var dirs = [];
+
+  dirs = dirs.concat(Config.getArray('pluginsDir', ';', '/data/moloch/plugins'));
+  dirs = dirs.concat(Config.getArray('parsersDir', ';', '/data/moloch/parsers'));
+
+  dirs.forEach(function(dir) {
+    try {
+      var files = fs.readdirSync(dir);
+      // sort().reverse() so in this dir pug is processed before jade
+      files.sort().reverse().forEach(function(file) {
+        var sfile = file.replace(/\.(pug|jade)/, "");
+        if (found[sfile]) {
+          return;
+        }
+        if (file.match(/\.detail\.jade$/i)) {
+          found[sfile] = fs.readFileSync(dir + "/" + file, 'utf8').replace(/^/mg, "  ") + "\n";
+        } else if (file.match(/\.detail\.pug$/i)) {
+          found[sfile] = "  include " + dir + "/" + file + "\n";
+        }
+      });
+    } catch (e) {}
+  });
+
+  var customViews = Config.keys("custom-views") || [];
+
+  for (let key of customViews) {
+    let view = Config.sectionGet("custom-views", key);
+    found[key] = parseCustomView(key, view);
+  }
+
+  var makers = internals.pluginEmitter.listeners("makeSessionDetail");
+  async.each(makers, function(cb, nextCb) {
+    cb(function (err, items) {
+      for (var k in items) {
+        found[k] = items[k].replace(/^/mg, "  ") + "\n";
+      }
+      return nextCb();
+    });
+  }, function () {
+    internals.sessionDetailNew = "include views/mixins.pug\n" +
+                                 "div.session-detail(sessionid=session.id,hidePackets=hidePackets)\n" +
+                                 "  include views/sessionDetail\n";
+    Object.keys(found).sort().forEach(function(k) {
+      internals.sessionDetailNew += found[k];
+    });
+
+    internals.sessionDetailNew = internals.sessionDetailNew.replace(/div.sessionDetailMeta.bold/g, "h4.sessionDetailMeta")
+                                                           .replace(/dl.sessionDetailMeta/g, "dl")
+                                                           .replace(/a.moloch-right-click.*molochexpr='([^']+)'.*#{(.*)}/g, "+clickableValue('$1', $2)")
+                                                           ;
+  });
+}
+
+function createRightClicks() {
+
+  var mrc = Config.configMap("right-click");
+  for (var key in mrc) {
+    if (mrc[key].fields) {
+      mrc[key].fields = mrc[key].fields.split(",");
+    }
+    if (mrc[key].users) {
+      var users = {};
+      for (const item of mrc[key].users.split(",")) {
+        users[item] = 1;
+      }
+      mrc[key].users = users;
+    }
+  }
+  var makers = internals.pluginEmitter.listeners("makeRightClick");
+  async.each(makers, function(cb, nextCb) {
+    cb(function (err, items) {
+      for (var k in items) {
+        mrc[k] = items[k];
+        if (mrc[k].fields && !Array.isArray(mrc[k].fields)) {
+          mrc[k].fields = mrc[k].fields.split(",");
+        }
+      }
+      return nextCb();
+    });
+  }, function () {
+    internals.rightClicks = mrc;
+  });
+}
+
+//https://coderwall.com/p/pq0usg/javascript-string-split-that-ll-return-the-remainder
+function splitRemain(str, separator, limit) {
+    str = str.split(separator);
+    if(str.length <= limit) {return str;}
+
+    var ret = str.splice(0, limit);
+    ret.push(str.join(separator));
+
+    return ret;
+}
+
+function arrayZeroFill(n) {
+  var a = [];
+  while (n > 0) {
+    a.push(0);
+    n--;
+  }
+  return a;
+}
+
+// https://stackoverflow.com/a/48569020
+class Mutex {
+  constructor () {
+    this.queue = [];
+    this.locked = false;
+  }
+
+  lock () {
+    return new Promise((resolve, reject) => {
+      if (this.locked) {
+        this.queue.push(resolve);
+      } else {
+        this.locked = true;
+        resolve();
+      }
+    });
+  }
+
+  unlock () {
+    if (this.queue.length > 0) {
+      const resolve = this.queue.shift();
+      resolve();
+    } else {
+      this.locked = false;
+    }
+  }
+}
+
+//////////////////////////////////////////////////////////////////////////////////
+//// Requests
+//////////////////////////////////////////////////////////////////////////////////
+
+function addAuth(info, user, node, secret) {
+    if (!info.headers) {
+        info.headers = {};
+    }
+    info.headers['x-moloch-auth'] = Config.obj2auth({date: Date.now(),
+                                                     user: user.userId,
+                                                     node: node,
+                                                     path: info.path
+                                                    }, false, secret);
+}
+
+function loadCaTrust(node) {
+  var caTrustFile = Config.getFull(node, "caTrustFile");
+
+  if (caTrustFile && caTrustFile.length > 0) {
+    let certs = [];
+
+    var caTrustFileLines = fs.readFileSync(caTrustFile, 'utf8');
+    caTrustFileLines = caTrustFileLines.split("\n");
+
+    var foundCert = [];
+
+    for (let i = 0, ilen = caTrustFileLines.length; i < ilen; i++) {
+      let line = caTrustFileLines[i];
+      if (line.length === 0) {
+        continue;
+      }
+      foundCert.push(line);
+      if (line.match(/-END CERTIFICATE-/)) {
+        certs.push(foundCert.join("\n"));
+        foundCert = [];
+      }
+    }
+
+    if (certs.length > 0) {
+      return certs;
+    }
+  }
+
+  return undefined;
+}
+
+
+function addCaTrust(info, node) {
+  if (!Config.isHTTPS(node)) {
+    return;
+  }
+
+  if ((internals.caTrustCerts[node] !== undefined) && (internals.caTrustCerts[node].length > 0)) {
+    info.ca = internals.caTrustCerts[node];
+    info.agent.options.ca = internals.caTrustCerts[node];
+    return;
+  }
+
+  internals.caTrustCerts[node] = loadCaTrust(node);
+
+  if (internals.caTrustCerts[node] !== undefined && internals.caTrustCerts[node].length > 0) {
+    info.ca = internals.caTrustCerts[node];
+    info.agent.options.ca = internals.caTrustCerts[node];
+    return;
+  }
+}
+
+function noCache(req, res, ct) {
+  res.header('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
+  if (ct) {
+    res.setHeader("Content-Type", ct);
+    res.header('X-Content-Type-Options', 'nosniff');
+  }
+}
+
+function getViewUrl(node, cb) {
+  if (Array.isArray(node)) {
+    node = node[0];
+  }
+
+  var url = Config.getFull(node, "viewUrl");
+  if (url) {
+    if (Config.debug > 1) {
+      console.log(`DEBUG: node:${node} is using ${url} because viewUrl was set for ${node} in config file`);
+    }
+    cb(null, url, url.slice(0, 5) === "https"?https:http);
+    return;
+  }
+
+  Db.molochNodeStatsCache(node, function(err, stat) {
+    if (err) {
+      return cb(err);
+    }
+
+    if (Config.debug > 1) {
+      console.log(`DEBUG: node:${node} is using ${stat.hostname} from elasticsearch stats index`);
+    }
+
+    if (Config.isHTTPS(node)) {
+      cb(null, "https://" + stat.hostname + ":" + Config.getFull(node, "viewPort", "8005"), https);
+    } else {
+      cb(null, "http://" + stat.hostname + ":" + Config.getFull(node, "viewPort", "8005"), http);
+    }
+  });
+}
+
+function proxyRequest (req, res, errCb) {
+  noCache(req, res);
+
+  getViewUrl(req.params.nodeName, function(err, viewUrl, client) {
+    if (err) {
+      if (errCb) {
+        return errCb(err);
+      }
+      console.log("ERROR - getViewUrl - node:", req.params.nodeName, "err:", err);
+      return res.send(`Can't find view url for '${safeStr(req.params.nodeName)}' check viewer logs on '${Config.hostName()}'`);
+    }
+    var info = url.parse(viewUrl);
+    info.path = req.url;
+    info.agent = (client === http?internals.httpAgent:internals.httpsAgent);
+    addAuth(info, req.user, req.params.nodeName);
+    addCaTrust(info, req.params.nodeName);
+
+    var preq = client.request(info, function(pres) {
+      if (pres.headers['content-type']) {
+        res.setHeader('content-type', pres.headers['content-type']);
+      }
+      if (pres.headers['content-disposition']) {
+        res.setHeader('content-disposition', pres.headers['content-disposition']);
+      }
+      pres.on('data', function (chunk) {
+        res.write(chunk);
+      });
+      pres.on('end', function () {
+        res.end();
+      });
+    });
+
+    preq.on('error', function (e) {
+      if (errCb) {
+        return errCb(e);
+      }
+      console.log("ERROR - Couldn't proxy request=", info, "\nerror=", e, "You might want to run viewer with two --debug for more info");
+      res.send(`Error talking to node '${safeStr(req.params.nodeName)}' using host '${info.host}' check viewer logs on '${Config.hostName()}'`);
+    });
+    preq.end();
+  });
+}
+
+function makeRequest (node, path, user, cb) {
+  getViewUrl(node, function (err, viewUrl, client) {
+    let info = url.parse(viewUrl);
+    info.path = encodeURI(`${Config.basePath(node)}${path}`);
+    info.agent = (client === http ? internals.httpAgent : internals.httpsAgent);
+    addAuth(info, user, node);
+    addCaTrust(info, node);
+    let preq = client.request(info, function (pres) {
+      let response = '';
+      pres.on('data', function (chunk) {
+        response += chunk;
+      });
+      pres.on('end', function () {
+        cb(null, response);
+      });
+    });
+    preq.on('error', function (err) {
+      console.log(`Error with ${info.path} on remote viewer: ${err}`);
+      cb(err);
+    });
+    preq.end();
+  });
+}
+
+function isLocalView (node, yesCb, noCb) {
+  if (internals.isLocalViewRegExp && node.match(internals.isLocalViewRegExp)) {
+    if (Config.debug > 1) {
+      console.log(`DEBUG: node:${node} is local view because matches ${internals.isLocalViewRegExp}`);
+    }
+    return yesCb();
+  }
+
+  var pcapWriteMethod = Config.getFull(node, "pcapWriteMethod");
+  var writer = internals.writers[pcapWriteMethod];
+  if (writer && writer.localNode === false) {
+    if (Config.debug > 1) {
+      console.log(`DEBUG: node:${node} is local view because of writer`);
+    }
+    return yesCb();
+  }
+  return Db.isLocalView(node, yesCb, noCb);
+}
+
+//////////////////////////////////////////////////////////////////////////////////
+//// Middleware
+//////////////////////////////////////////////////////////////////////////////////
+function checkProxyRequest(req, res, next) {
+  isLocalView(req.params.nodeName, function () {
+    return next();
+  },
+  function () {
+    return proxyRequest(req, res);
+  });
+}
+
+function setCookie (req, res, next) {
+  let cookieOptions = {
+    path: app.locals.basePath,
+    sameSite: 'Strict',
+    overwrite: true
+  };
+
+  if (Config.isHTTPS()) { cookieOptions.secure = true; }
+
+  res.cookie( // send cookie for basic, non admin functions
+     'MOLOCH-COOKIE',
+     Config.obj2auth({
+       date: Date.now(),
+       pid: process.pid,
+       userId: req.user.userId
+     }, true),
+     cookieOptions
+  );
+
+  return next();
+}
+
+function checkCookieToken(req, res, next) {
+  if (!req.headers['x-moloch-cookie']) {
+    return res.molochError(500, 'Missing token');
+  }
+
+  req.token = Config.auth2obj(req.headers['x-moloch-cookie'], true);
+  var diff = Math.abs(Date.now() - req.token.date);
+  if (diff > 2400000 || /* req.token.pid !== process.pid || */
+      req.token.userId !== req.user.userId) {
+
+    console.trace('bad token', req.token);
+    return res.molochError(500, 'Timeout - Please try reloading page and repeating the action');
+  }
+
+  return next();
+}
+
+// use for APIs that can be used from places other than just the UI
+function checkHeaderToken (req, res, next) {
+  if (req.headers.cookie) { // if there's a cookie, check header
+    return checkCookieToken(req, res, next);
+  } else { // if there's no cookie, just continue so the API still works
+    return next();
+  }
+}
+
+function checkPermissions (permissions) {
+  const inversePermissions = {
+    hidePcap: true,
+    hideFiles: true,
+    hideStats: true,
+    disablePcapDownload: true
+  };
+
+  return (req, res, next) => {
+    for (let permission of permissions) {
+      if ((!req.user[permission] && !inversePermissions[permission]) ||
+        (req.user[permission] && inversePermissions[permission])) {
+        console.log(`Permission denied to ${req.user.userId} while requesting resource: ${req._parsedUrl.pathname}, using permission ${permission}`);
+        return res.molochError(403, 'You do not have permission to access this resource');
+      }
+    }
+    next();
+  };
+}
+
+function checkHuntAccess (req, res, next) {
+  if (req.user.createEnabled) {
+    // an admin can do anything to any hunt
+    return next();
+  } else {
+    Db.get('hunts', 'hunt', req.params.id, (err, huntHit) => {
+      if (err) {
+        console.log('error', err);
+        return res.molochError(500, err);
+      }
+      if (!huntHit || !huntHit.found) { throw 'Hunt not found'; }
+
+      if (huntHit._source.userId === req.user.userId) {
+        return next();
+      }
+      return res.molochError(403, `You cannot change another user's hunt unless you have admin privileges`);
+    });
+  }
+}
+
+function checkCronAccess (req, res, next) {
+  if (req.user.createEnabled) {
+    // an admin can do anything to any query
+    return next();
+  } else {
+    Db.get('queries', 'query', req.body.key, (err, query) => {
+      if (err || !query.found) {
+        return res.molochError(403, 'Unknown cron query');
+      }
+      if (query._source.creator === req.user.userId) {
+        return next();
+      }
+      return res.molochError(403, `You cannot change another user's cron query unless you have admin privileges`);
+    });
+  }
+}
+
+function noCacheJson(req, res, next) {
+  res.header('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
+  res.setHeader("Content-Type", 'application/json');
+  return next();
+}
+
+function logAction(uiPage) {
+  return function(req, res, next) {
+    var log = {
+      timestamp : Math.floor(Date.now()/1000),
+      method    : req.method,
+      userId    : req.user.userId,
+      api       : req._parsedUrl.pathname,
+      query     : req._parsedUrl.query,
+      expression: req.query.expression
+    };
+
+    if (req.user.expression) {
+      log.forcedExpression = req.user.expression;
+    }
+
+    if (uiPage) { log.uiPage = uiPage; }
+
+    if (req.query.date && parseInt(req.query.date) === -1) {
+      log.range = log.timestamp;
+    } else if(req.query.startTime && req.query.stopTime) {
+      log.range = req.query.stopTime - req.query.startTime;
+    }
+
+    if (req.query.view && req.user.views) {
+      var view = req.user.views[req.query.view];
+      if (view) {
+        log.view = {
+          name: req.query.view,
+          expression: view.expression
+        };
+      }
+    }
+
+    // save the request body
+    var avoidProps  = { password:true, newPassword:true, currentPassword:true };
+    var bodyClone   = {};
+
+    for (var key in req.body) {
+      if (req.body.hasOwnProperty(key) && !avoidProps[key]) {
+        bodyClone[key] = req.body[key];
+      }
+    }
+
+    if (Object.keys(bodyClone).length > 0) {
+      log.body = bodyClone;
+    }
+
+    res.logCounts = function(recordsReturned, recordsFiltered, recordsTotal) {
+      log.recordsReturned = recordsReturned;
+      log.recordsFiltered = recordsFiltered;
+      log.recordsTotal    = recordsTotal;
+    };
+
+    req._molochStartTime = new Date();
+    function finish () {
+      log.queryTime = new Date() - req._molochStartTime;
+      res.removeListener('finish', finish);
+      Db.historyIt(log, function(err, info) {
+        if (err) { console.log('log history error', err, info); }
+      });
+    }
+
+    res.on('finish', finish);
+
+    return next();
+  };
+}
+
+function fieldToExp (req, res, next) {
+  if (req.query.exp && !req.query.field) {
+    var field = Config.getFieldsMap()[req.query.exp];
+    if (field) { req.query.field = field.dbField; }
+    else { req.query.field = req.query.exp; }
+  }
+
+  return next();
+}
+
+// record the time it took from the request to start
+// until the headers are set to send the response
+function recordResponseTime (req, res, next) {
+  onHeaders(res, () => {
+    let now = process.hrtime();
+    let ms = ((now[0] - req._startAt[0]) * 1000) + ((now[1] - req._startAt[1]) / 1000000);
+    ms = Math.ceil(ms);
+    res.setHeader('X-Moloch-Response-Time', ms);
+  });
+
+  next();
+}
+
+
+//////////////////////////////////////////////////////////////////////////////////
+//// Pages
+//////////////////////////////////////////////////////////////////////////////////
+// APIs disabled in demoMode, needs to be before real callbacks
+if (Config.get('demoMode', false)) {
+  console.log("WARNING - Starting in demo mode, some APIs disabled");
+  app.all(['/settings', '/users', '/history/list'], function(req, res) {
+    return res.send('Disabled in demo mode.');
+  });
+
+  app.get(['/user/cron', '/history/list'], function(req, res) {
+    return res.molochError(403, "Disabled in demo mode.");
+  });
+
+  app.post(['/user/password/change', '/changePassword', '/tableState/:tablename'], function(req, res) {
+    return res.molochError(403, "Disabled in demo mode.");
+  });
+}
+
+app.get(['/', '/app'], function(req, res) {
+  var question = req.url.indexOf("?");
+  if (question === -1) {
+    res.redirect("sessions");
+  } else {
+    res.redirect("sessions" + req.url.substring(question));
+  }
+});
+
+app.get('/about', checkPermissions(['webEnabled']), (req, res) => {
+  res.redirect('help');
+});
+
+app.get('/molochclusters', function(req, res) {
+  function cloneClusters(clusters) {
+    var clone = {};
+
+    for (var key in app.locals.molochClusters) {
+      if (app.locals.molochClusters.hasOwnProperty(key)) {
+        var cluster = app.locals.molochClusters[key];
+        clone[key] = {
+          name: cluster.name,
+          url : cluster.url
+        };
+      }
+    }
+
+    return clone;
+  }
+
+  if(!app.locals.molochClusters) {
+    var molochClusters = Config.configMap("moloch-clusters");
+
+    if (!molochClusters) {
+      res.status(404);
+      return res.send('Cannot locate right clicks');
+    }
+
+    return res.send(cloneClusters(molochClusters));
+  }
+
+  var clustersClone = cloneClusters(app.locals.molochClusters);
+
+  return res.send(clustersClone);
+});
+
+// custom user css
+app.get('/user.css', checkPermissions(['webEnabled']), (req, res) => {
+  fs.readFile("./views/user.styl", 'utf8', function(err, str) {
+    function error(msg) {
+      console.log('ERROR - user.css -', msg);
+      return res.status(404).end();
+    }
+
+    var date = new Date().toUTCString();
+    res.setHeader('Content-Type', 'text/css');
+    res.setHeader('Date', date);
+    res.setHeader('Cache-Control', 'public, max-age=0');
+    res.setHeader('Last-Modified', date);
+
+    if (err) { return error(err); }
+    if (!req.user.settings.theme) { return error('no custom theme defined'); }
+
+    var theme = req.user.settings.theme.split(':');
+
+    if (!theme[1]) { return error('custom theme corrupted'); }
+
+    var style = stylus(str);
+
+    var colors = theme[1].split(',');
+
+    if (!colors) { return error('custom theme corrupted'); }
+
+    style.define('colorBackground', new stylus.nodes.Literal(colors[0]));
+    style.define('colorForeground', new stylus.nodes.Literal(colors[1]));
+    style.define('colorForegroundAccent', new stylus.nodes.Literal(colors[2]));
+
+    style.define('colorWhite', new stylus.nodes.Literal('#FFFFFF'));
+    style.define('colorBlack', new stylus.nodes.Literal('#333333'));
+    style.define('colorGray', new stylus.nodes.Literal('#CCCCCC'));
+    style.define('colorGrayDark', new stylus.nodes.Literal('#777777'));
+    style.define('colorGrayDarker', new stylus.nodes.Literal('#555555'));
+    style.define('colorGrayLight', new stylus.nodes.Literal('#EEEEEE'));
+    style.define('colorGrayLighter', new stylus.nodes.Literal('#F6F6F6'));
+
+    style.define('colorPrimary', new stylus.nodes.Literal(colors[3]));
+    style.define('colorPrimaryLightest', new stylus.nodes.Literal(colors[4]));
+    style.define('colorSecondary', new stylus.nodes.Literal(colors[5]));
+    style.define('colorSecondaryLightest', new stylus.nodes.Literal(colors[6]));
+    style.define('colorTertiary', new stylus.nodes.Literal(colors[7]));
+    style.define('colorTertiaryLightest', new stylus.nodes.Literal(colors[8]));
+    style.define('colorQuaternary', new stylus.nodes.Literal(colors[9]));
+    style.define('colorQuaternaryLightest', new stylus.nodes.Literal(colors[10]));
+
+    style.define('colorWater', new stylus.nodes.Literal(colors[11]));
+    style.define('colorLand', new stylus.nodes.Literal(colors[12]));
+    style.define('colorSrc', new stylus.nodes.Literal(colors[13]));
+    style.define('colorDst', new stylus.nodes.Literal(colors[14]));
+
+    style.render(function(err, css){
+      if (err) { return error(err); }
+      return res.send(css);
+    });
+  });
+});
+
+
+/* User Endpoints ---------------------------------------------------------- */
+// default settings for users with no settings
+let settingDefaults = {
+  timezone      : 'local',
+  detailFormat  : 'last',
+  showTimestamps: 'last',
+  sortColumn    : 'firstPacket',
+  sortDirection : 'desc',
+  spiGraph      : 'node',
+  connSrcField  : 'srcIp',
+  connDstField  : 'ip.dst:port',
+  numPackets    : 'last',
+  theme         : 'default-theme'
+};
+
+// gets the current user
+app.get('/user/current', checkPermissions(['webEnabled']), (req, res) => {
+  let userProps = [ 'createEnabled', 'emailSearch', 'enabled', 'removeEnabled',
+    'headerAuthEnabled', 'settings', 'userId', 'userName', 'webEnabled', 'packetSearch',
+    'hideStats', 'hideFiles', 'hidePcap', 'disablePcapDownload', 'welcomeMsgNum',
+    'lastUsed', 'timeLimit' ];
+
+  let clone = {};
+
+  for (let i = 0, ilen = userProps.length; i < ilen; ++i) {
+    let prop = userProps[i];
+    if (req.user.hasOwnProperty(prop)) {
+      clone[prop] = req.user[prop];
+    }
+  }
+
+  clone.canUpload = app.locals.allowUploads;
+  clone.esAdminUser = internals.esAdminUsers.includes(req.user.userId);
+
+
+  // If no settings, use defaults
+  if (clone.settings === undefined) { clone.settings = settingDefaults; }
+
+  // Use settingsDefaults for any settings that are missing
+  for (let item in settingDefaults) {
+    if (clone.settings[item] === undefined) {
+      clone.settings[item] = settingDefaults[item];
+    }
+  }
+
+  return res.send(clone);
+});
+
+// express middleware to set req.settingUser to who to work on, depending if admin or not
+// This returns the cached user
+function getSettingUserCache (req, res, next) {
+  // If no userId parameter, or userId is ourself then req.user already has our info
+  if (req.query.userId === undefined || req.query.userId === req.user.userId) {
+    req.settingUser = req.user;
+    return next();
+  }
+
+  // user is trying to get another user's settings without admin privilege
+  if (!req.user.createEnabled) { return res.molochError(403, "Need admin privileges"); }
+
+  Db.getUserCache(req.query.userId, function(err, user) {
+    if (err || !user || !user.found) {
+      if (app.locals.noPasswordSecret) {
+        // TODO: send anonymous user's settings
+        req.settingUser = {};
+      } else {
+        req.settingUser = null;
+      }
+      return next();
+    }
+    req.settingUser = user._source;
+    return next();
+  });
+}
+
+// express middleware to set req.settingUser to who to work on, depending if admin or not
+// This returns fresh from db
+function getSettingUserDb (req, res, next) {
+  let userId;
+
+  if (req.query.userId === undefined || req.query.userId === req.user.userId) {
+    if (Config.get('regressionTests', false)) {
+      req.settingUser = req.user;
+      return next();
+    }
+
+    userId = req.user.userId;
+  } else if (!req.user.createEnabled) {
+    // user is trying to get another user's settings without admin privilege
+    return res.molochError(403, "Need admin privileges");
+  } else {
+    userId = req.query.userId;
+  }
+
+  Db.getUser(userId, function(err, user) {
+    if (err || !user || !user.found) {
+      if (app.locals.noPasswordSecret) {
+        // TODO: send anonymous user's settings
+        req.settingUser = {};
+      } else {
+        return res.molochError(403, 'Unknown user');
+      }
+      return next();
+    }
+    req.settingUser = user._source;
+    return next();
+  });
+}
+
+function buildNotifiers () {
+  internals.notifiers = {};
+
+  let api = {
+    register: function (str, info) {
+      internals.notifiers[str] = info;
+    }
+  };
+
+  // look for all notifier providers and initialize them
+  let files = glob.sync(`${__dirname}/../notifiers/provider.*.js`);
+  files.forEach((file) => {
+    let plugin = require(file);
+    plugin.init(api);
+  });
+}
+
+function issueAlert (notifierName, alertMessage, continueProcess) {
+  if (!internals.notifiers) { buildNotifiers(); }
+
+  // find notifier
+  Db.getUser('_moloch_shared', (err, sharedUser) => {
+    if (!sharedUser || !sharedUser.found) {
+      console.log('Cannot find notifier, no alert can be issued');
+      return continueProcess();
+    }
+
+    sharedUser = sharedUser._source;
+
+    sharedUser.notifiers = sharedUser.notifiers || {};
+
+    let notifier = sharedUser.notifiers[notifierName];
+
+    if (!notifier) {
+      console.log('Cannot find notifier, no alert can be issued');
+      return continueProcess();
+    }
+
+    let notifierDefinition;
+    for (let n in internals.notifiers) {
+      if (internals.notifiers[n].type === notifier.type) {
+        notifierDefinition = internals.notifiers[n];
+      }
+    }
+    if (!notifierDefinition) {
+      console.log('Cannot find notifier definition, no alert can be issued');
+      return continueProcess();
+    }
+
+    let config = {};
+    for (let field of notifierDefinition.fields) {
+      for (let configuredField of notifier.fields) {
+        if (configuredField.name === field.name && configuredField.value !== undefined) {
+          console.log('setting', field.name, 'to', configuredField.value);
+          config[field.name] = configuredField.value;
+        }
+      }
+
+      // If a field is required and nothing was set, then we have an error
+      if (field.required && config[field.name] === undefined) {
+        console.log(`Cannot find notifier field value: ${field.name}, no alert can be issued`);
+        continueProcess();
+      }
+    }
+
+    notifierDefinition.sendAlert(config, alertMessage);
+
+    return continueProcess();
+  });
+}
+
+app.get('/notifierTypes', checkCookieToken, function (req, res) {
+  if (!internals.notifiers) {
+    buildNotifiers();
+  }
+
+  return res.send(internals.notifiers);
+});
+
+// get created notifiers
+app.get('/notifiers', checkCookieToken, function (req, res) {
+  function cloneNotifiers(notifiers) {
+    var clone = {};
+
+    for (var key in notifiers) {
+      if (notifiers.hasOwnProperty(key)) {
+        var notifier = notifiers[key];
+        clone[key] = {
+          name: notifier.name,
+          type : notifier.type
+        };
+      }
+    }
+
+    return clone;
+  }
+
+  Db.getUser('_moloch_shared', (err, sharedUser) => {
+    if (!sharedUser || !sharedUser.found) {
+      return res.send({});
+    } else {
+      sharedUser = sharedUser._source;
+    }
+
+    if (req.user.createEnabled) {
+      return res.send(sharedUser.notifiers);
+    }
+
+    return res.send(cloneNotifiers(sharedUser.notifiers));
+  });
+});
+
+// create a new notifier
+app.post('/notifiers', [noCacheJson, getSettingUserDb, checkCookieToken], function (req, res) {
+  let user = req.settingUser;
+  if (!user.createEnabled) {
+    return res.molochError(401, 'Need admin privelages to create a notifier');
+  }
+
+  if (!req.body.notifier) {
+    return res.molochError(403, 'Missing notifier');
+  }
+
+  if (!req.body.notifier.name) {
+    return res.molochError(403, 'Missing a unique notifier name');
+  }
+
+  if (!req.body.notifier.type) {
+    return res.molochError(403, 'Missing notifier type');
+  }
+
+  if (!req.body.notifier.fields) {
+    return res.molochError(403, 'Missing notifier fields');
+  }
+
+  if (!Array.isArray(req.body.notifier.fields)) {
+    return res.molochError(403, 'Notifier fields must be an array');
+  }
+
+  req.body.notifier.name = req.body.notifier.name.replace(/[^-a-zA-Z0-9_: ]/g, '');
+
+  if (!internals.notifiers) { buildNotifiers(); }
+
+  let foundNotifier;
+  for (let n in internals.notifiers) {
+    let notifier = internals.notifiers[n];
+    if (notifier.type === req.body.notifier.type) {
+      foundNotifier = notifier;
+    }
+  }
+
+  if (!foundNotifier) { return res.molochError(403, 'Unknown notifier type'); }
+
+  // check that required notifier fields exist
+  for (let field of foundNotifier.fields) {
+    if (field.required) {
+      for (let sentField of req.body.notifier.fields) {
+        if (sentField.name === field.name && !sentField.value) {
+          return res.molochError(403, `Missing a value for ${field.name}`);
+        }
+      }
+    }
+  }
+
+  // save the notifier on the shared user
+  Db.getUser('_moloch_shared', (err, sharedUser) => {
+    if (!sharedUser || !sharedUser.found) {
+      // sharing for the first time
+      sharedUser = {
+        userId: '_moloch_shared',
+        userName: '_moloch_shared',
+        enabled: false,
+        webEnabled: false,
+        emailSearch: false,
+        headerAuthEnabled: false,
+        createEnabled: false,
+        removeEnabled: false,
+        packetSearch: false,
+        views: {},
+        notifiers: {}
+      };
+    } else {
+      sharedUser = sharedUser._source;
+    }
+
+    sharedUser.notifiers = sharedUser.notifiers || {};
+
+    if (sharedUser.notifiers[req.body.notifier.name]) {
+      console.log('Trying to add duplicate notifier', sharedUser);
+      return res.molochError(403, 'Notifier already exists');
+    }
+
+    sharedUser.notifiers[req.body.notifier.name] = req.body.notifier;
+
+    Db.setUser('_moloch_shared', sharedUser, (err, info) => {
+      if (err) {
+        console.log('/notifiers failed', err, info);
+        return res.molochError(500, 'Creating notifier failed');
+      }
+      return res.send(JSON.stringify({
+        success : true,
+        text    : 'Successfully created notifier',
+        name    : req.body.notifier.name
+      }));
+    });
+  });
+});
+
+// update a notifier
+app.put('/notifiers/:name', [noCacheJson, getSettingUserDb, checkCookieToken], function (req, res) {
+  let user = req.settingUser;
+  if (!user.createEnabled) {
+    return res.molochError(401, 'Need admin privelages to update a notifier');
+  }
+
+  Db.getUser('_moloch_shared', (err, sharedUser) => {
+    if (!sharedUser || !sharedUser.found) {
+      return res.molochError(404, 'Cannot find notifer to udpate');
+    } else {
+      sharedUser = sharedUser._source;
+    }
+
+    sharedUser.notifiers = sharedUser.notifiers || {};
+
+    if (!sharedUser.notifiers[req.params.name]) {
+      return res.molochError(404, 'Cannot find notifer to udpate');
+    }
+
+    if (!req.body.notifier) {
+      return res.molochError(403, 'Missing notifier');
+    }
+
+    if (!req.body.notifier.name) {
+      return res.molochError(403, 'Missing a unique notifier name');
+    }
+
+    if (!req.body.notifier.type) {
+      return res.molochError(403, 'Missing notifier type');
+    }
+
+    if (!req.body.notifier.fields) {
+      return res.molochError(403, 'Missing notifier fields');
+    }
+
+    if (!Array.isArray(req.body.notifier.fields)) {
+      return res.molochError(403, 'Notifier fields must be an array');
+    }
+
+    req.body.notifier.name = req.body.notifier.name.replace(/[^-a-zA-Z0-9_: ]/g, '');
+
+    if (req.body.notifier.name !== req.body.key &&
+      sharedUser.notifiers[req.body.notifier.name]) {
+      return res.molochError(403, `${req.body.notifier.name} already exists`);
+    }
+
+
+    if (!internals.notifiers) { buildNotifiers(); }
+
+    let foundNotifier;
+    for (let n in internals.notifiers) {
+      let notifier = internals.notifiers[n];
+      if (notifier.type === req.body.notifier.type) {
+        foundNotifier = notifier;
+      }
+    }
+
+    if (!foundNotifier) { return res.molochError(403, 'Unknown notifier type'); }
+
+    // check that required notifier fields exist
+    for (let field of foundNotifier.fields) {
+      if (field.required) {
+        for (let sentField of req.body.notifier.fields) {
+          if (sentField.name === field.name && !sentField.value) {
+            return res.molochError(403, `Missing a value for ${field.name}`);
+          }
+        }
+      }
+    }
+
+    sharedUser.notifiers[req.body.notifier.name] = req.body.notifier;
+    // delete the old notifier if the name has changed
+    if (sharedUser.notifiers[req.params.name] && req.body.notifier.name !== req.params.name) {
+      sharedUser.notifiers[req.params.name] = null;
+      delete sharedUser.notifiers[req.params.name];
+    }
+
+    Db.setUser('_moloch_shared', sharedUser, (err, info) => {
+      if (err) {
+        console.log('/notifiers update failed', err, info);
+        return res.molochError(500, 'Updating notifier failed');
+      }
+      return res.send(JSON.stringify({
+        success : true,
+        text    : 'Successfully updated notifier',
+        name    : req.body.notifier.name
+      }));
+    });
+  });
+});
+
+// delete a notifier
+app.delete('/notifiers/:name', [noCacheJson, getSettingUserDb, checkCookieToken], function (req, res) {
+  let user = req.settingUser;
+  if (!user.createEnabled) {
+    return res.molochError(401, 'Need admin privelages to delete a notifier');
+  }
+
+  Db.getUser('_moloch_shared', (err, sharedUser) => {
+    if (!sharedUser || !sharedUser.found) {
+      return res.molochError(404, 'Cannot find notifer to remove');
+    } else {
+      sharedUser = sharedUser._source;
+    }
+
+    sharedUser.notifiers = sharedUser.notifiers || {};
+
+    if (!sharedUser.notifiers[req.params.name]) {
+      return res.molochError(404, 'Cannot find notifer to remove');
+    }
+
+    sharedUser.notifiers[req.params.name] = undefined;
+
+    Db.setUser('_moloch_shared', sharedUser, (err, info) => {
+      if (err) {
+        console.log('/notifiers delete failed', err, info);
+        return res.molochError(500, 'Deleting notifier failed');
+      }
+      return res.send(JSON.stringify({
+        success : true,
+        text    : 'Successfully deleted notifier',
+        name    : req.params.name
+      }));
+    });
+  });
+});
+
+// test a notifier
+app.post('/notifiers/:name/test', [noCacheJson, getSettingUserCache, checkCookieToken], function (req, res) {
+  let user = req.settingUser;
+  if (!user.createEnabled) {
+    return res.molochError(401, 'Need admin privelages to test a notifier');
+  }
+
+  function continueProcess () {
+    return res.send(JSON.stringify({
+      success : true,
+      text    : `Successfully issued alert using the ${req.params.name} notifier.`
+    }));
+  }
+
+  issueAlert(req.params.name, 'Test alert', continueProcess);
+});
+
+// gets a user's settings
+app.get('/user/settings', [noCacheJson, recordResponseTime, getSettingUserDb, checkPermissions(['webEnabled']), setCookie], (req, res) => {
+  let settings = req.settingUser.settings || settingDefaults;
+
+  let cookieOptions = { path: app.locals.basePath, sameSite: 'Strict' };
+  if (Config.isHTTPS()) { cookieOptions.secure = true; }
+
+  res.cookie(
+     'MOLOCH-COOKIE',
+     Config.obj2auth({date: Date.now(), pid: process.pid, userId: req.user.userId}, true),
+     cookieOptions
+  );
+
+  return res.send(settings);
+});
+
+// updates a user's settings
+app.post('/user/settings/update', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
+  req.settingUser.settings = req.body;
+  delete req.settingUser.settings.token;
+
+  Db.setUser(req.settingUser.userId, req.settingUser, function(err, info) {
+    if (err) {
+      console.log('/user/settings/update error', err, info);
+      return res.molochError(500, 'Settings update failed');
+    }
+    return res.send(JSON.stringify({
+      success : true,
+      text    : 'Updated settings successfully'
+    }));
+  });
+});
+
+function saveSharedView (req, res, user, view, endpoint, successMessage, errorMessage) {
+  Db.getUser('_moloch_shared', (err, sharedUser) => {
+    if (!sharedUser || !sharedUser.found) {
+      // sharing for the first time
+      sharedUser = {
+        userId: '_moloch_shared',
+        userName: '_moloch_shared',
+        enabled: false,
+        webEnabled: false,
+        emailSearch: false,
+        headerAuthEnabled: false,
+        createEnabled: false,
+        removeEnabled: false,
+        packetSearch: false,
+        views: {}
+      };
+    } else {
+      sharedUser = sharedUser._source;
+    }
+
+    sharedUser.views = sharedUser.views || {};
+
+    if (sharedUser.views[req.body.name]) {
+      console.log('Trying to add duplicate shared view', sharedUser);
+      return res.molochError(403, 'Shared view already exists');
+    }
+
+    sharedUser.views[req.body.name] = view;
+
+    Db.setUser('_moloch_shared', sharedUser, (err, info) => {
+      if (err) {
+        console.log(endpoint, 'failed', err, info);
+        return res.molochError(500, errorMessage);
+      }
+      return res.send(JSON.stringify({
+        success : true,
+        text    : successMessage,
+        viewName: req.body.name,
+        view    : view
+      }));
+    });
+  });
+}
+
+// remove the string, 'shared:', that is added to shared views with the same
+// name as a user's personal view in the endpoint '/user/views'
+// also remove any special characters except ('-', '_', ':', and ' ')
+function sanitizeViewName (req, res, next) {
+  if (req.body.name) {
+    req.body.name = req.body.name.replace(/(^(shared:)+)|[^-a-zA-Z0-9_: ]/g, '');
+  }
+  next();
+}
+
+// removes a view from the user that created the view and adds it to the shared user
+function shareView (req, res, user, endpoint, successMessage, errorMessage) {
+  let view = user.views[req.body.name];
+  view.shared = true;
+
+  delete user.views[req.body.name]; // remove the view from the
+
+  Db.setUser(user.userId, user, (err, info) => {
+    if (err) {
+      console.log(endpoint, 'failed', err, info);
+      return res.molochError(500, errorMessage);
+    }
+    // save the view on the shared user
+    return saveSharedView(req, res, user, view, endpoint, successMessage, errorMessage);
+  });
+}
+
+// removes a view from the shared user and adds it to the user that created the view
+function unshareView (req, res, user, sharedUser, endpoint, successMessage, errorMessage) {
+  Db.setUser('_moloch_shared', sharedUser, (err, info) => {
+    if (err) {
+      console.log(endpoint, 'failed', err, info);
+      return res.molochError(500, errorMessage);
+    }
+
+    if (user.views[req.body.name]) { // the user already has a view with this name
+      return res.molochError(403, 'A view already exists with this name.');
+    }
+
+    user.views[req.body.name] = {
+      expression: req.body.expression,
+      user: req.body.user, // keep the user so we know who created it
+      shared: false,
+      sessionsColConfig: req.body.sessionsColConfig
+    };
+
+    Db.setUser(user.userId, user, (err, info) => {
+      if (err) {
+        console.log(endpoint, 'failed', err, info);
+        return res.molochError(500, errorMessage);
+      }
+      return res.send(JSON.stringify({
+        success : true,
+        text    : successMessage
+      }));
+    });
+  });
+}
+
+// gets a user's views
+app.get('/user/views', [noCacheJson, getSettingUserCache], function(req, res) {
+  if (!req.settingUser) { return res.send({}); }
+
+  // Clone the views so we don't modify that cached user
+  let views = JSON.parse(JSON.stringify(req.settingUser.views || {}));
+
+  Db.getUser('_moloch_shared', (err, sharedUser) => {
+    if (sharedUser && sharedUser.found) {
+      sharedUser = sharedUser._source;
+      for (let viewName in sharedUser.views) {
+        // check for views with the same name as a shared view so user specific views don't get overwritten
+        let sharedViewName = viewName;
+        if (views[sharedViewName] && !views[sharedViewName].shared) {
+          sharedViewName = `shared:${sharedViewName}`;
+        }
+        views[sharedViewName] = sharedUser.views[viewName];
+      }
+    }
+
+    return res.send(views);
+  });
+});
+
+// creates a new view for a user
+app.post('/user/views/create', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, sanitizeViewName], function (req, res) {
+  if (!req.body.name)   { return res.molochError(403, 'Missing view name'); }
+  if (!req.body.expression) { return res.molochError(403, 'Missing view expression'); }
+
+  let user = req.settingUser;
+  user.views = user.views || {};
+
+  let newView = {
+    expression: req.body.expression,
+    user: user.userId
+  };
+
+  if (req.body.shared) {
+    // save the view on the shared user
+    newView.shared = true;
+    saveSharedView(req, res, user, newView, '/user/views/create', 'Created shared view successfully', 'Create shared view failed');
+  } else {
+    newView.shared = false;
+    if (user.views[req.body.name]) {
+      return res.molochError(403, 'A view already exists with this name.');
+    } else {
+      user.views[req.body.name] = newView;
+    }
+
+    if (req.body.sessionsColConfig) {
+      user.views[req.body.name].sessionsColConfig = req.body.sessionsColConfig;
+    } else if (user.views[req.body.name].sessionsColConfig && !req.body.sessionsColConfig) {
+      user.views[req.body.name].sessionsColConfig = undefined;
+    }
+
+    Db.setUser(user.userId, user, (err, info) => {
+      if (err) {
+        console.log('/user/views/create error', err, info);
+        return res.molochError(500, 'Create view failed');
+      }
+      return res.send(JSON.stringify({
+        success : true,
+        text    : 'Created view successfully',
+        viewName: req.body.name,
+        view    : newView
+      }));
+    });
+  }
+});
+
+// deletes a user's specified view
+app.post('/user/views/delete', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, sanitizeViewName], function(req, res) {
+  if (!req.body.name) { return res.molochError(403, 'Missing view name'); }
+
+  let user = req.settingUser;
+  user.views = user.views || {};
+
+  if (req.body.shared) {
+    Db.getUser('_moloch_shared', (err, sharedUser) => {
+      if (sharedUser && sharedUser.found) {
+        sharedUser = sharedUser._source;
+        sharedUser.views = sharedUser.views || {};
+        if (sharedUser.views[req.body.name] === undefined) { return res.molochError(404, 'View not found'); }
+        // only admins or the user that created the view can delete the shared view
+        if (!user.createEnabled && sharedUser.views[req.body.name].user !== user.userId) {
+          return res.molochError(401, `Need admin privelages to delete another user's shared view`);
+        }
+        delete sharedUser.views[req.body.name];
+      }
+
+      Db.setUser('_moloch_shared', sharedUser, (err, info) => {
+        if (err) {
+          console.log('/user/views/delete failed', err, info);
+          return res.molochError(500, 'Delete shared view failed');
+        }
+        return res.send(JSON.stringify({
+          success : true,
+          text    : 'Deleted shared view successfully'
+        }));
+      });
+    });
+  } else {
+    if (user.views[req.body.name] === undefined) { return res.molochError(404, 'View not found'); }
+    delete user.views[req.body.name];
+
+    Db.setUser(user.userId, user, (err, info) => {
+      if (err) {
+        console.log('/user/views/delete failed', err, info);
+        return res.molochError(500, 'Delete view failed');
+      }
+      return res.send(JSON.stringify({
+        success : true,
+        text    : 'Deleted view successfully'
+      }));
+    });
+  }
+});
+
+// shares/unshares a view
+app.post('/user/views/toggleShare', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, sanitizeViewName], function (req, res) {
+  if (!req.body.name)       { return res.molochError(403, 'Missing view name'); }
+  if (!req.body.expression) { return res.molochError(403, 'Missing view expression'); }
+
+  let view;
+  let share = req.body.shared;
+  let user = req.settingUser;
+  user.views = user.views || {};
+
+  if (share && user.views[req.body.name] === undefined) { return res.molochError(404, 'View not found'); }
+
+  Db.getUser('_moloch_shared', (err, sharedUser) => {
+    if (!sharedUser || !sharedUser.found) {
+      // the shared user has not been created yet so there is no chance of duplicate views
+      if (share) { // add the view to the shared user
+        return shareView(req, res, user, '/user/views/toggleShare', 'Shared view successfully', 'Sharing view failed');
+      }
+      // if it not already a shared view and it's trying to be unshared, something went wrong, can't do it
+      return res.molochError(404, 'Shared user not found. Cannot unshare a view without a shared user.');
+    }
+
+    sharedUser = sharedUser._source;
+    sharedUser.views = sharedUser.views || {};
+
+    if (share) { // if sharing, make sure the view doesn't already exist
+      if (sharedUser.views[req.body.name]) { // duplicate detected
+        return res.molochError(403, 'A shared view already exists with this name.');
+      }
+      return shareView(req, res, user, '/user/views/toggleShare', 'Shared view successfully', 'Sharing view failed');
+    } else {
+      // if unsharing, remove it from shared user and add it to current user
+      if (sharedUser.views[req.body.name] === undefined) { return res.molochError(404, 'View not found'); }
+      // only admins or the user that created the view can update the shared view
+      if (!user.createEnabled && sharedUser.views[req.body.name].user !== user.userId) {
+        return res.molochError(401, `Need admin privelages to unshare another user's shared view`);
+      }
+      // save the view for later to determine who the view belongs to
+      view = sharedUser.views[req.body.name];
+      // delete the shared view
+      delete sharedUser.views[req.body.name];
+      return unshareView(req, res, user, sharedUser, '/user/views/toggleShare', 'Unshared view successfully', 'Unsharing view failed');
+    }
+  });
+});
+
+// updates a user's specified view
+app.post('/user/views/update', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, sanitizeViewName], function (req, res) {
+  if (!req.body.name)       { return res.molochError(403, 'Missing view name'); }
+  if (!req.body.expression) { return res.molochError(403, 'Missing view expression'); }
+  if (!req.body.key)        { return res.molochError(403, 'Missing view key'); }
+
+  let user = req.settingUser;
+  user.views = user.views || {};
+
+  if (req.body.shared) {
+    Db.getUser('_moloch_shared', (err, sharedUser) => {
+      if (sharedUser && sharedUser.found) {
+        sharedUser = sharedUser._source;
+        sharedUser.views = sharedUser.views || {};
+        if (sharedUser.views[req.body.key] === undefined) { return res.molochError(404, 'View not found'); }
+        // only admins or the user that created the view can update the shared view
+        if (!user.createEnabled && sharedUser.views[req.body.name].user !== user.userId) {
+          return res.molochError(401, `Need admin privelages to update another user's shared view`);
+        }
+        sharedUser.views[req.body.name] = {
+          expression: req.body.expression,
+          user: user.userId,
+          shared: true,
+          sessionsColConfig: req.body.sessionsColConfig
+        };
+        // delete the old one if the key (view name) has changed
+        if (sharedUser.views[req.body.key] && req.body.name !== req.body.key) {
+          sharedUser.views[req.body.key] = null;
+          delete sharedUser.views[req.body.key];
+        }
+      }
+
+      Db.setUser('_moloch_shared', sharedUser, (err, info) => {
+        if (err) {
+          console.log('/user/views/delete failed', err, info);
+          return res.molochError(500, 'Update shared view failed');
+        }
+        return res.send(JSON.stringify({
+          success : true,
+          text    : 'Updated shared view successfully'
+        }));
+      });
+    });
+  } else {
+    if (user.views[req.body.name]) {
+      user.views[req.body.name].expression = req.body.expression;
+    } else { // the name has changed, so create a new entry
+      user.views[req.body.name] = {
+        expression: req.body.expression,
+        user: user.userId,
+        shared: false,
+        sessionsColConfig: req.body.sessionsColConfig
+      };
+    }
+
+    // delete the old one if the key (view name) has changed
+    if (user.views[req.body.key] && req.body.name !== req.body.key) {
+      user.views[req.body.key] = null;
+      delete user.views[req.body.key];
+    }
+
+    Db.setUser(user.userId, user, function(err, info) {
+      if (err) {
+        console.log('/user/views/update error', err, info);
+        return res.molochError(500, 'Updating view failed');
+      }
+      return res.send(JSON.stringify({
+        success : true,
+        text    : 'Updated view successfully'
+      }));
+    });
+  }
+});
+
+// gets a user's cron queries
+app.get('/user/cron', [noCacheJson, getSettingUserCache], function(req, res) {
+  if (!req.settingUser) {return res.molochError(403, 'Unknown user');}
+
+  var user = req.settingUser;
+  if (user.settings === undefined) {user.settings = {};}
+  Db.search('queries', 'query', {size:1000, query: {term: {creator: user.userId}}}, function (err, data) {
+    if (err || data.error) {
+      console.log('/user/cron error', err || data.error);
+    }
+
+    let queries = {};
+
+    if (data && data.hits && data.hits.hits) {
+      user.queries = {};
+      data.hits.hits.forEach(function(item) {
+        queries[item._id] = item._source;
+      });
+    }
+
+    res.send(queries);
+  });
+});
+
+// creates a new cron query for a user
+app.post('/user/cron/create', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
+  if (!req.body.name)   { return res.molochError(403, 'Missing cron query name'); }
+  if (!req.body.query)  { return res.molochError(403, 'Missing cron query expression'); }
+  if (!req.body.action) { return res.molochError(403, 'Missing cron query action'); }
+  if (!req.body.tags)   { return res.molochError(403, 'Missing cron query tag(s)'); }
+
+  var document = {
+    doc: {
+      enabled : true,
+      name    : req.body.name,
+      query   : req.body.query,
+      tags    : req.body.tags,
+      action  : req.body.action,
+    }
+  };
+
+  if (req.body.notifier) {
+    document.doc.notifier = req.body.notifier;
+  }
+
+  var userId = req.settingUser.userId;
+
+  Db.getMinValue("sessions2-*", "timestamp", (err, minTimestamp) => {
+    if (err || minTimestamp === 0 || minTimestamp === null) {
+      minTimestamp = Math.floor(Date.now()/1000);
+    } else {
+      minTimestamp = Math.floor(minTimestamp/1000);
+    }
+
+    if (+req.body.since === -1) {
+      document.doc.lpValue =  document.doc.lastRun = minTimestamp;
+    } else {
+      document.doc.lpValue =  document.doc.lastRun =
+         Math.max(minTimestamp, Math.floor(Date.now()/1000) - 60*60*parseInt(req.body.since || '0', 10));
+    }
+    document.doc.count = 0;
+    document.doc.creator = userId || 'anonymous';
+
+    Db.indexNow('queries', 'query', null, document.doc, function(err, info) {
+      if (err) {
+        console.log('/user/cron/create error', err, info);
+        return res.molochError(500, 'Create cron query failed');
+      }
+      if (Config.get('cronQueries', false)) {
+        processCronQueries();
+      }
+      return res.send(JSON.stringify({
+        success : true,
+        text    : 'Created cron query successfully',
+        key     : info._id
+      }));
+    });
+  });
+});
+
+// deletes a user's specified cron query
+app.post('/user/cron/delete', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, checkCronAccess], function(req, res) {
+  if (!req.body.key) { return res.molochError(403, 'Missing cron query key'); }
+
+  Db.deleteDocument('queries', 'query', req.body.key, {refresh: true}, function(err, sq) {
+    if (err) {
+      console.log('/user/cron/delete error', err, sq);
+      return res.molochError(500, 'Delete cron query failed');
+    }
+    res.send(JSON.stringify({
+      success : true,
+      text    : 'Deleted cron query successfully'
+    }));
+  });
+});
+
+// updates a user's specified cron query
+app.post('/user/cron/update', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, checkCronAccess], function(req, res) {
+  if (!req.body.key)    { return res.molochError(403, 'Missing cron query key'); }
+  if (!req.body.name)   { return res.molochError(403, 'Missing cron query name'); }
+  if (!req.body.query)  { return res.molochError(403, 'Missing cron query expression'); }
+  if (!req.body.action) { return res.molochError(403, 'Missing cron query action'); }
+  if (!req.body.tags)   { return res.molochError(403, 'Missing cron query tag(s)'); }
+
+  var document = {
+    doc: {
+      enabled : req.body.enabled,
+      name    : req.body.name,
+      query   : req.body.query,
+      tags    : req.body.tags,
+      action  : req.body.action,
+      notifier: undefined
+    }
+  };
+
+  if (req.body.notifier) {
+    document.doc.notifier = req.body.notifier;
+  }
+
+  Db.get('queries', 'query', req.body.key, function(err, sq) {
+    if (err || !sq.found) {
+      console.log('/user/cron/update failed', err, sq);
+      return res.molochError(403, 'Unknown query');
+    }
+
+    Db.update('queries', 'query', req.body.key, document, {refresh: true}, function(err, data) {
+      if (err) {
+        console.log('/user/cron/update error', err, document, data);
+        return res.molochError(500, 'Cron query update failed');
+      }
+      if (Config.get('cronQueries', false)) {
+        processCronQueries();
+      }
+      return res.send(JSON.stringify({
+        success : true,
+        text    : 'Updated cron query successfully'
+      }));
+    });
+  });
+});
+
+// changes a user's password
+app.post('/user/password/change', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
+  if (!req.body.newPassword || req.body.newPassword.length < 3) {
+    return res.molochError(403, 'New password needs to be at least 3 characters');
+  }
+
+  if (!req.user.createEnabled && (req.user.passStore !==
+     Config.pass2store(req.token.userId, req.body.currentPassword) ||
+     req.token.userId !== req.user.userId)) {
+    return res.molochError(403, 'Current password mismatch');
+  }
+
+  var user = req.settingUser;
+  user.passStore = Config.pass2store(user.userId, req.body.newPassword);
+
+  Db.setUser(user.userId, user, function(err, info) {
+    if (err) {
+      console.log('/user/password/change error', err, info);
+      return res.molochError(500, 'Update failed');
+    }
+    return res.send(JSON.stringify({
+      success : true,
+      text    : 'Changed password successfully'
+    }));
+  });
+});
+
+function oldDB2newDB(x) {
+  if (!internals.oldDBFields[x]) {return x;}
+  return internals.oldDBFields[x].dbField2;
+}
+
+// gets custom column configurations for a user
+app.get('/user/columns', [noCacheJson, getSettingUserCache, checkPermissions(['webEnabled'])], (req, res) => {
+  if (!req.settingUser) {return res.send([]);}
+
+  // Fix for new names
+  if (req.settingUser.columnConfigs) {
+    for (var key in req.settingUser.columnConfigs) {
+      let item = req.settingUser.columnConfigs[key];
+      item.columns = item.columns.map(oldDB2newDB);
+      if (item.order && item.order.length > 0) {
+        item.order[0][0] = oldDB2newDB(item.order[0][0]);
+      }
+    }
+  }
+
+  return res.send(req.settingUser.columnConfigs || []);
+});
+
+// udpates custom column configurations for a user
+app.put('/user/columns/:name', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
+  if (!req.body.name)     { return res.molochError(403, 'Missing custom column configuration name'); }
+  if (!req.body.columns)  { return res.molochError(403, 'Missing columns'); }
+  if (!req.body.order)    { return res.molochError(403, 'Missing sort order'); }
+
+  let user = req.settingUser;
+  user.columnConfigs = user.columnConfigs || [];
+
+  // find the custom column configuration to update
+  let found = false;
+  for (let i = 0, ilen = user.columnConfigs.length; i < ilen; ++i) {
+    if (req.body.name === user.columnConfigs[i].name) {
+      found = true;
+      user.columnConfigs[i] = req.body;
+    }
+  }
+
+  if (!found) { return res.molochError(200, 'Custom column configuration not found'); }
+
+  Db.setUser(user.userId, user, function(err, info) {
+    if (err) {
+      console.log('/user/columns udpate error', err, info);
+      return res.molochError(500, 'Update custom column configuration failed');
+    }
+    return res.send(JSON.stringify({
+      success   : true,
+      text      : 'Updated column configuration',
+      colConfig : req.body
+    }));
+  });
+});
+
+// creates a new custom column configuration for a user
+app.post('/user/columns/create', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
+  if (!req.body.name)     { return res.molochError(403, 'Missing custom column configuration name'); }
+  if (!req.body.columns)  { return res.molochError(403, 'Missing columns'); }
+  if (!req.body.order)    { return res.molochError(403, 'Missing sort order'); }
+
+  req.body.name = req.body.name.replace(/[^-a-zA-Z0-9\s_:]/g, '');
+  if (req.body.name.length < 1) {
+    return res.molochError(403, 'Invalid custom column configuration name');
+  }
+
+  var user = req.settingUser;
+  user.columnConfigs = user.columnConfigs || [];
+
+  // don't let user use duplicate names
+  for (let i = 0, ilen = user.columnConfigs.length; i < ilen; ++i) {
+    if (req.body.name === user.columnConfigs[i].name) {
+      return res.molochError(403, 'There is already a custom column with that name');
+    }
+  }
+
+  user.columnConfigs.push({
+    name    : req.body.name,
+    columns : req.body.columns,
+    order   : req.body.order
+  });
+
+  Db.setUser(user.userId, user, function(err, info) {
+    if (err) {
+      console.log('/user/columns/create error', err, info);
+      return res.molochError(500, 'Create custom column configuration failed');
+    }
+    return res.send(JSON.stringify({
+      success : true,
+      text    : 'Created custom column configuration successfully',
+      name    : req.body.name
+    }));
+  });
+});
+
+// deletes a user's specified custom column configuration
+app.post('/user/columns/delete', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
+  if (!req.body.name) { return res.molochError(403, 'Missing custom column configuration name'); }
+
+  var user = req.settingUser;
+  user.columnConfigs = user.columnConfigs || [];
+
+  var found = false;
+  for (let i = 0, ilen = user.columnConfigs.length; i < ilen; ++i) {
+    if (req.body.name === user.columnConfigs[i].name) {
+      user.columnConfigs.splice(i, 1);
+      found = true;
+      break;
+    }
+  }
+
+  if (!found) { return res.molochError(200, "Column not found"); }
+
+  Db.setUser(user.userId, user, function(err, info) {
+    if (err) {
+      console.log('/user/columns/delete failed', err, info);
+      return res.molochError(500, 'Delete custom column configuration failed');
+    }
+    return res.send(JSON.stringify({
+      success : true,
+      text    : 'Deleted custom column configuration successfully'
+    }));
+  });
+});
+
+// gets custom spiview fields configurations for a user
+app.get('/user/spiview/fields', [noCacheJson, getSettingUserCache, checkPermissions(['webEnabled'])], (req, res) => {
+  if (!req.settingUser) {return res.send([]);}
+
+  return res.send(req.settingUser.spiviewFieldConfigs || []);
+});
+
+// udpates custom spiview field configuration for a user
+app.put('/user/spiview/fields/:name', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
+  if (!req.body.name)   { return res.molochError(403, 'Missing custom spiview field configuration name'); }
+  if (!req.body.fields) { return res.molochError(403, 'Missing fields'); }
+
+  let user = req.settingUser;
+  user.spiviewFieldConfigs = user.spiviewFieldConfigs || [];
+
+  // find the custom spiview field configuration to update
+  let found = false;
+  for (let i = 0, ilen = user.spiviewFieldConfigs.length; i < ilen; ++i) {
+    if (req.body.name === user.spiviewFieldConfigs[i].name) {
+      found = true;
+      user.spiviewFieldConfigs[i] = req.body;
+    }
+  }
+
+  if (!found) { return res.molochError(200, 'Custom spiview field configuration not found'); }
+
+  Db.setUser(user.userId, user, function(err, info) {
+    if (err) {
+      console.log('/user/spiview/fields udpate error', err, info);
+      return res.molochError(500, 'Update spiview field configuration failed');
+    }
+    return res.send(JSON.stringify({
+      success   : true,
+      text      : 'Updated spiview field configuration',
+      colConfig : req.body
+    }));
+  });
+});
+
+// creates a new custom spiview fields configuration for a user
+app.post('/user/spiview/fields/create', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
+  if (!req.body.name)   { return res.molochError(403, 'Missing custom spiview field configuration name'); }
+  if (!req.body.fields) { return res.molochError(403, 'Missing fields'); }
+
+  req.body.name = req.body.name.replace(/[^-a-zA-Z0-9\s_:]/g, '');
+
+  if (req.body.name.length < 1) {
+    return res.molochError(403, 'Invalid custom spiview fields configuration name');
+  }
+
+  var user = req.settingUser;
+  user.spiviewFieldConfigs = user.spiviewFieldConfigs || [];
+
+  // don't let user use duplicate names
+  for (let i = 0, ilen = user.spiviewFieldConfigs.length; i < ilen; ++i) {
+    if (req.body.name === user.spiviewFieldConfigs[i].name) {
+      return res.molochError(403, 'There is already a custom spiview fields configuration with that name');
+    }
+  }
+
+  user.spiviewFieldConfigs.push({
+    name  : req.body.name,
+    fields: req.body.fields
+  });
+
+  Db.setUser(user.userId, user, function(err, info) {
+    if (err) {
+      console.log('/user/spiview/fields/create error', err, info);
+      return res.molochError(500, 'Create custom spiview fields configuration failed');
+    }
+    return res.send(JSON.stringify({
+      success : true,
+      text    : 'Created custom spiview fields configuration successfully',
+      name    : req.body.name
+    }));
+  });
+});
+
+// deletes a user's specified custom spiview fields configuration
+app.post('/user/spiview/fields/delete', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
+  if (!req.body.name) { return res.molochError(403, 'Missing custom spiview fields configuration name'); }
+
+  var user = req.settingUser;
+  user.spiviewFieldConfigs = user.spiviewFieldConfigs || [];
+
+  var found = false;
+  for (let i = 0, ilen = user.spiviewFieldConfigs.length; i < ilen; ++i) {
+    if (req.body.name === user.spiviewFieldConfigs[i].name) {
+      user.spiviewFieldConfigs.splice(i, 1);
+      found = true;
+      break;
+    }
+  }
+
+  if (!found) { return res.molochError(200, "Spiview fields not found"); }
+
+  Db.setUser(user.userId, user, function(err, info) {
+    if (err) {
+      console.log('/user/spiview/fields/delete failed', err, info);
+      return res.molochError(500, 'Delete custom spiview fields configuration failed');
+    }
+    return res.send(JSON.stringify({
+      success : true,
+      text    : 'Deleted custom spiview fields configuration successfully'
+    }));
+  });
+});
+
+
+app.get('/decodings', [noCacheJson], function(req, res) {
+  var decodeItems = decode.settings();
+  res.send(JSON.stringify(decodeItems));
+});
+
+
+//////////////////////////////////////////////////////////////////////////////////
+//// EXPIRING
+//////////////////////////////////////////////////////////////////////////////////
+// Search for all files on a set of nodes in a set of directories.
+// If less then size items are returned we don't delete anything.
+// Doesn't support mounting sub directories in main directory, don't do it.
+function expireDevice (nodes, dirs, minFreeSpaceG, nextCb) {
+  var query = { _source: [ 'num', 'name', 'first', 'size', 'node' ],
+                  from: '0',
+                  size: 200,
+                 query: { bool: {
+                    must: [
+                          {terms: {node: nodes}},
+                          { bool: {should: []}}
+                        ],
+                    must_not: { term: {locked: 1}}
+                }},
+                sort: { first: { order: 'asc' } } };
+
+  Object.keys(dirs).forEach( function (pcapDir) {
+    var obj = {wildcard: {}};
+    if (pcapDir[pcapDir.length - 1] === "/") {
+      obj.wildcard.name = pcapDir + "*";
+    } else {
+      obj.wildcard.name = pcapDir + "/*";
+    }
+    query.query.bool.must[1].bool.should.push(obj);
+  });
+
+  // Keep at least 10 files
+  Db.search('files', 'file', query, function(err, data) {
+      if (err || data.error || !data.hits || data.hits.total <= 10) {
+        return nextCb();
+      }
+      async.forEachSeries(data.hits.hits, function(item, forNextCb) {
+        if (data.hits.total <= 10) {
+          return forNextCb("DONE");
+        }
+
+        var fields = item._source || item.fields;
+
+        var freeG;
+        try {
+          var stat = fs.statVFS(fields.name);
+          freeG = stat.f_frsize/1024.0*stat.f_bavail/(1024.0*1024.0);
+        } catch (e) {
+          console.log("ERROR", e);
+          // File doesn't exist, delete it
+          freeG = minFreeSpaceG - 1;
+        }
+        if (freeG < minFreeSpaceG) {
+          data.hits.total--;
+          console.log("Deleting", item);
+          return Db.deleteFile(fields.node, item._id, fields.name, forNextCb);
+        } else {
+          return forNextCb("DONE");
+        }
+      }, function () {
+        return nextCb();
+      });
+  });
+}
+
+function expireCheckDevice (nodes, stat, nextCb) {
+  var doit = false;
+  var minFreeSpaceG = 0;
+  async.forEach(nodes, function(node, cb) {
+    var freeSpaceG = Config.getFull(node, "freeSpaceG", "5%");
+    if (freeSpaceG[freeSpaceG.length-1] === "%") {
+      freeSpaceG = (+freeSpaceG.substr(0,freeSpaceG.length-1)) * 0.01 * stat.f_frsize/1024.0*stat.f_blocks/(1024.0*1024.0);
+    }
+    var freeG = stat.f_frsize/1024.0*stat.f_bavail/(1024.0*1024.0);
+    if (freeG < freeSpaceG) {
+      doit = true;
+    }
+
+    if (freeSpaceG > minFreeSpaceG) {
+      minFreeSpaceG = freeSpaceG;
+    }
+
+    cb();
+  }, function () {
+    if (doit) {
+      expireDevice(nodes, stat.dirs, minFreeSpaceG, nextCb);
+    } else {
+      return nextCb();
+    }
+  });
+}
+
+function expireCheckAll () {
+  var devToStat = {};
+  // Find all the nodes running on this host
+  Db.hostnameToNodeids(Config.hostName(), function(nodes) {
+    // Current node name should always be checked too
+    if (!nodes.includes(Config.nodeName())) {
+      nodes.push(Config.nodeName());
+    }
+
+    // Find all the pcap dirs for local nodes
+    async.map(nodes, function (node, cb) {
+      var pcapDirs = Config.getFull(node, "pcapDir");
+      if (typeof pcapDirs !== "string") {
+        return cb("ERROR - couldn't find pcapDir setting for node: " + node + "\nIf you have it set try running:\nnpm remove iniparser; npm cache clean; npm update iniparser");
+      }
+      // Create a mapping from device id to stat information and all directories on that device
+      pcapDirs.split(";").forEach(function (pcapDir) {
+        if (!pcapDir) {
+          return; // Skip empty elements.  Prevents errors when pcapDir has a trailing or double ;
+        }
+        pcapDir = pcapDir.trim();
+        var fileStat = fs.statSync(pcapDir);
+        var vfsStat = fs.statVFS(pcapDir);
+        if (!devToStat[fileStat.dev]) {
+          vfsStat.dirs = {};
+          vfsStat.dirs[pcapDir] = {};
+          devToStat[fileStat.dev] = vfsStat;
+        } else {
+          devToStat[fileStat.dev].dirs[pcapDir] = {};
+        }
+      });
+      cb(null);
+    },
+    function (err) {
+      // Now gow through all the local devices and check them
+      var keys = Object.keys(devToStat);
+      async.forEachSeries(keys, function (key, cb) {
+        expireCheckDevice(nodes, devToStat[key], cb);
+      }, function (err) {
+      });
+    });
+  });
+}
+//////////////////////////////////////////////////////////////////////////////////
+//// Sessions Query
+//////////////////////////////////////////////////////////////////////////////////
+function addSortToQuery(query, info, d) {
+
+  function addSortDefault() {
+    if (d) {
+      if (!query.sort) {
+        query.sort = [];
+      }
+      var obj = {};
+      obj[d] = {order: "asc"};
+      obj[d].missing = '_last';
+      query.sort.push(obj);
+    }
+  }
+
+  if (!info) {
+    addSortDefault();
+    return;
+  }
+
+  // New Method
+  if (info.order) {
+    if (info.order.length === 0) {
+      addSortDefault();
+      return;
+    }
+
+    if (!query.sort) {
+      query.sort = [];
+    }
+
+    info.order.split(",").forEach(function(item) {
+      var parts = item.split(":");
+      var field = parts[0];
+
+      var obj = {};
+      if (field === "firstPacket") {
+        obj.firstPacket = {order: parts[1]};
+      } else if (field === "lastPacket") {
+        obj.lastPacket = {order: parts[1]};
+      } else {
+        obj[field] = {order: parts[1]};
+      }
+
+      obj[field].unmapped_type = "string";
+      var fieldInfo  = Config.getDBFieldsMap()[field];
+      if (fieldInfo) {
+        if (fieldInfo.type === "ip") {
+          obj[field].unmapped_type = "ip";
+        } else if (fieldInfo.type === "integer") {
+          obj[field].unmapped_type = "long";
+        }
+      }
+      obj[field].missing = (parts[1] === 'asc'?'_last':'_first');
+      query.sort.push(obj);
+    });
+    return;
+  }
+
+  // Old Method
+  if (!info.iSortingCols || parseInt(info.iSortingCols, 10) === 0) {
+    addSortDefault();
+    return;
+  }
+
+  if (!query.sort) {
+    query.sort = [];
+  }
+
+  for (let i = 0, ilen = parseInt(info.iSortingCols, 10); i < ilen; i++) {
+    if (!info["iSortCol_" + i] || !info["sSortDir_" + i] || !info["mDataProp_" + info["iSortCol_" + i]]) {
+      continue;
+    }
+
+    var obj = {};
+    var field = info["mDataProp_" + info["iSortCol_" + i]];
+    obj[field] = {order: info["sSortDir_" + i]};
+    query.sort.push(obj);
+
+    if (field === "firstPacket") {
+      query.sort.push({firstPacket: {order: info["sSortDir_" + i]}});
+    } else if (field === "lastPacket") {
+      query.sort.push({lastPacket: {order: info["sSortDir_" + i]}});
+    }
+  }
+}
+
+/* This method fixes up parts of the query that jison builds to what ES actually
+ * understands.  This includes mapping all the tag fields from strings to numbers
+ * and any of the filename stuff
+ */
+function lookupQueryItems(query, doneCb) {
+  if (Config.get("multiES", false)) {
+    return doneCb(null);
+  }
+
+  var outstanding = 0;
+  var finished = 0;
+  var err = null;
+
+  //jshint latedef: nofunc
+  function process(parent, obj, item) {
+    // console.log("\nprocess:\n", item, obj, typeof obj[item], "\n");
+    if (item === "fileand" && typeof obj[item] === "string") {
+      var name = obj.fileand;
+      delete obj.fileand;
+      outstanding++;
+      Db.fileNameToFiles(name, function (files) {
+        outstanding--;
+        if (files === null || files.length === 0) {
+          err = "File '" + name + "' not found";
+        } else if (files.length > 1) {
+          obj.bool = {should: []};
+          files.forEach(function(file) {
+            obj.bool.should.push({bool: {must: [{term: {node: file.node}}, {term: {fileId: file.num}}]}});
+          });
+        } else {
+          obj.bool = {must: [{term: {node: files[0].node}}, {term: {fileId: files[0].num}}]};
+        }
+        if (finished && outstanding === 0) {
+          doneCb(err);
+        }
+      });
+    } else if (item === 'field' && obj.field === 'fileand') {
+      obj.field = 'fileId';
+    } else if (typeof obj[item] === "object") {
+      convert(obj, obj[item]);
+    }
+  }
+
+  function convert(parent, obj) {
+    for (var item in obj) {
+      process(parent, obj, item);
+    }
+  }
+
+  convert(null, query);
+  if (outstanding === 0) {
+    return doneCb(err);
+  }
+
+  finished = 1;
+}
+
+function buildSessionQuery (req, buildCb) {
+  // validate time limit is not exceeded
+  let timeLimitExceeded = false;
+
+  if (parseInt(req.query.date) > parseInt(req.user.timeLimit) ||
+    (req.query.date === '-1') && req.user.timeLimit) {
+    timeLimitExceeded = true;
+  } else if (req.query.startTime && req.query.stopTime) {
+    if (! /^[0-9]+$/.test(req.query.startTime)) {
+      req.query.startTime = Date.parse(req.query.startTime.replace('+', ' ')) / 1000;
+    } else {
+      req.query.startTime = parseInt(req.query.startTime, 10);
+    }
+
+    if (! /^[0-9]+$/.test(req.query.stopTime)) {
+      req.query.stopTime = Date.parse(req.query.stopTime.replace('+', ' ')) / 1000;
+    } else {
+      req.query.stopTime = parseInt(req.query.stopTime, 10);
+    }
+
+    if (req.user.timeLimit && (req.query.stopTime - req.query.startTime) / 3600 > req.user.timeLimit) {
+      timeLimitExceeded = true;
+    }
+  }
+
+  if (timeLimitExceeded) {
+    console.log(`${req.user.userName} trying to exceed time limit: ${req.user.timeLimit} hours`);
+    return buildCb(`User time limit (${req.user.timeLimit} hours) exceeded`, {});
+  }
+
+  var limit = Math.min(2000000, +req.query.length || +req.query.iDisplayLength || 100);
+
+  var query = {from: req.query.start || req.query.iDisplayStart || 0,
+               size: limit,
+               timeout: internals.esQueryTimeout,
+               query: {bool: {filter: []}}
+              };
+
+  if (query.from === 0) {
+    delete query.from;
+  }
+
+  if (req.query.strictly === "true") {
+    req.query.bounding = "both";
+  }
+
+  var interval;
+  if ((req.query.date && req.query.date === '-1') ||
+      (req.query.segments && req.query.segments === "all")) {
+    interval = 60*60; // Hour to be safe
+  } else if (req.query.startTime !== undefined && req.query.stopTime) {
+    switch (req.query.bounding) {
+    case "first":
+      query.query.bool.filter.push({range: {firstPacket: {gte: req.query.startTime*1000, lte: req.query.stopTime*1000}}});
+      break;
+    default:
+    case "last":
+      query.query.bool.filter.push({range: {lastPacket: {gte: req.query.startTime*1000, lte: req.query.stopTime*1000}}});
+      break;
+    case "both":
+      query.query.bool.filter.push({range: {firstPacket: {gte: req.query.startTime*1000}}});
+      query.query.bool.filter.push({range: {lastPacket: {lte: req.query.stopTime*1000}}});
+      break;
+    case "either":
+      query.query.bool.filter.push({range: {firstPacket: {lte: req.query.stopTime*1000}}});
+      query.query.bool.filter.push({range: {lastPacket: {gte: req.query.startTime*1000}}});
+      break;
+    case "database":
+      query.query.bool.filter.push({range: {timestamp: {gte: req.query.startTime*1000, lte: req.query.stopTime*1000}}});
+      break;
+    }
+
+    var diff = req.query.stopTime - req.query.startTime;
+    if (diff < 30*60) {
+      interval = 1; // second
+    } else if (diff <= 5*24*60*60) {
+      interval = 60; // minute
+    } else {
+      interval = 60*60; // hour
+    }
+  } else {
+    if (!req.query.date) {
+      req.query.date = 1;
+    }
+    req.query.startTime = (Math.floor(Date.now() / 1000) - 60*60*parseInt(req.query.date, 10));
+    req.query.stopTime = Date.now()/1000;
+
+    switch (req.query.bounding) {
+    case "first":
+      query.query.bool.filter.push({range: {firstPacket: {gte: req.query.startTime*1000}}});
+      break;
+    default:
+    case "both":
+    case "last":
+      query.query.bool.filter.push({range: {lastPacket: {gte: req.query.startTime*1000}}});
+      break;
+    case "either":
+      query.query.bool.filter.push({range: {firstPacket: {lte: req.query.stopTime*1000}}});
+      query.query.bool.filter.push({range: {lastPacket: {gte: req.query.startTime*1000}}});
+      break;
+    case "database":
+      query.query.bool.filter.push({range: {timestamp: {gte: req.query.startTime*1000}}});
+      break;
+    }
+
+    if (req.query.date <= 5*24) {
+      interval = 60; // minute
+    } else {
+      interval = 60 * 60; // hour
+    }
+  }
+
+  switch (req.query.interval) {
+    case 'second':
+      interval = 1;
+      break;
+    case 'minute':
+      interval = 60;
+      break;
+    case 'hour':
+      interval = 60 * 60;
+      break;
+    case 'day':
+      interval = 60 * 60 * 24;
+      break;
+    case 'week':
+      interval = 60 * 60 * 24 * 7;
+      break;
+  }
+
+  if (req.query.facets) {
+    query.aggregations = {};
+    // only add map aggregations if requested
+    if (req.query.map === 'true') {
+      query.aggregations = {
+        mapG1: { terms: { field: 'srcGEO', size: 1000, min_doc_count: 1} },
+        mapG2: { terms: { field: 'dstGEO', size: 1000, min_doc_count: 1} },
+        mapG3: { terms: { field: 'http.xffGEO', size: 1000, min_doc_count: 1} }
+      };
+    }
+    query.aggregations.dbHisto = {
+      aggregations: {
+        srcDataBytes: { sum: { field: 'srcDataBytes' } },
+        dstDataBytes: { sum: { field: 'dstDataBytes' } },
+        srcBytes: { sum: { field: 'srcBytes' } },
+        dstBytes: { sum: { field: 'dstBytes' } },
+        srcPackets: { sum: { field: 'srcPackets' } },
+        dstPackets: { sum: { field: 'dstPackets' } }
+      }
+    };
+
+    switch (req.query.bounding) {
+    case 'first':
+       query.aggregations.dbHisto.histogram = { field:'firstPacket', interval:interval*1000, min_doc_count:1 };
+      break;
+    case 'database':
+      query.aggregations.dbHisto.histogram = { field:'timestamp', interval:interval*1000, min_doc_count:1 };
+      break;
+    default:
+      query.aggregations.dbHisto.histogram = { field:'lastPacket', interval:interval*1000, min_doc_count:1 };
+      break;
+    }
+  }
+
+  addSortToQuery(query, req.query, 'firstPacket');
+
+  let err = null;
+
+  molochparser.parser.yy = {
+    views: req.user.views,
+    fieldsMap: Config.getFieldsMap(),
+    prefix: internals.prefix,
+    emailSearch: req.user.emailSearch === true,
+    lookups: req.lookups,
+    lookupTypeMap: internals.lookupTypeMap
+  };
+
+  if (req.query.expression) {
+    //req.query.expression = req.query.expression.replace(/\\/g, "\\\\");
+    try {
+      query.query.bool.filter.push(molochparser.parse(req.query.expression));
+    } catch (e) {
+      err = e;
+    }
+  }
+
+  if (!err && req.query.view) {
+    addViewToQuery(req, query, continueBuildQuery, buildCb);
+  } else {
+    continueBuildQuery(req, query, err, buildCb);
+  }
+}
+
+function addViewToQuery(req, query, continueBuildQueryCb, finalCb) {
+  let err;
+  let viewExpression;
+  if (req.user.views && req.user.views[req.query.view]) { // it's a user's view
+    try {
+      viewExpression = molochparser.parse(req.user.views[req.query.view].expression);
+      query.query.bool.filter.push(viewExpression);
+    } catch (e) {
+      console.log(`ERROR - User expression (${req.query.view}) doesn't compile -`, e);
+      err = e;
+    }
+    continueBuildQueryCb(req, query, err, finalCb);
+  } else { // it's a shared view
+    Db.getUser('_moloch_shared', (err, sharedUser) => {
+      if (sharedUser && sharedUser.found) {
+        sharedUser = sharedUser._source;
+        sharedUser.views = sharedUser.views || {};
+        for (let viewName in sharedUser.views) {
+          if (viewName === req.query.view) {
+            viewExpression = sharedUser.views[viewName].expression;
+            break;
+          }
+        }
+        if (sharedUser.views[req.query.view]) {
+          try {
+            viewExpression = molochparser.parse(sharedUser.views[req.query.view].expression);
+            query.query.bool.filter.push(viewExpression);
+          } catch (e) {
+            console.log(`ERROR - Shared user expression (${req.query.view}) doesn't compile -`, e);
+            err = e;
+          }
+        }
+        continueBuildQueryCb(req, query, err, finalCb);
+      }
+    });
+  }
+}
+
+function continueBuildQuery(req, query, err, finalCb) {
+  if (!err && req.user.expression && req.user.expression.length > 0) {
+    try {
+      // Expression was set by admin, so assume email search ok
+      molochparser.parser.yy.emailSearch = true;
+      var userExpression = molochparser.parse(req.user.expression);
+      query.query.bool.filter.push(userExpression);
+    } catch (e) {
+      console.log(`ERROR - Forced expression (${req.user.expression}) doesn't compile -`, e);
+      err = e;
+    }
+  }
+
+  lookupQueryItems(query.query.bool.filter, function (lerr) {
+    if (req.query.date === '-1' ||                                      // An all query
+        (req.query.bounding || "last") !== "last" ||                    // Not a last bounded query
+        Config.get("queryAllIndices", Config.get("multiES", false))) {  // queryAllIndices (default: multiES)
+      return finalCb(err || lerr, query, "sessions2-*"); // Then we just go against all indices for a slight overhead
+    }
+
+    Db.getIndices(req.query.startTime, req.query.stopTime, Config.get("rotateIndex", "daily"), function(indices) {
+      if (indices.length > 3000) { // Will url be too long
+        return finalCb(err || lerr, query, "sessions2-*");
+      } else {
+        return finalCb(err || lerr, query, indices);
+      }
+    });
+  });
+}
+//////////////////////////////////////////////////////////////////////////////////
+//// Sessions List
+//////////////////////////////////////////////////////////////////////////////////
+function sessionsListAddSegments(req, indices, query, list, cb) {
+  var processedRo = {};
+
+  // Index all the ids we have, so we don't include them again
+  var haveIds = {};
+  list.forEach(function(item) {
+    haveIds[item._id] = true;
+  });
+
+  delete query.aggregations;
+
+  // Do a ro search on each item
+  var writes = 0;
+  async.eachLimit(list, 10, function(item, nextCb) {
+    var fields = item._source || item.fields;
+    if (!fields.rootId || processedRo[fields.rootId]) {
+      if (writes++ > 100) {
+        writes = 0;
+        setImmediate(nextCb);
+      } else {
+        nextCb();
+      }
+      return;
+    }
+    processedRo[fields.rootId] = true;
+
+    query.query.bool.filter.push({term: {rootId: fields.rootId}});
+    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
+      if (err || result === undefined || result.hits === undefined || result.hits.hits === undefined) {
+        console.log("ERROR fetching matching sessions", err, result);
+        return nextCb(null);
+      }
+      result.hits.hits.forEach(function(item) {
+        if (!haveIds[item._id]) {
+          haveIds[item._id] = true;
+          list.push(item);
+        }
+      });
+      return nextCb(null);
+    });
+    query.query.bool.filter.pop();
+
+  }, function (err) {
+    cb(err, list);
+  });
+}
+
+function sessionsListFromQuery(req, res, fields, cb) {
+  if (req.query.segments && req.query.segments.match(/^(time|all)$/) && fields.indexOf("rootId") === -1) {
+    fields.push("rootId");
+  }
+
+  buildSessionQuery(req, function(err, query, indices) {
+    if (err) {
+      return res.send("Could not build query.  Err: " + err);
+    }
+    query._source = fields;
+    if (Config.debug) {
+      console.log("sessionsListFromQuery query", JSON.stringify(query, null, 1));
+    }
+    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
+      if (err || result.error) {
+          console.log("ERROR - Could not fetch list of sessions.  Err: ", err,  " Result: ", result, "query:", query);
+          return res.send("Could not fetch list of sessions.  Err: " + err + " Result: " + result);
+      }
+      var list = result.hits.hits;
+      if (req.query.segments && req.query.segments.match(/^(time|all)$/)) {
+        sessionsListAddSegments(req, indices, query, list, function(err, list) {
+          cb(err, list);
+        });
+      } else {
+        cb(err, list);
+      }
+    });
+  });
+}
+
+function sessionsListFromIds(req, ids, fields, cb) {
+  var processSegments = false;
+  if (req && ((req.query.segments && req.query.segments.match(/^(time|all)$/)) || (req.body.segments && req.body.segments.match(/^(time|all)$/)))) {
+    if (fields.indexOf("rootId") === -1) { fields.push("rootId"); }
+    processSegments = true;
+  }
+
+  let list = [];
+  let nonArrayFields = ["ipProtocol", "firstPacket", "lastPacket", "srcIp", "srcPort", "srcGEO", "dstIp", "dstPort", "dstGEO", "totBytes", "totDataBytes", "totPackets", "node", "rootId", "http.xffGEO"];
+  let fixFields = nonArrayFields.filter(function(x) {return fields.indexOf(x) !== -1;});
+
+  async.eachLimit(ids, 10, function(id, nextCb) {
+    Db.getWithOptions(Db.sid2Index(id), 'session', Db.sid2Id(id), {_source: fields.join(",")}, function(err, session) {
+      if (err) {
+        return nextCb(null);
+      }
+
+      for (let i = 0; i < fixFields.length; i++) {
+        var field = fixFields[i];
+        if (session._source[field] && Array.isArray(session._source[field])) {
+          session._source[field] = session._source[field][0];
+        }
+      }
+
+      list.push(session);
+      nextCb(null);
+    });
+  }, function(err) {
+    if (processSegments) {
+      buildSessionQuery(req, function(err, query, indices) {
+        query._source = fields;
+        sessionsListAddSegments(req, indices, query, list, function(err, list) {
+          cb(err, list);
+        });
+      });
+    } else {
+      cb(err, list);
+    }
+  });
+}
+
+//////////////////////////////////////////////////////////////////////////////////
+//// APIs
+//////////////////////////////////////////////////////////////////////////////////
+app.get('/history/list', [noCacheJson, recordResponseTime, setCookie], (req, res) => {
+  let userId;
+  if (req.user.createEnabled) { // user is an admin, they can view all logs
+    // if the admin has requested a specific user
+    if (req.query.userId) { userId = req.query.userId; }
+  } else { // user isn't an admin, so they can only view their own logs
+    if (req.query.userId && req.query.userId !== req.user.userId) { return res.molochError(403, 'Need admin privileges'); }
+    userId = req.user.userId;
+  }
+
+  let query = {
+    sort: {},
+    from: +req.query.start  || 0,
+    size: +req.query.length || 1000
+  };
+
+  query.sort[req.query.sortField || 'timestamp'] = { order: req.query.desc === 'true' ? 'desc': 'asc'};
+
+  if (req.query.searchTerm || userId) {
+    query.query = { bool: { must: [] } };
+
+    if (req.query.searchTerm) { // apply search term
+      query.query.bool.must.push({
+        query_string: {
+          query : req.query.searchTerm,
+          fields: ['expression','userId','api','view.name','view.expression']
+        }
+      });
+    }
+
+    if (userId) { // filter on userId
+      query.query.bool.must.push({
+        wildcard: { userId: '*' + userId + '*' }
+      });
+    }
+  }
+
+  if (req.query.api) { // filter on api endpoint
+    if (!query.query) { query.query = { bool: { must: [] } }; }
+    query.query.bool.must.push({
+      wildcard: { api: '*' + req.query.api + '*' }
+    });
+  }
+
+  if (req.query.exists) {
+    if (!query.query) { query.query = { bool: { must: [] } }; }
+    let existsArr = req.query.exists.split(',');
+    for (let i = 0, len = existsArr.length; i < len; ++i) {
+      query.query.bool.must.push({
+        exists: { field:existsArr[i] }
+      });
+    }
+  }
+
+  // filter history table by a time range
+  if (req.query.startTime && req.query.stopTime) {
+    if (! /^[0-9]+$/.test(req.query.startTime)) {
+      req.query.startTime = Date.parse(req.query.startTime.replace("+", " "))/1000;
+    } else {
+      req.query.startTime = parseInt(req.query.startTime, 10);
+    }
+
+    if (! /^[0-9]+$/.test(req.query.stopTime)) {
+      req.query.stopTime = Date.parse(req.query.stopTime.replace("+", " "))/1000;
+    } else {
+      req.query.stopTime = parseInt(req.query.stopTime, 10);
+    }
+
+    if (!query.query) { query.query = { bool: {} }; }
+    query.query.bool.filter = [{
+      range: { timestamp: {
+        gte: req.query.startTime,
+        lte: req.query.stopTime
+      } }
+    }];
+  }
+
+  Promise.all([Db.searchHistory(query),
+               Db.numberOfLogs()
+              ])
+  .then(([logs, total]) => {
+    if (logs.error) { throw logs.error; }
+
+    let results = { total:logs.hits.total, results:[] };
+    for (let i = 0, ilen = logs.hits.hits.length; i < ilen; i++) {
+      let hit = logs.hits.hits[i];
+      let log = hit._source;
+      log.id = hit._id;
+      log.index = hit._index;
+      if (!req.user.createEnabled) {
+        // remove forced expression for reqs made by nonadmin users
+        log.forcedExpression = undefined;
+      }
+      results.results.push(log);
+    }
+    let r = {
+      recordsTotal: total.count,
+      recordsFiltered: results.total,
+      data: results.results
+    };
+    res.send(r);
+  }).catch(err => {
+    console.log('ERROR - /history/logs', err);
+    return res.molochError(500, 'Error retrieving log history - ' + err);
+  });
+});
+
+app.delete('/history/list/:id', [noCacheJson, checkCookieToken, checkPermissions(['createEnabled', 'removeEnabled'])], (req, res) => {
+  if (!req.query.index) { return res.molochError(403, 'Missing history index'); }
+
+  Db.deleteHistoryItem(req.params.id, req.query.index, function(err, result) {
+    if (err || result.error) {
+      console.log('ERROR - deleting history item', err || result.error);
+      return res.molochError(500, 'Error deleting history item');
+    } else {
+      res.send(JSON.stringify({success: true, text: 'Deleted history item successfully'}));
+    }
+  });
+});
+
+
+app.get('/fields', function(req, res) {
+  if (!app.locals.fieldsMap) {
+    res.status(404);
+    res.send('Cannot locate fields');
+  }
+
+  if (req.query && req.query.array) {
+    res.send(app.locals.fieldsArr);
+  } else {
+    res.send(app.locals.fieldsMap);
+  }
+});
+
+app.get('/file/list', [noCacheJson, recordResponseTime, logAction('files'), checkPermissions(['hideFiles']), setCookie], (req, res) => {
+  var columns = ["num", "node", "name", "locked", "first", "filesize"];
+
+  var query = {_source: columns,
+               from: +req.query.start || 0,
+               size: +req.query.length || 10,
+               sort: {}
+              };
+
+  query.sort[req.query.sortField || "num"] = { order: req.query.desc === "true" ? "desc": "asc"};
+
+  if (req.query.filter) {
+    query.query = {wildcard: {name: "*" + req.query.filter + "*"}};
+  }
+
+  Promise.all([Db.search('files', 'file', query),
+               Db.numberOfDocuments('files')
+              ])
+  .then(([files, total]) => {
+    if (files.error) {throw files.error;}
+
+    var results = {total: files.hits.total, results: []};
+    for (let i = 0, ilen = files.hits.hits.length; i < ilen; i++) {
+      var fields = files.hits.hits[i]._source || files.hits.hits[i].fields;
+      if (fields.locked === undefined) {
+        fields.locked = 0;
+      }
+      fields.id = files.hits.hits[i]._id;
+      results.results.push(fields);
+    }
+
+    var r = {recordsTotal: total.count,
+             recordsFiltered: results.total,
+             data: results.results};
+    res.logCounts(r.data.length, r.recordsFiltered, r.total);
+    res.send(r);
+
+  }).catch((err) => {
+    console.log("ERROR - /file/list", err);
+    return res.send({recordsTotal: 0, recordsFiltered: 0, data: []});
+  });
+});
+
+app.get('/titleconfig', checkPermissions(['webEnabled']), (req, res) => {
+  var titleConfig = Config.get('titleTemplate', '_cluster_ - _page_ _-view_ _-expression_');
+
+  titleConfig = titleConfig.replace(/_cluster_/g, internals.clusterName)
+    .replace(/_userId_/g, req.user?req.user.userId:"-")
+    .replace(/_userName_/g, req.user?req.user.userName:"-");
+
+  res.send(titleConfig);
+});
+
+app.get('/molochRightClick', [noCacheJson, checkPermissions(['webEnabled'])], (req, res) => {
+  if(!app.locals.molochRightClick) {
+    res.status(404);
+    res.send('Cannot locate right clicks');
+  }
+  res.send(app.locals.molochRightClick);
+});
+
+// No auth necessary for eshealth.json
+app.get('/eshealth.json', [noCacheJson], (req, res) => {
+  Db.healthCache(function(err, health) {
+    res.send(health);
+  });
+});
+
+app.get('/esindices/list', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
+  async.parallel({
+    indices: Db.indicesCache,
+    indicesSettings: Db.indicesSettingsCache
+  }, function (err, results) {
+    if (err) {
+      console.log ('ERROR -  /esindices/list', err);
+      return res.send({
+        recordsTotal: 0,
+        recordsFiltered: 0,
+        data: []
+      });
+    }
+
+    const indices = results.indices;
+    const indicesSettings = results.indicesSettings;
+
+    let findices = [];
+
+    // filtering
+    if (req.query.filter !== undefined) {
+      try {
+        const regex = new RE2(req.query.filter);
+        for (const index of indices) {
+          if (!index.index.match(regex)) { continue; }
+          findices.push(index);
+        }
+      } catch (e) {
+        return res.molochError(500, `Regex Error: ${e}`);
+      }
+    } else {
+      findices = indices;
+    }
+
+    // Add more fields from indicesSettings
+    for (const index of findices) {
+      if (!indicesSettings[index.index]) { continue; }
+
+      if (indicesSettings[index.index].settings['index.routing.allocation.require.molochtype']) {
+        index.molochtype = indicesSettings[index.index].settings['index.routing.allocation.require.molochtype'];
+      }
+
+      if (indicesSettings[index.index].settings['index.routing.allocation.total_shards_per_node']) {
+        index.shardsPerNode = indicesSettings[index.index].settings['index.routing.allocation.total_shards_per_node'];
+      }
+
+      index.creationDate = parseInt(indicesSettings[index.index].settings['index.creation_date']);
+      index.versionCreated = parseInt(indicesSettings[index.index].settings['index.version.created']);
+    }
+
+    // sorting
+    const sortField = req.query.sortField || 'index';
+    if (sortField === 'index' || sortField === 'status' || sortField === 'health') {
+      if (req.query.desc === 'true') {
+        findices = findices.sort(function (a, b) { return b[sortField].localeCompare(a[sortField]); });
+      } else {
+        findices = findices.sort(function (a, b) { return a[sortField].localeCompare(b[sortField]); });
+      }
+    } else {
+      if (req.query.desc === 'true') {
+        findices = findices.sort(function (a,b) { return b[sortField] - a[sortField]; });
+      } else {
+        findices = findices.sort(function (a,b) { return a[sortField] - b[sortField]; });
+      }
+    }
+
+    // send result
+    return res.send({
+      recordsTotal: indices.length,
+      recordsFiltered: findices.length,
+      data: findices
+    });
+  });
+});
+
+app.delete('/esindices/:index', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
+  if (!req.params.index) {
+    return res.molochError(403, 'Missing index to delete');
+  }
+
+  Db.deleteIndex([req.params.index], {}, (err, result) => {
+    if (err) {
+      res.status(404);
+      return res.send(JSON.stringify({ success:false, text:'Error deleting index' }));
+    }
+    return res.send(JSON.stringify({ success: true, text: result }));
+  });
+});
+
+app.post('/esindices/:index/optimize', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
+  if (!req.params.index) {
+    return res.molochError(403, 'Missing index to optimize');
+  }
+
+  Db.optimizeIndex([req.params.index], {}, (err, result) => {
+    if (err) {
+      console.log ("ERROR -", req.params.index, "optimize failed", err);
+    }
+  });
+
+  // Always return right away, optimizeIndex might block
+  return res.send(JSON.stringify({ success: true, text: {} }));
+});
+
+app.post('/esindices/:index/close', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
+  if (!req.params.index) {
+    return res.molochError(403, 'Missing index to close');
+  }
+
+  Db.closeIndex([req.params.index], {}, (err, result) => {
+    if (err) {
+      res.status(404);
+      return res.send(JSON.stringify({ success:false, text:'Error closing index' }));
+    }
+    return res.send(JSON.stringify({ success: true, text: result }));
+  });
+});
+
+app.post('/esindices/:index/open', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
+  if (!req.params.index) {
+    return res.molochError(403, 'Missing index to open');
+  }
+
+  Db.openIndex([req.params.index], {}, (err, result) => {
+    if (err) {
+      console.log ("ERROR -", req.params.index, "open failed", err);
+    }
+  });
+
+  // Always return right away, openIndex might block
+  return res.send(JSON.stringify({ success: true, text: {} }));
+});
+
+app.post('/esindices/:index/shrink', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
+  if (!req.body || !req.body.target) {
+    return res.molochError(403, 'Missing target');
+  }
+
+  let settingsParams = {
+    body: {
+      'index.routing.allocation.total_shards_per_node': null,
+      'index.routing.allocation.require._name': req.body.target,
+      'index.blocks.write': true
+    }
+  };
+
+  Db.setIndexSettings(req.params.index, settingsParams, (err, results) => {
+    if (err) {
+      return res.send(JSON.stringify({
+        success: false,
+        text: err.message || 'Error shrinking index'
+      }));
+    }
+
+    let shrinkParams = {
+      body: {
+        settings: {
+          'index.routing.allocation.require._name': null,
+          'index.blocks.write': null,
+          'index.codec': 'best_compression',
+          'index.number_of_shards': req.body.numShards || 1
+        }
+      }
+    };
+
+    // wait for no more reloacting shards
+    let shrinkCheckInterval = setInterval(() => {
+      Db.healthCachePromise()
+        .then((result) => {
+          if (result.relocating_shards === 0) {
+            clearInterval(shrinkCheckInterval);
+            Db.shrinkIndex(req.params.index, shrinkParams, (err, results) => {
+              if (err) {
+                console.log(`ERROR - ${req.params.index} shrink failed`, err);
+              }
+              Db.indices((err, indexResult) => {
+                if (err) {
+                  console.log(`Error fetching ${req.params.index} and ${req.params.index}-shrink indices after shrinking`);
+                } else if (indexResult[0] && indexResult[1] &&
+                  indexResult[0]['docs.count'] === indexResult[1]['docs.count']) {
+                  Db.deleteIndex([req.params.index], {}, (err, result) => {
+                    if (err) {
+                      console.log(`Error deleting ${req.params.index} index after shrinking`);
+                    }
+                  });
+                }
+              }, `${req.params.index}-shrink,${req.params.index}`);
+            });
+          }
+        });
+    }, 10000);
+
+    // always return right away, shrinking might take a while
+    return res.send(JSON.stringify({ success: true }));
+  });
+});
+
+app.get('/estask/list', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
+  Db.tasks(function (err, tasks) {
+    if (err) {
+      console.log ('ERROR -  /estask/list', err);
+      return res.send({
+        recordsTotal: 0,
+        recordsFiltered: 0,
+        data: []
+      });
+    }
+
+    tasks = tasks.tasks;
+
+    let regex;
+    if (req.query.filter !== undefined) {
+      try {
+        regex = new RE2(req.query.filter);
+      } catch (e) {
+        return res.molochError(500, `Regex Error: ${e}`);
+      }
+    }
+
+    let rtasks = [];
+    for (const key in tasks) {
+      let task = tasks[key];
+
+      task.taskId = key;
+      if (task.children) {
+        task.childrenCount = task.children.length;
+      } else {
+        task.childrenCount = 0;
+      }
+      delete task.children;
+
+      if (req.query.cancellable && req.query.cancellable === 'true') {
+        if (!task.cancellable) { continue; }
+      }
+
+      if (task.headers['X-Opaque-Id']) {
+        let parts = splitRemain(task.headers['X-Opaque-Id'], '::', 1);
+        task.user = (parts.length === 1?'':parts[0]);
+      } else {
+        task.user = '';
+      }
+
+      if (regex && (!task.action.match(regex) && !task.user.match(regex))) { continue; }
+
+      rtasks.push(task);
+    }
+
+    const sortField = req.query.sortField || 'action';
+    if (sortField === 'action' || sortField === 'user') {
+      if (req.query.desc === 'true') {
+        rtasks = rtasks.sort(function (a, b) { return b.action.localeCompare(a.index); });
+      } else {
+        rtasks = rtasks.sort(function (a, b) { return a.action.localeCompare(b.index); });
+      }
+    } else {
+      if (req.query.desc === 'true') {
+        rtasks = rtasks.sort(function (a, b) { return b[sortField] - a[sortField]; });
+      } else {
+        rtasks = rtasks.sort(function (a, b) { return a[sortField] - b[sortField]; });
+      }
+    }
+
+    let size = parseInt(req.query.size) || 1000;
+    if (rtasks.length > size) {
+      rtasks = rtasks.slice(0, size);
+    }
+
+    return res.send({
+      recordsTotal: Object.keys(tasks).length,
+      recordsFiltered: rtasks.length,
+      data: rtasks
+    });
+  });
+});
+
+app.post('/estask/cancel', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
+  if (!req.body || !req.body.taskId) {
+    return res.molochError(403, 'Missing/Empty required fields');
+  }
+
+  Db.taskCancel(req.body.taskId, (err, result) => {
+    return res.send(JSON.stringify({ success: true, text: result }));
+  });
+});
+
+app.post('/estask/cancelById', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
+  if (!req.body || !req.body.cancelId) {
+    return res.molochError(403, 'Missing cancel ID');
+  }
+
+  Db.cancelByOpaqueId(`${req.user.userId}::${req.body.cancelId}`, (err, result) => {
+    return res.send(JSON.stringify({ success: true, text: result }));
+  });
+});
+
+app.post('/estask/cancelAll', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
+  Db.taskCancel(undefined, (err, result) => {
+    return res.send(JSON.stringify({ success: true, text: result }));
+  });
+});
+
+//////////////////////////////////////////////////////////////////////////////////
+function checkEsAdminUser (req, res, next) {
+  if (internals.esAdminUsers.includes(req.user.userId)) {
+    return next();
+  }
+  return res.molochError(403, 'You do not have permission to access this resource');
+}
+
+app.get('/esadmin/list', [noCacheJson, recordResponseTime, checkEsAdminUser, setCookie], (req, res) => {
+  Promise.all([Db.getClusterSettings({flatSettings: true, include_defaults: true})
+              ]).then(([settings]) => {
+    let rsettings = [];
+
+    function addSetting(key, type, name, url, regex) {
+      let current = settings.transient[key];
+      if (current === undefined) { current = settings.persistent[key]; }
+      if (current === undefined) { current = settings.defaults[key]; }
+      if (current === undefined) { return; }
+      rsettings.push({key: key, current: current, name: name, type: type, url: url, regex: regex});
+    }
+
+    addSetting('search.max_buckets', 'Integer',
+               'Max Aggregation Size',
+               'https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket.html',
+               '^(|null|\\d+)$');
+
+    addSetting('cluster.routing.allocation.disk.watermark.flood_stage', 'Percent or Byte Value',
+               'Disk Watermark Flood',
+               'https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html',
+               '^(|null|\\d+(%|b|kb|mb|gb|tb|pb))$');
+
+    addSetting('cluster.routing.allocation.disk.watermark.high', 'Percent or Byte Value',
+               'Disk Watermark High',
+               'https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html',
+               '^(|null|\\d+(%|b|kb|mb|gb|tb|pb))$');
+
+    addSetting('cluster.routing.allocation.disk.watermark.low', 'Percent or Byte Value',
+               'Disk Watermark Low',
+               'https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html',
+               '^(|null|\\d+(%|b|kb|mb|gb|tb|pb))$');
+
+    addSetting('cluster.routing.allocation.enable', 'Mode',
+               'Allocation Mode',
+               'https://www.elastic.co/guide/en/elasticsearch/reference/current/shards-allocation.html',
+               '^(all|primaries|new_primaries|none)$');
+
+    addSetting('cluster.routing.allocation.cluster_concurrent_rebalance', 'Integer',
+               'Concurrent Rebalances',
+               'https://www.elastic.co/guide/en/elasticsearch/reference/current/shards-allocation.html',
+               '^(|null|\\d+)$');
+
+    addSetting('cluster.routing.allocation.node_concurrent_recoveries', 'Integer',
+               'Concurrent Recoveries',
+               'https://www.elastic.co/guide/en/elasticsearch/reference/current/shards-allocation.html',
+               '^(|null|\\d+)$');
+
+    addSetting('cluster.routing.allocation.node_initial_primaries_recoveries', 'Integer',
+               'Initial Primaries Recoveries',
+               'https://www.elastic.co/guide/en/elasticsearch/reference/current/shards-allocation.html',
+               '^(|null|\\d+)$');
+
+    addSetting('cluster.max_shards_per_node', 'Integer',
+               'Max Shards per Node',
+               'https://www.elastic.co/guide/en/elasticsearch/reference/master/misc-cluster.html',
+               '^(|null|\\d+)$');
+
+    addSetting('indices.recovery.max_bytes_per_sec', 'Byte Value',
+               'Recovery Max Bytes per Second',
+               'https://www.elastic.co/guide/en/elasticsearch/reference/current/recovery.html',
+               '^(|null|\\d+(b|kb|mb|gb|tb|pb))$');
+
+    addSetting('cluster.routing.allocation.awareness.attributes', 'List of Attributes',
+               'Shard Allocation Awareness',
+               'https://www.elastic.co/guide/en/elasticsearch/reference/current/allocation-awareness.html',
+               '^(|null|[a-z0-9_,-]+)$');
+
+    addSetting('indices.breaker.total.limit', 'Percent',
+               'Breaker - Total Limit',
+               'https://www.elastic.co/guide/en/elasticsearch/reference/current/circuit-breaker.html',
+               '^(|null|\\d+%)$');
+
+    addSetting('indices.breaker.fielddata.limit', 'Percent',
+               'Breaker - Field data',
+               'https://www.elastic.co/guide/en/elasticsearch/reference/current/circuit-breaker.html',
+               '^(|null|\\d+%)$');
+
+
+    return res.send(rsettings);
+  });
+});
+
+app.post('/esadmin/set', [noCacheJson, recordResponseTime, checkEsAdminUser, checkCookieToken], (req, res) => {
+
+  if (req.body.key === undefined) { return res.molochError(500, 'Missing key'); }
+  if (req.body.value === undefined) { return res.molochError(500, 'Missing value'); }
+
+  // Convert null string to null
+  if (req.body.value === 'null') { req.body.value = null; }
+
+  let query = {body: {persistent: {}}};
+  query.body.persistent[req.body.key] = req.body.value || null;
+
+  Db.putClusterSettings(query, function(err, result) {
+    if (err) {
+      console.log("putSettings failed", result);
+      return res.molochError(500, 'Set failed');
+    }
+    return res.send(JSON.stringify({ success: true, text: 'Set'}));
+  });
+});
+
+app.post('/esadmin/reroute', [noCacheJson, recordResponseTime, checkEsAdminUser, checkCookieToken], (req, res) => {
+  Db.reroute((err) => {
+    if (err) {
+      return res.send(JSON.stringify({ success: true, text: 'Reroute failed'}));
+    } else {
+      return res.send(JSON.stringify({ success: true, text: 'Reroute successful'}));
+    }
+  });
+});
+
+app.post('/esadmin/flush', [noCacheJson, recordResponseTime, checkEsAdminUser, checkCookieToken], (req, res) => {
+  Db.refresh('*');
+  Db.flush('*');
+  return res.send(JSON.stringify({ success: true, text: 'Flushed'}));
+});
+
+app.post('/esadmin/unflood', [noCacheJson, recordResponseTime, checkEsAdminUser, checkCookieToken], (req, res) => {
+  Db.setIndexSettings('*', {'index.blocks.read_only_allow_delete': null});
+  return res.send(JSON.stringify({ success: true, text: 'Unflood'}));
+});
+
+app.get('/esshard/list', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
+  Promise.all([
+    Db.shards(),
+    Db.getClusterSettings({flatSettings: true})
+  ]).then(([shards, settings]) => {
+    let ipExcludes = [];
+    if (settings.persistent['cluster.routing.allocation.exclude._ip']) {
+      ipExcludes = settings.persistent['cluster.routing.allocation.exclude._ip'].split(',');
+    }
+
+    let nodeExcludes = [];
+    if (settings.persistent['cluster.routing.allocation.exclude._name']) {
+      nodeExcludes = settings.persistent['cluster.routing.allocation.exclude._name'].split(',');
+    }
+
+    var regex;
+    if (req.query.filter !== undefined) {
+      try {
+        regex = new RE2(req.query.filter.toLowerCase());
+      } catch (e) {
+        return res.molochError(500, `Regex Error: ${e}`);
+      }
+    }
+
+    let result = {};
+    let nodes = {};
+
+    for (var shard of shards) {
+      if (shard.node === null || shard.node === "null") { shard.node = "Unassigned"; }
+
+      if (! (req.query.show === 'all' ||
+            shard.state === req.query.show ||    //  Show only matching stage
+            (shard.state !== 'STARTED' && req.query.show === 'notstarted'))) {
+        continue;
+      }
+
+      if (regex && !shard.index.toLowerCase().match(regex) && !shard.node.toLowerCase().match(regex)) { continue; }
+
+      if (result[shard.index] === undefined) {
+        result[shard.index] = {name: shard.index, nodes: {}};
+      }
+      if (result[shard.index].nodes[shard.node] === undefined) {
+        result[shard.index].nodes[shard.node] = [];
+      }
+      result[shard.index].nodes[shard.node].push(shard);
+      nodes[shard.node] = {ip: shard.ip, ipExcluded: ipExcludes.includes(shard.ip), nodeExcluded: nodeExcludes.includes(shard.node)};
+
+      result[shard.index].nodes[shard.node]
+        .sort((a, b) => {
+          return a.shard - b.shard;
+        });
+
+      delete shard.node;
+      delete shard.index;
+    }
+
+    let indices = Object.keys(result).map((k) => result[k]);
+    if (req.query.desc === 'true') {
+      indices = indices.sort(function (a, b) {
+        return b.name.localeCompare(a.name);
+      });
+    } else {
+      indices = indices.sort(function (a, b) {
+        return a.name.localeCompare(b.name);
+      });
+    }
+    res.send({nodes: nodes, indices: indices, nodeExcludes: nodeExcludes, ipExcludes: ipExcludes});
+  });
+});
+
+app.post('/esshard/exclude/:type/:value', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
+  if (Config.get("multiES", false)) { return res.molochError(401, "Not supported in multies"); }
+
+  Db.getClusterSettings({flatSettings: true}, function(err, settings) {
+    let exclude = [];
+    let settingName;
+
+    if (req.params.type === 'ip') {
+      settingName = 'cluster.routing.allocation.exclude._ip';
+    } else if (req.params.type === 'name') {
+      settingName = 'cluster.routing.allocation.exclude._name';
+    } else {
+      return res.molochError(403, 'Unknown exclude type');
+    }
+
+    if (settings.persistent[settingName]) {
+      exclude = settings.persistent[settingName].split(',');
+    }
+
+    if (!exclude.includes(req.params.value)) {
+      exclude.push(req.params.value);
+    }
+    var query = {body: {persistent: {}}};
+    query.body.persistent[settingName] = exclude.join(',');
+
+    Db.putClusterSettings(query, function(err, settings) {
+      if (err) {console.log("putSettings", err);}
+      return res.send(JSON.stringify({ success: true, text: 'Excluded'}));
+    });
+  });
+});
+
+app.post('/esshard/include/:type/:value', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
+  if (Config.get("multiES", false)) { return res.molochError(401, "Not supported in multies"); }
+
+  Db.getClusterSettings({flatSettings: true}, function(err, settings) {
+    let exclude = [];
+    let settingName;
+
+    if (req.params.type === 'ip') {
+      settingName = 'cluster.routing.allocation.exclude._ip';
+    } else if (req.params.type === 'name') {
+      settingName = 'cluster.routing.allocation.exclude._name';
+    } else {
+      return res.molochError(403, 'Unknown include type');
+    }
+
+    if (settings.persistent[settingName]) {
+      exclude = settings.persistent[settingName].split(',');
+    }
+
+    let pos = exclude.indexOf(req.params.value);
+    if (pos > -1) {
+      exclude.splice(pos, 1);
+    }
+    var query = {body: {persistent: {}}};
+    query.body.persistent[settingName] = exclude.join(',');
+
+    Db.putClusterSettings(query, function(err, settings) {
+      if (err) {console.log("putSettings", err);}
+      return res.send(JSON.stringify({ success: true, text: 'Included'}));
+    });
+  });
+});
+
+app.get('/esrecovery/list', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
+  const sortField = (req.query.sortField || 'index') + (req.query.desc === 'true' ? ':desc' : '');
+
+  Promise.all([Db.recovery(sortField)]).then(([recoveries]) => {
+    let regex;
+    if (req.query.filter !== undefined) {
+      try {
+        regex = new RE2(req.query.filter);
+      } catch (e) {
+        return res.molochError(500, `Regex Error: ${e}`);
+      }
+    }
+
+    let result = [];
+
+    for (const recovery of recoveries) {
+      if (! (req.query.show === 'all' ||
+        recovery.stage === req.query.show || // Show only matching stage
+        (recovery.stage !== 'done' && req.query.show === 'notdone'))) {
+        continue;
+      }
+
+      // filtering
+      if (regex && !recovery.index.match(regex) &&
+        !recovery.target_node.match(regex) &&
+        !recovery.source_node.match(regex)) {
+        continue;
+      }
+
+      result.push(recovery);
+    }
+
+    res.send({
+      recordsTotal: recoveries.length,
+      recordsFiltered: result.length,
+      data: result
+    });
+  }).catch((err) => {
+    console.log ('ERROR -  /esrecovery/list', err);
+    return res.send({
+      recordsTotal: 0,
+      recordsFiltered: 0,
+      data: []
+    });
+  });
+});
+
+app.get('/esstats.json', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
+  let stats = [];
+  let r;
+
+  Promise.all([Db.nodesStatsCache(),
+               Db.nodesInfoCache(),
+               Db.masterCache(),
+               Db.healthCachePromise(),
+               Db.getClusterSettings({flatSettings: true})
+             ])
+  .then(([nodesStats, nodesInfo, master, health, settings]) => {
+
+    let ipExcludes = [];
+    if (settings.persistent['cluster.routing.allocation.exclude._ip']) {
+      ipExcludes = settings.persistent['cluster.routing.allocation.exclude._ip'].split(',');
+    }
+
+    let nodeExcludes = [];
+    if (settings.persistent['cluster.routing.allocation.exclude._name']) {
+      nodeExcludes = settings.persistent['cluster.routing.allocation.exclude._name'].split(',');
+    }
+
+    const now = new Date().getTime();
+    while (internals.previousNodesStats.length > 1 && internals.previousNodesStats[1].timestamp + 10000 < now) {
+      internals.previousNodesStats.shift();
+    }
+
+    let regex;
+    if (req.query.filter !== undefined) {
+      try {
+        regex = new RE2(req.query.filter);
+      } catch (e) {
+        return res.molochError(500, `Regex Error: ${e}`);
+      }
+    }
+
+    const nodeKeys = Object.keys(nodesStats.nodes);
+    for (let n = 0, nlen = nodeKeys.length; n < nlen; n++) {
+      let node = nodesStats.nodes[nodeKeys[n]];
+
+      if (nodeKeys[n] === 'timestamp' || (regex && !node.name.match(regex))) { continue; }
+
+      let read = 0;
+      let write = 0;
+      let rejected = 0;
+      let completed = 0;
+
+      let writeInfo = node.thread_pool.bulk || node.thread_pool.write;
+
+      const oldnode = internals.previousNodesStats[0][nodeKeys[n]];
+      if (oldnode !== undefined && node.fs.io_stats !== undefined && oldnode.fs.io_stats !== undefined && 'total' in node.fs.io_stats) {
+        const timediffsec = (node.timestamp - oldnode.timestamp)/1000.0;
+        read = Math.max(0, Math.ceil((node.fs.io_stats.total.read_kilobytes - oldnode.fs.io_stats.total.read_kilobytes)/timediffsec*1024));
+        write = Math.max(0, Math.ceil((node.fs.io_stats.total.write_kilobytes - oldnode.fs.io_stats.total.write_kilobytes)/timediffsec*1024));
+
+        let writeInfoOld = oldnode.thread_pool.bulk || oldnode.thread_pool.write;
+
+        completed = Math.max(0, Math.ceil((writeInfo.completed - writeInfoOld.completed)/timediffsec));
+        rejected = Math.max(0, Math.ceil((writeInfo.rejected - writeInfoOld.rejected)/timediffsec));
+      }
+
+      const ip = (node.ip ? node.ip.split(':')[0] : node.host);
+
+      let threadpoolInfo;
+      let version = "";
+      let molochtype;
+      if (nodesInfo.nodes[nodeKeys[n]]) {
+        threadpoolInfo = nodesInfo.nodes[nodeKeys[n]].thread_pool.bulk || nodesInfo.nodes[nodeKeys[n]].thread_pool.write;
+        version = nodesInfo.nodes[nodeKeys[n]].version;
+        if (nodesInfo.nodes[nodeKeys[n]].attributes) {
+          molochtype = nodesInfo.nodes[nodeKeys[n]].attributes.molochtype;
+        }
+      } else {
+        threadpoolInfo = { queue_size: 0 };
+      }
+
+      stats.push({
+        name: node.name,
+        ip: ip,
+        ipExcluded: ipExcludes.includes(ip),
+        nodeExcluded: nodeExcludes.includes(node.name),
+        storeSize: node.indices.store.size_in_bytes,
+        freeSize: node.roles.includes("data")?node.fs.total.available_in_bytes:0,
+        docs: node.indices.docs.count,
+        searches: node.indices.search.query_current,
+        searchesTime: node.indices.search.query_time_in_millis,
+        heapSize: node.jvm.mem.heap_used_in_bytes,
+        nonHeapSize: node.jvm.mem.non_heap_used_in_bytes,
+        cpu: node.process.cpu.percent,
+        read: read,
+        write: write,
+        writesRejected: writeInfo.rejected,
+        writesCompleted: writeInfo.completed,
+        writesRejectedDelta: rejected,
+        writesCompletedDelta: completed,
+        writesQueueSize: threadpoolInfo.queue_size,
+        load: node.os.load_average !== undefined ? /* ES 2*/ node.os.load_average : /*ES 5*/ node.os.cpu.load_average["5m"],
+        version: version,
+        molochtype: molochtype,
+        roles: node.roles,
+        isMaster: (master.length > 0 && node.name === master[0].node)
+      });
+    }
+
+    if (req.query.sortField && stats.length > 1) {
+      let field = req.query.sortField === 'nodeName'?'name':req.query.sortField;
+      if (typeof(stats[0][field]) === 'string') {
+        if (req.query.desc === 'true') {
+          stats = stats.sort(function(a,b){ return b[field].localeCompare(a[field]); });
+        } else {
+          stats = stats.sort(function(a,b){ return a[field].localeCompare(b[field]); });
+        }
+      } else {
+        if (req.query.desc === 'true') {
+          stats = stats.sort(function(a,b){ return b[field] - a[field]; });
+        } else {
+          stats = stats.sort(function(a,b){ return a[field] - b[field]; });
+        }
+      }
+    }
+
+    nodesStats.nodes.timestamp = new Date().getTime();
+    internals.previousNodesStats.push(nodesStats.nodes);
+
+    r = {
+      health: health,
+      recordsTotal: nodeKeys.length,
+      recordsFiltered: stats.length,
+      data: stats
+    };
+
+    res.send(r);
+  }).catch((err) => {
+    console.log ('ERROR -  /esstats.json', err);
+    r = {
+      health: Db.healthCache(),
+      recordsTotal: 0,
+      recordsFiltered: 0,
+      data: []
+    };
+    return res.send(r);
+  });
+});
+
+function mergeUnarray(to, from) {
+  for (var key in from) {
+    if (Array.isArray(from[key])) {
+      to[key] = from[key][0];
+    } else {
+      to[key] = from[key];
+    }
+  }
+}
+
+// No auth necessary for parliament.json
+app.get('/parliament.json', [noCacheJson], (req, res) => {
+  let query = {
+    size: 500,
+    _source: [
+      'ver', 'nodeName', 'currentTime', 'monitoring', 'deltaBytes', 'deltaPackets', 'deltaMS',
+      'deltaESDropped', 'deltaDropped', 'deltaOverloadDropped'
+    ]
+  };
+
+  Promise.all([Db.search('stats', 'stat', query), Db.numberOfDocuments('stats')])
+    .then(([stats, total]) => {
+      if (stats.error) { throw stats.error; }
+
+      let results = { total: stats.hits.total, results: [] };
+
+      for (let i = 0, ilen = stats.hits.hits.length; i < ilen; i++) {
+        let fields = stats.hits.hits[i]._source || stats.hits.hits[i].fields;
+
+        if (stats.hits.hits[i]._source) {
+          mergeUnarray(fields, stats.hits.hits[i].fields);
+        }
+        fields.id = stats.hits.hits[i]._id;
+
+        // make sure necessary fields are not undefined
+        let keys = [ 'deltaOverloadDropped', 'monitoring', 'deltaESDropped' ];
+        for (const key of keys) {
+          fields[key] = fields[key] || 0;
+        }
+
+        fields.deltaBytesPerSec         = Math.floor(fields.deltaBytes * 1000.0/fields.deltaMS);
+        fields.deltaPacketsPerSec       = Math.floor(fields.deltaPackets * 1000.0/fields.deltaMS);
+        fields.deltaESDroppedPerSec     = Math.floor(fields.deltaESDropped * 1000.0/fields.deltaMS);
+        fields.deltaTotalDroppedPerSec  = Math.floor((fields.deltaDropped + fields.deltaOverloadDropped) * 1000.0/fields.deltaMS);
+
+        results.results.push(fields);
+      }
+
+      res.send({
+        data: results.results,
+        recordsTotal: total.count,
+        recordsFiltered: results.total
+      });
+    }).catch((err) => {
+      console.log('ERROR - /parliament.json', err);
+      res.send({ recordsTotal: 0, recordsFiltered: 0, data: [] });
+    });
+});
+
+app.get('/stats.json', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
+  let query = {
+    from: 0,
+    size: 10000,
+    query: {
+      bool: {
+        must: [],
+        should: [],
+        must_not: [
+          { term: { hide: true } }
+        ]
+      }
+    }
+  };
+
+  if (req.query.filter !== undefined && req.query.filter !== '') {
+    const names = req.query.filter.split(',');
+    for (let name of names) {
+      name = name.trim();
+      if (name !== '') {
+        query.query.bool.should.push({
+          wildcard: { nodeName: '*' + name + '*' }
+        });
+      }
+    }
+  }
+
+  let rquery = {
+    query: {term: {locked: 0}},
+    size: 0,
+    aggregations: {
+      buckets: {
+        terms: {field: "node", size: 1000},
+        aggregations: {
+          first: {min: {field: "first"}}
+        }
+      }
+    }
+  };
+
+  if (req.query.hide !== undefined && req.query.hide !== 'none') {
+    if (req.query.hide === 'old' || req.query.hide === 'both') {
+      query.query.bool.must.push({ range: { currentTime: { gte: 'now-5m'} } });
+    }
+    if (req.query.hide === 'nosession' || req.query.hide === 'both') {
+      query.query.bool.must.push({ range: { monitoring: { gte: '1'} } });
+    }
+  }
+
+  let now = Math.floor(Date.now() / 1000);
+
+  Promise.all([Db.search('stats', 'stat', query),
+               Db.numberOfDocuments('stats'),
+               Db.search('files', 'file', rquery)
+  ]).then(([stats, total, retention]) => {
+    if (stats.error) { throw stats.error; }
+
+    if (retention.aggregations.buckets && retention.aggregations.buckets.buckets) {
+      retention = arrayToObject(retention.aggregations.buckets.buckets, "key");
+    } else {
+      retention = {};
+    }
+
+    let results = { total: stats.hits.total, results: [] };
+
+    for (let i = 0, ilen = stats.hits.hits.length; i < ilen; i++) {
+      let fields = stats.hits.hits[i]._source || stats.hits.hits[i].fields;
+      if (stats.hits.hits[i]._source) {
+        mergeUnarray(fields, stats.hits.hits[i].fields);
+      }
+      fields.id = stats.hits.hits[i]._id;
+
+      if (retention[fields.id]) {
+        fields.retention                  = now - retention[fields.id].first.value;
+      } else {
+        fields.retention                  = 0;
+      }
+
+      fields.deltaBytesPerSec           = Math.floor(fields.deltaBytes * 1000.0/fields.deltaMS);
+      fields.deltaWrittenBytesPerSec    = Math.floor(fields.deltaWrittenBytes * 1000.0/fields.deltaMS);
+      fields.deltaUnwrittenBytesPerSec  = Math.floor(fields.deltaUnwrittenBytes * 1000.0/fields.deltaMS);
+      fields.deltaBitsPerSec            = Math.floor(fields.deltaBytes * 1000.0/fields.deltaMS * 8);
+      fields.deltaPacketsPerSec         = Math.floor(fields.deltaPackets * 1000.0/fields.deltaMS);
+      fields.deltaSessionsPerSec        = Math.floor(fields.deltaSessions * 1000.0/fields.deltaMS);
+      fields.deltaSessionBytesPerSec    = Math.floor(fields.deltaSessionBytes * 1000.0/fields.deltaMS);
+      fields.sessionSizePerSec          = Math.floor(fields.deltaSessionBytes/fields.deltaSessions);
+      fields.deltaDroppedPerSec         = Math.floor(fields.deltaDropped * 1000.0/fields.deltaMS);
+      fields.deltaFragsDroppedPerSec    = Math.floor(fields.deltaFragsDropped * 1000.0/fields.deltaMS);
+      fields.deltaOverloadDroppedPerSec = Math.floor(fields.deltaOverloadDropped * 1000.0/fields.deltaMS);
+      fields.deltaESDroppedPerSec       = Math.floor(fields.deltaESDropped * 1000.0/fields.deltaMS);
+      fields.deltaTotalDroppedPerSec    = Math.floor((fields.deltaDropped + fields.deltaOverloadDropped) * 1000.0/fields.deltaMS);
+      results.results.push(fields);
+    }
+
+    // sort after all the results are aggregated
+    req.query.sortField = req.query.sortField || 'nodeName';
+    if (results.results[0] && results.results[0][req.query.sortField]) { // make sure the field exists to sort on
+      results.results = results.results.sort((a, b) => {
+        if (req.query.desc === 'true') {
+          if (!isNaN(a[req.query.sortField])) {
+            return b[req.query.sortField] - a[req.query.sortField];
+          } else {
+            return b[req.query.sortField].localeCompare(a[req.query.sortField]);
+          }
+        } else {
+          if (!isNaN(a[req.query.sortField])) {
+            return a[req.query.sortField] - b[req.query.sortField];
+          } else {
+            return a[req.query.sortField].localeCompare(b[req.query.sortField]);
+          }
+        }
+      });
+    }
+
+    let from = +req.query.start || 0;
+    let stop = from + (+req.query.length || 500);
+
+    let r = {
+      recordsTotal: total.count,
+      recordsFiltered: results.results.length,
+      data: results.results.slice(from, stop)
+    };
+
+    res.send(r);
+  }).catch((err) => {
+    console.log('ERROR - /stats.json', query, err);
+    res.send({ recordsTotal: 0, recordsFiltered: 0, data: [] });
+  });
+});
+
+app.get('/dstats.json', [noCacheJson, checkPermissions(['hideStats'])], (req, res) => {
+  var nodeName = req.query.nodeName;
+
+  var query = {
+    query: {
+      bool: {
+        filter: [
+          {
+            range: { currentTime: { from: req.query.start, to: req.query.stop } }
+          },
+          {
+            term: { interval: req.query.interval || 60}
+          }
+        ]
+      }
+    }
+  };
+
+  if (nodeName !== undefined && nodeName !== 'Total' && nodeName !== 'Average') {
+    query.sort = {currentTime: {order: 'desc' }};
+    query.size = req.query.size || 1440;
+    query.query.bool.filter.push({term: { nodeName: nodeName}});
+  } else {
+    query.size = 100000;
+  }
+
+  var mapping = {
+    deltaBits: {_source: ["deltaBytes"], func: function (item) {return Math.floor(item.deltaBytes * 8.0);}},
+    deltaTotalDropped: {_source: ["deltaDropped", "deltaOverloadDropped"], func: function (item) {return Math.floor(item.deltaDropped + item.deltaOverloadDropped);}},
+    deltaBytesPerSec: {_source: ["deltaBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaBytes * 1000.0/item.deltaMS);}},
+    deltaBitsPerSec: {_source: ["deltaBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaBytes * 1000.0/item.deltaMS * 8);}},
+    deltaWrittenBytesPerSec: {_source: ["deltaWrittenBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaWrittenBytes * 1000.0/item.deltaMS);}},
+    deltaUnwrittenBytesPerSec: {_source: ["deltaUnwrittenBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaUnwrittenBytes * 1000.0/item.deltaMS);}},
+    deltaPacketsPerSec: {_source: ["deltaPackets", "deltaMS"], func: function(item) {return Math.floor(item.deltaPackets * 1000.0/item.deltaMS);}},
+    deltaSessionsPerSec: {_source: ["deltaSessions", "deltaMS"], func: function(item) {return Math.floor(item.deltaSessions * 1000.0/item.deltaMS);}},
+    deltaSessionBytesPerSec: {_source: ["deltaSessionBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaSessionBytes * 1000.0/item.deltaMS);}},
+    sessionSizePerSec: {_source: ["deltaSessionBytes", "deltaSessions"], func: function(item) {return Math.floor(item.deltaSessionBytes/item.deltaSessions);}},
+    deltaDroppedPerSec: {_source: ["deltaDropped", "deltaMS"], func: function(item) {return Math.floor(item.deltaDropped * 1000.0/item.deltaMS);}},
+    deltaFragsDroppedPerSec: {_source: ["deltaFragsDropped", "deltaMS"], func: function(item) {return Math.floor(item.deltaFragsDropped * 1000.0/item.deltaMS);}},
+    deltaOverloadDroppedPerSec: {_source: ["deltaOverloadDropped", "deltaMS"], func: function(item) {return Math.floor(item.deltaOverloadDropped * 1000.0/item.deltaMS);}},
+    deltaESDroppedPerSec: {_source: ["deltaESDropped", "deltaMS"], func: function(item) {return Math.floor(item.deltaESDropped * 1000.0/item.deltaMS);}},
+    deltaTotalDroppedPerSec: {_source: ["deltaDropped", "deltaOverloadDropped", "deltaMS"], func: function(item) {return Math.floor((item.deltaDropped + item.deltaOverloadDropped) * 1000.0/item.deltaMS);}},
+    cpu: {_source: ["cpu"], func: function (item) {return item.cpu * 0.01;}}
+  };
+
+  query._source = mapping[req.query.name]?mapping[req.query.name]._source:[req.query.name];
+  query._source.push("nodeName", "currentTime");
+
+  var func = mapping[req.query.name]?mapping[req.query.name].func:function(item) {return item[req.query.name];};
+
+  Db.searchScroll('dstats', 'dstat', query, {filter_path: "_scroll_id,hits.total,hits.hits._source"}, function(err, result) {
+    if (err || result.error) {
+      console.log("ERROR - dstats", query, err || result.error);
+    }
+    var i, ilen;
+    var data = {};
+    var num = (req.query.stop - req.query.start)/req.query.step;
+
+    var mult = 1;
+    if (req.query.name === "freeSpaceM" || req.query.name === "usedSpaceM") {
+      mult = 1000000;
+    }
+
+    //console.log("dstats.json result", util.inspect(result, false, 50));
+
+    if (result && result.hits && result.hits.hits) {
+      for (i = 0, ilen = result.hits.hits.length; i < ilen; i++) {
+        var fields = result.hits.hits[i]._source;
+        var pos = Math.floor((fields.currentTime - req.query.start)/req.query.step);
+
+        if (data[fields.nodeName] === undefined) {
+          data[fields.nodeName] = arrayZeroFill(num);
+        }
+        data[fields.nodeName][pos] = mult * func(fields);
+      }
+    }
+    if (nodeName === undefined) {
+      res.send(data);
+    } else {
+      if (data[nodeName] === undefined) {
+        data[nodeName] = arrayZeroFill(num);
+      }
+      if (nodeName === 'Total' || nodeName === 'Average') {
+        delete data[nodeName];
+        var data2 = arrayZeroFill(num);
+        var cnt = 0;
+        for (var key in data) {
+          for (i = 0; i < num; i++) {
+            data2[i] += data[key][i];
+          }
+          cnt++;
+        }
+        if (nodeName === 'Average') {
+          for (i = 0; i < num; i++) {
+            data2[i] /= cnt;
+          }
+        }
+        res.send(data2);
+      } else {
+        res.send(data[req.query.nodeName]);
+      }
+    }
+  });
+});
+
+app.get('/:nodeName/:fileNum/filesize.json', [noCacheJson, checkPermissions(['hideFiles'])], (req, res) => {
+  Db.fileIdToFile(req.params.nodeName, req.params.fileNum, (file) => {
+    if (!file) {
+      return res.send({filesize: -1});
+    }
+
+    fs.stat(file.name, (err, stats) => {
+      if (err || !stats) {
+        return res.send({filesize: -1});
+      } else {
+        return res.send({filesize: stats.size});
+      }
+    });
+  });
+});
+
+function mapMerge (aggregations) {
+  let map = { src: {}, dst: {}, xffGeo: {} };
+
+  if (!aggregations || !aggregations.mapG1) {
+    return {};
+  }
+
+  aggregations.mapG1.buckets.forEach(function (item) {
+    map.src[item.key] = item.doc_count;
+  });
+
+  aggregations.mapG2.buckets.forEach(function (item) {
+    map.dst[item.key] = item.doc_count;
+  });
+
+  aggregations.mapG3.buckets.forEach(function (item) {
+    map.xffGeo[item.key] = item.doc_count;
+  });
+
+  return map;
+}
+
+function graphMerge(req, query, aggregations) {
+  let graph = {
+    lpHisto: [],
+    db1Histo: [],
+    db2Histo: [],
+    pa1Histo: [],
+    pa2Histo: [],
+    by1Histo: [],
+    by2Histo: [],
+    xmin: req.query.startTime * 1000|| null,
+    xmax: req.query.stopTime * 1000 || null,
+    interval: query.aggregations?query.aggregations.dbHisto.histogram.interval / 1000 || 60 : 60
+  };
+
+  if (!aggregations || !aggregations.dbHisto) {
+    return graph;
+  }
+
+  graph.interval = query.aggregations?(query.aggregations.dbHisto.histogram.interval / 1000) || 60 : 60;
+
+  aggregations.dbHisto.buckets.forEach(function (item) {
+    let key = item.key;
+    graph.lpHisto.push([key, item.doc_count]);
+    graph.pa1Histo.push([key, item.srcPackets.value]);
+    graph.pa2Histo.push([key, item.dstPackets.value]);
+    graph.db1Histo.push([key, item.srcDataBytes.value]);
+    graph.db2Histo.push([key, item.dstDataBytes.value]);
+    graph.by1Histo.push([key, item.srcBytes.value]);
+    graph.by2Histo.push([key, item.dstBytes.value]);
+  });
+
+  return graph;
+}
+
+function fixFields(fields, fixCb) {
+  if (!fields.fileId) {
+    fields.fileId = [];
+    return fixCb(null, fields);
+  }
+
+  var files = [];
+  async.forEachSeries(fields.fileId, function (item, cb) {
+    Db.fileIdToFile(fields.node, item, function (file) {
+      if (file && file.locked === 1) {
+        files.push(file.name);
+      }
+      cb(null);
+    });
+  },
+  function(err) {
+    fields.fileId = files;
+    fixCb(err, fields);
+  });
+}
+
+/**
+ * Flattens fields that are objects (only goes 1 level deep)
+ *
+ * @example
+ * { http: { statuscode: [200, 302] } } => { "http.statuscode": [200, 302] }
+ * @example
+ * { cert: [ { alt: ["test.com"] } ] } => { "cert.alt": ["test.com"] }
+ *
+ * @param {object} fields The object containing fields to be flattened
+ * @returns {object} fields The object with fields flattened
+ */
+function flattenFields(fields) {
+  let newFields = {};
+
+  for (let key in fields) {
+    if (fields.hasOwnProperty(key)) {
+      let field = fields[key];
+      let baseKey = key + '.';
+      if (typeof field === 'object' && !field.length) {
+        // flatten out object
+        for (let nestedKey in field) {
+          if (field.hasOwnProperty(nestedKey)) {
+            let nestedField = field[nestedKey];
+            let newKey = baseKey + nestedKey;
+            newFields[newKey] = nestedField;
+          }
+        }
+        fields[key] = null;
+        delete fields[key];
+      } else if (Array.isArray(field)) {
+        // flatten out list
+        for (let nestedField of field) {
+          if (typeof nestedField === 'object') {
+            for (let nestedKey in nestedField) {
+              let newKey = baseKey + nestedKey;
+              if (newFields[newKey] === undefined) {
+                newFields[newKey] = nestedField[nestedKey];
+              } else if (Array.isArray(newFields[newKey])) {
+                newFields[newKey].push(nestedField[nestedKey]);
+              } else {
+                newFields[newKey] = [newFields[newKey], nestedField[nestedKey]];
+              }
+            }
+            fields[key] = null;
+            delete fields[key];
+          }
+        }
+      }
+    }
+  }
+
+  for (let key in newFields) {
+    if (newFields.hasOwnProperty(key)) {
+      fields[key] = newFields[key];
+    }
+  }
+
+  return fields;
+}
+
+app.use('/buildQuery.json', [noCacheJson, logAction('query')], function(req, res, next) {
+
+  if (req.method === "POST") {
+    req.query = req.body;
+  } else if (req.method !== "GET") {
+    next();
+  }
+
+  buildSessionQuery(req, function(bsqErr, query, indices) {
+    if (bsqErr) {
+      res.send({ recordsTotal: 0,
+                 recordsFiltered: 0,
+                 bsqErr: bsqErr.toString()
+               });
+      return;
+    }
+
+    if (req.query.fields) {
+      query._source = queryValueToArray(req.query.fields);
+    }
+
+    res.send({"esquery": query, "indices": indices});
+  });
+});
+
+app.get('/sessions.json', [noCacheJson, recordResponseTime, logAction('sessions'), setCookie], (req, res) => {
+  var graph = {};
+  var map = {};
+
+  let options;
+  if (req.query.cancelId) { options = { cancelId: `${req.user.userId}::${req.query.cancelId}` }; }
+
+  buildSessionQuery(req, function (bsqErr, query, indices) {
+    if (bsqErr) {
+      const r = {
+        recordsTotal: 0,
+        recordsFiltered: 0,
+        graph: {},
+        map: {},
+        bsqErr: bsqErr.toString(),
+        health: Db.healthCache(),
+        data:[]
+      };
+      return res.send(r);
+    }
+
+    let addMissing = false;
+    if (req.query.fields) {
+      query._source = queryValueToArray(req.query.fields);
+      ['node', 'srcIp', 'srcPort', 'dstIp', 'dstPort'].forEach((item) => {
+        if (query._source.indexOf(item) === -1) {
+          query._source.push(item);
+        }
+      });
+    } else {
+      addMissing = true;
+      query._source = [
+        'ipProtocol', 'rootId', 'totDataBytes', 'srcDataBytes',
+        'dstDataBytes', 'firstPacket', 'lastPacket', 'srcIp', 'srcPort',
+        'dstIp', 'dstPort', 'totPackets', 'srcPackets', 'dstPackets',
+        'totBytes', 'srcBytes', 'dstBytes', 'node', 'http.uri', 'srcGEO',
+        'dstGEO', 'email.subject', 'email.src', 'email.dst', 'email.filename',
+        'dns.host', 'cert', 'irc.channel', 'http.xffGEO'
+      ];
+    }
+
+    if (query.aggregations && query.aggregations.dbHisto) {
+      graph.interval = query.aggregations.dbHisto.histogram.interval;
+    }
+
+    if (Config.debug) {
+      console.log(`sessions.json ${indices} query`, JSON.stringify(query, null, 1));
+    }
+
+    Promise.all([Db.searchPrimary(indices, 'session', query, options),
+                 Db.numberOfDocuments('sessions2-*'),
+                 Db.healthCachePromise()
+    ]).then(([sessions, total, health]) => {
+      if (Config.debug) {
+        console.log('sessions.json result', util.inspect(sessions, false, 50));
+      }
+
+      if (sessions.error) { throw sessions.err; }
+
+      graph = graphMerge(req, query, sessions.aggregations);
+      map = mapMerge(sessions.aggregations);
+
+      var results = {total: sessions.hits.total, results: []};
+      async.each(sessions.hits.hits, function (hit, hitCb) {
+        var fields = hit._source || hit.fields;
+        if (fields === undefined) {
+          return hitCb(null);
+        }
+        //fields.index = hit._index;
+        fields.id = Db.session2Sid(hit);
+
+        if (req.query.flatten === '1') {
+          fields = flattenFields(fields);
+        }
+
+        if (addMissing) {
+          ['srcPackets', 'dstPackets', 'srcBytes', 'dstBytes', 'srcDataBytes', 'dstDataBytes'].forEach(function(item) {
+            if (fields[item] === undefined) {
+              fields[item] = -1;
+            }
+          });
+          results.results.push(fields);
+          return hitCb();
+        } else {
+          fixFields(fields, function() {
+            results.results.push(fields);
+            return hitCb();
+          });
+        }
+      }, function () {
+        var r = {recordsTotal: total.count,
+                 recordsFiltered: (results?results.total:0),
+                 graph: graph,
+                 health: health,
+                 map: map,
+                 data: (results?results.results:[])};
+        res.logCounts(r.data.length, r.recordsFiltered, r.recordsTotal);
+        try {
+          res.send(r);
+        } catch (c) {
+        }
+      });
+    }).catch ((err) => {
+      console.log('ERROR - /sessions.json error', err);
+      var r = {recordsTotal: 0,
+               recordsFiltered: 0,
+               graph: {},
+               map: {},
+               health: Db.healthCache(),
+               data:[]};
+      res.send(r);
+    });
+  });
+});
+
+app.get('/spigraph.json', [noCacheJson, recordResponseTime, logAction('spigraph'), fieldToExp, setCookie], (req, res) => {
+  req.query.facets = 1;
+
+  buildSessionQuery(req, function(bsqErr, query, indices) {
+    var results = {items: [], graph: {}, map: {}};
+    if (bsqErr) {
+      return res.molochError(403, bsqErr.toString());
+    }
+
+    let options;
+    if (req.query.cancelId) { options = { cancelId: `${req.user.userId}::${req.query.cancelId}` }; }
+
+    delete query.sort;
+    query.size = 0;
+    var size = +req.query.size || 20;
+
+    var field = req.query.field || 'node';
+
+    if (req.query.exp === 'ip.dst:port') { field = 'ip.dst:port'; }
+
+    if (field === 'ip.dst:port') {
+      query.aggregations.field = { terms: { field: 'dstIp', size: size }, aggregations: { sub: { terms: { field: 'dstPort', size: size } } } };
+    } else if (field === 'fileand') {
+      query.aggregations.field = { terms: { field: 'node', size: 1000 }, aggregations: { sub: { terms: { field: 'fileId', size: size } } } };
+    } else {
+      query.aggregations.field = { terms: { field: field, size: size * 2 } };
+    }
+
+    Promise.all([
+      Db.healthCachePromise(),
+      Db.numberOfDocuments('sessions2-*'),
+      Db.searchPrimary(indices, 'session', query, options)
+    ]).then(([health, total, result]) => {
+      if (result.error) { throw result.error; }
+
+      results.health = health;
+      results.recordsTotal = total.count;
+      results.recordsFiltered = result.hits.total;
+
+      results.graph = graphMerge(req, query, result.aggregations);
+      results.map = mapMerge(result.aggregations);
+
+      if (!result.aggregations) {
+        result.aggregations = {field: {buckets: []}};
+      }
+
+      let aggs = result.aggregations.field.buckets;
+      let filter = { term: {} };
+      let sfilter = { term: {} };
+      query.query.bool.filter.push(filter);
+
+      if (field === 'ip.dst:port') {
+        query.query.bool.filter.push(sfilter);
+      }
+
+      delete query.aggregations.field;
+
+      let queriesInfo = [];
+      function endCb () {
+        queriesInfo = queriesInfo.sort((a, b) => {return b.doc_count - a.doc_count;}).slice(0, size * 2);
+        let queries = queriesInfo.map((item) => {return item.query;});
+
+        Db.msearch(indices, 'session', queries, options, function(err, result) {
+          if (!result.responses) {
+            return res.send(results);
+          }
+
+          result.responses.forEach(function(item, i) {
+            var r = {name: queriesInfo[i].key, count: queriesInfo[i].doc_count};
+
+            r.graph = graphMerge(req, query, result.responses[i].aggregations);
+            if (r.graph.xmin === null) {
+              r.graph.xmin = results.graph.xmin || results.graph.pa1Histo[0][0];
+            }
+
+            if (r.graph.xmax === null) {
+              r.graph.xmax = results.graph.xmax || results.graph.pa1Histo[results.graph.pa1Histo.length - 1][0];
+            }
+
+            r.map = mapMerge(result.responses[i].aggregations);
+            results.items.push(r);
+            r.lpHisto = 0.0;
+            r.dbHisto = 0.0;
+            r.byHisto = 0.0;
+            r.paHisto = 0.0;
+            var graph = r.graph;
+            for (let i = 0; i < graph.lpHisto.length; i++) {
+              r.lpHisto += graph.lpHisto[i][1];
+              r.dbHisto += graph.db1Histo[i][1] + graph.db2Histo[i][1];
+              r.byHisto += graph.by1Histo[i][1] + graph.by2Histo[i][1];
+              r.paHisto += graph.pa1Histo[i][1] + graph.pa2Histo[i][1];
+            }
+            if (results.items.length === result.responses.length) {
+              var s = req.query.sort || 'lpHisto';
+              results.items = results.items.sort(function (a, b) {
+                var result;
+                if (s === 'name') { result = a.name.localeCompare(b.name); }
+                else { result = b[s] - a[s]; }
+                return result;
+              }).slice(0, size);
+              return res.send(results);
+            }
+          });
+        });
+      }
+
+      let intermediateResults = [];
+      function findFileNames () {
+        async.each(intermediateResults, function (fsitem, cb) {
+          let split = fsitem.key.split(':');
+          let node = split[0];
+          let fileId = split[1];
+          Db.fileIdToFile(node, fileId, function (file) {
+            if (file && file.name) {
+              queriesInfo.push({ key: file.name, doc_count: fsitem.doc_count, query: fsitem.query });
+            }
+            cb();
+          });
+        }, function () {
+          endCb();
+        });
+      }
+
+      aggs.forEach((item) => {
+        if (field === 'ip.dst:port') {
+          filter.term.dstIp = item.key;
+          let sep = (item.key.indexOf(":") === -1)? ':' : '.';
+          item.sub.buckets.forEach((sitem) => {
+            sfilter.term.dstPort = sitem.key;
+            queriesInfo.push({key: item.key + sep + sitem.key, doc_count: sitem.doc_count, query: JSON.stringify(query)});
+          });
+        } else if (field === 'fileand') {
+          filter.term.node = item.key;
+          item.sub.buckets.forEach((sitem) => {
+            sfilter.term.fileand = sitem.key;
+            intermediateResults.push({key: filter.term.node + ':' + sitem.key, doc_count: sitem.doc_count, query: JSON.stringify(query)});
+          });
+        } else {
+          filter.term[field] = item.key;
+          queriesInfo.push({key: item.key, doc_count: item.doc_count, query: JSON.stringify(query)});
+        }
+      });
+
+      if (field === 'fileand') { return findFileNames(); }
+
+      return endCb();
+    }).catch((err) => {
+      console.log('spigraph.json error', err);
+      return res.molochError(403, errorString(err));
+    });
+  });
+});
+
+app.get('/spiview.json', [noCacheJson, recordResponseTime, logAction('spiview'), setCookie], (req, res) => {
+
+  if (req.query.spi === undefined) {
+    return res.send({spi:{}, recordsTotal: 0, recordsFiltered: 0});
+  }
+
+  var spiDataMaxIndices = +Config.get("spiDataMaxIndices", 4);
+
+  if (req.query.date === '-1' && spiDataMaxIndices !== -1) {
+    return res.send({spi: {}, bsqErr: "'All' date range not allowed for spiview query"});
+  }
+
+  buildSessionQuery(req, function(bsqErr, query, indices) {
+    if (bsqErr) {
+      var r = {spi: {},
+               bsqErr: bsqErr.toString(),
+               health: Db.healthCache()
+              };
+      return res.send(r);
+    }
+
+    delete query.sort;
+
+    if (!query.aggregations) {
+      query.aggregations = {};
+    }
+
+    if (req.query.facets) {
+      query.aggregations.protocols = {terms: {field: "protocol", size:1000}};
+    }
+
+    queryValueToArray(req.query.spi).forEach(function (item) {
+      var parts = item.split(":");
+      if (parts[0] === "fileand") {
+        query.aggregations[parts[0]] = {terms: {field: "node", size: 1000}, aggregations: {fileId: {terms: {field: "fileId", size: parts.length>1?parseInt(parts[1],10):10}}}};
+      } else {
+        query.aggregations[parts[0]] = {terms: {field: parts[0]}};
+
+        if (parts.length > 1) {
+          query.aggregations[parts[0]].terms.size = parseInt(parts[1], 10);
+        }
+      }
+    });
+    query.size = 0;
+
+    // console.log("spiview.json query", JSON.stringify(query), "indices", indices);
+
+    var graph;
+    var map;
+
+    var indicesa = indices.split(",");
+    if (spiDataMaxIndices !== -1 && indicesa.length > spiDataMaxIndices) {
+      bsqErr = "To save ES from blowing up, reducing number of spi data indices searched from " + indicesa.length + " to " + spiDataMaxIndices + ".  This can be increased by setting spiDataMaxIndices in the config file.  Indices being searched: ";
+      indices = indicesa.slice(-spiDataMaxIndices).join(",");
+      bsqErr += indices;
+    }
+
+    var recordsFiltered = 0;
+    var protocols;
+
+    Promise.all([Db.searchPrimary(indices, 'session', query, null),
+                 Db.numberOfDocuments('sessions2-*'),
+                 Db.healthCachePromise()
+    ]).then(([sessions, total, health]) => {
+      if (Config.debug) {
+        console.log("spiview.json result", util.inspect(sessions, false, 50));
+      }
+
+      if (sessions.error) {
+        bsqErr = errorString(null, sessions);
+        console.log("spiview.json ERROR", (sessions?sessions.error:null));
+        sendResult();
+        return;
+      }
+
+      recordsFiltered = sessions.hits.total;
+
+      if (!sessions.aggregations) {
+        sessions.aggregations = {};
+        for (var spi in query.aggregations) {
+          sessions.aggregations[spi] = {sum_other_doc_count: 0, buckets: []};
+        }
+      }
+
+      if (sessions.aggregations.ipProtocol) {
+        sessions.aggregations.ipProtocol.buckets.forEach(function (item) {
+          item.key = Pcap.protocol2Name(item.key);
+        });
+      }
+
+      if (req.query.facets) {
+        graph = graphMerge(req, query, sessions.aggregations);
+        map = mapMerge(sessions.aggregations);
+        protocols = {};
+        sessions.aggregations.protocols.buckets.forEach(function (item) {
+          protocols[item.key] = item.doc_count;
+        });
+
+        delete sessions.aggregations.dbHisto;
+        delete sessions.aggregations.byHisto;
+        delete sessions.aggregations.mapG1;
+        delete sessions.aggregations.mapG2;
+        delete sessions.aggregations.mapG3;
+        delete sessions.aggregations.protocols;
+      }
+
+      function sendResult() {
+        r = {health: health,
+             recordsTotal: total.count,
+             spi: sessions.aggregations,
+             recordsFiltered: recordsFiltered,
+             graph: graph,
+             map: map,
+             protocols: protocols,
+             bsqErr: bsqErr
+        };
+        res.logCounts(r.spi.count, r.recordsFiltered, r.total);
+        try {
+          res.send(r);
+        } catch (c) {
+        }
+      }
+
+      if (!sessions.aggregations.fileand) {
+        return sendResult();
+      }
+
+      var nresults = [];
+      var sodc = 0;
+      async.each(sessions.aggregations.fileand.buckets, function(nobucket, cb) {
+        sodc += nobucket.fileId.sum_other_doc_count;
+        async.each(nobucket.fileId.buckets, function (fsitem, cb) {
+          Db.fileIdToFile(nobucket.key, fsitem.key, function(file) {
+            if (file && file.name) {
+              nresults.push({key: file.name, doc_count: fsitem.doc_count});
+            }
+            cb();
+          });
+        }, function () {
+          cb();
+        });
+      }, function () {
+        nresults = nresults.sort(function(a, b) {
+          if (a.doc_count === b.doc_count) {
+            return a.key.localeCompare(b.key);
+          }
+          return b.doc_count - a.doc_count;
+        });
+        sessions.aggregations.fileand = {doc_count_error_upper_bound: 0, sum_other_doc_count: sodc, buckets: nresults};
+        return sendResult();
+      });
+    });
+  });
+});
+
+app.get('/dns.json', [noCacheJson, logAction()], function(req, res) {
+  console.log("dns.json", req.query);
+  dns.reverse(req.query.ip, function (err, data) {
+    if (err) {
+      return res.send({hosts: []});
+    }
+    return res.send({hosts: data});
+  });
+});
+
+function buildConnections(req, res, cb) {
+  let dstipport;
+  if (req.query.dstField === 'ip.dst:port') {
+    dstipport = true;
+    req.query.dstField = 'dstIp';
+  }
+
+  req.query.srcField       = req.query.srcField || 'srcIp';
+  req.query.dstField       = req.query.dstField || 'dstIp';
+  req.query.iDisplayLength = req.query.iDisplayLength || '5000';
+  let fsrc                 = req.query.srcField;
+  let fdst                 = req.query.dstField;
+  let minConn              = req.query.minConn || 1;
+
+  let dstIsIp = fdst.match(/(\.ip|Ip)$/);
+
+  let nodesHash = {};
+  let connects = {};
+
+  let dbFieldsMap = Config.getDBFieldsMap();
+  function updateValues (data, property, fields) {
+    for (let i in fields) {
+      let dbField = fields[i];
+      let field = dbFieldsMap[dbField];
+      if (data.hasOwnProperty(dbField)) {
+        // sum integers
+        if (field.type === 'integer' && field.category !== 'port') {
+          property[dbField] = (property[dbField] || 0) + data[dbField];
+        } else { // make a list of values
+          if (!property[dbField]) { property[dbField] = []; }
+          // make all values an array (because sometimes they are by default)
+          let values = [ data[dbField] ];
+          if (Array.isArray(data[dbField])) {
+            values = data[dbField];
+          }
+          for (let value of values) {
+            property[dbField].push(value);
+          }
+          if (property[dbField] && Array.isArray(property[dbField])) {
+            property[dbField] = [ ...new Set(property[dbField]) ]; // unique only
+          }
+        }
+      }
+    }
+  }
+
+  function process (vsrc, vdst, f, fields) {
+    // ES 6 is returning formatted timestamps instead of ms like pre 6 did
+    // https://github.com/elastic/elasticsearch/issues/27740
+    if (vsrc.length === 24 && vsrc[23] === 'Z' && vsrc.match(/^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d.\d\d\dZ$/)) {
+      vsrc = new Date(vsrc).getTime();
+    }
+    if (vdst.length === 24 && vdst[23] === 'Z' && vdst.match(/^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d.\d\d\dZ$/)) {
+      vdst = new Date(vdst).getTime();
+    }
+
+    if (nodesHash[vsrc] === undefined) {
+      nodesHash[vsrc] = { id: `${vsrc}`, cnt: 0, sessions: 0 };
+    }
+
+    nodesHash[vsrc].sessions++;
+    nodesHash[vsrc].type |= 1;
+    updateValues(f, nodesHash[vsrc], fields);
+
+    if (nodesHash[vdst] === undefined) {
+      nodesHash[vdst] = { id: `${vdst}`, cnt: 0, sessions: 0 };
+    }
+
+    nodesHash[vdst].sessions++;
+    nodesHash[vdst].type |= 2;
+    updateValues(f, nodesHash[vdst], fields);
+
+    let linkId = `${vsrc}->${vdst}`;
+    if (connects[linkId] === undefined) {
+      connects[linkId] = { value: 0, source: vsrc, target: vdst };
+      nodesHash[vsrc].cnt++;
+      nodesHash[vdst].cnt++;
+    }
+
+    connects[linkId].value++;
+    updateValues(f, connects[linkId], fields);
+  }
+
+  buildSessionQuery(req, function(bsqErr, query, indices) {
+    if (bsqErr) {
+      return cb(bsqErr, 0, 0, 0);
+    }
+    query.query.bool.filter.push({exists: {field: req.query.srcField}});
+    query.query.bool.filter.push({exists: {field: req.query.dstField}});
+
+    // get the requested fields
+    let fields = ['totBytes', 'totDataBytes', 'totPackets', 'node'];
+    if (req.query.fields) { fields = req.query.fields.split(','); }
+    query._source = fields;
+    query.docvalue_fields = [fsrc, fdst];
+
+    if (dstipport) {
+      query._source.push('dstPort');
+    }
+
+    let options;
+    if (req.query.cancelId) { options = { cancelId: `${req.user.userId}::${req.query.cancelId}` }; }
+
+    if (Config.debug) {
+      console.log('buildConnections query', JSON.stringify(query, null, 2));
+    }
+
+    Db.searchPrimary(indices, 'session', query, options, function (err, graph) {
+      if (Config.debug) {
+        console.log('buildConnections result', JSON.stringify(graph, null, 2));
+      }
+
+      if (err || graph.error) {
+        console.log('Build Connections ERROR', err, graph.error);
+        return cb(err || graph.error);
+      }
+
+      async.eachLimit(graph.hits.hits, 10, function (hit, hitCb) {
+        let f = hit._source;
+        f = flattenFields(f);
+
+        let asrc = hit.fields[fsrc];
+        let adst = hit.fields[fdst];
+
+        if (asrc === undefined || adst === undefined) {
+          return setImmediate(hitCb);
+        }
+
+        if (!Array.isArray(asrc)) {
+          asrc = [asrc];
+        }
+
+        if (!Array.isArray(adst)) {
+          adst = [adst];
+        }
+
+        for (let vsrc of asrc) {
+          for (let vdst of adst) {
+            if (dstIsIp && dstipport) {
+              if (vdst.includes(':')) {
+                vdst += '.' + f.dstPort;
+              } else {
+                vdst += ':' + f.dstPort;
+              }
+            }
+            process(vsrc, vdst, f, fields);
+          }
+        }
+        setImmediate(hitCb);
+      }, function (err) {
+        let nodes = [];
+        let nodeKeys = Object.keys(nodesHash);
+        if (Config.get('regressionTests', false)) {
+          nodeKeys = nodeKeys.sort(function (a,b) { return nodesHash[a].id.localeCompare(nodesHash[b].id); });
+        }
+        for (let node of nodeKeys) {
+          if (nodesHash[node].cnt < minConn) {
+            nodesHash[node].pos = -1;
+          } else {
+            nodesHash[node].pos = nodes.length;
+            nodes.push(nodesHash[node]);
+          }
+        }
+
+        let links = [];
+        for (let key in connects) {
+          var c = connects[key];
+          c.source = nodesHash[c.source].pos;
+          c.target = nodesHash[c.target].pos;
+          if (c.source >= 0 && c.target >= 0) {
+            links.push(connects[key]);
+          }
+        }
+
+        if (Config.debug) {
+          console.log('nodesHash', nodesHash);
+          console.log('connects', connects);
+          console.log('nodes', nodes.length, nodes);
+          console.log('links', links.length, links);
+        }
+
+        return cb(null, nodes, links, graph.hits.total);
+      });
+    });
+  });
+}
+
+app.get('/connections.json', [noCacheJson, recordResponseTime, logAction('connections'), setCookie], (req, res) => {
+  let health;
+  Db.healthCache(function (err, h) { health = h; });
+  buildConnections(req, res, function (err, nodes, links, total) {
+    if (err) { return res.molochError(403, err.toString()); }
+    res.send({ health: health, nodes: nodes, links: links, recordsFiltered: total });
+  });
+});
+
+app.get('/connections.csv', logAction(), function(req, res) {
+  noCache(req, res, "text/csv");
+
+  var seperator = req.query.seperator || ",";
+  buildConnections(req, res, function (err, nodes, links, total) {
+    if (err) {
+      return res.send(err);
+    }
+
+    // write out the fields requested
+    let fields = ['totBytes', 'totDataBytes', 'totPackets', 'node'];
+    if (req.query.fields) { fields = req.query.fields.split(','); }
+
+    res.write("Source, Destination, Sessions");
+    let displayFields = {};
+    for (let field of fields) {
+      let fieldsMap = JSON.parse(app.locals.fieldsMap);
+      for (let f in fieldsMap) {
+        if (fieldsMap[f].dbField === field) {
+          let friendlyName = fieldsMap[f].friendlyName;
+          displayFields[field] = fieldsMap[f];
+          res.write(`, ${friendlyName}`);
+        }
+      }
+    }
+    res.write('\r\n');
+
+    for (let i = 0, ilen = links.length; i < ilen; i++) {
+      res.write("\"" + nodes[links[i].source].id.replace('"', '""') + "\"" + seperator +
+                "\"" + nodes[links[i].target].id.replace('"', '""') + "\"" + seperator +
+                     links[i].value + seperator);
+      for (let f = 0, flen = fields.length; f < flen; f++) {
+        res.write(links[i][displayFields[fields[f]].dbField].toString());
+        if (f !== flen - 1) { res.write(seperator); }
+      }
+      res.write('\r\n');
+    }
+
+    res.end();
+  });
+});
+
+function csvListWriter(req, res, list, fields, pcapWriter, extension) {
+  if (list.length > 0 && list[0].fields) {
+    list = list.sort(function(a,b){return a.fields.lastPacket - b.fields.lastPacket;});
+  } else if (list.length > 0 && list[0]._source) {
+    list = list.sort(function(a,b){return a._source.lastPacket - b._source.lastPacket;});
+  }
+
+  var fieldObjects  = Config.getDBFieldsMap();
+
+  if (fields) {
+    var columnHeaders = [];
+    for (let i = 0, ilen = fields.length; i < ilen; ++i) {
+      if (fieldObjects[fields[i]] !== undefined) {
+        columnHeaders.push(fieldObjects[fields[i]].friendlyName);
+      }
+    }
+    res.write(columnHeaders.join(', '));
+    res.write('\r\n');
+  }
+
+  for (var j = 0, jlen = list.length; j < jlen; j++) {
+    var sessionData = flattenFields(list[j]._source || list[j].fields);
+    sessionData._id = list[j]._id;
+
+    if (!fields) { continue; }
+
+    var values = [];
+    for (let k = 0, klen = fields.length; k < klen; ++k) {
+      let value = sessionData[fields[k]];
+      if (fields[k] === 'ipProtocol' && value) {
+        value = Pcap.protocol2Name(value);
+      }
+
+      if (Array.isArray(value)) {
+        let singleValue = '"' + value.join(', ') +  '"';
+        values.push(singleValue);
+      } else {
+        if (value === undefined) {
+          value = '';
+        } else if (typeof(value) === 'string' && value.includes(',')) {
+          if (value.includes('"')) {
+            value = value.replace(/"/g, '""');
+          }
+          value = '"' + value + '"';
+        }
+        values.push(value);
+      }
+    }
+
+    res.write(values.join(','));
+    res.write('\r\n');
+  }
+
+  res.end();
+}
+
+app.get(/\/sessions.csv.*/, logAction(), function(req, res) {
+  noCache(req, res, "text/csv");
+
+  // default fields to display in csv
+  var fields = ["ipProtocol", "firstPacket", "lastPacket", "srcIp", "srcPort", "srcGEO", "dstIp", "dstPort", "dstGEO", "totBytes", "totDataBytes", "totPackets", "node"];
+  // save requested fields because sessionsListFromQuery returns fields with
+  // "rootId" appended onto the end
+  var reqFields = fields;
+
+  if (req.query.fields) {
+    fields = reqFields = queryValueToArray(req.query.fields);
+  }
+
+  if (req.query.ids) {
+    var ids = queryValueToArray(req.query.ids);
+    sessionsListFromIds(req, ids, fields, function(err, list) {
+      csvListWriter(req, res, list, reqFields);
+    });
+  } else {
+    sessionsListFromQuery(req, res, fields, function(err, list) {
+      csvListWriter(req, res, list, reqFields);
+    });
+  }
+});
+
+app.get('/multiunique.txt', logAction(), function(req, res) {
+  noCache(req, res, 'text/plain; charset=utf-8');
+
+  if (req.query.exp === undefined) {
+    return res.send("Missing exp parameter");
+  }
+
+  let fields = [];
+  let parts = req.query.exp.split(',');
+  for (let i = 0; i < parts.length; i++) {
+    let field = Config.getFieldsMap()[parts[i]];
+    if (!field) {
+      return res.send(`Unknown expression ${parts[i]}\n`);
+    }
+    fields.push(field);
+  }
+
+  let separator = req.query.separator || ', ';
+  let doCounts = parseInt(req.query.counts, 10) || 0;
+
+  let results = [];
+  function printUnique(buckets, line) {
+    for (let i = 0; i < buckets.length; i++) {
+      if (buckets[i].field) {
+        printUnique(buckets[i].field.buckets, line + buckets[i].key + separator);
+      } else {
+        results.push({line: line + buckets[i].key, count: buckets[i].doc_count});
+      }
+    }
+  }
+
+  buildSessionQuery(req, function(err, query, indices) {
+    delete query.sort;
+    delete query.aggregations;
+    query.size = 0;
+
+    if (!query.query.bool.must) {
+      query.query.bool.must = [];
+    }
+
+    let lastQ = query;
+    for (let i = 0; i < fields.length; i++) {
+      query.query.bool.must.push({ exists: { field: fields[i].dbField } });
+      lastQ.aggregations = {field: { terms : {field : fields[i].dbField, size: +Config.get('maxAggSize', 10000)}}};
+      lastQ = lastQ.aggregations.field;
+    }
+
+    if (Config.debug > 2) {
+      console.log("multiunique aggregations", indices, JSON.stringify(query, false, 2));
+    }
+    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
+      if (err) {
+        console.log('multiunique ERROR', err);
+        res.status(400);
+        return res.end(err);
+      }
+
+      if (Config.debug > 2) {
+        console.log('result', JSON.stringify(result, false, 2));
+      }
+      printUnique(result.aggregations.field.buckets, "");
+
+      if (req.query.sort !== 'field') {
+        results = results.sort(function(a, b) {return b.count - a.count;});
+      }
+
+      if (doCounts) {
+        for (let i = 0; i < results.length; i++) {
+          res.write(results[i].line + separator + results[i].count + '\n');
+        }
+      } else {
+        for (let i = 0; i < results.length; i++) {
+          res.write(results[i].line + '\n');
+        }
+      }
+      return res.end();
+    });
+  });
+});
+
+app.get('/unique.txt', [logAction(), fieldToExp], function(req, res) {
+  noCache(req, res, 'text/plain; charset=utf-8');
+
+  if (req.query.field === undefined && req.query.exp === undefined) {
+    return res.send('Missing field or exp parameter');
+  }
+
+  /* How should the results be written.  Use setImmediate to not blow stack frame */
+  let writeCb;
+  let doneCb;
+  let items = [];
+  let aggSize = +Config.get('maxAggSize', 10000);
+
+  if (req.query.autocomplete !== undefined) {
+    if (!Config.get('valueAutoComplete', !Config.get('multiES', false))) {
+      res.send([]);
+      return;
+    }
+
+    let spiDataMaxIndices = +Config.get('spiDataMaxIndices', 4);
+    if (spiDataMaxIndices !== -1) {
+      if (req.query.date === '-1' ||
+          (req.query.date !== undefined && +req.query.date > spiDataMaxIndices)) {
+        console.log(`INFO For autocomplete replacing date=${safeStr(req.query.date)} with ${spiDataMaxIndices}`);
+        req.query.date = spiDataMaxIndices;
+      }
+    }
+
+    aggSize = 1000; // lower agg size for autocomplete
+    doneCb = function() {
+      res.send(items);
+    };
+    writeCb = function (item) {
+      items.push(item.key);
+    };
+  } else if (parseInt(req.query.counts, 10) || 0) {
+    writeCb = function (item) {
+      res.write(`${item.key}, ${item.doc_count}\n`);
+    };
+  } else {
+    writeCb = function (item) {
+      res.write(`${item.key}\n`);
+    };
+  }
+
+  /* How should each item be processed. */
+  let eachCb = writeCb;
+
+  if (req.query.field.match(/(ip.src:port.src|a1:p1|srcIp:srtPort|ip.src:srcPort|ip.dst:port.dst|a2:p2|dstIp:dstPort|ip.dst:dstPort)/)) {
+    eachCb = function(item) {
+      let sep = (item.key.indexOf(':') === -1)? ':' : '.';
+      item.field2.buckets.forEach((item2) => {
+        item2.key = item.key + sep + item2.key;
+        writeCb(item2);
+      });
+    };
+  }
+
+  buildSessionQuery(req, function(err, query, indices) {
+    delete query.sort;
+    delete query.aggregations;
+
+    if (req.query.field.match(/(ip.src:port.src|a1:p1|srcIp:srcPort|ip.src:srcPort)/)) {
+      query.aggregations = {field: { terms : {field : 'srcIp', size: aggSize}, aggregations: {field2: {terms: {field: 'srcPort', size: 100}}}}};
+    } else if (req.query.field.match(/(ip.dst:port.dst|a2:p2|dstIp:dstPort|ip.dst:dstPort)/)) {
+      query.aggregations = {field: { terms : {field : 'dstIp', size: aggSize}, aggregations: {field2: {terms: {field: 'dstPort', size: 100}}}}};
+    } else if (req.query.field === 'fileand') {
+      query.aggregations = { field: { terms : { field : 'node', size: aggSize }, aggregations: { field2: { terms: { field: 'fileId', size: 100 } } } } };
+    } else {
+      query.aggregations = {field: { terms : {field : req.query.field, size: aggSize}}};
+    }
+
+    query.size = 0;
+    console.log('unique aggregations', indices, JSON.stringify(query));
+
+    function findFileNames (result) {
+      let intermediateResults = [];
+      let aggs = result.aggregations.field.buckets;
+      aggs.forEach((item) => {
+        item.field2.buckets.forEach((sitem) => {
+          intermediateResults.push({ key: item.key + ':' + sitem.key, doc_count: sitem.doc_count });
+        });
+      });
+
+      async.each(intermediateResults, (fsitem, cb) => {
+        let split = fsitem.key.split(':');
+        let node = split[0];
+        let fileId = split[1];
+        Db.fileIdToFile(node, fileId, function (file) {
+          if (file && file.name) {
+            eachCb({key: file.name, doc_count: fsitem.doc_count });
+          }
+          cb();
+        });
+      }, function () {
+        return res.end();
+      });
+    }
+
+    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
+      if (err) {
+        console.log('Error', query, err);
+        return doneCb?doneCb():res.end();
+      }
+      if (Config.debug) {
+        console.log('unique.txt result', util.inspect(result, false, 50));
+      }
+      if (!result.aggregations || !result.aggregations.field) {
+        return doneCb ? doneCb() : res.end();
+      }
+
+
+      if (req.query.field === 'fileand') {
+        return findFileNames(result);
+      }
+
+      for (let i = 0, ilen = result.aggregations.field.buckets.length; i < ilen; i++) {
+        eachCb(result.aggregations.field.buckets[i]);
+      }
+
+      return doneCb ? doneCb() : res.end();
+    });
+  });
+});
+
+function processSessionIdDisk(session, headerCb, packetCb, endCb, limit) {
+  let fields;
+
+  function processFile(pcap, pos, i, nextCb) {
+    pcap.ref();
+    pcap.readPacket(pos, function(packet) {
+      switch(packet) {
+      case null:
+        let msg = util.format(session._id, "in file", pcap.filename, "couldn't read packet at", pos, "packet #", i, "of", fields.packetPos.length);
+        console.log("ERROR - processSessionIdDisk -", msg);
+        endCb(msg, null);
+        break;
+      case undefined:
+        break;
+      default:
+        packetCb(pcap, packet, nextCb, i);
+        break;
+      }
+      pcap.unref();
+    });
+  }
+
+  fields = session._source || session.fields;
+
+  var fileNum;
+  var itemPos = 0;
+  async.eachLimit(fields.packetPos, limit || 1, function(pos, nextCb) {
+    if (pos < 0) {
+      fileNum = pos * -1;
+      return nextCb(null);
+    }
+
+    // Get the pcap file for this node a filenum, if it isn't opened then do the filename lookup and open it
+    var opcap = Pcap.get(fields.node + ":" + fileNum);
+    if (!opcap.isOpen()) {
+      Db.fileIdToFile(fields.node, fileNum, function(file) {
+        if (!file) {
+          console.log("WARNING - Only have SPI data, PCAP file no longer available.  Couldn't look up in file table", fields.node + '-' + fileNum);
+          return nextCb("Only have SPI data, PCAP file no longer available for " + fields.node + '-' + fileNum);
+        }
+        if (file.kekId) {
+          file.kek = Config.sectionGet("keks", file.kekId, undefined);
+          if (file.kek === undefined) {
+            console.log("ERROR - Couldn't find kek", file.kekId, "in keks section");
+            return nextCb("Couldn't find kek " + file.kekId + " in keks section");
+          }
+        }
+
+        var ipcap = Pcap.get(fields.node + ":" + file.num);
+
+        try {
+          ipcap.open(file.name, file);
+        } catch (err) {
+          console.log("ERROR - Couldn't open file ", err);
+          return nextCb("Couldn't open file " + err);
+        }
+
+        if (headerCb) {
+          headerCb(ipcap, ipcap.readHeader());
+          headerCb = null;
+        }
+        processFile(ipcap, pos, itemPos++, nextCb);
+      });
+    } else {
+      if (headerCb) {
+        headerCb(opcap, opcap.readHeader());
+        headerCb = null;
+      }
+      processFile(opcap, pos, itemPos++, nextCb);
+    }
+  },
+  function (pcapErr, results) {
+    endCb(pcapErr, fields);
+  });
+}
+
+function processSessionId(id, fullSession, headerCb, packetCb, endCb, maxPackets, limit) {
+  var options;
+  if (!fullSession) {
+    options  = { _source: 'node,totPackets,packetLen,packetPos,srcIp,srcPort,ipProtocol' };
+  }
+
+  Db.getWithOptions(Db.sid2Index(id), 'session', Db.sid2Id(id), options, function(err, session) {
+    if (err || !session.found) {
+      console.log("session get error", err, session);
+      return endCb("Session not found", null);
+    }
+
+    var fields = session._source || session.fields;
+
+    if (maxPackets && fields.packetPos.length > maxPackets) {
+      fields.packetPos.length = maxPackets;
+    }
+
+    /* Go through the list of prefetch the id to file name if we are running in parallel to
+     * reduce the number of elasticsearch queries and problems
+     */
+    let outstanding = 0, i, ilen;
+
+    function fileReadyCb (fileInfo) {
+      outstanding--;
+      if (i === ilen && outstanding === 0) {
+        readyToProcess();
+      }
+    }
+
+    for (i = 0, ilen = fields.packetPos.length; i < ilen; i++) {
+      if (fields.packetPos[i] < 0) {
+        outstanding++;
+        Db.fileIdToFile(fields.node, -1 * fields.packetPos[i], fileReadyCb);
+      }
+    }
+
+    function readyToProcess() {
+      var pcapWriteMethod = Config.getFull(fields.node, "pcapWriteMethod");
+      var psid = processSessionIdDisk;
+      var writer = internals.writers[pcapWriteMethod];
+      if (writer && writer.processSessionId) {
+        psid = writer.processSessionId;
+      }
+
+      psid(session, headerCb, packetCb, function (err, fields) {
+        if (!fields) {
+          return endCb(err, fields);
+        }
+
+        if (!fields.tags) {
+          fields.tags = [];
+        }
+
+        fixFields(fields, endCb);
+      }, limit);
+    }
+  });
+}
+
+function processSessionIdAndDecode(id, numPackets, doneCb) {
+  var packets = [];
+  processSessionId(id, true, null, function (pcap, buffer, cb, i) {
+    var obj = {};
+    if (buffer.length > 16) {
+      pcap.decode(buffer, obj);
+    } else {
+      obj = {ip: {p: ""}};
+    }
+    packets[i] = obj;
+    cb(null);
+  },
+  function(err, session) {
+    if (err) {
+      console.log("ERROR - processSessionIdAndDecode", err);
+      return doneCb(err);
+    }
+    packets = packets.filter(Boolean);
+    if (packets.length === 0) {
+      return doneCb(null, session, []);
+    } else if (packets[0].ip === undefined) {
+      return doneCb(null, session, []);
+    } else if (packets[0].ip.p === 1) {
+      Pcap.reassemble_icmp(packets, numPackets, function(err, results) {
+        return doneCb(err, session, results);
+      });
+    } else if (packets[0].ip.p === 6) {
+      var key = session.srcIp;
+      Pcap.reassemble_tcp(packets, numPackets, key + ':' + session.srcPort, function(err, results) {
+        return doneCb(err, session, results);
+      });
+    } else if (packets[0].ip.p === 17) {
+      Pcap.reassemble_udp(packets, numPackets, function(err, results) {
+        return doneCb(err, session, results);
+      });
+    } else if (packets[0].ip.p === 132) {
+      Pcap.reassemble_sctp(packets, numPackets, function(err, results) {
+        return doneCb(err, session, results);
+      });
+    } else {
+      return doneCb(null, session, []);
+    }
+  },
+  numPackets, 10);
+}
+
+function localSessionDetailReturnFull(req, res, session, incoming) {
+  if (req.packetsOnly) { // only return packets
+    res.render('sessionPackets.pug', {
+      filename: 'sessionPackets',
+      cache: isProduction(),
+      compileDebug: !isProduction(),
+      user: req.user,
+      session: session,
+      data: incoming,
+      reqPackets: req.query.packets,
+      query: req.query,
+      basedir: "/",
+      reqFields: Config.headers("headers-http-request"),
+      resFields: Config.headers("headers-http-response"),
+      emailFields: Config.headers("headers-email"),
+      showFrames: req.query.showFrames
+    }, function(err, data) {
+      if (err) {
+        console.trace("ERROR - localSession - ", err);
+        return req.next(err);
+      }
+      res.send(data);
+    });
+  } else { // return SPI data and packets
+    res.send("HOW DID I GET HERE?");
+    console.trace("HOW DID I GET HERE");
+  }
+}
+
+function localSessionDetailReturn(req, res, session, incoming) {
+  //console.log("ALW", JSON.stringify(incoming));
+  var numPackets = req.query.packets || 200;
+  if (incoming.length > numPackets) {
+    incoming.length = numPackets;
+  }
+
+  if (incoming.length === 0) {
+    return localSessionDetailReturnFull(req, res, session, []);
+  }
+
+  var options = {
+    id: session.id,
+    nodeName: req.params.nodeName,
+    order: [],
+    "ITEM-HTTP": {
+      order: []
+    },
+    "ITEM-SMTP": {
+      order: []
+    },
+    "ITEM-CB": {
+    }
+  };
+
+  if (req.query.needgzip) {
+    options["ITEM-HTTP"].order.push("BODY-UNCOMPRESS");
+    options["ITEM-SMTP"].order.push("BODY-UNBASE64");
+    options["ITEM-SMTP"].order.push("BODY-UNCOMPRESS");
+  }
+
+  options.order.push("ITEM-HTTP");
+  options.order.push("ITEM-SMTP");
+
+  var decodeOptions = JSON.parse(req.query.decode || "{}");
+  for (var key in decodeOptions) {
+    if (key.match(/^ITEM/)) {
+      options.order.push(key);
+    } else {
+      options["ITEM-HTTP"].order.push(key);
+      options["ITEM-SMTP"].order.push(key);
+    }
+    options[key] = decodeOptions[key];
+  }
+
+  if (req.query.needgzip) {
+    options["ITEM-HTTP"].order.push("BODY-UNCOMPRESS");
+    options["ITEM-SMTP"].order.push("BODY-UNCOMPRESS");
+  }
+
+  options.order.push("ITEM-BYTES");
+  options.order.push("ITEM-SORTER");
+  if (req.query.needimage) {
+    options.order.push("ITEM-LINKBODY");
+  }
+  if (req.query.base === "hex") {
+    options.order.push("ITEM-HEX");
+    options["ITEM-HEX"]= {showOffsets: req.query.line === "true"};
+  } else if (req.query.base === "ascii") {
+    options.order.push("ITEM-ASCII");
+  } else if (req.query.base === "utf8") {
+    options.order.push("ITEM-UTF8");
+  } else {
+    options.order.push("ITEM-NATURAL");
+  }
+  options.order.push("ITEM-CB");
+  options["ITEM-CB"].cb = function(err, outgoing) {
+    localSessionDetailReturnFull(req, res, session, outgoing);
+  };
+
+  if (Config.debug) {
+    console.log("Pipeline options", options);
+  }
+
+  decode.createPipeline(options, options.order, new decode.Pcap2ItemStream(options, incoming));
+}
+
+function sortFields(session) {
+  if (session.tags) {
+    session.tags = session.tags.sort();
+  }
+  if (session.http) {
+    if (session.http.requestHeader) {
+      session.http.requestHeader = session.http.requestHeader.sort();
+    }
+    if (session.http.responseHeader) {
+      session.http.responseHeader = session.http.responseHeader.sort();
+    }
+  }
+  if (session.email && session.email.headers) {
+    session.email.headers = session.email.headers.sort();
+  }
+  if (session.ipProtocol) {
+    session.ipProtocol = Pcap.protocol2Name(session.ipProtocol);
+  }
+}
+
+
+function localSessionDetail(req, res) {
+  if (!req.query) {
+    req.query = { gzip: false, line: false, base: "natural", packets: 200 };
+  }
+
+  req.query.needgzip = req.query.gzip === "true" || false;
+  req.query.needimage = req.query.image === "true" || false;
+  req.query.line = req.query.line  || false;
+  req.query.base = req.query.base  || "ascii";
+  req.query.showFrames = req.query.showFrames === 'true' || false;
+
+  var packets = [];
+  processSessionId(req.params.id, !req.packetsOnly, null, function (pcap, buffer, cb, i) {
+    var obj = {};
+    if (buffer.length > 16) {
+      try {
+        pcap.decode(buffer, obj);
+      } catch (e) {
+        obj = {ip: {p: "Error decoding" + e}};
+        console.trace("loadSessionDetail error", e.stack);
+      }
+    } else {
+      obj = {ip: {p: "Empty"}};
+    }
+    packets[i] = obj;
+    cb(null);
+  },
+  function(err, session) {
+    if (err) {
+      return res.end("Problem loading packets for " + safeStr(req.params.id) + " Error: " + err);
+    }
+    session.id = req.params.id;
+    sortFields(session);
+
+    if (req.query.showFrames && packets.length !== 0) {
+      Pcap.packetFlow(session, packets, +req.query.packets || 200, function (err, results, sourceKey, destinationKey) {
+        session._err = err;
+        session.sourceKey = sourceKey;
+        session.destinationKey = destinationKey;
+        localSessionDetailReturn(req, res, session, results || []);
+      });
+    } else if (packets.length === 0) {
+      session._err = "No pcap data found";
+      localSessionDetailReturn(req, res, session, []);
+    } else if (packets[0].ip === undefined) {
+      session._err = "Couldn't decode pcap file, check viewer log";
+      localSessionDetailReturn(req, res, session, []);
+    } else if (packets[0].ip.p === 1) {
+      Pcap.reassemble_icmp(packets, +req.query.packets || 200, function(err, results) {
+        session._err = err;
+        localSessionDetailReturn(req, res, session, results || []);
+      });
+    } else if (packets[0].ip.p === 6) {
+      var key = session.srcIp;
+      Pcap.reassemble_tcp(packets, +req.query.packets || 200, key + ':' + session.srcPort, function(err, results) {
+        session._err = err;
+        localSessionDetailReturn(req, res, session, results || []);
+      });
+    } else if (packets[0].ip.p === 17) {
+      Pcap.reassemble_udp(packets, +req.query.packets || 200, function(err, results) {
+        session._err = err;
+        localSessionDetailReturn(req, res, session, results || []);
+      });
+    } else if (packets[0].ip.p === 132) {
+      Pcap.reassemble_sctp(packets, +req.query.packets || 200, function(err, results) {
+        session._err = err;
+        localSessionDetailReturn(req, res, session, results || []);
+      });
+    } else if (packets[0].ip.p === 50) {
+      Pcap.reassemble_esp(packets, +req.query.packets || 200, function(err, results) {
+        session._err = err;
+        localSessionDetailReturn(req, res, session, results || []);
+      });
+    } else if (packets[0].ip.p === 58) {
+      Pcap.reassemble_icmp(packets, +req.query.packets || 200, function(err, results) {
+        session._err = err;
+        localSessionDetailReturn(req, res, session, results || []);
+      });
+    } else {
+      session._err = "Unknown ip.p=" + packets[0].ip.p;
+      localSessionDetailReturn(req, res, session, []);
+    }
+  },
+  req.query.needimage?10000:400, 10);
+}
+
+/**
+ * Get SPI data for a session
+ */
+app.get('/:nodeName/session/:id/detail', cspHeader, logAction(), (req, res) => {
+  Db.getWithOptions(Db.sid2Index(req.params.id), 'session', Db.sid2Id(req.params.id), {}, function(err, session) {
+    if (err || !session.found) {
+      return res.end("Couldn't look up SPI data, error for session " + safeStr(req.params.id) + " Error: " +  err);
+    }
+
+    session = session._source;
+
+    session.id = req.params.id;
+
+    sortFields(session);
+
+    let hidePackets = (session.fileId === undefined || session.fileId.length === 0)?"true":"false";
+    fixFields(session, () => {
+      pug.render(internals.sessionDetailNew, {
+        filename    : "sessionDetail",
+        cache       : isProduction(),
+        compileDebug: !isProduction(),
+        user        : req.user,
+        session     : session,
+        Db          : Db,
+        query       : req.query,
+        basedir     : "/",
+        hidePackets : hidePackets,
+        reqFields   : Config.headers("headers-http-request"),
+        resFields   : Config.headers("headers-http-response"),
+        emailFields : Config.headers("headers-email")
+      }, function(err, data) {
+        if (err) {
+          console.trace("ERROR - fixFields - ", err);
+          return req.next(err);
+        }
+        if (Config.debug > 1) {
+          console.log("Detail Rendering", data.replace(/>/g, ">\n"));
+        }
+        res.send(data);
+      });
+    });
+  });
+});
+
+/**
+ * Get Session Packets
+ */
+app.get('/:nodeName/session/:id/packets', [logAction(), checkPermissions(['hidePcap'])], (req, res) => {
+  isLocalView(req.params.nodeName, function () {
+    noCache(req, res);
+    req.packetsOnly = true;
+    localSessionDetail(req, res);
+  },
+  function () {
+    return proxyRequest(req, res);
+  });
+});
+
+function reqGetRawBody(req, cb) {
+  processSessionIdAndDecode(req.params.id, 10000, function(err, session, incoming) {
+    if (err) {
+      return cb(err);
+    }
+
+
+    if (incoming.length === 0) {
+      return cb(null, null);
+    }
+
+    var options = {
+      id: session.id,
+      nodeName: req.params.nodeName,
+      order: [],
+      "ITEM-HTTP": {
+        order: []
+      },
+      "ITEM-SMTP": {
+        order: ["BODY-UNBASE64"]
+      },
+      "ITEM-CB": {
+      },
+      "ITEM-RAWBODY": {
+        bodyNumber: +req.params.bodyNum
+      }
+    };
+
+    if (req.query.needgzip) {
+      options["ITEM-HTTP"].order.push("BODY-UNCOMPRESS");
+      options["ITEM-SMTP"].order.push("BODY-UNCOMPRESS");
+    }
+
+    options.order.push("ITEM-HTTP");
+    options.order.push("ITEM-SMTP");
+
+    options.order.push("ITEM-RAWBODY");
+    options.order.push("ITEM-CB");
+    options["ITEM-CB"].cb = function(err, items) {
+      if (err) {
+        return cb(err);
+      }
+      if (items === undefined || items.length === 0) {
+        return cb("No match");
+      }
+      cb(err, items[0].data);
+    };
+
+    decode.createPipeline(options, options.order, new decode.Pcap2ItemStream(options, incoming));
+  });
+}
+
+app.get('/:nodeName/:id/body/:bodyType/:bodyNum/:bodyName', checkProxyRequest, function(req, res) {
+  reqGetRawBody(req, function (err, data) {
+    if (err) {
+      console.trace(err);
+      return res.end("Error");
+    }
+    res.setHeader("Content-Type", "application/force-download");
+    res.setHeader("Content-Disposition", "attachment; filename="+req.params.bodyName);
+    return res.end(data);
+  });
+});
+
+app.get('/:nodeName/:id/bodypng/:bodyType/:bodyNum/:bodyName', checkProxyRequest, function(req, res) {
+  reqGetRawBody(req, function (err, data) {
+    if (err || data === null || data.length === 0) {
+      return res.send (internals.emptyPNG);
+    }
+    res.setHeader("Content-Type", "image/png");
+
+    var png = new PNG({width: internals.PNG_LINE_WIDTH, height: Math.ceil(data.length/internals.PNG_LINE_WIDTH)});
+    png.data = data;
+    res.send(PNG.sync.write(png, {inputColorType:0, colorType: 0, bitDepth:8, inputHasAlpha:false}));
+  });
+});
+
+/**
+ * Get a file given a hash of that file
+ */
+
+app.get('/bodyHash/:hash', logAction('bodyhash'), function(req, res) {
+  var hash = null;
+  var nodeName = null;
+  var sessionID = null;
+
+  buildSessionQuery(req, function(bsqErr, query, indices) {
+    if (bsqErr) {
+      res.status(400);
+      return res.end(bsqErr);
+    }
+
+    query.size = 1;
+    query.sort = { lastPacket: { order: 'desc' } };
+    query._source = ["node"];
+
+    if (Config.debug) {
+      console.log(`sessions.json ${indices} query`, JSON.stringify(query, null, 1));
+    }
+    Db.searchPrimary(indices, 'session', query, null, function (err, sessions) {
+      if (err ) {
+        console.log ("Error -> Db Search ", err);
+        res.status(400);
+        res.end(err);
+      } else if (sessions.error) {
+        console.log ("Error -> Db Search ", sessions.error);
+        res.status(400);
+        res.end(sessions.error);
+      } else {
+          if (Config.debug) {
+            console.log("bodyHash result", util.inspect(sessions, false, 50));
+          }
+          if (sessions.hits.hits.length > 0) {
+
+            nodeName = sessions.hits.hits[0]._source.node;
+            sessionID = Db.session2Sid(sessions.hits.hits[0]);
+            hash = req.params.hash;
+
+            isLocalView(nodeName, function () { // get file from the local disk
+              localGetItemByHash (nodeName, sessionID, hash, (err, item) => {
+                if (err) {
+                  res.status(400);
+                  return res.end(err);
+                } else if (item) {
+                  noCache(req, res, 'application/force-download');
+                  res.setHeader("content-disposition", "attachment; filename="+ item.bodyName+".pellet");
+                  return res.end(item.data);
+                } else {
+                  res.status(400);
+                  return res.end("No Match");
+                }
+              });
+            },
+            function () { // get file from the remote disk
+              var preq = util._extend({},req);
+              preq.params.nodeName = nodeName;
+              preq.params.id = sessionID;
+              preq.params.hash = hash;
+              preq.url = Config.basePath(nodeName) + nodeName + '/' + sessionID + '/bodyHash/' + hash;
+              return proxyRequest(preq, res);
+            });
+          }
+          else {
+            res.status(400);
+            res.end ("No Match Found");
+          }
+      }
+    });
+  });
+});
+
+app.get('/:nodeName/:id/bodyHash/:hash', checkProxyRequest, function(req, res) {
+  localGetItemByHash (req.params.nodeName, req.params.id, req.params.hash, (err, item) => {
+    if (err) {
+       res.status(400);
+       return res.end(err);
+    } else if (item) {
+      noCache(req, res, 'application/force-download');
+      res.setHeader("content-disposition", "attachment; filename="+ item.bodyName+".pellet");
+      return res.end(item.data);
+    } else {
+      res.status(400);
+      return res.end("No Match");
+    }
+  });
+});
+
+function localGetItemByHash(nodeName, sessionID, hash, cb) {
+  processSessionIdAndDecode(sessionID, 10000, function(err, session, incoming) {
+    if (err) {
+      return cb(err);
+    }
+    if (incoming.length === 0) {
+      return cb(null, null);
+    }
+    var options = {
+      id: sessionID,
+      nodeName: nodeName,
+      order: [],
+      "ITEM-HTTP": {
+        order: []
+      },
+      "ITEM-SMTP": {
+        order: ["BODY-UNBASE64"]
+      },
+      "ITEM-HASH": {
+        hash: hash
+      },
+      "ITEM-CB": {
+      }
+    };
+
+    options.order.push("ITEM-HTTP");
+    options.order.push("ITEM-SMTP");
+    options.order.push("ITEM-HASH");
+    options.order.push("ITEM-CB");
+    options["ITEM-CB"].cb = function(err, items) {
+      if (err) {
+        return cb(err, null);
+      }
+      if (items === undefined || items.length === 0) {
+        return cb("No match", null);
+      }
+      return cb(err, items[0]);
+    };
+    decode.createPipeline(options, options.order, new decode.Pcap2ItemStream(options, incoming));
+  });
+}
+
+function writePcap(res, id, options, doneCb) {
+  var b = Buffer.alloc(0xfffe);
+  var nextPacket = 0;
+  var boffset = 0;
+  var packets = {};
+
+  processSessionId(id, false, function (pcap, buffer) {
+    if (options.writeHeader) {
+      res.write(buffer);
+      options.writeHeader = false;
+    }
+  },
+  function (pcap, buffer, cb, i) {
+    // Save this packet in its spot
+    packets[i] = buffer;
+
+    // Send any packets we have in order
+    while (packets[nextPacket]) {
+      buffer = packets[nextPacket];
+      delete packets[nextPacket];
+      nextPacket++;
+
+      if (boffset + buffer.length > b.length) {
+        res.write(b.slice(0, boffset));
+        boffset = 0;
+        b = Buffer.alloc(0xfffe);
+      }
+      buffer.copy(b, boffset, 0, buffer.length);
+      boffset += buffer.length;
+    }
+    cb(null);
+  },
+  function(err, session) {
+    if (err) {
+      console.trace("writePcap", err);
+      return doneCb(err);
+    }
+    res.write(b.slice(0, boffset));
+    doneCb(err);
+  }, undefined, 10);
+}
+
+function writePcapNg(res, id, options, doneCb) {
+  var b = Buffer.alloc(0xfffe);
+  var boffset = 0;
+
+  processSessionId(id, true, function (pcap, buffer) {
+    if (options.writeHeader) {
+      res.write(pcap.getHeaderNg());
+      options.writeHeader = false;
+    }
+  },
+  function (pcap, buffer, cb) {
+    if (boffset + buffer.length + 20 > b.length) {
+      res.write(b.slice(0, boffset));
+      boffset = 0;
+      b = Buffer.alloc(0xfffe);
+    }
+
+    /* Need to write the ng block, and conver the old timestamp */
+
+    b.writeUInt32LE(0x00000006, boffset);               // Block Type
+    var len = ((buffer.length + 20 + 3) >> 2) << 2;
+    b.writeUInt32LE(len, boffset + 4);                  // Block Len 1
+    b.writeUInt32LE(0, boffset + 8);                    // Interface Id
+
+    // js has 53 bit numbers, this will over flow on Jun 05 2255
+    var time = buffer.readUInt32LE(0)*1000000 + buffer.readUInt32LE(4);
+    b.writeUInt32LE(Math.floor(time / 0x100000000), boffset + 12);         // Block Len 1
+    b.writeUInt32LE(time % 0x100000000, boffset + 16);   // Interface Id
+
+    buffer.copy(b, boffset + 20, 8, buffer.length - 8);     // cap_len, packet_len
+    b.fill(0, boffset + 12 + buffer.length, boffset + 12 + buffer.length + (4 - (buffer.length%4)) % 4);   // padding
+    boffset += len - 8;
+
+    b.writeUInt32LE(0, boffset);                        // Options
+    b.writeUInt32LE(len, boffset+4);                    // Block Len 2
+    boffset += 8;
+
+    cb(null);
+  },
+  function(err, session) {
+    if (err) {
+      console.log("writePcapNg", err);
+      return;
+    }
+    res.write(b.slice(0, boffset));
+
+    session.version = molochversion.version;
+    delete session.packetPos;
+    var json = JSON.stringify(session);
+
+    var len = ((json.length + 20 + 3) >> 2) << 2;
+    b = Buffer.alloc(len);
+
+    b.writeUInt32LE(0x80808080, 0);               // Block Type
+    b.writeUInt32LE(len, 4);                      // Block Len 1
+    b.write("MOWL", 8);                           // Magic
+    b.writeUInt32LE(json.length, 12);             // Block Len 1
+    b.write(json, 16);                            // Magic
+    b.fill(0, 16 + json.length, 16 + json.length + (4 - (json.length%4)) % 4);   // padding
+    b.writeUInt32LE(len, len-4);                  // Block Len 2
+    res.write(b);
+
+    doneCb(err);
+  });
+}
+
+app.get('/:nodeName/pcapng/:id.pcapng', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], (req, res) => {
+  noCache(req, res, "application/vnd.tcpdump.pcap");
+  writePcapNg(res, req.params.id, {writeHeader: !req.query || !req.query.noHeader || req.query.noHeader !== "true"}, function () {
+    res.end();
+  });
+});
+
+app.get('/:nodeName/pcap/:id.pcap', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], (req, res) => {
+  noCache(req, res, "application/vnd.tcpdump.pcap");
+
+  writePcap(res, req.params.id, {writeHeader: !req.query || !req.query.noHeader || req.query.noHeader !== "true"}, function () {
+    res.end();
+  });
+});
+
+app.get('/:nodeName/raw/:id.png', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], function(req, res) {
+  noCache(req, res, "image/png");
+
+  processSessionIdAndDecode(req.params.id, 1000, function(err, session, results) {
+    if (err) {
+      return res.send (internals.emptyPNG);
+    }
+    var size = 0;
+    var i, ilen;
+    for (i = (req.query.type !== 'dst'?0:1), ilen = results.length; i < ilen; i+=2) {
+      size += results[i].data.length + 2*internals.PNG_LINE_WIDTH - (results[i].data.length % internals.PNG_LINE_WIDTH);
+    }
+    var buffer = Buffer.alloc(size, 0);
+    var pos = 0;
+    if (size === 0) {
+      return res.send (internals.emptyPNG);
+    }
+    for (i = (req.query.type !== 'dst'?0:1), ilen = results.length; i < ilen; i+=2) {
+      results[i].data.copy(buffer, pos);
+      pos += results[i].data.length;
+      var fillpos = pos;
+      pos += 2*internals.PNG_LINE_WIDTH - (results[i].data.length % internals.PNG_LINE_WIDTH);
+      buffer.fill(0xff, fillpos, pos);
+    }
+
+    var png = new PNG({width: internals.PNG_LINE_WIDTH, height: (size/internals.PNG_LINE_WIDTH)-1});
+    png.data = buffer;
+    res.send(PNG.sync.write(png, {inputColorType:0, colorType: 0, bitDepth:8, inputHasAlpha:false}));
+  });
+});
+
+app.get('/:nodeName/raw/:id', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], function(req, res) {
+  noCache(req, res, "application/vnd.tcpdump.pcap");
+
+  processSessionIdAndDecode(req.params.id, 10000, function(err, session, results) {
+    if (err) {
+      return res.send("Error");
+    }
+    for (let i = (req.query.type !== 'dst'?0:1), ilen = results.length; i < ilen; i+=2) {
+      res.write(results[i].data);
+    }
+    res.end();
+  });
+});
+
+app.get('/:nodeName/entirePcap/:id.pcap', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], (req, res) => {
+  noCache(req, res, "application/vnd.tcpdump.pcap");
+
+  var options = {writeHeader: true};
+
+  var query = { _source: ["rootId"],
+                size: 1000,
+                query: {term: {rootId: req.params.id}},
+                sort: { lastPacket: { order: 'asc' } }
+              };
+
+  console.log("entirePcap query", JSON.stringify(query));
+
+  Db.searchPrimary('sessions2-*', 'session', query, null, function (err, data) {
+    async.forEachSeries(data.hits.hits, function(item, nextCb) {
+      writePcap(res, Db.session2Sid(item), options, nextCb);
+    }, function (err) {
+      res.end();
+    });
+  });
+});
+
+function sessionsPcapList(req, res, list, pcapWriter, extension) {
+
+  if (list.length > 0 && list[0].fields) {
+    list = list.sort(function(a,b){return a.fields.lastPacket - b.fields.lastPacket;});
+  } else if (list.length > 0 && list[0]._source) {
+    list = list.sort(function(a,b){return a._source.lastPacket - b._source.lastPacket;});
+  }
+
+  var options = {writeHeader: true};
+
+  async.eachLimit(list, 10, function(item, nextCb) {
+    var fields = item._source || item.fields;
+    isLocalView(fields.node, function () {
+      // Get from our DISK
+      pcapWriter(res, Db.session2Sid(item), options, nextCb);
+    },
+    function () {
+      // Get from remote DISK
+      getViewUrl(fields.node, function(err, viewUrl, client) {
+        var buffer = Buffer.alloc(fields.pa*20 + fields.by);
+        var bufpos = 0;
+        var info = url.parse(viewUrl);
+        info.path = Config.basePath(fields.node) + fields.node + "/" + extension + "/" + Db.session2Sid(item) + "." + extension;
+        info.agent = (client === http?internals.httpAgent:internals.httpsAgent);
+
+        addAuth(info, req.user, fields.node);
+        addCaTrust(info, fields.node);
+        var preq = client.request(info, function(pres) {
+          pres.on('data', function (chunk) {
+            if (bufpos + chunk.length > buffer.length) {
+              var tmp = Buffer.alloc(buffer.length + chunk.length*10);
+              buffer.copy(tmp, 0, 0, bufpos);
+              buffer = tmp;
+            }
+            chunk.copy(buffer, bufpos);
+            bufpos += chunk.length;
+          });
+          pres.on('end', function () {
+            if (bufpos < 24) {
+            } else if (options.writeHeader) {
+              options.writeHeader = false;
+              res.write(buffer.slice(0, bufpos));
+            } else {
+              res.write(buffer.slice(24, bufpos));
+            }
+            setImmediate(nextCb);
+          });
+        });
+        preq.on('error', function (e) {
+          console.log("ERROR - Couldn't proxy pcap request=", info, "\nerror=", e);
+          nextCb(null);
+        });
+        preq.end();
+      });
+    });
+  }, function(err) {
+    res.end();
+  });
+}
+
+function sessionsPcap(req, res, pcapWriter, extension) {
+  noCache(req, res, "application/vnd.tcpdump.pcap");
+
+  if (req.query.ids) {
+    var ids = queryValueToArray(req.query.ids);
+
+    sessionsListFromIds(req, ids, ["lastPacket", "node", "totBytes", "totPackets", "rootId"], function(err, list) {
+      sessionsPcapList(req, res, list, pcapWriter, extension);
+    });
+  } else {
+    sessionsListFromQuery(req, res, ["lastPacket", "node", "totBytes", "totPackets", "rootId"], function(err, list) {
+      sessionsPcapList(req, res, list, pcapWriter, extension);
+    });
+  }
+}
+
+app.get(/\/sessions.pcapng.*/, [logAction(), checkPermissions(['disablePcapDownload'])], (req, res) => {
+  return sessionsPcap(req, res, writePcapNg, "pcapng");
+});
+
+app.get(/\/sessions.pcap.*/, [logAction(), checkPermissions(['disablePcapDownload'])], (req, res) => {
+  return sessionsPcap(req, res, writePcap, "pcap");
+});
+
+internals.usersMissing = {
+  userId: '',
+  userName: '',
+  expression: '',
+  enabled: 0,
+  createEnabled: 0,
+  webEnabled: 0,
+  headerAuthEnabled: 0,
+  emailSearch: 0,
+  removeEnabled: 0,
+  lastUsed: 0
+};
+
+app.post('/user/list', [noCacheJson, recordResponseTime, logAction('users'), checkPermissions(['createEnabled'])], (req, res) => {
+  let columns = [ 'userId', 'userName', 'expression', 'enabled', 'createEnabled',
+    'webEnabled', 'headerAuthEnabled', 'emailSearch', 'removeEnabled', 'packetSearch',
+    'hideStats', 'hideFiles', 'hidePcap', 'disablePcapDownload', 'welcomeMsgNum',
+    'lastUsed', 'timeLimit' ];
+
+  let query = {
+    _source: columns,
+    sort: {},
+    from: +req.body.start || 0,
+    size: +req.body.length || 10000,
+    query: { // exclude the shared user from results
+      bool: { must_not: { term: { userId: '_moloch_shared' } } }
+    }
+  };
+
+  if (req.body.filter) {
+    query.query.bool.should = [
+      { wildcard: { userName: '*' + req.body.filter + '*' } },
+      { wildcard: { userId: '*' + req.body.filter + '*' } }
+    ];
+  }
+
+  req.body.sortField = req.body.sortField || 'userId';
+  query.sort[req.body.sortField] = { order: req.body.desc === true ? 'desc': 'asc' };
+  query.sort[req.body.sortField].missing = internals.usersMissing[req.body.sortField];
+
+  Promise.all([Db.searchUsers(query),
+               Db.numberOfUsers()
+              ])
+  .then(([users, total]) => {
+    if (users.error) { throw users.error; }
+    let results = { total: users.hits.total, results: [] };
+    for (let i = 0, ilen = users.hits.hits.length; i < ilen; i++) {
+      let fields = users.hits.hits[i]._source || users.hits.hits[i].fields;
+      fields.id = users.hits.hits[i]._id;
+      fields.expression = fields.expression || '';
+      fields.headerAuthEnabled = fields.headerAuthEnabled || false;
+      fields.emailSearch = fields.emailSearch || false;
+      fields.removeEnabled = fields.removeEnabled || false;
+      fields.userName = safeStr(fields.userName || '');
+      fields.packetSearch = fields.packetSearch || false;
+      fields.timeLimit = fields.timeLimit || undefined;
+      results.results.push(fields);
+    }
+
+    let r = {
+      recordsTotal: total.count,
+      recordsFiltered: results.total,
+      data: results.results
+    };
+
+    res.send(r);
+  }).catch((err) => {
+    console.log('ERROR - /user/list', err);
+    return res.send({recordsTotal: 0, recordsFiltered: 0, data: []});
+  });
+});
+
+app.post('/user/create', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
+  if (!req.body || !req.body.userId || !req.body.userName || !req.body.password) {
+    return res.molochError(403, 'Missing/Empty required fields');
+  }
+
+  if (req.body.userId.match(/[^@\w.-]/)) {
+    return res.molochError(403, 'User ID must be word characters');
+  }
+
+  if (req.body.userId === '_moloch_shared') {
+    return res.molochError(403, 'User ID cannot be the same as the shared moloch user');
+  }
+
+  Db.getUser(req.body.userId, function(err, user) {
+    if (!user || user.found) {
+      console.log('Trying to add duplicate user', err, user);
+      return res.molochError(403, 'User already exists');
+    }
+
+    let nuser = {
+      userId: req.body.userId,
+      userName: req.body.userName,
+      expression: req.body.expression,
+      passStore: Config.pass2store(req.body.userId, req.body.password),
+      enabled: req.body.enabled === true,
+      webEnabled: req.body.webEnabled === true,
+      emailSearch: req.body.emailSearch === true,
+      headerAuthEnabled: req.body.headerAuthEnabled === true,
+      createEnabled: req.body.createEnabled === true,
+      removeEnabled: req.body.removeEnabled === true,
+      packetSearch: req.body.packetSearch === true,
+      timeLimit: req.body.timeLimit,
+      hideStats: req.body.hideStats === true,
+      hideFiles: req.body.hideFiles === true,
+      hidePcap: req.body.hidePcap === true,
+      disablePcapDownload: req.body.disablePcapDownload === true,
+      welcomeMsgNum: 0
+    };
+
+    // console.log('Creating new user', nuser);
+    Db.setUser(req.body.userId, nuser, function(err, info) {
+      if (!err) {
+        return res.send(JSON.stringify({success: true, text:'User created succesfully'}));
+      } else {
+        console.log('ERROR - add user', err, info);
+        return res.molochError(403, err);
+      }
+    });
+  });
+});
+
+app.put('/user/:userId/acknowledgeMsg', [noCacheJson, logAction(), checkCookieToken], function (req, res) {
+  if (!req.body.msgNum) {
+    return res.molochError(403, 'Message number required');
+  }
+
+  if (req.params.userId !== req.user.userId) {
+    return res.molochError(403, 'Can not change other users msg');
+  }
+
+  Db.getUser(req.params.userId, function (err, user) {
+    if (err || !user.found) {
+      console.log('update user failed', err, user);
+      return res.molochError(403, 'User not found');
+    }
+    user = user._source;
+
+    user.welcomeMsgNum = parseInt(req.body.msgNum);
+
+    Db.setUser(req.params.userId, user, function (err, info) {
+      if (Config.debug) {
+        console.log('setUser', user, err, info);
+      }
+      return res.send(JSON.stringify({
+        success: true,
+        text: `User, ${req.params.userId}, dismissed message ${req.body.msgNum}`
+      }));
+    });
+  });
+});
+
+app.post('/user/delete', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
+  if (req.body.userId === req.user.userId) {
+    return res.molochError(403, 'Can not delete yourself');
+  }
+
+  Db.deleteUser(req.body.userId, function(err, data) {
+    setTimeout(function () {
+      res.send(JSON.stringify({success: true, text: 'User deleted successfully'}));
+    }, 200);
+  });
+});
+
+app.post('/user/update', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
+  if (req.body.userId === undefined) {
+    return res.molochError(403, 'Missing userId');
+  }
+
+  if (req.body.userId === "_moloch_shared") {
+    return res.molochError(403, '_moloch_shared is a shared user. This users settings cannot be updated');
+  }
+
+  /*if (req.params.userId === req.user.userId && req.query.createEnabled !== undefined && req.query.createEnabled !== "true") {
+    return res.send(JSON.stringify({success: false, text: "Can not turn off your own admin privileges"}));
+  }*/
+
+  Db.getUser(req.body.userId, function(err, user) {
+    if (err || !user.found) {
+      console.log('update user failed', err, user);
+      return res.molochError(403, 'User not found');
+    }
+    user = user._source;
+
+    user.enabled = req.body.enabled === true;
+
+    if (req.body.expression !== undefined) {
+      if (req.body.expression.match(/^\s*$/)) {
+        delete user.expression;
+      } else {
+        user.expression = req.body.expression;
+      }
+    }
+
+    if (req.body.userName !== undefined) {
+      if (req.body.userName.match(/^\s*$/)) {
+        console.log("ERROR - empty username", req.body);
+        return res.molochError(403, 'Username can not be empty');
+      } else {
+        user.userName = req.body.userName;
+      }
+    }
+
+    user.webEnabled = req.body.webEnabled === true;
+    user.emailSearch = req.body.emailSearch === true;
+    user.headerAuthEnabled = req.body.headerAuthEnabled === true;
+    user.removeEnabled = req.body.removeEnabled === true;
+    user.packetSearch = req.body.packetSearch === true;
+    user.hideStats = req.body.hideStats === true;
+    user.hideFiles = req.body.hideFiles === true;
+    user.hidePcap = req.body.hidePcap === true;
+    user.disablePcapDownload = req.body.disablePcapDownload === true;
+    user.timeLimit = req.body.timeLimit ? parseInt(req.body.timeLimit) : undefined;
+
+    // Can only change createEnabled if it is currently turned on
+    if (req.body.createEnabled !== undefined && req.user.createEnabled) {
+      user.createEnabled = req.body.createEnabled === true;
+    }
+
+    Db.setUser(req.body.userId, user, function(err, info) {
+      if (Config.debug) {
+        console.log("setUser", user, err, info);
+      }
+      return res.send(JSON.stringify({success: true, text:'User "' + req.body.userId + '" updated successfully'}));
+    });
+  });
+});
+
+app.post('/state/:name', [noCacheJson, checkCookieToken, logAction()], (req, res) => {
+  Db.getUser(req.user.userId, function(err, user) {
+    if (err || !user.found) {
+      console.log("save state failed", err, user);
+      return res.molochError(403, "Unknown user");
+    }
+    user = user._source;
+
+    if (!user.tableStates) {
+      user.tableStates = {};
+    }
+    user.tableStates[req.params.name] = req.body;
+    Db.setUser(user.userId, user, function(err, info) {
+      if (err) {
+        console.log("state error", err, info);
+        return res.molochError(403, "state update failed");
+      }
+      return res.send(JSON.stringify({success: true, text: "updated state successfully"}));
+    });
+  });
+});
+
+app.get('/state/:name', [noCacheJson], function(req, res) {
+  if (!req.user.tableStates || !req.user.tableStates[req.params.name]) {
+    return res.send("{}");
+  }
+
+  // Fix for new names
+  if (req.params.name === "sessionsNew" && req.user.tableStates && req.user.tableStates.sessionsNew) {
+    let item = req.user.tableStates.sessionsNew;
+    if (item.visibleHeaders) {
+      item.visibleHeaders = item.visibleHeaders.map(oldDB2newDB);
+    }
+    if (item.order && item.order.length > 0) {
+      item.order[0][0] = oldDB2newDB(item.order[0][0]);
+    }
+  }
+
+  return res.send(req.user.tableStates[req.params.name]);
+});
+
+//////////////////////////////////////////////////////////////////////////////////
+//// Session Add/Remove Tags
+//////////////////////////////////////////////////////////////////////////////////
+function addTagsList (allTagNames, sessionList, doneCb) {
+  if (!sessionList.length) {
+    console.log('No sessions to add tags to');
+    return doneCb(null);
+  }
+
+  async.eachLimit(sessionList, 10, function (session, nextCb) {
+    if (!session._source && !session.fields) {
+      console.log('No Fields', session);
+      return nextCb(null);
+    }
+
+    let node = (Config.get('multiES', false) && session._node) ? session._node : undefined;
+
+    Db.addTagsToSession(session._index, session._id, allTagNames, node, function (err, data) {
+      if (err) { console.log('addTagsList error', session, err, data); }
+      nextCb(null);
+    });
+  }, doneCb);
+}
+
+function removeTagsList(res, allTagNames, sessionList) {
+  if (!sessionList.length) {
+    return res.molochError(200, 'No sessions to remove tags from');
+  }
+
+  async.eachLimit(sessionList, 10, function(session, nextCb) {
+    if (!session._source && !session.fields) {
+      console.log('No Fields', session);
+      return nextCb(null);
+    }
+
+    let node = (Config.get('multiES', false) && session._node) ? session._node : undefined;
+
+    Db.removeTagsFromSession(session._index, session._id, allTagNames, node, function (err, data) {
+      if (err) { console.log('removeTagsList error', session, err, data); }
+      nextCb(null);
+    });
+  }, function (err) {
+    return res.send(JSON.stringify({success: true, text: 'Tags removed successfully'}));
+  });
+}
+
+app.post('/addTags', [noCacheJson, checkHeaderToken, logAction()], function(req, res) {
+  var tags = [];
+  if (req.body.tags) {
+    tags = req.body.tags.replace(/[^-a-zA-Z0-9_:,]/g, "").split(",");
+  }
+
+  if (tags.length === 0) { return res.molochError(200, "No tags specified"); }
+
+  if (req.body.ids) {
+    var ids = queryValueToArray(req.body.ids);
+
+    sessionsListFromIds(req, ids, ["tags", "node"], function(err, list) {
+      if (!list.length) {
+        return res.molochError(200, 'No sessions to add tags to');
+      }
+      addTagsList(tags, list, function () {
+        return res.send(JSON.stringify({success: true, text: "Tags added successfully"}));
+      });
+    });
+  } else {
+    sessionsListFromQuery(req, res, ["tags", "node"], function(err, list) {
+      if (!list.length) {
+        return res.molochError(200, 'No sessions to add tags to');
+      }
+      addTagsList(tags, list, function () {
+        return res.send(JSON.stringify({success: true, text: "Tags added successfully"}));
+      });
+    });
+  }
+});
+
+app.post('/removeTags', [noCacheJson, checkHeaderToken, logAction(), checkPermissions(['removeEnabled'])], (req, res) => {
+  var tags = [];
+  if (req.body.tags) {
+    tags = req.body.tags.replace(/[^-a-zA-Z0-9_:,]/g, "").split(",");
+  }
+
+  if (tags.length === 0) { return res.molochError(200, "No tags specified"); }
+
+  if (req.body.ids) {
+    var ids = queryValueToArray(req.body.ids);
+
+    sessionsListFromIds(req, ids, ["tags"], function(err, list) {
+      removeTagsList(res, tags, list);
+    });
+  } else {
+    sessionsListFromQuery(req, res, ["tags"], function(err, list) {
+      removeTagsList(res, tags, list);
+    });
+  }
+});
+
+//////////////////////////////////////////////////////////////////////////////////
+//// Packet Search
+//////////////////////////////////////////////////////////////////////////////////
+function packetSearch (packet, options) {
+  let found = false;
+
+  switch (options.searchType) {
+    case 'asciicase':
+      if (packet.toString().includes(options.search)) {
+        found = true;
+      }
+      break;
+    case 'ascii':
+      if (packet.toString().toLowerCase().includes(options.search.toLowerCase())) {
+        found = true;
+      }
+      break;
+    case 'regex':
+      if (options.regex && packet.toString().match(options.regex)) {
+        found = true;
+      }
+      break;
+    case 'hex':
+      if (packet.toString('hex').includes(options.search)) {
+        found = true;
+      }
+      break;
+    case 'hexregex':
+      if (options.regex && packet.toString('hex').match(options.regex)) {
+        found = true;
+      }
+      break;
+    default:
+      console.log('Invalid hunt search type');
+  }
+
+  return found;
+}
+
+function sessionHunt (sessionId, options, cb) {
+  if (options.type === 'reassembled') {
+    processSessionIdAndDecode(sessionId, options.size || 10000, function (err, session, packets) {
+      if (err) {
+        return cb(null, false);
+      }
+
+      let i = 0;
+      let increment = 1;
+      let len = packets.length;
+
+      if (options.src && !options.dst) {
+        increment = 2;
+      } else if (options.dst && !options.src) {
+        i = 1;
+        increment = 2;
+      }
+
+      for (i; i < len; i+=increment) {
+        if (packetSearch(packets[i].data, options)) { return cb(null, true); }
+      }
+
+      return cb(null, false);
+    });
+  } else if (options.type === 'raw') {
+    let packets = [];
+    processSessionId(sessionId, true, null, function (pcap, buffer, cb, i) {
+      if (options.src === options.dst) {
+        packets.push(buffer);
+      } else {
+          let packet = {};
+          pcap.decode(buffer, packet);
+          packet.data = buffer.slice(16);
+          packets.push(packet);
+      }
+      cb(null);
+    }, function(err, session) {
+      if (err) {
+        return cb(null, false);
+      }
+
+      let len = packets.length;
+      if (options.src === options.dst) {
+        // If search both src/dst don't need to check key
+        for (let i = 0; i < len; i++) {
+          if (packetSearch(packets[i], options)) { return cb(null, true); }
+        }
+      } else {
+        // If searching src NOR dst need to check key
+        let skey = Pcap.keyFromSession(session);
+        for (let i = 0; i < len; i++) {
+          let key = Pcap.key(packets[i]);
+          let isSrc = key === skey;
+          if (options.src && isSrc) {
+            if (packetSearch(packets[i].data, options)) { return cb(null, true); }
+          } else if (options.dst && !isSrc) {
+            if (packetSearch(packets[i].data, options)) { return cb(null, true); }
+          }
+        }
+      }
+      return cb(null, false);
+    },
+    options.size || 10000, 10);
+  }
+}
+
+function pauseHuntJobWithError (huntId, hunt, error, node) {
+  let errorMsg = `${hunt.name} (${huntId}) hunt ERROR: ${error.value}.`;
+  if (node) {
+    errorMsg += ` On ${node} node`;
+    error.node = node;
+  }
+
+  console.log(errorMsg);
+
+  error.time = Math.floor(Date.now() / 1000);
+
+  hunt.status = 'paused';
+
+  if (!hunt.errors) {
+    hunt.errors = [ error ];
+  } else {
+    hunt.errors.push(error);
+  }
+
+  function continueProcess () {
+    Db.setHunt(huntId, hunt, (err, info) => {
+      internals.runningHuntJob = undefined;
+      if (err) {
+        console.log('Error adding errors and pausing hunt job', err, info);
+        return;
+      }
+      processHuntJobs();
+    });
+  }
+
+  let message = `*${hunt.name}* hunt job paused with error: *${error.value}*\n*${hunt.matchedSessions}* matched sessions out of *${hunt.searchedSessions}* searched sessions`;
+  issueAlert(hunt.notifier, message, continueProcess);
+}
+
+function updateHuntStats (hunt, huntId, session, searchedSessions, cb) {
+  // update the hunt with number of matchedSessions and searchedSessions
+  // and the date of the first packet of the last searched session
+  let lastPacketTime = session.lastPacket;
+  let now = Math.floor(Date.now() / 1000);
+
+  if ((now - hunt.lastUpdated) >= 2) { // only update every 2 seconds
+    Db.get('hunts', 'hunt', huntId, (err, huntHit) => {
+      if (!huntHit || !huntHit.found) { // hunt hit not found, likely deleted
+        return cb('undefined');
+      }
+
+      if (err) {
+        let errorText = `Error finding hunt: ${hunt.name} (${huntId}): ${err}`;
+        pauseHuntJobWithError(huntId, hunt, { value: errorText });
+        return cb({ success: false, text: errorText });
+      }
+
+      hunt.status = huntHit._source.status;
+      hunt.lastUpdated = now;
+      hunt.searchedSessions = searchedSessions;
+      hunt.lastPacketTime = lastPacketTime;
+
+      Db.setHunt(huntId, hunt, () => {});
+
+      if (hunt.status === 'paused') {
+        return cb('paused');
+      } else {
+        return cb(null);
+      }
+    });
+  } else {
+    return cb(null);
+  }
+}
+
+function updateSessionWithHunt (session, sessionId, hunt, huntId) {
+  Db.addHuntToSession(Db.sid2Index(sessionId), Db.sid2Id(sessionId), huntId, hunt.name, (err, data) => {
+    if (err) { console.log('add hunt info error', session, err, data); }
+  });
+}
+
+function buildHuntOptions (hunt) {
+  let options = {
+    src: hunt.src,
+    dst: hunt.dst,
+    size: hunt.size,
+    type: hunt.type,
+    search: hunt.search,
+    searchType: hunt.searchType
+  };
+
+  if (hunt.searchType === 'regex' || hunt.searchType === 'hexregex') {
+    try {
+      options.regex = new RE2(hunt.search);
+    } catch (e) {
+      pauseHuntJobWithError(hunt.huntId, hunt, { value: `Hunt error with regex: ${e}` });
+    }
+  }
+
+  return options;
+}
+
+// Actually do the search against ES and process the results.
+function runHuntJob (huntId, hunt, query, user) {
+  let options = buildHuntOptions(hunt);
+  let searchedSessions;
+
+  Db.search('sessions2-*', 'session', query, {scroll: '600s'}, function getMoreUntilDone (err, result) {
+    if (err || result.error) {
+      pauseHuntJobWithError(huntId, hunt, { value: `Hunt error searching sessions: ${err}` });
+      return;
+    }
+
+    let hits = result.hits.hits;
+
+    if (searchedSessions === undefined) {
+      searchedSessions = hunt.searchedSessions || 0;
+      // if the session query results length is not equal to the total sessions that the hunt
+      // job is searching, update the hunt total sessions so that the percent works correctly
+      if (hunt.totalSessions !== (result.hits.total + searchedSessions)) {
+        hunt.totalSessions = result.hits.total + searchedSessions;
+      }
+    }
+
+    async.forEachLimit(hits, 3, function (hit, cb) {
+      searchedSessions++;
+      let session = hit._source;
+      let sessionId = Db.session2Sid(hit);
+      let node = session.node;
+
+      isLocalView(node, function () {
+        sessionHunt(sessionId, options, function (err, matched) {
+          if (err) {
+            return pauseHuntJobWithError(huntId, hunt, { value: `Hunt error searching session (${sessionId}): ${err}` }, node);
+          }
+
+          if (matched) {
+            hunt.matchedSessions++;
+            updateSessionWithHunt(session, sessionId, hunt, huntId);
+          }
+
+          updateHuntStats(hunt, huntId, session, searchedSessions, cb);
+        });
+      },
+      function () { // Check Remotely
+        let path = `${node}/hunt/${huntId}/remote/${sessionId}`;
+
+        makeRequest (node, path, user, (err, response) => {
+          if (err) {
+            return pauseHuntJobWithError(huntId, hunt, { value: `Error hunting on remote viewer: ${err}` }, node);
+          }
+          let json = JSON.parse(response);
+          if (json.error) {
+            console.log(`Error hunting on remote viewer: ${json.error} - ${path}`);
+            return pauseHuntJobWithError(huntId, hunt, { value: `Error hunting on remote viewer: ${json.error}` }, node);
+          }
+          if (json.matched) { hunt.matchedSessions++; }
+          return updateHuntStats(hunt, huntId, session, searchedSessions, cb);
+        });
+      });
+    }, function (err) { // done running this section of hunt job
+
+      // Some kind of error, stop now
+      if (err === 'paused' || err === 'undefined') {
+        internals.runningHuntJob = undefined;
+        return;
+      }
+
+      // There might be more, issue another scroll
+      if (result.hits.hits.length !== 0) {
+        return Db.scroll({ body: { scroll_id: result._scroll_id }, scroll: '600s' }, getMoreUntilDone);
+      }
+
+      Db.clearScroll({ body: { scroll_id: result._scroll_id } });
+
+      // We are totally done with this hunt
+      hunt.status = 'finished';
+      hunt.searchedSessions = hunt.totalSessions;
+
+      function continueProcess () {
+        Db.setHunt(huntId, hunt, (err, info) => {
+          internals.runningHuntJob = undefined;
+          processHuntJobs(); // Start new hunt
+        });
+      }
+
+      if (hunt.notifier) {
+        let message = `*${hunt.name}* hunt job finished:\n*${hunt.matchedSessions}* matched sessions out of *${hunt.searchedSessions}* searched sessions`;
+        issueAlert(hunt.notifier, message, continueProcess);
+      } else {
+        return continueProcess();
+      }
+    });
+  });
+}
+
+
+// Do the house keeping before actually running the hunt job
+function processHuntJob (huntId, hunt) {
+  let now = Math.floor(Date.now() / 1000);
+
+  hunt.lastUpdated = now;
+  if (!hunt.started) { hunt.started = now; }
+
+  Db.setHunt(huntId, hunt, (err, info) => {
+    if (err) {
+      pauseHuntJobWithError(huntId, hunt, { value: `Error starting hunt job: ${err} ${info}` });
+      return;
+    }
+  });
+
+  getUserCacheIncAnon(hunt.userId, (err, user) => {
+    if (err && !user) {
+      pauseHuntJobWithError(huntId, hunt, { value: err });
+      return;
+    }
+    if (!user || !user.found) {
+      pauseHuntJobWithError(huntId, hunt, { value: `User ${hunt.userId} doesn't exist` });
+      return;
+    }
+    if (!user.enabled) {
+      pauseHuntJobWithError(huntId, hunt, { value: `User ${hunt.userId} is not enabled` });
+      return;
+    }
+
+    Db.getLookupsCache(hunt.userId, (err, lookups) => {
+      let fakeReq = {
+        user: user,
+        query: {
+          from: 0,
+          size: 100, // only fetch 100 items at a time
+          _source: ['_id', 'node'],
+          sort: 'lastPacket:asc'
+        }
+      };
+
+      if (hunt.query.expression) {
+        fakeReq.query.expression = hunt.query.expression;
+      }
+
+      if (hunt.query.view) {
+        fakeReq.query.view = hunt.query.view;
+      }
+
+      buildSessionQuery(fakeReq, (err, query, indices) => {
+        if (err) {
+          pauseHuntJobWithError(huntId, hunt, {
+            value: 'Fatal Error: Session query expression parse error. Fix your search expression and create a new hunt.'
+          });
+          return;
+        }
+
+        // get the size of the query if it is being restarted
+        if (hunt.lastPacketTime) {
+          query.size = hunt.totalSessions - hunt.searchedSessions;
+        }
+
+        lookupQueryItems(query.query.bool.filter, (lerr) => {
+          query.query.bool.filter[0] = {
+            range: {
+              lastPacket: {
+                gte: hunt.lastPacketTime || hunt.query.startTime * 1000,
+                lt: hunt.query.stopTime * 1000
+              }
+            }
+          };
+
+          query._source = ['lastPacket', 'node', 'huntId', 'huntName'];
+
+          if (Config.debug > 2) {
+            console.log('HUNT', hunt.name, hunt.userId, '- start:', new Date(hunt.lastPacketTime || hunt.query.startTime * 1000), 'stop:', new Date(hunt.query.stopTime * 1000));
+          }
+
+          // do sessions query
+          runHuntJob(huntId, hunt, query, user);
+        });
+      });
+    });
+  });
+}
+
+// Kick off the process of running a hunt job
+// cb is optional and is called either when a job has been started or end of function
+function processHuntJobs (cb) {
+  if (Config.debug) {
+    console.log('HUNT - processing hunt jobs');
+  }
+
+  if (internals.runningHuntJob) { return (cb ? cb() : null); }
+  internals.runningHuntJob = true;
+
+  let query = {
+    size: 10000,
+    sort: { created: { order: 'asc' } },
+    query: { terms: { status: ['queued', 'paused', 'running'] } }
+  };
+
+  Db.searchHunt(query)
+    .then((hunts) => {
+      if (hunts.error) { throw hunts.error; }
+
+      for (let i = 0, ilen = hunts.hits.hits.length; i < ilen; i++) {
+        var hit = hunts.hits.hits[i];
+        var hunt = hit._source;
+        let id = hit._id;
+
+        if (hunt.status === 'running') { // there is a job already running
+          internals.runningHuntJob = hunt;
+          if (!internals.proccessHuntJobsInitialized) {
+            internals.proccessHuntJobsInitialized = true;
+            // restart the abandoned hunt
+            processHuntJob(id, hunt);
+          }
+          return (cb ? cb() : null);
+        } else if (hunt.status === 'queued') { // get the first queued hunt
+          internals.runningHuntJob = hunt;
+          hunt.status = 'running'; // update the hunt job
+          processHuntJob(id, hunt);
+          return (cb ? cb() : null);
+        }
+      }
+
+      // Made to the end without starting a job
+      internals.proccessHuntJobsInitialized = true;
+      internals.runningHuntJob = undefined;
+      return (cb?cb():null);
+    }).catch(err => {
+      console.log('Error fetching hunt jobs', err);
+      return (cb?cb():null);
+    });
+}
+
+function updateHuntStatus (req, res, status, successText, errorText) {
+  Db.get('hunts', 'hunt', req.params.id, (err, hit) => {
+    if (err) {
+      console.log(errorText, err, hit);
+      return res.molochError(500, errorText);
+    }
+
+    // don't let a user play a hunt job if one is already running
+    if (status === 'running' && internals.runningHuntJob) {
+      return res.molochError(403, 'You cannot start a new hunt until the running job completes or is paused.');
+    }
+
+    let hunt = hit._source;
+
+    // if hunt is finished, don't allow pause
+    if (hunt.status === 'finished' && status === 'paused') {
+      return res.molochError(403, 'You cannot pause a completed hunt.');
+    }
+
+    // clear the running hunt job if this is it
+    if (hunt.status === 'running') { internals.runningHuntJob = undefined; }
+    hunt.status = status; // update the hunt job
+
+    Db.setHunt(req.params.id, hunt, (err, info) => {
+      if (err) {
+        console.log(errorText, err, info);
+        return res.molochError(500, errorText);
+      }
+      res.send(JSON.stringify({success: true, text: successText}));
+      processHuntJobs();
+    });
+  });
+}
+
+app.post('/hunt', [noCacheJson, logAction('hunt'), checkCookieToken, checkPermissions(['packetSearch'])], (req, res) => {
+  // make sure viewer is not multi
+  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
+  // make sure all the necessary data is included in the post body
+  if (!req.body.hunt) { return res.molochError(403, 'You must provide a hunt object'); }
+  if (!req.body.hunt.totalSessions) { return res.molochError(403, 'This hunt does not apply to any sessions'); }
+  if (!req.body.hunt.name) { return res.molochError(403, 'Missing hunt name'); }
+  if (!req.body.hunt.size) { return res.molochError(403, 'Missing max mumber of packets to examine per session'); }
+  if (!req.body.hunt.search) { return res.molochError(403, 'Missing packet search text'); }
+  if (!req.body.hunt.src && !req.body.hunt.dst) {
+    return res.molochError(403, 'The hunt must search source or destination packets (or both)');
+  }
+  if (!req.body.hunt.query) { return res.molochError(403, 'Missing query'); }
+  if (req.body.hunt.query.startTime === undefined || req.body.hunt.query.stopTime === undefined) {
+    return res.molochError(403, 'Missing fully formed query (must include start time and stop time)');
+  }
+
+  let searchTypes = [ 'ascii', 'asciicase', 'hex', 'wildcard', 'regex', 'hexregex' ];
+  if (!req.body.hunt.searchType) { return res.molochError(403, 'Missing packet search text type'); }
+  else if (searchTypes.indexOf(req.body.hunt.searchType) === -1) {
+    return res.molochError(403, 'Improper packet search text type. Must be "ascii", "asciicase", "hex", "wildcard", "hexregex", or "regex"');
+  }
+
+  if (!req.body.hunt.type) { return res.molochError(403, 'Missing packet search type (raw or reassembled packets)'); }
+  else if (req.body.hunt.type !== 'raw' && req.body.hunt.type !== 'reassembled') {
+    return res.molochError(403, 'Improper packet search type. Must be "raw" or "reassembled"');
+  }
+
+  let limit = req.user.createEnabled ? Config.get('huntAdminLimit', 10000000) : Config.get('huntLimit', 1000000);
+  if (parseInt(req.body.hunt.totalSessions) > limit) {
+    return res.molochError(403, `This hunt applies to too many sessions. Narrow down your session search to less than ${limit} first.`);
+  }
+
+  let now = Math.floor(Date.now() / 1000);
+
+  req.body.hunt.name = req.body.hunt.name.replace(/[^-a-zA-Z0-9_: ]/g, '');
+
+  let hunt = req.body.hunt;
+  hunt.created = now;
+  hunt.status = 'queued'; // always starts as queued
+  hunt.userId = req.user.userId;
+  hunt.matchedSessions = 0; // start with no matches
+  hunt.searchedSessions = 0; // start with no sessions searched
+  hunt.query = { // only use the necessary query items
+    expression: req.body.hunt.query.expression,
+    startTime: req.body.hunt.query.startTime,
+    stopTime: req.body.hunt.query.stopTime,
+    view: req.body.hunt.query.view
+  };
+
+  Db.createHunt(hunt, function (err, result) {
+    if (err) { console.log('create hunt error', err, result); }
+    hunt.id = result._id;
+    processHuntJobs( () => {
+      return res.send(JSON.stringify({ success: true, hunt: hunt }));
+    });
+  });
+});
+
+app.get('/hunt/list', [noCacheJson, recordResponseTime, checkPermissions(['packetSearch']), setCookie], (req, res) => {
+  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
+
+  let query = {
+    sort: {},
+    from: parseInt(req.query.start) || 0,
+    size: parseInt(req.query.length) || 10000,
+    query: { bool: { must: [] } }
+  };
+
+  query.sort[req.query.sortField || 'created'] = { order: req.query.desc === 'true' ? 'desc': 'asc'};
+
+  if (req.query.history) { // only get finished jobs
+    query.query.bool.must.push({ term: { status: 'finished' } });
+    if (req.query.searchTerm) { // apply search term
+      query.query.bool.must.push({
+        query_string: {
+          query : req.query.searchTerm,
+          fields: ['name', 'userId']
+        }
+      });
+    }
+  } else { // get queued, paused, and running jobs
+    query.from = 0;
+    query.size = 1000;
+    query.query.bool.must.push({ terms: { status: ['queued', 'paused', 'running'] } });
+  }
+
+  if (Config.debug) {
+    console.log('hunt query:', JSON.stringify(query, null, 2));
+  }
+
+  Promise.all([Db.searchHunt(query),
+               Db.numberOfHunts()])
+    .then(([hunts, total]) => {
+      if (hunts.error) { throw hunts.error; }
+
+      let runningJob;
+
+      let results = { total: hunts.hits.total, results: [] };
+      for (let i = 0, ilen = hunts.hits.hits.length; i < ilen; i++) {
+        const hit = hunts.hits.hits[i];
+        let hunt = hit._source;
+        hunt.id = hit._id;
+        hunt.index = hit._index;
+        // don't add the running job to the queue
+        if (internals.runningHuntJob && hunt.status === 'running') {
+          runningJob = hunt;
+          continue;
+        }
+
+        // Since hunt isn't cached we can just modify
+        if (!req.user.createEnabled && req.user.userId !== hunt.userId) {
+          hunt.search = '';
+          hunt.searchType = '';
+          hunt.id = '';
+          hunt.userId = '';
+          delete hunt.query;
+        }
+        results.results.push(hunt);
+      }
+
+      const r = {
+        recordsTotal: total.count,
+        recordsFiltered: results.total,
+        data: results.results,
+        runningJob: runningJob
+      };
+
+      res.send(r);
+    }).catch(err => {
+      console.log('ERROR - /hunt/list', err);
+      return res.molochError(500, 'Error retrieving hunts - ' + err);
+    });
+});
+
+app.delete('/hunt/:id', [noCacheJson, logAction('hunt/:id'), checkCookieToken, checkPermissions(['packetSearch']), checkHuntAccess], (req, res) => {
+  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
+
+  Db.deleteHuntItem(req.params.id, function (err, result) {
+    if (err || result.error) {
+      console.log('ERROR - deleting hunt item', err || result.error);
+      return res.molochError(500, 'Error deleting hunt item');
+    } else {
+      res.send(JSON.stringify({success: true, text: 'Deleted hunt item successfully'}));
+    }
+  });
+});
+
+app.put('/hunt/:id/pause', [noCacheJson, logAction('hunt/:id/pause'), checkCookieToken, checkPermissions(['packetSearch']), checkHuntAccess], (req, res) => {
+  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
+  updateHuntStatus(req, res, 'paused', 'Paused hunt item successfully', 'Error pausing hunt job');
+});
+
+app.put('/hunt/:id/play', [noCacheJson, logAction('hunt/:id/play'), checkCookieToken, checkPermissions(['packetSearch']), checkHuntAccess], (req, res) => {
+  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
+  updateHuntStatus(req, res, 'queued', 'Queued hunt item successfully', 'Error starting hunt job');
+});
+
+app.get('/:nodeName/hunt/:huntId/remote/:sessionId', [noCacheJson], function (req, res) {
+  let huntId = req.params.huntId;
+  let sessionId = req.params.sessionId;
+
+  // fetch hunt and session
+  Promise.all([Db.get('hunts', 'hunt', huntId),
+               Db.get(Db.sid2Index(sessionId), 'session', Db.sid2Id(sessionId))])
+    .then(([hunt, session]) => {
+      if (hunt.error || session.error) { res.send({ matched: false }); }
+
+      hunt = hunt._source;
+      session = session._source;
+
+      let options = buildHuntOptions(hunt);
+
+      sessionHunt(sessionId, options, function (err, matched) {
+        if (err) {
+          return res.send({ matched: false, error: err });
+        }
+
+        if (matched) {
+          updateSessionWithHunt(session, sessionId, hunt, huntId);
+        }
+
+        return res.send({ matched: matched });
+      });
+    }).catch((err) => {
+      console.log('ERROR - hunt/remote', err);
+      res.send({ matched: false, error: err });
+    });
+});
+
+
+//////////////////////////////////////////////////////////////////////////////////
+//// Lookups
+//////////////////////////////////////////////////////////////////////////////////
+let lookupMutex = new Mutex();
+
+app.get('/lookups', [noCacheJson, getSettingUserCache, recordResponseTime], function (req, res) {
+  // return nothing if we can't find the user
+  const user = req.settingUser;
+  if (!user) { return res.send({}); }
+
+  const map = req.query.map && req.query.map === 'true';
+
+  // only get lookups for setting user or shared
+  let query = {
+    query: {
+      bool: {
+        must: [
+          {
+            bool: {
+              should: [
+                { term: { shared: true } },
+                { term: { userId: req.settingUser.userId } }
+              ]
+            }
+          }
+        ]
+
+      }
+    },
+    sort: {},
+    size: req.query.length || 50,
+    from: req.query.start || 0
+  };
+
+  query.sort[req.query.sort || 'name'] = {
+    order: req.query.desc === 'true' ? 'desc' : 'asc'
+  };
+
+  if (req.query.searchTerm) {
+    query.query.bool.must.push({
+      wildcard: { name: '*' + req.query.searchTerm + '*' }
+    });
+  }
+
+  // if fieldType exists, filter it
+  if (req.query.fieldType) {
+    const fieldType = internals.lookupTypeMap[req.query.fieldType];
+
+    if (fieldType) {
+      query.query.bool.must.push({
+        exists: { field: fieldType }
+      });
+    }
+  }
+
+  Promise.all([
+    Db.searchLookups(query),
+    Db.numberOfDocuments('lookups')
+  ]).then(([lookups, total]) => {
+    if (lookups.error) { throw lookups.error; }
+
+    let results = { list: [], map: {} };
+    for (const hit of lookups.hits.hits) {
+      let lookup = hit._source;
+      lookup.id = hit._id;
+
+      if (lookup.number) {
+        lookup.type = 'number';
+      } else if (lookup.ip) {
+        lookup.type = 'ip';
+      } else {
+        lookup.type = 'string';
+      }
+
+      const values = lookup[lookup.type];
+
+      if (req.query.fieldFormat && req.query.fieldFormat === 'true') {
+        const name = `$${lookup.name}`;
+        lookup.exp = name;
+        lookup.dbField = name;
+        lookup.help = lookup.description ?
+          `${lookup.description}: ${values.join(', ')}` :
+          `${values.join(',')}`;
+      }
+
+      lookup.value = values.join('\n');
+      delete lookup[lookup.type];
+
+      if (map) {
+        results.map[lookup.id] = lookup;
+      } else {
+        results.list.push(lookup);
+      }
+    }
+
+    const sendResults = map ? results.map : {
+      recordsTotal: total.count,
+      recordsFiltered: lookups.hits.total,
+      data: results.list
+    };
+
+    res.send(sendResults);
+  }).catch((err) => {
+    console.log('ERROR - /lookups', err);
+    return res.molochError(500, 'Error retrieving lookups - ' + err);
+  });
+});
+
+function createLookupsArray (lookupsString) {
+  // split string on commas and newlines
+  let values = lookupsString.split(/[,\n]+/g);
+
+  // remove any empty values
+  values = values.filter(function (val) {
+    return val !== '';
+  });
+
+  return values;
+}
+
+app.post('/lookups', [noCacheJson, getSettingUserDb, logAction('lookups'), checkCookieToken], function (req, res) {
+  // make sure all the necessary data is included in the post body
+  if (!req.body.var) { return res.molochError(403, 'Missing shortcut'); }
+  if (!req.body.var.name) { return res.molochError(403, 'Missing shortcut name'); }
+  if (!req.body.var.type) { return res.molochError(403, 'Missing shortcut type'); }
+  if (!req.body.var.value) { return res.molochError(403, 'Missing shortcut value'); }
+
+  req.body.var.name = req.body.var.name.replace(/[^-a-zA-Z0-9_]/g, '');
+
+  // return nothing if we can't find the user
+  const user = req.settingUser;
+  if (!user) { return res.send({}); }
+
+  const query = {
+    query: {
+      bool: {
+        must: [
+          { term: { name: req.body.var.name } }
+        ]
+      }
+    }
+  };
+
+  lookupMutex.lock().then(() => {
+    Db.searchLookups(query)
+      .then((lookups) => {
+        // search for lookup name collision
+        for (const hit of lookups.hits.hits) {
+          let lookup = hit._source;
+          if (lookup.name === req.body.var.name) {
+            lookupMutex.unlock();
+            return res.molochError(403, `A shortcut with the name, ${req.body.var.name}, already exists`);
+          }
+        }
+
+        let variable = req.body.var;
+        variable.userId = user.userId;
+
+        // comma/newline separated value -> array of values
+        const values = createLookupsArray(variable.value);
+        variable[variable.type] = values;
+
+        const type = variable.type;
+        delete variable.type;
+        delete variable.value;
+
+        Db.createLookup(variable, user.userId, function (err, result) {
+          if (err) {
+            console.log('shortcut create failed', err, result);
+            lookupMutex.unlock();
+            return res.molochError(500, 'Creating shortcut failed');
+          }
+          variable.id = result._id;
+          variable.type = type;
+          variable.value = values.join('\n');
+          delete variable.ip;
+          delete variable.string;
+          delete variable.number;
+          lookupMutex.unlock();
+          return res.send(JSON.stringify({ success: true, var: variable }));
+        });
+      }).catch((err) => {
+        console.log('ERROR - /lookups', err);
+        lookupMutex.unlock();
+        return res.molochError(500, 'Error creating lookup - ' + err);
+      });
+  });
+});
+
+app.put('/lookups/:id', [noCacheJson, getSettingUserDb, logAction('lookups/:id'), checkCookieToken], function (req, res) {
+  // make sure all the necessary data is included in the post body
+  if (!req.body.var) { return res.molochError(403, 'Missing shortcut'); }
+  if (!req.body.var.name) { return res.molochError(403, 'Missing shortcut name'); }
+  if (!req.body.var.type) { return res.molochError(403, 'Missing shortcut type'); }
+  if (!req.body.var.value) { return res.molochError(403, 'Missing shortcut value'); }
+
+  let sentVar = req.body.var;
+
+  Db.getLookup(req.params.id, (err, fetchedVar) => { // fetch variable
+    if (err) {
+      console.log('fetching shortcut to update failed', err, fetchedVar);
+      return res.molochError(500, 'Fetching shortcut to update failed');
+    }
+
+    if (fetchedVar._source.locked) {
+      return res.molochError(403, 'Locked Shortcut. Use db.pl script to update this shortcut.');
+    }
+
+    // only allow admins or lookup creator to update lookup item
+    if (!req.user.createEnabled && req.settingUser.userId !== fetchedVar._source.userId) {
+      return res.molochError(403, 'Permission denied');
+    }
+
+    // comma/newline separated value -> array of values
+    const values = createLookupsArray(sentVar.value);
+    sentVar[sentVar.type] = values;
+    sentVar.userId = fetchedVar._source.userId;
+
+    delete sentVar.type;
+    delete sentVar.value;
+
+    Db.setLookup(req.params.id, fetchedVar.userId, sentVar, (err, info) => {
+      if (err) {
+        console.log('shortcut update failed', err, info);
+        return res.molochError(500, 'Updating shortcut failed');
+      }
+
+      sentVar.value = values.join('\n');
+
+      return res.send(JSON.stringify({
+        success : true,
+        var     : sentVar,
+        text    : 'Successfully updated shortcut'
+      }));
+    });
+  });
+});
+
+app.delete('/lookups/:id', [noCacheJson, getSettingUserDb, logAction('lookups/:id'), checkCookieToken], function (req, res) {
+  Db.getLookup(req.params.id, (err, variable) => { // fetch variable
+    if (err) {
+      console.log('fetching shortcut to delete failed', err, variable);
+      return res.molochError(500, 'Fetching shortcut to delete failed');
+    }
+
+    // only allow admins or lookup creator to delete lookup item
+    if (!req.user.createEnabled && req.settingUser.userId !== variable._source.userId) {
+      return res.molochError(403, 'Permission denied');
+    }
+
+    Db.deleteLookup(req.params.id, variable.userId, function (err, result) {
+      if (err || result.error) {
+        console.log('ERROR - deleting shortcut', err || result.error);
+        return res.molochError(500, 'Error deleting shortcut');
+      } else {
+        res.send(JSON.stringify({success: true, text: 'Deleted shortcut successfully'}));
+      }
+    });
+  });
+});
+
+//////////////////////////////////////////////////////////////////////////////////
+//// SPI/PCAP Delete/Scrub
+//////////////////////////////////////////////////////////////////////////////////
+function pcapScrub(req, res, sid, whatToRemove, endCb) {
+  if (pcapScrub.scrubbingBuffers === undefined) {
+    pcapScrub.scrubbingBuffers = [Buffer.alloc(5000), Buffer.alloc(5000), Buffer.alloc(5000)];
+    pcapScrub.scrubbingBuffers[0].fill(0);
+    pcapScrub.scrubbingBuffers[1].fill(1);
+    const str = 'Scrubbed! Hoot! ';
+    for (let i = 0; i < 5000;) {
+      i += pcapScrub.scrubbingBuffers[2].write(str, i);
+    }
+  }
+
+  function processFile (pcap, pos, i, nextCb) {
+    pcap.ref();
+    pcap.readPacket(pos, function (packet) {
+      pcap.unref();
+      if (packet) {
+        if (packet.length > 16) {
+          try {
+            let obj = {};
+            pcap.decode(packet, obj);
+            pcap.scrubPacket(obj, pos, pcapScrub.scrubbingBuffers[0], whatToRemove === 'all');
+            pcap.scrubPacket(obj, pos, pcapScrub.scrubbingBuffers[1], whatToRemove === 'all');
+            pcap.scrubPacket(obj, pos, pcapScrub.scrubbingBuffers[2], whatToRemove === 'all');
+          } catch (e) {
+            console.log(`Couldn't scrub packet at ${pos} -`, e);
+          }
+          return nextCb(null);
+        } else {
+          console.log(`Couldn't scrub packet at ${pos}`);
+          return nextCb(null);
+        }
+      }
+    });
+  }
+
+  Db.getWithOptions(Db.sid2Index(sid), 'session', Db.sid2Id(sid), {_source: 'node,ipProtocol,packetPos'}, function (err, session) {
+    let fileNum;
+    let itemPos = 0;
+    const fields = session._source || session.fields;
+
+    if (whatToRemove === 'spi') { // just removing es data for session
+      Db.deleteDocument(session._index, 'session', session._id, function (err, data) {
+        return endCb(err, fields);
+      });
+    } else { // scrub the pcap
+      async.eachLimit(fields.packetPos, 10, function (pos, nextCb) {
+        if (pos < 0) {
+          fileNum = pos * -1;
+          return nextCb(null);
+        }
+
+        // Get the pcap file for this node a filenum, if it isn't opened then do the filename lookup and open it
+        let opcap = Pcap.get(`write${fields.node}:${fileNum}`);
+        if (!opcap.isOpen()) {
+          Db.fileIdToFile(fields.node, fileNum, function (file) {
+            if (!file) {
+              console.log(`WARNING - Only have SPI data, PCAP file no longer available.  Couldn't look up in file table ${fields.node}-${fileNum}`);
+              return nextCb(`Only have SPI data, PCAP file no longer available for ${fields.node}-${fileNum}`);
+            }
+
+            let ipcap = Pcap.get(`write${fields.node}:${file.num}`);
+
+            try {
+              ipcap.openReadWrite(file.name, file);
+            } catch (err) {
+              const errorMsg = `Couldn't open file for writing: ${err}`;
+              console.log(`Error - ${errorMsg}`);
+              return nextCb(errorMsg);
+            }
+
+            processFile(ipcap, pos, itemPos++, nextCb);
+          });
+        } else {
+          processFile(opcap, pos, itemPos++, nextCb);
+        }
+      },
+      function (pcapErr, results) {
+        if (whatToRemove === 'all') { // also remove the session data
+          Db.deleteDocument(session._index, 'session', session._id, function (err, data) {
+            return endCb(pcapErr, fields);
+          });
+        } else { // just set who/when scrubbed the pcap
+          // Do the ES update
+          const document = {
+            doc: {
+              scrubby: req.user.userId || '-',
+              scrubat: new Date().getTime()
+            }
+          };
+          Db.update(session._index, 'session', session._id, document, function (err, data) {
+            return endCb(pcapErr, fields);
+          });
+        }
+      });
+    }
+  });
+}
+
+app.get('/:nodeName/delete/:whatToRemove/:sid', [checkProxyRequest, checkPermissions(['removeEnabled'])], (req, res) => {
+  noCache(req, res);
+
+  res.statusCode = 200;
+
+  pcapScrub(req, res, req.params.sid, req.params.whatToRemove, (err) => {
+    res.end();
+  });
+});
+
+function scrubList(req, res, whatToRemove, list) {
+  if (!list) { return res.molochError(200, 'Missing list of sessions'); }
+
+  async.eachLimit(list, 10, function (item, nextCb) {
+    const fields = item._source || item.fields;
+
+    isLocalView(fields.node, function () {
+      // Get from our DISK
+      pcapScrub(req, res, Db.session2Sid(item), whatToRemove, nextCb);
+    },
+    function () {
+      // Get from remote DISK
+      let path = `${fields.node}/delete/${whatToRemove}/${Db.session2Sid(item)}`;
+      makeRequest(fields.node, path, req.user, function (err, response) {
+        setImmediate(nextCb);
+      });
+    });
+  }, function (err) {
+    let text;
+    if (whatToRemove === 'all') {
+      text = `Deletion PCAP and SPI of ${list.length} sessions complete. Give Elasticsearch 60 seconds to complete SPI deletion.`;
+    } else if (whatToRemove === 'spi') {
+      text = `Deletion SPI of ${list.length} sessions complete. Give Elasticsearch 60 seconds to complete SPI deletion.`;
+    } else {
+      text = `Scrubbing PCAP of ${list.length} sessions complete`;
+    }
+    return res.end(JSON.stringify({ success: true, text: text }));
+  });
+}
+
+app.post('/delete', [noCacheJson, checkCookieToken, logAction(), checkPermissions(['removeEnabled'])], (req, res) => {
+  if (req.query.removeSpi !== 'true' && req.query.removePcap !== 'true') {
+    return res.molochError(403, `You can't delete nothing`);
+  }
+
+  let whatToRemove;
+  if (req.query.removeSpi === 'true' && req.query.removePcap === 'true') {
+    whatToRemove = 'all';
+  } else if (req.query.removeSpi === 'true') {
+    whatToRemove = 'spi';
+  } else {
+    whatToRemove = 'pcap';
+  }
+
+  if (req.body.ids) {
+    const ids = queryValueToArray(req.body.ids);
+    sessionsListFromIds(req, ids, ['node'], function (err, list) {
+      scrubList(req, res, whatToRemove, list);
+    });
+  } else if (req.query.expression) {
+    sessionsListFromQuery(req, res, ['node'], function (err, list) {
+      scrubList(req, res, whatToRemove, list);
+    });
+  } else {
+    return res.molochError(403, `Error: Missing expression. An expression is required so you don't delete everything.`);
+  }
+});
+
+//////////////////////////////////////////////////////////////////////////////////
+//// Sending/Receive sessions
+//////////////////////////////////////////////////////////////////////////////////
+function sendSessionWorker(options, cb) {
+  var packetslen = 0;
+  var packets = [];
+  var packetshdr;
+  var ps = [-1];
+  var tags = [];
+
+  if (!options.saveId) {
+    return cb({success: false, text: "Missing saveId"});
+  }
+
+  if (!options.cluster) {
+    return cb({success: false, text: "Missing cluster"});
+  }
+
+  processSessionId(options.id, true, function(pcap, header) {
+    packetshdr = header;
+  }, function (pcap, packet, pcb, i) {
+    packetslen += packet.length;
+    packets[i] = packet;
+    pcb(null);
+  }, function (err, session) {
+    var buffer;
+    if (err || !packetshdr) {
+      console.log("WARNING - No PCAP only sending SPI data err:", err);
+      buffer = Buffer.alloc(0);
+      ps = [];
+    } else {
+      buffer = Buffer.alloc(packetshdr.length + packetslen);
+      var pos = 0;
+      packetshdr.copy(buffer);
+      pos += packetshdr.length;
+      for(let i = 0, ilen = packets.length; i < ilen; i++) {
+        ps.push(pos);
+        packets[i].copy(buffer, pos);
+        pos += packets[i].length;
+      }
+    }
+    if (!session) {
+      console.log("no session" , session, "err", err, "id", options.id);
+      return;
+    }
+    session.id = options.id;
+    session.packetPos = ps;
+    delete session.fileId;
+
+    if (options.tags) {
+      tags = options.tags.replace(/[^-a-zA-Z0-9_:,]/g, "").split(",");
+      if (!session.tags) {
+        session.tags = [];
+      }
+      session.tags = session.tags.concat(tags);
+    }
+
+    var molochClusters = Config.configMap("moloch-clusters");
+    if (!molochClusters) {
+      console.log("ERROR - sendSession is not configured");
+      return cb();
+    }
+
+    var sobj = molochClusters[options.cluster];
+    if (!sobj) {
+      console.log("ERROR - moloch-clusters is not configured for " + options.cluster);
+      return cb();
+    }
+
+    var info = url.parse(sobj.url + "/receiveSession?saveId=" + options.saveId);
+    addAuth(info, options.user, options.nodeName, sobj.serverSecret || sobj.passwordSecret);
+    info.method = "POST";
+
+    var result = "";
+    var client = info.protocol === "https:"?https:http;
+    info.agent = (client === http?internals.httpAgent:internals.httpsAgent);
+    addCaTrust(info, options.nodeName);
+    var preq = client.request(info, function(pres) {
+      pres.on('data', function (chunk) {
+        result += chunk;
+      });
+      pres.on('end', function () {
+        result = JSON.parse(result);
+        if (!result.success) {
+          console.log("ERROR sending session ", result);
+        }
+        cb();
+      });
+    });
+
+    preq.on('error', function (e) {
+      console.log("ERROR - Couldn't connect to ", info, "\nerror=", e);
+      cb();
+    });
+
+    var sessionStr = JSON.stringify(session);
+    var b = Buffer.alloc(12);
+    b.writeUInt32BE(Buffer.byteLength(sessionStr), 0);
+    b.writeUInt32BE(buffer.length, 8);
+    preq.write(b);
+    preq.write(sessionStr);
+    preq.write(buffer);
+    preq.end();
+  }, undefined, 10);
+}
+
+internals.sendSessionQueue = async.queue(sendSessionWorker, 10);
+
+app.get('/:nodeName/sendSession/:id', checkProxyRequest, function(req, res) {
+  noCache(req, res);
+  res.statusCode = 200;
+
+  var options = {
+    user: req.user,
+    cluster: req.query.cluster,
+    id: req.params.id,
+    saveId: req.query.saveId,
+    tags: req.body.tags,
+    nodeName: req.params.nodeName
+  };
+
+  internals.sendSessionQueue.push(options, function () {
+    res.end();
+  });
+});
+
+app.post('/:nodeName/sendSessions', checkProxyRequest, function(req, res) {
+  noCache(req, res);
+  res.statusCode = 200;
+
+  if (req.body.ids === undefined ||
+      req.query.cluster === undefined ||
+      req.query.saveId === undefined ||
+      req.body.tags === undefined) {
+    return res.end();
+  }
+
+  var count = 0;
+  var ids = queryValueToArray(req.body.ids);
+  ids.forEach(function(id) {
+    var options = {
+      user: req.user,
+      cluster: req.query.cluster,
+      id: id,
+      saveId: req.query.saveId,
+      tags: req.body.tags,
+      nodeName: req.params.nodeName
+    };
+
+    count++;
+    internals.sendSessionQueue.push(options, function () {
+      count--;
+      if (count === 0) {
+        return res.end();
+      }
+    });
+  });
+});
+
+
+function sendSessionsList(req, res, list) {
+  if (!list) { return res.molochError(200, "Missing list of sessions"); }
+
+  var saveId = Config.nodeName() + "-" + new Date().getTime().toString(36);
+
+  async.eachLimit(list, 10, function(item, nextCb) {
+    var fields = item._source || item.fields;
+    let sid = Db.session2Sid(item);
+    isLocalView(fields.node, function () {
+      var options = {
+        user: req.user,
+        cluster: req.body.cluster,
+        id: sid,
+        saveId: saveId,
+        tags: req.body.tags,
+        nodeName: fields.node
+      };
+      // Get from our DISK
+      internals.sendSessionQueue.push(options, nextCb);
+    },
+    function () {
+      let path = `${fields.node}/sendSession/${sid}?saveId=${saveId}&cluster=${req.body.cluster}`;
+      if (req.body.tags) {
+        path += `&tags=${req.body.tags}`;
+      }
+
+      makeRequest(fields.node, path, req.user, (err, response) => {
+        setImmediate(nextCb);
+      });
+    });
+  }, function(err) {
+    return res.end(JSON.stringify({success: true, text: "Sending of " + list.length + " sessions complete"}));
+  });
+}
+
+var qlworking = {};
+function sendSessionsListQL(pOptions, list, nextQLCb) {
+  if (!list) {
+    return;
+  }
+
+  var nodes = {};
+
+  list.forEach(function (item) {
+    if (!nodes[item.node]) {
+      nodes[item.node] = [];
+    }
+    nodes[item.node].push(item.id);
+  });
+
+  var keys = Object.keys(nodes);
+
+  var count = 0;
+  async.eachLimit(keys, 15, function(node, nextCb) {
+    isLocalView(node, function () {
+      var sent = 0;
+      nodes[node].forEach(function(item) {
+        var options = {
+          id: item,
+          nodeName: node
+        };
+        Db.merge(options, pOptions);
+
+        // Get from our DISK
+        internals.sendSessionQueue.push(options, function () {
+          sent++;
+          if (sent === nodes[node].length) {
+            nextCb();
+          }
+        });
+      });
+    },
+    function () {
+      // Get from remote DISK
+      getViewUrl(node, function(err, viewUrl, client) {
+        var info = url.parse(viewUrl);
+        info.method = "POST";
+        info.path = Config.basePath(node) + node + "/sendSessions?saveId=" + pOptions.saveId + "&cluster=" + pOptions.cluster;
+        info.agent = (client === http?internals.httpAgent:internals.httpsAgent);
+        if (pOptions.tags) {
+          info.path += "&tags=" + pOptions.tags;
+        }
+        addAuth(info, pOptions.user, node);
+        addCaTrust(info, node);
+        var preq = client.request(info, function(pres) {
+          pres.on('data', function (chunk) {
+            qlworking[info.path] = "data";
+          });
+          pres.on('end', function () {
+            delete qlworking[info.path];
+            count++;
+            setImmediate(nextCb);
+          });
+        });
+        preq.on('error', function (e) {
+          delete qlworking[info.path];
+          console.log("ERROR - Couldn't proxy sendSession request=", info, "\nerror=", e);
+          setImmediate(nextCb);
+        });
+        preq.setHeader('content-type', "application/x-www-form-urlencoded");
+        preq.write("ids=");
+        preq.write(nodes[node].join(","));
+        preq.end();
+        qlworking[info.path] = "sent";
+      });
+    });
+  }, function(err) {
+    nextQLCb();
+  });
+}
+
+app.post('/receiveSession', [noCacheJson], function receiveSession(req, res) {
+  if (!req.query.saveId) { return res.molochError(200, "Missing saveId"); }
+
+  req.query.saveId = req.query.saveId.replace(/[^-a-zA-Z0-9_]/g, '');
+
+  // JS Static Variable :)
+  receiveSession.saveIds = receiveSession.saveIds || {};
+
+  var saveId = receiveSession.saveIds[req.query.saveId];
+  if (!saveId) {
+    saveId = receiveSession.saveIds[req.query.saveId] = {start: 0};
+  }
+
+  var sessionlen = -1;
+  var filelen = -1;
+  var written = 0;
+  var session = null;
+  var buffer;
+  var file;
+  var writeHeader;
+
+  function makeFilename(cb) {
+    if (saveId.filename) {
+      return cb(saveId.filename);
+    }
+
+    // Just keep calling ourselves every 100 ms until we have a filename
+    if (saveId.inProgress) {
+      return setTimeout(makeFilename, 100, cb);
+    }
+
+    saveId.inProgress = 1;
+    Db.getSequenceNumber("fn-" + Config.nodeName(), function (err, seq) {
+      var filename = Config.get("pcapDir") + "/" + Config.nodeName() + "-" + seq + "-" + req.query.saveId + ".pcap";
+      saveId.seq      = seq;
+      Db.indexNow("files", "file", Config.nodeName() + "-" + saveId.seq, {num: saveId.seq, name: filename, first: session.firstPacket, node: Config.nodeName(), filesize: -1, locked: 1}, function() {
+        cb(filename);
+        saveId.filename = filename; // Don't set the saveId.filename until after the first request completes its callback.
+      });
+    });
+  }
+
+  function saveSession() {
+    var id = session.id;
+    delete session.id;
+    Db.indexNow(Db.sid2Index(id), "session", Db.sid2Id(id), session, function(err, info) {
+    });
+  }
+
+  function chunkWrite(chunk) {
+    // Write full chunk if first packet and writeHeader or not first packet
+    if (writeHeader || written !== 0) {
+      writeHeader = false;
+      file.write(chunk);
+    } else {
+      file.write(chunk.slice(24));
+    }
+    written += chunk.length; // Pretend we wrote it all
+  }
+
+  req.on('data', function(chunk) {
+    // If the file is open, just write the current chunk
+    if (file) {
+      return chunkWrite(chunk);
+    }
+
+    // If no file is open, then save the current chunk to the end of the buffer.
+    if (!buffer) {
+      buffer = chunk;
+    } else {
+      buffer = Buffer.concat([buffer, chunk]);
+    }
+
+    // Found the lengths
+    if (sessionlen === -1 && (buffer.length >= 12)) {
+      sessionlen = buffer.readUInt32BE(0);
+      filelen    = buffer.readUInt32BE(8);
+      buffer = buffer.slice(12);
+    }
+
+    // If we know the session len and haven't read the session
+    if (sessionlen !== -1 && !session && buffer.length >= sessionlen) {
+      session = JSON.parse(buffer.toString("utf8", 0, sessionlen));
+      session.node = Config.nodeName();
+      buffer = buffer.slice(sessionlen);
+
+      if (filelen > 0) {
+        req.pause();
+
+        makeFilename(function (filename) {
+          req.resume();
+          session.packetPos[0] = - saveId.seq;
+          session.fileId       = [saveId.seq];
+
+          if (saveId.start === 0) {
+            file = fs.createWriteStream(filename, {flags: "w"});
+          } else {
+            file = fs.createWriteStream(filename, {start: saveId.start, flags: "r+"});
+          }
+          writeHeader = saveId.start === 0;
+
+          // Adjust packet location based on where we start writing
+          if (saveId.start > 0) {
+            for (var p = 1, plen = session.packetPos.length; p < plen; p++) {
+              session.packetPos[p] += (saveId.start - 24);
+            }
+          }
+
+          // Filelen always includes header, if we don't write header subtract it
+          saveId.start += filelen;
+          if (!writeHeader) {
+            saveId.start -= 24;
+          }
+
+          // Still more data in buffer, start of pcap
+          if (buffer.length > 0) {
+            chunkWrite(buffer);
+          }
+
+          saveSession();
+        });
+      } else {
+        saveSession();
+      }
+    }
+  });
+
+  req.on('end', function(chunk) {
+    if (file) {
+      file.end();
+    }
+    return res.send({success: true});
+  });
+});
+
+app.post('/sendSessions', function(req, res) {
+  if (req.body.ids) {
+    var ids = queryValueToArray(req.body.ids);
+
+    sessionsListFromIds(req, ids, ["node"], function(err, list) {
+      sendSessionsList(req, res, list);
+    });
+  } else {
+    sessionsListFromQuery(req, res, ["node"], function(err, list) {
+      sendSessionsList(req, res, list);
+    });
+  }
+});
+
+app.post('/upload', [checkCookieToken, multer({dest:'/tmp', limits: internals.uploadLimits}).single('file')], function (req, res) {
+  var exec = require('child_process').exec;
+
+  var tags = '';
+  if (req.body.tags) {
+    var t = req.body.tags.replace(/[^-a-zA-Z0-9_:,]/g, '').split(',');
+    t.forEach(function(tag) {
+      if (tag.length > 0) {
+        tags += ' --tag ' + tag;
+      }
+    });
+  }
+
+  var cmd = Config.get('uploadCommand')
+     .replace('{TAGS}', tags)
+     .replace('{NODE}', Config.nodeName())
+     .replace('{TMPFILE}', req.file.path)
+     .replace('{CONFIG}', Config.getConfigFile());
+
+  console.log('upload command: ', cmd);
+  exec(cmd, function (error, stdout, stderr) {
+    if (error !== null) {
+      console.log('<b>exec error: ' + error);
+      res.status(500);
+      res.write('<b>Upload command failed:</b><br>');
+    }
+    res.write(cmd);
+    res.write('<br>');
+    res.write('<pre>');
+    res.write(stdout);
+    res.end('</pre>');
+    fs.unlinkSync(req.file.path);
+  });
+});
+
+if (Config.get("regressionTests")) {
+  app.post('/shutdown', function(req, res) {
+    Db.close();
+    process.exit(0);
+    throw new Error("Exiting");
+  });
+  app.post('/flushCache', function(req, res) {
+    Db.flushCache();
+    res.send("{}");
+  });
+  app.get('/processCronQueries', function(req, res) {
+    processCronQueries();
+    res.send("{}");
+  });
+
+  // Make sure all jobs have run and return
+  app.get('/processHuntJobs', function (req, res) {
+    processHuntJobs();
+
+    setTimeout(function checkHuntFinished() {
+      if (internals.runningHuntJob) {
+        setTimeout(checkHuntFinished, 1000);
+      } else {
+        Db.search("hunts", "hunt", {query: {term: {status: "queued"}}}, function(err, result) {
+          if (result.hits.total > 0) {
+            processHuntJobs();
+            setTimeout(checkHuntFinished, 1000);
+          } else {
+            res.send('{}');
+          }
+        });
+      }
+    }, 1000);
+  });
+}
+
+//////////////////////////////////////////////////////////////////////////////////
+// Cyberchef
+//////////////////////////////////////////////////////////////////////////////////
+/* cyberchef endpoint - loads the src or dst packets for a session and
+ * sends them to cyberchef */
+app.get('/cyberchef/:nodeName/session/:id', checkPermissions(['webEnabled']), checkProxyRequest, unsafeInlineCspHeader, (req, res) => {
+  processSessionIdAndDecode(req.params.id, 10000, function(err, session, results) {
+    if (err) {
+      console.log(`ERROR - /${req.params.nodeName}/session/${req.params.id}/cyberchef`, err);
+      return res.end("Error - " + err);
+    }
+
+    let data = '';
+    for (let i = (req.query.type !== 'dst'?0:1), ilen = results.length; i < ilen; i+=2) {
+      data += results[i].data.toString('hex');
+    }
+
+    res.send({ data: data });
+  });
+});
+
+app.use(['/cyberchef/', '/modules/'], unsafeInlineCspHeader, (req, res) => {
+  let found = false;
+  let path = req.path.substring(1);
+  if (req.baseUrl === '/modules') {
+    res.setHeader('Content-Type', 'application/javascript; charset=UTF-8');
+    path = 'modules/' + path;
+  }
+  if (path === '') {
+    path = `CyberChef_v${internals.CYBERCHEFVERSION}.html`;
+  }
+
+  fs.createReadStream(`public/CyberChef_v${internals.CYBERCHEFVERSION}.zip`)
+    .pipe(unzip.Parse())
+    .on('entry', function (entry) {
+      if (entry.path === path) {
+        entry.pipe(res);
+        found = true;
+      } else {
+        entry.autodrain();
+      }
+    })
+    .on('finish', function () {
+      if (!found) {
+        res.status(404).end('Page not found');
+      }
+    });
+});
+
+//////////////////////////////////////////////////////////////////////////////////
+// Vue app
+//////////////////////////////////////////////////////////////////////////////////
+const Vue = require('vue');
+const vueServerRenderer = require('vue-server-renderer');
+
+// Factory function to create fresh Vue apps
+function createApp () {
+  return new Vue({
+    template: `<div id="app"></div>`
+  });
+}
+
+// expose vue bundles (prod)
+app.use('/static', express.static(`${__dirname}/vueapp/dist/static`));
+// expose vue bundle (dev)
+app.use(['/app.js', '/vueapp/app.js'], express.static(`${__dirname}/vueapp/dist/app.js`));
+
+app.use(cspHeader, setCookie, (req, res) => {
+  if (!req.user.webEnabled) {
+    return res.status(403).send('Permission denied');
+  }
+
+  if (req.path === '/users' && !req.user.createEnabled) {
+    return res.status(403).send('Permission denied');
+  }
+
+  if (req.path === '/settings' && Config.get('demoMode', false)) {
+    return res.status(403).send('Permission denied');
+  }
+
+  const renderer = vueServerRenderer.createRenderer({
+    template: fs.readFileSync('./vueapp/dist/index.html', 'utf-8')
+  });
+
+  let theme = req.user.settings.theme || 'default-theme';
+  if (theme.startsWith('custom1')) { theme  = 'custom-theme'; }
+
+  let titleConfig = Config.get('titleTemplate', '_cluster_ - _page_ _-view_ _-expression_')
+    .replace(/_cluster_/g, internals.clusterName)
+    .replace(/_userId_/g, req.user?req.user.userId:'-')
+    .replace(/_userName_/g, req.user?req.user.userName:'-');
+
+  let limit = req.user.createEnabled ? Config.get('huntAdminLimit', 10000000) : Config.get('huntLimit', 1000000);
+
+  const appContext = {
+    theme: theme,
+    titleConfig: titleConfig,
+    path: app.locals.basePath,
+    version: app.locals.molochversion,
+    devMode: Config.get('devMode', false),
+    demoMode: Config.get('demoMode', false),
+    multiViewer: Config.get('multiES', false),
+    themeUrl: theme === 'custom-theme' ? 'user.css' : '',
+    huntWarn: Config.get('huntWarn', 100000),
+    huntLimit: limit,
+    serverNonce: res.locals.nonce
+  };
+
+  // Create a fresh Vue app instance
+  const vueApp = createApp();
+
+  // Render the Vue instance to HTML
+  renderer.renderToString(vueApp, appContext, (err, html) => {
+    if (err) {
+      console.log(err);
+      if (err.code === 404) {
+        res.status(404).end('Page not found');
+      } else {
+        res.status(500).end('Internal Server Error');
+      }
+      return;
+    }
+
+    res.send(html);
+  });
+});
+
+
+//////////////////////////////////////////////////////////////////////////////////
+//// Cron Queries
+//////////////////////////////////////////////////////////////////////////////////
+
+/* Process a single cron query.  At max it will process 24 hours worth of data
+ * to give other queries a chance to run.  Because its timestamp based and not
+ * lastPacket based since 1.0 it now search all indices each time.
+ */
+function processCronQuery(cq, options, query, endTime, cb) {
+  if (Config.debug > 2) {
+    console.log("CRON", cq.name, cq.creator, "- processCronQuery(", cq, options, query, endTime, ")");
+  }
+
+  var singleEndTime;
+  var count = 0;
+  async.doWhilst(function(whilstCb) {
+    // Process at most 24 hours
+    singleEndTime = Math.min(endTime, cq.lpValue + 24*60*60);
+    query.query.bool.filter[0] = {range: {timestamp: {gte: cq.lpValue*1000, lt: singleEndTime*1000}}};
+
+    if (Config.debug > 2) {
+      console.log("CRON", cq.name, cq.creator, "- start:", new Date(cq.lpValue*1000), "stop:", new Date(singleEndTime*1000), "end:", new Date(endTime*1000), "remaining runs:", ((endTime-singleEndTime)/(24*60*60.0)));
+    }
+
+    Db.search('sessions2-*', 'session', query, {scroll: '600s'}, function getMoreUntilDone(err, result) {
+      function doNext() {
+        count += result.hits.hits.length;
+
+        // No more data, all done
+        if (result.hits.hits.length === 0) {
+          Db.clearScroll({ body: { scroll_id: result._scroll_id } });
+          return setImmediate(whilstCb, "DONE");
+        } else {
+          var document = { doc: { count: (query.count || 0) + count} };
+          Db.update("queries", "query", options.qid, document, {refresh: true}, function () {});
+        }
+
+        query = {
+          body: {
+            scroll_id: result._scroll_id,
+          },
+          scroll: '600s'
+        };
+
+        Db.scroll(query, getMoreUntilDone);
+      }
+
+      if (err || result.error) {
+        console.log("cronQuery error", err, (result?result.error:null), "for", cq);
+        return setImmediate(whilstCb, "ERR");
+      }
+
+      var ids = [];
+      var hits = result.hits.hits;
+      var i, ilen;
+      if (cq.action.indexOf("forward:") === 0) {
+        for (i = 0, ilen = hits.length; i < ilen; i++) {
+          ids.push({id: hits[i]._id, node: hits[i]._source.node});
+        }
+
+        sendSessionsListQL(options, ids, doNext);
+      } else if (cq.action.indexOf("tag") === 0) {
+        for (i = 0, ilen = hits.length; i < ilen; i++) {
+          ids.push(hits[i]._id);
+        }
+
+        if (Config.debug > 1) {
+          console.log("CRON", cq.name, cq.creator, "- Updating tags:", ids.length);
+        }
+
+        var tags = options.tags.split(",");
+        sessionsListFromIds(null, ids, ["tags", "node"], function(err, list) {
+          addTagsList(tags, list, doNext);
+        });
+      } else {
+        console.log("Unknown action", cq);
+        doNext();
+      }
+    });
+  }, function () {
+    if (Config.debug > 1) {
+      console.log("CRON", cq.name, cq.creator, "- Continue process", singleEndTime, endTime);
+    }
+    return singleEndTime !== endTime;
+  }, function (err) {
+    cb(count, singleEndTime);
+  });
+}
+
+function processCronQueries() {
+  if (internals.cronRunning) {
+    console.log("processQueries already running", qlworking);
+    return;
+  }
+  internals.cronRunning = true;
+  if (Config.debug) {
+    console.log("CRON - cronRunning set to true");
+  }
+
+  var repeat;
+  async.doWhilst(function(whilstCb) {
+    repeat = false;
+    Db.search("queries", "query", {size: 1000}, function(err, data) {
+      if (err) {
+        internals.cronRunning = false;
+        console.log("processCronQueries", err);
+        return setImmediate(whilstCb, err);
+      }
+      var queries = {};
+      data.hits.hits.forEach(function(item) {
+        queries[item._id] = item._source;
+      });
+
+      // Delayed by the max Timeout
+      var endTime = Math.floor(Date.now()/1000) - internals.cronTimeout;
+
+      // Go thru the queries, fetch the user, make the query
+      async.eachSeries(Object.keys(queries), function (qid, forQueriesCb) {
+        var cq = queries[qid];
+        var cluster = null;
+
+        if (Config.debug > 1) {
+          console.log("CRON - Running", qid, cq);
+        }
+
+        if (!cq.enabled || endTime < cq.lpValue) {
+          return forQueriesCb();
+        }
+
+        if (cq.action.indexOf("forward:") === 0) {
+          cluster = cq.action.substring(8);
+        }
+
+        getUserCacheIncAnon(cq.creator, (err, user) => {
+          if (err && !user) {
+            return forQueriesCb();
+          }
+          if (!user || !user.found) {
+            console.log(`User ${cq.creator} doesn't exist`);
+            return forQueriesCb(null);
+          }
+          if (!user.enabled) {
+            console.log(`User ${cq.creator} not enabled`);
+            return forQueriesCb();
+          }
+
+          let options = {
+            user: user,
+            cluster: cluster,
+            saveId: Config.nodeName() + "-" + new Date().getTime().toString(36),
+            tags: cq.tags.replace(/[^-a-zA-Z0-9_:,]/g, ""),
+            qid: qid
+          };
+
+          Db.getLookupsCache(cq.creator, (err, lookups) => {
+            molochparser.parser.yy = {
+              emailSearch: user.emailSearch === true,
+              fieldsMap: Config.getFieldsMap(),
+              prefix: internals.prefix,
+              lookups: lookups,
+              lookupTypeMap: internals.lookupTypeMap
+            };
+
+            let query = {
+              from: 0,
+              size: 1000,
+              query: {bool: {filter: [{}]}},
+              _source: ["_id", "node"]
+            };
+
+            try {
+              query.query.bool.filter.push(molochparser.parse(cq.query));
+            } catch (e) {
+              console.log("Couldn't compile cron query expression", cq, e);
+              return forQueriesCb();
+            }
+
+            if (user.expression && user.expression.length > 0) {
+              try {
+                // Expression was set by admin, so assume email search ok
+                molochparser.parser.yy.emailSearch = true;
+                var userExpression = molochparser.parse(user.expression);
+                query.query.bool.filter.push(userExpression);
+              } catch (e) {
+                console.log("Couldn't compile user forced expression", user.expression, e);
+                return forQueriesCb();
+              }
+            }
+
+            lookupQueryItems(query.query.bool.filter, function (lerr) {
+              processCronQuery(cq, options, query, endTime, function (count, lpValue) {
+                if (Config.debug > 1) {
+                  console.log("CRON - setting lpValue", new Date(lpValue*1000));
+                }
+                // Do the ES update
+                let document = {
+                  doc: {
+                    lpValue: lpValue,
+                    lastRun: Math.floor(Date.now()/1000),
+                    count: (queries[qid].count || 0) + count
+                  }
+                };
+
+                function continueProcess () {
+                  Db.update('queries', 'query', qid, document, { refresh: true }, function () {
+                    // If there is more time to catch up on, repeat the loop, although other queries
+                    // will get processed first to be fair
+                    if (lpValue !== endTime) { repeat = true; }
+                    return forQueriesCb();
+                  });
+                }
+
+                // issue alert via notifier if the count has changed and it has been at least 10 minutes
+                if (cq.notifier && count && queries[qid].count !== document.doc.count &&
+                  (!cq.lastNotified || (Math.floor(Date.now()/1000) - cq.lastNotified >= 600))) {
+                  let newMatchCount = document.doc.lastNotifiedCount ? (document.doc.count - document.doc.lastNotifiedCount) : document.doc.count;
+                  let message = `*${cq.name}* cron query match alert:\n*${newMatchCount} new* matches\n*${document.doc.count} total* matches`;
+                  issueAlert(cq.notifier, message, continueProcess);
+                } else {
+                  return continueProcess();
+                }
+              });
+            });
+          });
+        });
+      }, function(err) {
+        if (Config.debug > 1) {
+          console.log("CRON - Finished one pass of all crons");
+        }
+        return setImmediate(whilstCb, err);
+      });
+    });
+  }, function () {
+    if (Config.debug > 1) {
+       console.log("CRON - Process again: ", repeat);
+    }
+    return repeat;
+  }, function (err) {
+    if (Config.debug) {
+      console.log("CRON - Should be up to date");
+    }
+    internals.cronRunning = false;
+  });
+}
+
+//////////////////////////////////////////////////////////////////////////////////
+//// Main
+//////////////////////////////////////////////////////////////////////////////////
+function main () {
+  Db.checkVersion(MIN_DB_VERSION, Config.get("passwordSecret") !== undefined);
+  Db.healthCache(function(err, health) {
+    internals.clusterName = health.cluster_name;
+  });
+
+  Db.nodesStats({metric: 'jvm,process,fs,os,indices,thread_pool'}, function (err, info) {
+    info.nodes.timestamp = new Date().getTime();
+    internals.previousNodesStats.push(info.nodes);
+  });
+
+  expireCheckAll();
+  setInterval(expireCheckAll, 60*1000);
+
+  loadFields();
+  setInterval(loadFields, 2*60*1000);
+
+  loadPlugins();
+
+  createRightClicks();
+  setInterval(createRightClicks, 5*60*1000);
+
+  if (Config.get("cronQueries", false)) { // this viewer will process the cron queries
+    console.log("This node will process Cron Queries, delayed by", internals.cronTimeout, "seconds");
+    setInterval(processCronQueries, 60*1000);
+    setTimeout(processCronQueries, 1000);
+    setInterval(processHuntJobs, 10000);
+  }
+
+  var server;
+  if (Config.isHTTPS()) {
+    server = https.createServer({key: Config.keyFileData, cert: Config.certFileData, secureOptions: require('constants').SSL_OP_NO_TLSv1}, app);
+  } else {
+    server = http.createServer(app);
+  }
+
+  var viewHost = Config.get("viewHost", undefined);
+  if (internals.userNameHeader !== undefined && viewHost !== "localhost" && viewHost !== "127.0.0.1") {
+    console.log("SECURITY WARNING - when userNameHeader is set, viewHost should be localhost or use iptables");
+  }
+
+  server
+    .on('error', function (e) {
+      console.log("ERROR - couldn't listen on port", Config.get("viewPort", "8005"), "is viewer already running?");
+      process.exit(1);
+      throw new Error("Exiting");
+    })
+    .on('listening', function (e) {
+      console.log("Express server listening on port %d in %s mode", server.address().port, app.settings.env);
+    })
+    .listen(Config.get("viewPort", "8005"), viewHost);
+}
+//////////////////////////////////////////////////////////////////////////////////
+//// Command Line Parsing
+//////////////////////////////////////////////////////////////////////////////////
+function processArgs(argv) {
+  for (var i = 0, ilen = argv.length; i < ilen; i++) {
+    if (argv[i] === "--help") {
+      console.log("node.js [<options>]");
+      console.log("");
+      console.log("Options:");
+      console.log("  -c <config file>      Config file to use");
+      console.log("  -host <host name>     Host name to use, default os hostname");
+      console.log("  -n <node name>        Node name section to use in config file, default first part of hostname");
+      console.log("  --debug               Increase debug level, multiple are supported");
+      console.log("  --esprofile           Turn on profiling to es search queries");
+      console.log("  --insecure            Disable cert verification");
+
+      process.exit(0);
+    }
+  }
+}
+processArgs(process.argv);
+//////////////////////////////////////////////////////////////////////////////////
+//// DB
+//////////////////////////////////////////////////////////////////////////////////
+Db.initialize({host: internals.elasticBase,
+               prefix: Config.get("prefix", ""),
+               usersHost: Config.get('usersElasticsearch')?Config.getArray('usersElasticsearch', ',', ''):undefined,
+               usersPrefix: Config.get("usersPrefix"),
+               nodeName: Config.nodeName(),
+               esClientKey: Config.get("esClientKey", null),
+               esClientCert: Config.get("esClientCert", null),
+               esClientKeyPass: Config.get("esClientKeyPass", null),
+               multiES: Config.get('multiES', false),
+               insecure: Config.insecure,
+               ca: loadCaTrust(internals.nodeName),
+               requestTimeout: Config.get("elasticsearchTimeout", 300),
+               esProfile: Config.esProfile,
+               debug: Config.debug
+              }, main);

From 2e7c4949fd2355b46041c5c24058e93c92ef1a03 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 24 Feb 2020 15:32:26 -0700
Subject: [PATCH 113/183] work in progress on network time diff, viewer.js not
 actually used yet

---
 moloch/network_diff/viewer.js | 325 ++++++++++++++++++++--------------
 1 file changed, 191 insertions(+), 134 deletions(-)

diff --git a/moloch/network_diff/viewer.js b/moloch/network_diff/viewer.js
index fb480e568..be411d962 100644
--- a/moloch/network_diff/viewer.js
+++ b/moloch/network_diff/viewer.js
@@ -2825,31 +2825,98 @@ function lookupQueryItems(query, doneCb) {
   finished = 1;
 }
 
-function buildSessionQuery (req, buildCb) {
-  // validate time limit is not exceeded
-  let timeLimitExceeded = false;
+function determineQueryTimes (req) {
+  let startTimeSec = undefined;
+  let stopTimeSec = undefined;
+  let interval = 60*60;
 
-  if (parseInt(req.query.date) > parseInt(req.user.timeLimit) ||
-    (req.query.date === '-1') && req.user.timeLimit) {
-    timeLimitExceeded = true;
-  } else if (req.query.startTime && req.query.stopTime) {
+  if (Config.debug) {
+    console.log("determineQueryTimes", "req.query.date", req.query.date, "req.query.segments", req.query.segments,
+                "req.query.startTime", req.query.startTime, "req.query.stopTime", req.query.stopTime)
+  }
+
+  if ((req.query.date && req.query.date === '-1') ||
+      (req.query.segments && req.query.segments === "all")) {
+    interval = 60*60; // Hour to be safe
+
+  } else if ((req.query.startTime !== undefined) && (req.query.stopTime !== undefined)) {
     if (! /^[0-9]+$/.test(req.query.startTime)) {
-      req.query.startTime = Date.parse(req.query.startTime.replace('+', ' ')) / 1000;
+      startTimeSec = Date.parse(req.query.startTime.replace('+', ' ')) / 1000;
     } else {
-      req.query.startTime = parseInt(req.query.startTime, 10);
+      startTimeSec = parseInt(req.query.startTime, 10);
     }
 
     if (! /^[0-9]+$/.test(req.query.stopTime)) {
-      req.query.stopTime = Date.parse(req.query.stopTime.replace('+', ' ')) / 1000;
+      stopTimeSec = Date.parse(req.query.stopTime.replace('+', ' ')) / 1000;
     } else {
-      req.query.stopTime = parseInt(req.query.stopTime, 10);
+      stopTimeSec = parseInt(req.query.stopTime, 10);
     }
 
-    if (req.user.timeLimit && (req.query.stopTime - req.query.startTime) / 3600 > req.user.timeLimit) {
-      timeLimitExceeded = true;
+    var diff = req.query.stopTime - req.query.startTime;
+    if (diff < 30*60) {
+      interval = 1; // second
+    } else if (diff <= 5*24*60*60) {
+      interval = 60; // minute
+    } else {
+      interval = 60*60; // hour
+    }
+
+  } else {
+    let queryDate = req.query.date || 1;
+    startTimeSec = (Math.floor(Date.now() / 1000) - 60*60*parseInt(queryDate, 10));
+    stopTimeSec = Date.now()/1000;
+
+    if (queryDate <= 5*24) {
+      interval = 60; // minute
+    } else {
+      interval = 60 * 60; // hour
     }
   }
 
+  switch (req.query.interval) {
+    case 'second':
+      interval = 1;
+      break;
+    case 'minute':
+      interval = 60;
+      break;
+    case 'hour':
+      interval = 60 * 60;
+      break;
+    case 'day':
+      interval = 60 * 60 * 24;
+      break;
+    case 'week':
+      interval = 60 * 60 * 24 * 7;
+      break;
+  }
+
+  if (Config.debug) {
+    console.log("determineQueryTimes", "startTimeSec", startTimeSec, "stopTimeSec", stopTimeSec, "interval", interval)
+  }
+
+  return [startTimeSec, stopTimeSec, interval];
+}
+
+function buildSessionQuery (req, buildCb) {
+  // validate time limit is not exceeded
+  let timeLimitExceeded = false;
+  var interval;
+
+  let startAndStopParams = determineQueryTimes(req);
+  if (startAndStopParams[0] !== undefined) req.query.startTime = startAndStopParams[0];
+  if (startAndStopParams[1] !== undefined) req.query.stopTime = startAndStopParams[1];
+  interval = startAndStopParams[2];
+
+  if (parseInt(req.query.date) > parseInt(req.user.timeLimit) ||
+    (req.query.date === '-1') && req.user.timeLimit) {
+    timeLimitExceeded = true;
+
+  } else if ((req.query.startTime) && (req.query.stopTime) && (req.user.timeLimit) &&
+             ((req.query.stopTime - req.query.startTime) / 3600 > req.user.timeLimit)) {
+      timeLimitExceeded = true;
+  }
+
   if (timeLimitExceeded) {
     console.log(`${req.user.userName} trying to exceed time limit: ${req.user.timeLimit} hours`);
     return buildCb(`User time limit (${req.user.timeLimit} hours) exceeded`, {});
@@ -2871,10 +2938,10 @@ function buildSessionQuery (req, buildCb) {
     req.query.bounding = "both";
   }
 
-  var interval;
   if ((req.query.date && req.query.date === '-1') ||
       (req.query.segments && req.query.segments === "all")) {
-    interval = 60*60; // Hour to be safe
+    // interval is already assigned above from result of determineQueryTimes
+
   } else if (req.query.startTime !== undefined && req.query.stopTime) {
     switch (req.query.bounding) {
     case "first":
@@ -2897,21 +2964,7 @@ function buildSessionQuery (req, buildCb) {
       break;
     }
 
-    var diff = req.query.stopTime - req.query.startTime;
-    if (diff < 30*60) {
-      interval = 1; // second
-    } else if (diff <= 5*24*60*60) {
-      interval = 60; // minute
-    } else {
-      interval = 60*60; // hour
-    }
   } else {
-    if (!req.query.date) {
-      req.query.date = 1;
-    }
-    req.query.startTime = (Math.floor(Date.now() / 1000) - 60*60*parseInt(req.query.date, 10));
-    req.query.stopTime = Date.now()/1000;
-
     switch (req.query.bounding) {
     case "first":
       query.query.bool.filter.push({range: {firstPacket: {gte: req.query.startTime*1000}}});
@@ -2929,30 +2982,6 @@ function buildSessionQuery (req, buildCb) {
       query.query.bool.filter.push({range: {timestamp: {gte: req.query.startTime*1000}}});
       break;
     }
-
-    if (req.query.date <= 5*24) {
-      interval = 60; // minute
-    } else {
-      interval = 60 * 60; // hour
-    }
-  }
-
-  switch (req.query.interval) {
-    case 'second':
-      interval = 1;
-      break;
-    case 'minute':
-      interval = 60;
-      break;
-    case 'hour':
-      interval = 60 * 60;
-      break;
-    case 'day':
-      interval = 60 * 60 * 24;
-      break;
-    case 'week':
-      interval = 60 * 60 * 24 * 7;
-      break;
   }
 
   if (req.query.facets) {
@@ -5076,6 +5105,7 @@ app.get('/dns.json', [noCacheJson, logAction()], function(req, res) {
 });
 
 function buildConnections(req, res, cb) {
+
   let dstipport;
   if (req.query.dstField === 'ip.dst:port') {
     dstipport = true;
@@ -5089,10 +5119,18 @@ function buildConnections(req, res, cb) {
   let fdst                 = req.query.dstField;
   let minConn              = req.query.minConn || 1;
 
+  let doBaseline           = 0;
+  if ((req.query.date !== '-1') && (req.query.startTime !== undefined) && (req.query.stopTime !== undefined)) {
+    doBaseline = req.query.baseline || 0;
+  }
+
   let dstIsIp = fdst.match(/(\.ip|Ip)$/);
 
   let nodesHash = {};
   let connects = {};
+  let nodes = [];
+  let links = [];
+  let totalHits = 0;
 
   let dbFieldsMap = Config.getDBFieldsMap();
   function updateValues (data, property, fields) {
@@ -5121,7 +5159,7 @@ function buildConnections(req, res, cb) {
     }
   }
 
-  function process (vsrc, vdst, f, fields) {
+  function process (vsrc, vdst, f, fields, resultid) {
     // ES 6 is returning formatted timestamps instead of ms like pre 6 did
     // https://github.com/elastic/elasticsearch/issues/27740
     if (vsrc.length === 24 && vsrc[23] === 'Z' && vsrc.match(/^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d.\d\d\dZ$/)) {
@@ -5132,19 +5170,21 @@ function buildConnections(req, res, cb) {
     }
 
     if (nodesHash[vsrc] === undefined) {
-      nodesHash[vsrc] = { id: `${vsrc}`, cnt: 0, sessions: 0 };
+      nodesHash[vsrc] = { id: `${vsrc}`, cnt: 0, sessions: 0, inresult: 0 };
     }
 
     nodesHash[vsrc].sessions++;
     nodesHash[vsrc].type |= 1;
+    nodesHash[vsrc].inresult |= resultid;
     updateValues(f, nodesHash[vsrc], fields);
 
     if (nodesHash[vdst] === undefined) {
-      nodesHash[vdst] = { id: `${vdst}`, cnt: 0, sessions: 0 };
+      nodesHash[vdst] = { id: `${vdst}`, cnt: 0, sessions: 0, inresult: 0 };
     }
 
     nodesHash[vdst].sessions++;
     nodesHash[vdst].type |= 2;
+    nodesHash[vdst].inresult |= resultid;
     updateValues(f, nodesHash[vdst], fields);
 
     let linkId = `${vsrc}->${vdst}`;
@@ -5158,108 +5198,120 @@ function buildConnections(req, res, cb) {
     updateValues(f, connects[linkId], fields);
   }
 
-  buildSessionQuery(req, function(bsqErr, query, indices) {
-    if (bsqErr) {
-      return cb(bsqErr, 0, 0, 0);
+  let resultidMax = doBaseline+1;
+  for (let resultid = 1; resultid <= resultidMax; resultid++) {
+
+    if (resultid > 1) {
+      // replace query date with baseline date
+      return cb(null, nodes, links, totalHits);
     }
-    query.query.bool.filter.push({exists: {field: req.query.srcField}});
-    query.query.bool.filter.push({exists: {field: req.query.dstField}});
 
-    // get the requested fields
-    let fields = ['totBytes', 'totDataBytes', 'totPackets', 'node'];
-    if (req.query.fields) { fields = req.query.fields.split(','); }
-    query._source = fields;
-    query.docvalue_fields = [fsrc, fdst];
+    buildSessionQuery(req, function(bsqErr, query, indices) {
+      if (bsqErr) {
+        return cb(bsqErr, 0, 0, 0);
+      }
+      query.query.bool.filter.push({exists: {field: req.query.srcField}});
+      query.query.bool.filter.push({exists: {field: req.query.dstField}});
 
-    if (dstipport) {
-      query._source.push('dstPort');
-    }
+      // get the requested fields
+      let fields = ['totBytes', 'totDataBytes', 'totPackets', 'node'];
+      if (req.query.fields) { fields = req.query.fields.split(','); }
+      query._source = fields;
+      query.docvalue_fields = [fsrc, fdst];
 
-    let options;
-    if (req.query.cancelId) { options = { cancelId: `${req.user.userId}::${req.query.cancelId}` }; }
+      if (dstipport) {
+        query._source.push('dstPort');
+      }
 
-    if (Config.debug) {
-      console.log('buildConnections query', JSON.stringify(query, null, 2));
-    }
+      let options;
+      if (req.query.cancelId) { options = { cancelId: `${req.user.userId}::${req.query.cancelId}` }; }
 
-    Db.searchPrimary(indices, 'session', query, options, function (err, graph) {
       if (Config.debug) {
-        console.log('buildConnections result', JSON.stringify(graph, null, 2));
+        console.log('buildConnections query', JSON.stringify(query, null, 2));
       }
 
-      if (err || graph.error) {
-        console.log('Build Connections ERROR', err, graph.error);
-        return cb(err || graph.error);
-      }
+      Db.searchPrimary(indices, 'session', query, options, function (err, graph) {
+        if (Config.debug) {
+          console.log('buildConnections result', JSON.stringify(graph, null, 2));
+        }
 
-      async.eachLimit(graph.hits.hits, 10, function (hit, hitCb) {
-        let f = hit._source;
-        f = flattenFields(f);
+        if (err || graph.error) {
+          console.log('Build Connections ERROR', err, graph.error);
+          return cb(err || graph.error);
+        }
 
-        let asrc = hit.fields[fsrc];
-        let adst = hit.fields[fdst];
+        async.eachLimit(graph.hits.hits, 10, function (hit, hitCb) {
+          let f = hit._source;
+          f = flattenFields(f);
 
-        if (asrc === undefined || adst === undefined) {
-          return setImmediate(hitCb);
-        }
+          let asrc = hit.fields[fsrc];
+          let adst = hit.fields[fdst];
 
-        if (!Array.isArray(asrc)) {
-          asrc = [asrc];
-        }
+          if (asrc === undefined || adst === undefined) {
+            return setImmediate(hitCb);
+          }
 
-        if (!Array.isArray(adst)) {
-          adst = [adst];
-        }
+          if (!Array.isArray(asrc)) {
+            asrc = [asrc];
+          }
 
-        for (let vsrc of asrc) {
-          for (let vdst of adst) {
-            if (dstIsIp && dstipport) {
-              if (vdst.includes(':')) {
-                vdst += '.' + f.dstPort;
-              } else {
-                vdst += ':' + f.dstPort;
+          if (!Array.isArray(adst)) {
+            adst = [adst];
+          }
+
+          for (let vsrc of asrc) {
+            for (let vdst of adst) {
+              if (dstIsIp && dstipport) {
+                if (vdst.includes(':')) {
+                  vdst += '.' + f.dstPort;
+                } else {
+                  vdst += ':' + f.dstPort;
+                }
               }
+              process(vsrc, vdst, f, fields, resultid);
             }
-            process(vsrc, vdst, f, fields);
           }
-        }
-        setImmediate(hitCb);
-      }, function (err) {
-        let nodes = [];
-        let nodeKeys = Object.keys(nodesHash);
-        if (Config.get('regressionTests', false)) {
-          nodeKeys = nodeKeys.sort(function (a,b) { return nodesHash[a].id.localeCompare(nodesHash[b].id); });
-        }
-        for (let node of nodeKeys) {
-          if (nodesHash[node].cnt < minConn) {
-            nodesHash[node].pos = -1;
-          } else {
-            nodesHash[node].pos = nodes.length;
-            nodes.push(nodesHash[node]);
+          setImmediate(hitCb);
+
+        }, function (err) {
+          let nodeKeys = Object.keys(nodesHash);
+          if (Config.get('regressionTests', false)) {
+            nodeKeys = nodeKeys.sort(function (a,b) { return nodesHash[a].id.localeCompare(nodesHash[b].id); });
+          }
+          for (let node of nodeKeys) {
+            if (nodesHash[node].cnt < minConn) {
+              nodesHash[node].pos = -1;
+            } else {
+              nodesHash[node].pos = nodes.length;
+              nodes.push(nodesHash[node]);
+            }
           }
-        }
 
-        let links = [];
-        for (let key in connects) {
-          var c = connects[key];
-          c.source = nodesHash[c.source].pos;
-          c.target = nodesHash[c.target].pos;
-          if (c.source >= 0 && c.target >= 0) {
-            links.push(connects[key]);
+          for (let key in connects) {
+            var c = connects[key];
+            c.source = nodesHash[c.source].pos;
+            c.target = nodesHash[c.target].pos;
+            if (c.source >= 0 && c.target >= 0) {
+              links.push(connects[key]);
+            }
           }
-        }
 
-        if (Config.debug) {
-          console.log('nodesHash', nodesHash);
-          console.log('connects', connects);
-          console.log('nodes', nodes.length, nodes);
-          console.log('links', links.length, links);
-        }
+          totalHits += graph.hits.total;
 
-        return cb(null, nodes, links, graph.hits.total);
+          if (Config.debug) {
+            console.log('nodesHash', nodesHash);
+            console.log('connects', connects);
+            console.log('nodes', nodes.length, nodes);
+            console.log('links', links.length, links);
+          }
+
+          if (resultid >= resultidMax) {
+            return cb(null, nodes, links, totalHits);
+          }
+        });
       });
     });
-  });
+  }
 }
 
 app.get('/connections.json', [noCacheJson, recordResponseTime, logAction('connections'), setCookie], (req, res) => {
@@ -7133,6 +7185,11 @@ function runHuntJob (huntId, hunt, query, user) {
       let sessionId = Db.session2Sid(hit);
       let node = session.node;
 
+      // There is no files, this is a fake session, don't hunt it
+      if (session.fileId === undefined || session.fileId.length === 0) {
+          return updateHuntStats(hunt, huntId, session, searchedSessions, cb);
+      }
+
       isLocalView(node, function () {
         sessionHunt(sessionId, options, function (err, matched) {
           if (err) {
@@ -7270,7 +7327,7 @@ function processHuntJob (huntId, hunt) {
             }
           };
 
-          query._source = ['lastPacket', 'node', 'huntId', 'huntName'];
+          query._source = ['lastPacket', 'node', 'huntId', 'huntName', 'fileId'];
 
           if (Config.debug > 2) {
             console.log('HUNT', hunt.name, hunt.userId, '- start:', new Date(hunt.lastPacketTime || hunt.query.startTime * 1000), 'stop:', new Date(hunt.query.stopTime * 1000));

From cc1dee5d2a9dadc8278341d9266dfcf485c5ae17 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 25 Feb 2020 07:23:00 -0700
Subject: [PATCH 114/183] bump moloch to 2.2.2

---
 Dockerfiles/moloch.Dockerfile                 |  3 +-
 docker-compose-standalone-zeek-live.yml       |  2 +-
 docker-compose-standalone.yml                 |  2 +-
 docker-compose.yml                            |  2 +-
 ...hunt-fix-missing-fileId-1374-23bdf6c.patch | 54 -------------------
 sensor-iso/docs/Notes.md                      |  4 +-
 sensor-iso/moloch/Dockerfile                  |  2 +-
 7 files changed, 7 insertions(+), 62 deletions(-)
 delete mode 100644 moloch/patch/hunt-fix-missing-fileId-1374-23bdf6c.patch

diff --git a/Dockerfiles/moloch.Dockerfile b/Dockerfiles/moloch.Dockerfile
index eca2ed4c0..7b930eb30 100644
--- a/Dockerfiles/moloch.Dockerfile
+++ b/Dockerfiles/moloch.Dockerfile
@@ -4,7 +4,7 @@ FROM debian:buster-slim AS build
 
 ENV DEBIAN_FRONTEND noninteractive
 
-ENV MOLOCH_VERSION "2.2.1"
+ENV MOLOCH_VERSION "2.2.2"
 ENV MOLOCHDIR "/data/moloch"
 
 ADD moloch/scripts/bs4_remove_div.py /data/
@@ -69,7 +69,6 @@ RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list
     cp -v $MOLOCHDIR/doc/images/moloch/moloch_77.png ./viewer/public/moloch_77.png && \
     cp -v $MOLOCHDIR/doc/images/moloch/header_logo.png ./parliament/vueapp/src/assets/header_logo.png && \
     cp -v $MOLOCHDIR/doc/images/moloch/header_logo.png ./viewer/public/header_logo.png && \
-    cp -v $MOLOCHDIR/doc/images/moloch/header_logo.png ./viewer/vueapp/src/assets/logo.png && \
     find $MOLOCHDIR/doc/images/screenshots -name "*.png" -delete && \
     export PATH="$MOLOCHDIR/bin:${PATH}" && \
     ln -sfr $MOLOCHDIR/bin/npm /usr/local/bin/npm && \
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 03d0f210f..f6ec212a6 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -252,7 +252,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.2.1'
+      MOLOCH_VERSION : '2.2.2'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 809c227df..73c8f7588 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -252,7 +252,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.2.1'
+      MOLOCH_VERSION : '2.2.2'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
diff --git a/docker-compose.yml b/docker-compose.yml
index 51d0065c4..bba1b07e7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -275,7 +275,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.2.1'
+      MOLOCH_VERSION : '2.2.2'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
diff --git a/moloch/patch/hunt-fix-missing-fileId-1374-23bdf6c.patch b/moloch/patch/hunt-fix-missing-fileId-1374-23bdf6c.patch
deleted file mode 100644
index 0903cf5a7..000000000
--- a/moloch/patch/hunt-fix-missing-fileId-1374-23bdf6c.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 23bdf6c852359b8677bca61805126faab6a19b14 Mon Sep 17 00:00:00 2001
-From: Andy Wick <andywick@gmail.com>
-Date: Mon, 3 Feb 2020 13:04:40 -0500
-Subject: [PATCH] don't actually hunt sessions without fileId set fixes #1374
-
----
- CHANGELOG        | 5 +++++
- viewer/viewer.js | 7 ++++++-
- 2 files changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/CHANGELOG b/CHANGELOG
-index 46bbc77d..988f6e5c 100644
---- a/CHANGELOG
-+++ b/CHANGELOG
-@@ -18,6 +18,11 @@ Node Versions:
- NOTICE: Restart wiseService before capture when upgrading
- 
- 2.3.0 2020/02/xx
-+  - s3 - Fixes the problem where the s3 token expires during a capture (issue #1370)
-+  - viewer - Fix decode crash (thanks mammo0)
-+  - capture - New tcphealthcheck plugin (thanks fj604)
-+  - viewer - initial pie chart
-+  - viewer - fix viewer crash when hunting fake sessions (issue #1374)
- 
- 2.2.1 2020/01/21
-   - capture - fix --skip not working with ES 7.x
-diff --git a/viewer/viewer.js b/viewer/viewer.js
-index 176b249f..12e87a09 100644
---- a/viewer/viewer.js
-+++ b/viewer/viewer.js
-@@ -7210,6 +7210,11 @@ function runHuntJob (huntId, hunt, query, user) {
-       let sessionId = Db.session2Sid(hit);
-       let node = session.node;
- 
-+      // There is no files, this is a fake session, don't hunt it
-+      if (session.fileId === undefined || session.fileId.length === 0) {
-+          return updateHuntStats(hunt, huntId, session, searchedSessions, cb);
-+      }
-+
-       isLocalView(node, function () {
-         sessionHunt(sessionId, options, function (err, matched) {
-           if (err) {
-@@ -7347,7 +7352,7 @@ function processHuntJob (huntId, hunt) {
-             }
-           };
- 
--          query._source = ['lastPacket', 'node', 'huntId', 'huntName'];
-+          query._source = ['lastPacket', 'node', 'huntId', 'huntName', 'fileId'];
- 
-           if (Config.debug > 2) {
-             console.log('HUNT', hunt.name, hunt.userId, '- start:', new Date(hunt.lastPacketTime || hunt.query.startTime * 1000), 'stop:', new Date(hunt.query.stopTime * 1000));
--- 
-2.20.1
-
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index 61baae9a1..b28468dc8 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -113,12 +113,12 @@ $ /usr/sbin/tcpdump \
 
 ### <a name="molochCompile"></a>Compiling Moloch from source
 
-At the time of writing, the [current stable release](https://github.com/aol/moloch/blob/master/CHANGELOG) of Moloch is [v2.2.1](https://github.com/aol/moloch/releases/tag/v2.2.1). The following bash script was used to install Moloch's build dependencies, download Moloch, build a Debian .deb package using [fpm](https://github.com/jordansissel/fpm) and install it. In building Hedgehog Linux, the building of this .deb is done inside a Docker container dedicated to that purpose.
+At the time of writing, the [current stable release](https://github.com/aol/moloch/blob/master/CHANGELOG) of Moloch is [v2.2.2](https://github.com/aol/moloch/releases/tag/v2.2.2). The following bash script was used to install Moloch's build dependencies, download Moloch, build a Debian .deb package using [fpm](https://github.com/jordansissel/fpm) and install it. In building Hedgehog Linux, the building of this .deb is done inside a Docker container dedicated to that purpose.
 
 ```bash
 #!/bin/bash
 
-MOLOCH_VERSION="2.2.1"
+MOLOCH_VERSION="2.2.2"
 MOLOCHDIR="/opt/moloch"
 
 OUTPUT_DIR="/tmp"
diff --git a/sensor-iso/moloch/Dockerfile b/sensor-iso/moloch/Dockerfile
index 5266ee072..2540a68d4 100644
--- a/sensor-iso/moloch/Dockerfile
+++ b/sensor-iso/moloch/Dockerfile
@@ -6,7 +6,7 @@ LABEL maintainer="malcolm.netsec@gmail.com"
 
 ENV DEBIAN_FRONTEND noninteractive
 
-ENV MOLOCH_VERSION "2.2.1"
+ENV MOLOCH_VERSION "2.2.2"
 ENV MOLOCHDIR "/opt/moloch"
 
 RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \

From 682cab98e353916baa1cff30ccf9157256c582a2 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 25 Feb 2020 07:28:57 -0700
Subject: [PATCH 115/183] work in progress for network diff

---
 moloch/network_diff/viewer.js | 136 ++++++++++++++++++++++++++++++++--
 1 file changed, 128 insertions(+), 8 deletions(-)

diff --git a/moloch/network_diff/viewer.js b/moloch/network_diff/viewer.js
index be411d962..ba50f0a61 100644
--- a/moloch/network_diff/viewer.js
+++ b/moloch/network_diff/viewer.js
@@ -116,7 +116,13 @@ var internals = {
     settings: {},
     welcomeMsgNum: 1,
     found: true
-  }
+  },
+  scriptAggs: {}
+};
+
+internals.scriptAggs['ip.dst:port'] = {
+  script: 'if (doc.dstIp.value.indexOf(".") > 0) {return doc.dstIp.value + ":" + doc.dstPort.value} else {return doc.dstIp.value + "." + doc.dstPort.value}',
+  dbField: 'dstIp'
 };
 
 // make sure there's an _ after the prefix
@@ -270,8 +276,12 @@ if (_accesslogfile) {
   _stream = fs.createWriteStream(_accesslogfile, {flags: 'a'});
 }
 
+var _logger_format = decodeURIComponent(Config.get("accessLogFormat",
+       ':date :username %1b[1m:method%1b[0m %1b[33m:url%1b[0m :status :res[content-length] bytes :response-time ms'));
+var _suppressPaths = Config.getArray("accessLogSuppressPaths", ";", "");
 
-app.use(logger(':date :username \x1b[1m:method\x1b[0m \x1b[33m:url\x1b[0m :status :res[content-length] bytes :response-time ms',{stream: _stream}));
+app.use(logger(_logger_format, {stream: _stream,
+  skip: (req, res) => { return _suppressPaths.includes(req.path); }}));
 app.use(compression());
 app.use(methodOverride());
 
@@ -3100,12 +3110,11 @@ function continueBuildQuery(req, query, err, finalCb) {
 
   lookupQueryItems(query.query.bool.filter, function (lerr) {
     if (req.query.date === '-1' ||                                      // An all query
-        (req.query.bounding || "last") !== "last" ||                    // Not a last bounded query
         Config.get("queryAllIndices", Config.get("multiES", false))) {  // queryAllIndices (default: multiES)
       return finalCb(err || lerr, query, "sessions2-*"); // Then we just go against all indices for a slight overhead
     }
 
-    Db.getIndices(req.query.startTime, req.query.stopTime, Config.get("rotateIndex", "daily"), function(indices) {
+    Db.getIndices(req.query.startTime, req.query.stopTime, req.query.bounding, Config.get("rotateIndex", "daily"), function(indices) {
       if (indices.length > 3000) { // Will url be too long
         return finalCb(err || lerr, query, "sessions2-*");
       } else {
@@ -4354,7 +4363,7 @@ app.get('/stats.json', [noCacheJson, recordResponseTime, checkPermissions(['hide
 
     // sort after all the results are aggregated
     req.query.sortField = req.query.sortField || 'nodeName';
-    if (results.results[0] && results.results[0][req.query.sortField]) { // make sure the field exists to sort on
+    if (results.results[0] && results.results[0][req.query.sortField] !== undefined) { // make sure the field exists to sort on
       results.results = results.results.sort((a, b) => {
         if (req.query.desc === 'true') {
           if (!isNaN(a[req.query.sortField])) {
@@ -5446,6 +5455,113 @@ app.get(/\/sessions.csv.*/, logAction(), function(req, res) {
   }
 });
 
+app.get('/spigraphpie', noCacheJson, logAction(), (req, res) => {
+
+  if (req.query.exp === undefined) {
+    return res.molochError(403, 'Missing exp parameter');
+  }
+
+  let fields = [];
+  let parts = req.query.exp.split(',');
+  for (let i = 0; i < parts.length; i++) {
+    if (internals.scriptAggs[parts[i]] !== undefined) {
+      fields.push(internals.scriptAggs[parts[i]]);
+      continue;
+    }
+    let field = Config.getFieldsMap()[parts[i]];
+    if (!field) {
+      return res.molochError(403, `Unknown expression ${parts[i]}\n`);
+    }
+    fields.push(field);
+  }
+
+  buildSessionQuery(req, function(err, query, indices) {
+    query.size = 0; // Don't need any real results, just aggregations
+    delete query.sort;
+    delete query.aggregations;
+    const size = +req.query.size || 20;
+
+    if (!query.query.bool.must) {
+      query.query.bool.must = [];
+    }
+
+    let lastQ = query;
+    for (let i = 0; i < fields.length; i++) {
+      // Require that each field exists
+      query.query.bool.must.push({ exists: { field: fields[i].dbField } });
+
+      if (fields[i].script) {
+        lastQ.aggregations = {field: {terms: {script: {lang: "painless", source: fields[i].script}, size: size}}};
+      } else {
+        lastQ.aggregations = {field: {terms: {field: fields[i].dbField, size: size}}};
+      }
+      lastQ = lastQ.aggregations.field;
+    }
+
+    if (Config.debug > 2) {
+      console.log('spigraph pie aggregations', indices, JSON.stringify(query, false, 2));
+    }
+
+    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
+      if (err) {
+        console.log('spigraphpie ERROR', err);
+        res.status(400);
+        return res.end(err);
+      }
+
+      if (Config.debug > 2) {
+        console.log('result', JSON.stringify(result, false, 2));
+      }
+
+      // format the data for the pie graph
+      let pieResults = { name: 'Top Talkers', children: [] };
+      function addDataToPie (buckets, addTo) {
+        for (let i = 0; i < buckets.length; i++) {
+          let bucket = buckets[i];
+          addTo.push({
+            name: bucket.key,
+            size: bucket.doc_count
+          });
+          if (bucket.field) {
+            addTo[i].children = [];
+            addTo[i].size = undefined; // size is interpreted from children
+            addTo[i].sizeValue = bucket.doc_count; // keep sizeValue for display
+            addDataToPie(bucket.field.buckets, addTo[i].children);
+          }
+        }
+      }
+
+      let grandparent;
+      let tableResults = [];
+      // assumes only 3 levels deep
+      function addDataToTable (buckets, parent) {
+        for (let i = 0; i < buckets.length; i++) {
+          let bucket = buckets[i];
+          if (bucket.field) {
+            if (parent) { grandparent = parent; }
+            addDataToTable(bucket.field.buckets, {
+              name: bucket.key,
+              size: bucket.doc_count
+            });
+          } else {
+            tableResults.push({
+              parent: parent,
+              grandparent: grandparent,
+              name: bucket.key,
+              size: bucket.doc_count
+            });
+          }
+        }
+      }
+
+      addDataToPie(result.aggregations.field.buckets, pieResults.children);
+      addDataToTable(result.aggregations.field.buckets);
+
+      return res.send({success:true, pieResults: pieResults, tableResults: tableResults});
+    });
+  });
+});
+
 app.get('/multiunique.txt', logAction(), function(req, res) {
   noCache(req, res, 'text/plain; charset=utf-8');
 
@@ -8925,14 +9041,18 @@ function main () {
     internals.previousNodesStats.push(info.nodes);
   });
 
-  expireCheckAll();
-  setInterval(expireCheckAll, 60*1000);
-
   loadFields();
   setInterval(loadFields, 2*60*1000);
 
   loadPlugins();
 
+  var pcapWriteMethod = Config.get("pcapWriteMethod");
+  var writer = internals.writers[pcapWriteMethod];
+  if (!writer || writer.localNode === true) {
+    expireCheckAll();
+    setInterval(expireCheckAll, 60*1000);
+  }
+
   createRightClicks();
   setInterval(createRightClicks, 5*60*1000);
 

From 3d7f3cfd7b4fe1c254f36aa6c3491c75b16dacd6 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 25 Feb 2020 08:36:43 -0700
Subject: [PATCH 116/183] network diff work in progress

---
 moloch/network_diff/viewer.js | 82 +++++++++++++++++++----------------
 1 file changed, 45 insertions(+), 37 deletions(-)

diff --git a/moloch/network_diff/viewer.js b/moloch/network_diff/viewer.js
index ba50f0a61..28411d0e8 100644
--- a/moloch/network_diff/viewer.js
+++ b/moloch/network_diff/viewer.js
@@ -5128,7 +5128,7 @@ function buildConnections(req, res, cb) {
   let fdst                 = req.query.dstField;
   let minConn              = req.query.minConn || 1;
 
-  let doBaseline           = 0;
+  let doBaseline = 0;
   if ((req.query.date !== '-1') && (req.query.startTime !== undefined) && (req.query.stopTime !== undefined)) {
     doBaseline = req.query.baseline || 0;
   }
@@ -5168,7 +5168,7 @@ function buildConnections(req, res, cb) {
     }
   }
 
-  function process (vsrc, vdst, f, fields, resultid) {
+  function process (vsrc, vdst, f, fields, resultId) {
     // ES 6 is returning formatted timestamps instead of ms like pre 6 did
     // https://github.com/elastic/elasticsearch/issues/27740
     if (vsrc.length === 24 && vsrc[23] === 'Z' && vsrc.match(/^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d.\d\d\dZ$/)) {
@@ -5184,7 +5184,7 @@ function buildConnections(req, res, cb) {
 
     nodesHash[vsrc].sessions++;
     nodesHash[vsrc].type |= 1;
-    nodesHash[vsrc].inresult |= resultid;
+    nodesHash[vsrc].inresult |= resultId;
     updateValues(f, nodesHash[vsrc], fields);
 
     if (nodesHash[vdst] === undefined) {
@@ -5193,7 +5193,7 @@ function buildConnections(req, res, cb) {
 
     nodesHash[vdst].sessions++;
     nodesHash[vdst].type |= 2;
-    nodesHash[vdst].inresult |= resultid;
+    nodesHash[vdst].inresult |= resultId;
     updateValues(f, nodesHash[vdst], fields);
 
     let linkId = `${vsrc}->${vdst}`;
@@ -5207,12 +5207,19 @@ function buildConnections(req, res, cb) {
     updateValues(f, connects[linkId], fields);
   }
 
-  let resultidMax = doBaseline+1;
-  for (let resultid = 1; resultid <= resultidMax; resultid++) {
+  let maxResultId = 1 + ((doBaseline == 0) ? 0 : 1);
+  for (let resultId = 1; resultId <= maxResultId; resultId++) {
 
-    if (resultid > 1) {
-      // replace query date with baseline date
-      return cb(null, nodes, links, totalHits);
+    if (resultId > 1) {
+      // replace current time frame start/stop values with baseline start/stop values
+      let currentQueryTimes = determineQueryTimes(req);
+      console.log("buildConnections baseline.0", "startTime", currentQueryTimes[0], "stopTime", currentQueryTimes[1])
+      if ((currentQueryTimes[0] !== undefined) && (currentQueryTimes[1] !== undefined)) {
+        let diff = currentQueryTimes[1] - currentQueryTimes[0];
+        req.query.stopTime = currentQueryTimes[0]-1;
+        req.query.startTime = req.query.stopTime-diff;
+        console.log("buildConnections baseline.1", "startTime", req.query.startTime, "stopTime", req.query.stopTime, "diff", diff)
+      }
     }
 
     buildSessionQuery(req, function(bsqErr, query, indices) {
@@ -5277,44 +5284,45 @@ function buildConnections(req, res, cb) {
                   vdst += ':' + f.dstPort;
                 }
               }
-              process(vsrc, vdst, f, fields, resultid);
+              process(vsrc, vdst, f, fields, resultId);
             }
           }
           setImmediate(hitCb);
 
         }, function (err) {
-          let nodeKeys = Object.keys(nodesHash);
-          if (Config.get('regressionTests', false)) {
-            nodeKeys = nodeKeys.sort(function (a,b) { return nodesHash[a].id.localeCompare(nodesHash[b].id); });
-          }
-          for (let node of nodeKeys) {
-            if (nodesHash[node].cnt < minConn) {
-              nodesHash[node].pos = -1;
-            } else {
-              nodesHash[node].pos = nodes.length;
-              nodes.push(nodesHash[node]);
-            }
-          }
 
-          for (let key in connects) {
-            var c = connects[key];
-            c.source = nodesHash[c.source].pos;
-            c.target = nodesHash[c.target].pos;
-            if (c.source >= 0 && c.target >= 0) {
-              links.push(connects[key]);
+          totalHits += graph.hits.total;
+
+          if (resultId >= maxResultId) {
+            let nodeKeys = Object.keys(nodesHash);
+            if (Config.get('regressionTests', false)) {
+              nodeKeys = nodeKeys.sort(function (a,b) { return nodesHash[a].id.localeCompare(nodesHash[b].id); });
+            }
+            for (let node of nodeKeys) {
+              if (nodesHash[node].cnt < minConn) {
+                nodesHash[node].pos = -1;
+              } else {
+                nodesHash[node].pos = nodes.length;
+                nodes.push(nodesHash[node]);
+              }
             }
-          }
 
-          totalHits += graph.hits.total;
+            for (let key in connects) {
+              var c = connects[key];
+              c.source = nodesHash[c.source].pos;
+              c.target = nodesHash[c.target].pos;
+              if (c.source >= 0 && c.target >= 0) {
+                links.push(connects[key]);
+              }
+            }
 
-          if (Config.debug) {
-            console.log('nodesHash', nodesHash);
-            console.log('connects', connects);
-            console.log('nodes', nodes.length, nodes);
-            console.log('links', links.length, links);
-          }
+            if (Config.debug) {
+              console.log('nodesHash', nodesHash);
+              console.log('connects', connects);
+              console.log('nodes', nodes.length, nodes);
+              console.log('links', links.length, links);
+            }
 
-          if (resultid >= resultidMax) {
             return cb(null, nodes, links, totalHits);
           }
         });

From 4deb661fd383312c163587aecd93813498cb04cb Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 25 Feb 2020 10:11:10 -0700
Subject: [PATCH 117/183] comments/work in progress

---
 moloch/network_diff/viewer.js | 38 ++++++++++++++++++++++++++++++++---
 1 file changed, 35 insertions(+), 3 deletions(-)

diff --git a/moloch/network_diff/viewer.js b/moloch/network_diff/viewer.js
index 28411d0e8..b7e12eb3b 100644
--- a/moloch/network_diff/viewer.js
+++ b/moloch/network_diff/viewer.js
@@ -2835,14 +2835,25 @@ function lookupQueryItems(query, doneCb) {
   finished = 1;
 }
 
+//////////////////////////////////////////////////////////////////////////////////
+//// determineQueryTimes(req)
+////
+//// Returns [startTimeSec, stopTimeSec, interval] using values from req.query.date,
+////   req.query.startTime, req.query.stopTime, req.query.interval, and
+////   req.query.segments.
+////
+//// This code was factored out from buildSessionQuery.
+//////////////////////////////////////////////////////////////////////////////////
 function determineQueryTimes (req) {
   let startTimeSec = undefined;
   let stopTimeSec = undefined;
   let interval = 60*60;
 
   if (Config.debug) {
-    console.log("determineQueryTimes", "req.query.date", req.query.date, "req.query.segments", req.query.segments,
-                "req.query.startTime", req.query.startTime, "req.query.stopTime", req.query.stopTime)
+    console.log("determineQueryTimes", "req.query.date", req.query.date,
+                "req.query.segments", req.query.segments,
+                "req.query.startTime", req.query.startTime,
+                "req.query.stopTime", req.query.stopTime)
   }
 
   if ((req.query.date && req.query.date === '-1') ||
@@ -2913,6 +2924,7 @@ function buildSessionQuery (req, buildCb) {
   let timeLimitExceeded = false;
   var interval;
 
+  // determineQueryTimes calculates startTime, stopTime, and interval from req.query
   let startAndStopParams = determineQueryTimes(req);
   if (startAndStopParams[0] !== undefined) req.query.startTime = startAndStopParams[0];
   if (startAndStopParams[1] !== undefined) req.query.stopTime = startAndStopParams[1];
@@ -5128,6 +5140,15 @@ function buildConnections(req, res, cb) {
   let fdst                 = req.query.dstField;
   let minConn              = req.query.minConn || 1;
 
+  // If network graph baseline is enabled (enabled: req.query.baseline=1, disabled:req.query.baseline=0 or undefined)
+  //   then two queries will be run (ie., run buildSessionQuery->searchPrimary->process twice): first for the
+  //   original specified time frame and second for the same time frame immediately preceding it.
+  // Nodes have an .inresult attribute where:
+  //   0 = 00 = not in either result set (although you'll never see these, obviously)
+  //   1 = 01 = seen during the "current" time frame but not in the "baseline" time frame (ie., "new")
+  //   2 = 10 = seen during the "baseline" time frame but not in the "current" time frame (ie., "old")
+  //   3 = 11 = seen during both the "current" time frame and the "baseline" time frame
+  // This is only performed where startTime/startTime are defined, and never for "all" time range (date=-1).
   let doBaseline = 0;
   if ((req.query.date !== '-1') && (req.query.startTime !== undefined) && (req.query.stopTime !== undefined)) {
     doBaseline = req.query.baseline || 0;
@@ -5207,11 +5228,19 @@ function buildConnections(req, res, cb) {
     updateValues(f, connects[linkId], fields);
   }
 
+  // This loop (which handles buildSessionQuery->searchPrimary->process) will be run
+  //   once or twice, depending on if baseline is enabled:
+  //   1. for the "current" time frame, the one specified originally in req.query
+  //   2. for the "baseline" time frame immediately prior to the time frame of "1."
+  //      (only if baseline is enabled)
+  // The call to process() will ensure the resultId value is OR'ed into the .inresult
+  //   attribute of each node.
   let maxResultId = 1 + ((doBaseline == 0) ? 0 : 1);
+
   for (let resultId = 1; resultId <= maxResultId; resultId++) {
 
     if (resultId > 1) {
-      // replace current time frame start/stop values with baseline start/stop values
+      // replace current time frame start/stop values with baseline time frame start/stop values
       let currentQueryTimes = determineQueryTimes(req);
       console.log("buildConnections baseline.0", "startTime", currentQueryTimes[0], "stopTime", currentQueryTimes[1])
       if ((currentQueryTimes[0] !== undefined) && (currentQueryTimes[1] !== undefined)) {
@@ -5291,8 +5320,11 @@ function buildConnections(req, res, cb) {
 
         }, function (err) {
 
+          // accumulate graph.hits.total into totalHits so that recordsFiltered
+          // represents both current and baseline queries if baseline is enabled
           totalHits += graph.hits.total;
 
+          // only calculate final return values if we are in the last loop iteration
           if (resultId >= maxResultId) {
             let nodeKeys = Object.keys(nodesHash);
             if (Config.get('regressionTests', false)) {

From 986b77d9f310ba59d832e88509642eddf23c5b81 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 25 Feb 2020 10:13:56 -0700
Subject: [PATCH 118/183] some test files

---
 moloch/network_diff/gquic_simple_two_days.pcap | Bin 0 -> 2840 bytes
 moloch/network_diff/url.txt                    |   2 ++
 2 files changed, 2 insertions(+)
 create mode 100644 moloch/network_diff/gquic_simple_two_days.pcap
 create mode 100644 moloch/network_diff/url.txt

diff --git a/moloch/network_diff/gquic_simple_two_days.pcap b/moloch/network_diff/gquic_simple_two_days.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..a6ddfa7b7900ac6b80cc920231336b2cd954d20f
GIT binary patch
literal 2840
zcmeH{eKeF=7{Kp{r7#sa6T5BGm+XdynPK!fyfYXx=EM6=W*4QHe9ahzOsh6jNO2IV
zvng!RtWB**(N<Q2v^rWWr8tS=j6SyHbJO12+Ouc>>(BkebIv`#_j%5H?>+aP=l<I2
z$_w>?KKM8E0SP7pzQkr!i!%6o1V`zmuXj;rpPYLx!w7JJ!L~&yY`~tc5#BsUQg*Is
zlRq9L)ffmF#ir%m0e^_3T%CmG$RMqaJd`}P?oCy3X@CK#fCTh0Pl0G5Tv+VN0V!}N
zT*w1?hy)+BKyKptfHp`B!$BXUP$b0k^#Jh3#h4MKE7z4{0x5Onah5~k7>~n%Bp_Lk
zVvaXw9jg1dxw9d87%t$Ty3`F1Ms-YpheGnXGF$<PiNwSQVm`zHlzZSrDkRT`AdaA%
zOKhUef^^4x8IU+63({^T{tq{x+#05^4^gQ?6mt6@m2&-t8zmPLZ>h?}+G9ynqXMPf
ziuSsn`?5!VBS$<u{%k~G?ojQg`*fqDr9%Ma_#K9aPTSI%yJ1bO40Wr^>2aJrI(0kV
zdhl7F|Bm-k?@Qv!%vC!suyfyHjkXVF>r4yPt!4KdI!>JE(x`iaVIRA4agS~Cn5|SS
zbf-!wU(KM~)9fATOlNxrGdsaAjsN=#uWswl9%}o!*U*EKF=;LUKDf`}cjeM*6SMxf
z>fFs!JvpUhme|Sen8_QHcT_9gb(hlf4zT?J=E!80HwByBKl7%}%;TN6TUNgj+c-W`
zQ?^?tapPgEKoVH-bbnG_{&{o5lKiKODpD)i9gOZ4$^JFpMK35$&GlbBTz1&G=12^g
zUc1TDP?mUmw>6dC9cpy%RY5~4x7W5op7vGqG7H^L?<OW<if7r*8f`T>R3`RHtqUAp
zd315#+2-qCdm3M*O*RxoCTN}$`Q)8I60yr~_t|L0kq%MIi_5=MG~YicBqldH>}yY-
zQ=PYXWRR7u>9-m-F65Ut7Hf+ps{ts0r$J*TKH>&KHPZk1w{z;rnO3#ULNzBm_HX}E
zx3NLO{8OXIzjxd;=I@J<e<@X_iR1Bp7bX_+Bs2z{wD+~!$s)_3pnV5k(+WuX0O{8X
z?vM2Q1?(@RUp^w#Zz3ep??FhU-&{zf-%3cN-K&sDy91C&yJL_@yMIC=?E<Jv+}l&2
zkMs$(i*ya=i)|p0emx<*c^q5-i8L&RL>eX_Wde-whs5w{LM?})9BNq&iFCXN<xt1e
zX&o=0*0Ifujz3<-J6Z7G=t#S;D3v<aE;f=GF|E&CVZm}0a;RiMV%GL~rBdY;a6Q9+
zIH$hDt7yr^#@hndynTgw<-_w<_1R!I7O#_gH}JgnPNi+{)l#NBK6KkaVqkW*)xfvU
z6OxN8lCu07%>}gSnB9~YO4iwgf0;cl-?D{t`EAl>J><@5Z93DSHt9?{%ihVE>Khgr
ztcr`K3JIzMtgl4{C&pT;+KG{Ix8qUI5cx2}@?}d?xR!#R5>hH`!4FE+TpY5D^~Ju4
zv6$qfjNUR~MSdT!Co(;$EberAMVS8!Gfcs+=(^I}C}m!G&^4D*RVB;mo$%754dqqZ
zC@W=1>1ZvaUFi?~rsJ3V#+W{Y$Q9#rgg7Dorxr4HUYlU?<o(hO0QeUUZcMgX@x<D6
zc-}5scdw@Uq*GBuO$dGd%8r|#_?nJ{gC#@!Ov9uaI~lKsQY^`+ajqApWEm-MdaOS>
z+I@G4X$yxfYQJ`?#o*VPl&<Y3ErSkb-tTSCv8s(YU|H2~JXHEp?@p^CpPHu0T6(oU
zN@7S*auil2#{vc(x%&h}pYVzATUKAojq5CFpjs=O=d>+2n&8y@W7nJz^5e;o<TNq>
Pui&Wy;h2e!xq-g`!;z^#

literal 0
HcmV?d00001

diff --git a/moloch/network_diff/url.txt b/moloch/network_diff/url.txt
new file mode 100644
index 000000000..7a966ecc9
--- /dev/null
+++ b/moloch/network_diff/url.txt
@@ -0,0 +1,2 @@
+https://localhost/connections.json?date=0&startTime=1582614000&stopTime=1582700399&expression=zeek.logType==EXISTS!&baseline=0
+

From 00263024479f3cfa474e69abdd96446427242e09 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 25 Feb 2020 14:40:45 -0700
Subject: [PATCH 119/183] update zeek to 3.0.2

---
 Dockerfiles/zeek.Dockerfile                                  | 2 +-
 sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot | 2 +-
 sensor-iso/docs/Notes.md                                     | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile
index e8920d8f6..27b19a0de 100644
--- a/Dockerfiles/zeek.Dockerfile
+++ b/Dockerfiles/zeek.Dockerfile
@@ -5,7 +5,7 @@ FROM debian:buster-slim AS build
 ENV DEBIAN_FRONTEND noninteractive
 
 ENV SRC_BASE_DIR "/usr/local/src"
-ENV ZEEK_VERSION "3.0.1"
+ENV ZEEK_VERSION "3.0.2"
 ENV ZEEK_DIR "/opt/zeek"
 ENV ZEEK_SRC_DIR "${SRC_BASE_DIR}/zeek-${ZEEK_VERSION}"
 ENV ZEEK_PATCH_DIR "${SRC_BASE_DIR}/zeek-patches"
diff --git a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
index edf6e4408..aba0d61a7 100755
--- a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -5,7 +5,7 @@
 NETSNIFF_VER="0.6.6"
 NETSNIFF_URL="https://github.com/netsniff-ng/netsniff-ng/archive/v$NETSNIFF_VER.tar.gz"
 
-ZEEK_VER="3.0.1"
+ZEEK_VER="3.0.2"
 ZEEK_URL="https://www.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
 ZEEK_PATCH_URLS=(
   # nothing here for now
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index b28468dc8..21dd2b0a7 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -321,7 +321,7 @@ This may require opening a firewall port to the host running Moloch viewer to al
 
 # <a name="Zeek"></a>Zeek
 
-At the time of writing, the [current stable release](https://github.com/zeek/zeek/blob/release/NEWS) of Zeek is [v3.0.1](https://github.com/zeek/zeek/releases/tag/v3.0.1). The notes in this section apply to that version, although some may apply to others as well.
+At the time of writing, the [current stable release](https://github.com/zeek/zeek/blob/release/NEWS) of Zeek is [v3.0.2](https://github.com/zeek/zeek/releases/tag/v3.0.2). The notes in this section apply to that version, although some may apply to others as well.
 
 ## <a name="ZeekCompile"></a>Compiling Zeek from source
 
@@ -330,7 +330,7 @@ The following bash script was used to download, [build and install](https://docs
 ```bash
 #!/bin/bash
 
-ZEEK_VER="3.0.1"
+ZEEK_VER="3.0.2"
 ZEEK_URL="https://www.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
 ZEEK_PATCH_URLS=(
   # nothing here for now

From 3cafb172584d02f4724b99cd879cfcc7ae0e757b Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 25 Feb 2020 15:11:52 -0700
Subject: [PATCH 120/183] fix reference to zeek::af_packet

---
 README.md                          |  2 +-
 sensor-iso/docs/Notes.md           | 10 +++++-----
 shared/bin/zeek_install_plugins.sh |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index d3b81bd5a..a08e880f6 100644
--- a/README.md
+++ b/README.md
@@ -200,7 +200,7 @@ Malcolm leverages the following excellent open source tools, among others.
     * Amazon.com, Inc.'s [ICS protocol](https://github.com/amzn?q=zeek) analyzers
     * Corelight's [bro-xor-exe](https://github.com/corelight/bro-xor-exe-plugin) plugin
     * Corelight's [community ID](https://github.com/corelight/bro-community-id) flow hashing plugin
-    * J-Gras' [Bro::AF_Packet](https://github.com/J-Gras/bro-af_packet-plugin) plugin
+    * J-Gras' [Zeek::AF_Packet](https://github.com/J-Gras/zeek-af_packet-plugin) plugin
     * Lexi Brent's [EternalSafety](https://github.com/lexibrent/zeek-EternalSafety) plugin
     * MITRE Cyber Analytics Repository's [Bro/Zeek ATT&CK-Based Analytics (BZAR)](https://github.com/mitre-attack/car/tree/master/implementations) script
     * Salesforce's [gQUIC](https://github.com/salesforce/GQUIC_Protocol_Analyzer) analyzer
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index 21dd2b0a7..59909aa60 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -18,7 +18,7 @@ Hedgehog Linux is a trimmed-down Debian Linux with several common tools preinsta
     - [Compiling Zeek from source](#ZeekCompile)
     - [Third party plugins](#ZeekThirdParty)
         + [bash script to install third party plugins for Zeek](#ZeekThirdPartyBash)
-        + [Bro::AF_Packet configuration](#BroAfPacket)
+        + [Zeek::AF_Packet configuration](#ZeekAfPacket)
     - [`local.zeek`](#ZeekLocalPolicy)
     - [File carving](#ZeekFileCarving)
 * [Forwarding](#Forwarding)
@@ -369,7 +369,7 @@ Hedgehog Linux utilizest he following third party Zeek packages:
 * Amazon.com, Inc.'s [ICS protocol](https://github.com/amzn?q=zeek) analyzers
 * Corelight's [bro-xor-exe](https://github.com/corelight/bro-xor-exe-plugin) plugin
 * Corelight's [community ID](https://github.com/corelight/bro-community-id) flow hashing plugin
-* J-Gras' [Bro::AF_Packet](https://github.com/J-Gras/bro-af_packet-plugin) plugin
+* J-Gras' [Zeek::AF_Packet](https://github.com/J-Gras/zeek-af_packet-plugin) plugin
 * Lexi Brent's [EternalSafety](https://github.com/lexibrent/zeek-EternalSafety) plugin
 * MITRE Cyber Analytics Repository's [Bro/Zeek ATT&CK-Based Analytics (BZAR)](https://github.com/mitre-attack/car/tree/master/implementations) script
 * Salesforce's [gQUIC](https://github.com/salesforce/GQUIC_Protocol_Analyzer) analyzer
@@ -497,7 +497,7 @@ if [[ -d "$SRC_DIR" ]]; then
   cd "$CWD"
 fi
 
-SRC_DIR="$(clone_github_repo "https://github.com/J-Gras/bro-af_packet-plugin")"
+SRC_DIR="$(clone_github_repo "https://github.com/J-Gras/zeek-af_packet-plugin")"
 if [[ -d "$SRC_DIR" ]]; then
   CWD="$(pwd)"
   cd "$SRC_DIR" && \
@@ -518,9 +518,9 @@ if [[ -d "$SRC_DIR" ]]; then
 fi
 ```
 
-### <a name="BroAfPacket"></a>Bro::AF_Packet configuration
+### <a name="ZeekAfPacket"></a>Zeek::AF_Packet configuration
 
-Of particular mention is J-Gras' [Bro::AF_Packet](https://github.com/J-Gras/bro-af_packet-plugin) plugin to allow Zeek to use the Linux kernel's AF_PACKET capabilities natively for packet capture. To determine if your Linux distribution's kernel supports AF_PACKET:
+Of particular mention is J-Gras' [Zeek::AF_Packet](https://github.com/J-Gras/zeek-af_packet-plugin) plugin to allow Zeek to use the Linux kernel's AF_PACKET capabilities natively for packet capture. To determine if your Linux distribution's kernel supports AF_PACKET:
 
 ```bash
 $ grep -x 'CONFIG_PACKET=[ym]' "/boot/config-$(uname -r)"
diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh
index fb7f9c3fe..ec0df7f59 100755
--- a/shared/bin/zeek_install_plugins.sh
+++ b/shared/bin/zeek_install_plugins.sh
@@ -116,7 +116,7 @@ if [[ -d "$SRC_DIR" ]]; then
   cd "$CWD"
 fi
 
-SRC_DIR="$(clone_github_repo "https://github.com/J-Gras/bro-af_packet-plugin")"
+SRC_DIR="$(clone_github_repo "https://github.com/J-Gras/zeek-af_packet-plugin")"
 if [[ -d "$SRC_DIR" ]]; then
   CWD="$(pwd)"
   cd "$SRC_DIR" && \

From a20fa9b370711f4117e0f470fba643716cdfda55 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 25 Feb 2020 15:15:30 -0700
Subject: [PATCH 121/183] install zeek::af_packet with zkg

---
 shared/bin/zeek_install_plugins.sh | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh
index ec0df7f59..d4c8ff8bc 100755
--- a/shared/bin/zeek_install_plugins.sh
+++ b/shared/bin/zeek_install_plugins.sh
@@ -78,6 +78,7 @@ ZKG_GITHUB_URLS=(
   https://github.com/salesforce/hassh
   https://github.com/salesforce/ja3
   https://github.com/0xxon/cve-2020-0601
+  https://github.com/J-Gras/zeek-af_packet-plugin
 )
 for i in ${ZKG_GITHUB_URLS[@]}; do
   SRC_DIR="$(clone_github_repo "$i")"
@@ -116,16 +117,6 @@ if [[ -d "$SRC_DIR" ]]; then
   cd "$CWD"
 fi
 
-SRC_DIR="$(clone_github_repo "https://github.com/J-Gras/zeek-af_packet-plugin")"
-if [[ -d "$SRC_DIR" ]]; then
-  CWD="$(pwd)"
-  cd "$SRC_DIR" && \
-    ./configure --with-kernel=/usr --bro-dist="$ZEEK_DIST_DIR" --install-root="$ZEEK_PLUGIN_DIR" && \
-    make && \
-    make install
-  cd "$CWD"
-fi
-
 SRC_DIR="$(clone_github_repo "https://github.com/SoftwareConsultingEmporium/ldap-analyzer")"
 if [[ -d "$SRC_DIR" ]]; then
   CWD="$(pwd)"

From 643efb7b25aa8057b0a2acb6c16c1a6e73aec912 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 25 Feb 2020 15:51:28 -0700
Subject: [PATCH 122/183] Revert "install zeek::af_packet with zkg"

This reverts commit a20fa9b370711f4117e0f470fba643716cdfda55.
---
 shared/bin/zeek_install_plugins.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh
index d4c8ff8bc..ec0df7f59 100755
--- a/shared/bin/zeek_install_plugins.sh
+++ b/shared/bin/zeek_install_plugins.sh
@@ -78,7 +78,6 @@ ZKG_GITHUB_URLS=(
   https://github.com/salesforce/hassh
   https://github.com/salesforce/ja3
   https://github.com/0xxon/cve-2020-0601
-  https://github.com/J-Gras/zeek-af_packet-plugin
 )
 for i in ${ZKG_GITHUB_URLS[@]}; do
   SRC_DIR="$(clone_github_repo "$i")"
@@ -117,6 +116,16 @@ if [[ -d "$SRC_DIR" ]]; then
   cd "$CWD"
 fi
 
+SRC_DIR="$(clone_github_repo "https://github.com/J-Gras/zeek-af_packet-plugin")"
+if [[ -d "$SRC_DIR" ]]; then
+  CWD="$(pwd)"
+  cd "$SRC_DIR" && \
+    ./configure --with-kernel=/usr --bro-dist="$ZEEK_DIST_DIR" --install-root="$ZEEK_PLUGIN_DIR" && \
+    make && \
+    make install
+  cd "$CWD"
+fi
+
 SRC_DIR="$(clone_github_repo "https://github.com/SoftwareConsultingEmporium/ldap-analyzer")"
 if [[ -d "$SRC_DIR" ]]; then
   CWD="$(pwd)"

From 2b31a3ef46491964e9a9b5cb9d2494ce2c98033b Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 26 Feb 2020 08:16:52 -0700
Subject: [PATCH 123/183] added docker files for running moloch regression
 tests

---
 .../Dockerfiles/moloch.Dockerfile             | 71 +++++++++++++++++++
 .../docker-compose.yml                        | 47 ++++++++++++
 2 files changed, 118 insertions(+)
 create mode 100644 moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile
 create mode 100644 moloch/moloch_regression_test_harness/docker-compose.yml

diff --git a/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile b/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile
new file mode 100644
index 000000000..c505ea6ab
--- /dev/null
+++ b/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile
@@ -0,0 +1,71 @@
+FROM debian:buster-slim AS build
+
+ENV DEBIAN_FRONTEND noninteractive
+
+ENV GITHUB_URL "https://github.com/mmguero-dev/moloch/"
+ENV GITHUB_BRANCH "topic/netdiff"
+ENV MOLOCHDIR "/data/moloch"
+ENV MOLOCHUSER "moloch"
+
+USER root
+
+RUN apt-get -q update && \
+    apt-get install -q -y --no-install-recommends \
+        binutils \
+        bison \
+        cmake \
+        curl \
+        file \
+        flex \
+        g++ \
+        gcc \
+        gettext \
+        git \
+        groff \
+        groff-base \
+        libcap-dev \
+        libjson-perl \
+        libkrb5-dev \
+        libmaxminddb-dev \
+        libpcap0.8-dev \
+        libssl-dev \
+        libtool \
+        libwww-perl \
+        libyaml-dev \
+        make \
+        patch \
+        python \
+        python-dev \
+        rename \
+        sudo \
+        swig \
+        wget \
+        zlib1g-dev
+
+RUN mkdir /data && \
+    groupadd --gid 1000 $MOLOCHUSER && \
+    useradd -M --uid 1000 --gid 1000 --home $MOLOCHDIR --no-create-home $MOLOCHUSER && \
+    chown -R $MOLOCHUSER:$MOLOCHUSER /data && \
+    usermod -aG sudo $MOLOCHUSER && \
+    sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
+    sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g'
+
+USER $MOLOCHUSER
+
+RUN git clone --recursive --depth=1 --single-branch -b "$GITHUB_BRANCH" "$GITHUB_URL" "$MOLOCHDIR" && \
+    cd "$MOLOCHDIR" && \
+    bash -c 'for i in /data/patches/*; do patch -p 1 -r - --no-backup-if-mismatch < $i || true; done' && \
+    export PATH="$MOLOCHDIR/bin:${PATH}" && \
+    sudo ln -sfr $MOLOCHDIR/bin/npm /usr/local/bin/npm && \
+    sudo ln -sfr $MOLOCHDIR/bin/node /usr/local/bin/node && \
+    sudo ln -sfr $MOLOCHDIR/bin/npx /usr/local/bin/npx && \
+    ./easybutton-build.sh && \
+    (make check || true)
+
+ENV PATH="/data:$MOLOCHDIR/bin:${PATH}"
+
+EXPOSE 8000 8005 8081
+
+WORKDIR $MOLOCHDIR/tests
+
+CMD bash
diff --git a/moloch/moloch_regression_test_harness/docker-compose.yml b/moloch/moloch_regression_test_harness/docker-compose.yml
new file mode 100644
index 000000000..f4837f1e5
--- /dev/null
+++ b/moloch/moloch_regression_test_harness/docker-compose.yml
@@ -0,0 +1,47 @@
+version: '3.7'
+
+services:
+  elasticsearch:
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.0
+    restart: "no"
+    environment:
+      logger.level : 'INFO'
+      bootstrap.memory_lock : 'true'
+      ES_JAVA_OPTS : '-Xms4g -Xmx4g -Xss256k -Djava.security.egd=file:/dev/./urandom'
+      discovery.type : 'single-node'
+      # cluster.initial_master_nodes : 'elasticsearch'
+      cluster.routing.allocation.disk.threshold_enabled : 'false'
+      cluster.routing.allocation.node_initial_primaries_recoveries : 8
+    expose:
+      - 9200
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+    cap_add:
+      - IPC_LOCK
+    healthcheck:
+        test: ["CMD", "curl", "-f", "http://localhost:9200"]
+        interval: 30s
+        timeout: 15s
+        retries: 3
+        start_period: 30s
+    network_mode: host
+  moloch:
+    build:
+      context: .
+      dockerfile: Dockerfiles/moloch.Dockerfile
+    image: molochtest:latest
+    restart: "no"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+    depends_on:
+      - elasticsearch
+    expose:
+      - 8000
+      - 8005
+      - 8081
+    network_mode: host
+    command: tail -F /dev/null

From 91840913892735bcb872669b7906eac83476a695 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 26 Feb 2020 12:51:10 -0700
Subject: [PATCH 124/183] added vim to test harnest

---
 .../moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile b/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile
index c505ea6ab..5305c03cf 100644
--- a/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile
+++ b/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile
@@ -39,6 +39,7 @@ RUN apt-get -q update && \
         rename \
         sudo \
         swig \
+        vim-tiny \
         wget \
         zlib1g-dev
 

From 5c4b5a3ed301e9b5ec1037b9d7eb869218675c88 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 26 Feb 2020 12:51:32 -0700
Subject: [PATCH 125/183] fix af_packet zeek build

---
 shared/bin/zeek_install_plugins.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh
index ec0df7f59..cd3919715 100755
--- a/shared/bin/zeek_install_plugins.sh
+++ b/shared/bin/zeek_install_plugins.sh
@@ -120,7 +120,7 @@ SRC_DIR="$(clone_github_repo "https://github.com/J-Gras/zeek-af_packet-plugin")"
 if [[ -d "$SRC_DIR" ]]; then
   CWD="$(pwd)"
   cd "$SRC_DIR" && \
-    ./configure --with-kernel=/usr --bro-dist="$ZEEK_DIST_DIR" --install-root="$ZEEK_PLUGIN_DIR" && \
+    ./configure --with-kernel=/usr --zeek-dist="$ZEEK_DIST_DIR" --install-root="$ZEEK_PLUGIN_DIR" && \
     make && \
     make install
   cd "$CWD"

From 59ee49335df60555a57dce51ebb9f55e60b7c01d Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 4 Mar 2020 08:24:29 -0700
Subject: [PATCH 126/183] added promotional poster:

---
 docs/images/malcolm_poster.odg | Bin 0 -> 390454 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docs/images/malcolm_poster.odg

diff --git a/docs/images/malcolm_poster.odg b/docs/images/malcolm_poster.odg
new file mode 100644
index 0000000000000000000000000000000000000000..c891f8f667c20feb761dbe8804ecfc7486494b48
GIT binary patch
literal 390454
zcmb5VV~}n^vo6@!t=+b5+t_W}wr$(Cx!Zc%wr$(Ct=Zq5IX~{inKN-SA|tcbT3Pwz
zs;VEAktr_)`U?dJ2oea0)Lu(I50q|@8VCsJKm6|zkd1|niL-~jiGjVnwS|#^vxS{4
zy{oM;ot=S`g%h2fy@{={oso-;iLEo8nWKTdxrLFF{Qowgf+FBDiVg_qKaBBjLS=Io
z8$(+I3u`BO=l@da>}|~=<YmQRe`Edr_X(_oxUk|sSqTIL3<L@KPy5Jptp@@E1(KIm
z7Wp>>heiL5fQ|tNj*SA1fsPJ|NQ8hxi%rHtj0{Cag3CgI!Nh=1K|w)6%}mM4%|c7f
z$xOw;!GTR9NXRVA#3jfq&CVgJ#35rS%1$B3&93r?PE?RmT!ceWj8;pGRYRFdU5U+D
zgVWN8+tr50%aK<>K|xf_LR{Nk#ZFzy&_&0@T;0M$*WS%kThdzF(85^6%vjyoLc-Nt
z)yrAR*<RVq%*@8l!OGRz%GurC#=_Uu(c8_+&CLzlrJ6$5pWZB*&ZA7-CQ!#ET*N2e
zT_)MVE0i`(S}sCOFkeT$%)%|q!=&CzZB7lSr-3QF2ejgdHfoqG^^&0B1Zkj^X{3vF
zqE9a<Lm{NtA|To-Ji{w6)FU$0Cn3{4`maYysb6lrb6dD)QL|Y3q;SrjTEU`P`KfvB
zs$;{E^xUX=|B31NvdzTRUrm}K6TV<ujUZ2v2xq-e6Z2pXvmg(*L?81?E5ShZ{2=G}
zWQUqt+4N(B+-tk?$N=%kAl0OBiR38t+$6cI1eLf5i-;hv%wW5;NU!V^v-Bjlq71cy
zX!nwAll(0AhA@l9DEs;h=c;^-#!}6$T0KC4X+@!1Q-xV$rF&PM*<A<WSh&tyobhn0
z$w<4yeJ{&Quh~qW!|Isz%BcO#knGKzeSCa;QdUu7d2&oXAhM)By0#~?pgg0jDX*@r
zC_AMvsk*WxtgJAz0T9$!meJ7|*VdR?`i}q&<qZ{;^{tJ7(%S0!*80l!_V$eW{-Dm2
zik6|)vdJF6Y)fZ<cl~_$Kt}3#as6aU#e7rT<VwoyRqXy|&hcK=;8fYzN@xFQ`^aL)
z=3wXCX65Ql%l^Y?P3AyH(@l8GVB6wTa^FMc#PmSTa9>C7V#R7-$<j#M{ZiWDbmzfr
z`|U>l+j`UMZr1y0)5t%XoF7}B9G_pEpB$Z=URj=-SXo(_-8fu0U7kO=J6st**jjm*
zn!4*<epz2V**-o$SU>qkSNEq6=NEU+_gANP*Y~dv7vJCC*;8R||IVkVgs_0J`}&m+
zboRlp$ByLlP+j6u(Ad+y)$+3h>$x#*j%q?1ADeh4M@pp_vWUaM`l5)hc>R8B#Dz8%
zsSJ+9T5i#*ja;IfW94GE9_+S6XULH5FFH;P3vA_c4_aK+4lh8CP(zBJEO;1V=!gjo
zh<fKctoU`}hwtrU8S5sg00PeE+uq0b4rq{o-siA|kDZ~<fsx6dUiCjc++bJuZdD%|
z-BeHAOI~kXCVCpn(d2$N(4cBxYml<rQ+Hj_w&)k!ABk*Bb(Ym_=Ob!2M>@B68_Vl4
zpS?ma+ip8Tak$_6+<#t_XV34KuMEG!Wc2Yb)t_!!LYH*ZEB<)D&dl<RK3nN=IG;vB
z;QhUmq6G-h*LF|oX+OnQ8Ng~lN8GIrOcCE~`@Q6kRKKpD;3@WG>Bpq+Km&Z}X#g2l
z8yL$+AFvvbGtWkGjnR>eY(Ix;H$I2-ai8Sdd%i8~T(d9RA*?^9q=3D3M;kw!S`PQe
z3ENUt9`BjG*9o!h^_IdPcC|BxO`2u=drj&Be2qvKwuPV6Zs?B}m4h~Et_C~G<@bOs
zyQ>cS5q&;H=L4y*(ZCP`$y4+jP82b>ABi8Z2pe1kk-GEmO%Wd-Zr7AoHga&+-un0l
z_VA~`t=mUotD&9Vdr~{S!E;F3OCNMR?kT_Ioe)+GOTW#R0TH?hF|p%~M@a#jy!Z1w
zKBSM3nl9G5s&Kc?pQ|eRPI_0@mL6{hmmqag_xA|4w*GtCD0Q=)?UvP0t~#>B^p3Iv
zqiHfZ-#MEK8=U#`G~eqev1$)MZ(!Q?LmXNiU9(RbEnQDlGa~@T_X%vu#={OhyQ?gw
zX?u%vWW5}8T4W2~mxa&UZ!-6No;WUBpM~#ZwF_R?X=ty(;d5Rq4iMZ_*<~lB?l;=u
z9Z>ORu#HMP`lKVlo^~nrsxJku!!`Tqo)$e9fIGH-Ck8FY`?`yo_BF;E$M;!0(*3?V
zpyv+L=elzRdZ9T;bvU7@Rn%d;sNMaynXt{1eAmP5KDY4u6=a!N!tEm~(ytb~a_7^)
z2c6BQG->vJ18(bUHApO$$N8mjMcd`{-0I&pFd&t!<$ElQQb!&^X0`b2`tHA9z)rGq
zJZ#H@-R{q)*YB#IDE<0Y#1$X(?7YgPzqq;a8wrB<xeh>l7$bi99@=tL`0np=ykC>@
z@pF6wS%$8F7OSnPY5PRc`<#jyW9`P$<pa0NlLlA=Uu<x%0ovMyAYS1wiVR+beQqm=
z$+g*i?{9<hIy^r!iNPkU41H!g&}+Zdqx84yTX|kmQBhn`+sOXhhiTd6**enryC2c&
z=n}n&;Bxhz(Y}R5U0t43a|RM((2TAP#KGx2J=I~b*YQ0PL#t~=BX^lNaK0`5=@Muo
zJ0(lnff(Iz{IXqW?kLEF!{yj22dT=r_IS<xFw8r9db^!H3WMK*_jN6|>1sKk=xPCd
zk+YMpzPstapda$v{`ADYxI|)of3U?BZ@j#_{(i>k{@Ak)mRg;?>G`-tzfNKRY5uzA
z#_zNj0nmE)ZLkxr{94}dwv9W8QqSqWrt@vlg3#3@a@`*MfZMuhMb!J8fWULV{a(Gp
zVdr~T;`OmI*b3IRs$$@`bWm8l2a|A%0#>P)34<fid^Xz3%?_|>idNutd|PQs9~}RJ
z!1vM@tEqjb6>KL^2o`A@R&$~3%cFk+OLGhTkWGZu$Qb#3^?EkPE4J9+`#Fk^@4ZV-
ze~GAC4SF?63T2F5n|u8TCP()GCZpy6fMRvv`!mPkHU)Z>F7I>78<soxg4=dNUwysd
zFc;FZ#tf)(-VOVb{U<K>tx!!4>rwXu2Gt&~et{yrskuJN4Ku#2r)fb2J{%Fl^Ee;o
zcHC?Y813VJcol$d8)iNwfDK94PItLzT+U;{bKIQ18jr-{;ve-a@;R<r53Qf)L+m_U
zQ~N60B1K+2OIAnRn3FX|ImXOfsxy;a0&VmZ-lS!Y3toSn6H~#@16|L2o$;n+$rN;>
z_7CEXv1)wYxkD|xU+X|49-p2Sa{*=HsmFhA+(T=O&3VP)eBUQY?oEXCc%J&Q>y8?=
zkgH)PMp`T3psM58Rr5kdwT09Rzt`iUU$17k9B=`;(b(wtsp|a*!#Fu+{q|yg33oE&
zKaPHUcLu`Xe9jO_6M{hXc!1h*;(7%uOAuY?@F!!%54y?`!30{DM+^`E$ue4V7v;G}
z!wD_%O`-lPF35{Ar_h|uN>a-tHyh9{Xe(XMYzc1Pb+H7*<XGzL(kqOx@RUZxN7<%B
z<c<is<sPNR6&PAhsR3}Z1qIRR3Ki-{`;ZkPM^;}SE=9?-gOHh1Mt~eMfH|BD(GoMt
z6tg#rTFzFSX(>V^ob;4TPB|C_9o0?_RlfM6>`j~rX}6!F?V&o&iIH>YnEKee2`M^v
z@#(Iw9%JW2G;1#zUxJc+LcTcsVGyUZ6{<>#W296vkwBq)b)-X4@}Yt^bYw!{IK~aW
zf(wpx?4p8%AV!8H=8?Db4D)i)n#|EJ5#@xQdR2P67<Q{$J3}48T{{ebFp5GeB4Cf}
zX2o{zIf03i`lJX@$EW&{%26`dBE$ZyW63$(M8l^OQ$8e)U{1(*5FT7~+>2!?G8j{i
zxpACypo`OsRy5e`^>_rxPBY>BlUR6Rz)PWK#F_l4fq8PX<Hs=4s7Ru6HO9OWI)wOi
z%08`3?LjK<zw@9ZO$SoEqM({cn@xLy>!Cc~455;6FR6<}ClMh@SlMc22pb8&h$@m-
zUTvxeSH_L5d=98kQWn1T4^Gz2WFj#>PSHq6W?*BP{)wzuhNJQrl7CFtca1lcn5K^O
zR`C@+MK>VaC~uyq75#(<<MD(PdJXzn&3Pdl?1eLP__IF~FAO1o<DR|zri$lx_r~pa
z@p~ei1U)LUpolpmA6Oth3KEs%v;7bl0K^fj%u*}1%J>(C3gMl=S=sc$$Of&jqp-m^
zXN9Jc7Q?5}LZJW^7J;zb9|#vu+6*F;L_k17DcPlN`Zywr5+Nt5tF@ZhQZ!VfY{>%m
z;!f#cFp>p*XwfC-4pCH<`)lCzH|<ZXP7123l=w6%5LIfZyy;6XLU0@gF)4XX)RKpQ
z0tghPrEl&~WYWycv1MWb!5Yrk5WP=f#W63~5YzHBju6s#)jYIL!ugBuwz>j@BT%#a
zU@Jk<#{xwFRZvq^T*}}26kO0JU`Z92wnxQW(-h<+OM%4Cv_=KY1fED0kp#!GK-Oj`
z0OQx!xn$)N_F*=S#P4Ba7-aWdMpAMK#oFrbcL`tMc1ThDx6Mh=KZAFjdFk&wFKdLI
zzj#!jR3FtAVXLM%d6QL!hlh=Wp;+X>ErhYg3U)gm_$hQ9HC!9k^nt{n_6k4*MU3{x
z8pJ{hHl~?Bmf2@$**s26%A=GhO&WGUkwIldFx*v@MTa8;T8Mfiy9OddzLlw5G^m#7
z<EMPxq`^Z-5xR|sr*kgswYSv!kmTv(>!qohm?<r;H@ldh0%US$VtI@C0fi94XPcc;
zs?T-GKz^y$0R@ufIiNtS9$4bVt~beS7qsftOwl0V?Fd!DOQ`vFC~!7^(r__WSqWe+
zk?8Q<%_{uJY5G9zxHeS-mkw5>J<aXKF>qFG#pxkCf`JWIdQ;Nii@>Y9Pji6YbpmUd
zjjF%8+Vx(tpsF`g&OM{fCW%xP5Im%^HYyM!0)fQyVRgXhgZfc#I<?K4fh}a3cpn4_
z^`?m%KxAu;xlpu$s8SpV$t~U;eMAIR$A6dG*b7iVLtj}Mh$GCafy`5*Est5@!lRy0
zaT@Q9hZ`kumgpDrsW2=NH8-MKQzy?;me;BL4G2f_aJ1;(;jZ3fwm)L^;&1gzOcDAV
zc*L@Vo@R`8XUJ}qP8D|ge1)j)G3428*Fv`>2*($Phl3-H>+0{Q>At_8aQ!Y~_@(eL
zySw{09&Z!+nZWj-_Nhv(V~u0E&sh><8@l!xq&7e5`4Zdn=g14_%fGkp=IBq*z|;!}
z_3ZvEn{N|&QHU}XZ}xW9vCRn(!h}ly?Cor>vluoW$~p>FsMc^KxW68R?V95mCkEE9
z`gJJlL`*!qX-G8_Uoxkqju#z|A)rnxUg29a8<4aWmZqlKdFKh$u-WCK_v)fB0R^1U
zo)>tN!Ab5Hn9DWtYivBUH=)gx_D7_6>H~wtQQf{-7_h=A!zCoS-X#nB8$P!SM^x9K
zK6qF&P9;5$rP<w-8@yHWW=*y(ZWoL5d9V@n1ovp<gDJxyBIgX85(9_I^%}^ul3p`d
z*zZNT;s#=W863|Zpe?-7`<_c+dtC(A;^68;0OCc~5Ecx)z{%QWz~$|<R59%c4f+ju
zA-eB*Ug<(XGH$^3F6A43g0Ou377#0G?esy((D1PhG}HhD38rVK@@74E_?B~I5H1MY
zs4?LWQ1nz7OExe(Fr%Sg&#3w=<%$W{E*#~>oj*OiDXD?kI%M-e{jWxTglESCE`la4
zRp~e!UeAG9+3-$8D~1}S>Ip%I=Q==H%?b2o0^qOh1U}1>>MD2oba)~~bG)g)+Kd2q
zhNMI^BYXHtGWEydAo9LsfNV<~X_vTRKh3I|r~0I%q3X1h1p&Ch&Z@-Gsd{Ez`vw^5
zVMUF<i|2bQMGu#Y4I2y=bTgII+F*$*6ni!|yWh2TK$~?$XY^6?5FaNmFEew>O#M<_
z0r1)ls^%|ApiZJOf0vW%fUS?|DbQtapS6S~)y06b49%)kCA9&paD?8Q{w@&gV-bg6
zmwISn?vby+u}?#FM{t|!wp!N^<ff*kmfv+Mb^CpLga$V$XK7v`&5R&e)JGzOE_cNr
zMZyrOf9FvTe=AIl09(=iX{PFdgV`C<F#>;*wkaPyqSEFG&KNxMytnQQ)b6mZEG}^0
zDQ7*R3TN+SOagc0WnmJTj0(b3HGY_PqT(A-O|<eS47T_)E9i6f8m+B~dcm(c8IC|-
zgI7K`RT`6@J&nIuRIe>OjKLQ!b<EU8rvy~%C(bD1foVmn|FruG{ZVSSMOkzH=Yt+w
zSAc0;bDMY&Hj)$;JvmXKe_lI<CdtZeLNby_64M@^y(puF$}C||r!~?~^xyADT!)HF
zC?+3g7L>eSF0-m4el2#KGA7YTc!6RsdZ1CCK*wp78aGu#K}Jf{{9RKbzICKWNLv!7
zN)KL*en-oVZCcVG*&RQzYi`psgx6!TBdO9AQY3&7N?NX^EYuO||ImP)vH{K~hRI1!
zt?0{(Zv}|2Y1`c)M8(AlzJ&@mlo+MBWzoOs-Iv6)6NOOan!q@QqiBnsJQdv!coqdF
zfK16Z1?Nf!FQqgqzBUqq2<h9qoZao;yQM=tWqWKQ#gq8WVj!=HYemuQ$yPT#0%GBb
zvEY;8GZ4SaZ%Z8LbdrzNHx-xEWB18y?q;%3KP)GLVEs4mt1}oKGU+evXw%v=99@-{
zv%%NuLfd<y9sjEbkRll)H&Lk*L@K4zXx;ao-qzAy=3PKq3#nR*3f^Nmeocsrr)gtj
z(KUG>GiVQ;<lE!#WxVe`{Lel1?~#@p$pu=+Wu`V!q#+b)PHa@m3;ik=SR;7MBN53n
zP|yxIfOgh*rJdi0U!b~L6<E^LxC@#TYn!TkWJP_dcFJSbLX&L;q)upv@-u!BQzc1s
zjOgcmiwNP?ttW{Zy(@9g^|I9y>-oAm1x`xQ+<_F^tqz&VGH05iSY>L-XsWw@4i6jB
zvx$iaXQoE?hCa5z{_&xtLrz`j8N;CZ8lYnfQ9w^joJ3N?ME#j9M1)jyiGYi>d<V1*
z3*lh)^UGa%X`-FW!w{*aqy|<zNg^#ZxU$o=)#QzXr~*WJ1G;TmgEUemkR^*?f-Ra#
zYs=1Mm=<gwj6yDkCn~wq@_4+&_8_s3ivE|eLo1L`(VYHZ^QM}D-a&C%D7N}^3RSz2
zrGv;kwBuYa8y$FC8zqwI*F#|q_Apg(yDTq8wZs+|Wb{xdCc7b$h5!Zz4P1dtG7sBc
z%j$4ldw)EKvkm=>bC9o@;-2Wy_%iR!oI(&j%8N;{^UHJd$bMO-Ix5Xy55tSB3O8?G
z{`E5LEiL??j0F2a^}J~bN6U<P$@*YMre|WDi_pMD83WqSqz*PJwU_0Hh)+HfA@#yO
zYsw@UmldXPVgoM96M{^6DMreqDbqv8T8B1SX}P>a;daCgK_Nr7oPsXe0gF4b!}rh0
z$w^9!B}DWsBiwn2cL%#VTb>=s!*MI2LUsVt=HCtUUz|&Rut%ATo0d&l`1qn1Mpr%?
z$=Z2xhnn1M4(F?qmKz?i%u3Oou`bAtU&VH^<c?K*e2k1f=cz}Q8xc=Na^lNY<SXwZ
zwqLKpL@Oi6LphUFd*|u`ZE<nGYVx~%l|0*1^?mp#t>dE3&mCpPA77ge1C&0@ESKb(
zA@e;i@93JYda-;CJyv@Y^|;#{H?SspUfr=T4v<UhaYMRf@fcp@dTYkJQXRp<l|~+D
z1<Uw=p-bz>$Fo)VRI@x`kJk5BzD9DzADc{!3$LhQxeNsvxKr2k5_P%T_;&an<#4#c
zpihv7LQp-*v8fY(Yj~)UaSQjWDODG{9zmo3VVXN!!8%zf6*FsvV_8xEXs??G6pRXW
zz{T&Xq*$3rx7<XO?7Sbg@Mo9a)2qk**;$OFbg-D#*)=a#%h2lx`J7Xd!OwaPMvvv2
zBl;z!or^8W>7h=%5u%pBrC3HMh6!MYSn7oN)YRGqe2ru}=8OS)K`|H|?7hejE=#*#
zj4wLr5EU(o&om#kobca9NB+Df_%-?E)T}fZDaFxatg-*`_5PPY$Rw~KUv<sn`eNVl
zI_hw2z!?`KH9;oad9TcSU%ble{(6@CTA%TA?&5R4Q`f4-&rbg~{YF9P?|wi)-oNp=
zN$L66w!o`Sa3&*$yIIfS|9aB{EpzjI|7Uhy^VQ#;BODSZIH;0^iK^JqyFMJJQabqH
z-;~HN<E)ICT#va|FANAb>iUA}eUIw79TbI|`Tkm<hao%h*=E-PZSfjFnx-N}M?^5R
z+DN>xXwo4<g;1<YGTE!sJC?Nnp#Rzbvqdm9+t>F<@Tagoi#uqH)RB}!)N-zls51tm
z`QFdOtWT0_hAzY%#_!X;m+jJQ5C)$rMdC?rC3ORhv=@Y>KivkD`bq<h##C4W39NTK
z=F)pr^=7@c7lH^%rY#qJ<6LI~^32*4vX-w$yV|i!(sX1XoKb7%8lkHB%iX1((5|Tf
z4hBY&A2jXJtTc5DHE(p!QDWK(BgTDWu!0-I02F;PTyIg4Cd(DpDl~gT`b=OlVl5!2
zd_qy0OO<;gCS?t#Av0eoY3|&W7lakM-2knGs-)nUb*!GUr(0%Qx<^qoL8)9BEj?%}
zal-vXN-u~Yyvv?18kGIlI2^IBPfxz}wLRvUwPnqAb}A@41afC=O_JEEpNge$@=VSc
z2B}MMEho2z0B>1R4mp5iR;7ziWBGU(+JWL^(Pezkh4=PtX#m)E&>*L_7e1&LngLqS
zJzEdZEFmLEX<ChcT67Fx*Q|&oX*0f1PZ&)PGjc&O7owviRiTcnY*Q<jZJpZ*t&N4E
zQ#w2{s=!uEq^BwgSgJ_))1&^DvMuYl8UT%B500Ie!geRTU0GTaD|=)OhaAc~FuGC+
zCbhwzK_jg%dWAosFY-#I-*oOlgMQ*@iJDbBs`~p4mc!N=&Kq1o>KB-6u0FbfsMSdx
z#5qmbQeQPiUjC?YT?eojf<;20lS`35BciHkT?Lqq=$q#~7#(aGw6;lmol$-Kd+d@+
z$<NfA&i3HD=l~Vj%6nd3*fwLYM-cpXRq+mv#i#x`zZfTj^tT7;-y`RO74&7G1dkB?
zaeA~FY_jPojgZ8A{Yi!;1l!K)TCBGBCYN$DHIovQVo`@`;S_#6*ksLO*ZAn3YG?mY
zHYQ5g4D9I*zDhBNT_yUzd~PC>AAN@ab|h7Hd)iuU_9B5LgWL;nm~Ri1x}4wATaG%&
zf;OdSh^HG>Spm@b5hEjBUDBgyC_zTW&170^M8)&e^tTCu?-<pXo$r5l*V$?f!C<84
zsD@rAp}`fW*%<KHBNr*aNtc+kn_+PwwWKkcCFWxGZOFzIHrqvemRvggd|L~u#+J&P
znQ*)e`ol&a4;Tc_!A$k*Xko&l5({x2)%7TQ0PO^E+^GTbh$#q6>8AWl0Z<B74Ux77
z!^cs*E;I6ygYuKPhOpXbzhHHberxQ4yTA{ghS6bQcEVx;o(gFx=%RRP6;^%%j%WgT
zbNQK$*Hg9XGsZ9qQm;4{jaM0UM9Zhei(&<J$0{aQR~2%onMBJ(FgaMd%+xViS&S`#
z0{fAQ(F*^TM>F=8K$u|~3>J6}l0yaN<=Y}u9w-T|I20S}i#&K$fj%{P!KBezmwnG`
z;p!vkrZ4^moq(ko*|)8{o(eJpo@<S8U{&|w(`R`mf~A>qQXgo*eCTWAyqz@sw^RDu
zAPWbbUd!AWl*9ZV9(uWmCxBUhOCQgR=N%!BFitgxcd$+qL8i%CW&Xwq+8Y)6?lqI8
zR<Nez5~)zlP-ZR4p&e%7mo(YzH<xC=bTIr&q>7sT5)mL3DaC3{BpMZ=Ir2mWD5?)U
zSBeabFPs>mHJyx644h&nAC_6B#xwsuEna~U{(e_!IA*J~UTa(5BI==|FibZlK-8N9
zc#%?r)bMH<T(%mVwqAoPvss#gjzurg;*aL2Gil%)AdfXQ;JEdH<Lo$f5;(8SuW(Mx
zhAV)Waz)vIs+F5zw^tyK^53(81u`&*@B;@gx<IR0qCQ-T8m1xj|J5~$j%DT%Mg0N@
z>JEdm#b8yY5B^J&<p{TmG7{BZI8L#R7hXmW*PhixHck5r({>!!gRi2pBk>giD-rsE
z^z&}qZib`(ycJW$j)8<}V7E!(x(n6{Rssu{>NBIe?g^5UVUP}nMr-Kz<sZo(3-x%{
z=r_iqc1~(rH8r%`vGj;Q)hUR$*$@D4G5Eg-fQU8)y7+d*NlkG=!}U0lm0BO?S~wM6
z(ipHc^8`6z4xqWHNb7^$Bx0KAC|GLks&Pq}x-9f!6~YEW(E_tIAfB0(OK97xs>nvB
zWKOZowL$x0D{m_A^;U9mNl`dz6gl0fL#&u9Ekvu+b6ACxd3=~e*ry!H46UnvTwJZu
zTrMwKIczoRv^NQp)vmLwW5pnnw8RB%Wsn(ZEvd1wM@)zi#c7I0h>K{KDFTjv$I}O7
z#1aSDQr`P}SIV>4*Xb)Naye*IANm7BbJ7wNVpMLU)d})niQ?f$BZ&rpD!5*9u-+aS
zV6bk!^=_>{@feJH+4HP~k+T0LbO*xU4~}ODzD_;Da^K9qRT?*NbQ_FS-mtSw#UC;V
zdx*s919w%uStZltz`tRYa`9C<>mTB$f!Pef<#z>9Zk%T=T}&CN`>hMEJ#HTKwn*#^
z00Fa84C4oX4fx|U0&d`xb2^#*hncU<_Vc#^!>@jfQPQ%x_#8~~BP5r56b+U@oJ|15
zK{H?J9MRF1QceW|1>yo5?M86fB;ap~C8q6GRfA^E9W(E3R-X;4ws?xWNTF&e3?yQ|
zDE)qJlt<$*j_S(_s&y{`L8CSvDwF#GL(4F)GU_++Y5WU3bs-i|A%^RzgT^xLDwOwZ
znOcy4SKk+!QOeyY8Cq08CoVcOx^~P2jkwX;GPCI{FdY{HjZx-6WBY|DsXf&v4en)x
z<>Cg2DpqzzWSQ#t2OCwLBp$Ud6DU0y7n#;{vUbs5M(gMeGwHy;>@vW#JVE5JgVBci
zWrcVfAj@n@HDxX*XYSw^qSw?$F@X4nB<uh-esbH(KzIgF{MTO;ZhX?CVGR)%4)o9o
z%ne&qTIBJ-3*x76jTKWqY*N=?$OsE_m_MVi8`sU8G(qTd050?5mCR*Kl!&@%j|sw9
z{>+M4bd33QKnh_+y>f$YKNy&WWSi(4uQHY67{j>x;w+73FI7g-gB8Azc&&T83=Ha#
zf&gub@kCj&vQD`IXt~EiMVP8TYEkTcRW_1pa(#*T9ErCnH5EursYr3}pzFri3v2lr
zEXZM7c92zkk#GR_OlcK_St^XqJ;-+h@2${nJ_I5z0*w62IwrC+2wl-|<z05{`KpX<
z{{U|~v<6Zm$L@nC_$@e6mWMsGF9-f0-wvkKGZY`3E5_ni3MaKTso?st2!z4n9#qFO
zs%;`ftyH4sw8j7tI6aJkW)($hOlxyGOeY3T+SCXgR(^>AcyWP@p1=Ec<8-pLDC&YD
zVOV|%C`$r6fzXaJZ0_CWOf^=pd-MYhS*9911_@s>dW%1~O`MHty}p3UbslIuXdMpt
znrO%=EE?m2tSAW6Mp3iD@G=>vl@EcIVqk5l4w>VTk^b(U=pr;Po}<tt><vZ{mez?{
zID~s1LVH{H0u9&gyuwAF*=*HH)_|ShE~BJXa<vk>BuCV!Q6>OA($~=n)Fqb_109Mv
z9?jZ^p9NpNLcbWpJTfp6m4|Lb5;2b=A&^T`S!}7lRhAYtje#pl3a*?W$MU^hU5HQZ
z+xyog_7ube57m9Yhwu1k-b=GD73zD`Icq%GBN+Ft8(b8KtZ?-?1b_I0_pvWWG;q8Y
z2B-w^Koz|jpFaI%8#=6&OAlVF>`g@`lv#!(lp0FRUtLuxok9cUoCCm|5&+@gzCylN
zot{1(4hw;W8+KW%tvlcF>MxfSqPVe!jvFL#d|7YOMmoHE*QASf4M+y^pC8aRFz-Ni
z7UgZmJ#0K<?#9D9jhW>-kuDpfrjtex4nCPaj+qe<p;gfBI%`!*cczADNwg+sKo<C1
zU#WpOQWtD?rc*$jHA}gstA(lnUI;>zChu&3>*(T<co3`M%~VIYzQk_532tp?S)Zr0
zHt<7Mh+}w}&`Q`Kx;KU#I0$4Mr<5W-Uv^l`c|zJI7o~Z76W6cx`0Kh97oY$&fim;Q
zM@3tR3DU?W<W!wtcP+XK`qf7BLxR_WvO}P^_1{dj#_{#X4;S#i3*qRJ%VJfOn`kZR
zdnO6T40;_zd>M8Yk`%^xxqa+?7+?Gd-BfnrF)t@VIIw~zZ|G1%CJ*r4cj@|UJjd7t
zN92YzUa2prU;Mtuff0U4HWhyz<iSrfQDpLPn<3TOZ;^!qiy*qEPYy4oi6#iJ)`Nk%
zvY28als}<WS}m(E>vR2qkdm3Wz4-h^lWW|#CzLKNWlinU)!V;Vq<%xY3_CcW729~?
z1psY;@ft1R&7}tYM1$iQ2Z)=c_H`Z>{b|scRK{g?tNe_-QUvRiwu>R$KUqa!lT5JH
zA1G6m7Mgp~z{PndS&Iawnbi5A3MKH?OXyMA06|aMWZcx^VIl;;SWdf6fJkjQT8UI@
zjWk*R0h%%&oQm)Cs9rwW%tR?^y@^5>EhY1<v>uw2XEj4fIK;F0En$d)oo{nmYlT57
z?OcJZx(usqxQfAwB4~qq2gr@1ChSGVD?W}WZ`Gwq>y0`4)`rT0%yL+3lp+(U)}hL}
zTZ>iSI7rj-_+$YJ4w4R-O#0#aHsy{GP{cBul^Zw^N`VQd(>WFZ(mhbo<-I@O3;|pE
zI~{f03AnmnM*#eOz3m-6ND~Qp`U`t7<&bG-c;%G>WrfX?ra$%2=GC+^V02dx0w9lj
z{y5xzv}3_duUuD26O06YoT2ZAPAZUrOh&#RUA5T`ULwWoGy)bL=$yuP2!-kj)^Hx>
z@z=JjMG^-`8Ub<-)muLlU9!h(-GDZP*%DoiYfMk8@QD-nS8;U;>nhrR_^b4y1ANJV
zdjtfj>U8i{0g$=nlIEadN@Pl!DJF7xs=f?O5;l=Ylo3jsA)MmmS{*NzDMKoOH-a>9
z^yRvo_}j5cJHfG{Iy;@_uXgy%p?P(pQj`Z6SUqJ{g^EHaO`_8`6fF7yvQnuX>@Xvp
zzLtWc$7))Bob>*E5#f=fixOQ*g7L|u1}*v>-2rFB(bKi}1i|QJ;Pk#jI7bc+{skx;
zxORFqqtG3J{yeORz)_|Vk@4k-iS^iGyhE(vPB!*Rd6ju9jFw_He59p<0l7WnJY)Z0
zJu0yn3@w>>DdW(mZxPlnMt2w?cWi@#t-J+;rhuwmezI4taJRDZNo*Ey9NQtys0LMd
z>P@&TnB}H*l>>S^p^pd8z8c<+PSW*6n=A6<3=-LrY?Vsag!Xuww-TKu$|sct7vdPz
zw>MC}&g8^Qo8e%MYAMVj6P2L$#?y9TLIeTi5O_~m`-s(&`~g#xej80_43k_Vq_}pc
zgTXMM5-euTDlLj??8xEl80odax^5QF{Z>U5qAtaP;x-9Ol;Q$!DeXBqIU;QlCr;XN
zK?=G;BtEB3#dI!%d<uGE?|pXzKlQTQbS_4fS%<b?h*&BN%}!67ofr~t`kSus%j0kT
zMGExl6)LHnZQf@oMugslMMI&gb2wvTV2ZKH)=oz1xX{J{th3$|2BKB{FsAb70=eNN
z1C^(!^hBZD7D7mh3MA|Ll5`+nExbYSre$k%g;+zYhOV@MW<kHaYw1ltRS%Ac3LEF_
zAsHhK5<;hmMEx@%tMBslf-w-#GhJx3zS#}}jw}=s=c-d_ZFExDnaGZQIyk7kbqv0y
zdoFBuZZ?H=`LuLa5S=L9^NKSK>s4e~rls8|k3Yvut~S@ze_rDfpTBy(ccwymu2%(#
zG{6E@6wwI7e(U}UtRoobEJdckpAe!v^r61Ijm_#<_T3kn*a)o!-+3!EQBUHQy33ku
z7%C4A@-g_huC9$oesHu^nE$lq9$ot7*0uPnG+$<OE#&DPwRYO>m(}anAKg&Y^13l{
zos0Q(Uo=>vP#tt1|F&{z)$4SqG*Wd7Ca57K*4DS!4O`hmuCGZ&z{*`SCSd1H7Tan>
z*4g4`a?*^vy_+;#;H<!RyGUL(AoMWDM7{6HMb3qT*Xe|L#@lm$`aIb0WJ+mE{UizL
z)Cs%qz5jGUE}D<`{qgm6;g;uJSWTl>b$@*jX#?qfA(BFu`gl+|@^C)q7@cL4t4Fs_
z+mUJ&G+}%A$a7?>iQBIG?KlDsFf;W1`PsJG;|r?(b5uie)#7_GFco4)7vaHoF|zft
z7as}%&LSAjKma$ASa!&@>7fPjNC(&+%#rW{$3u48^nS2u5&^8d-NiudJ5}nNOw@i4
zKeqT*Mm%Y4ft}C1cIR=fw^8NbdA^WhGCn1#!9dp~i{!M7KAmqiLsq%9)tT8|TQVDj
z!DUD5NfZ2e*>u@bM-3MoZ>rDM3Vmuh$@_^()$VXr%1TdvE%|l~`_eZkO$SRts-K?*
z27?k?z$F$4EYY5_MN2;oTsP5L86sFdL9+F!hQ0uxO1+)-DmUU>gqf)(RxVb5QA0Z!
zfg6VZwy-cy<Dozg$_9FmM1xQP#~K!qNNl%bRl4YJzioJ{`<ZQfUBl)+b<K?vD6YeV
zh|E+XY70*@`bvTKb8qWLQW%$LD+Dq{goQ*5)S%2ufwXuHAUJlyMe{p;JX=s6k45P~
zJ!_VQJw0B*E_{REdW|sC)2^;DC{406{QC1#xz_!(G4=fENQ}ZI>uX|UvKJo|HEJvo
zhG6z{<@Yw@_mD^ed1l)uOD~wCc@C``EvM`E^<=9wesSCD_c5;4{r&Xwo>JreUXsP<
zgxqMh&ng78h8j<Yh-pzzc0>HZq&V{U`m^Wu{cT2_BKHYxa#qz{s+H(7tasc}ZP)E_
zCxkul-s1Q2RO5ZrV)y<OF$0KZWt?c%KGIPiqxMKvOIFlGaW&yuebxJ!rmpF9+{dn{
z2$yox%*x2sU@GfAg3gtpxoA(RYYuaDHu`#$>A{opdoIb!e8(E+gc_3GUx+nS|9!N4
zRZYUEqDUgHwhIMywpIQ}WY_siJxEP<6f#1Go%3ETmZ8S3W0myIKS?QGR{;Q`5ZSO)
z%yrx1k81qB_Al+Y=Gp=_Su~4m1U4iJN0D!#FJb_}&Otfy^Bxj41cwXxLp=KQajxT7
zKI?Im>~=CA!nSOt_c<HIp6h*$Ot73p-|c=7wL+?XLN?(`h)-Rw%~Lk*Z1}ZN!@f~I
z!=m-UpWsbnAo<dU8Ggr<uWjupQ0o*n+Z}Z`8yf{Sc9q@P^*v7Qr<ahhUN@e{_Z0ny
z7k5NyA%^=P10hg-7J_~caFWaYwm&A9?ftx#RO_tsX{}W4q*PIZGFv8?(y4PX4&Ay@
z&b}^nRRIQSn<Duu$y|NqsiB*Il^iCfyk5wBE9y%SEDmNuqs?e|w)SqEhA3w!oV%p2
zLzd@Za*!E$*K*I~Jyyw0dL`4b>u$}7J(tJhU`)6+&wR|K_!nK@@4=X(Y;C#>*=veK
z(TL2!w>{We+LYHAC1c)LNPAR^neLqKTD{XA<<lN}_TU(O<1$VcdtBs}K&(L)grYAx
zO7aR-FL1aoTnBINPp_6Ov~7=%tClU!Ekt;d_w~=9<EkOh3NmEQFcoVs&gdhe1U+#$
z7uo5;bYrnz(PY4(Xrl{0E{zHN<tlBF>+f>h0Yx@yYR3z43}1B$wIy#%KW<SMs1xL*
z`<rxN30XP&0NE{#4p3b(@`}B{9nJXy7pDQ4Y}^42D7>Kk0D%O0+;}M)*zoWW9qr;q
zQ)FuWtE_Ez<OK%~Ufj?H<ZWs7huvaTsoLp3Er1*^-os6UlX<kn1NNDL&WNWU;LX#S
zj;bT4e+BSBKoTPVE(L=6f&X^_J0v9J|Eh@p&zt|E|5T?tIeS=}IMKP=SYPQ#B^@*)
zcAu!#9y(HS+7E^mC6IAn)OQ_;)py8FRqKpdKobc-=|<}FOJZH|o+!(59{wTuLy+>B
zu3Sv@jV=J{?Y}QHYgBZ{k-3#YI1AL?W6R=in)Gm)^dVvnV32~0vGsaRSz@+7RLB!<
z*w}8d>tPt_lFR+M#DoRe-^0%HoB)eeWR_qjl!e*mkhC>EvauU0z>Y*p+!QtsNXlC5
z$Y+eb7iFh<iouXf4WD+-f;Mb&iM&zT8s^ush$?v}{x@!#nbmAzoOP65ItE^{@y-i2
z<(G-0GfYmTrMnhF>gu_gT43ouds(@7T3YWauwHH<Pm<7EM1%1H)9EzM|9juX2geAL
z`gld%k+(o+AL;xCs+m%3-j;4y0t+jtAXCXW07bsHAE<NgQq)|&x?)*kqf@B?J-Lm;
zXv2*>sG{WH<MWT3u0V<((7s|nYTS!opU+J!)U5Nl(PmZu-eW{G4J9vHdP!RJQL)4)
z>C|4RFaM>lK|OaNf6GijVGh~6AbF8LMGapNK{n5xzIOVJT+@39-G)xGn3}oJi~$uH
z&i2T!#jFCp+ak$v$&90vist|8T{bOlABD~+m#*J64Y-N(Ec(rtn9^+I%IT$#yrzxF
z{Y#;y9?KcK-*^Hc*lKG@7@@qor6IuPDWD|1dy{26BycLSnC9=qXqsm{(EbMoGl&WW
z%9Je?Z`u0qGhiLli@bRu69oc}NnQ~`MI-j)%&0*U#5@9)ZUs%XPSwO#i=_AM?Wg?d
zVAO<<Piq_#;@!vGlS*Iyw@7>f_$<EX{=+xsv#KaVAzjd<maeqm4qw8~J8+SRE#_9a
zDT}wswasVWSi{Uu%P4uYXPDxf^dh_$Z|cEtd7mDy!<JXK;WX^f7&)KxjpQacokE_m
z-C3iNS(nHlh>zr?5LltZBTJ<+Ml+86)PWrGLTD6R=Ev0K*xBo#`r!_kMt9JDCx(~I
zl1A*hz<r!cNGV2L;^EWw6yg-|pmJlG#6xB2rjHn0ZNj{IaceU>ue`Zg_U_~DM0fa!
zx6~$X@@zD*hi4GKxNa@ija<RPfq62CyM2nz)9j*QHIjP?Ze`Lb4R@;Jyt}s=KcmjK
zP4@uwL(+_?g)OD#<wGW%oxL?C;j0T>tsrKn50D!9VAIYV@KVw{jn>bZp6}-!zwfWG
zp6|Obzt6USj;eDb&a;-Q+ImM!Q;%;L*LrX2Snqz^EW+ygv6$5lx7ep^sZjRY2hs=z
z!`lrrUWt<=61cfxnlo4eHj?6mBooGT`D8ScPm~EcF2W<Tw>Z)LB$Yc*Q3XcCJW1@;
z6j3M%PQzvs9{`JGwZI&VXv;`yN{Te)17WbfQ|7k-Q0F4(ZZR8B^(zkrP!jU^kE+~v
zOPs{FQL*1c7^$Ip`p*{J9cj73tjRrj0SEQNwVju3Utx<v4PERMoOw5aLAVdFNb6vX
zzBrOl`Hs!6m1&aOKyZPry;;m0Vfhv|s78^a%prv|098O}?TV5ei#5WsYqeOclYzla
z?GCA>Mwiws0md6~kAS@0{wiB{?cbge1IUqNR}E?uuKjm+4hsY~u2wv)pr~+YS;{;4
zaF<SZfzBTEmcdeiXMS(Gy`iC4&KG5_s8(}=&*ksR*TE+Ufuv7&q-c;Erb>4RkSTC^
zG5#HpY5(52`y1_1R3O=oL_Hu}9s9w3upVzuIeEw)@1=m4zihwC?^IB+oay(2VdoDl
z>|?sX&v?<}y6y%hW4n%4vT%|7yGq4G<|Bd2R<%t%PjelA1Ho||OY6K^Ci+3@p}WSn
zpJa1^yrbEJ|B6l3TM*#uRX71TJq>gse~I#J2tvO3!|Ba4oK!*}&T!0n+MiTN=C`sb
zf4Gu|WfuRVe#UAB9`3gu;Q(yy%KxynrDXxnDVSZP{#yChUXd77lyn@yz!H;y2|&PP
zEihPLy=AdryU&#_>-|F^j76YM@QlZd>Mu9(p%q_vi+Kdl3N_(K-P5e!?78Zy_s}q3
zm*;Q;z~ka}`)}OXNAcvDNf2j(WhBfka$s~24>Y6Vx$kYZ;bHIptZLqQzOv_Lbqar<
z6qj)C|Fm;-1|5QOA}4a12;N}Az($)ch7z!@@7B|99Brx+Hjs6Ck2+w(kl}DgF`uSa
zn{a(b{xC7Tx{a`9BO>sl$8xe*yRpKBfz!9(-hE}F_t6Kv4LS;qut9u|ADSSW^X%@Z
z9=A$uvu6!~lt#O61)>>W39eV$NYj)iJ8)q6>-56w@<9Y9CXtvt^0N6PPf~;T*O0#7
zWZ!k5w(gB}m|`O)57To@(YKglKhJkU$slKKba`5Ya%2ifrt`Law_b9IAd(oYPd|-7
zFhZqG%gVx@Fz8lMPu!tNrYIFVYf?bB)$ijb`t+4zLlSA&CWDJdOMXe{=ZUW#ec|Cl
zm}8n+)W7lmy+lKDTfED5@5*NDU^5amnp6x#Ht^5z7jbuCz$)NjLXBqth!}%<HXQ3@
zu%vP(A+qkZ8&iqGMD$S!MNo}`FwHR)OGNWy?Hf@^C}7Me_+nG*it4tbwA6^~c$bqz
zVI<ZY^IGFfQVyK*)&z{Ds@nP^URx5d!Xkx(QAU#?#ekxawepjQD8=H$Ah!xFPkRZ#
zO|A%QlC5e#AfBzG1ew_vTSrh!Hyy>=bBOo|^4)rxA(R%-98%vQO}QfuCU^vl@S2ae
z>h}03U91R03Cumyz9xddPg@*9V#cl!cx;7v=qAOas(F96^N|^og}(ZZl!2)nw2EA1
zTgPcD`+T*lotGNkwizm4q%jOw-yuGDeat|aEI;^~i+|>F$t@3}PlNJ|RG$%}BPv~U
z--oIdFO)BOVK7}fB3B{w9v5}Bt=_P(gpO&6&+_Gnz^1e9L=q*@&m4k=4F2IG9*eI0
z{xC^Q)F-xP5alDe%<`TFqHbpXWttpGDWfzRW>W#}5dRyvnHs|yVgjq&pYvX1n(prF
zUNn+|#R7qZgY~A;T$!3ZCZ+At2)er!HJs-wo?ES9AXK>?p~jvfV(N?u#=&w_k^((e
zTYH=edA`BU>*sqS?{|<Amx8ryqelEF%v|ycN;}?INZH!gVJvaW6}xtj_X}gOh^cO=
zRmFQwpFDu-i%#ODw~rG9qK+k92}eHE2_Y9x@OliPzBuO(XD~Rqu=ytmB33R8;fdw#
zKP3l-@I_+Z$%o53w=54Y4<^44`Dq~undp(_izRqR_Sf9)$Wd9!`Q_lU9k;uSDE#Z{
zXCpIcz!4=8x1e#z8&rWNl^o?#{l0%9YSe8n&crj*`Ggdhqwp^Tk~3Lpk$PHrv1D3;
zz?_#vCSRIVIZ08Leob*|p*fS^G-%}9#getT)0jHb$EIkSieY8Q#aZrAC8SJ*viBRu
z_x3Xz))}e1(}o1~G--fHD_?$q1dM|zSs@=4nTOkj^ooby+UEe}pFdfj9Jmo23Pz7)
z@S)CRw=4FeShzW(d2WlTw>c|mWzE0*Njfcy)9W>CP|?Ba;Q}o=%1D2@$<*d{!=*p#
zlT_7zN4o0&PDC@0e0R0i6b}~J7vT|`Z?tlX+l$}*+ZTOSF&3Ex$+V)-j!3HAOe`&0
zx?@DIljJ=81tT1`zHj28jaIi`3}Z?wSudB~mWWG1tRg6Av)qFS5Q4;84a-9extT@(
zJk(AJ@mHb~Vil+FVEhYDTmat4=C1UrW8<vJLq#ZBz8d5Jr1gquFEM{xpzm6<y_O12
zw75<*#duF|L!`-FLZi-YujwkN7F*RYpl~f`Zq(RIp;7O|uMEG)?uo^^ue;f_L#`S}
z+*79`6|SqGh8KR!-EAT~ZylEp)p2zR+99p_XLma+x6rn$INrpyWn6i~i3*;Y{f15M
z18~n)2I`WRVF&Z(FuH?&et(u$!di0wI?>HcxNy{0O(eIX@RX945yRx1ap(&7leBF9
z3?mmNNsSVxT$(uYL#^VIUM^JZb`|@OK!L*X*~8U>w{|{jo^qH##cFg<UcF*x+;}ls
zB~=ICFzhOoDLQiZK;Gao)_1+#d8iCwtM@wwFVA5ifBG^*KW8oJ58vk?>Uy0UC5z|o
z^$`!%RIc~3g2i|IBeI&s#dNX!seo77Lm9JIx0YDWTj8#pc8(5rnqXnrwa#?m;w7ak
zZt*dE=O2OMRDs7&S~D-Ii(h@!f*Q~AW+M%D7?<tbCMw&sR<L1hOr5RtnfGuzLj4(A
zg4zkekQ?stBnw?cZ%XHObolbyh*3CK$WfEUfh_y}IQ9HF)Y^1;GG%1EH?$?vSni#I
z*9jsDGJ&H?QqQeBMtUHj%e#%Fr3V?M-Q8mnX73Cy2Ekm}VG3dgsRrt8paq)*x1IN-
zDse&(T+I997UMMS^&8h^Yv(8x=P$L7MCHzI^fOsIe>+E6IyZ60EuUu%wAyjnAu^fb
z(Aour_EE=lt-Npw)||99+#}Vh9(;^396JxW$2V@*_qKVzp;++D0zJBAngSg<6GMa6
zUt5zlz8e=@Q;r8@OSNm{@}3|=h7NAjQn5=zdv|6#7rb5z6XFPg73T5NFx9&$T84Gq
zbpKvMJK@t&-&&A9S#VdJwKwZh$yRLLoWNa+v#ZL|=(t*0Epo065x=g7>AWOfnhL~Y
zb==d_NyxVL4G~H@r25n_FzUR(NN8xE$bj}IE*d-MAS!3IF%$qG6Yz2_;~%=Tg*AQ7
z6Z#RG5{Bt4%5FfzB#3jAijxXm<Daws((Z`SY9`m@hq8nA?o`}Ob`rIOW3mY~=1(*l
z%J%q}JYku0HA~WJJy#jFZLY^mRO!&1HtY{F*H@DfH}U9ckv}i-^VBBXjY6_pcau~8
z?4x{U;D&~u=c7oho6S@Isph0&a9=gzhXA9qG_dKGPI&Ph-rb^En<r26ijki2tsJk9
z1Z$B*q})ulLpu=^K;*$x)UB*pidRIZ-zi&4`#hf=RX3cMJ-=HDoU08Yn$U+C+He61
zw&5h9$f)&q5Rsy<*w9@Pm4a5)g)^iYSJB<*4l(I@t2yNT!IzhUfb7)BRhWbW0y41!
z0{Y*Zxc}?^`yYw(kA>`PO)bn^9RF88xDyk-y`!C(qluG~p@Ad)|F<R9e`jfD?_&S2
zeca{$(9X%(z}e;h$KQX4)WFEd#M<N^aJ&Br>3<s4|KBnG2ju^Ge9m@u*7gRrCf5H$
zeE*#{Q)@c|XOsU^jQ{cWKV!uIZz8j>F)%Z6q8GGqwlT1G`hS4_cj=G+ETFuFk+aLc
zwWe1#Ftj$2cQkReFmYp~b8@x0%7JiKQE47gJJpFqDHqVBAmk@-7I#!41#5*OFH1%M
z`2{H;i0B-DqHjPm%CU-($IMk|H&{ATT6l_`4pAmoch`kU?TRSY7dy#OHfeX`WQ%o4
zaYuGZl6J$rnbk49=9SmA^8T~3?h;B*%S%lu9UApPFWoM&=4XIPXW=And@h|Jl^Jfm
zU%E{S-;`=JBA0#2ayuB2gx4Ms2ky<5X4Pp2d-S`T^>`x!nViJB@Fnb9Z4g)JsW7Hk
zg*btjK1$ow;_T$qz~KF*xAa}-P?McH0o(v-T8w;bOmcE8lbMx{m3Sf#iJjF!*4xn0
zQj{P~&%Q@4&6wz?B?<7EeS6qMeLrw;Tr;iLTyGxYrDZClBCJSDsrMjC>f%(8|LxfH
zqG;f#awe4%PyI%0e<QN_H*)P)`9r%ndUvTr08J8UGF#frn|H~5o8r9*Sl*jA^hvI^
zMx`Gm+EcRU^>1C4$j<_aPoT4_V#-W5bc?0L5(`?U=9tl)wr(3K-zyQK88pnz1T(Iv
z!CYddmP&Cd+Gjzxgy$~dXL%j`9O`=w{M@TjN6xE6g%e!ok9L>b^fT(YzeyqnrV5}9
zW%(M5qZE#lM0!RIWfA`uVP64OSFEjxyA>_P4_e&a-QDF-+@-j?ySr<PQyk903$(Zu
zcXxLidf&Zo-n%nzCf}Cm%1W|#vXi~?FP)hgdTVpWFr951d)y}GXx%J{>XD*9<|+gY
z`}7Ups&!_@^a;!pYr#4*J@mXw^oN$XuB_3#1QJ%p*b1o9*2KD<czC+HT?|vfXBPqc
zNGMvF7OfN}6~8^^ER#{wzd!5tGf5;3Hl-K>JOG(%@KIjC(sMG+#W?!7ud!kWdqw39
zDnq91Oi*SzveUI?WVNMe11iZ!B2*;ZtRKG|NI=DUC8=`XiDFDcrfEP76G4ls0>s0T
zN0USV(_s-Y5ts+?Pb2t+POpeN%{W07VQh+ZWJ7*AU#&5MjtB7v=`USbqQ_XMEpb10
za74CeO00}}W=gni?!_?U3Eg#~8%OqzYqSc>i2!yG7+|b6?<L5T3I|G{IvMD;h##)k
z=r{yn9Y4nz8d%5_T8AiV6&@PNHm8nIC$8<xUw(;k`$*La6a2f^iCAjEy|8_}pjc|M
zwVAyoAD6c5vzK!HFH#%b)*+e%SB9ZSwggwMAulF;eQxdT-_nUT!m}rR;+(-%@lw&-
zvD=v{t#K@XtHB6<&ba4q%SFEc1e@Z1SWK5$N-k}|&%3V3>0+;InNWu1ahpyPJ#%w?
z^oLfsH>_PhbheSXqP?=Q*rR>+vLt**iaO0zgc`ne>9BX}do&Cw+DBWhJ1s4CMN&kx
zBOxr{7~>7`$DTY;N&{(zZ<rvDmA0KZ{HrHu42N=uUCv2<a^!X)H3{VzZf5TtG-_T5
z7?x)sQ`1v&{X|B5&K*jgZksFTVG&8UK;1#!i;enx9h>4ThsCw24bNHwzsCt_i4LJ;
z2+8RXKs#r05^vOTW~>Hg3HGCL1<*d?&uLj|V*j4V)btPDT|uW_RVYbBWQwC$%n-n4
z48dax#_~rec{O6^M<#i_(@uolYIA^^qX1-U{}y4hQ^NM7h-_39&y&YlV3F8%%X&CK
zNsPCeZuaBm)1w&tkeMO2xYyT!7vUp>Ok!L!^r5D@4d5`omC2t)Yq-4`3JAtkTcrfJ
z<2d0&F8d@(AId%lYS>q6Pl=M9*1!e19g?_f#TMj#adtPLw3O4HuMaNp{a`*R++dmT
z03HFXeQB_a(80FCMdgSt8Ywa|pLA@n4AH^1!;NLvO3~RSFvI<sAyGV9#9}_F-C&v1
zc5a^N0McRa$tlp;&bGu=V2!5AzG98`sW(^2(ZP1WeTV@J(*Ky|0<PaYiTegAQT@Kt
zjebjso>LDf$7cNOA^&qR-|2}5_xwrpL?HD9nMb3`1#0{eM0_K{YqztfNP4BspAvgd
z(A9%39eSQFyry%0%}{p=v@XMH<U;a0LQFgfPm2>{r7nnB@@kutTfaRLK4D~Tf@Jn!
z^tdCOV`1e%+b4uE07BBe!q9+1BD;baTKWe7^&d;OjV!OE^nJf=>rG~JO$Lo}Zwd{L
zzo`A7wQHIY1z%7S@hy+Y`p8gkn=kIk@w(28Huk5x96PcRy+3YYIomAT@P-lJXxVQR
zO!r@3IlP|TetljbT{H<nF`dl9dpf{YYI&o^qRWpSweRL8XUQUz{{q+kN+j!xaN<j3
zupBxCj>-cm!Bty*qiMbHX{{$)_6V_w=Mr?nIJ<`e{n^_XTshwwJ>Po0s4x}r8Tab*
zDFmiimvYHT3ez7*d^e40vmV)l$;KvXpxO7)LHx{Xo|v10l|kKhlEJ6M+C$*OIAJ6i
zh9<AR*Obp(stxUIgt-04QQvw+fm8pS7UCYHZ4@x#Rs-K1rUwy-HeVf#gKI+6QgoDl
z)h(=kt>(glc9R*zT2=5;Q~rBSIq(fO5hXy{K2+M6EXg&IHhr2=XQc@0iTd-bMw(*~
z5ebhQO5qZsw3e6PdE-_Qbs4qsV)Qkk#2i6PlDdz8`^YF!G2Qi}xatjkrUqr6Y0WK$
z(yZF%v=z<yr;00&Bz~a+TN0Io=8tLwRp!u~b+Apo7%wAIOOHjGxv5mjYUtAeEz_!*
z5DUBkwsfSoU$}|cTrSZdZc!lII0DC-0_OdMk12(1A@C`;5UDp2{eN=+vYy)V`pH)V
zrF@<&6Qu?=@waeDGKKM}qGKYlJmYN)LDI!A?k+B7KZc6byKnh59<8f$+hGfC$ElEb
z19<<KRK7r1N5b2`iIYEBU};Q6Z_n(0m4APjleZ!{*ax|G+)FQIl1g>xf*h;`tDKG+
zt|JCn@2vw{L<<30-`x&s^4H)V*e&;K@;$O$Iv{S)A(!!jCSn6O$qFo_>KxGu$|p`}
z9T<KNuMhb_Y<=AI$L90L3SN!(d`%QL?5_a!Nq#E)^P)0k^=(<Gt%zK`MuYJJe@C5q
z-sNb1vT`S6_eRqKq*}={%MyJIGk61pXlzi)p!uQ%#~Wo@2+ulwofOEwLX^jV_$fpY
z$aIKCRM~YY3m3a$6^<-JmQB4ZQ<%sb?*3Ur&MBscan3{*x-Juio)k{wEXK`EsxWW+
z5d)_!56)0*cvXha6_QF1GTG2s07m_^n`a(c-w#IL55bcpEUJq#`xFCcl5wIUT5yNp
zixw*^IX@kjK%JE^s5ErNFb7fLac=4^x^LT?r-$JEDms6~Og63;!ry{*X<DY1h+nZi
ztIgy}cV6GMH}tyUJQ&wKh)GfNYsaq1%XB4a<4QJ71;!W3Vz!9jZ_SrJdD9y#^UJ4L
zmkjCZ)U-*mjQz~A^W!E}9!c)?)d9M1xA9hoz}fexLY@M?+{>Q3A$NPBYjb}v&4vx3
zgp}qA;HL}BAc7cB9O?QzKp19));;lPq+-XM3kO~f^h$L^#&*SSFP+(N`avL1m#5%d
zs`j9_zUxpV?i3zvD$#dEK1(j*S=s)xtZ<zY8}w0v<0D8tmX(NazA<SB!>#v4Z?pHM
zo71T1)5G?JX!V=!;YsdBvV>Q24OFi>g?*iCoZscRzW1*S*h?YVC_^ZYL5MhW>soaB
z76z(Cv|xhR2T<QE-s~#^(W`%oD><UAC}mzTPW*&E(<Gzax8HlSu&st+?sX;szrQ2x
zAosX181mV_<q?bIt7{}z{vmwtm`1Y57|p>eg7PUqrAZHFr8mQp7H*p|e}7^VLD}Di
zm*)s0RPYM<0kTZjl3m%k&!*rWBtAX2COjY86GAFlN7-o`aomHp9}kpkeK(**9H2#d
zmRN`88FNzk93|dST&-H$sTDuo9xR2J%VVIzIj&j+;P9)nnwHq*M1rQJG}3tzoHjiy
z&X4b<d(6Wc^K0@bcF;Ml)Hyf#_jI+_E?RLyD26Xt0o&faTaNd%c~wXV;>3W4GXSDC
zf+UcD>PPgKZH=JBI|NDH_%aj|8E1YDfu3CQNr$8%aPk8m(9{)bM-H=%PA9c}(Yj>S
z($8{NyGgb1#Yd}h4=?=j?Kh>R)LXs@?!vEziOAiB&ntc6ftI{6%!akfDywQ(FM4vS
zF)DnW5T)^uF&*7M%&Suymsgq+xQ=a;yHB%?z<t-NnFp*2?y|c_f!(4+C+#5MqDq^-
zGnnA4;z?u9^x!nR0yaKj)6i<{wr=$!_c0jPo~}YCznH(){Bwc;Vaf?o&KNwG8syMX
zKnDYb69mm6oEJqPY{O&wQ$NH0*=esQ(|{8ya5UY6V{dEr*}C=j19eKrqw6okHfo_U
z_<B>1Da^YPOp^ZZJ&wzm<3AOj)%Ach&pwU$-fFxVTkv}7Rs=_e*u<xMi5v>codH~W
zG%}e_wmYnRbUx`?8==9y;+cwYq^GC*HDx>HN8|cX>hAOmqQleo1|QU=Uc_12K#F<Z
zV3wYvthTMdqkt;9fFuiuusxP5x8<BT7M$WYyu$sx;z_Qed<Dm_^w181=I;sKF8-;P
zRw>1+7>d<-v?emO^^|I6v^wPHCXS+!>K>lW)U?h&B#b3R*UP2_jL02-NDju!3C;fc
z6qw8jb-C!+J5cUZ^OEV^8&)(H6@AlC(ydqMS;5#8lf;9*ay^Z-#hLVcHZ#R^e4vWH
z=2bkypgf7QZ_LGR!+yenoFmtp|1lhS0;`HZ3@WM!*{W_-{m)kap(ppI)t40<?#;Ju
z#C$nTzs>QZuy2Hw+M0TiOpVow0`8#TRi<|_CMK;P`0=^Kxrex_L*-}?D!ZxQp>O$#
zhTz*nXL1gyWtu#(+@~MXTjN@kr<~m9M8)eH6mUK4iqLSBwb^EuB<%``PZ43b85-#w
zmw)@HE=fP}OD*vuxPjjV{<MZe>h6M1W>(7OOL3cZ6mIM1zmp8|zbF$pyU#s-m@il$
zx>Xx)y}VID3A78xzEVm(n72tPxzsC~v)X6m;gjv_l<h?QRZpV99g4IN<pd5!6F}wK
z>0z%fNZEHgm6Y9B_i|Q##0<FM{c<VTWV_6VXRD-ir(f4`u0yq1>ocr@-O~^(-i+#&
z9`9c36?qifxp>wz-=)d7zZW{&7n@?elGO0jr|+oF*C2VN_W(X#VY9;Z>{zLk&@^)g
zD4gFWMa(#(&2Cm2*CPL_71BDQzU1Impst2F9lmWwi~7^{9TTm9`$Ay_rvtgZ{iv>R
zR=c0TqOE~c!+=AQ8g9B*rBRCt^$Jz1g?Pf1DRH=0PDx0uue|<6f;iH#uXD{)ZTX5^
z;t?Yf{Ug<sTkDVqYnO4!(Cx=N+aSX@vJ%2UHZ1W!$~One60c*fil8A=(bov^M17yG
zW$eVRJoxQ$wH=ssa;rAzY4Ne!O0J5+_Da11Ao|ma=*4a(5^ZoN+Gvu@O{%=gSL>@)
z!Zh1%m0y?~PvajQM*w^Vm>i>GZ4}mY`ewi#D-IDU5jhv36DP6S6BjTN$R$h4%zl76
z;4A#ObK0JH&dv>E<tTX9)wu;k6#v;Gbj$urU^a8s6LVm?%Kq@gvV^HKHIh3uuM^tn
zVw9xpOnB96h*LOCXPO%51)0_Q#>lTwOw<31p;l;qps&I3mU7Z*uqHXs+G{f?DHVj|
zn?%t$(pmGqb-JNJf15Dww6vJ<XXCjT`|o1)i>^DzT51s6Sxayh{Dr9C{t=^^9)$HO
zi}H@sA|>*MF~i_bU2q<Eqo)n!x2u%7#1c*i4Qho4v&LInq?^@|Km{4P({8Mq!G0u=
zBBuM%o0>w9z>RrnCM6r9u}j{aa#+5~As@|-ApJgu>>7mGbH-6z^XaaGiB<mt`!4`#
zO<g6Q++qA`knU{iHGIOMU&0}k4~T<wmNw}u(my@IKRrq+KQz7tjl@BV{UH|n!5F)f
zG}E1E*mq0DJ!r^Z9`iwt{$U`pu>ikwlQ)It(iW2@18}KBdp8|}#VRc33ff^$bZC{l
z_hi)DPUiu<<skL~NvHhNygEKrk7E4RjQY{!Ra!^6Y9T=Q386ZWmbyZfDak|%KACb*
zg}3Ka!pZs^V^~(P!sWeHee?73&WbskG&r~KBoCphs=_>w*yY|PMEqWpP7b_}Qc|Rf
zn~@JhSFcEaq%muvP_Uu>-iPJ_4Z0#Uc0p?ULp<jpDz7Pmk72~|0@C!lJF7_-yhx7#
zXAtE(0e$U`iEAd)Z{eYSkt%k5UYy2Me80Q|7gyjpPD4}`V^t{;d!J?)@{4N5#OwOM
zBAmcz)Noo~6=+a~vn@pK*nMi%uDM;;D1U(q+gj=T=7Ns6GRwMwi9Uwo={-){C^z?_
zUM9x<+hJI}-Phx%bIc42q0Fjy<ga#YNaFi|qScd8y=8cFei-iK-aK^UT(SD5rW1qX
zHz{g&KOeQTs?uz5n>oByoK5#js_!xlS4S703IKm(4PqB>z4#j9Dtle%_~V9s*Tsuv
zkp^H%Jc~57Hzoq-A?N7GqatD8KuLXxONS!po7*uqcf`9$1)gW}{_Su1L>gV^0hiT~
z{afX<p<Dctg9vu=-dI4dfJ3wNHDS?38vuOi5qGrd)5(PWOQ*zo9i>HNWwXX>{z$u0
z$|Pv@=;QTGD+iCVTIDb1eMq;7__HQcI4OhNG9#IQlW3M`$!rOekux*ghk-1Ktr5g5
ziOvi2Ntg!9A|3W$`Y7*TEoU49N0G|jYIG3iN3*fR0wmN1`Gsxje#eSqe!tf7TZD>g
z6_p+er&Ge^5sCZsGQ#!h5R<wPIJ>aZUJSXNzw)_Dj<)E_B+Px$t{BqG?rf;!lYA~~
z`T84cb>V}xT&vX3mlk(7ahp0Ll-*~>IYHZ&LiYq0ba^tUlash!vv`eCq(y=-5Gd>B
zQk1VtqcYt>W-pXdF_ThiRb#Vu;TLs-fS^jYAssGFd^676RQifc$pk?t=Z3x4ulX0@
z7k{%6Cye5^PgtiBBB!PHf;|AV;zzEcq4c79twPhMiD*2l-)QPz;pl%L;VwW$^CJa6
zqcg5Te%wZ^)!Le?8zOI&>M%;`W0tYek77|j=+J*Ecn+(tQy{#f=;oH0afur8{9aKq
zd;Utcig?4A!?Ri+qAxm#lv)}4CBB)@%>_=~X{I9gy1Z9N!rz+2)iv3W^>YulAT(du
z=f(CcsR2lPa9~CGO`Mh4X#>vcN!57=7)fg>y9Lkvno>#gK;WY~$qN8{D$rf%Co|b8
z=I!h7C1%@MRY=wu1ou6sfaets&lYaMANHdVTI23lXPedgk6PI0cdXnk#50S~6NG1F
zs!u9yi;HzP2`#~$<jM-FUX;V9CykRz;0$5A*s8}(THR<q+;V=CCM}69K@TeCWJ4V#
z-Cz65-*?N>z+LQS980FviXtcS`*AUGb8T-4vqFAp9ms>mhi8~oz65_>Ay0>qwLx8#
ze5_f^(<_u;KilTQ-T~JJ1sG0H5gdtgnqrSRy#!Rj<PvEfY$h{qoh{-W#U*=jxH2Sk
ztp0>|s&&1H0K+K?mU=*V1f}i=xkhR1hp3}wQ)Bea$h-0gpA1D$RvMeKp_fMM3ztOX
zjo9oT;+?~|4{hYEmQ>$dJH58p)aS^m8sLtO;n|;_21LmVb}$<SiIEgo7^y2p$qUj(
z$ZHl6zNwY=OculkEFR#(HA||Ov(W^(QmZq}!Z*RcJI5APRee+7_mZZV3YN;V=&ag0
zYzjM!EV4m6O_7Ti1{cb>X!*MOm5Raog<O=%Sgp=YPc5o^scoy*E%c_ZtQJ~|MOkmL
zAot`sHHDSF$l2{a_^-zHHamHGnXyXD@Rwc4ot?PGaiMa1qFIp?bufRtAc{OWmj$4Y
zu_gowj{R_38Q}QO2);R0h(1^s*38UC?zp;|tWGSXa(KCwazW}5WhL}FRC3^clc1_}
zN$5yYa^I*tOwa=wIaX^Ii*=%eN`?K#c$NJFZFkyoko2v~?4Ur4A%S7afAE*Q%udv_
z|948d#O+r3v$0*lO3`C}RrQFBqTwb2W~=3)6}W4`8m+o<Xl*?q+j7)2X6#gwjoe+n
zyv1Cp;+7KEc&AvH4;||-@!dxG2(*m-nX53gg3E&fV*AAUa|FTz7U$eT)WdT#Ur*lA
zQ7Aei^qLWs4w3cC<j$Qg9WACD6#-vA0l;zL(8=O?8S<`!k>dBuXc3muUL2usC!USR
z*a>(zt$bqJnu~lES<-A>L+!Rx*&<$X($R#8XBJT|AmQ!zxtT>INHF_pFXH;wj_>Y;
zpnmL?=NT;ESG0H-P6R!$%KBG(8uHgr4t*8$4i;;tZyftl6boJ7^Sa^`QGRTb{;EJd
z()|%=sNm+u&Cwc|Ps!Hz{t>#V{(ZP4DRU!^D0#p)d9+Bofo3cxU1vL*E81rlW)xr;
zq?2NaOPTq1;p~^>J7U{Lqsni>jS^xY)nQI!&iAi6pI@sEGSx8m?y<^Ki91q0)5gfm
zzEuL)6VhUrx3W25;=Vd1GrpiaN4Gj&<<*jRYQ%YFo~d>s1d^9tcZni>^!+XWNoG!M
zd;Qf0`y0GO8Iht_D(fr;w*&3`Y@uS);(D&VhTW_RCzf}m33%>Hu3(Mi$+wKimD$2i
zRnvpB--vM7>RWhq6JLxz$@|8AuQ_}V1iz>3Rio6%pVj=2;2Dv?a4<A<Wi>CYIp*@=
zJ>K8{aGlQd{u1~Q5U(@;{vXbqNRGG`69VGz$?;!*#;`EI8&>9j+?ZK7B>p=8-o?4a
zB*eKmS-HhoMY+Yqng8!d%aFi#q-Eegkd_~B!fD<K3;jh}mU5J*O_!ldmwi9z)8*a|
z#%x8JR4G8R=%+Y7&!))w*$$c9FB>P@Z*OnIYm@muzoSR88dtl&1J=g(<}|%8n!l5R
zbx~DRg8&#6Y#K?v)j&XCe)<P;E#&b`Xe_J<ig?e({OU8CATFW*Wz=D)vh~fQYX4Xj
zf$DCYwm;5OYBTzZau?>=J=R@lvx7X7TNm^hee)f%)+tH3-b;e|8a$y6x^7L}@B4}+
z7m~dt{Hu1KgS_>Q=+k0fn`wbQt{)uh*%vIU#KS)1@$VPv{5hY!JS}{>-2t1<4FdBu
zvPzDh*>v9YJ6X?gS3jfiYR@-+(t$iKkeGm=-e@h4i%lFL$RiYw3ApiJ{QpLKDYkGr
zSzi>zi0C<&O@=@ty)`^KT4(4J7%}X1Up9rgPD#eQ6gS<blx<S)_W>z;_o_OG@&XMw
z<WXq}n07mQXS{yugC-36G`mux(;KSJZz3~23M<3w%N0yFbJvh8Zd8eZ`==Y#@+BLk
zoy>FDb@_8$H2SElh_&3kt6rhlAZ5Lc+BH!)VEw>5rpS1QKU#+uaKi^!IFLuXy|?mq
zu}HhQ0b(Wwye!R+A9d|KtCf!J&aRjkR?6p$$fcfduMIqT_H+#X`J4DHZEJ175BSC~
zXb6rF^ZfatLr>!R>a=U8)hla#OMy8Yb!ooaCZjLR0$mgMR>VBB)c+NfL+Mu{k~e_d
zL@YGrMJ*3P#0`BKO!&*@t%C_Q6G!hfiT7S1#maZ+4cP+wb?l25!yDk9?HNkLsE!@#
zZT^)O{kKv{UXth4_&ILkHITEvz=!8vNMK-5hTU;3s5X{p3zno-h5dT9?Z)t|-kuQs
z^g?ihE4MToc8Mn-Xamt`Uii#|%NiS%-vt46@veJmxaoqWGVaZKyQLes#su<n#_bz@
zx<_^TQAQ5y{8r1-{w@jA1X`HfpFv7ml!J@IH?UNEkvR9D4YyAw!A(ysLane0Ldqdq
z57Wk{S~B7;>wxC3sqOv9HEkp`2f=Hw+<o3}A_!CmB(&X?TyYfZVK4@8E1ONgU6t7O
zuly8?FCI7eX)w!0eKyBVpgRI7r*(z0D2e<2;e<0U9N0L|t7v2npf|ufHE_wgd|@4<
zwjLpfwI^Q?OCfa5AWQ2@dqtufInZ~bV8R|nZx;aCfXyz@ilB=1$H`&>t+#d@!ZHTB
zscqrVAT5r@ZD#WFZ@`vDiDEoY5pI}$`~4|Ym;mpwC%POPHuTpsf9=uU+uKV+e&@%=
zK985V4iw5*c0paMk`G_sPBmzdgmq&8k@;ya!xnG>AuIk(R#nneHR}GLFOJxEP;y@g
zKQM85#A0p@5uAk~H+EfA#E=s()^Y)nV#ysq>r-Gs-z~Eloyj$iKq@tC2asgp*X`JJ
zWzcd%GICkB_bRus4>n`BNhOvcE>j=1-Xtmo!@yVDQudKfD&SGR4IxXy*OF9cuwu0*
zrEt8K9U*>W{D!X1Lsq%oN%ytKY*f(wxx1KE`m~@E6e#S%bKnE?jiYNE8zj)tH}7kR
zv{P#kdj!OpWFD7)0ZmL9$zsV0=&`}QV>)$m@p?5t6N9J!@pIWn<CQu8+oLFBldSk#
ze10XZ{J!MM=8U^!vqxawBVitH?bi`4jZhZNx0MHRe750QT-xsKF19A#wGMxYt$|Tw
zzId&xktWIGe5S|I%E3ww;ZX@&^<+XCB)iYaC#8+h#<xOKq6f}2H>q=)xRp<NGXx&6
zQ>_!7W6Rl<*N()sQ+&Cxh8A~>y^&%+%G>f6L`GJ3>Tn&t3_W?uXkQ8Kt3=H`W-L_;
zqqvWdR|Wd5HbFl1WEQH!M~Mb#o#(iJFf@V@i>)CBL)kn@vZNjAtLz(^rL_}{EM27N
zgf)age_2#|#vFa~aK4DX*S;gMWiy?N5{<``cYd1U95~id*}wQCy3*b>er4b?Z;34L
z+~sG9a>UE|Y0)H`o3!h^$7*}%3PgyzKFg)BHq`j(qas92qM)}l)Cr|hO5)cl-kT`V
z2rVHyv$vDVKpK-B-P(uk_L{atXSYy1?OIM_)&P{!lGNAxHz~s^_CKy?yR%yyX-8(>
zG58P(T`x)r-9r8s!(2nJUu1={w^k2?AF($~{q^qWm>{6%<$UQa1NX+>Vl<{DSYM~{
zx_kt}gooqyG!YslpvUgQD_6^FCN3YUQZGbAI@_-@Mb<M0JAMYrI04?@+mZ{y#y)Dl
zq9;$gfv-fG<?D;hkjwE}@0-v+P#=ABc5#k&FShnc^>eveZ22f*t^c$r+UhyXm8mwO
ziVkNXd@BT}J3Yb${V09Dgvw%3HK?1>_u~~do48g|Z>F1#79_do3G%X{C!XlhzDW}h
z0H!v#BArAO33JD5>A6iC?hpJ>DL#*%yKikScpWuHa}3m)IO7Yp)&hB5<qg`<xE9ma
zdM3@FZ14lY%@b5VCemLYXSOtykYsY_wU0{=aYBh}n?H;wE#ciBLw)?Qet8|l#ee#_
z+U}$Z9@Pr@UdY=$W|<j76tWR892Z67bn5>ng;90bp-xE3LyQd07xyA)K{PagpQ*J3
z64N#dZv^*MIdhL_p)=mb8@Sp@+QXTjzOB>4UF9K?mnv`t<x$DiPVl6E;|=U`W4joB
z0KGihEORmKmWF>353&<<c+p1}LL&gyaolb(uftk#dBq}}2Q_7PMY81M`Q{LH*a+4-
z7_NcR+#_#a^1lRwNKf3J6k^OgL~c+UV0rd8Js%cP<*_qb+Q;#fu#eO{M4pHZNd}gV
za=MDwK?S}dL8Di{wW=r7u0!yuR>n>*LFUa6Sg`A`O-D;i^ZZOQ9itAwQ9XmM!57yX
z+HtxH?=@hxi-5xovi0oJd08*P>c3soJ^Bb%|8cn)T*9~K8oRW<PER0)Mn?8|oAXjk
zzE~1Zq&pmMTI87KMf=I;4f&<p@FF|;fGH@G8hwC=FSq-~L#LpE)_K7rPY#|efdqQc
zA6BtFJ}1!sE6#cYB1SaN9TEt|@c@h$gd{;GTY3k;5DLzj8rPA7_kmUSB8%{?(K|!T
z=!m*(MLIv4tTjOt{W=sZ26fL5<eIFGWjW+cWN)l;jcLcZlkfQ<IVqvfZ-_Y8gmC|q
zL2t-2oJ$$-1d6K7*`f5+g90wj)ibVt?BAMNOd_4zfUSPYiC4jc9JiyJXirA;9E&5A
zGJLwUrXnZ;FW{ub_)_+02Zsha#IM;(JaoYfbis&rcB|&^HA8hG)#`lD(($yP^(Lpp
zlKGySQ_D0XSavLWx$Q%p`l7b>;K#2`zKIOd*X=R$7|uI{F;srC+N1m<*fvMztw)rp
z5%A2LYVDFpGEqgs=lWwMz#Io=8chLCX%lrf$wCs8UD#3hIe4+{myyhOzb@HL+b<Ic
zS9~%tHKG(}3p!tYjHn{zd(+n?tgf!mc1DxxwL$GU1_$ugOy~J?VX6v|tX;^nm)$ls
zb~uj5H3s{hWUF5uI!Uu7c&O7%+ncg^JzOzsPtyoMw&%M3L@y>VEUV{jpPT5E7Len1
zZpfqiZ_DsOC{=z3_QSMGeswNqb?y$>=d~9|vV7p4(D(0<m9Y49QW9MUsQjAAoDjz5
zId+oWivd1yzDaSWy16<Qk6Z}^6KFxb<v#DH(p%lm2_29hEZZM5?|8FcWl-R5VBf&`
zMcTZbaE7S)MCq+$Tf~Lv+?}rY1#yMLv(4nyZJ3@GV|@R@jMspn7?<ObtoP_24HjVY
zC=Cv0;2oU~?A}R}!_@_*gpY(bs@%ZQ3CC#oN2YT(qLmmhevd-!b``j6^2<5gE1U~c
z%bYmXIXm!=Y9C`7N6xi>16~;`hlfe0paI59HMlt$YYVm|vgupU==c2bMY^(FyK^`n
z9;Z7mZ#ydN55TufHhhHUMV9<t5V%Y=>H^c|lDCZX-X+t%ZjPUfxw{fBd!GN1s6%5X
z2Hebjc_HaDTP}BSc1#4E;~SuB9}&pU?Rfw{rX=6~Six|axrpOhUlM3HT?Wsug4iwg
zDSL-?7q@lQ|FH6pb7(j-cO%=DQRp4=tp+$4Fc^3TuX}knq!~HTJBD!Kd;0tA(|A;F
z;Wx$A`^BHc378*;o*-MC#DTpdHf#Wncf8&jC#_wiy~EO-AbW(H9m*-J+Vi`~F?mQ}
zJ*)$R^(RWn;tU6J=9hZ#{m?)e!g-XvTY`W#YP3Mct#js2Mx5J=N0$y>4|4xtmENNh
zyY4*a@`v@!rrc2Zh*P1L=s|RnaGeY&(DB60#lUM;$FRR$ZQc0Y$J%=X1Fm`GC)JSj
zo`>SVU<ik9u0fYt8gH^@rUot&ebD7+rY#9+pD?ILL*c>%>W0Bu!w)!UfNU@mN)klv
z#!-iNFnA2Xm2O=O)a}JQLKEeL;rr(IOfNq&zIMA7fAP2weX$5vB6kPp9Z3qj>glNz
z4FbMMSwZ^_S2wquy>tx<#ea)0<Z)azthPxq0ogZEv4^Jj?`20LO&Z*uGB6x{4^BTZ
zg_-<SUia}KMR%r}wAE!W_>>Tc=@8JWB7Z0Ay;7m$0|E>?Mq3%|=GPFoN4bNl4vIHn
zU!WYE&Ic}m*0pQ4cmPtpa=ZK>=7zbn@97aKVxTJT;vUXniwmmx;U5hj&g$pTLQhMD
za>6nf)NKNvt;v6>F!Pl3c`4J0du)j`FOs=09?gy;qL@a{(XJ#psbBK?Fo(|BvCD7a
z$j#yUwJaR1^aCN`&loEvwd!UT1URWLlA_Xf<;x;39#6BzWlkIB<lUF8D#FtXvQI+h
z0X#Xw<!m1A?TY@a{n>=>qkHu3i*m>8fis(~iu&CbTR)Ha&H6ngK6|^EfC4)P)(DPo
z9L#4+ULD(KwIVz!Jm&qrwuo{p5eOFO{4?Bju&NXtp2^B8e<a{X)k1%J=I2SmMVrB4
zh0>2(u?M>T4)y7n$KpXC4RofXO?GFPb@hEpr25YBdc3S=_exy2L67&xc5PVclGr=f
z&74ROXg%iZVIC-a3jv`p3ZBMZ;tN}|jJRmuv1b_T(Nwqp!KKY$w98Y#_b6#2-_H8;
z7EW#57_>QgqMXmPW_mVOJ>X$S(uz0~GC8z5Cmb`EKR~i&mR~~=`2t>D_3-);t~DX`
z-0DWURG;H~YaRggUJhf!s2A{W;4s&~kxOh}=60qC^~q=z_6F**ud;DE)4iZ~<d<;t
z%?I$SKD?%tL)iG3qC0Bz1>C9X@fqsv;^WYu&6#C$380tB5KysHS8DOaf%%HNe^@t5
ziEGz88SHmOrmI(v6cT!e!N=o^eeQ6~!IfhS@)5rSk8WI2f+vAp4;WP_pFH)}O!QFw
zc#Ud3EdsP?;9Yz>Gad86Zm`KeZIZJ{BKS=la3=_XxV9HjYUyW1KJnn@d$6U(E>fY|
zt@-;<KuOwh3g=S`{6VxuDS>wW3DzRLAO04Otq02cd+6z7Y|CQL-Ga@7F322Fm@xa*
zUc$#`p~$AybZM$d?BsSt@0g>Q^Bn<ke0^MV)k6XVKK#g(tQ@^&_X7R{++Y~6ApkaO
z5gZZB5@rdu3}d_tbp(I+9d*NBK6XkiW`3>lnM|^i#J@<UUfEr^&4ic!R@<c!J3k8K
z_tl&7P%0pb7qMSPeLne}?x2A!zeFwK(DT^79+zeVX7I7WyM3RhaeRjN8QCM9_h}F8
z;@RkpZN44-#wqfJx7zi11@2Nl{C$76@9@6ed~@=U=G%^4Bii{gxw4)L=N6^i2So0=
z+h+f`g5h)4*4pZ3j?P(%gsB!yo7Hx?bnU6MIaj`C-MLZ28!Az`O1sZYgdbJYmaT{7
zWU$)k<Z3vW5HFo<8@>}iWv4Nr<%ZU-Y%`~-A`~z~I6l06SwHVX;^ZlTR)q4Tpg&8e
zKe)K_aRp;fy>B{yMlwYT;pav$?2@21ebiqsPnOWWrwQ?&7}^EAdfOvCd&V4GKQVR7
z$&c*a1-d3*1#?R;C`AV$sNQ$E9e(^}Od1mSO}P6d9z+oDzs;iKu6P+WwerGohTntC
z1cG4#onwN|rv#Y(i>vnt7)`G=t!hSjR5z<md+V`*8k(Kv6yZ9*4EGt-E4MY_uLH&z
zul#vq=2;59+3~#doz!T(cxki>|KmHkawnmMgx5*Ju`{7!%HgYOwy)D}{z#kkx!e!;
z;E=$`w!;T>il{$(1vspLzS9w3yaD`RQ(P7b`{2!aLjw6%NcrD(WB*G(S*-r;!viV=
z#NYFOUIAm4_>Yw^W^oBlZV4V{E;d#!HcoaP5pLH1`wAGu#(R#d2ypM$;d~3I_Zz;8
zgtm*CgSm^lk&_vOh^d3I8L7-)L1|SpBU8_>zs&gG6_sWGhZ3gaTmxIZ9sB^pw~n#=
zWcHWP0TFCjE30<b?tM*NE6YXLs_FiA0t((j)DvU9S~s@lB85fRDY$9I3HEBD<rp$?
zsmzdpW?W9rFEL@M%_;eR$PSbiOE?rxc$?$FXM9$c)BP9qzHv%PSNv1oi)RFzSGTCo
z?!ar~A0Xd3{cq+Rv(rl{q5bSvh}V55Z*v8?h;&ae#caJ4ky5{*2loOqVrqbpGI|%q
zD}+{~@*o=Jru`tLI@GBuIy$CvfYpM%hPYuY)M44)RX_e0$!3}lcUoRaT?5I}FtFc7
z80nNMbbE(&m_>XbX_J&YuXz&@y(1X{%$j-0Hdgv^x&@y@ARrJS6EGkWFuEIH5PRrb
z5suR2&YO2?{Nw7u@TDp3{jegUXB#$pq_3xFT0&wQ{?r%=yELs5^=~=bKyGQ$1PuKT
zj+W{Jc>==k_T_>Uh7A0=lu;}c3K*^-fv4u*?}*nhm_c+<rvfx#hsaQvLCE{EmK(WP
zFi?m+sNX^WWUbN%$#UwVi5U7=%z6p+Lc|4_Q6cNN?HFQ|*oZw0kZ+fHAEm<o5+TS)
zo#0CTN5bnA_IEWR2#iLWqWONw!XuE{zuA$`C4x3>B7xJ1bkbH;%Gm*biB{Og(c7l2
zSNxntPW=^2QfzWKq>Gs>OM@AdtHX-RiLO$lD6K=NDEB!vQ&ajcNz??^I#HRnB7>+s
zHuDP!3u)9;Wr`3<E|Vpb-9k!wLVg)aml~jyC^Jb-k)bTPRiv$fg)E{pLM(-Y^lLte
z%;#LJwV(v?Qv<p})Rlf%#6lyq&cu|YLjpx*RaH0#13+T!YFP;i7AXY`HOs01<<Fj(
zl(lrHFrDs5L67kJO=JXY%ph_oVv@w(4(j38u38?ztC=09uVwK)UJE8O1q|P$Nk}L(
z^bTxHSiiq-2T$C7G#uq+_en%V$QMKEiG<~~H9QrCF)PH!pZWXB3RArrssI3{s0oZZ
z3}&wRS95DOb%37<IFk|*u}~7p0bRZ#M6oS{P91AT>-FX_4=?d)4ojLMM0X-p*&yb#
zHyK`2%s2}}ntA8?3K8a_3pu2O=r>tm<W%Lg-ZHD~!s$XvlvW=+8sT0ZF^<#;YlO9y
zv~>WPdP$h<Hw~A!1oO|Bq5@E|5AUv^7V2+l0J4-~W6JCH`<PT^xdrA=>HyXS0z@OE
zG}^+^#Hdu|A7q%KsMty+v|6Hk#;zP<wWDEy*?1p3C}3i1LJmu1cBa$T2=^M~x+@#V
zNXhnpw!Ph34#--r4=_qKvs^RT8~wt<40?|_d$EI1RVM_k$or-c-G(5&Z{R{wXH3by
z?tIM#bAb2GMw>9Frl^GvNm)G^nf%XFS<9bPp8@SqPjO>VF(%}@RGn%F@IUt)*{-e2
zUQhx;fCVYUZ0H3%ND$Hp0U;3Yhcp5NYDwDRKALMkB2fTk()-Kw5A$2)rN7_T`|i6x
z7Zxvs96znz=?c#@*2f|UM|=txVNnPQnD^uT{x9n}vF$Z`cmyoe58glYE0Y;j_SR_`
zLIr+#?Y_SLw@Ic^VT6i?Ddd?dS055E4!?-WW!px%XT@t~U|iu+Rt;hP`WOb{c#H%+
z{z4Faull|+k8mHb&3Bj3URMicUq;`Y(Y@`qhVt#%86K#Z5aqblUCoD^-yEtbNhon<
zb^<N9j~iwyPA$KylyZsLvuoBFvCYl#`LMWt1)^q~n&^f5)K{x{slSaQx~SdkaaASN
zy10CBVI{NN>`CD7G7q-Z#6Pq?wY5wCxe)>K+W?WDJ#{A?jfjq`i3OXleHaSK!*Mh`
z+bc)l4jc>P%9g<0d(4Y>sbznP3wRGwzJs>dWE-`M<51veFRGA$p|~b&N7R++R+6x_
zN_L~HP6iwnp^_F_Oh{xnDNGz7JUu&wACmJ%5=U3LOT#2MDi-WKMJCnhx=^`P_<uuY
z6FPb8CX|Dr$hkY#oz=UtdDp6up);u%XUh2dPLRL9wGf$Ed;<!du?>hhJ@Qahrc=?d
z(Q_TzE)<<Nc01L^CT}4o>hQHQA^FVDv988>JDSop&nH&L;kkJ}B0MB-N2yN?267(@
zDgjX-f;gjvm&!6!|2xg+XoaapBV`v6(fM}A$Yb56vF0nQdf-PMgISwvOe%0nq!B_^
zah_>ztd8<DHiEi<df{HAVEv`$dz(%;UoX-ZF7%_$a>gnsDNXB{LSO=nzzY+GPrt*@
zn3b>*!IH~?zve~*7dvje;%F8y5PQt*BbzW_{`nX=M!(vIk&=?l1m|(6(Rp<PYl|Q#
zu2G)U$eZ&U{-k1Ol`Ek;sU%G3Q4nQxWO5>LfKPuVznF?pToc#M=ODVOu^a3F3w1&H
zH~!t6_YDYCj$8=>edUx3>Gc}D>Nuk+xseO&c!&bAxC4=XWD|t25Ud-^qDtG%CdA)s
zVs>o^i@qc>VS0T6x3;7SNY$R8pAr#Q*yJQ+hffjS(DNmq%?apV_)!_82V_NNhrfRF
zF6B?s{x!BFz0c6xHK(P8%b!)x<*cw=Th|fyq6~?+hutpwc)xy;1$?siYCNUaW@J0$
zV@v#yIKg&&f1Yq{P-TyI!uG(j)UZBFsJUm3MMH6ot@rq9rz4*GlGAQdE2$-S<H9K{
zs#FMnULAEGhRJ*~5rfB2&`FNPW}SfXVYq;8eO>!c;@w;yHbO*5#5ZyMw?CEBxHgRe
zgG9PMPs<C_m(hVH??KFgjDPm4xLM-%Qv%u_zH6!NueA0UWU#OyPxj#n)V?VY>$Z!Y
z+Qw#!!MhdG<?HgNv67K#ueX#7a-s`V?wop*^ArG;y3VR6u`kKUW`b~~NO;NZEv=GI
zEk{7p4m_V--)j7ilNL$@l88A5U-z%b$mRoZt@x7@M|ZKX&EH4n_YwMEgY<v576i_)
zy1Rt)Zib+BW6FsBv-jCK*LVs-W}?3R9zGf}=1Ob_rfzeda>(Q9Y03<plWAsH`=9zE
z2UaG|w;Nd82&VSN)2oyp<t3*2n|hGa+D##{-HvxHCp?*nsm8k*AB)5LrC-t=B4BIc
zVJUFyIM25BEdv8ar4a2XF>w5ct*;Q=d}WX<-lAe~?subLot&d@YNv*@CsQt(HV9P#
zMxiJK*69;Jo+vTis<z?t%D!7;<$mZ|#z7o5K<+CG>4<yR&>DH5K{KL_sCo?7(DuGi
z|AmP+`1Sq|?!vbaanZV&GjZ{!$(LUz0xaWE5g{5;-<~4ZQFO%(wnaoU5`_mPFSu5O
zNeMUgWW^~$qG0$sg)s<4EktWM<Pz)B3Yw}o>B`qpz!w;pL80A~6s|EhCuGCHZ_@i_
zh{eMQL4BjD6e0NaCN;DWm{6o-5Tr)cA9ai&r1z<Q9?QIIH`=cV$uxn1OqgJheYjGU
zCnuZld)C$=0a6s2EfJ<LQkE{`r@q8x3pEVk4TZ#}@nhrpPb**^KmLHxb->!{<%5BJ
zPkJfFlm%e5L$!=+7q<VBj?F|&^mc@E^dVn}c3|IVe6W=5IK5QGyFAlX;+Zw4BZ)jK
zSTORjGFvH&MV2*zCBab;(K5%|&WVkqU0t*uhnBB%`(S=~5<hL!;FeKnDqFZIyjHrE
zkvK_Q&9&(0#fI4X41hW2D%<vfa{WwjG$48L61fJ;fB4g9bGQ)(%=Zp$k>2oin}ou9
zJA4{xAK8@#a;}2<({7wCaMgP^mCeM*h(8}OcBHXr1^{Gvs`sqfEDgkebqS@M_)`gV
z^c)`%o>{&XJySW9P<;SUc^Zf^jLb{Lb8LfM;86OxEX}B2fM*Ja8i-G-w(D}vjUq5v
zS~3MM&T24(=?yCl$i8=#yMH^jTvS!lNEkk@NTxs4&vb8QSC^t|FBVQdD*P+d>b~p@
zQD7@3s?IOb_kieYyZjNT5qT&@Q?c61CsWC0#(3itEy`=y?Eba(KW$tz_&#d1b$jBP
zNmj*&_5ANcH|OPkp-NCd$U0SrMzXqvn6T*Fg!|(S@6ucHW^_QvX^-{O#RgJVsq}tU
zz_PeYPOhw|!8b?>Tbioot}>lRbJ<5#PpH6<*x?{)ZhV1Y^Wn}9tN=_-0IYeb<D<l;
zvSfcP*ey;FfXOT8XUXK9pu10QzaZ3m4vWc4y8g?;Doj^gOTqh<-}DwI@dM(K<QZQU
z-z^<X6{J9c5E=Q)&#&{VMemATvP8BUq$GVUIhmp|yk}gvU@0cqUsI3Au}vx5&3b+O
z2NLRyzgOI4AZPQBk|4%bIYaL}E?10e5emq!jrWutz9Q+FKHGS_GNxvc&>f``wrxAy
zb3*%yLRiLx)M9W#xKkdJ+d`x*m~@0x-%;Gi=+r_fXO`INty*-1q%XYB7LG4Us1P+c
zm#c~0uuKAe@YnoUCmy5#(Qmq4#X@|shFfl4cCx9jAw!}p@+;08)=BgOcx29)p?jqS
zXi!q;=jLzr4o8M~NjnOBnm*9-he=NMyBdiE-Z<n;u;&QAtIzqXtNLGN7xNA83j_%r
z`XLdXMbuy4|BmeSuel^Fn)wG}PY8&==l^3aDJuRCX$odh5fOGyQ7%ztHgO3aaSm42
z|7k7>e$TP}A9Km4DftKp2p9@0F)?KsF)>nQCkJyYTQdj<?hm0FYYt25*n*J`swKEW
zq}o#9Q9o-n)b!d2K2;CE$t0Ja$l{hB%+peA^KwOgCxBl%Xs%H54&;J+h7?|aMwjL%
zLxnT;UbyXUlu-+(t&oxS-tR{zqdI}r*ywOGrdI3Mzj++yS>xH`+XF6%3m958W#MZ?
zq*d1Bj#H#2m*b}7DMU>*%*a8{R30cYBo2>aGWOuyjU8<eMIj8IB%Z!1-ja8DMK4cA
z0+hP#afp2J?@?4nW^9_}u)E-&?yXwjmahoUr#WGuDxuPSb1*$72dM=V$%GK&CTNdv
zsu4hN{GfSrrWPYZ=#N9m8yfZm?Ev${hUz3Er|}J@_^&N2Z|IEKuGhx~!P-wbrEMmy
z=#i^*x9XjdLUT>mgy(W~hP7=nM*gt(@sCqJP#z>I*WZ(TT~_y`3=ONXSK(G+y(b;Z
zkrke-U0J*dKh{s)P#$Frk#o<vT3|Mm;02s%-Z##h>?eL3QnOk&TJMqdt;jUY`l`7b
zvNGJDn>hkS9&g%JKDr$MA0X6N4f+N<I>pPyR)l*gr)6Vb^Ic@ICQC;J`Gqx;4;Vl6
z*{&nCH-%&vt=+8<e;8MGVDf;<zuMf(;=|%RY)2m6VnY7P)UgZPN6&d75HHg%9O06|
zjH+>SaktdIxH!2YE`#yxcUis?<viAuey}7bKPBr>NNC@%5eq<R3e$GQlP7*_FeK&&
z9+;s>rIc^5*0JkXy|$3r0^~D^al<h)fdy7c9oKyJI}}$BZx0$Ql9L@T4(+rr&CL}^
z$yFVfS5f)$S=g5*LS<~>?9=0D{A*ZNogCdYxzYp+yWR;FDLj^?E7z1@xs8p`@jDPQ
zT*v*`NvDmC%k$T(*p+CzLC!k+f#%-(`PzDhXFF9WzAs);X@$Sf-Fgu{$cY5>A*U%(
zj~v!@CKgo}>x)Yd9|9-Hsd|Kl1V^UYHYO@wi(bFme>41sH?ziP9fHqSM&V2AOZP(K
zOYO__A|K_V(++r{Fi7o8WQ67EI0NTX&U@Dy8ey$O8CcHR<a1D~DgO4}#@k7G20j1a
zC#b`2GbBzf-v*x_Bi@dpybysux*#=JD>QjCT)=!}N2i3#g_|2t{~1#0f~&KXpIoNO
zIW#bTO<wM%pR<z|<-wa5MJ*k97Om7jxXA|9k_Wm6-c!|;LEpS4V=?pcuG`VeQx36h
z=JI~kl(<H6$(|TB@Pk`JE0U>n`@{JgM{A+BqV_YQ&+k@NgITF?oKbe1@f{jY_f~Lk
zbTLI|Fd%MUWc8_2!fge`?o>}a{H>SoNYhg98<y`0#!c6!#jtZlpIx@1X!x6U@aA5z
z^fp|g8gJd&6VZX(=88+pq({J=#yGV&9|_l|w;HZbe1?EG+)1-5AsvXX9<~H@Snr(&
zqNB8qGXw<kyB!$|5+W<-9U%Y;(Mnz0MO#6h*Tlh&(dh4b)H?>D<KNy5g5QJp-D+p%
zVnq55OK9)R>mdO6M-1L~`(JM+0O>!XxY!5)v=x*|#T=Z>NI4i;7+C>=NTj5s{7$Ck
zysF}o|4jbw5&&4bxH$4MF}>@pXLM&{ba1j@V&UQ8VPa-wVr6A`kHO&VY42j>!C>!9
z{vSmCMMvDs*~H1p(Z$Nap7bwWBVz|w7Xbj^Z$|%V{>i7E<9}vk@BGhFy_b*4!^n||
zg^`)*KPkT_<bN+Cub7kBU+f0;cc25oe_xd2XZrUT|ICt~=`SDug|B}U`Y*|U^Z)<x
z>tbd8ziZ~dG5j~=|K#|uFRzl5mDzhu{jCo{7JjDx!|(se<bSaK-ZX+p@5TF9GYcZc
zsiGZ1KnO$pQ<lyEHUQ@*L4F5$NypLt>1i4otQ7`^IOJzYXccu7l<oL{B6hb4GRhUQ
zm9H-DeOvc$epmLl=65HZ-e;#oMVCFRV`GZo6^E{e-AY8S`}0B%D5bn^{{uvrw{*Yb
z<af1Ji06p>B9GJ_=lR}HN(rw*cfa$W*Qur7VBmA|gc0ofzqUUpjm3|}Bh_eDFK+J)
zr*qM1R?Qdoh9bXB{4g6{K>fr%9}Iu7p8w4JdSoKxeQR69)b;%1bh*tLo|xC=n`syd
zet!TYbeQYGl-UGzzE9Hje7#9qa8QubCXZP#1O?XAL4sl^InPvNVmiV>xnqAkx3qe3
zu!-?(g~m7Qpu4xnqgr<bo=I@Q^+5hsG*c%{Sf@UR%^$Z?h3r2++2eC~oLBq6ftJxi
ztF@f@DR18Sb8$p`Q-PMTYG+A%hqE^AtfoWzztb49k<ZF;5pphSZk*zo1;~^=Ho2TQ
zZRhLY{r6iD)%5Wg^;7neDCIt(hoD>R{7w~M?oJR!eFrtHzf#c$d9YZG=LvL8ez@B?
z6)=EDBL)=7mF$79_QpGip-T)u(eR&pAM*G;dwk_bsP~+PyAUnE9k_UfCy8b$mW-;_
zYl-@uO7~W4(BTFx8T(0tT<3>rxXvpgzortY>7Oc{+z!{H+u2Mui|y_#c3;hR0NHYY
z))?WX*H#(B=JkOZE7*MW)AV|!W;NqEP(nI~8=%<#0TVOGMc?y8aWL`D?9-h#Cj~`K
z1Rhfy1f8k%_-T>o!zF8n=BV`{=R!q5z?w7(A)$VPfWu<zBzr(lFc7a=uL<L<^C|D%
z{?PPd#eL1}T^jP@)zJUNRk~C*RZx7xQ7x1j&wm)J)oDj|{~h-C$Hz136zFbx2B7~H
z!{qZqS=mJuu;GtOwV~;FqMGTuIyMSv3`71Kbtu9MiRb%^uerh$9*3Vj6*CeZq^ad;
zFv&)}BQq3Jl>I(>c?*`YJ!&)lHujTqsLL1{)a0_)XF?-p#rmom`CW}F($GJjQ8t~C
zPFh0vCVZXDK{7Q(C2m(HaNY;1r(nJ|jaK8ZK=l3<dJO{^m;PGV1I>70O31{Se$sBq
z!KdkHXibuviBbhMv0@4G`@r+V70kVuCxNZv#^%rHd`JiFpEb|PAZ>pr8B$Yi!xsA$
zqlDkmL5-Fd`J2;5BvI<$`K=~5Ddm2S;7`Yh*fowE4#Z03pJ%hx6BKnxJJ2d|n)eS)
zx}E$E=P|!dhe8HIeunUT`6BJ{3d6($gCl=3&v{P4Mydo6Ql?!j89R1+G*^3n^S=Pf
zKsCSX*G0Sb&r5<-t7diE_BnfZXy49s4=j=CI<_x1ZTU+q`E$8EEPchbTu1BD-!I1l
zS^M_xDfaK%D~RBBz{PHn!UaW>#*O5{s7aG1ZviU5|Ni^+QU0!7ohNw#c>+QE_wVme
zzkdDkr0xXHyiV_l_etT2@M;0eJUcjY_>j1C@j{FivIPp{7um996{Si@xrout|Gpf9
z8R#Q%^5h94PfJh-a8tXEUeZr7Py+NK#gi0my*KnD7x;H6x}=E9+p%HeW<vzVHX!;u
zhVrTW?B8z@>wmQUpqVpgex4*r5<`^y#s5ZmeLw2m@jbCD->rJr!-o%V6I&w7rq48U
zZQQ)YG&Wvm%9PpYUyTD}%o2$A=`Ru`Qv;ylLdkR01B>cxMSMKSJLk@w%N2+p@}vzz
zmLClMeWH3#JX5C<)w{9YCs9*v3>h*c81JeguJ5V5K%d7?G>>udl4VB!?28{A#+WY<
z?>UH#_yK9KAU#c4Jb@CL4?p@yIPr&e?Na`$SRLL6pD#9S*iboT%9PGBGP{PJ<k>xe
zkP#zB{MNT`-$v>t*HmONeT9n`FNwi#zazdHGs>v)%P+sgf9|>G9`x$fi{=GI!^6WX
zLDpUdxKj-09LV!vdyUEtiLkIRF=x&k(_J9Cs9B?`k=MOPFO0*@Hdm=qMZolh!h5r<
z+$ilw!p|=!v)wdDs^AaRw^Do{z6%t;uAgJ^cb59MmyZKBWGP;~K_Pu*Y4F_TOu!j|
zGq~Oc)AQ!diyy_iA@QUJJ}wTHO@M>uD9Lc7#E}+9W*nT=i{q$`qxZgj`*!l(tNzNC
zEpM8Uu&6ffvCM@F7iywjjNhZb4dk>#dJc#W3j^}`utWSn{ir}Zn15Isae?rw74q;*
zLgdf;(0O>h9j1ZwNn`1G1VOs=iN5x*^7l1sJ#8R9B!5i;F%Ex`J|7mK#vs(g0h{B3
z+}E#%%ok!se724J{DJsk|DiVGW6{bf-*_+nB0S#(?WlA<UT+Wg)5qfTtf&)G^70&y
zItC1U!}wiLa<&e{IQ-?s;)RBW;(56Fc~A#ICC7#h>-^&DWdm%ZR0%P2)@&)qXC8Sx
z$dswQP0s5l5akm{v3m9DeXw&f<bFV0uVP837OAA7I1_BD)U8mSuYsYE)baw6q_VRK
z^#@LnBxzFP7S<B}ir9_1dcv<ps#dKUa_!nRS)XPI-CphyEo9dRK*S$8YP5K+*)uX5
zh#wD#zjgNP*+r3YRWJJ_Z9D-YOIaZNvU>IE#ZgE@MD-?zH)?xH(3B)a^5o)&@2ARA
zU_C_p_U+r2C{bb_7RX*|I^H5-<w2*EcsLT`pc**Oq)C%n|L=eQ%c}GU5L1fc#rWFo
z0gL9q_-ptxU0^6Ba2V4K)8qx!R1}jl7g2iKFnPU)_WEJ5(*Y*1T=@9Qiv26guUoe+
zY52qN{cy5y>AY|a_&1P6iOD-)U9y~HSM_(nbo%t^J@Tw&VtQ?dOZr*^(xXSu)8j`K
zvHM|s;L+jftuKhu2EBdAn_UwpPITdX{Rz^`k3J5ZJr2eO!t;aC5lnv%OlQpKDb=x-
ziODs2cPl>dx_yU^22KDE$_D}u{Gx_MiWJG~?T2w86jS8K6m9%S_C*R4p_rif%dheN
z+sfmmf6Qm1Q+P_vNS%ow(K!^d+leamcdd&S_57HmDVZU%Q#5He_KO!Un{Z*<wr!aM
z@lO3xPQCEL3mGR&m~ad~)GJVFMSkBOrHE>f$`Sb8df0zJTs0QFeh*ddKX}dz#bB6H
z465Ic*-`ZA<^N-$VVUxMP;GfTgW!qn+qcUi9XoY-B=+=lOnUpRH)NkwVjetrkhVAc
z5Ml&=NpE19>R!cq>5?8e)Y3)=;n^&u2wd1&;qABI?uNV?*8Km-bud2qxmJYdvyKkJ
z^O<qMI^v7rf;RP_@?IY!5f08nUdsgfCao+L!n17{DZY<Wj1it~`SnYnioS)Z)z$+F
ze7zKR&6xgsj3qj>$G3>gq#Ghu`wKB<vRMB$=nvPvg8GjpqSC!DCO`s1oBC6yPD<o=
zY70UIr(3a-KVi~T@qCANM%!R-MaPaEM;I9~O!$TL=qvpB=b!)9uFpT0EE3(iy(Gp@
zoa*6GWmi6`JW?Sm1;XlGKuos-b)Dr}Q8oO}yWbXU-G|DTRSo~;9<LbwtST=$XPOgt
zM_ZqL@{w(IiY%cAu)P=P%tMEdhz`$p0+-OiFfGQKPApoqi0?dL;%k4Ap3}@{9Ecqd
z@w;^HAadu*DV=}m0F1?ofcdChaj$u#LIYoa(^Q7?Xvn35f%sHl(Ta-lY7<<#bcxyw
zk9<?1$Lr!Lm|v8#84};kTR`~9R>Lf=ndp=3FOVSdU1ZFd$#_4tYt=9rms#8F)2Gk0
z)TvXCvF69db&BLEMEdj@OidHl(EmPDW=t=lu^JAVF=NI>^h^FK%7apY=$N*u)jY+a
zcKu+=WoU{OD3=ol7vwzh!5Ys6JCt2W=Z(m7l=wg#S{miA<2Z%(#z7QV33cM&aI6!+
zd%=75?0FXa@;#UlP<l}yqU~Uu3xkK>L&=rhZ;!5oj7EV@&(p3SK1+<H7>?w+seoNs
zfAeTuMq7G#-mwqUK{I2$J-nOCC?ka~ILG+iM7M$2l%eYbv!<!wpxoCV>r3m8=k<))
zb6siDq;c$v_Bxn-Ttpmx2x=UBVW6O!(FQH^65+7>t-&a>UKhvV<=%k<byJil@`2wy
zl@RAZeh6%@37+2>C3<B4)JNb511sUE2uheRp$m&w6M~>EzpqJz*p7Nuc4v+WM1^e^
z!4ZV#a>lM)Ao3`>v>KXObq2e4@6L^J*u6u)^Zc%W7t@}|MMSe2pYcJG3dKZjZ1)oV
zp-%csAX0IRL?}|uy?gieM*F33q{a~s2dPJ9{bON$)&tc)h<iQw@=4`p&X_q3*QIep
zWoD~CQ?}3YIi^pa-X3FE$>-)o!S%5_rK3ybF$Ry1gED%yXH^RF_mimcx!@xt0T6lf
z=B52jR~)oYSc@YJ2WR|SIAZKvLQg5Hyk57k#Cx2}aRlP<yAiN99q=O^sRSuJA7V@?
zy#A7`CJNsAkLq5E6e(PY&FF&vC{1SNN0BH|B9Grg#I(+4%p=m`;|as~M&n>4w^p1P
zFw-=^(F#XTd@vs%f9Y3WeRZ#FSx=RIRAY3y9|$UsaY^JS!qe5$stmOD4STD>sN*-D
zpbkHH9-J}b;@}LI21h|0ZD3xqn$J?rcI=nz4(=I;?mfkFxR(S+bjD(;!$F}xzaV|m
zq)AUGBPVY)x!}s1FQ3ShH=oF#Kc7gBs8}>8;v&^wC{w1KjJ4x$y?;}AP~~WegXyhy
z_3BlzbJuQ2MNWz>n>Psx9ejb$KmWWpA}M$(PJF2xb(tIxN^C?hFuI{ipwcX7j_m4E
zlq*+3tY6QGMF<!n)&j*}CNE<0CpuparoFl7(}OxX<#91f69rOiQW*5<_rYn{sr~;#
zeoUx5*-a>+{945FnUcC*zI-_}IymA-oecUS*=kS!a`#t^_l}w29Y5MNQFpzbU#7))
z5E2l+x!wHv^Uo`jP?fKrN#(0nuOZ5oEn^!&OE2q7ntr&?JlkB%pJ(=~^rf!9Wx~TF
zXTR`pPixlTU|Pw#AvpNaNJrlq{Fds{?=#J}c@RiR=gggtSfm?e_(gAxjT||0Z1UvE
z!@QLVz&)=aJu+mB)D|QDPM!et7rofwS+i!nJay{SDzLL&VTbt9b!3R@2YveKCt}ym
zo#NcNvr!fOSKX(+!WthYx<8QS2g-B-ibg>>y&YgZvld#=UUv8V%p+A$2dPDT9Mq*`
z#Ze#q4A9LhLPMGD2mx^}iWa5kkjj@YzXnkZs?@AmbA>)=-lHcydH#3ac{?ClL$*mE
zuh+XzKk@O0G{g9BK=BeK#T&2n5BQIzqRLLe1(rsD!ruhK*G8wtG>0e)E;|Aj-GMP`
z+Tz8FWxP|>1{G&IKd<uD87#^Xm5#|d+DOk%5w>Fu0=m95c<|t_;Q=ENT@6M?E=Jft
z@S>t*snROjIMV|wU%vc)8>V%CxvSW<Yo}PbV!6>46L;_46*q6*5J{3G6LI6l=x3SQ
zeH0hBZrv2OZry_BF^#D^hQogMy?0G{zFd%n89w|AkpY@lE1ZU%&5Y^OJgit*4!pJa
z`RAWSo;-Q_;PQ@Mck<-P(*8-$3uKy_`|;z(c{F+Y)F~qmlDBQfMGO+rk>1GeAe!re
zFO?y<6WM*W-o`{@vY5;QSFT(YJ$m*MN5jk?{-Hw$Oq3%z)Y|#;7kK0rg5G{R??LG!
z!Z7xG_wLG~@#4i7#fz8l2w~l;cVE%sxo4tk&hfsY=23;|Qw>0&Cul+(0n4!!Pc5Y7
z0taTzF6)f03dZD27r{1d+l$v<8weum$-U^(8;F7nR;*Yt#wH2TMtaDmhhPAHudX1$
z@teBaJ=C4M_lP&&cvDhH{r=rMcLW@WC8EbieDuc^!XG@4vlGY1*zUn0k&9#IJ&Q#<
zXSJ9D{S#WWY~{0vQuPO$pN&wal~>m~(g$i&25!8d2X|6^sWYuDX?#W?+Xe1`VI}X&
zj2QfhHXl%-LWTEW<5C_n+?u}juOmFI`*iSEeqRUyK!*(*CWZ`oSKPTxrJx%a`2XI$
zd)V=UKFId)00?&la_fZLL;!~!MAe43`)vQljT;h?lO#@T*SyRlvfGWbT!o6!LU<*Q
zR~?3iW|M2GUw;0{FT|%78iEQ2*tLa6u_?o)OIO4<Uw>uvk45)TT*MgR*<iGh9(BXv
z9nS|d3y5Ebjd=sIG}*Fd7VvrWDk_6aU#wWU(x(M*{(O1FYnT>4{nTt%&iQx+c>d7P
zQ0#nRM!K}=(ustL5{X;4Z^KM^r7=^G72=K>G~s2sOqsH>oYQaOb~23KyLIbd0yZ&{
zA3t{Ns8Kv?)@-6o*>aL)!LEJc9@ZQ>96x@HYa)>k?3WI#!${D+!hqM_bTkWQ8x$Qk
zYSI)Di@W<o?Sb(3AfU*L^~7ag#}MdpMEDjhTN+9!Qu%k@dFS&$^%HIOMjJpdDE>$U
z`FzQnmX;5nVMC$<C{hfWa#Us2eR|pa_~Vc2Ql2kgz9iPKTPy9dQ>98Ja_7z?a^%cy
zqU`tY-v@tvPTavFk`NL%u0+HnNhneC4cG?zx`Bncf;9NBtZf`U8Yb5u2M+9qMmiP3
zmlqW|a^+T4<T+jXjN*g$-!|p>a=}GlR2o)ao<CTaQ`k<k1h&$=VC`3DZ(`G3kg@4s
zf9-X#WHJ4P+yL9D7LX=QQ`a#)2LkCih9E35T47*QV<Og4><{_SzqWcV)V;AlD_5=-
zzfYU)_w%6C<idsXpw@|Kx9xX*y~5r-yG80WX`|InI@pc(ex<vdHS{)B+RC~xUp<fL
z^6jc^o}p!*frV=uBxyY60YLgYSjbAwAU2Tx_vtf%=u3=%t!e;};}3;RKSfw_L9Oy*
zat;*I%P~NT!%e(aVNWA_FB2~#B_+z3DU)g27rWvtSE_Vrh(XJUri~kz?0B|r+b(9$
znJ4btF~7GfmoJKSYgeQF%;F~W2UoATop82n*(_j3Bx*lh7dApBZ#=uMqs&wNuw59Z
zNoNgKV!xL!T@s1G-<K?1&ZC_|g$jr!jp~~ao=E=7ufK@{`}alpOkjnIzA}1c8$CLW
z$N)PN4*tCn^e!Z=j)(=MKL@0jMpJ=W$X>_n$eC~BhV_Q0ls-<_{R{@{%m@&U<I>Cf
znhq$^M|2t&tNsr#*nTmg`o8=CJO2MRq&L4|qqozi&05>5SFeff+qQ^{py~v&ADJ>|
z7F?9Yj~`em4>iVNM-Gcq5xZ$nB$)%w)%o(9KdgB1;)*&?*A`rx=s@>9Jyf=SFOX^4
zP=UI)Lz~WV^&&b1(r*OP7Y}6rPHj<N0Cu%~zI^%2JgZX$Kl5V)>D3Ujg6c!3F}bog
zUSAdV=gdWMwdyrJD7|Wf%9%wL>5#e?)tMsCqhVnp8y3M)i9A^jwkaYRj_5$PELlX2
zn$^TpHj*Yq>6c@dKVQ~D{`3!|x{a9g4RYtsy%P0&qM|_h5kPw1SJ?gxD55N9LPWg~
zwCzIHPtj<?rz)|D^c+ACLh|LsB6rSjzx@_!b#C@$gj|5;FHle{U-qXok0sks7Urh8
z^W>GrY}Kn)F|jyAc(OV7@4FnEpEYxaX+g_^)cj$rh^=x!#_Z9QG>+}ux^-Jjojeio
zV75W2QxqD|j2`XgFHlHi&g`ifRgI=eoyx;pm<Z2(Txk@xZ|`0M>8n(!CgNbRy$J#V
z6;o8T<I9=Kr&nKn_4~$+8+Su_lg2fw`Y=PtfSG$W${EHnOP4N%c6^sd)rJili+p%z
zxpL(ag$fn~tCv<j7b#A@e-F=V7tEY@$=^41$|R5au<1H5Wy%y<$ldn18Gww~MtU_w
zE`XMU?J0|m)>K}U=ZY08i`sSS!mJ>!fWx;K_sv%l@vRjV<=12FoIZ0-N>wQSqIrT2
zH*Ve(KmYWT*oGZd_V3>-r77jhR}_VSxTQ*!6p0fh(u<43VMj#{$h=wa#?4zIeOj}*
z!0tVJ#o9Hi#fjs`#agT#2z>En%U6ITs-&qc?y8+Ec`}hIWeSllU0SItU;%!tW4{?E
zoG5$Uy7fhM@a_*DxTIKh<Ots-c(6eikbrQ3T^C&~HVr6x7fGSKI>TVQs(OkPDW%Ct
z&04ka+frhE;@jrQd_SYV`dW<rYP5;3$82;0CNAU$Z>l~5b$(Px&+(>#x6*02o%uC(
zisPQHQ%~B{T)1#aj2SgTT)AQ|LgpfO;Onn@m@?mivg+*VGveZ<%Rm~#hRQUKQ;^Re
z2I9esO6HS-9fO#W3&}SI4HkKF=aTtv4H_hFLgG`PKmn08Tc}8zHm%IRi4USu#R{f2
z^$W_H)22z|p=zh(#k$>%UXST!&0Bz-t1euw2ja+)BVzKzakd}7wVt|W2oEe)E8%*b
z%8S7{1T)1JICK~b6fUHnZPr|}dePl6oXFn?QIU1ZkBzratXQ!kAI9p}tQ6I6dz47e
z{gCe3g?py`MW+|KiJd#Pip7f-LYrw`SCI-gg<784&Fj!~{`SjH#*}aO1D#Bpr6v}3
zJJ&7kt2Vy+>Kid>;&{V!xl`vZqEn|%B1;xCd%|)H7tEK6Db}suprPoFxbOuF^8J`0
zZrpf4^b~UYc=H|Kwy^BgyPqghv=|WnK0KZ_i*Lq`u{I-$;(opQ4e?AinB?24AS5&l
ziARZ=hx}cY@%0Rzdo;E~C3_@+Gf>0EO{6IWwcF7}det7c)KsR=%)?@PB^KMXfA(qZ
zq1y3wew0X`9{!g6a!unQB_Hv>5rSp~l$np8I9W`ZFkVpXr$ez~#YN{XU8NP}eei`7
z#(g8!LHVQuk-bLEn$Y}a^{U_^^4|sZhii>qJ>Y4wGL+Cb0a=<buugR2`{BE(9v^bQ
zR|iT9)%!sBjT<(I(O-@*HAO4T#!a3Pef#z?;<|tG*$DC4fWD@3yns*YFj!9x^0?tg
z#(@I|%9boya<vjn)T&)a)UDS*YO-lk5eTH`aP%0Kyk5C-<uh<8oXvC~;87uc9QZ;m
z#lQ^%CJvsgMEee%pmJ^@s#mRS{GRPQcZ=bl4~GftZ>DKH2gHlrUhXMEvt<)R1a7js
zZQE8^kE{*V?S%5>%EAP}ZFeFwEPsgfG)l9BKbI~yvdOFO-?vYs&yYd9`T78H@$zNS
zrgd9UwOVyi4jy3ymg(8uAbdt$CK&804$Kvtfc8g3cp?!^ewCOqIm{p!0JmJZa+1P-
zH+8CqtiBq?&<@Y8b*tvax*+W6QS1i3NKBbL!Gj=>uLn!Q#fUv`=rqX4{1EW*C&9-{
z4PKr+`9z0~oq+J<-Q#;u`qN++5oK7MJaJsyhHX@EP_Q%t3_?synwoR-<Yvz}ukYw3
z#}JVO@b~w?-&0NQES-=gef#q$kUj{pW#%9faUETHLwglY$y@+&p-P^&a^)(bMvW@+
zB~sr0%Wu=gWKjL3OP3hGh6qumN>#B3+D|GryaDC-HEY%O5N~ouak*UL9!v<VK(pn(
zefx<yvuDa%z5Be1sBUi<#kOtRDFzOBRnA0|Bn=w;j%d~LIpe-c#0iNb*C8}0<L@I7
z$rmhK<g;TospvHr#;sYiN;NC(g1Wx=lIYyIv&fg%z0TOSeWzHpdJS0^NUiRR`<TW4
z!c1uubwb(mA=D@S+c}_jv|T<z#3{$p^~IN^Sl5d5d-v`aOBVfMEa;7a+a$==^5eF1
zW;t~Dh{^s6Q8?;C2oi`zxQKP62cj1Qh2LgXR5fVONTf-dP9lUv3?N55AV=J|uq`i9
z6qLWJT=a1dqzMxyiLqagk<u9b**yi*;XC*^q5?+deSKhmlW3E5NbxU$dK1wfJTS95
zj2gfXks4b&Ko}4>!FclUNs}hVhn(D&hyQKb4DrdwAA2C9UHf)<PeXIu^OauEAlDQR
zF;nf`yH6tfc`Wen-@PNPOC{0+@#$3a$NafgXOVEo=M!*GSiAPU<-t*C{?MUAYqJbl
z%?6F00Xq}lMCs?up5-wkd23VMBa8d-u#Y`lBK3V_F;i{EOjTCZiOD(EksiEc-TwXi
zV^*AFjI%I|t++TNze{Z;DWO7qBK=cOkvhhcym|R@rA6BG>BJv@EE26-Hunk1RY#O6
zd<-O0PSGmgdM2VAJ$4)ja>jbg=j#NRxpKjsF*(GM-hk4YF<*aU3PbI!yt+rR?9lh$
zlZ)crd-h3P#Ely_r6UT>oQdQ-yD2@>_aWxJD5g*QO*J7+Bk(SALRNp&$n-4{7s{#I
zP)^Cx&$VcUur38mNdL$DdB*I>LL?Yi!wI;PiX1s|7`;&RykyA|4_84_{pDEi>F$Cw
zJ}X_)?a<ElpqogHhN7l&MsM~BXNJ?hyx+MHQHC{Z*37g!bT;thV0QsQMj%o0zsw3k
zbOELr5B=QvvtsTa3q>lhKxfaLF(G{G*0nLcClqB%y2Q9CFg^Hn3D~2mV)N#WhPiN(
zB=N-uAADdMGnHDIGG!7KE0i}r27YvOn9hKYYv-;#;`oUZraIm(5++CpiVq9U?4hP&
zMDC@_SAY%Ux?r!#l@eCjqGZWp80%K~(U*rjf9uvQlK=nW)5_uwtdLKieJDnaUL(D%
z*f0@#|AB+z)S0t_T4S<j!P>J53JL+=9PtdnKl2$9QOJTRwvuTeJQWB2B7GW#@Ei*R
z!0NDR<3<z0N9YBHLND+u%ALdksey#2@Hc(OjvcwSdjqpasB$ws36qWf{RfynQaZyU
z=A|?-=DG*#!fb)?oQid%$Bzr=m#u&-2|*$`UlK5#>4<~~iFlDR59LCD{FICL>e*e^
z<DVu?tBbLt-S2JJ_E3rNw9}sg?Wj&27B5-~#gwydgZ{hY$9-$CJzQ9qEmI0w#QfsW
zk)x2)A2&WAqjMzqkz~k_PGroGUS!RhMZYD}bkk$>W^ceX4dJb~he)1QjeGTaEYLqX
zAn)bNQ(m-eGfSp_`T0j_vtO=!IroB4BN!}zCulrVd5sLp^%(_NA$<hmR>6J0%yi);
zXJC0+vZP=|bx;dV<^kbPfek5)q}!@bFX#>dcnMj%aZG^dvnZlaF9#w^<p|s1bI>C{
z<bhsC1$)A}qR>AD>65Qr8!1{O4?bs(`$f{kfQwD?%_&o*mIh!7*%cMzGdqk$jSeM>
zk<TUp5n|yox98KJOBTxqHevikna@8&c(!d-*;CTvZF?Xhe-T(d@?aaJ+NVyR76>FO
zO^`D{t?mt|8LnETqIAwy5*byVzn4C%Tuc+FiL6(zj!@&CHR~@RJ!f$t>ebyV&+5-%
zIIX}M6387av)qKkoxXYNhB$xjoHVF&``{jyW)-TgIzua78OkMf>C+kJ8R=BPbm=JW
zkAxF&hEd8w&Llv1^8I!QA6dzr;v#A*Jn$H`Y^`E{=g(hYLVC{33N~-voR?usVhXWN
z=^@)KXkEmrK~ws|LkEh&$o?cxkwS!qW*1pNNy+j=1)Lrg|EHHF!oT!V1M&6ObB%0n
z$UA%140-UO($bN^r0jqn01rEgZY|G`W9s)mN}CcT%huTodQ(-doL7AR{VAiWb=+<z
z?mWhQJt5s9F)OkREjSTTS)4n2M(p0b%Ou*>>sZsj{`zZSe~}(-xThs+W4OL>;k=Ps
zs#Gba4;mT1CAN|8S4d9{xDy}*i08EGRM<;?tRp>sOgk_Ad)%Te3=bVh9i1R=Zl^o$
z{L-b0fmb*GOskg>cj0i-;(BjA@-B_Unlx@?m6k*nK#J~!C5jgZ(wnkP7j4@<jq5O(
zcm1lH;;RBjj)aN!ZCk0!Xq^$kf>Q$zdqstPt5{|D3~c*>&!xdF(o$7{A{OdeKLhFA
zys@4cjkFmXqR~JURe~X3tr|s{C~v!|Uu3c6E6<C*z1-LJ>+OM7vbvZxb7^D&E%j>O
zY~q^<k<>`LWlE9_fuu>$iTW^*>yHHsCB;^SPC<lu0*V&;uoAdPq>`n5+t!l0`|8)4
zJxe$i(8a{YO>RkuYG0k(w~DKhV%~zRNN+K&@7|5M(INT!Wy_WYSF2XdXQT(RT`&e=
zN$9b9Hf`F(yCnCK{H&$C&1E-z%~ztNoGomM$u*1FKE<|F)S0o3^hvB{2i74aPMk!t
zGt^vW$&yt@5TGe>R;07%%r3HJ$t<XDp9fy=#V(y>^*@)a5%d3OZ1B8eMqGtm&eNcv
z3ytPEJG}dL8IdCCefW>AG4j17I0KN4QT(=D*_kt@8QBbIHRz3jUdtPWBNCH;ye_7E
zn@qem#QdT1L*NHmq2eB+%C{4a8fi)~5Lz6PojWi(J1Py&F2EF;=EtOt*AOx6G7Rx9
zU%n!a9z9~zvr8;rzMM#Jcgr>p;l>SqY{!mmqE5Z~M!C#*Pua3%mwobsg4T8k_<HhZ
zCyYY&i6CTmfkfsL#85IyFf51;mS9hZ^?T7x$12ie(Ii*p`ryd3XV0D;=CvtAA?z2M
z8jHj9kO*W!q=dAvE!TNxYGu!#zX;y-G<ZidvFSHpi^!HKzbH`ns7RXZhWP5s8{)10
zRmIU0ZkC`z#RFpZj+>%cn@A+m$KjN=B0N7HMcs*9R@TT`-l<)cKXb-Xuv-npcM}hY
zUE7})SFgJ%JI5<T<X8v3nOkhw5V;OX1Y^5>;CEA`NQDSwIU#Z_tD2ON9ZsA$DUKgM
zDL;UH`}fO5?S7PJ6ov&bj?)2rJ);ZgSzgoW(xv0BDTdhfDn78Z=^{g?RIgDJhI-><
z8(?SS0rA6N%KSfwEWbqNNgVehIw0$l1V=R-pH7-IDF-*tQ!EX``dQ=P@HZ$ZQ>F~1
zJ~4(^RZaovGh!>qV@hPk(b9;jU%x&gQ^pJ)gFglZ(GeJ6k%Ez8@nI-6K9yJ$Y3Y=f
z3XT5#N{JTF9urA`_&SWASU`L>e3QvWoA=4PCx_hso3BUPN;mX2>^3H*DZ!g>yy25p
zmDZOu%KH4%VIJdX*Y0UCsQ(?2DXUo_wsv)HF=qTN{LV;rjnNYZ4IUz;N0is!r63=W
zBxw?SKopy1hVCJwVS}UphV>gZ!A_{Oo+Y4_O$e>*JyT{B7nm7NV1`J~ViffjDqPGj
z<rJh&+z2BM9d)o<pny}6AxdSNe3vt3%`!=DXl|S;RSMpgfV$ZcHs!dwj_x^DksgCe
z46WQ1oyF<-N+0p%$S)*9Z{M*SeDX<XLyt+MPzbJqAW<tDKYm<z3*ijeFz<giWwHn5
z;*Y27Ucsh~2Rx9B_b40h)9*Dg;MLyZ*ojl(i{Zl!3Z?3*Gxj{PwF%*UN@=`B4XaeC
ziZsS*)9N`yb=V;~KHnZM__VFgphnFKSRcff-JU*m1=Rg7H3WGk`#1E%kEPxI-Mjas
z29{b^BELHB-i5u*{k!t_QSrtPAum?=RJd*5xknT&T)@;Ocyvl*{6hNS!-sc+Vrw)T
zqD1P2uH8*Y&vzDGGX%13qsELjAw2uh&5R?=qxqoxStPR=4~T7~4}zcU$x)+58G>zo
z(X_Royq;zVZp3z*B2ei=#Rp9hi0q{9(o_LR9|u8M4<0xm#(g^$Q+x^;tNy1Szqdth
z{a3bZ)mC28<aqU}Rnh{HP8n}wde4_9x0p3&uIPx3dUYih<@g&mtkawENR#5*g}J5;
z{-8l`!eJyeUgTJ52}+&AXTwKIx5C4R4vI67`74EsN5c^roa*^JeueJ<)6L+daTlfq
z_h44-!r?}AH{#O-!EJuvHbYP!15L2`oOM$KHV>pvij!MW5Ye9xr&Q2+oK>s{<4+bS
zSjc31L(^g!oc;3C_Z|{ByY`6-)R**l`6UnM8kR3tE^-$Ve01aCi_y)l9e?v;m8ZvG
z9>V^b%-)-7V3bSmfn1r6*WuxD<Zcl({0a#Pk><XP@faQwF4GU-8s~Ba<DN_G{A;^3
zy`_2axCs+QnNlT0&fK}h)-7A)j@RU^m12v&nEUr1K=grp@Wh!YsV%3~=FOW+2bJG{
z`vuz8qoDfz1^H7Q;W<veh^T;aecJX|d3+)n*CIV%=`A(Hv?3*ILYtgg`0&cU@tWAQ
zd5fr9r?y09hW{e~5#>2^<}A|Jwsq@PB5USM2pf__Oq}qoIF8wnro4Pk)U?txn$OMU
zaz88i+>pn79uFUe%bCE6@br@fq``4icIf+`i%<;B1_5itDs!P=%#kyXM0&l6;>C)H
z3gycRWm-%V41V<U=FSn-Yt)j;!aUH8l!f`XGAh*Tt2Axu6=C3d0#>EN)V-LVV;kv1
zIwH>b8{mO;zJAxP9WurZB{tmYBRrf4ug-j#oUYyW*TKOq__FSXxxiRyR@?uzH$=tq
z<q-OBl}L@ftLoOR2b+};i3~v@_&}h%Aq+#D%d?Os(1<Ku+SF2`%8%%|=UPexqS<Ya
zmtPbG3sGZk28JK>1sH3_3iIa9meCZHIq(3Cms(6x-ITDt<bGRQ{&I^et5mH9lLt5J
zA(0i0g#)4QyIh#n4vI7gKJ^AZ5-NbGOyl@lwP^<=3Xy3dJ)f11@XT|65aCc@aSdsP
zXP$Y68AEY&z~TPVnBxOr`<rgy#T)Tmau2J;3+IXEEn3^wq~TaW*v!)qFA@A@zy0=G
zoRLnH(5sID8>1=0+i$&LwA;IP?=_I%9WgRunBZzUHXsgE;gzvE-v{=lG&QU`kSg!n
zyU%zzMEC~}+>}ecw1}5^4-pOMK1hV8*s@>$fub$=<Zat`h!ZDIgOa&<+q(#PO@5aP
zyxW-SnI;QFC+$O!xo69kRnWd&vIMSsqGP8QM2Qk5rTTpJsulXsWSWt~d;xACX9XgI
zLU`<#1YSIyba>%dVUG^W$18|tut8SK1vkDs7_&UMK)rnjV<fABG_KdKT_-ity?gf&
z6)RSj?unyEjsSaf3KZUja(r&)!%gWQV9j*R!={}SliG2(ZMKG}Z~_KF-ri?`6zAO6
zUw_?ORiNkE;)Q>x%YdAT@J%%{2{@1l*yuDv<9>ah-UbtBqz|4mYff7%UT?r*dTFOl
zokB4kVwzg-F^0W+cVR1?9U8@oe0i>j7rAQrQXu^TS@+py&x!W!T8mp?9r$1*VgR}C
zVF5=Zr~H~ofA=<!2<c?W+*-cbv**bAdEs#3=5<|ieb5XPpC6JP9L9$dQ=kD{0Z?)B
z;1nBjZ9<zJx(IGV&{u*SGd@^(#<=B&OXTMVjN>xw{8z79E5&#nJHH@kl70NdaY+Qu
zAt>wve85(u=QTe(Jr<<;E#$}fKIo?mABXmcS$Pd2!#=nlsS#6!9nNs%7{d^N>h>Rh
z%tMrlucc3d%8Txq3s;(wkOe02BZUUJGm=qj7iA6K{sa=~<0D?ll15D$O@_3_C$@<@
zicq;iO6PugE_tTu?1K4o4UZ|>lDBKu9&7^b>KDs}+<j0^h4>0d_yKUE10p{cfrLW`
z_DeBn?p!&M7e^u?7k#v+;fG`gM4FgDK7<G?1O#R59WFXKR>prJtVamDLs-m~ELmEP
zlfRwg=eY0iz_t71#2Iz>?%O9#ircnnDcax}aPi0S(It><2A`WE5=?WWibbHlzUU8F
zA5Pbw0r^iZTed8hkH7gL>a>KBm_f-Hx%tDP?}9)rk~#w)+cAnU059DGb%$^wJd|-u
zA+DWj6bw)zAV?3zQ4$39*@qaGmHi#p0U+g^*)!zJ;sWh9LTJ-fPx-#qhMb$yo*LDw
z;3HUpNCoGB6qwrKBTJ;eN2&;9kw^oCxdW<7DMzZ*Zh;Z~G!GvRlfx=nw6H`%H&WdP
zg5B|VxTf+}>rHhtSMFRuMzSAVh(C~#(ipn$9Cjf23$qk~k`9hjeXtxiX9W2n<9G1G
z<OjpC{;^<@tn*y+XC-nd%TX$X7%n^<ePQcMv25uQNho|lc-dgYA0U6q>eZ|7g@mNB
zp6@0709x1Tg9i_$Moj`EH*-9+4H`3g6m~G2CmmhXef>;VKqC4;gc+xVrdG{rhCeLJ
zQ9QYE<HmcKjhf;zU~G*VgHIG$6}CGQ;o-o10K8&qyZgT6@g*(A3rqgj7Ab+@10+!1
zT?;O9+=7N~gBxMnLFok-zz-gTNXi`?j9o{<gTw<YV1t7~jP6{Z`UI-v*TA%ynm#VB
zmM&c;k&#GwG%QS(iS8dKi@-IjSBb(!iptr9>y;A4i^wjH!akqd?hukDOA1PVNB&+V
zxxrr8QtHAjJ>4^(TN1;M^M@aQl{>gR+w58SA^h<DR4Iv~vMy)NTypl14aeXQ<nYtr
zyz@Mw1b=UB1`*$K?AWnmI`Z@5@JcLcI<Cyet?l@7&2<M{G2@|ZjHX;XS6lqH&Gcnp
z5oMkN!tb&}cuw(|AaW~PuA+4RV|j|NXbx)?^Qr!nT{f?&g)9nROu6S0#CcP{{|P)S
zM4NHk+oT5vQ%dnbN;2qW6#~f(o#ov&=0Q^Ir`lz|)bwUYgoJ{y>tV!$<x3YE3r<x|
zo!72g?`UeQ%J95ly}c}-ZhE7z;B5X}3mLRkEsVGC*d><!xmY$qQ6y(81w?!vM0m9r
zbxUE~YaLox{)w56Gaf&l1Nco#5$cdYcF75p83j$KIYSV_5HM;7LJ@M7)t@=<f#07D
z6X9@B*&lhW0EFgSq}@E4%KV3(V}kS{<l%wvCb=D{PAMpNKKS5$lfR?>e5lc+E8P#U
zv7I|-wq#B8`%F`=PO}3>NH}ot077hElT<z&6h7P)R|G>$88=QikeqIFZudC%*^>xS
zCcg)MrAfgjE(G5>X4FV2-LUqluKAHf1zeC?tv~fTl%7nSFiyHKmMC6SniO+;dIg-V
z$lB<@k60l;DLs*%a(Id*c|C3VbRg*!v1;WC1L5`hDotHR*KRM1=FOflMHEo?)p^3C
z@8tHR=MZICU&qw1Uw`W1!-x07c4o6Gi*dP~RaM46_#9o0Y!EEt#y4%+l(Jp}xX2p%
z;V@`8+ZcJiB>E3{UG5sP%0_&s>T_XJs8A8<U6n3<2D!2i4vynScql*OfYK}Fl&bT?
zci%xnxJzEvL1;i~S;_k<s93Qw%!&7S7_(8$zIX3FRm}GM!;in%?h8fAO3BS9!#*_C
zV+4T^h)p+d-YD}a&Sbz>HD)3^K~i^8dx&tu!x6U<+S}vsPTIb0s}Xrk7PS1KXtW%B
zZ5bL*k0E3!=5e`c%U02*RZ9>aILCt(Q~*(-3$bRX#FFN`a11wg7t}XpV3>0{@>6@B
zAOX`)AreHw$Tae3{*eH&aS}pCPg%Wkl~jEN@~oaG+r%@qCF-`BQ4Inf?a#gR(n}_U
zr&kbTPWpoI+$X6lf+aP7mg^J&1ydav?t0>+iE<0~g$w==^XIumjcP0ux2fQ$%%gNB
z0i3d_d8G1(Q#Y?kwFrzZrVyUjx}{;UVkN}$ojOZtfi;>I%TlWG!_U8p+R(Z>!Imv<
z<h9;!`pmOp*vB7;+O=y5gef;RN}z;8hnX{e2hZ=e2n9uzNXOrD^k|q|bCBvQZLMBU
zPt#_lG89~VmW=AgO&k=$b2jbMw_lW7mzF9~O#JZE&!SO-dQvi^#D(yuje}i4{s6l}
z;Y7IJ?>{{q9ZH`LY|TkXYK-5`Sc-gsSkc?sP#6Ux63WYnCcBXNO8%J=8tzP?`>v9Q
zT?ZLId1uO{>3PIOuD{X=c1z1Z^0h6VYi>kAU_OzfaN)uptO~`X9Ger+jDW0$6@LAF
zy74jd9@(JfD^^R%%D%mkVYjXIyj^n!<)+Yi^W{a@?<@$PQdC9<qjs0=bE9NB!7N(*
zr(k5aAAkBqd^P$@(H6hqQ_GCw)K9<uuZf?2_|EhkB9vLL!Z-MT|0YWBFVY9YTzDfC
z6h-xiM+fhAn9_CCv3}n!O~mify}LBgrGXb0tyET#n$rQhIh04-VuvOHYHuaI9lmVF
zfmCqx7=1?FYIlb9Q(#wD-BafgBS+ir=r?il_b_4L3~z=_2&8KFTYWK9V@otvQ{Xgi
z-naAH<#VG|DnpAbUA##0_O$P5(6EuTTvevm3~=Qu!m}?f^cx}cAH}S?yC!XQU{ahP
zNWVvg0r^j{H&|R&hkd*W;psI)m$44*{o~^qfN4Gg1kIQ=S5iUl@~7ArZjCc}(gY*6
zBVUS=LXi4U{onni7e%g`Id}`AOgNNe74id-84-V|aV0g33aAvBJ!__iRB6h@@uG9r
z7d@&o7QG$#VyMP?{1DYfa{Q=uTOa)+Wkj^~>o>@7;biZuQZEt*^73TqIE!%4E+Tuk
z7rS^}z}k(Sk}Vp9ZQkTIkx*r57CvdxB>Nw%3jNd0N?PE<IS6siPvG~t^rJ$BN-iwi
zT&VxZ53nGnvFPK{)3Ang!Fj}m-3uMZh^;(r+j_BEch{GrzcLQ20c^{G%6n}a_W3Tb
zShjWbu`-Ph+yz#}vAx)O*7FuDav?0b#~49qT#(ay<Xgx6xLrHpw9o7fT+HHq_~D1Q
zs5nqI)%cMJrdmx>!{^(z=H=f4r1TWIF#<4SP*Q26rg`gtIAaWa{Y{g~Ta~d})N;1y
z+3Qt9*RU4BRB0w_1uHMl`yAH?AAI0A7P3R!DKSIFOd>zbpp&C7ozh$Tcof%-8aI{J
zskA~>K%=i?V5u0A@1F!fdV4{Q)7RjT-vvCL@x@~S>uT7ji3@z`Bd1CjUzB|U5haBu
z<;2S}9h@aDT)1dzgV&_k*0TJauMT+K)vM2|E+~~e?vsLB$HQ60u3yeNa6@!K!|YMV
z+Q#2;&6%uPwd$td2#Z-4MVQv-;>$HcExO<~>1x=pv8!?8rY`<|U+M*-44$8%_t4Y!
zUjlk`fL)}d3dm1p&z=L33o@xJpU$MHty{J5i|?eAg?uozrL=ibCIC9GODe9MxM}N7
z3i|A`&x-fodshZcr9?w1lo-i?+F^$LP<%hnAAa<ahes6cfG8HFnDoXC&nOh1efFv8
zciV;aqx6W<AWBy#&7p*a#&!g!-=Nkn8Sy)c6fS6zI+;3jxZnc4Aw-dM8}t<zjetrt
z72$yO7>Efn`vyoZ!a?z6dzhb0Wc+;2{5q5?S04I;iZH_{VzQ^Ft&wg|PfOX=tJli4
zl+_}Xwm0k6t>Ye9)zJ1Tz5PI>eP(ai8NyTd%b!30CrndfQx-q4DV!3#1=nX;EAVA}
z^6`hL`z*YVYMMlR*0Snau`uddoptGlLLxiXh9XERZ`Q3{W5~|g1}KjS@tH?G0s}zl
zK!pkwFjlp_)tA<a@ca<zNWu@yZWA@KI9!10W&*nONgsnRtPiDHbLP&MJDad>RBn%Y
z`%IIdbbG10WEYjLBx291xVTLXS`aAzN;rC#(-EG*b89_aM_Q8-!F}CmjeXMiY}BYP
zO-5(@;OEbuf2v}|ilHbHSUrJG_M=D#fl{5r0Oa(94HaB3bm`_gb^2_yrfKUm$7`|)
zJk)}di$5OGVFg%+i$UuGk}OAymaR=wELk1=cH?kjbJTBFXO3B~$Ntnkp5dq>**}#>
z)=4d>xp3C&`kLmmVZR(B4~|_uH!C|u_RiOK^>V{L{leAZ`OYrbKgr+2g)HvJ!@(%Z
ztwD)RzY`)%*SF&*xxV}1XV>r3X1eChU+7x4e5GsM`i-t_J9fG7A-YbUI_<(f04`XM
zI*tj%(9|ybL4Q@*Zy*nUD18ywU2mbb(k(}CCDrJ5yGY<AM+szC7^huPXI3CfLUu%#
zPpjRt@uEew>NSi7pIrxJeF(IjY0|W*X$E0`6pzyFjxzye+qAS)=E2r*A5M<ndcRZ#
zsj*s>T+~ognMO)p72~#3ig8!LL@+#~Hd!rX_4ZYo3v~Xb8Plgp<<#ggaJGQRm%x6f
ze*YuHzJIFX(nN!SPSx0q8$Kqe6l92wLkACtg$w_XwT2HLz6jdcFeoOw>WWDaK5U{<
z0*?HF*>j3i|M?E>3`deGRjZs?zHB)J(gCFQK7K(#_|arQ<(J6C>wtl8xE3y2;`r5~
z-GJRA1to>FQZh9jb>@ARQ!|62hSst0KFhHlSQdF^U6$9&LgsCvJgOg_IfHmBORBDB
zEWI4l`uMo0CFR!Jwo9`N%UZ{1Z95RxFn@6MeRZG<JAoMEf<2N8_EyF<$H>_LQ65}~
z`VbIGuf{%p;uKRq6DCZkfqMa?_P$d3lA!YIN#zMNmP(C9Y?n?QOcBZC%~<|J-kv79
zO8d(0$p6v7+Dh5T-*)Tvk{CPoYum*f@4xfTyWr`6kUpnCWK*mgQqg+#>U#us;;f@D
zzSs^uvk068KN|MAw0)NumOos?6Ra~N+u%;;)U@hA{@xc}Uau2~^n^)MrSr{_Me~hK
z+p=WI0^>J#tfh+Zb*NXLI}3Vlv=$B<A}ZCk!`_HCN6H>bjf){oxF&4T@;Q%KH>wOB
zOg@cRSK)(0r1aC-aF1(>n1c^rPzb!>PoXFI^%X2w$o1*x|8tEV^Noqpsju{LJ1fy4
zskRdzO)(vR9}w2#H(B{~mb11)3e0?jEcB?)=RxYsagh3xVm}IM9n<%~-}uq6&s>P(
zW1_kW5Bl^Q;DSZ1iPDp=@6z=p+w!WO^^6Zd^8D8EUc7kO1)C$IEo>536lDTJ?LCdp
zF)AHkdhjx~NHKyn6-N{Sik|Z3&7&84Y}4EzVdSXMQgTwJbV+H-OG=|3`C!OJo*s)P
zlU)pd6lV`geiX2r;-^*K^xuDzO1gP4tKb?$Z=2%A)TvX+ok^&O(nX}I{^NM&%teV+
z&Rn@YhF7&}br={jBxNKpio>{X#v&Nk*O8e%r06qI74|)xS#(I5GPx=K5Lm0h`u&)s
zqhfD7Havd)jkiR;0tH0nise1_S&GR(9z|V>6KPvQ@gaeswsn00?cizGW5;?B2`Fpl
zOR@qHd*-a!#>b%dL)MG^_$x2B_VIUI)Ar}uwHspM_-}>o>%a(c`SKTnDYtufL5}T5
zxGySS0bWzq-lIp4ePzp*{S3Q}>_*m29BDvA%flLX!0*5Ro`mv$9X28emcI4Qp~L2F
zH9_eUp}gA<RIli7+RKy?JZa)28i5;A4AZk_&y!*)>vZ&QxK?b4-EZN-RV_fR_sQN^
z^ZpIjWN|3=?9{od2?wa59yItpgS|l{1Jix5!+Y`jv*B=JM@Vcdty;C}vM&CFe}Knx
zWS+voY15|V_tK_QUmp36><u(-U0><-iYfdTqwpq0q}(i7GW+{&{Ugd#BTIJ34oLl-
zG@E+p3cI@h)Vz!t;h}~Q;komeSy^hR_wLy#e-@)q=%E84<vWPrOvIZ=yKm12zy;|l
zD4w!H^D4uDvk1fZ{XTuBskFXHLs(c?In&K(UN|9r%G$MSkJb&#*nYu+g{7o~@n@dE
zzyAp^2yHS%Z78StC#YY|c%UGR(z!?Fk)?qwpHw5#<6YgfKVOHbK~4B)7<YH?-eaVh
zpi8BK!-o$SSLv9XZIK@FOvWgO0lo3O`SL@llN>Q5Q|Q?~r73EppD3;Pn0^9}<_XZG
zg3kIc!cp8`psf)_u$dA2p24ZC@GG|YqykO>cRmC}8fU2+-p>cP(V7C?d0yqIGyGpY
zSJmpKA7>AwhY4{A90!{7tF=Pu(xpVQq{*V?*xRr{eHp-sTetUm#n}zd+UJw&=sy8Q
zI~X<c3yGNDBJ|!@-;DRWu{4l8k<gLgSs`Ek0^;(;i$*rhj{(Ju4BrwDb+=0{{G9;&
z{5_|8{^WZgJ$9&g0Qay^gjDk|CoEDZzfV4})&cbD-A^hgsBUMxmwgCTr{D?IS5G2v
zXZ1{1uUaXc<@wARrC`Y5L4J3_@P`*0^5XyiGJi=#K~yQQ`(M8NW~8rPy(T=ZYKqb@
zI#d8lOtL%^a2-$O`EbssZ?s0kJ1^kYj(REJ%PkM2kEnDaPo6w&^{<ZNy66I9ne*W#
zg7Y}fiE${PpRDdPs`8(l{eJ?~AXDs0jWr=dMmm%yk&97oTS<xv1(Lky>mNpx<3ZaX
z9nxpWATMcNPBUZz*MKlLP7TEW1DEk-ruRSD5OHCRF1l>fx}~XxG9hOs_9|O#x*5$2
zC!}X{YwcJZfBX6A=igxzbpcYJWOxBdaU>IEH0sc(NmFUR&X+}1{1fp12@u(7-oU61
zOW-Wtv@uQJg(!gd@I?AViId{_CzovL_;0`QzXQ~uSC<Z)Jrr;&A_X)z2I5yi0D%k0
zqgIce^`!hkI6`nRJa|#e_Tyl@cBo&!envyY0ft`GVZX)|Ak_J0{a$p_-keB0*qi8d
zGH%>AQceon9cV+{8!b?oqky77S_smqg9m4ncJ14nEF@LgCuj2$AdwjR%{cKro*SKG
zU^FL{WXdTfOXiG{on$Qrk-B*Cyezk3<!Vu-az%4vF}TVW8Y+5VFR{^Ij*zVo@gb2(
z0GpZd+(kST_pu|5oN0Iu@_E?gY&G@B5HKUY_`;M&<&@fugg3Bj;Q>>DXkK_j`UlZ$
z)2KFo;bL*?<_#Hsnt_;r_40GijlG_9pz)S++@RSn557RgZP9~5>2?0AX(BqEM6A&p
zXax81#~&M7VLqQCg$u#)C7xS3gX@HN2Mh)~dh{5-k^TyNkaciraX6VzKiWQh`^)W)
zpmmi+X`raHE_!`EO$twhr|E$XW5<4LT*6It1}*}!koAW2Mu$u|1uHcb(k`xEy@r^P
zqh#o9?l}|>;x8gSkE9VBCaB_kk&My8&=q{4w6W(jt$Q!2&=y=&5fn93ZTwr$d^S{y
z(c8?5=$sX~@T>E5ZD}LKvN}-4&W-D+#UvyJi^8bMXR*`aq$xl66pc=`XSM!>qR7K8
zhqgueVWPs_V;DA^woKlDHcCBvzT&ZWEbDN`7Di@P0RMnNDjn0a&q%L)OMUI|^ATSn
zbas%8!$`g|Ui|pLcOX50yZY(CJ!3h&amTu-w43B#U+B`+!)``zFRC=#Ao%j(C`3})
zSV~5$24_zFDTH;p?=7G9J9Ky<tH-|iT%4W_`=Oy59a5|To^rupOv=)M_;j4%Mi>O{
zjm7<C^I_}F=m4WHGe8$3uIZ3ERVvY`Q)k-UU_*)hQc@QO3t?`qN1x@)Fi$QBGw@<X
zi+J$wdOM8CsX`2bP1=Kv*7oc7W0LlU^ll8*TKDxOQW_I>_@Jcfoa!)WNpXnuY?RT3
zbs!QE;k$J1AjW<*+7#MPFUK?yb^N$*CE_#67^iirswocDeM@!US$Z8&vcQjT#23S5
zll*W<CCNTjuUbX6%a4K1=d8PT?;hzO&BC;dRPe`wg`!F0M)*i;OXD>5NoQ~MQSi6Z
z(}`4>zlr$@f!PL)&lK2=m$RIjRk=7-@jg`@{mc&#J9EpRSXLW<RW1ph3ujr<`V=YM
zfqb1~bX;%Lw<or3+eu?hjK*k^#zxbijcpr^Z5xekr;V+~HlOo<pRdn)v({PjWoAvz
ztT|`yd+*=At{PT7J~n)4*R@B4ovdE_v48nvf>~#j{ObIFcat~JLsyV&!j=G1NT8-2
zWSG)q%(l`Sdk$`jdWiyOL=+Kk45RLYllk5d`Sze6T{ZV9)c0}KjgvahX^};y&S&}Q
z!s~q|SyPIYt$xmFJ|jiC)m)B5y9}j_pRd^NGl}6mm(06nzSTnIRwdQPI@7kH25Jj{
zrI;}Os;ddLCT;q~#k+x}7Pt9MJLTc@xxkq4?C9)S-Mw=Bhs)db@{POBsxe7t$9Wx0
zg*KizHQ}_uoy6vf9owBlG%;Y_e9^dAJ$f)9V+QuZ-k9vu3>AymxHWH`Tcx2KX>8`5
zX}ENfuYKR10nyi7zaRqIEQs$Tf<e7I#ixX~PL$CVmac~pt;0ZUbR%xXbQo#i8yn;P
z4arJN;tr4bq117ai5?+}47FbvWV<oGhK{8&AJS1Bi%zhAx|gxk5?!Fw?C`H^D{0We
zi6g9$;c?|q(KEGq3Eu+4c`;+nl#R6NqLA)z`9l%zlZSiqLT4vmHV|Qx9jl_>*R}7C
zW${48AL&IYLAdo|j0CmqJw<K<4##B$Zfj54kMDTq0l|rM%Km8&Qb$Y~AbED*0*YFc
z>q|51KdotS@lW<}Xr#8$W?Q8~gf~MQ)SBo1#Gu~en155wAHrz61@1R^BV-eNr=L@p
zdF<4sl^Gx(Nx~oXmN1t{-NgqN9H{Dmw9t4hjv2zpajC4Xq?^(M;_PUMLy6GJwMLbi
zYCT58U|h7!E5)?~6ntBaW8OqCJINda4^6`HNb!eAa4HfmYXT}ga#62G=0SxRQQ3oa
zRY}tKV=BtXzF>M$WSnm4nu4K<htcm`IFKD8wcQLhL^&}1CATMwTJLr%ogcr=!ZBX3
z8VYPMr-fsX_4Da-+j^@c!*5^TO6qF$L2|lTCEv<cRkPcjjwpLvMt&eiUO!p(LuY+v
z)T*N3RgS6m4}%OvCF@-f7ae!4a&y~&>{Ev7YZ2qjg`aNjr0^zWnrjFkaZqQ6eNaZ`
z(y;UFCVh!KzSd+l!{>sPB=zgeyHusmwd~G6mAvfg^d$5WxR^Z;#9oV_?w}RF4par3
zsq|)#;GIO;D?Gt&Dh4f{lszk1F3_-BF?(B-DPO|$V2%hdkH@CTXR?0ACD0rV{h8IP
z81r{{GQ&n%9R^Uox=T&UzMj2?$^NbCPE=#{CIJ_4kPeVknk#};IZT`*N@^YZo{;bc
zx2cRp1Yu_@{jXil`>HR^_?yA|VpQA%1K4@|KgM*j&7XkyCTiSAcgP)16+;S}uFW;~
zm%zZe;{pct;*P)*hh)5&hJ4Th7o;G!v<&S#79wiOy5sF3$71>46TQe3=ESas1&=US
zgsx|tBmK<+OZx%w<+Ir-wr<5lp-)eT+f-dnXQB=>1yTB&doNXQM~iz81WmnPUEe|`
z4W529L+mAXlpCb%Mnte#=DebK2p4k@5vt<favWPXPuA(2e63mj#Wo$qVf#4Y-e|Qv
zw5#*CYO#mg`+ykFh22TadcV#2rTP1&7uz!*21vddhWwWk1!=-jw!u`+CumaF+|eqV
z!9lR0OoCpN5*)d=S)A*d)qHbcD^i4AaOlkKAOwwEY_z{}jtJ8R3Fp#R$#e=?8z?np
z6JLny)%J(UFPWbV_f<P23r8FEeHVr{eSP6ALI_O`ZV5~lCXN!?=8=DW@z<=-#3B)B
zOxCRYj>GU(_7(c5Kfd2Mfu$fiG@YQ-q(rim+l5XUfwAJ)B#><MVmgOcOCg7Y=nsK$
zW1S9xzw`CpBoc;^$d$spG-qtxhO;c<eaKt^D#;2}^~5Kg6jRzycGpp*koSJgbY*JA
zagIB8Z3~}PZRSezgxu^$>-T@yE{G`S2r#&sQpd*zdbd@AE41JVYnAPZRJMbDJS4^$
zP5*F5?*xZt3A)OAdORv~VW#<vUwks%GG!`JtsV5mO16Jm_shW{#;af2cxStu2-fs8
z9g4vssg)_k8L7a^!{|ixPfs7M;;1rjo#&S5!r1;D7d%b<IGny<0_iy$(XvTmvx<g9
zCh$XJZz6lLV53{OfA!*^vo{bnoN`b;ViE5C&JFuw%RQlnqN%X-$Jkytsd*}g^)cGc
zGA&AxH)>Xg&IaP%@_${725Uaq1%*1Eh5ChW5lIpf5-5(`E^LL?eLS+3U6Rz?Ho7(1
zCj$#jSVd?XUEb~fm+;DTUwQ0lizicQ2>(=A5+eBu<!N1rG{aAO0vWbmX)6lMZFg^&
zm6di^VM`QN^mf-1N`Q?6H`^h_B#WJG>Ig-Db8$1qlrLUX4)3V1rctIb+xqYG&e&fj
z6UfJ(ZN26Ll?mLREilq2->FQN|9)GDz|n?ov0jx1LPhv&%(5LX8!BQ*{XgO^@K{WQ
zC}Yo4YQD1E@KkRG>Co}sJC$Fk4(SeISP3mwualG16A0aBwQO?YY&Ls`K9aU`%_(KG
z@2yjiHbA*Motw~O@If9aMqA+p8j#U5CNb^CY(n)7=uhEH3`vh9Gk!tOGCZ^)f1AwU
zg+U`JHTts)arA&McMjity;lk1?KN)YmF@nZpI1r}K|mg0t*CkIj}?^)YY9|AjK;B?
z=Ey7}+A*F@7joyEZP^4Vtmc&2uHKy3qw>UMBazs>*uhNU0yR=h-DcZgEv0|Tzg88G
zK!oDL!r7>NScfsYM!KXr{#h#5tYFnavZ2yZf-oG>S@P+4*g)r(PA0>3(et{Q<h^bw
z70T8WRG9W>XhhYn=n1Ivn*bWbHIGkpElaTk)bL||c36}wrH*Bu|Ah#?He0ctl#A}t
zDd4UeIhd1NYzM-bVRZV2Ouk(9KkO?ASYK;|TUC5v=E}xk0xz7;!reSowpyO|huU$K
zlU#oPyJ|r|f^G>*_@|Q+n(Kjkav`Mqspq{jpnHG(Bbr@Xpp$jpODQi;r-)%RcGK4q
z)1tJ#aV^;Jl)4qcMb$m_`84R3zb9m=+&eal&pPS~A}VH~dNquNU>!RxtO1$nhalL2
zoPbHn#$1e}-Q~zkOTn&L+8Y$VLu?V&nEOM@ctWH73yRno<+ecSkYx_aut?SBN^`G*
z+ht_6zG0k=eY?1=sencGAkv2eG1rOMEG;b9Og2|%a4M@^a`@kBMx5?O)T2bo$PSG>
z#j}=h*!kE|i^9<+g@u_F%1L!#Ir{2Rc-P57SyBB!deccR%?2f}hy|@HP0g1o#%4km
ztE5>h00tJ!&|`1~(sjao4{8j_muIT2;X>EF4y0)!<+5nJ^;FrH-Y$54EXX^ayP6nr
zHI<GHqP}1w7z<4Qi-!&~ji~(?;`_9pQVUKBz&ttA?v62CgzA!P3H95jC4mh)M6_G$
zplR;Y4M9w>QQ5Z?%X~iFT0PyGI$K2-EoLu$LkJ2TkE7_60iav1@;V=@_Gs6wCC?W4
zRvQ=V?RfOdoWB>#88fj?0_x4>CEhb7Ey@Iry963grg&_Iwui@4ro43#!h37VHw#zD
zJ13BIabyJso>7SQPw9|$mFsqDB_PHJEOWQs-#i(Q9PQRhySD1SEdpk#=}XuFH|Tp^
z$nQAJhb}8KtGRs&TInRBKA1_K)x?Q1a3ihIPyC7^mxlFx4?PvD5G~^0=Zl-JGMX=z
z803?qu<5}+%(Nz{Vky5tnl7p=7hag>;thQ%=)LH?GkC{7QahcwA=6yJJ(|wpXRC`p
z4HnU#x06gk9f-wKb~>6{#;@?19*L4&>u{Iw*ovFOqCe`z#&hJo9tagS8IYZ=`evyz
z9ukltLOsxyM<4LYM2{rF0GZ5hJtMt8hO^y%k`1E)L;+RJ|D=s13c4!IM}B#@b@{V|
zMI#?}c3d$gk-Y1Ux1+M+J>o&|Eu9Pl4F=wxg|)wbbpJ;Kwe8I__XC{c!Gz9l5k$cs
zOG`;R>v?4O=9)yuUi;VPqw_cEUY*rQD&}se!@?)_YHv3_Rx!jvQV0NSA-?VaV?<7V
z&dEH{Ak9UE>)*8PLY?XGFx*k#4)h@11x)l(gJ#8-tRa#E_`Siq(7X@y;=8Jas)yDG
zru8XmPbkX-B<&=DroRoAXsT@rI+s(TBS&*9zuFEaBy>;p!bFCeWp&WeWh-?$<-gw6
z=>Zreig*XMW=&z|;z0^2kEq>%)?-pu$MVdYe>Hgu1@P$g_BC&F9Vy>X(`~3Boq;An
zcxg;*SkGqf=K6-TTJcbxkLyo(yi(P_q6(S^*b3sM1av}@U`=_mOg|ILb{>r<X!yBf
zBxdbeaL4-!n84xJemCJwk!cffr__R-6WoZMBx+6~#eP%)u9Xp|>Avb8;y~R>V{LiG
zeQcxEI&oK9IZKElpsv4(=qS)A=coQ!hqL-XG}dCX(v^wS<z+;V!X1p5++dY1ufqNz
zp_W?W(NDcs`nvrRp)Zws2;cWTF1uG1DUKAPCH2_9m``Q$cf9l9qEO~+!3cC;1~g7k
z?+8L*G^_11qAw-`p)oD=G|HW}HP_$f&os4xys-w}&wkEp$Hs}-!k+Yh-p<j2yh}Y4
zP8?t}6cb0{`b53(sagF;_#n6sNwOdIIyK#6hVjVz$cEq)trjZNv<e@JI+qwtBX2Jq
z^`@b+U_-^6igQ84(3zy1<CU>X*kZ|x(|g;yL(!)(Bfj?&{Hd+Q^O5d_Kldh38Dv~y
zy)4{_kW6bO2aMyfand#9^!v$q)Z=Kse~pJycLe~B9nD2!GR_B;eO1TSc!dv%Ab*u*
zW!Ti4;%TGzP9@18TivsjCfjzW@&ddr*g6N<uoo(toq6SDgfCTJDPl;3&pCKHy=d@D
z>oR#;qqrqwR36&Dwt4+-$?s@kE{Cjh7R5w5^OUW%oF?5x<y{(lXBcYACXao8b4|Qs
zR)2mB-~AC$1e2YyqHf^(mz{hb$y6P5bu-;98zH?wQ{1D^i6|q>M{n2?FmGS~Yqzxk
zawTm>$)F{9@kA&r_s}D|`-q6wE<!327<`N1Ir-9x01<f7>y2`>{?*|d|J$>Sw&DHp
z-_O&WMGa~>bz@2Uj=h~A18FCuJ}slWj^24?QQ^tex1|m|oH<K=Xc+_X!HDF%Vx_H-
zP~|?<O;w2g9`oIW4G<;z)7R_TFGix%0fr>+X}b5yE`A$4M-*KewR_W|b)WA^`QQFE
zAV>~yLtk(;x{d$J7J&FWRUkqI&&-qd0#A$NUYiGlJ_>pJV`m9~V?pfx<}BXqAh9Ja
zJ2ON_XttS$ZGSL6Xi62R<!`frg$o_|H98$w!P`ubkjCSCnErs=EHal<XAm`;SrEXx
z;WqE^wtL{YCSL*stw{ftjt0}Z<P1m4ByHmyVW|CXCWLc6Xs-!p(iE9)?9W9(_%pgy
zG2ee;mEyB1JAV+u3`T#)&~r1^GlG#(=$96w&IYEHv5uXaJFT|GIiM-W5OEm8^T>SY
zBQ?v^2spNxOg|6zg9BL9%6?!9KzG`wlc*0}e6s5lHJnSDAIARC6P0gK^>s#%_1ARN
znInr@p_QW-w2mVy#rh*AoeNtRnUNtgqjyLbulC-!mde80>CJRr+-K^CiF%@GU?4SD
z9sbv=mkN3uS-(NUP?|!6zDP?=_p>~CVS#>PoNaRB<RTYC)3(VyI7k??=#vY`cTsMH
zmxy*5C#pz@ZXdfHDd25VZfUb{fAG(RFC>mE(=S$C1e>fucCmepmz5p}HH1G1go16O
zZ;%qKg21{87KQLLV{8j$vM@p3oHA&BVF@<o<+|u*ZczEo`Mtx_QLFQ-c{0xKO<Kdh
z!duyrsMAnyQIr>|;0ccNk<U<cO4+a+zp13+nOy*m)zv$C13{oc*3eJAN9D9n22O{M
z0i}jD)s8Ri7hNSBsl*R0n?5Ixb~^qpZ**X{OfPpGT5-ll<b($IH&;Ji`5Z(SOw4V$
zUOW~(@&}@P35WiW=<TpI^_UcmM%Nsl+^xLpl?=*2mtC>k;|P<4K?+Y(Ua9dR$j1^)
zo_M|=)C#tnU5c3l&pWi*@aLs!O&*GyFT<gPI5P&Bwrd-mjd_?VU(Efplr6La7O=0b
z95;QpMyI6y7I!}cvMY(K#)YLF_5E%z$k=KHKoLY-*6xn)YcQr!?XG7SiB}X8X~Ghp
zdIUoW>Sj^DSC3>L=dNCzJTWQ;h3+J#97L4&PzeZ9zWx6Bubj~*JH(*Pne>b|U1U{{
zJ?TdMDktIUSRVtaG16^Y37p)H^mXj9RAMU<AyhxC{6u3q-S_+zhF~kK-b+m*rXP{n
zbkb7KyM5{T{oelUb9Zq8z}vgu5nU8+K=(sZVhpaVwY(4s``SW@s=%m<RH@?RH~ob$
zJ@5KAeVh+m<JMCh490La|4-VyA%53;h2^HZH?D>s`(s9?sBWkDtV~O<+khI~!<hh%
z4q!rF@Y=1VF8PiZTUA=}QwlRbj(MD9QBbcm-FW@}jBznQq+%_8MPi7!?a!pw8t_`+
z!(cq6Qtw1?g<!HzFYAAa`<)}3klSXAIVM&m*9gO!Fpk!lunf=0fD+Ce=VB06g)Hy6
zkOkSY1IBj(>kY086%w7y;PbyCk|}|aaU38GU?5Fct9w|%xiO_T(uP+DDFPMRfrB$#
z=Qf3MgF?bbYk!ddkG5}~4-hLAGDW;Skc!4<S7+welH<;UF<3(es=npEZUeyC4JhR@
zhOn$>lIsp-IgdaNS;6bulxYLjSMt4HLk-BIV)$}4%H@BCQAx}JV+EK;Kw!1>^Xku4
zm+45G$DP318Opdp_!#jc(^YiNQE3$(h1?>lRW<N^ut;;;s>un@8GH01ce47v>CMEy
z>zi10F&s3)^;=Kp+*?&{&Nx1w9caq9^<O%_e@dm(9-4c}^}irQ>hV%g?6`X86)f5;
z?MMSp_A8q}mP~uOg4@ZXBR^z>HxNvZFYH;L0Kby-hoCeJVok5y^P>>)U@wU|K*oLG
zBsqK`Th)4CTEsY_`Z^j!=7dek(j3hhMWllaqt_$gK2gEhWV47-^|b|Nj*AZ7M1{Aa
z;2iGR3o>j#ip11fAdL#TO}XTr^shE4SlahPB>p{*&+9PkksMKc;L3;pnW<Ji-j>o7
z@rbPKSrG$CmGVUxJu73WZitGNW?YR@v%^j9$P?`AhrV<d8Z>|-=xUq1p`+yTP}|c1
zLQ-HPo2tuN0?FLd<~JmI14zdE`&IkcCM;1B*nP$?eVzJ(RrEN0TpdAK2u!O&wW4z-
zY0OHw1K~<&GK-HxE`~~`Do?({+Edxiy3yqvhn60VXG?X87H2)S8hL6oX|ylqp_d&9
zE<q&|-xewf^jhrn2_z#4pb>?R7rwz~DbYwOOwl0_HqE;9W?KdGLkV)Kt(06W!CM>K
z@MV(eHd?8=Oi)h+y1Einb#Fw=ttq~TJ@Ph3*J#%f3;q5~D(HF|XHHL4^JQ{UYgJRg
z<2I}niJ#M7y{7zQ@6;#8-vhPq8rq|ZAHsCO6v~XC#iEz&Cfc<Z-Af7du3Kr)=>dn{
z6|4kr-F<sSm(y>4tJ521uL=>^<Z`}bU^gc%4840y53VfYV-H+LvQ{-o#vA#mk(BMd
z9<Y0^#;j4UD`?SyCApB0E%)t9O_1PnWWMe1AKH8*&A8n9WTHL_X2T};2m|j}xo!&x
zR%!}7g=~*cK$I}9fqgS_#d7g$Z1F){2Ykrp7x-zgvc930oWS7x0JVThgS2MZsJR|h
zy(Y9QDps$CF@g&(L+t1BWGL7!a^WOK<ybNRQw=xw6T2~cZ;BF#pwPleu`m_vdIT28
z^pmTO9#@SddO~<Wj@`{w^V|46b*c4xG^5}?K^vU3`ySqfo$hVp^vzd34W_hxR;)K*
zZL>btjAKxz?O#R2?l!yF=**zn>0_JyK3|=!EQ^+QO4~j*QD8<_GDy$NSVh&DNE+0h
zneLT9mP_Y=Emq$l#<vE4wh`E6nro0#Jm!%)>~bcEm@e-b_@>>z-u{m>K-f`mfwO4+
z1l;an=KiS4P<0NlJG#Hk<o4>JZ}>4ZdWm}=pJNA}pNMLsq<a1CuHR$P<w3A(zkxP+
zK#(j-x_(&a$WIGsb3Vzqchh_l$`N)oIHq{lt6x&(Sm=_Fxq7`JL4o4#^tsS#8(+7k
z#BJ@Z>AYWIC+}Q^2D9N$HrB}c5;@9O17n{tC0{L*;9kB-gV8E#YuOdd)0%!|Q$syL
zTPgdVmb%JcT(lQh{OZByk=jzQgS*vxd2b(eX;E+oS^)`l0^zSN?Q#F1u0u57+#WFR
zOFgLUH#!y-qa|<pv<iL0dW5iMWbD6*YB<kh&KTnJ@BFmxSI<*3_pK0NARELodPHqI
zcK^9)hV|Yd$m*7ShO&PFgvuZA2Wz@tZNsYmDyCzoH=~jF(e^=dYgZwp%I*E@drHai
z<@w&-kFtobFZP?*L~;4Y@t?9?ZMx#E$Pu-B2;K0_Q-Me*S5dryUr~_~s(AB4UJxsn
zdR<PVr3J?#)s|{QzJ0w8fvOZjn`qHcPo8!g9V}m}^jN1mnxTY6u_zUF{VA1;O16dT
z`?)NqGDFCf^Wu62`r{#Gy!1*!Mt-7m*CLjd+8FQNs5E>jJoE%8YW*rAvH+D}Sxa77
z^{<Oh-J_b~+pJN9XzCcf^eW0E#G;@T*gKd+usL#0B~aAAN60^8v4&ropy3`|*bQer
z`R?6bM>0)(l+u%$4i7%T;NQj!OALsLt3B*NJ8d!a<*Cor#F;7QkscDFn$OC;-a_mX
zKn<)Jntr5rkvJ!dP09&Vj;EpFLp%)22SFy9X=9fJr1ilh<E=MLCy|n@0W;Yfh6^!1
zA7^+HFJqumyy=`o9*%_{N{dMsoBm=8P^tK$=Q4alkF8|BQj(!RJvKbv<x;IKABbbf
z&Afa~yGc<(Gle}k)VJuGRO=1Ei(QF*P}|?Ox^TAd7!^W|S0^#i<p`gCT4qp<UxidR
z2Aq`JlO9V)-Xr+Nk=C#A#OD}GdPb?1_N%(}-(2Eo`#w}>rCMBw-ow2qk^S3UX<{;9
zp{lwF>ebc>wIr#$_!K~w0?;g)`l_?y3H8XYRMrfQS#}*dAKo4|bHH6W;9an^%sfR4
zE(<|1!r%W!U|)i7!&qyH(Y6G5A57fL1(zBuc_Cw~uUe%@S@SGl%J8(iywakw9$T-k
zZS-OVMY~bn5tVXpW<1hxmLz*o!@`b*7fZ$Z&X7N`sLlXe>TSle-6yK`33EZ)7iX0`
z;xstjDnD7_S8<QqlK?a`gV$QI+fWU|QjwAV+Vw8Se)W3E<JlU+ZuZVf`G!|iw@<?7
zvPE$pjzU~K02OKc4;6QowP`=!Czl?umJ7HU>f$%KWZd%M>ozo<ky<{viS(sbxKl!1
zGB#f@WK?U;=j6!IWy8Xf$8g%5ej|uQRMak!2gSl+jfMDTA{Q{5Z&xdrKyOf5a68Uc
zsCsyzyLn0YOB%1mL@Im9KRc~(9v(NX>8%YBZKdoWtDjB!{0EM{MlcxXf$uv>_W2^N
zbaURCcfhv;=*qu5A<z!ztf+c+#?f^8Z1wnCz^XCT5)yU~r>%&_0EJe8NGprBhNyd4
z2Im5P2T%Ry{LPlnyCiR6ul&cP=$mn|x>Y>RTtV=b1=!`;v6kn-M%YDXinbC8aoM;Y
z_Qr&t*zQQAi7AeeL*;+BW7$u$V{2rIR*&4Z`ow)>|12Q(aK65{vmreY<HTq(2AAB8
zQj*6y;#Fz~ChAr!I#VEW3P&}&q|wwNn=Z4?Dae(L7iVOcF3D?E%VjIoG;o^Y5chC;
z1kD?<7{X%Z1@8u~g#^!jFX^q;Z+NaNx(Dnnvb*fku|FYO@9ug!9ZFsnUTeDF+fc91
zzg|xtUZh?{I?<O74$HhP-g>GQQB>F$uc>mGk1_XqojBi{va!S5R-r-<U;`AnhNbsQ
zb22!ILbPF?s0)E)OE*i_7*ehBXTIo2yEvseJP||kW9Ov`6=Lziha}e8IM}$6$$-;L
zu0R~SgXx^jk#?`Agm?=|t@Dl{?zmP=*04u8$DplR8&!7_I2lIbbwIRmEt*NA!ch#>
zS>e<oey)iNZ}g7?7TH3m(Sfb^Z$+uPDMm+kCTAV!oxs0PWZ^set%u&9IjG1N8exck
zbUoyC3rk!c)`yz1df3Sy2uIb=-onujyI;G!+&%XQY@=O1vX#tT&zD#cabo^p&FX1G
zY+3^&aiZX*E;Nnod3T`DKs&yU45Wx8OSEwO&w~&-cS!ZH-H&eiQpgaXSxIHFlTBNX
z=Tm-io}#*C!%8vRuFpW!FMS6p&#JEm?4)B=z~rVIvaIs}I{xxcSqYltyS++bh!Ba)
z`<I%pF_xId0^(OnN|&hjmR0bKU3$rCknmD&Mz|_S^{?i~UHimpjaIYm&jE?WgHgYK
zljK`?%)nrl23LLQ46!pHt~%g2fnSPp-%6E{Zv5)1)fNG#3)>Z)fiFseR=1*S-`R8-
zh$a#?yy^fQ_G&BUP0ss{DEkqi?i&Rmk+{DX=C~W%I$74~`&r~I()!Hpa7L^~6rnO2
z3EsXE^6Hv57qZNU{o?ylZ64G;qE8i&ag{Ru;9NrLYshi<mikK+y@jsX&*iqQ!7cX%
zfx0NgG=sxbnnP&BAnw!&0EMbNb~=gp3p-KZBc1*A0W*{~E;7g$?0ZuG{>{cK@m>SP
zz~t_hT>y!mSwmrVSe62{!wbRjOoDw0Q%JXKz#hO>1caH!bviQ@1>i5Px_(fOrE#S=
z(f;#+iZUEP>*GV;rlhAH@Q!w>Rp7EKYe(j7R`Kt$eGYeA7(zMuFQKw#wQv3T2rA}w
zLDe)q1HmHC-O(VzQ=mH)o_R`B#q%4^>WPs1HHD46$g1Z@@Wd*79RNj_&q2?ghT^bh
z6z}TVxV8-dx&-&<fEGkVvg@L_mL9p#m7(xrsVs6NiJuAbVkl*Mm7qH@e&rB98{`<}
zb|CE%Wxa<DIlx)%r!NxdkZAMELHrq9&kNk)X7c*wNO^ee0|xow3LoUgo5@~M=X3^H
zaXS@PNp(`{j+Vl)hPP`77@|MJgdRqPMGfgsLm~K|M`DaGQ2x2k3Y%e2jZXd*1AbiR
z*(ZhE-fSNIP&OYFnDg{Z&%LE`$k7<4BPTlvV5scIChMq}iO$!sOhRi=3~55rC~N{h
zNJ*A7|J4fmXCKHJe$U4H=fdj;kElO*<Y<!R*%8L(le(72qgwLF=iwjc?Rx<%3L0>`
z`YRM2$B`qA?l;BstKsEj8xKV_>+P=3Yj~?Sc-v3y=*6a#N&-w}KIe&C**%*Pw}&5b
z)wh>-(JCHwE@w8q-fF+=>RJN*iz>m><Ro@IV>h@aRX?FjNfkT+l+mumKsoBXv2o~~
z1x8|5^HDk;v7qRuzai^s-)E1LT+ZKB-2M{m&2woyk1pRJyjGo}gzO@spm>x0>&=$9
z$=)rVA*w@immfWsJWqR8S?fCcWe3oR&`hRBQZFU@>P)+FfB!g$BVuc@T9$wPZ5DrO
zwL5f2yJ=u25J&TwK8Z+!INkqSBrxQMA2WB*eqQmPqT>%O43%^YuD7QQqMBV#Q7nfU
zJhACotD|{(%nI_gJQ}U{8HN4x6&xagW#VVi6-Pz^>m9xlU7vk*(#=vwEP@SX%|a}>
z`JreOgs3sJ!!)$#3n5yC)Hqntu&>SdBu2@4VXgbKux`#&_Cu$?tH)Dn@Q0HweAv(V
z@6edUwVtkVq6)O@cB%pRqi2;?iIQ*u+F!Cy6VfE#ybXT7vJY^L@kP^>doi214i3FY
zwsVkX%rE)BRs(gmc6K{=b`-%({0F!rl+_y`&zaHLdoYq^)%giFl<LtWrYDuz1q0-C
zzs0GsR#Nx3Lx8i#PKYsAlY%#)HB?`co~IB(Lqmg)Ad^Rf?6`88Z{fM);L$t2Tc&Ai
zD0EY_eDk(-y(COEHU!KSM9?7gW)8)D-c54!B(W9pNC+$?%vZ&C2ITUQ$x5_<@F&v!
zz%h-4%*oSYjUmpOoGwXJTD9NE?b)N;&a^p`<oK8Gn$1Fntq!Oici%^+4#N<RZU2-R
zbQY_IA`<-#6$m9k;5z3LTcwPt1LjVOy-JYMO;eb4R^o?Cmf@HgWA6@UP4m==I7Ve2
zWB78@-$@-+LuI^(!~YXVK*_K$&&l)}d|rkjm_`4C|Jj(=ZKzWf{GjotBBK8v$5I-3
zZRarLk+G~3(U4M6YkM%sOml%`ctXCxTL|Y^wLU?zj0naljF($Qgvc9gsjd6Ld&R%0
zY+jObZ~!!d6sDJ6$A?o^8>4Qv^`Ak4ew($w`Q}6gO7D;`(E`Bgm;0`l=dMb`x@E5U
zyC?sU$C4ulW2xS6#%5d(gBhH8R4bVV)8QBw_>iQV-~X~bjkFHz#|ogs;f5t)5DMT`
z>T8jq3()dusR=(>&A91(-kRbN=y<j<+)Y@0*^;=@Ga{hzQWnCMCF5Aja<gX1luS)B
z!)Dab?)U@Ml`#V!fY$t$T)2c+OCuDEUAsE#kEG|UoFzwrkV`%!{Hwvvc0xF@GDI^R
zi;m~`kP8fy^`gA~0_KDjtTL|?{JS4(={_T#Wbi)tfWQXtOQL}$?#j8ecE?=Abq;ND
zN9>4sO{pvR211w+vLN$s<z3@*T2$mkBISJPR-9XAT((3eEZVEf7^Dgrmy|aiYbKtx
zS_w8ky3^PgUPb+0`zTpOU}Zey^(&)c*53`SMk-Zzp`YXUBtWidJ+A!c-7!u<YxeXD
zKx7pVuSK`S(VWhp`a}g02T!e(DLawFyJ%&oY~<oa^wKf4c=K+21c!LUe_o-*M<5Al
z=?24YIhs4i!7pkjJ6%QS>+!JeD!BAkdNl77swiV(jN+W9Ys`t<Do&qmZIipTG|TQD
zn<0G~`0JM?-rg%TQ~riHsJzr~>b#sy_{&7mXFT(l)4+!^vpIi@-tvvvTK2bJ48pz}
z!~`$Ca9*-i4ai74fsaTHyTiruA03gzUiV75p`cz{V(Zomjo#4Lk>pIYV5*3j8!3PJ
zn@Y0RRJX|n0XN0%Pc?U3^TeT!A+ZM#dSucgam0K?J$T(PE9w<3=sM8*k6xr03)NQH
z!UDml66ob+iF7OV2z$#~HF^+o(W?rFD@_&B-AdukDsjvH&cjY2f`9yfJo7m|{xoLt
zYecP;3=X27vvit2=thQO>?B4PAy&d~inC;fy?cq}n{=%RY&%E`_4ubDD-;}Ppqb|Q
z+TGa@8C@Q>^N3Ry5-^7s-K9-dIfy1AZryb0hhGpbjfDeGIV+=Z95`Twp-zT~5+SFE
z9rS3Vpn`?HMxI`7)FhXe{0AJxLJeIPjerI_udP9z{P;0>zc#hu;<|oj=bCa)-EiY>
zc`%jjX>l--_LJ1c#>T^O@4a!}Bw91UjQnWgF_(tvQgnWvveRtOH_@VOxg1UAA00~S
z%6D+(tgCCscd>sB*w@Q$<SepqnBN+bYM;!g2-l;Ylk4ndVI7ob-VPhUiQkzEoE?_-
z`ezH)^Vb5at4oL2i#^DWba}cDM34I>Z0Dr7Bv$CBqDPtIgABR*?{06YQ@8ahCcOzq
z!i7}77UK177Jl=yepYL>Egss~*r<gPQL7KS>{S9WnY#>aJ%xloPel~Tc>5L*PDT!8
zwAiBjT38Gnm1%1e*OjMUk+SN0uMgwXi*V|x<S_~2)1OTkwd`-JyV~b?Gq>Q4d&=3x
z%?``KJ)%={&&&R6ZD6(eE4GgnuVJF6BNA<Yf1=qxvC-@J$hmjjbx<eP%7JVB(8nE#
zD(y+l)KrC|h4PRLUzQyOq3>n>b}iyWqELB(x5BmjDQcH0R^(T1)zVN;+IrMkL+R9~
zUk8#MlvIT|Z0!a36s*ua?gYwtvw`&>)SmO>WJ+!Np}ast;Ew;+K=JnP#Z=76Jt&{r
zudTg3HfS1yy>OVdT8B!M)jK|O?nn5t7LE7yK=`GO2qYOQ+4*(BR8%3&Y2+E2xl{gy
ziTNdy*<g)@+;@j2J5n6T(@two;1>)+dVz0kw~;uM8KW6dx?jG*X+Q01ub$IRSAV}U
zjam1LsPum5hn=9yIbs2`b47W%G_Rns(t&?e9BELF>u^?DOF{u1xKRSGTW%)#=mD;f
z7rKR3u<K(g;Jn`tZNi%D@*S=n3pxV~mM|l8v`-xMcsKKlMJjwqMvp(&z3L~g6)iyL
z-E!~FB5RXj<CWSR%=RY)P6`td@YtF?TMpvvc0#b8{(Cw2b7VLL{cfDBWY1e}jryAw
zIhcY-$0Y-*fKIDg$&>LL95HgHH}p`=huL(A@yW&63PA|M?cHD*_k8*ORVIayxpp>a
z0@>>mtdHPGg4gQCcKxdeU_+i&&XNbP)@!cawl@oS*xOZ`iThmdCySzZnAG3TL(PA`
zXX!N=s>x1&4)kNvs&f41urox!kc0A*0aY}*)bo93oaZwlE^}DL-qT|NU%vQvF+E!b
zF*$Fyx9IQNYBt;XkCjGGEgBm(Vpa3J{K72c&0^ozg;`s@JzqtyUyP0~D$%g_D7nC*
z$T1`@s&HzHFn|jI;ebugY*f83)QG~%LNX|21IW_uUb7z9faFn++#UC(^L%Ps6>zf@
z%T<4te)`k*FG^$G;B08(7arMp43(&Kzcvp9K1zsq_wVl&k?J|#%&cOfwXAtvAm`3n
z<3QF}<W@e}@2+ln_pkoVjmCy5`ob%4q(<FhB%n9;(u#K8o@0ZgZu=*#{Aq0pKP}w`
zK8S5yUEK%S_93m`UjL#NZYxhBFcex$%*~5dC&YX6aK8;kbMP^}3(H0!13MDl1B@rB
z0f?Tl^@<DwM`O1SV*i{4^LTna^)I-7TY3@$0@>cSNd+DIO}5quA7BkHqJY2|=I9A(
zq3MqbF26)hD`R$p_Fr1?n~Pt(qyy}IWt*)jiF7>S;8E@^zS}Zq-J~2G96)_t5GrU~
z8^flsN*=R@;;5AVJZHVEmh{HD;Da;%QHjL#@A>(e6xToihr8^OE2ATdzSBFnXh-5I
z5+kC?5Qey7Tp;Znd@kR1wMrwnS<|IArR6(E*=e`%ui~s@fhpQ%r`=UhjFWIKYJcV1
zw{Ji5QJ4)2m&c17sbl6C+<H^fuLcSA{6C2bu_1u3=9nO@&0LBE1qCJc3)is7r&o%>
z&EJcT<VEVmM2HjIQ-nSe9?$TktgqOj9(~7U)X-cFjwCSG`Pj}Z!*butI>a*PV2i$4
zsSvV+eA@6mLIpYhb3rITOcdiGoI)ojM9V)K-SKG)R)6v__@t0I*?K{h6to-28aZgv
zu(G=P5B|u0LAu_cUJ~$93t;t|syUWW_Cl0V4vbt(tH}pj=TY$U!CVGCH4MLSRSK{C
z{$dw%55p@j;FK-NL#pDHwP$Hj??_@DYQA8(l0=cWz*aTc{h1Y>Kf!m8b!3@yV&#)$
z!S|ntv_UK}Xi<yP8b{}OBg*vxK-5mCoQ-Wi{T*?lTTH`6JL!?7lSpg%`s$ra!=5Fj
z%$eW4p>N=3cFHMBC+Z}L_!GqrmUy4eleA>hP2~#xw5#C!ou#x&z0O9`;~LNUTbT$X
zjXNLr-;c(lhnyw&S2&Gf!&%p9&(Z&kr2n^Y`O`Xar5YXx^xyIS5iaxnuWy;1k6oJM
z6E_d1gaj7{AFqU@m^7<{on^R+k_-wWAtLZDC~~rrYQUr4f5-n5F87NVkApyX1plkW
zJky8K(A2>rmHNtV^%xq5+8$Zk-cAP`&eAY~!{>G|f(*u|x#Osr*w`|BAFkRj)pvy(
zSep{(yV*@$;Sbfl>zm7-Ir{(FO&aAvH2!LSw7D==SdAdX09aur7H*6-ScETl^e9PC
z3ZS1o2}Tg9kkWn>xo}o;X6W5pO%PB$_>Wy*n{1K+b0gOlP<=;2B^7Et8wkge0S0c|
z5kI<pfw~A&3ah?A2VgpBx~fDmk~W*6s8Xf0uS$TT>B4X<l!Bb0?9CA5<7>TG1_;5x
zKCvHoX~O&K)6ZX-nXebXfZ5a!2}w!G10YFX&}_GUyjiMR@byu+(vMS;7KPx4b$l_s
zB0G7~RIwPMqul2}jn2BPtSl~<N4D_raQojg=Kj-aa$8S30KDBAa06}{0B%6SLJVYC
zD*Ty`)vwyxtvq&Xtrj^V-W~kL={(=Za+(S*?&LgWE6_E37*@Q00WiRGOcD|jCisqA
zXmoT;%!HkP|9GX*D`R3})&T;tI3U3j-OH1DZ+E*gfq%klOW=QG?1gk+)rLqntEmEp
zyM#4W?%XMWzq8Nq;1MB*tsXmJ;m-d+F{HU8HBZ~2WQ6fgaSCD(F*aWtJ#T;3)ji*4
z@#IRdEz`2IJ4BP46=C@~063Lgn$N#%)%KQwPeM5tE0k7+l2;}fT==WQg$2{WU7%P8
z>OMO=ThsUb$<qFmo(;HD@V*mxTT0n1K-~K<AZR;7lLv)__^9mhTNPB@y8fA>H9{dU
z?2Ci1l9Hr%`OH^Mkg%)KySdqoW_x-7{Bvu;!|$#x5VSNjZzKc+1i_XrTg%2v@#;WI
z=U%P|njWN-CEy$_7~#Z7FE@j&L=Q+FZ6Zt$R{#)x8^%#nBpSkq%X|#4v$OME&$u=*
z9^OL`G=QDJg{ap1oe-2Wi9#>a_m@U&_4`VrHAUtiv*M4t<G)J_Rl18*KgFo&NiFZ{
z{m!Pc1cxQ)?V%yckRTl7AFb@{&LwEaiEGONBwdxCpC8k54h#b3SD@nM7x2YKF(AS0
zBZ|pnyV6??J*o}EFDA~H3cab~`)c#q_V8`H%h^gpM>Y(?j<=VWjk;|5E9@Os7mv|g
zg%;a%YHBJUX2c367?wbfYQz)uDiH4c{5*No)~Y;tl5U#_*gY0d*uJS_hK<1IdSnWF
z@{}s1ak_9$6?|n@%+&)ttxPgfQd0jYh{Hk9LAky(WO5SvF&@u;RVF-!lsy2}UpkH;
zSE2Axv-{}z?j&>!FHRCPfL49&22T>t{m1x$=o&uTtDOyloSy#B9QY`RE>Q|t=^$8o
zh<U!_B7iBuB94Lo2^vQtwf+o3Fv~S>lIE>ig@c};aO9XStM&Zq^IP5;<stTIl`@ya
zx{RnHAD^F5i`V?S1pZL{LjNN=*H}RVIWn9l5vp`EQLGX`d#~Y$An&sTI1-pNDE+*G
zf`dC{uxCOW{SYwnJ_S#4ha=}Ve8gN`U9m-CLc}Q*d-=>laprH+%jyq*o&i!Kf5v)x
zdJrxyeZlUO;&L1qJv|c>m6Sj3(xk#cK(3rcKs?1T^_kRq-&2-;vXDByxOD2HG@;7S
z!B`Hsl!%F6lge`?)y>Kwl8zRtGGZnDYT(9Z-f7@e$><pfQH)GY)fFlI)QAUMv8m`;
zP$A>cK&|--FP*^i?qTL0+Y4R4s%eyf3VjnJ=pd*e4<Van9iU~QRU**H86n}VjUoX?
z8EYK;<=>`Y-yMAcBoV*V9}xSqKhDBa-c>1kv@o`~|H2<eGU7`{HOZ9UluP<S7KMrC
zCGa6gQNooqX4*gxB%^amJWP=@;N_}tjUpk}@I@xn($G^~n3|bsM8^1j@$-MI55h(R
zWdaQ_0!j>WL*);N$#ibPZGCqY@exS&;=;IU?QhV~mNQ<5GkIC)Sda7=<kJ>&1#Zgc
zNeIk}7mDg6bA5!jP|IhlE%tSiervNp<K%tskRZ&tW&8$a41!hGHZu`E4r}C*WT#lo
zqEr&W`4pLx0Z<gt5PxHpg&y%&Ku%7TN6leXQPU@qP~=BIr$A1EkK@`~1zIV;_Fk>a
zz6F-D@(ZvYCgwanUhTSKLcoJy4Tac0eVX|7tf{Q1f?Db~%XYSnr<XrQQO1o7)>%T%
z<5pOw3&NjqZ`p|zedj}`GFHp^3~iJu+Z=HWvhGRpn0}b2!TbY$(Uy0l>jCVV=a&#k
z*x-43*1-HR$n#QipMn@@zn>3e6Kmbq+5M?2lC!t4<+&asQtR-3OYb*8n8CIZ&;Wbp
z-T>hk(*3(rzzl2HZ1cAqCb|pD**;eiv~mZSENm1K`zj#>k)zAQ&8A274xogAnO{Yw
zV+fVd1@>^z(rnEomnMXQIc;`2M77mxYPk5chT4mxVy*0B(O+t0W(-h+&$${-EJUst
zdQ3MDi*EDn3V@?$vx2J-SE}tIL;$YL*#a3hi<+HL9`XhuBL&pj>hv=2a1cJTclPQV
zF)E3<ta*q@ikd{IGG))z?(npE22SQroCXp$4DeS>h(enG^Whd<pd1UrA#qv9xH{Gg
zQWkm!%9bK?v78pvmdJ@12r5y|LCvL(ZI%SVWXSry-Dw&A>0bv^z^LP>{J1j)E`EjN
zR8imeGUNUbXKd+qISRu;3xp&Hy%_>eWGJk(a)-yu?N4iL6B^;b*;Hd&ynk;07`H%N
z{%=CMb_rpo+xMeLV=Is9?46CuuS(Ky=l7>W`a{5BJXT<11o_2*lWAj}iiM@e4ahD+
zsmfu+cnB0TZrOF+I-e|XXqwFCOF;mDfkWn>Pl1it_$(jZCMG7v#86yFyZHEicjiC6
z3&C*`#%mPF37u?(vlo{9W&5%2DM2-g|Mum{!SWR7xwVx3{|aSuO%{hUX3U~!(a6?(
z5g>}jCDhb*LfOQAsLj1li#uujF~nE7GDz+*oBqU?;s5EsVLw{%%H6)RQ&$E1(6GgE
z4aqv?1M;_YM+*;27h4lg7b`to7l+Dg2lES77eRJ*B;FV@WvSY51np*90wQ)J(9QL=
z8X*up8ek{qDgYYc2*4R-iBre@ny>|7v9<p|(Q<L>YN<0s!L6(1ZSQPlL;5J<Mbe*1
zgqgk=4LG<{L9CuQnM{z7SOVaT4VOZclsGqTseZtBmBZ~6`Qd>H#p>DU@W#~Y!K76n
zdwVCUqE&bh`>~onPvwI>jbCgit30*ky((ih1EsUPHY3ub;pH8W19ZQiRvU`CxQ740
zX!H_#d6=cTXP}@!x}c;|k1sceHt3!P)*&M>gD}NHahEV)BE9@pFo(WVU~5H@K@*Dp
zdIA{aVka-i>Xp1Rdn9q%{pdE7kk}B1OOo|Vm@kNFwUvO}xC|Azh{zNj{Y{9Do389H
zyez&cqcxW)b0;H-n(ag1F9yO<zjh$>a6`~K0j2hpvLp~Y+Evms>#z3BR$r9y>{SmB
zGrRNcse9ymwX#d9S1%p48O`eZeN6BSWb3}h{?}ZfpTpYYDg_aI6WVi+b@Kg}vqM*N
zRSMiL^wPblJ}%#H7NoRAeVV>lp`Qsw!-Mf#`&giVE+OqG_|hxol2|<q3g0(6_;WyN
z?QSGUN3eC}UtpbE?ynz55NdIjKx9Vdba)4wy=g3GUxQ(k)M7-@o1O3@1;|E328I%5
zaH#yikUpIFf-aSFvY=irWdDr_SCwSWps$>DaS3}^R+yjuXuf4cJv3(x2D5?5`*0tj
zzO}d3>#&?I$Cr7N4?w_RzLIp4X^#vUF3s1n8~^j=fPls{0_Lt7ypX>wSD5!gE7KwR
zP@n#-!0UevHDq8cWutQV9)Xrrz;kuo_i&7RH4jmV+w3SL8!#;v5WT*hX6R|@V)U+!
zTW3#&bVF8NyHzuJGFp6pX*}6URJ#cU37uic4v7vMf?~Fyx^U{7_hHJ)q?f8?$QBGU
z%`Fp4Dy%)7Evy5yZwUa_4<__1wFB1}I^ircIh?Zcw1Jxoo(=reXiS)DOMtRq=}X2F
zh7p5;*w)+;GdE)d+_$AS^-!I|W^-n%yHB`{Cd5bvJn1kmD5jpnt`<yQy0xS0-rBm;
z>6HfSZKr_d@YPOu0gnwp04R^hDwz3hbWis;zP?VodZKPm|K<r@rd|PoJ5U-t&4y!W
zh)pePvdvlW#Ho<2#vLeVPXKrYZX2NchRJe{A{O@e)W45!3plE6fjdzp@MC{klH+3n
z1&3-zBH*-CTvDPHIE`Em=u9$L_1kP=`3){F;Pt*KlpyD)V<*JD!Rcu^yM!mn_;HOF
zBL$49?S7E^-3)hnp59gIp5i!ojpKePQ=<vN8!6W)>jQMfW5r5YW1L)E1h~`v4fBF7
zdyHPy1ms@0ksf|9NVx0@7dz@gKhS$l;_)y*ppI;hx~M4RU)kAHE<&5VjKN<_1TQU(
zIwC==m&}_GFjcP)djmUWaWo*fj|)+Dg5;oVtVfZ-xw-oEwm%r~#)grwIAcvuRqd;r
z5t!s`w)YQ~m-*(s{nbLl(?Gy$(DIz?W4Yny`V)X14+vO#A>w@;KiD?3JNb#;BhvfM
z1-V4CQs@0~ZW@0SU%7tcqLV`c&qv;JO)m(64fClV*N#)F3dXFz3&nQaqvqn^ISKk*
z6MCuc2MvOVeP!SI)ceWC@IdX}w?+JR?~G0)lu3_Si4f%NcHU3|hX_~7?SH7NlDaOB
zx5mjBAXk_-iLZVkpTqf1PmJ@lOiB8>s84HXd-@~s_A$w!n}uJ_m4E*X?VOSZp<?GA
zutR-6ZyHSjv18m;+Q5Uq_9##E=LbV7w-=pdO(o`bXM=(qB|;Avyf%H_v@O);ET?@X
zNy#z#rh_gUu#A9YKXM?EDAwBXO@&Ty5aREPcWB+_y=%;1cy^P4uz$dMYl;~J!5Jri
z&bAAeguYuhZSn(ab(z|%2$P&!KtKx<dC-x`b1f&(_x|?Ud?*a`5fTK?mJa9Ddh@Fv
znYp#z@AqJvH?5Z)p@m*fp2Ho7&xa-|Dr$i$#jCdJ_RI6Lk7T0*V{$@xO@1oA?!usU
z&2#bjxo>#@sQ$nRPlN9P$u5UKvE<(ew4jJEC8ZW5GN}+>2^pBr;Te?S?oCTX%9E*x
zmOgb4ds=jX4K>0|c9G9>>aKhJy1)FcF#s)n70Gk7SIDriZqMCP^ahJrI|iQ%@1{Tz
z?&1qXRNdIfo*?80_eK*fRmw7u%7cpc=)BOWVPsZCK55lf^3_CAtlAeA?YEVMz8G$%
zgVylep#1xv##2BI7L%B-pd!etaO=Xcs!!b9->&h&q&6Q|CPZ%y7hbc)UT}*qKJW++
z8JK=}{z4(OTz2bYDIn9KsQ5dmq!3`ygTU*T20G`%SeuLnJqkr&O40UB;W<xyEH=l4
zMnXcM-&lqhzTZ%Ro*>F;{fMBwMR_56<h+6|n8pn-sLoS;EmPVzGeLWAqFqi5zL4lD
zBnm!$a|oBhM*hTL=TtvecRt^vsi~>6aAps`kkrpzndB4Q5s(n{j|J!u7E_sJPNGI*
zNeuI&)q-1Ayjn3>kNAUJRc1p&-@=+Y$IU;Z#Wv=H{Ze@C>qP?taVSCgF7gjhL$PF{
zDXT7ccqxGQ&X>Uf`4wrnhm1i{ff}6xg6H8<mIV=dYq>w^Wbr4uAEiJ4D`@R+i3TM3
zVlDCm^rToiP^W?pn2TRaryokHHG(8wbanPr!-nr^@Qr0NNKyttmIovs!$lEtALj(@
zL4pGmQlq;1njB5qF&A)ya~8Y#A?V?;owp%hpw-DkK`@t48rjHS#Y-T^V8ZC$zHwKT
ztw-1^fe@i?#1ldxAauAvkPvG9eLuRKBH(gG{3d!@s6d~<>7AY4-iV0Fn7ZU6rFjxh
z2Oam_^g#jcnivl-q?v*#QbCUmmO8fJ9y)_+8YHuGH)U`<IcRL6InueWG=%-oSO+d8
zE*}hvfWP+XVg7yz-7b1PSM<<<r-GZoYky#_AApw23E4y8<=>;sjP`M$ig}MaTHv8U
z!#rjdhikNvm!R_nPDPd6FAi^u)_)Q9_3qM`5YNd)CBC#AK5iKZFe<jn)>Cv-Ee{P9
zI|B~(mYvrR`ClL_@+{e2s+G4L7T7w&nU!rLRSIzPb?wI<lFDyrFwPZDN1}}%cXEiX
zN?a-8)O)`Qj}PqM!3?Wbv$WHx9Q-D~__}P1CT@K_(@0_n6&`~nXt3#sQ2hz4A5UK6
z3>mn6BQr=Dfr7gfw%S_1cvN5jMnlZ+BX>@;XY_MytQLM5`g_hLoSPxYKjlYB-h`k#
zuyDUx_Mf}b{(~ZI>SBz14dZx7;-!lYnM-O!f956DN=(Q}0%XIcto~If3$|+N>-Ha1
z2)0WDQ~Hh$hcU$beHR;(Hi*B&Z$yTHWcQE3@5B%n<f1(}clY;S;L(W#BP@W0vuTsf
z-?1e?Fm)4v-ZMK}XT2en{fA0+K&9kYt(qj{=hVPsq_6zMG{Y*^v|G61o!i^n%(#Lt
zNAo48Kw;&-ZOADwH>D#hC-;PGzuC1f4E+@2Du&I9L_e`tp7Hef=s@Wegd4^fhTvE5
z5K|H;g|(~>f$%@<{Z&v~@B7A$($bdVR-mOwafjj##T|+}loodg4uKYTin|t<;O_43
z?k>SS<XzwY>E7?zKG`!rW-==$z$DLFk6icXy6$TP)s7-Ls%dX??B;(TUjKFV0nm+h
zfXx+btn_fcgej!P{JcAhP~fru!gn~4T}UGp=@n>3qbLy0>$rn0;Fv(%5=P+QrubTW
z)2xHv2Z8;fDN6`}-p|goU9_$t`kUX0-lrk==Gt=exiBmLo7EKq+HT}$T!~EV!qeuj
z-U7`+7C5MxToJ31=657b{v=t~Pn#=^C)k_RvK<W-G8?@9k;sNE-3OmUyX&zCy;Z-^
z{2l7zcRlkWXosUMA@HU(Zxy0D4dUw{VEmS{`P{7`JX4c0RUX*;7+c~U@l20N+UkG7
zGYrRI(@SRc(<kDN)E7bhNF#B+GsyU+!5_ZwOKk-5^6kisBI3P_Y;T9B!=CQizxUB0
z_)*{Yoa<B(w@=wi69)e+<6aAol;#`<fMDHZskSI{WI2(`{ZBEX$X_G{d<B)I?@P67
zkFZ;w&HcSIjf5to)QJ$WbuuK1*S|M$Qrb;_`P+$5fh_Fs)310N!6G_300*gK;XWi3
z&qKC^^7QXzyJE@=4$}%NedL?`Vx9Z%#`P1&hMF(|pV@ibq~w$o4HP~vH;NQKVPMVZ
z^2bvDor<gHRcjz8H|*yECx{G9l=sc}D&VnqFbR(C4Euoks^a+9SHeKeOP<$#Q*r0z
z!ff7Aktst@^QFl!X8I!qWhw-=kRnt9X1$0hXmQ*L9mOhMVGC^z>krLV$K7}KSgz#h
zsXA)!5uD-3nk#A66ImjtLnp}yk3&)Wa!Vb*U(;c5GH6`4cppsUUoR}Uu7@HNe!9P2
zwrkfH|5C(W?wg+!NCwmAq}(it1d9J`&V_*IsGFVN_3_^&cU#4K1og~7#jRh#A6+)Y
z%4v(WZ<mcPC?kGIiX?=-Ocy+@@q6CBfA*i36?_+?*$zZ_RRA~oc!8(_O-Ia|at7p=
zWt?n|ctzdleSP;%e`LfT<Xn_N{ww!bxK~QHZ#wp&m)IWEjxQlz1xhI#7WqLzLENV<
zx@=;BU6F}tEjc1@6qZ8XvCVSgNt?$%IUi1$0^PK`5$o*?aa>Lo@bx}{Hr5(J{SNi(
z7T#iXkg&xl(38%4PriKT+seASz2+6a_a;p2i>jm(G1gwnl&_=zyvY^oq8Ic3N`Y=9
z)?@!=6Qu&_M0x>#XE2dM^l%cYEsN7KFz{`H^3_qy*PB7>kMFbK^99h_YUGyOCR7+a
zGLGB?t)l)JP|W{dMEcM(YN3rn1cd)y|L-C_n;855sr0~==PNra2L}%;k2tsFR|yI3
z|L-FG>uv;u*WLdo(w~Q;ivs^1*<M;3gn)oz^WW<gO>-|G<rl{MpK_meviep{ZF%|K
zIhgv#!QYtg$|B!BD63U`!<G>Fu2#{^4*{QA)f?zm#$$cxML?^-!|N5T`1&1<FDRLJ
zo#?s6r{ep^p{wV)pR30`yq>|yX16U*K-6?T@_!#2;q%3i=l{Jy*nMmC@xOOksQ<hE
z?|b;)eel2M;D7VL|K@@J%>)0N2mUt?{C~~^S?>W{A=SvjqES~{`@zON>Mert|81PI
z-UB-Ak&(5v7opL|jd8!PX#f3kX~6$4uHWCJ<QH9%AR@$J_#6HAXMZsL|MT@nYuX9g
zO%!Ryyw3|qA3g7(el3u7J})aLr;djru~K>>zYCPv+1C+En1@hzs(0=k8*#`Jvkhkt
zv~_6;zT&D5FV|Y?u3^1@!@CRPLD;y1xf>-Z?%23O+U&H<ZKJCAsKzbVx^?UKxXQ<=
z=uDi)94Xwp*N?25?2NS%2=pZjcDS|d;kToUOiYXCFcZ{Cg@ELnQ_%zgoZ7g-i-y^&
zzRajAz2z7mHR^spVIA42E9(96cbF}XyT!j;Ts-12Nn_MOj^YpHLGI*-Aihi`)Hj!L
zkqP9{+cLjc3`I+iEpVf06Ejm%{>7yv$ZQ$X{0&Cs9({g}a#7RN{6Z>ZI)#HAt;Rkj
zW4AwZnV+1zORRbKQUV08Jl5%vP`>mbcrRuW1P=c>_+x0(-dvqBV>f`x1g(tY8a)1|
z4rVc3PE^Nwhd^6&U1Pl3x)ufy`)f7;4Wm0-4^@#qnZ^`n%n!+k#8Fnq!+P7fpV%EY
zLllz=P{=+bl%Xh&xf%-kA<@y%;>x{$3$pX&i|4nn{uK*MWkHCFawKE#HH&sm0?a6R
zI1)m`WjFHk@`}r~eX`2x5>%EiaLwR(*^o3Vv-vM|pnY2*h;1u(QAtTb9MlyNp)K$$
zBWjKoug|)!{yvwrM<B~+*sfsO6h-zHB6!(gFwc3&lM(?z_-b#r+tg})Wbx_xFqV+p
zPIzB7cYGw`^HFR<on%i<9aUv<iPVhRu8*6K#TRPmnpw<1A$QspK_)1Yq*2lGlhwX6
z$gX1?PlLw0GntY<h}v1<gS2LSpz%&t-$N(Q*L&>6ZBXK#BQFlIjmeS23etoBywZ`)
za#hP(kIXcFN-`nMHR)G-GwyK_E9~%B^zZzQlCh!-g23qz7VF|!(a07S=wuw>g{t@O
z^&4i<6#F4hS_Fi35aW-Vx()=m&_1((+K(5(tOCwtu0B=5-zCp;4m-Q<xlPeJFPhxk
zVbAtn8|Q*ALq6l!HcWVv7l;`G(c+Qf{X5upaQPhl05L*s`oAF*HiLyCTyfWRD>uuw
z6SEODj>p;ugPHFmsOlonct&k*(3FUlg<QLGldJh_?A)z7vL+ey^!T0<hqw_Dypg*q
z!h^RF(ZI|swzE048}{x|c{Rb?uPyIaN2<j_-XN&a)=1mKE<1UL698hJeCN;B`75rS
zg+B%lA{rV=_5y|VoQJDrB%k=VIp&AF8NffRG>1Cp{?=4PQz&ElQ$Fip@Pg=4dH89)
z8<{x0O@s9|E`pr6T}wum`sjzOxC|*GZ~Jx*43x$qmhA|mNZA)$yBa2!fyRXV<yLpz
zx|Q!Svrfp+hC}Z;;f3P?5C)xk{+ur`O?OPG+n$+!-QK6roynA4K^%nNUQ<|J*XJoW
z)qACcNvRY&3Lh<`xR_jrFd=yXytj3;kQr~dC(gKtcif$a>l8$RX=*_>Lu)>s;*MlL
zI(ENGdVvb#5SlGsSL&GE)s-1jIju-nR6-ZRoJlm0$_Ga~T$xW~Og@z+AIC6(Xs)-q
z?j9Yon=%0$*U=@JSU<BA?K@ij_uXt1WOh*x3z@pJV;vI7EsW5~fwY6RXCt_${^k4Z
z|89W}N4PMq0BBAacgxUQEr}2E_VCPB`5HzGIakPe{^uD5GFWeW3IyG)v7ZvK;MByZ
zs;Ey*O{x2fW~WtEshFw@rYkiy9q~q#q8&uqIH3{hS~2*53x!sX9h_?7dJy}FHc8fY
zB~mz9DFsO4NrOpyP(q~T2lBy(xow{^ovig^{fW-xoDcVh9Znp-xw*M=H_A+HtbzZM
zHo9~FVN9J);NhLw>JfU#t#N`u8jt57$s9m9kvsSi-B1^0T@c|OrK<u>W)121K265z
zcuIS=xuu`nDyP{y{{>SbV#t#Sp~E&42g)Bo%>LzkYL>@@`pw<h-o^AXD%FwFnBkZk
z)<>eUk2r*rY6b=d>tkcgYjbnAj__Bf1^^=`Ff%>vS&*F_Ju=dlpPO3<kO?bE4^0l+
zlCegyV2{g2cX#-RHDnFqJSrOdYRU&h6KTzS#!mkG>g4wR`FLwRcp!}X=jHr&&X{;6
zvI6p|0Uam@+kk3-o}ggxH2C{(4lHQ=3Lkekh{BpS`Rg%<#pGlv(b{Re;rvPKS_JN=
z8%dkPCX<pq7A+1iRA`-f>cW7j*NzV17`P3A!tY(KQm|C0=N;_m19rlly)jKx)2{0R
zr-r!Nf3s4DVhyDf7*>4I31?hgZ~4WK>qzD{5!Ed6U2n6t8HL7$xFMT}#G&j@ZEdY6
z90*=2*KM!$Q3m@YV_;4#OR*Y~kdXYj%6*N9C`kRn=}>RgJl|yk(xJm^fi+}vtyEko
ziLbu9zrcXrQudFV#wtdlh<_nY`IaH((aaEQrQB$|3gI~14eeQPW*DzcG_;kQUu_wv
z=v*0P&=0x$Q~3PN>qjb*g^6Z5M;+IfSIvUFQ^SCa?-FLdnh(3cV}KKfpW!0pAsT7r
zQ&K+EM6C|y+V-^;e~%jW<Y1#{$=)D1pHc9~K}MiOV#zc-6|(;Z7aXMfgc5Y;7W0VT
zwBDNjz4VfemV?Q0mrt1Ca5{b$KsC8pblYqjDl0FpwlY$ana+S#E1lQZ*PoCu&+u*t
zT}sC~ZER5tA>-v_2FH>qd^QyO%mp~1TUZRBM$!I?+5{TT2sh*TO|+OadMRH_k0EZG
zeJ0yki>MusgC7{x3u6P{;;%oENV`B>f5}o`Lhs;V=l8g#0Zw(rc6$w0cOp?hE9x|c
zvtO@%L&ZKOu<|hhxY4~>PzKETXWrmNlzGcv&)ItK4b(~#_b5b!(Eanx?tXN1^zwy;
zh0@Inw|Fxnd?uWeMc(a$2AR)GQKYu1>vbodJOUB-t*<g65S{u}2tX&&%Ox_W_Kh43
zInsIwWv<mjCxV4qn{9Nf_I|=X;lk@Hb<ru*Gphf&pM_j4I?6hdsz@n4eT)0BOG$(w
zG0&xuXtlm19e~^%8&nu$BQ*6bjham4skNbO^-kK9MMw#M%sQR)_nqC%mwyFmlwoH4
zF^Z=OS5c$>r@+wi7;P%e2BIIjw}?r(!tog9qYAB2PXKmu?qVdF-73$H@gzPze%MS?
z=r`%Nj|rT7exR{^twbOk*1AkK`s9*Cad7v0qE}Q?D-Ld6jvXojo-)t`r@)}e$s(h^
z-qk4#pJ`89ON)pR%8DmJE?drLnPhc6IKi*u$?ZDGLVEwM7f*8KJ6h6L8xTlee>Eit
zgZM~0<)-%X@>0~W{mcI2%~6ZJg&n=7ePENmF8{-E{d#P8+M658cSDq%oI$zyyMI@a
zNMp58m16j)`P|D==5fYSr}QjbzfmK%cTx@S@lN8JW#l}$Yb#UNa$J#8sM1fCwHtaP
zOLz8<_?sL)e2`KQT&#Dm?sEx3jO0x;?rSdfdb}QdK3S}`QdLn22bfx#FYm=9{J%1S
zI0i${E!?hezEnp`rWIb2D1?|u6yCpUb$}sy_P(l+jHg#8X>4xxq@tu;NC(n>j)4+Q
zf4$whw?D@>je&hy)95s_JLb-xA<}13wVlYM9L$Po#G*i351VSBt4T;z2J#Db{+?Tx
z|Ku{4Cn;(7%oAIT3gym&6|*+SXj~y}Di}m++8wz~R{7kqA=To+#5GBrb`)$mZ!t7K
zSK4Va+u~xn?=2LH$s9GrBKGU`Z66--;9rM+>GN!Z04~(YS!L?A<5k|&7P~peiu&eO
ztGiAJUad7bH@7AX;4X%L{ro9#dU|T6rK@Yl3}t=w{JzVcE(^rW@bIRu8I#n`D@b)v
zj*4yUX^F^_hLsNLfbebb@c7v96fi=@dfuI(qoJT&mH~ls4e9BtIGmidDD2&C(A&vD
zlGUJ6^XZ&-wNAFnc8~%d-x;vf)oTJ~gWaK-H$j18nYweohy+cStYeqpk<tpoyR0HG
zX>)uFTM8ERuJ!e_SUTq)E|sy~%9EJ5$r;@()!5@b#QZ!UPtQ6Pl=dA3=v5dsSnzm%
zJtO&T24^Fc!|h6DyL)h6<E>Bs&oS;_q9BL@qM)-YcjB~e-Py+lz#oEWa@pbYN177n
zYr7%9ey7;|{OPFn$X-mw!jh@7w*C74lmF(_w|$j)FGM~;;;VUjTxJ;-=;jAQzWq`q
z`+ZCta$0CK!f)%ZoZTag`mG)}F6q1=)7JX>JAKnVh&Sw!f4Dj0{xJ^`l+K5i(LXc7
z#@`BNQZ010nrMjCE-FfPrXVLj866!Zjqm<?#jnU=WBu~jHG5CEXWF;(D~89%FT${M
z<T;S!Oss6hEx!8KIyRr?fh77VG>O&6y`hQ&4PGzZ=o9sBXD3;+s5Ovu|4eV*Ao=jC
zG8S%<AK2p@DJr$*wD-!a)(i$j@>`ScLc^k>>_A5|bav|Mvu=l}kbJyD1^kZjFKCG<
zDLbpzwLC=pm7QpyvtHoNuFMN8eoA}ZVf=5De~++s&Mz*yYXPAF^Zr3WEGDuvL_|dS
zsVTtWqOo(H+22NczP5kIp#;BfI8y?)w91o?h!|LIx4F0HVhww|*&Z?q4mdcpC}{DD
z7tLrJq)uO^+p}vR`@qm1>6s9n5|h%as<})5@hIAIo#En#X{eckrHr=rQAm&y-_Ysi
zZhj0yF4fa>P7zCWclhoV(TB2A?u(~zo@g!;Yur2_?b{xeBnWvf$km;;=}wzlP&0|4
z{YR%TyBs{)hk=uGHc6Z4ZnGPy1eng{>C4y2es76>WTtXj)BlqR?`BrrpK0zXi_62|
zh<6$)csMkciMS*|Mu;QH&uFlkhn!VbR+0b+kuEVF9%l^lpb2jY0rt?FO_^;MTYI=m
zHc>C$874WB>A3EO!}&(10WrUefVRf=V{&nm4qfI{Oh_HGF#jb9xA{WPkCOgMhuUJz
z@{G|LJQ^Ars}`>ZHU(Wdrs2GFI>8*n^kVr@I}ymKe8ccwUHpiFSLpOocCy=SA48h2
zQA1NUO1lF^*!>HlR2fh@zFHWbUq7<bKFn3IZ$3Pdw4^lmas9Kuk-nYmlW6kARF)iI
znreQ#Q}i;97<)$z9jzc#`G3{3yc_@vw_~`P%{>*6MN!7znR|bRg@C5GYvkw^?so-0
zAkczGtPKD>Sc&Z>19+-i$7Vd)^l4?A*J9}+4(33Y4GIkUZOC2n;PVr_a>ao3)|C?=
zJ=kSe9sfd5dofw(QzKtY^~=6$?)DatqJ2f0PwLRQytA|O-gdoh)qb_fdHZwyjf){$
z0oWF5>#T;l7PvU~u+|;rzRxVUO_R4XS!B_u*12e$=;B<xwY^;ebO@>LtS}OD^+0>?
zxLDItMu_X%{^JF{@B#_71-nEhCdQ64g~cH6DNF-(@q*bxWeO(%V>YD?`8|YY)bJsM
z<Z1r8Rj|L#2-iCxY4D!-`soMpdi7ysyuIvagwR7dK~`LU;Au>-S#J}}2SQb=lRUPj
zc-B`_U)YzOi3IF+eO=%-92ak^|MVGx&eq(q;dAFeKb<-}o4Z;wmVm*cqVXx9c`e_L
zRQ0Sp%ZBM_ioQ`BiJ*tEkk|c2s~LHQj<xopV&%rkneQRf!yl%)m|}JGLZ)W&!I}%E
zm*%lC$ui4K>}DiJ!#1xYfC)fiF?b$Nvqh|rG8>{mdH2(FZqd%ntk>3$OL4NK817;3
zQ=(##c?TSIOo9At{qE=X)Kpz1Q)N?&G^8v>GPFeMN!&(+%+LA+To&Fsk&79SsjMQ`
zez0!(couqS8xz8_MUp`UGcz-+?K(I<aMD6PY5{P_44y>5`g=T2`J71}$8*|=+l#Qr
zV$FMQiHRRI3=E<{fd4x|m`A)3C*)wJqvPAQA^PD+sf+nRV*&(nI<Am}XIkxU5(F1=
z{^eVFjV`ig2pYTc>t;g<*nHfxJeo?3%8iTr;Jl|N|H<F?8`*N}c$0-U|7tu+ox!iJ
zi!o>7xX19M%D#rB=QoRjI-(q$>U1~#ovM+-(j0%=L{hXrd8i{k)BA6#P*JnI1{0Mt
z+CsL!e1Q&ma<t1|2D;AB<XGV=G)Sy}M0in?7pyEOFnbEZB)vsJMO}6R_RF6ELTg&~
zF`B13J5ckEnTC&NF2C)Juyf=+yNH(3_{Q#9tLIbv!K=6&@YC%LY<1DnG@pluCpSVJ
zT)qDyf_c-_42LTG27UhZvSLDTa4m0}Z39itDlPe!JQk<xbx0@hYp*n5Z_kv~7W@v1
zegUPU<q;cUEY_{9h!8CoVh0PT9rjas{H26Xzc!u5pURPtGsyTEKQAW0&zs;nkBy)$
z_L13SOH&HXi<#Ng-d^RL4qEw4KUhNX*p>*=$rgW&@NtCki>fMPtjA9s${#KX!-II2
zZD$nn4m;CHQ}0bB8_1E2BprsilD?g6gBm~uiZ(2@R{CLgc|u9Zt?B$psEA5JiAr9X
zA}Gvt)i&0T(R9_c4V{wv%=)m{SXGXdCwbj|#w>=9!RaSf=Y8l_xizNFZeW$yb#-;(
zk9$EqeSI;`@W-&nck;siU(kHWfd!J<eHitUcilN&wZB`|KX}NKM<Vt+FgnWy!+Et~
zz@1jno9OY=^j{<}kB$OCP2=bmS~|DQH$76%_>Zi*jO_fwc%lvgsxR&ydlJvO=|C<S
zjdr9yK5b~s;`483vDD)^4d?C1OmFM8f^T=huUZ-1mv1Fw&KWLxN<gb{=K8PGxH9X(
zUej*w8(E#pzz`NJ+iWyxo4xiNCeU-^cFaP*vz@Wx+i+sU4)d`)0343FVnG<<5)uJK
zypH|?-p@%`w$39_9i*s64Kp$WPuoE{88XM_I}lm=7fam>T<_m@xj}!a*Vko{5ws%c
z(tjL<;Ns$ziHV9{*1G^dBrgo8MFv9cOW=+Plk{g-XSiwDZg+wE6OfK(_ko1utYai2
zVF|JD%OmE;hH1~Is`$6v_UgnE%nEV?W&BXo03%L3Az@x#nQhO0BU$PU!LZtoJX{T+
zjSNTtm$XiOS3H3?7}XuldX?DM<8Mg)MpsMg@5aUta@ZpNapfyDuJ_$0-!2bx=dve0
z(A3)=Ef=AzfwYJ`7Z&d7Ch9~naS(>mArM<Npc9o2YaZ^@MomFsS-OQx<YUJR7!v~u
ze0Qy>OX*q)@b-L`BNt$qdxuwMC2nD{mILk>h~C!3ZwaT1FU%<tCF#q@Zz@ZnSBljB
zcK7d>&Asb!hl^qv;~sNZA-_)w%*RSFY1<ustSIpKh+~v-AN0%U$k)c&Iyg2K*Zq9s
zl{P@W4+1Cl+h2%<)>whVzLd$Hj}vrJxe&oSwQOlycg+3%o*6M8pZx=Y%hgZs5q|rk
z*q)A9w^e}l#}0rwl_}v}38&$F0>qG0=pNSZv=$z+ibCwS__I+i%4Z312v}uRRyqX0
zt{DXd^<`*36z}Zq6%TK@rKmfpR8{p-a%+mC)M=|?oy#cNZtjT{4-vgJ#f>5*4ojA~
zyFqodovj*N#aGC*B(PSUFRjG>#5)jZy#ja`bL>(HlarI90gqQKCaKWhh|k<Hxw%90
z_@r66z~^|QFx7>@DR_}BRp!k%(|t)YiW!o#3xh#j2PypNAN$VbE@K|XNmsbTLLy3V
z2?)$$;5R4gqnLDugomF#(N7U*#fOi`=Mk|+6=dbc73JnK!c>OTG^Q2VIUqMV0ROIJ
znVQs-oTS~$VXMV28>{qH|EfQ`=;Y2pokS?SHaH@TGbAj6JtF=kqec4O_-{%^c1m<K
zWaK#`*KCg-yUkZxM1)LNM444iTc5wSxXs8nJG;|LjAC0eKjDT{M_YTfOjm9{ggj^`
zewX5hZ@Hge_Y54f_o}6}^<OgaU|Y@l<2mz?%~+S<s2JuQlasKiYJ|wPqUnF$nAD&k
zsesikZhn4U7~oIoqoboEqo=3ug{|!gmrrrP3}Fu2)Dd}|ntHToS8jUbI0P7FQ<<(@
z)qncOF~&|j>YYnm+cN~4-v->@#V|Bv**@Om?|kooiSFX?@$u!V7AT5~iEaBhclxk7
z@IlqDIm5yd?Ks*=pGwEB2v{ryd@hRnns>tKwY9ZF7pKaJuoG#@bK~+#OVgs^d5~0{
z*1AJgRn_SQKIbC=$npf&P@nh}YkP}sUg(q?%h^grxW`AUPj@>qHha#y$X87<DcOK3
zot;JpRu~)@QN{u7nE$zM6jgpq%PuU8$;-AnUz->>Q0F{MRE}7>aQ?ioQfu+ULrOC`
zRs#}M@cP?FW(uc1-deH#^~P&ry&Gi-rg$ughvbL;;L>4FqIewx9N{xb@$RclYz*wp
zO$=;JD7W0ehZ1}k;yA@&m-Wr{PSlYhbE7B4%AU`>s(-=HxXCP&)RM?ZoAEl3v!Ib(
z@og55E_j-pj73QvB=;yM?cm0dIX+ra*glSz$no6PS^%OVZ&7!1^9Q@#zYQ8#P}*zc
z(0592qxGX18N<q@#zw#7TiY0fr3QSyW^1PzQfD6}tZ!NEo4g>J24}@9lu1XhdEoZW
z;5GxtSk}+%{{H^fMn@rl=}Y)$*FpBv<DL08l-nMYlk-u5gqRqkK5JTK{A~sZ(5h$*
zNZ5(nn@o#hHytVL-oKL5n;xl2Oy#gp@lCP35>4FS2@MXF-Fyh1QB#iOs4>NJ9^r~q
zEC@pX+~}~y2(SF(*$lsXe96<x0g;kgEF@3>`)EpFKSu+Ykf{H2=pKp{HTZ{I)+-S?
zEj5o9C`~jL)?F02t9!o~$4iM9@fIf+Wvby`!C}8wTD>6`KANfmI-?C2C0wWJV*Cvr
zZ#-+N(aO3Q!rGZqhCG}V;Kmb0ibiJRJQ)!U7H~#hrRD<~1MI=!(HJ=;>Z6hN3}JVz
zV=gk6w{{{I>Jou_=)Y`EmksTmLHu)-@e=+CM0A&~r%HZbpHXS?V$oD<&FG>G!_dRP
zSbSljJWe%NsedTA2_5OTSaeA64hc4JXvm8t)^GcHEb|ZZWtFCX;`E#>R``u=wX~5~
zgAY1h){ve>1^=z@6AlOwPl?C9s66Zqt}2eqU(yYQS=AhQ+e}Ot@xSv}AmPILdu_<C
zNaE}sy2uz*JH8KV@I9YDA2I7Oh%m4=Q~gx`nFYx`lf*Iuoo53``O97tNi?XDO`OQ9
zm~Fhiqofcyd~sh-7@7AF9o^Nel(ya8bS^cEA`v>frQV-y%rh)D`SHU(57>1p0Q+FX
z=KVB&Pcq3H$%P5g`iHoD+)A%mmHp%Sa&D&6i@2WtDAEXEapCJ&S$TGMbad2lbGtXE
zp(#+O5<E+;`27msxy@!NHYrJzkel}TIyr?I=f#rgrnG&3)Y|>XZ6D@6+4q)UpLG`}
zvdl6z_j;VY&%}U$v8m{5b({V`j8qPeZB7?eA8wbcpuzOdfhbe+!|RXn|E%^R_0FM_
z4z9xQP42wp!wP52G)ssVy_^T4nXZE5OE=Gp$CHqC`!J6hruEWOX-lS`rQ&*g>^*#r
zPnYY^mtBvttzv=`SRNJIgT~~xTSGDGf3!Vwj}UdLmdDSnltBlL{sq~b&51)*c9*`E
z-eU#&yrP=tSf2Ldt1||lNGn&$y*G~mEzZ-Q@18epTiTPG@QZ%JGElun_1e>@`rShY
zWb*3Uey$Z4r2g}KVU#o$tSZzBR&Q5N#fZT0Nik*4ABME}Cm7pj1VJsi_`O`K1DX^P
zZ&F)-_WBwzajEad8tQUkm{10JI2)CpE^+Eo6Y)6rQ?Vv$&@W$2Phq`$qcDC-dm&ri
zzt#L&<9W>MwKC?=El|ffv)N8R%FdpLi(Wc{8Sx3b$#$t>FQ8cpP>~CZI@6*lq--Gr
z&RyYv2gcgL$w}|(Y_*vLFvDmy0!KY2CY_pvqO7dHDlyv`Xc!0ULlBSbVHI{aXn?yr
zANr96ev<$b1&flH7{!BT<nRop-Evz&fuGp$aC+LYJ*xM5;+Tb)_44VL=x97Bl{7VF
zrW<$N_z9=c+S%LrHDtMZ0wN}|<ni%OHtB##_x5eVv<K5di_>o5-m#NAThd9+bYs-(
z1m`rqU#B^-O6*KjCbvuEVD|J&an7I66%y>H1UH4+Q*Y0nokOcWcdh#(6%$<#^*La4
zkTdHpu6dL_r>BHisgii}K;`t0?*u@k?2Weyif^CHdH1UfVI6LjCLtJIli1B3yd=tv
z)wxmOf$C%-u{oTP)_Pn{gYV!D%A}XFM)>!x6XHp33ZDI1PrKf!O&G~_KM&V&`Q`+2
zwCFr^;GL8fD@nMz%Mh(5m!m%=$QX@yIqGBzRfdK|O=h?8?RU&vk0laN<REwkucHkA
zuK*R@eyp8#%ju^mi)WEmR87Nl9wmL?=-+w1Q29wt_IRZV3m12qnw7P349E>w0RjNl
z#dLL_8Y3bil)ioIxD*0EqA{E~RI{z65MT2f23fFbe*bZ<N_~x!`pzSO8GcU3BBrDS
zO>|{7dHjg^d25f|##;-@RH6rOPAj6gJ+T(KeUKn<J-|yiIOT24^FxBb_pgT`CQo;g
zxH3nAvoPEff=nTvny0E!xjxJqjdrz`OIFsK!#$FchgdU~MGw|&{l+?;JWwIG<{f9s
z>Z<GdUP5>ObG7AJjW?G%GkyU_Ior37FA~r1GFVrSO2Z%b{|vM(AZ1?_O0RcADsl5!
zxVK|a)G9I*^sfbvUL@r|$T@z9G$;@+pOf7ufB(SVZNJ9f7?zrk@sS_8;d}6*(l)?D
zGK-4xG`sz<RIvc;g=Bp$*w6-VXp-Ie<&GH!zAW?)j&PZ#Vb*gvP>e}0L=$GZCw97J
z=<Fqqed2){&X?U(EI#3np0p2WB$BdBgQOj2%trO0yies_O364nfB8)2@SgyCzTw#D
zXc;}$d-{`+^G-h`ZUD}=QtKo%a&^7q1r98cwe|Ju*2cyk)YG=d(zw2i<crKcm&Ky;
zeZb0NVqsA#J;HB$?kg)G6!b)Y+<n7<6Y_?buc`HL_Lw8YJ4x$60M)c+&`|#FhP-ts
zEI$S)mYyuytYw3s;+(^$?#cMEQS<d$m=@UHk6m+FMY@kkw%F3sr!4D+&l#kZ)*Xdy
zS4!|JS!o6Wa1fg)YLP$cXKSQoV!meZi3SuFCYV3>;qOciRIBj|8l2v{HSKKmm_+|^
z!?q+QPIhPYqHG&(F5A7Buwt)`Q7+EbtqzW&YKSWp_m#U|73kKbi>b$EBh=_6%ULsA
zoip!CTC}<qr{ZK8b_`ypmf08g#5`I&*^?+i51K<iGRt;qZ3*hZ@8aH6ho^JdzW9m(
z0Y(Y3f)yu|yex0`=P*And972Azl3qYtG%?QeQF!TsXrSKp{~?OC(&%VSla0vT>i$|
zq{GEk71PwzT*t9H)e8m8TI|Z|>YS5PQ<uh_!^xMyKt*I!AFxME)>_SLz$alo#>auI
zn`@pFX#ZFu8J*m_JRhX)Nc&PX*{A4c^nD$;`RbM)(Oo2LExUq4LkZmhz0rcRm@eHa
zXVjD5Z1AC2>h9(q>XC1q<7pQ5{7vs6q;S5U2G|m|I;^KV=@hg`b!S!o{BVb1Udi<m
zl3BS<6x3eJD*+b_SvQ<85ULmtbT2S)E-(CSFqsq8QexGNY2{^Ny={Y(fN`QDXJ6ma
zPbv4lyFFa$$mQ6jX)UK2lp{M8#0_oh80T&}Mw2^6Z9!2<%5WH)-*e09$rVT1B;0Yn
zwRRByvr>)~C1dKCiTt|YE}7G-yB0{wt}<--&PPef<WbQ3t(iaD6{d)$J83Xqo)f?O
ztbFj{tgLMN2`#P7=K-b`qPY7cIV~PTlviivG`w4Y5ph=MG2B%t$QWmrP$M_+c#|3w
z{_%(E0UL%Uufv$Hk1o=?cOHPaZ)oIe4=mG{fSJF)#&Xtj4r+U<r<0^%2`uKB+~7y2
zWvKposdlwKf1O=yTf|2v2UwtjVtdUmlK-k%LcG>PBg9ORq(={<7+&2pk27pvzkYGH
z#P`-#9M|wjNlG$TQ?qdv74=Q$=qNXNSqGl4f;PpjbWrScmy6H{#ADM^fKDq@z}Xsg
z%k{d`&Td+-GFZB0{F`h4E2LY2(LA}DbKN=f3nYVk-^kb{O5#a@dI(JVH1mYz@0FYD
z=_}$uq<cYvx$<*ibRE$cNO}EjO@vVM`F*qyyY;N-OPsAJFdl!b=1v>U{NBz(#rJp#
z-~}w?tS@b+cH@<E)?MZANq-eMba^Q{J<yU-p?IuV>aRK3Q8&<*D67Bey5E+p_CQ~1
z+dJxa!Smp{N20W-SDSaMSxp8X)co*E?OYSCohuQT9E>J}V?bLSmo^(-7CAQY!BHsT
zWB=Cl^_FYuPZvRETtq3AZ9c0^vc08(?XFJ?4W3bJL&OV51_zgdujmNMN=w!9j4n~G
z>`Y8{>md*bSQz|h><u(xs{N1f+B-Pl$p&gEH0_=nY+W;NmKPUKivZvJKdAnAoWgg?
z2OF12Q&j%tKqYRQrMY2<b{Np=1s{Ao5O>J_lHmj2w0cYZ-bbGVn=qQl^>|DUH{ZZ*
z0U=0qUO#fg&C<&1X-}$OQ9*$-p)FhM@%D5%e~SA9d;7Hub<Uf&BodT0*W=!+bH@Q)
zUsd^6a<gAG5<WZ<w0*{l_V;@KG`wbW{)ZTk={-DXEdR{zWO7}M<+{5lIl_$2XWx$Q
zsT03CW9(NHktY*diGb4B6!$pkxMuQdc6WB^zkVdfnsUbzrT0C+Ao*F5pDeXbMmKVo
z#}`)UU+>tXuYX2O;k00Ol~3qqz~G}2pT2WaX^v6YcMPcv+W(~Mekt;}Zy;l;<RdBH
z$_sNn&VXsS89shtUd0>C3m<DLujws0-CF?{?AE!Iw8h>b30SD30m435zdO6t%#GAN
zMfJkW$r~}<TWQhrd$lt+i%rdy{=8Xf@)opyY`MYVbmouX=MRq!naOx-mCN%#kLPT}
z+S&xCGZ%me9oS}fP-}Nr7gujjkDmEtPVWk-&8c2WZuZnOpvGp%B`_9UR4*Tz7xnG$
z$cFRr%+B9ko;WEg8vLDIE7~o~S0G$f{{DSP`tiES#ahoAX!m$F-{^Fc+y$U9J)Wx*
zcCueo*zvX>F$_(nswCJa;~6yFMpM-ooWS?H+}eU3*F29m56MkG@+r5b^5m|LXG`im
z2mX?o8bTlYr4<Ls>dz>>RQUx!Dhyj|Pgv2?^viZE3RO88GsjK)J8cJyO|p~qEK)Ha
z#&&trX>Ml2+@Rcrw<*458*I?h>XS92%jjunPc6f;(r+@E#^Sby*kK`qg-_+~3h_$u
zcW$yMM)&phhdLyy;~W`a*z~U6<MO-ccG+iN(hbkN<E=dmnjN2l4uid1mV*MXlyt>}
z8QMuBw_1Oa)z73b_D5`#A{wN3o=!wwKg{%)%QUV}8HD&~B#kuN6|H7Dx??qKm62(o
z7i!+_GhyBT^!d>jDv!NQ-}<mJGs_Utc$mQrn6@(rk=~3PP8OrwTqZ*4Wy=ZOP69jU
zn@7`|6I>O(e4nVVe)2wLz}-n=Lq<gnLzEx5y1i{1_7^ZUYla52Om)?$90SqI;W;`5
zlQrM96<E`AP3FnXqA<4fBD^5a8_K@0=nl_YpaSt=f+hKA*;7*eiMM5VySZO_@VlEv
z`Qp~nRKJWto0mwVD+hy<;MKdXdEthembVO&crDL>1_Jnb$rFx%qUdK1^S|oKc7z<9
z9|lC=p1Ch8@PN%dh4A3Orq>T~YOj{p;Bo$xl5ds=+KTKBvwD$RvK+wsOm=QBW2NtW
zt49DSSSV0z70#!o?RQS#^oSlWVL(x@W3V{gmMXO0oSCDB4?I92zfLZOrd{Up7_fQu
zL*a6a)a6n4HH{S`BI7cDp3k?-Riu1&($0~ur2ol;;6I(qH?<wC1;gdS`048y$6A?M
zADhDY>n_v{wD0_w^qp=6d!1V!Z8(}Yo`!M`QoAut9CNtu4wo&wCfZr9=qEy<Q{UtU
z`hy=_h>6$yPlR5|&FTpq@4R<yUxbbcQfFo;-_|3VTCcf_SOM|!&7n=gxL!bGua<m3
zzbk03uLW7e1lmW{)NttMtBNbvgD<x7{(!8&IS{%p`w*0nf-t%VkIIel7IzkSMbY-p
zD@#eqxMsO&|A4Ui!ysZ3%>yo)?rK{=v?}_l%ft?UQBjPEiTQc5v%_(uIV@w)B2U(g
zAsPJ%R~Nrn{cNQYW3jPa3!Qa?dm?#09{#DpzHB>BLb2{TVniaNyY8XogSN)rm*-Ck
z;ulB}f!C!_8$!O`yf&}h)!)cQ_pT1bAx%zpF2;`mAX};;><=_=)NjxYXP1inro6Q=
zpso|psN?&LVRO|gVQCW9<2k|HS5dhGrfR!XVYs#VS6KUWW^=6s)4o7C)#5K@#>}U6
z=c5b@bSljuPsVth^pVz@4zTF{TLJ=~7_3Hsq*%<7*@F?Awk{dJK^;GHfSQc7tIi14
zo$^fdcF(p<n2=6$l&>~kbzCo0=5(JE7}mL%;s^d8XOLKy4&+zKQMK;w?jk?KV48Qw
z^LF2r>rG7C%cc4(Ml)uTKB~pjFx2Hm(_Facy4)BhX=XKa-7G`FdKDZCU2P`dsbY1|
z#oVdT67#8io3>iL$$kL6pvUc6YHDhUH-L8Tva+&fOl1jmFD*3<RJ?F*9}!aW?64lL
z!hD*iB0f#Uxse8wJMAi&;1MY}o<U0a&6^f4kuy#A8Cx<8e4VB6BK&g=($<}NmM~Pi
z3be<HOEa-3(BNDcHWQ0iUSUQ1xZPFeu%D!oml>WX6UmT6;uWykkcr<L<QuMmc`||O
zH&K5&%TuRYJz*4hdF+xG!9|HeVk=GZg4K^o=v|pInSY^nkm_@6lgoVp?8JD+v2^v-
zz$%9KJ|eL#`$DttoWBc{+Phd4Fuz+N^(Gqf?~&8|IqL$kF+8~ZSAb*Sda?inNIC1@
zhqkr7%(Ce6BfWk5KuBnASgt<&^{Y~n1eK46-QQRSazIXAE3`UjD^ihw1~dg~R0@eC
zzB~IA7#Qd}Ix;eb=e*q7tWi2Ksgct*;>};H_JxeVQTnt^7`b~2>jZS&yX-C(`H8B)
z_;5V=OtMNsJ;YbfW8^7{&N*@HQ2StS{*3;ea3pvt7s%9k1_Hr)+0wZsBZ;*CH833j
z_$+zQYbXIq_sG4obKGEaPxuxQjyDohE(vV89D069B4v@qUSt*47rr#}Fmi$H>=y4>
z_1382BhRBPR6th&Lm0$Yt$869;P1t^IZaO4+v>sXe5n@L{nR_%zDa!3dZ0XocmC|L
zy4|F0Z#QhIWfGOI!u+yYGmMpKbCDxl!m;&aPL4f|R~2Q_8!sieI^CYS9Dc>HNZ{X|
zC3E%*ssrXLCJ}P6jSu^Uchq}l>->Ch+ip{O)1JI}joG5*d02%P>vLC{d{|ES2I-X8
zhvHJhFDZ#;mPJ2ec3==YxsZ1FMp+XVOI`hyGS<1YtR;rgkyA2!Z#U$yFG5~Ohr95z
zW_#OcyrhB-sog^1VL)a&4ZxXLii`IQ0G3g1CQJDdQ}SiklVbyW&DM8&UO4XDi5NWb
zF{@pY--=2GK_C!sa{2nMv0n2{3g71!X~B~f3X@Q=;ydW%?`!Dkw`V0|oN+~us1tt1
zLjK%xXKz|2X~Gn%dh5j)Qc_YVAVy5o<c1-us#Fj9CEe}F30@JL>dupUdc71TRDQ=e
zxDG2ur9OQqIKJqFND_UrmeKFS3Jmj`!gam01dG#AF0lJCzubL~@zR;zSBnA7XQZSK
zHF1XQ>|!IXGw?FWIjMvy>3X{GD;J2K=HGdWE44&CxihbO@>jn>CEvu9R1Kl&<7>je
zTzCw{vrF&}q}HB1X7sq>UUxVgn1E0}+qq`*;XBoYg{f{P>}F1Jl(%}_^xezx*XDeE
zb>ETUe5DkWW&tAKX>$ZETjokk0}C9;hRxafpWRXnSb^}iuo-jBLfGxv;ORLTany7~
z=RUD1P&VI_X8)@7DN^sE^@rE<{l$ZPdPPElM)V)hLr(T4Z)2llYxC?Al#L{c+zvOR
zK*+5$Tj;D@kdmJ!==+E0?F$~l5pqsBcH%0ZFeHoleEddtr6f}SpgTy+;iRivL~+xQ
z@!&~aKtG6!opsM4Z4k2R+58_h28)L-mwzoRmVNdk`AY`={NlQJK&CKYux>8;Pvf<$
zxM+-6BDbMyt?P39=-b^jx?@)|Gy+tK;|4baCpF#+KH3O~@=5nZQQG&+4Q5i$>*b5;
z{FN%2?2NbfeEJMBQfOVqMyV%fB(+hROE0xuNGQkelyvZ(A^x8uJ4ofOjZ-f=UM<)6
z?o1u+3MPb#h^}R(P4r#aRa0%s=_-Ez7hJJXOJ)W=B3{sF0Cg3CpoT!6DS<XQ_R~hs
z{lgW(3$YWqY>9fcWo}p)F90r_a+eK+c8z$j2|A<R&PISQW#~5U#pcJ(PW5+o<5l)Y
zb$Lo$*F{p3jsXDA)b;L6zaEH<NrIhc!C6l3w@$+}?{y`JNVN_eF*Fam6Vl0+V*73=
zm*K>ce03W4XD}9ty}#$jjmBCmH!WqJwqUnQj>^7KP=GMc_`udwm_}eQaIoN4OAtxw
z97)UMd&>R(5n@v+^8xRkl3ngT*7NoAYvr_+F_X4!YNQ*?lK<oT#-Ko1gIcy^TWY+n
z*evR8J_fTlPOeO!c4l8c&Ql7;+&^!NygK>d?VZ=p<jp(r=F3u{1DuC19slsTbzBe`
z<alRJP5c5!Ta)IB9I4%Doq1h9B;KV~y<AI$IJjfxiDp+9HkWu{ezNksn#*A3TQd}z
z^?+SQ#(q_j2UlnJH1a<Z>o>jFXMe3G>z&FAgJZl8RWb3nSQFsCPL25!!&atG)gIfG
ztL!opP;zlJtTFoHy4JE7wl|i}4qtt`W(E#cS3YyH5k&!QKF2@Oi9K0{Nck78QWZb_
zDoEd8|Kq4-2d=U(<f|;Ak#eee(fmV=Gr9Badp^g(l(8Bq-WCw{1M{g5)bW98eZKP+
z(D@fwIaThocCU{Nof-^M(q4~~O`4mcRK8mqe01vI<B$<-Eq>VJZ`Eb2*bDfNu0iUu
zcTi4=!7w<DDkQx)PSo?AGj`JO4;`Q6h9F9PTw^I=0`;;6MZj_{t>rYx$&`S6t2gr-
zf916!N*GNHbSLc3w+0rIcWbOZ_F_wOgj>?g6#aT!sByWWX*!~p0qSjsp<WIKE|P&N
z9v-1X{qy73+dsGEe{E-^Qkn*<VJ{71r4L0U&EA#2ouA^5gWaW*d&L)j;yh031Cj=M
z2#>8=l~t8xRF${PLaV3WS`=9nTUf|gLNf%59iT5_!)77L>Jla`V&qKTy}~>$UA~Gg
zNX)MD|9&P7L-f!<W;(^-Q(GtN+MCa5N<LtBjXvG#x1hjutt)6ziu`+TuU{wJwS856
z00753^RulGa8ew7c0JWD%l%2IteT)#2Y~5`vUF~q`NqHCXR~tnOv|%t0GRvJ)W030
zJStN)3gdqDt8haZ!=&2&-#xBN$`eP7!_$|>;yn}J;QRCeO3soC88{@g=gw`Yww-{e
zCY=w$YcaP_I8pg?s}_;lZgqu=nmT_#`)F$_wrw)lCtam*rDsS58im>YK}lV$)!R=h
z|8c3j*xUj<GgW+98JhA%JuN!tZ(3SubXrX5#l@_cpKkqjsqpSpX#Cbg!WNE+*l_)v
zsU)UzZWJBdL0$QYl0|l(l7`BHl8VZLx~)M|@Dhj}qa=gDq8N<B$2@6yDxf-1+H*`}
z@lYX@b|j;Q1zMedt^4X`qut|};FxC*&|vxG;tW+L#TiRbguWqHr;51X`Q0&Ay3`Dy
zl*&#BOjlPc+iSmdOU7AK*Wxt2iD~9FX*7B*;YMg$6sg~g)L3f=YN`cKzh}4UTsADm
zBgnhVSZ_1O^M0{Dj{Wm;Mq^98U?O)g)OuqVAgO9$X2$io<)t%j1qT4*KhwS{o3H2=
z96z%STCTSM=Sy@S)vGn`5D3*LeAkBlswE$P$4`X({+tKLvHL+iP`s7#g|^qu>!v^I
zxTdO6Y5eSwC<Y9BG<oWqdlz8aU89DJ640j-VCle;wpjV|x}lxM(u&TpJO~{|{R1E1
zJ&>Whzih=@@dVxO_4Ws+-;Bo1$Tx<E6WL}+%bS>@AP0#}7Sp2urA=H5%i{MXnk8K}
zE8lb>&LFX~sMjunsE8`dYROex!&~o&mN|d*jXX@hLAfMn$Aw*|>5;MU@~ZC+Rx71N
zp2`mhS1)<h2Ys!!2>iGFvwDo#^x>u>JRxFtu$b6l$4HOF{gOOt#rq4T;A)(7y3Xs(
zz;uW4Jtm<vQvU*(c9fw3<#u7mErV$w$OQvFrP;t?UWh!f7`z|QWlwN;?@HRFs#Czo
z9j7wN=ow|(zsl#rGdWr0u9Z&zOpYs@er14#>t3`OP|;DxU-yXKcq24kDB3!pEL-DH
z!aU#9==|Q%#f5KmMfAyAIa@U*KFbY$6wqh%XSvyW!P)zVmy3n15fk-A5GJ3#&Wz~1
z@*m2$HFv=5*FZV5l;`GLh_lrU_p`Wo3Z109D^_a#ZT9b22{K9ti(n9+y!3v-<PVdU
zF^!?knV4c9TK$bn(flVK5BbIsigw4T+=yXv`9|u(B3;s8ayvg<S8$;0BD(l>%*%5B
zMo~z3YQx&kws(rUjr5$idJ36LR)M7}By1-Zf#TJog355@DvJ07g|*6!<icz2*{nB`
zyk+m?Z<F~T>yIvbgswjA5@bOdGptWP)~83-+x87#tfqdcE81$a{n$M6i?wUPO}Nz9
z!nx$yD8HSK<hxlr&aS;ubShQ$DeuBfF=J^Ntf;DbG%R_oL#fqly>Z$Y1{>X%ucUd)
z&-Q^Fy`z%l19?<hLmmN~JX_L*S>KQxpMBa>Tw6lv=a0g!$$3>W6cm58$qgI{5t8`y
zcoC|$@xPw8<l1Mp*X)iRcZABScvuu-=nnjzv1yx#M+|tS!a}Z8sWTi~*ok%Od4^{I
zE7B9<6HiY7=gUI@@#pLIj^iKanbP-aFTqrsO*x${`}ykO%x3u0v&DTBNWN^+|2!^@
zAEljh3Ue<UCl(MMvT*B1G?<*o5k2s|SKM(Tw8lIC@RsQ;8lF!63mS($fAA(y{p@w6
zxY?SK!ol(7g9MB>?11MeCJ>R}38MSe%>@<QxPCMzj_l+(qU)h&)E20aUj5jUFX6Xe
zE^t3zhDqM-2s`_(r;>N^mp^QNB%Liwdlu9_J)ZclFjIZKQtHhWr>SJmWxAZH(u>(s
z9=6?;dGFN6;`>o-7~+0Hy|a_@nl52K3;O$RsvL5MYe(K<u>IYHI5M4!j}9M;O6Q$@
z>68DV>Ab8btInE@@KtwZ&O0i;_j%IGo=wERO#O`6i>t(FGN;nozc@*T<{CGj;YE-S
znd)bbXjQt+@essP41E}k9d&4|NhzA1-YiKsMaysi&HkZMr5;`R$jU4-aI1(^6(c3M
z^0jh&$+IiQS%>a*uQGw|O*(0X>1M?uhNQ1nGO=ba$EwK?1f5uF^irtJdZuA=cx=Rr
ziLv)Pi~I0Za-;E*{l0o<)UWlzx%vtgryIY1QVE4ru85KLBHGrYtd~>hYN&@!z#;$#
zY{PC}*#{)r$=Q;i^R4gPq$-V;uLRTZ>4ZLT_V6vq%KxBZjWTe^5O|_Q?{e&!%JDGZ
zq!5!`??_6_D3UJzbbyQLDwNC`t+aEGLylf=JbaeA60xQkmur|?*6RMa)vj9@Oy%YH
z)b=-=wD5AhC>dcS{IGfZQT8Ap*9;a|#!<;JPi7W*{RF+_#|)s{5#>@=*})QIVxFAa
z`0F}YoS3e|STj5@viXMi;6lOTO)qw?Vg`tzZ=xc_{y&DgO(?N6FLyWQ011k!-zVTg
zB_T98Q2HEpK%3{0EY^xh1Gy?aWugTFq~oeA0*_||kJCJF&NEl5*CTfmg<NP810RXd
zD_3`5%U<w9o>6JYM_l^11D}^@!k666%9+#miH|3(2G>wYsb-BiN8r+HAThu4`f+Cm
zf$!R~R9Jy>(v7wIOq#2$N-k~jTKG?2oJgGe=ht^9;}+$Z8uJ=sQ~!ouquRTZlT$qg
z`>WW-9?i<!8Ee=3F*FL$Tb`D_JQ;?C!K)wN#-%CSHXo+Gta5Za8!2?wpB5Mg6xdu<
z!jC}JD^I7qJiiup(3fqg7v+W;T&|TULe_0K+y`q9wevLO6tP7V>hBwuxg%3o`o1I?
z%BIeKm#t-A#ZNP^ocBImj7EG}!@s9oE_Qm+vLFv#Rk7-=V@6$TQTW$ZR1g6!;{0hm
z&o6&!Q_p-_o|~J`KqS0y++5oUJT(kKh+Wo7{sQK6T@XSChhmAk(xdxszO4nC%z=;!
zo|lWi%{#^eCQGei`pT+_d(To1qK<szL4_p_(x{*Ds=N&NtBmU?8tpkVtk;}X^FpRw
zraBwbb8Q&Fk)fAR^-g0{Je(jUfl?>(9q&<x?v$8DRpLv6e*Lf^szke89LTjjv(1N)
zJi5%Dc2&1li#rBC@KYUEJ;yv{KW6xSKKr|%k~ALExz*IDU)v=H4fffycIf#@LR2O)
ze&u>EpTm5&i*mBRA9jDGsu&^JCFS!1BenWfF>Y>ua*@_@yi~(Pzr$!YOM@@u$s@8#
z$*q`P44O#gb7d6JSIgj$=+9bg25iL2rt>@BKbiN?Xe0eZmT9qXn?#KMe`q=jwl<e`
z3-7(D0);{;6ff@X-s0{Kfl^$8yH;=t!Ci_Iw78Q3#U;4AyF-A4aNd5`b^gMenas?3
z*1A`|p_Iw?TpqDmQ$ZrxMB7qn_FVmSw50<2!^H_Q?N$bE<6w}^!s%AU1Weq$IOZ35
zBTEE*Wm{~tEMXe*FUOe}cxQo-uC%_L$4`Rw{rbR1#8-^&N5_03ZGN_0M#J{bFUSlI
z-qSr!Xdi0b$Vp9}?b_f}LWgj-tF%z6OOtjwssqfW?!PeR(|IT5SBztq+Y`Z&<VMhy
zTc4rUvhLL!*lNoT!maE`+tFv{*l;JjMy+vI8S?RVG&6H?85qbJ#ksoKl0(afH?yve
zA4b3zf0(Og96QQuR!?1PXV{_@^gqFJW?w(TIBJ{T$SuVGIxC)9jT*gF1*$+++9pC4
zp%qjSK?!n|s{<prz1JhR1uC_u5Vx&AX^mS)I_W&%QSl8TbroLMPf`(}%~FXK<&X``
zQ*i=u(`IzR0Q8q!OTC>Pe$eTPw2l-5j9}wj3lFLnruNKJYxMLzRbq*RLAB8R<iRys
z1q=ocY@LG!w#-6T#T^Y<THs>|P~MRw+*hx_dYQ|2kx@S1&u{mOB`x2FJ}ad~dqCU0
zI0DG{6v~2dDh#JT!i%+MYD(q`RL-v{&YPfe(IB|YjHQ+pgIosA{N^T4{rP|MPuCxD
zRLgj?1N*EOyW>>EaBpD*Lk$*^SF~-0f0QB=y3;ccYeXGwKfYt<dfHN0jO6-Gp3&QZ
zpRn=B9r1bV;la^wxWUo2q0TDGl^tnF?nBqWIR255FCxLZ?<ezA73&F9o_1>J`=cke
zzv;K07zr7?k6CCnubhR2=^_2fqeeIUR0}_FWU5JDTc3GK1cLx=_>k51S&sC@PAoc7
z3=Ra0t$h>!1B=__!1vieVLF>}+{?)1{K=b#i`Y+Ubcj(uA`?Ydrf3EtnE|o4Y&6$S
z><}L^J-6)%+g5Gu+cpsC608}0?$*hd(_NhIdkRxH)}LjPC?|aG2GjMNhRT$2xZMAE
z@pD(Dw)ozM513tE3?Lz&@dL%eSdDX(GYy&J=e+4AhO*RH?HA%<L|L0M#y+DCu^+KZ
zOO=L|J%a5@G4nDrMTLcg5|FIu{H3TA1y^JC;+SSAUK%&_c^pwmLhWqNpDu0rgY^Em
z%F)5#ZY>|56UE*Kn!Zyk)l6)AItICEPdl(O8Z?twzM7RL5&ErSM!d*&X;1u9&gX}F
zU5=ZR<;7D5+zM^Z`YGj?3b~x+@V0+_bY`UD@FE%cGTht_pA5Y%ysH*1Jia%ZF8Y`N
zZ*~+xODZci^F~vngw3;$^p{-}_m8DMjQfISLLBzqbc~q84_|UW^lmTX1)Hi?XQ^vl
z%39tM5S!^gdom)HFG30qs9O(d(m01uQ@eycEXa&HX%?oD-Mw!GFmo!PGr+k~MEf<1
z^ALZ5&c|cy1r!^$6tX4rvH=|VPE)vIiZSmK7w^rd{-V*WSIrQMAe3n#t1aivFN8sl
z`24Zl6Gy*+dvc($EViZHR;6mpeW7G;5lwIVx>BUe$#n18Y~20Q#e7lXghLvyfb;3^
zU@MU7iFdp;&7p(|9UV?#na=Gjo0!s>EF%F)oA2dE_D_wo0*K}}`R=}mj{MQa(++x~
zZ!oZd?k#Z6+wN26ikg<A@>K*=hlqxqe;O_j$92%e#MWU`5%V-D1irX-*PzBxdHQEp
znqEN>?+t}oEX*4+KVP}~i$+>X3qh0nBwhrO;PFC%Dl#&1m<UwiOFl8Is`c5-@i(+|
zgeIMYEVne$zx3OeNA{DDTj0e}wKd}qz(Ish;;7f|%a@xJ5);|b@E?3~gc?@G)!nI^
zO(v3|66(#gD-pAH>DrM{T;-ZA=(3Sc%wxsMg!XE`)lS@&-#~Vq4y0zCF|%byIM2o7
zDJcdCXh-Tg2_PpNtRH{pGQ=a3?V6v=s!w@suRhkPQx`5?#!L{jj^@<QocEVh=Gt=m
zqx0QLo_l>hh`8s^zfF42@g95VTN|jzI_02`zrtsxg!Z)j4;<r%e<i!!{IH3*x|KPS
z`m(L`wAza<^X<m#XdDy0MW~kL8D5oxWiYsA`C5LefH!6YdXRj3S{>a!DDWbP>gUL_
z(`%uN_4cC8@~ASUpxm{bud0|6hV{qepXL#V+pooDudQRs-N^M!KHg#}E^c=(NY#d|
z*z+K!>fH_1lKTjwXr<*^ol`Nzh%A4*`+ovFj2^I$xx}-MD=l08+r3!$gkz_z9-VOf
z(o7uem?5FSi_(1n-OHAkloWz3B-Byz@xd^{B<ql|MVNRmFu>F*+56NA_xuZ&T+^$=
z{RAr&@f60AQfCFA>8weZd56Qbm6C;)oSe5mNee?hB`}PSr>3VF@G<64i}ln3i9kcH
z_Q3qSymIqRlNUI5SreA3BfFPOz+8p;0skE-=_NTC*(k2f{PsC8KTJNI=Ngi@ol@!f
z_A%AWo=vTCd4SH#{A~`a2|1dd|Hhy!Ha7NVW@bjC<{tgXUSuonE4z-1I7qcgnzT`j
zr2elp&P!H6OH_-#c=O%Pb?ThkA!;(CrGs^SYXYJny<#=o&NNCQH}rWULaQBK_A>kN
zHhcbjhhzS!|4W~THM1;>mb6S9nZfcWB~7nGEhS?d7nV1rN3L0l|3oO9ubM=eo<nYp
zk6MO1z_H(cNE|3g98TWe`Y9aalLu?bER9d@hm*v49BbMRtz{yxJUJ8q=SS|7>sos9
z1u@r8Y%5>`%GO%~x>v<_;Q5CpgAqr+Y&FKiSH#Se>AsY8ed4zX1w{@JB|M?a>gwk=
zI250|INC!JVN&B(y~_bg?8=SAepY^VFZr?VNhXt(-ZP?HU1@Le_BZTqRK{M3rvz+o
zB#Df~WQ9`$@$W#lfFkw7nYOoH8xJUfdP>euUl4%)Nko7h1CUKC27{->{5)|Dn_R0V
zk6?zo*C&QePo-OD_?j<^MRu+!2!HzpTKl6<B_<UsI-1FB7d~Y3)+Ey861nwz=D1JP
zf2S6zX(YA&o%$v-ji+ez(SGm>33R}a<d&5gF_xb!)E_$b#gIQIXcPVa7%ajehhK30
zST3eAMl<*Q@Y=bLBnTX>w0P4in3`q~N+IG|qkQ;1Xlpv73l@K$<YASn8COR-ai~7R
zz4VV__4LohfRTn}<Esza!ci1V9uY%LA6Gn@=nl!w4-@IYVOQcdHGX%$`sj>5JxcK6
ziFG*rAyW&3a1N88db4p`)63gyd1a^aZsqV2g5Ohyoh5;<MHmNayjhao?6}noF}!3N
zzfmOv&*GZIFk4&lm2xK#SK@mg<R=VEOym*lg-&`p8hxq?EbmGJx@xH#`4-W{E`{c`
z(bYaGEHi7&?-c$!-OIgP=C+*|r_{Vio`2Ku$Ws_Ce65+>$3{#6@|&|;wMC};j<jU6
z)h=HL`+UwT*B3OBlckH5sU^b#d2*;an_coh>hiJ;o8I1dP_7a=c|bh&+eZgGJE>0o
zRv{&aPS6bw4u<gm{KQ}IsiUCtiuO$;!w<^ZZRvig9uTQ8GXZPv-mdKcLd?~43jBrA
zX>zb~t9N+`l?}UF1>7fqoc+GO^s;|Emi05;tAW->kGNBzBkv+u4z2(LLti5hR$B+c
zH%e1eQ<&g)U9Tggzx|CLx4G|6_`A%goM$u=XJQ044qTSJ3~`hL@==6fdC`v3-{TE5
zaxrc51qunXZ>e5fHfaY6M10%YX4w@NPyAeV#ZF!)HFPDE>Xfv3Vt6=J^BiK7TyFh{
zaN*5N@NKq9vhAY}>}H3E5Lfx03933Ul$l4a_S%T47I_#RsGml4c-%?8OMaW}p^B*V
zh^a8X`st&97Nm{n^9UF%67h7_nrAD^9Umy>3s7aK=dg_kc4UBKRV1;%W4KK%LZ9=C
zUTfUc27U{jJOO7o*2>S+-quJ$8&wSJJhlqdi(eI+%hV~3BR(+<41M@6MO16q`Vy-r
zf27x8MWV6!LcxGSm;UzJwYQ2`WcSNMq!sSPUfv=<>Ob}{=BXkURuq$2gB82}^UTaj
z7yE<qR~6}t(}j?%Hic-isirY5{P@yrhhy&9Kp^+|<~a^o)8R%>6joPvcS>^$puT@4
z<}oM3_nql5Y8++o#lf;8Y$`qs%0Y8(8eFUSZ7hK~&Lz@Rk1{aB*UI+)vHF_TP#k%6
zuY4h{Ac+G$ESRdy$k`9W9nqUAH_%#KTtu?J2?wG<Gycu+$znB;(2x+YrjAauK$$|$
zJ8@z6FKH1ZX%8t60<}vb{vjP^)>V9FitIJDwPiq}^~x8ZlzS>+ctVdk5iG7DpW`2N
z-px#u|4_m%fO(A=pEgeBb@+5^ws_Yi)oL}N2m9u0IFi<0zuI-w%bFVW=A(g`H7JQZ
zxY=)*%nuwrRY4^q?z8k$_Rda*4q^+Rn(144yFZ*Ps~WQUaq<{yf2)Y0qikmImlV@n
zZlQ=(5&BOhKzM&qlsAOkfbwHyNB_tqI-I(8qDpgM!}x{h{>8@`I{YOPAB+@L!zJ|(
z;)7RB+(mX0hxc8T;?I5WJ18~SM>beQUtY8R?%TIxuV5R>cXe-pnQ~Ul4@TZ2@@yK9
zb^_M9Jq*aJ)NsQXCLU3<m>W}R41anCwqS>8(R9g`;-9Iiek!n=2FR-rYk9MLE?PbL
zt%1BsW;Njc{<3S>a^iK1H$d2~K0iMP17YL96S-Y0D?=c=bTBarwcJV{nPp8Q-sLD~
zt@EicnkJG6jPHFV?qbLr6cMYb8=oR?W2gzM)Cjd@d%OLy{a^_9Mw`ABgL|MOUubKM
zUm$5FOHb8ukQiu(YBV6}PmxuMkf!bdtg@8~N=jwpMJgEzq4&(Vr25l-oE9JYGV4h(
zo@VH}GxAopx(Gkltu#34ePRZ*Z4vC00a;rk09cZuKxv-l70VdjedlR)d&r$K_*HJ$
zkheA02!{{qI^*dQO~4=Mo%V64;Vli_&x{5zai!)CoZQv@yA}WJTmE)@%l-o`?g77*
zR_O@k93v$qOVn}IFYn~#Z1=LpTPt^Mlf?~68OeB6a=Sq0f$pX-dYy|b=pJt7n+|Ky
z2}OO%em-ZlGY9Bvjg9lf`ZkeoJnNK3gZwWvrQ09Mm3S6Q$Wr#rlrRcuPK1L7?H0|o
z#40T&g#oY>rd<4QEHRg|fNWMjH6_#GbmjEJWtoh~gn2F&!LJ{v%GRFKnyth8!~f-f
zd_bN>1mDthA`aBjrf96U4NbphxUJ)aE#lB+&5o7i0fg=T5mWZfb8jKQg`Y}_hgU64
zqL_h3p}vus!px7Am4BFCAJ`38dX^*eOxk6QUu~-uXl3+@S~Uprv84<>>0}Ww88}@+
zq_P_MeFbK9seEpqc?vUd2?n58!NXY#lAQi?u^<6zCq8Gu+l&dI8vO3BY#Ac+XaRab
zjkO{J{SU{-!Sa}Y8PMBG%?%YlutqR>w(%x+$ha5lY$qA%p9D3x0qxFF04k00;b5A@
zo`xph)#yXtZV>Vi?IBo6AV{(ytD@|fq@sqXVl=Ym<=^ZfYffWW<Qy(bIUJL`H1tVa
zf%4j2%w>AfvT;Lf2DiSrWA1`KH(Yt__JP}2FoVquHqx<LJsO2;I1h@<O<pR}?M-oB
zOEHLho*k5t>rF_!xL<Yw<+u@p6>s!<=w!3R-~vRkn5KwJzVk_}P$JU^r3U9S`z1S{
zc6!8;LqF5%$v?12d*QwLKchpqrXp8n1Xf{K`C47mQZymamUpF6P%n8Bp5N}K&21l2
z-hBPSF*@?FgqdVJ-!t_(XnsbJ3ADM>%jV}Gi{q%0EfF+e{>{8I9@9$KdwL;g@yWAi
zo_F_6K)GfZkfIQHFD&f)SE=(tJ76o5p9fcef8h67JrW9PkwRPUR_(l2c_mJ~GPISk
z=;el7auvH7V6dC4lrM}iL53HmnV29P+5MkdnrEvf?HU541uUDnUuMfdM^G?ODlE>=
z#r1LtxTSiiBo(Bz-pIUTM_O~vSF?nt3pY5YZBH|vgd80$9RLuZ5Mc}^M#h4s=H?MG
zpv5m4@I^fGuBFh6LzJd;u!8h&*0s_qBofH8EgidkU2%uDmzEBEJnXQtH3Tj#?!!i>
z>+e2keK%syFmx$PgYoDT#8Ye85{H;^U9T@cCx5AtuV_g_Kn$F8Ozhx=X`b@+Hlv(M
zto;oHG<Q<S8khVqe$M(#w;ewKMU#skb0=)vpI1is_>LAv`@4IR|5wcsmx=oQi2V+(
zj5NJRT#iPtlMtt;cNw?cCJmM{<$y*z;vKT$7*R*Ntcw27l|eLIX+7ZDo2i5?CKu{C
zZU!$u15~V{xA~OxJF{3p)%K4vV)SIQoRtbE5}3sq0^=O+aF)i4lY_lIZSYL_d{Px;
za2N;ZZd6WrwoT)4F!eGvB}MISp3xUU-rS}$R3uhlmZ}JkjSW8(ve3@SNg3kF4LGLW
zMRjxokg-iRP;<)7(M;OG@pR2#i9%~8gG&0AgOwFwuX{o)dKLyG2uNF+7u(YLD}|bg
zXz0grS2T+1F(sBMg<MQel$!fyNdz4I_W+pA8{lyvT3%6Mxhi`}6i(-k?j?O1pghP9
z$xVDASL<0C!C&l-JVVElf%22b-PnEPhg|W<;pHnVZYDw=IqRfYDt6AM@vYRvD(}Z>
zX~eW-y8QLOaSpRDEl`{<gV7zHn~`Jnw-P?-7BaW|*oyCL_?N!870-pmwe4_KEYv79
zjX$YMzT)DGL+*r>ZVct0EVtQb(F{fNGm0-4n67?MqELtfUNv8SH#oWD)&@DH7_$6S
zR8a0QX&wJn0Mf-=KZp|cX($b@zoyGC)8kv;Z2g0Jgt>0=**bt@A0N}2?I0N6Dre0W
zqCrukbO;Livrt4Mv-@g>*PGOfuaxY(Q?s)$I|m1{LDmv`py{wFC%Sv7>msJ@gDSxz
zb5hVDRSs`;JV)K-BAhde%@gcg?0M9x0ym}jfG;5&XOew005n&t4yAD5B3)abdwmOC
zjtLye;w=)3TT)11eBqs0C4e2#LR!3<KO25}B0aEs>2`m$&*Q(?0PdJ@4v0x(Ll^!#
z82cexsbi&$mL@+Q3?x;{3>b3htI8K30ntiVWyEdq;CDOtVpx|=u8ZqQ_OW^+Uy!;a
zp_ZQgOPOS8jl68Yyria=YcxkD%i~(IZwY^jYGR%!Dd0cT=2zrK4~{OY8VV*)NbXHW
zz#27;=Axe`rg?@#)#4T1Q!hRQt*yWwXC#Xz=S2^V1!fPZ-add%1iY`^mPMw;>yJJv
zL+k!4&76R?Hg1yiUm!cj4^!vnRXgxITv&<8$(R4gA;eE@2$5Gb`x~FLA0Lg{s+hT>
z>I=-0+tfzrsN+)a?>FyKsuH%?SlRG{JpKLrkhVb4VSWAe4zo@v%H55W=S_FwB0{r{
zQe2B6=#>sl)tfuWsRUuKgwIV}2Fq}gp6=QU))9g-!x;_E+Z8KHseAr{(gSF0=VnZt
ziP%!v(R{o89I%p!f|>(6zZE8=`tI%Zea<UYwzkpJKoxP=`=ji|+}tiHV}L7Kx*l-6
z6TT%R<R2Ir0gu8d)NEfz*zRWpcd5Ll=+W7$|GoMVFS}!1PE6J3`d6V%J#+eiXyjNk
zw;$hHyd7UzJ7Xh0i=siEj?7ua{DT2M#?L}CLA?&{HhpUBA+oT_m7Yt7+I^zc95_=a
zyP7+@$F#uD$;<Hs-Pw)UA9<%|d|cPOW3&6R3WI#_+Ju`ytpb8w=DIgJ{CNznTrSjU
z4ceQtZqaVgo{BT@=Z>Cy(k4$qEwIe+D*R6Y_l<hIm_|9OT~1PKUQ9zvy3n#!#1nI?
zxbsA<pvvhAwHyZLD~_0W)a5~mYWeQ?CsJtzzD9^brYt=v6o&4K9`qe!Vyj9^?<c|T
zX(ru3WZb0t>e>T1cTw};G-9|M{Oz7y=pX_KfyLqDximv-YcI{|Gnp9~EnrHjGcSxi
z3g@GU-~{Oc6-j(%O(E;E4>4(~@B9Qj@NhHS;}?5#g~;E%+v{{-jZeR5=uJD5D<w^V
z(6KaFCRokzW+fnx7s2U8X(l}qS$LOMSD9yz6*Hc;wzf&O_P@$msknF<MKc~m#hY2f
z-eZvE>F5Y(RFauyG?Aq518h303F(jY&kMF}0;HA&wgu+9sL~B}#9ib|f7nr9cK`av
zEVWQD^u$TbNV)lSApK%3Z6SUaX@>`HU$hfv1rB1uX%$4q;x&gzmQ&ChxMXb+J2ruM
z)zbDca=0&OB{4*7#7`>`by2l6jO42fI_SNh-!Q88UXb=VZncKGSL8X3{Fmku2{Da`
zw($BOUR`5P0M&nKf2gFm`fF6hYMqScJb-?DT9;nWDauJ!23CJQKOXI{kRz3DIP}Ix
zh~iFIbZ|(kt*)+)+N=Gu@5A30KF;KBBM_yKU@dzc`6M!e^1>BCK37}|82CMMb9Xz8
zNUkonhl(zDMiy7?=ORSqkal_7Zbw+)h0deTv&~XjZDox)(A^#KljU|lFIQpj+0>ne
zX?ZIgNJ*Kdv{Az2gW6l0YC8*yt$)nTH=89$7~XsVI9dYFpFClu6!-T=<Way_fzh2}
zkZj26o1jv6zHYL-isA(Q?3@XWNJSycMC`{EAzx~#0286<4?K){CFQAik5~xHi-<J!
zRK0T}h1URUqm%1(vtK<X>d--cb{K!EY{EwavjYtge!Onn-d=r}lSb`1t30;)s3_jB
zb~0SIdP(Rs#!vSJQu!bac|KC-dmUjbeh{dukKEF0z>nY{Ahnz`I6u8Jeoc+76tUVi
z7RZ)oDWEjUH(Xmi4k>k~<K_NYWh!>EeF(P?1O{j{zQT$YhaK`X^n$K}{?y4^uLH>0
zHFWUg@g*z>N~<e$q-6Gi;z^H4;perfl|Gj{Sbv@HXh!T^z?1A=HlsN_^ak`JBEp4Z
zZssWJ$B!SSKpTnv#nC*^Zp0ggQGMVN8t1qy{2W0>IJGy%@Aa|sLz{!6eIP~{`Bo2>
z$zgeUd6?XH)kW^w-j}D+1ug$Vrl53H_h@sgK%<&(h+12ldmuMeP<3St%FN0N<MDv6
zl2%={&|v{>^T{#wue2nLrw|_qQw5mMIkducmb+@#2W)xACnsr6SCY&Lk!%DST6!vM
z@N|wy4u<%A3qhWd@z?gY&YBjUZL6|)LPA2hM;*nyP*%0D7u|*5@~(w_K+fuzDuQtz
zQ$Fo5L6$Br551jQw)38eUXbRPMF3^@X!4Woq)(T)U8r1v{*#pv){>fraC}$*Xgf<k
z)GXCV$wo)*`eVqV@134YX(TIKJ*6vq+rIIgor#4SYA0!i)Zm1ohleoz-Q|X*XPaU{
zX~#HL=WdAoT@{lu=MP9waT+DrYE(qS&Mt1r4{ScSJW5(-ep{Qf)c~VKrVLL?f5`{E
zQFAjhmoxMO^1*4TiK|&5fxfJxBM{)>lofPdt^mva7}im_MmR`MPcH|+_v~&8MP!`M
z_8a~peWG)S?P@J``W}62cp&BnP02z-GpnxwXo~#ZMSXE(8Bqfj;xk<V^P3Z$r_!cs
zIv2P5462=)QM#Tjk;S8ZViW)hpmS|)O-y28A<aN}7OGY31C$AZG<7RxN{LJHF#?jD
z2*&~vLwz+0@0GtxCF&$j4tZGVtD5{t*&qH@st-!KoQ%(%pl5(r`Li%t{$tjZs4iT2
zDz?a&BjUr_9;ATQl!2h^?_@`+!DFdj2eYT{a%;PfC2j+R&oqKpOZ=4e-kfA@Q0Dtb
z#7jU6lAUYgB%5S?dS#acxJ69THskDir%lfKNe#ng+_@hg)=FmjOEg06-<NIb@ataN
zwL=0^Q&$C|_sLOLJ#x$E-J}Tx1TV+6kz}D@l6R4#roN-Bn#j|@qI%w2VME2KfdmE-
zba~kyqMMtWNn9XQy)rmxXWgl54~0T?C`G-;9{h4Ih6o3ht3Fv_K&qseYHj75o#jc(
z?madjVSf(X?H*w&AANnM@P-ZFDV|6#kLhT=*>d6v*s*)Y#f3IT8rOz;s{XE)iv%Dt
zaQ6DTS%(Fd;^Ja2cc8E5&Pa)9X#qevqg{=P+82Pb+fXH``!zx~LsVT#4XaHFODr=<
z$nFdAz`^*y!q-LYEfYU)@h#te<eHi6e;q~>x9ljUnOG{VlEmD{Evk4Q+q9v0W%Qm0
zSnMGa@lD=BPfICqk96{gi~*0R*(xc;C8+?`-E_!*J^~NJ7#q^BA_G*P(a8zi9FZ7D
z8D;kPz5Q3Ekggc2WJBzUIaV5{2?{B7C{xB<8@uN#ZBNXvj0~w+aIBrkgC?pCq;o$!
zj6u`OwH#R%hjIW$+HAxr&qcTM@MI=}V?)b54YC0TjU+t#1)u)h-ZG=H+=9fc#WKzf
zao-FzI8e^vxAe&12aj@fURm#sPfthJ)YUEd{Y@<ZU2)wV#wWYGjiJy^wx)N-fZnw8
z7n+sv|G5$C`rcum6gDF<tKq$m;uD-G(_S+xb)!b^x8grk5*uyLd|pbrMyA@71a>GO
z`Rn^nzQ=71$x>qPRKGfyloxf_iv{(4R}*Y>T=up5`}kA9I2E;Jj7bh%@fl_na5J*<
z1cGDc_dq-h!fQ9h__NNa!bOO{cIu~d)$SWJwea|Od<C^C=^-jcAH(-QU5EVM)kqI8
z?J!*oK`Tgxs!>m?c{S>+p2Jy=ryy-tYU~5w=(v0+)(+jl8a&6k7qA*dkUR*1<s86F
zEpf_g`b2Ssf2dX|dNZjJ9Y;S8fKlpL7p-jV3hiCx3j;5<q4pLf>e8Nma6Lobfq_xH
z{tLu+P3=LQyt!%9rk^*Xj)5zSDST$=$F6OL$a;Ibo#z7uQ)Hhtke4JRG#EOX`G#-T
z17WSM`C+_wryW@f(>vst;nUf|mKQD8r2IG>2gX2qab_)$T+lC?CV3N+12~z9NJ$UJ
z0E`FT@O5)@^MSH{Ohm+a;<GK{;p4z<F87m(>BpRqNrBK1iD^&Q+to==BV@WyV}8|8
z+RQx}b%GY1wAO>$yOZ&GZI_Xqs4KwdtIg8-cswj(rVl9Xpn!CE+9hJ+DHb|ypf1?F
z!BbUU{+CF={nZT6T=#c|@bJP4rCi2mD~R(76Vq@kUk;LUqsjiV$mI5<Te`;Eb5Sy7
zHC(aW-%S6Wpm!H-7Nz6k&s8<iv7_tA8uXDBlo;w3ujdy%_D@bh936C=04Dr-&CM1X
zz#{h)M(vd8Co{moxl&;Pe@%eLd->x;Gy3wUbQqH!Z*6KQ$0XSEZKCU2O9M(>oYdb%
z{Tsh;BqmmIbJbOgV3ZT570P<adfX#Mb-3?@Tv3>8Dl!KTecC>tEO-WaWY6%??&FHv
z5Aum%9ybmBK&W(Q%QWb4(YE2B4t9D3d+SDouH7j98p{OvRbLOnr=aLq8X6iJfWw{G
zCQE;$Sw;hS=(|F8@2&ngzQ~386Z@=XkR%7Fb*A;xyOTA2kmHO*uC&sno6lGMF4jFH
zDmArbUG@0T3JxNv^cF7(`pR|DZ+1F5c--ogCa>h01QVsV;sU_}AJRFmhbGPrk%ifR
z7xzL}2-Ycg?IIxOJ=k(=Z<LyAhKNQ!$ak#JZf#7b1m{`kY3TBM*Iikk$%&<Ch-RlU
z3_bNZ8v;B<N$GzE$~HArU=QELlPywM&Pi7^a>6TF$g(h!BIo9rk$FzvX{vg5dc=vo
zYyLFyZlUB^iyfS?FMeIE-@9#$i76SPNI}c=^_%+djo-Sl!^Nh5KF6f?)Xxo53ro8E
z5!NB_wzW;eG#z|j<7Pw6cy=_~Go9GDu{uO;>%GO6g@h3+(u<l1uE^yce(COpXNhd0
zPGy}q?ClRrD6=4G$Cm$DIy;|f?yNq0_Uv55^C(<HTU!}r0y?XzskisAIv{|pJmr|2
z)Ywv@{T!d5qyQ^0Phvrtqy6G5@<3s7@#IKHH_RC+9;X-IZoG(oWczx1_wOe-y6tkL
zZ){A==Rk?AdQAa-3W$n|YBAOKvz%OC1c0(KT0cB&4eSbjsoF#Ar;+$}TOPum9Kw!F
zOq9W2p~nM*k0%5z_j8+g5s(bx9W$$@On~CaJ>8HkU|feIzIbV(`RxlcRYV`oe2&qv
z!<a${%A($vkfBSUUo1D6Ws9jtcR$<lo`KmZ;*YhzxLQM}4(-NPT>Led-KmZ<g&}eK
zW-2MU+~|b@tkHn@!hrR0WudXg=Zf}5qa8PAV(Y3-0*-BMq1fNv=d;yw__&=6>-9Us
zA&V($B$xkbH#5fS{-c^kctA!%nKzB!qs!y#H@mu4zul4Hu9i}rvJN(H5qkB7g$4Gd
zHlIsz_7oNaAnz{(Xu{TjEGY!ghE_pKeX&_tP|cwNrg`6A&I2F%V%WC=N~zCplxTdY
z?=udOH~XsW%jgf>G6NH5re}poQUIF1zx^>)XJpZ@3TP{Sj<B<}4dCVF^&dgua5wf3
z4f**4cuq^nTy-WM9xZ3!3KWx^oGimmk0Mu&klxCAQnTmOCz--w6htTSA_%2F@A)$U
z{Z=ap$#+0XAX9s@>@EZl`oM$W2~m)T>hWcuwMjf&oR(6}h8$DL<6tYdVKYo%P_X#G
zPqf;6K-@exT+_bFDC?@E37@=ZNh6r!@>c>=f9Y0zgS#jFA;zLLfrdJP#ZXPNXjWY1
z?;FD-3Nhqy>cwn<N0%{PN}7zNa}z<FKVMMaHdDax@ZjWqOZ)7u$P3Npi+i|h$f@%5
z)Kdd89J#I|GQ{;rs;+HBL<IlD`@Z^Lzs`6B1SA+=_0XC4C&p!$R$DhB)}i@WPA1LP
zLA=1DCeiiRBu&^i?r`(VF4Ey+1O%?E5(wRxD7q2o^S@Wz9~@tsynEW?=;+u7T&2}m
zSXhE;1%>G8dk+DbQ;LR$#`+yGu^98o(G8-`Q6q~saQMDRdSl|+OWK!$`oU!IK>MF0
zoU)vzq0sn(`jkbD_T@#{WE+eZ3iybrTrE&S%hg=5LO>9n-U4wBeJ3R?-J<$e%{W2d
zmM8nDHL|4VGTPcY6BfjtwENIVV*LG8WxAO7jYNxWUW0~=vN}e?ibyN`lr)3*@um1%
zuz%95WZqJuocO>_c#_&B;V8Ol72Ckx7!;Kfe<SoS3nt@d%T9*+vd7ce(TWsEQNSCF
z30Q_|F47v)qpJC4uA;oG3}H5u%+{X9mI(8rC}O__CL5D>Qzdx9fhcb+gHYMtNox+Q
z=#;puBuUM9iP&^m|E_iQkjkKoZ;{LGk3VexoPVA8Wv~`Vpyz$d>-1<kIqSIyz$-rB
z;zEAsWC;MWaC$<*q_OSoW0TkE%AxWy&t${~kX(lq6*0dT$iwfCpAWGPp%nF1`<&B8
z2awMsni&2O0e1AiA-dUKORqe89RleZ*wGp`@gxV6SAXQH(gW(Dr)?h!oFxO)JXDz#
zz}#jFWWt5s%{E!3b)-tDu)L(H>50_kudYf>bk{`jjpykcA<{j`YRs#<5qGpxt+#rz
z&8ftrePww`MIZ41OnFAM!Ct0!XRW|zjL%(`+r6aNMTxn&_4};_1q5OjkE^;skB9Ig
z2P%e6GzfK-U;S9=7;=)qG}SWQa7m~lAb|J@^pdJQtemH*Vq1@98VvmpN(!euKGM}R
z)JdcT?sI~sg#U5_ap?W6Er&>G(CAyjKwsllp@IcqJhD36!u`>Eyhbbrh$z)QX#9HI
zn6I@a2k32Oe!jj9*65KZ>*3+ymcV}l#CE!Lx*Yh8h+3b!Jnu8yI-jJ~bk=xpzI>B0
z{7w7<U>Q&@z4=1^mofNLCRES5dksvwQK6)HtX7<(gAmG|tA@XCPp#@^&T=n}gzs<N
z(6Pm-JDvKB7<~8D$m`aAO~$sY&4x3eLNv64$RzB=%7!I}W(gaojY=kwbNSpIS-#@u
zxL^*q*MIo_Z;C~G+;sBt27@cEc}RUkMAzFiva0xttAl#4fq2Ww3v`eO&r_dB3+u<z
zG+Wqd$bqsmt3LHdmnYEgy;*}c(}U<6#J69(v?M@jB}Y<dL(#-1!Am8`$^<nBoCsj1
zVYNrhl;$bJ0+G$CsRkcXvZ<(;2QyIy>pv54l}}A6boSoCR}UyM_`DQ~|9Vbjo|?(p
z*zD045nZGN0XrAw;o`E7DAcRrRabL!ch5YlH5pjd8c~lnZb3()THDNXhtfja`qaee
zLuF;9S<$sKx&NZrgV(u%9FmWxkV(Mgf&%=HG;}U3mj~*c^K<kiMyM12T5S1$dg?i<
z_x!j@g=I-LsbnhEwbsb|VF!bV7_E=a*RLe@mAXeS<Ne`S_&vZmFbI`8U<AbvoDZhc
zeg%?kt-jv#$RA}+sOogGBo`V;C3OOZqGpporMMlnt8G&bB8qei74Zz0xYd1U_^H;!
zgqvV<Gj(41A1Y#loYmGoh41FdN6)o_PP=NmsEC?7Pgep;C`o)h^#O!T%NlU+Q*8r~
z>OY>nB5{Zd?M6TKa$;fg1$fMH8cuasqgVXDcoQ8~{g@uL-oE0)QAiP|e`_g;`sQfc
zB$Pq8ARWvENfo5|VBPzJSSfG@ZxhRQEUWV<2GRa==!(J0Dhd#F=A!0hP66I%obvvk
zs^n1Kx>Dv>r^cGUo^zX@)L<1vCKLVz(NvK=TZ4ph8q02_`--2HG*kInX3kaK%H=BD
z$mBeeGkL{Fsg>n+7(@iyr9cQB#+h{Wh-5O8i~H7VVX+KwG2_RWT&u}mXba;_)a(;W
z7rRhbE!n5f&U+HUxI?p!7z+=_eUfEXW9goF)UesP<|O##9muTS>V*$XvgnbvC-4%y
zBlN8uWIs4KU>eDo4nl7YOd3LR0;w0$54P^g;L#u)%GQd%j^{hy^`*SGfinQ8mDK2r
zy9m4h?B`wX0Pp9oNG#|MTh?-_9Y3K(&jVz0ccVQk%3SooDC5&ypi5>Yh~Nz%1vR_V
z$+~U5&yYkwd<&d!Mwk6YXxNPnwWgZ6xw%WZYdZkq7|M}&`EnN?U6{>NyIxdO^i{c?
zcQSHhX=$k#cra`R-t2sFvNm|Us1|gkaj*earXf(MKoJL^J$VWlWM1K|LBcqVb#M9S
zm&NQTO<RwuD@vYFYE3rlCHenn+5}10zr0DAvA$X~Z|T_OSxhYNPm!tvwXqA8#!6VH
ze;B20jNuZ<mX5L`4A?ZKqCZdJ5b$TJ)+z6S`Y&o@IfZ4IC={0^BLtbTO~7UkEs>BC
zKU<s{rr6?$GudA~`+qd*L$wP}2DW08rlxGM=v9#R&STL=PVz%L>9kDOmwtV7O;75R
z8$u+0w|L5lUp*jkb%%9_hhah1Slbg5rAYyQaxsk336|*K6UyJaSu<Pl?;=Z>?6*%P
z`@HYyLyT4>8^<2hf_pUqmkO#7bej4~5>UMw9vF{I+g+j4oft^u$i3f<Km9Gg<C3?^
zUqpA%{6aIJwOs<G3w~>d$dEAd#hQJa@`ZJ=>=5gULVCDZ-;`GZ@b*FvzWx{O4bWl%
zUd+{zXP5hQ-aasas|WUVh;~60%zmlKmgUe{fuxr4z$4b_5Np29BqFqL{B5gmgLtX&
zpCXDROt`*{8MC*fjCEb|wB7GEqmNd7n+%4^oI6Xg<5WZP6duSqg<`!LX5u><#<7`b
zHmA#g$}vfUdcC2R5`5>4tjjejol`xuOi9n~Qs?$uN!-SgmUT|QpNH-HS3h!cbhAbM
zI0Sy_t>ZE{uBg0MF00;f%rz!qWz7hcS;^)pT(cZ@Xi!keT6$&V)DKTTkab*z(>Y1V
zuUK2W@aQlRB=SK<%(VGnNJa_c*1kUj)EGyA^~;AG2RndCR}Gr&Mox%0viaxFPLnJD
z`}%(Oup-N8xrOg!XlC?p^~&-^uHFv&jlgPaGuEAOiPKGoLSEjRa9(wuMcv00foE&D
zA)Lmc-q)>to;;?Wew|`*Qs)rKH|t;tx5rdi`D5i!^!xafHkytUF;~SosxMm8$5|=g
zC+_0O@;5XJ4h6U&8{{zsmlkh5g9QjMVmh431*)wq3KtTky_KlW<}PDOh}grWNaq)p
zxi(A&{F&(oWmeHdV+PuP#2+i+&!ZQOYw-hp-zz;l$6jf(8fkfnuRt+g*+uvAv<Haq
z_TSYI_YrZJ2562=ltSx(?KB5`Jyv@UHZc1{a01Z-XPhagvahFYY^`gzQ1ijP@qtZv
z>K}0xJX^gxPe^`hY7+^p#wNyqpnv!XeRO_6I^{i#(qkRmQ*Sq%E`V99&aI5t&uJF9
z$#qs_NvV>H-d`9HwEL~Tq|wpw8QtY~3X!_65P4~_J{a|9w34aWIoFjv;2%a{U}hO%
zod!S=w&Um!Cvz!`ncFg0DAb9ca*mTn+@<JP|EZy4RD2;fJC`#8+X?z%C25cIElx`1
ze95{Po2tc$(Mvpn0Ho;$EU5iTYs)Hetut6kTp@mdYv{v$+OZ0*C|=Uf`qi8Wr|s9X
zl5Qhq#gvLQQWhV12RdrzeeJhiAT3q4Rr_~RlP2r-FRjQ#f4O}N8pF_B{{7<*j4%!m
zik!r2AdsNxf}+gPgm?$wn++e?6M6MzFi344VTP_#WZ6U6jPWF?^EV=DG~ZtAfQlv%
z{5Sy1Sod~Cmg;FwZ?7*W)|068f317*$;nlO>zow9hVvk*_j_keuw7Q-vb?<a6O$V7
zT-)@7^z_QJ0~O}J@s(6%($!3Nx7ynsLA7kUxX}mH#bGd|SmfRI>C=Bmfy*B-USFy3
zlYa>Dig((^8_9Eeq@lj(U!A=hbr^bD`fs3WTo-<2=q|~&$GHOq<NKgF@zY?YX~*k1
zT^FN`IBY}Nr~(^m-=;~6hke+Rr<dj;TZVZu_dVO`+0K`*PL|V>M{0Rf)XVcGcM~h!
zwmaMzJ48K$$0h+5Tc+YB)^#ioJA6HTfOXc2-?|-l$$hCFO7RkwEVZ@OM9a{4Hu<B{
zF=-co<t-X(d^;l&^TjdXaXfn8y8p%y<wZQ{)zl0={?R<tl~nu#L47K5_EvMU;{ngU
zq|A~Q=sn<!dI|G#pnsAh;^pW8$j;B+^2L<@XtXlMp^6zHkpFW{R^t+aWsn6_#<jz@
z7y|p({^Da>($_Lv!@p68qdzS9QBwQ*`WDFYsklCNcAMT2{`2cumoxEZx~JdCyfeCf
zaW;fp>0*N=Qq1AVZ)Ec0@@YfZuiy+tXM1;_V_Swtxj-vfD4&{(O+Q4~_oF_@%1rJe
z=CIM`vI&-1{M_I|p{5+i$gqaJ!lv%Z-EenMYf>Y5%0>>s&!B@5gCn0bKkAQvLFHUI
z3B&|4_3G8J<43qyirbMm9%XuszOKWYyIb81puD2e_i@hzRXZW4_Ot4Rn;RR-gD$D7
z(`}ZEn^mh;{#wk{&ay0bo*=JDQAh5iv#;<V0QH@LG@P!wMh_;jjHI%^UKQb=R8#?Q
zkdDCDh65i;iAdGgz;N&NVT<e54F*-SH%(Zb19d;g*V`8C4L^1h<Og4zc{yOf63>2e
z+&}SlF{%yspG9Cr@i`ugLQeSQtXG>hjPqWz1ok4bkh9v`tv(XQ-se#m)O=#1aNfAG
z^48L~U(Fd0))vmD5~F696z_}HgKXjfy9Bzfy*-SK(xI+Kauz4*^L8V;9qgMKuFG_q
ztF25>vAwYS`T2-BhrhUj1!2F9M)^`Ql++3rJIAwAvvQ-|EKjSl^i)5<f2vm0;L$`K
zkh9?V#My+%w43k4!zD7yz3W3WAoo<khUd-ZKL;WLW95Nx<n1X1&WN@>ZkD^GBOr~u
zu@Fg)H?wN!izaS){Q0>3^?Dc0fj!$ewjodtO{;cYCZ-cWuqS@h(J>@Rg?{@w-&-1a
z0dRyffItN@gB@3yg|A4AM2ql(WmC}OLcfuICI@CpPDaq*@O{6aI_b-c$T@p$#&|z5
zAHxsR-{mM>7X_zi_@grt0ND^d$n>v1klr44*-QTm!2(PGn?1%YPe{9>2Fl#5GYA4&
zsn3*yL9L5q(8K_@pqD9?`zJ0d_os&nvmtfK!#FGoJK1Qzt}TpXl+-<mOP-~taT>mc
zi;)~c-<fH$aHHt@LJr!fc5+zhwgg8m)6PHOjnN)1bcIUk*5%-Fm33m@MQVSO25yTP
zb8aX7V&|JZbw9jlwzTp5?v#l~Sk9ig+(qiJ_#uv#P{)hj9i^oWTd2a_%>S`7QiSWL
z?wXs^>;THU{bgahp$wPLAWDJ0zU(?%a6-3oZDx4*=$BigSb@~2(PxVinr4?nmE0S<
zljG|jMjjUwZJ#>737MuS%2V!=SYgDOGGUo1(&F4^*I%tpi#@I?n{I}BY|HP3ux{*J
z9e0UY)k5~<n$L%3L$qIsA;;A9<RTnQSEH7qb*P+7R~fimPQyb&p8DLrw#5JEDNtI0
zq3Qvd&GzJB2Vug`8Bb%o$|kQ3yzE!5T`6Rt8#AsD#4j|mHyS^=$Y15+q~zqbGedw^
zOsFM+31aJ}SG^^^q;7p%?)F$9Z*hJ8n4@SgQKUB89qPv)<IP0Bs_?Ey+FDb9@D-WZ
ztoX)6JYi`ci)<O+%cM1dQOl{0+jVZ-u3&?}wQH-?GFh}aTT{pd>gf<+^gAvKtH+KL
z6j+2>!R~8_`|y8t03R;0!C{^|FE7N5zCY%j_;0U~9hQKUQ803Kd-&*Vk7}d_z3gka
zcChhV$oJx3rgvv)7a=Cg4im+y5BAdyV3B7*&7$Js9V395g*=tt2Ih)Rn|zj4W2;`T
zF6P{-8)<=Vf#Abv^g<TW+Z@cYQx#PQwj}(}A5VJ9Xob>?R1T&lsO1m{TH%(KKfC&b
z`#ZxlI9cp?IAKypM@RC2on67%nKL4yQ&RXJ;7`$K?Omj>U;T?r5|>`F)?l`A#ZWoc
z)TaTW@tT3=j2KIXK3T1Xlo<h=z5|L{9aK~U)<q3R=#>3~TKh~{d!3&>npb_VD+ZRW
zyu*qWv4;S7)z_arYa$p2j;$S>!fIAxP-6ERP*0M{Lu0zhnIBIH;iK+2f)ONyi>}~t
z{_(i*#Ko4iXbbPMLn?-EGfERM@$x_RMw2F_zM}4M$n`&72(fcAmBR%LLIvNY%%LmG
z2M=EGf5nuq$_>F@0atr*cU5(?EJ_K*tnaKfThnLzKSpn3&g`N2TB<*PI{V(%2gz|U
zZC5SIqogOqthg+i+iP$an-k;YJOj##<leg(0C*sLKv{hWn-D%hL3N(DA+oDnXdL8o
zhY~cmDM0NcwvIY*?X#=>XcW89V5Dn7VHObN8jW%HcvyP3eL_PuA4HpgeOM@IDEO#k
zv(Lc~v^M~C01Drqy^;qu(?FSCRX;G?l-JZOwEcmh&J0KoPs8|~FR`8Y?v7exSr>lp
zEvDfA56{X9xj@eW<M$@_<LvKh4JO{3D)Pc$+DWNN1MRD4RsT{L7RP_H=F2Knj1x_x
zfC)+|Mrj-E%=<0w$TfSu{lr}3x+c(1%-3Vt4SRs_tHr+-nkP@C-w1x+KAt5@If1=A
z)m%$ewIrUC+?EuRf0_7TMoHIO=;E(9&1C6KDhx)%kmK6_)waCP*6yDw{Y!|hb**bQ
zV1u*})=%Fc<r2P`rKZtki&UtrG*z4PhhzyYw($1q83XJ32Qd#3B(=@ugbB9tI8wyJ
zvk=zcvEFz+CpXK>pQi_IQ#_uZOCx9te6%7;a>NKbR#Lq$m@I&T*)NN}%*!^HxKS+d
zZ2oCdI255+S<WJ0g@3|+SKpTk$9uC$vS2aw#j!wj#7W||nIKK7i+wwGy<Mk2nD{F#
zUHw_i2v8$Q1#poW`1$!QuJ*>a095Z?uAm6AczNv~wEm0k?cmY{rtwL$iMz1`;($Sh
zU+Te5(_#%}LIS16s;0eyp<*jPj>X{;!y+F;J#rt_;)mM>XMJ2-c}=(Tl@?WIHe+4=
zWOB7CZBUyh4c03mYFX$rFF|hE@s{P{5F7&nvSw=8DdUEq1l|Fky6%Ev^OI^&af8>P
zhSo`pGVUV_jeN^bp}zdplV!EwXvNLDB3}>l36Eb<@^{k@o&eJJ8i1rWU0j1xpV~gh
zz4xTxbpAb`SfG6Z46_Q70LmZ5%>}2<wfNfVC&2nS;m_}D&V*e%CmWsp%K>>a!sB(+
z%BJ^=tgFuRZH;+*tM^!H{!;K0AACY|B2c->?EbJ00ui+0rZ<?at;N}9340LV)L#1g
zQcl_}rT+V`+3u-5*CJ!kGCSLm=3s)6m&r`W8?JbZZRXfb>l*orkEOwV$jos!*Ox-C
z6R93JRC;l>>B4YLMup#?k6H^QsN=%-?cykd(`q7sS5-o6>}z~tVgr;D!3R3vO=Q9d
za$%^NkxNt~KaEpO>4ty(+z@u++m&c^ZU<5di!4}9?QA_fL0XTsiyDG<!cq#HE31w~
z^QNP=L!URqkj(3Uzm(nCWt80M7W3%!j-GGd4Gd+o3Xb~Np)k_~TL8}qUs=4FuQxzS
zl7yQhrVkcTI{o<p&t*p)jp~QR<M7(WtvEaD5xFW}Jcfh!2uUrign7j@?J`Hj!+KYJ
zf!`e`5)!TLpjtw_2jsOuAnLZ7_%c~0)=dui;6=`p(Bk4ldaWu}T#*=Bn;>DQq)U<d
zezkG+Y!~R5C}Dfmy7X-u|CsED4^So;Va*}lM=ZYo!~>X)<tAGzzwf}~4;KJ;z8t|B
zJ@n7uZ}2}kI&vQ!ZbP%Z@~FQmAJ(o2p5;;rc)$Qj!Ns)?53JbRAI6;c8597V<V?_9
z>4FrJk6QLw>0Js)b2nZ|AmmS{t~iW!!(E!6tEvZXYE0z3as8dRtZItwpt`WQ_>HNl
zX<mN56u>W*J~}?uP{S_&&S~t(XgJh!sA)94rYEPluX#6jQEa^{FnV)U67a)_itsw|
zRmb#LDi?Srn*=X@rB<7QH%q1G4stkkV3j(Z2`24Rv$OYZQ*L=7AMf4RR($jBezr16
z0~$~1wGu|{Z1a8P@_XNd-_3@Em+N9b+AEko&uiC%(9^+n@1RbFv~l>T?q`vt?aZN4
z2}EyJfMmvRp)wyHl3e32DoO#FTUdynsW3_a+{<wZlE??WqeJ$GB&2G(Xh7%o5Rr(4
zKcW}qEzi0?wQ>bJOidf>aWlLGG#@uEZtlSgxeVRJFkoo3qnaVSx%zR_69;!`Qb(P$
z{N}`J;Oz_V4K6J;=Vjz=EKo*_8Dc=cR|VQqP9DK?DTFlN++oSt`}v*HHaF*?4zJu3
z<#%ItEY62_Rug47gQ=5lWpAQ>L}O3)PY694_0K}1|GV>Y681rfs*%|B6xctP(QFO<
z&~*6eC=BZM-vKuk@xJNOF`(-pEPw&ipM{0=rj{0bKxD-yBn<Wa{OM`%x~sIUCu(cE
zz;kDBJu%lZL!OD+dhsEU$b9sHTMX>8`EL6<L&A6a-fc)&ygxtcMAwuR_(KUSUl_jG
z#klcI^R(-UKj#4{C!Qv$GJF+fKELk>jVc~Cth<{KDHcs*$FX4gs<JcXk#BWZ4<fw~
zgy^zGYmNC-ZFiwva%?=BjEd9B2;uK$b8j^0BEv0w<1>jcJ0G#r1V8sQr#S`J#k1mq
z0ILFu_)l=~lNz8JH=cSg)!DoFL6Yvm9`ZHKa=F?KX08WOh0~8><MCF{a1i|C=T$M}
zcP%W{o?svL>le?i5qD$C_N~(AxidUJfP`8k;_TpTP5+vxt+K3)SWhQSO;$xnAzjEX
zA)%waW1isq%Z_2)fz?I!J2_3Bq>b`)j`9j<?gtR=!|G>Y0A#x(MinQYV^Df{8D87Y
zjTf1;%4+N)>oKwuj;dz_VK+e_ZFrBa9KJ>F-<T2r!Z$TwFreM+gD?QClMK1Jxzc~q
zZQp#N30}XDwhdqO6QUe{akbB}C?g`1rT0PL^2oJKILyD*V}eq3%wll4r~T&iV(!vc
z5~@0{I3dLKZ%}K~(+XQtcz{j+?f7@}wT&%)<tPnZkQp3Fi+F$Z^C6kfzV}!d*(PPx
z>`8lf$=H}l-dyw;SCQq}ma6Fsqv0J0Kd%y-ye?T4&dB!aQzM7j#Ts?fw7AltGKPKV
z!spuab|r>9RmG6hL(0i_+e3YOBqStv83J2DKUAR#3r;3YouDY+3z5E30PnnbP1+!c
zO)9*0@Jpc+X!L_f)~39X<JF9$@T+lbbj(tF@;t{galM<d`qiT&`QE{Xw*8iAF^Pl8
ze6G6CD=iNH4RsD~htHh0s{s<k0&PrUc0X0l4d*nB&20V@rv!wSb3*NlR7NRDV}s8B
zX5PsY<k)3*UbA2caohf4{)^aR(eTm0N^z(Ue24tH<J!FO^fHuVSg>g%u8j)T&h_R^
zBs@nV$5d^p0c^x=*7d}7XNkORK2(CR%UMXvY1gOyd(rA81|^-x;6Y~MPoGe0VE%&H
z?q+D4%iB|VX<Y^Oa}So2X9iW&smVo&pXXsDw_xMw?{G`DTN!ThAJhDuIEsig;@Dag
z{2zN?85Bp<wMigB0t5*bG(dph7TkinTX1)Ghu{QFaCg_>&L9DTySqDs>oBvO_uKE+
z{@tqGt=g%YnxUtg>b`yZ-gC}<1ai9IkN73&nOx#}pdS^G%F1>{Lqoo7$w;;N+eM}i
z@VTYkpcehsH3<T`@2DdJ{NC1ZAM(?&Iy(fXt=*qxRG6jBuGbI#8Xu3P(P_4Itu5vS
z_c4=*JSan_LJiv~0|WKoV?*3qubCF4l0ihk+VekiutLDRbNA+G<}s>TupmMv3W&qe
z%WI3cC#ZnfV_`5hi^c7HRf|5kvQ^4l&h~M`Z4~Vo5U9azL+7{Vb07V^Mg(2s{3?M_
z@+URzc=Nqc72xyj>ao3XaJvARX;aceP^BbxZsEEV#1zM?jL3cWv{7=P*jz%Q^8u!v
zni#g(juEPe7`LQ+uvf9W91vqAK^<c)aXz^Jt3A$nsDK;G%9ttz^feZxXJWlH$DnrW
zTLJ>K8Gv~w_QMCt$PC8DT9_-4wfIuM50m{)o5k&U@v#i>XF1y58Y;u~a}>`nbLptA
zW}?T_NALk^0$l1PI5n}_B^YOZ1|_x{FjcXsb^2kwoa+`j1<hAZ<rto=#sk@ADHgg~
zDaz(i_*U^LS8BI1o5g@N4Y5qD#zIZDWogN^hNLEqvZUleXZ4M&jw<aBZ1YPtcJ`#{
zgmvpbLVhaOLkTU*iUuVFdoq@za4A?a%{JRlS)zktZFT~LnlgLXq0#|Dg6lJAfDF6i
zMX^>eZFb$an&c&ydccfup-k`PM{JvOJfIX8#y?cV&OV(qGozv|)a8{AyIA)dL8`5h
zQw?qSI`0sh3TR{BCIfbMP_(T&vyr!r>-n>%s(7|ULS;;#2e%0XBy_FEt38`*#*Bq`
zbq$k@YC@y0xBJ?8>F<c~cIN=y^>pA4+iEJyP^UWSg8WB@=jI-xC1GDrL|0aE(k}gb
zATS{P_+e6!ZaTCaHM{8~oLC+E)=H^H+n%ert(SUUUG42W4yyRuA1MwUWAC_0i%4;N
zB^fn8*I63rL{;if2X}bO{+%AP64UxY@vaGedoN$i(>MF#oYH<b2)BeV6WMEWxl0^9
z-#}eGo)YI1FZZI}-R0$xuo#!wyezMvU^b+k_Ujk3oP*Zf+>aa9bLF9cGCbpBlHLs*
z9Re@`l`vTC>=72$Z}>d${ikw@ou6olG@&5uoroq_UDL38=$+v14SR3AVm|#iTfH|O
z6pg1s>#%*3T64uMfD@Wu!Ce!*D0Dp!;Y6iKNpYin%Q(E*<>y<^dF|H4pa_8-&z6a{
zxgLoC=9WJV@F8Oqbg^xPV?sKbajZKA&rmG?wN<ZcL?PdsN#ln<1x;<wol*&5Fq=+j
zYf4SK;U9w%qV~3i&JMr9E_>Xf5iuy5696|IWpc4=d$?O}T-VA<!)1ziysr-6OZca~
zGku%#7r?h)d4M|;CvYQ&GMbM<M)rPo@MGm!X={p$r>WIwBsJJtNk+$<V4`y<_+wVv
zP)N4%j$kn<K8`h(7J5W2tg*HEfYa{wY?w3d53Qw(qwN$lpgy71_O{ps1-bFN2L}gQ
zgmIdmuoD;rDpZ5pz7PZeW|waOb@pg`fI?(^L{!Wn2iu+IrunKROi&G%2$+JpO|OtN
z3ka*!9O|T?6|GXw&8Q!!^)C`O5nqlu51f8urD`}rK1m>>;u!JaR>Go{P9I$cSv@wI
z#|(z~9`}TGjTsyV0bcIcD>i`9mT&MjHbPv0qF3A(J;sVVM*ySier{i_*miSU)!#r(
zPe7OUwZp8a-tcz+MC09^yK=ib*-h!^6;Ad*&zGkFNr!dadw-p{A)DmUv(%~f6U`r~
zzVG@0x9972$&fH1N=XHNiVtb6A$@sLG1lI$Zj@QX?^0-{r`3j%x@ItGhpBc8sSf^9
zQJaor@ugHhKt;<T^$(wd6?5v)c$?VC1q2v|rk7$(huUO!H?p|I<!v(z6l6#CNrn77
zRIP-}sUMpD8~>>HzgT~txgaFsg=|HBtyOO;$$+AO8Ea0G?8%rSOL@K49H;WLla8(E
zQ0&Kgn479GGFBVFTfr#CZ8%LOp)zp}>Fmy6=w%$SKs4w2MDnFMF)orSc8_hxBtS`o
zWc^KL^Z~_Dz>lEB-8q0c>IgNPP#uF~-z=QZ&75er+askvfsbVfb?~#vvsv?a7K#J2
zmw%HB#Ccp^EQ5^qp0?`v1Eiw?E6DobV9|$&Em3zQL?OH?{YjDg69sIveJ7TpkE8hS
zqc=JyJ^@R|r7IpAbi2FzKM$A%%XfDpuWM$eG$@YC;f;+eMR>V2CNO5@PI&fti%FMi
zNA%fzfBG4F$LceLQ|9<z8e5hjZ3UI9m0kT^TU$E;Sa~G>j0D!&JsffY_6JL%!dElE
zo|pXdBx46J8T%>}yy(gL%ZjK_<g=SJ-^4pf4q6I^Mi(_Y;^p6i<2$e7494x7H=m}R
zmmsg{_+<tkU(z@AI#rf$(0MNyYI<_;BGUYOrawv=o0tp%;j{m;W^%zAbcYVqA51b^
zrdh<A931Xz7moG;`*hu+W+Xf2Jk;IAgayV~RaC@n<$i&guq?Uu0tw~?3_~;{`gH-8
zW1NV{#4;F&%njSm>+xF~YI6AfrLxjDQ2WuS3D_4{4M5Y@F(^G5os>h#Yg|9%5fGeL
z?`!^|)Cb`nFEo4C0^k>aanjtx*>d$0Q=phVmde6FGU)dHeL}(LXl+M_uZ&j=%BIIw
zKPU+EKR`;m>%PW`{utR4V&a%PY5j3R@=E4kpCeSTR>o0uK?g;h!f|Vg1E^CK_+7!8
zYbSfL?`gBk>?DwoK)66Z3-~G*4rlK2W*|>A{0d+C1x<2{$?Z-#=N0AHu8b}XgdM>1
zIqo@fOG?ULx{=LqL}s%UYvs+G%6am)%muq_UI?t6>#Z1Atrfpq;?i@WRUi|&vY5Re
zWw`7PMDVE6sy8=oKd*qshixZjXW1NbHqFz{iy^5xbl9J8IG?&QIJt0ALD#cC$r^8O
zm~<a&%oNM(a5`=O;i&T`21U_k{p_M$8vS2kEwDpM#P4qb)$aVC^<&59M!vRv<uoy}
zC2B#UU--QB+*K%x*a}q3oNlh$Y<ZvVk3C}Bb`)vuaArVFCaPwCrmP=_#@O!GYcIr*
zIA^<u<2#lvT7pZi+V0N341pgi_^*cvBVa2ct=f$c4J)9mLVG2cn6JM74V1g(l2Mk$
z5XChEQ07infd|Y<wOCFYA4VtIVl7P6TGP&fc5ElFn<@ADI$6@S%EbD#&2kFz==bza
zM-z)zfyE@1)novhx|A)?a}*6M-0(?psK~Fgfr-S`X1;myY0G^B@KxCDo%3{tZo4?&
z^|Dh89>iB?G5j5?7yVIPoqo~HI)45JpbsnoIxleME5~)dy5h<j8vZ8$RucT*$Za2B
z5x^=oHuin$(#{nr(LV!oO#<Jx+LFN^%O}Z-UJMj<4tsy5u-iQw1t<g@vq$4zXfS8T
z2>l*Lf5U9R3Y(3Y*8_1I_e;kOq>M7Clyky#vN)kQ)JxM$vgT6h;*kXH3@=0Rss+>m
zq}gdhfFwC4M*>^4q%xh%$|qT|BEJQ%akBw-(mu)=X9d3v@WP3+eaW-#OKj}Sf$lx{
zzMXBtrhV_KM5x8kp(8^_V%>?}!S{G5N?T~^rqqI_NE`3o^G<A!5Vn0bl~9p$7scK#
z1fAqN$vBf1&KyNmu+Le|7mu2yujz;f$iK5GT$&GpA8^wv&jqg1vORLN-Db~y)sMEL
zm`Q!ty$%Ex3kIoRPLL0AjedrPCy@p@l9^KHx?HE(Gwl0}-?CR==LQ%pC*yoIoqNeT
z_UDsFy<1eYkqIV%@lrS%5oe`limZg&(p`UYCgiCxh08(1LN%1l=1S<r*3NwDSNi4n
z^lT8QN@}i3^=Jf6p&CA*G1c*`czCAmhPc^&uG}pg1bsS@mmRJq+@MZVTy1qZAOn))
z_7$Q1_lg2XA#_}L_br?45nI@wp8t-!@Xmr92EH%p#KE8zFqRL`*^gE!3BySdxQkR8
zX?^p0oL5C7bh^{-WBs6<`}!CkWz3QhlGdh)_lox|tzP{H`hFB{YEE$$ipeg9gZ+Ip
z>H-B4;qT(s@2;-c??UKL4RY{xm6R?5#!;aqu5|U<ClmGo);Dh!zKjqV5YJS^r$W}i
z{u_3qsjO!K{_-2-b~<EA=gaGonh#Iv+hW+!lwr*iscdHj0K)>@3f2U**?&!8BFSm1
z+ZfZN@@QXK+ktWpWo`r2M}ur)hY9c7n~Iua_TB2|0n&8MTG!)?usPL|CjQTJ*EI57
zx}WYrh3s64+1mR<^ws{GE%oEPCv&?yQ3vb~Tk#~+#|t$=`y-EkD5+nl?iby4>i2~j
z^@Kut&Oe38##atx@VasD9tGB0G%ltur!mi26qe`Ac{z{Nl~M75GkwZ3gE`%OOpP}>
ztVvSz95+rDssJ7GXZwWCC{s0lZ}psC6F0<*ZNmvx%xI@LM|3nypuNzAHe&CwN3I)h
z!{a2Xmy<%@$Ez~HwWI`(Nw+17?3Y3k-)X)_c&z_sFY3GTtTtJsW|C#V{F7Siv&WK|
z02x0tTIfsb!TkFx1@61=0bcrbl1|wD*LV!fE(e=K09n0qp=gOU9JEq&q8OGHu+@)&
z(>Dn#bF?{1o5_CJD~J=kn%NK%yxiQEw<#edcHM`ydfG1?zn!TeV{scwq@9T);&nZo
zkXdesIJ=zl-F~sD_P0B1NXZ!)AIIxU<Th>*8=|vaEZb@6JI{1`(a}+PK5dvWpI`NM
zKX^Z|U#!yZe$dn@Za&6n2hMgqnKjo0d7T%5pkuSRE7s@I%;7Lq-Xy(~8!8VWj%~<D
zTsg}TndaTy^5bN?o_*(S781zU4`7hO_JT<7F#_zC@c97u3BH*S6hI_r=!h-!Q4dMr
z<-x&Q*WEMpW?GM{oQygR?_xV@N73uFcChWX{c+&cSO(M3>Dtbu_C}LV-@@JP81dzw
zO2pvvb}OlzE<eOZp2o*$vSuEW(+?I|T&~RwE%a|U7Ys<e#{T}IY!_s`+k<4DM!T-4
z9+wOVISC)PyQfLnLh~Wd1=%{VgB8Tp00{shY2bCgCgjS1G9&0NwkKnDVDI@7hstHU
zs9n%92)_aJpVU!NKBm*f!@Dwv&epxzEcbEkGeG|%|7L{m#FsUZu5u=CGcJLsnY+uN
zIU57RZ|6FB<*qc;?MSUPEM?s5Cap)07xLLc!zs=jFy3{WKF@YyCRsXeSz&t7>Jiw%
zZ(eaJStwNf;1#2x=XucAjNW!rO72DFiaKDw)+UgwOWSo+oMA5jjm`rdI%*W4H{aN3
zADuLFL5DR_&mv=QwlOr!goKRr6JVZ)>(nVPmEbd>Wzh05S&nz_ECkZGZtWzJF%{0q
z?K}Jqz4EiK5M=Xg$6_LV`l|nuxxw$GYRPRQ6{_D_o-_i$?Hx*Hxxh;I@<-7s6#-oC
zeb@JR5SYpJ^|ej%O>58ZX3Rb+d2{G~Y*sA6O2Berg2y;T_2}%Y1J`U%+p^gbKL2V@
znT4|k%fA(4E3O37;BABTrw2xG<#LmQbm!B(5F4GXjqg<MFBs1ujUQo3F1?RWedf!G
zzvoIzGhf#I?)RCRL$1T>OR(K)y?cgK3KReDv&I0@r*4jvW}e*H%x%)~d+F-<cf{Nm
z$EK+DuMo~#SV2b!S>Afi(=_;Q)z?*;k?)6|eO_)3nd9U$nu-l_?v(qv0PE#lr-@E4
z=c(4}r_F-7vgJlPhrcxjC)YC1YTC*m|Ezl#XBoTUk&2dbxwI>K{IQ(&4OK;k7V@ld
z-A4bH<6!{TT+wiKt&S@MHMN?%$78PI4%nJr1$vm8e<xj80pWs_8`#_Ocq?c|WdrYM
zqrpsPJ?Pg&wdc-y5RAVX5L$A(o2AA2U4q?5rC@Hf_AZP1ORLp!<N_zY#?s}?+|qQH
z%M2?I-%(Q;x!J<vY8^Pj$iW?YG;?q8IKpQiU_9<+(^S;uVpF)CpkSsU;QqKLN_OTU
zIp_`IU^M5FO<8ew9DFs=<*0rC!vwmauBoef;kyxP)2vQ6rJOk~rOv&Z>7}{uBncC=
zIEZ5ch0D_^;uTS$o>sS?KdnH!YQTrFLt{+KSxp;InlBYESpgs_&FBQ4L4zER%+*=r
zOQZ_t118<<_M4eT4#6kSeWRggjjHw3Wu+TVFMb<yjpx<;IC;S?<Iw4{<0Kc=n0M9L
z<xODWvH|pR2h9inwUV3z2Ev!YBvn%H-Ai*oT6nAl-1YqQNwX970;A{#iK3-^O><iY
zZ9JwD>A%!ya%OcF1pG3evxDiEP%pK+CO|$rTQ}-E-~Rm|bSAimA^P^5c+p{zy?&(z
zl5fh8DPsX{-%CZUA@f_P>a^#rmAJdBjyKl)oB^tSIh$B_n#Y~-XZQZwosAGK_;~$c
zq-p-Mva&8t&)#un$HTV4E$Dvve2la@IZNAMRdg9k8b|11GdSfAyaC%cg{`eGpo19r
zPNG)ny|Y@H+^#zi5*Qb|6tP=|zJ!4@hJP1uI*jPB*l$OA<iKViH#3St0W$aJYnpLH
zT;~nDE{jDV){Cq^j?#&j1yu*G_MCUinlw4BCf68IU9BFc{LsIrvv;Qjf82+dD&0pz
zXAq-#Kr3@#e${}*wfh?q&Zov|vg!?uJZ@u}EM<S47j_@Tmb2Ij`_skTZK89gZ_cLb
zJkF1;FJxqsjT?|2W_~rto}b~Q;LDPw5hDB(()pv+-etz|tgCB5O`IF<imgSNv@!v2
z<#{ful~O;q`X~_ewq_8WOt8ZO)-ItjTBCV=?OsBrvY0R3+SbnN4jO~Kz6b#vMshB$
zSRWrB>Ae9@jf<6y^GDPjLx+!HvW3yT%V%vJvyk+Z6sVWzmOt#ys_xy=Y^`cRtyZzr
zDg1{}FZAWH&bujhftn8;o8?0$WPC1vA_m8auBSWZa~v2UMm0%L!y`3?If;>#?0})a
zvP?&J7jYO>H_1Xf@$`Dt>&r9M54XQ(s$1^4WJ^Gfi+`~|V9srf3Ad~^)4n+O5k;n>
z(_WcJM*M6S`{rK<?gAF3BTu*+<EtY9mNM}50IBMIf(fuFSVW_cxd_k_l(WF35Zh2w
z$#9d{aoBF*exoeOT1&70?QtSKNHyTvb$@?Ckh$?<Op6G{X*WQ#qMyl9bPm*HFsx^a
z$4-IOcR}xk?x1YEer4mLnX>50%&MZgdeGnT@#XletWGLEdLNrBPI@m$<GtVY2JDuH
zN9QVi!P`&qn{vl}zhm3-JSnq1f3qZ=o4pf;nWX9L`7JbO{(kwoDR;=a&Zzs8kp}Ja
zxznk{2i)Uop0a28II6)Kp|n=80d?1`^VRMUje`FpGmS!4JLIQ)Xeb}F^JA9kw^k@?
z0N-VyMuK*h_x{73T?RkMplo)T%s>CM7cUq(A8?YZ22(RK;-$^+&2JWm$>HPq-|v8g
z?gNCF2xpq6wP5>6{of5}hQ{B|#d7=1?@4C*o$Yy4wO+n7>)WwdO&2C7M8!(i$l26d
z?j_Ul6)DYpD4SM4W^{1&tpEYli>HYyMf=B+;#>NOA8qy@QFcsOwVgj1K`sZ$!1ukV
z%nj1+)}ILkp)LJU_$liFFv1*8`)>#J66n@d%$l49uD9i8Y!w>gbegpy=1bE>b*Qpt
z4rM>nv{EzDw7kdC-B#xD-++rT1eaU9cakgBbNri}X5tm+3sd}?&ZCal_ZKpS0+g#V
zGc)N1NqtTsfPlu!!pob3jU2H@d)Ob@Wta(-9Y3G2c`(s>R?}mcOus;E7EQrLZdVO|
zL!QHN-ZtsbdDDGA3r@lG9Fd>5OtVCR!qL2s8g@KU@^}^7^_d4ohERZiCx{I7nDNO`
z>rCBdA=#ka-L7@_TeH7QT5skmquEHJo<Xr~nw!~(#y8Effmb=iu1ag6ZYT44O3n6A
zh=hDb*VJ!`rF(YwecVo0-m<lPuA|N;I-?(nTK*?c$;LD%BWK+-Iw`+ePMe`sk9X+;
z4*F1l<8@3k2ze8A;$LU%w#NZ`&<1j6yT{uMRi33HS%=}Vv9+HWI_{$V<<E>2TJ`&q
z95(Y$rFVh1>o$|WFDoTth{i{2w4ewzc#w)u(FqlGfK~uuGV#!J{8#-3%c(#hGZZr3
zA5Du%?r3InxUwNTPZ7HY&~wdHpsu{X=^QrB^}y?H$s%Vr7AtM8LUTjy##5AygObN$
zhq9dEWcjR)N0QWQw_&X=ob~rigwdkebZG0`J7}d<W3YksGN6s<6c>igP`^4)7|xlM
zK}>^x|1C%wo=2+#I1AE&joS|3a8n5&ZDuals9L^R;}JAmc;5#H7eW>G3JzHo4FL`_
znE(;)BLgcM+}Cf$1aRMf|6zfHGx}i!2iJ@Jf8UN91;DW5cXf4zhkMWcJxdV{q5GbD
z^E(1H-aWy0J<<Q?uIK-SHvj+U_<!ru@c-}3|LHsP<nUr-X8CQqF98mCNsB9pRf`w~
zDaj(d#({%FhJ&MW)KQW<|05%`@e1zWn*-QO$;!ml&DqR_nUw{2v9bK;gN2QQ``@4c
zKDocJaj<c-akBGpaIkTH;bL;MxA>u?Ac_8#@GWpWy0ny-3LG5#w|{SBL|{vodFm?g
zf#N8o<pKxy?$5vXt0ek&L~yUxFQvtV)jTs#vrxDb&sGM&tiiPoL(>#?GPJZJ@$nHV
zbvXH!1%8S?4G|j44S8zAgxZx_@lw)7)7fg%<`$LLV;nCBFCCqXmiuXW&mP1siwFK_
z>=Tc=3tl<+p$a9GXo$g97@l5UQwx<^qT6>)hAaf5;9SRNI2HonryfII!f%E~|MmU%
z2ZrDObL%1+-nakyoy8UrmEk{ovJh|vzrp)=46sv14?OCBeG3~i3=I9xHpD*j-`&0c
zenkv6V*lUsZx`RjNE9R|CQ5bsUW!%ip7`uxfH!Wc^XA?Ha^8Pu=QW~|*t!NDNb};S
z*`}uJWVW;k<$o78h(tWrH{R}QYYTiJ2Sir~(S4&QE^7ttt@A1G8Ho;iMIaG5InfV)
zKmAcO>M-+F|N1?ekT4xnXooRN!J0z#HGN2^So!0d*A=E_f2@F|mY0uIR4?Lca+N9(
zbSl(Tl+VI4Dos+gHWT51k8BYD01#KBOBxs(d>7o~O8lQjV9al5P>Ux|N9+u^x4js_
zSA53r@|tTeys0=n3A)dcksS_=5=xHng{UzpX>LeaLtWs}$UiYrN4$PRE2ScWDIKAj
z29}LL%^z2}(0DB^^%rv82@mmwK^S~<Fq3*Q<>YGneRI4R%)Y2;Zv1KC$git&NJs9{
zhm^%%Heq$rGVJ*ns4*!kKWYTI8Q{F#_)1PEv_nuDG2F5-e9Wt+uOC%T;Gh)|fy_BP
zB0Z<{=FLf>k1K6*Vmt#lZ}vsr!mEfzz~{DoqrOCj6qyy%G}EV$l|W7s?q6r<drhYp
zN4h@aeaY|fCjr8L8?;d4(?#b=58LXq80u}#2_2!ggncH%GI}-J+>EAL`FA8TH_(r-
zKw(;DG>(s55D|-thCXtaFN#GRyZN&Ta_M$lQfWhG*m?(}$=mvr8rjJg$^OzKllOE_
zN<9!ka&rG-WK(2jXE(Q`!>AOp$&(-os}EM>iL0rC9p&Y*USten;$`SpSw-bfWuHMQ
znm=KS&2hsf{q}SoU%oWhe+KBRy-6%Uw*>m{b;{-O-nBo*HCxOT*~WtB%kfb+gr)}9
z0KX%}|MK`fZr6A@ci?xGW4b`s@H-LX{FgMc5q7Zz6)u$O$l`f8b+(pQ+Jt)0Yd1{8
zds6?eWJ2nBfRsn+rX6h??1J*zrqK<3G`a9QToG2eF+98}n_5?!8<u1p8wJkWP{p7)
zsQ7k&eLi$(Azrf65Si=y<--);h|D~IO)dJS=eId?F4IYNds^hJsqQv;2IwydQJ*&t
z8nUbw`gO<{v!rSu;Fhg4#}}Kf%W(`(1e9jy!17mu!{4Y>%Bay;85LU|ugD@Ey;BwM
z^pRojpZTcX8nC7)ia^5g<>YA!cF*&6&mgPY9VLR<kA!OfS!2H(=G&F~8_jIPFPzOD
zSEMltQoc!leLb09S#4$Ot)nKIfLVep=<}F_rvCfY3ts`xJHk?S(eH2H#!H(D#<T3$
z4D&SC(B}vROg&sLSnp4W?#cQo<#@b2m+@;7@!tTHA?+amw#3u27t!O&|L@V@g)5@U
z*{d$mPtQ(Iw@lB0H5{BQfO!vu=<)DyaKzqTWhv#XJ4@MpXCo})LUuc609+3~rdu{{
z>g5-tr&A~1!{@EixZ;p%4&x}r$TR9>jD|z0no5H{ePR$Z_E(S#2?-$}LsfqK8NssS
zVv0%oNzBX_%^)G!umgARxxdo|2{YZ%<VW@LGGb!V^}DqpMiFT%=0{R~Iz0cE;#Wf~
zV&%>lt#nHY+orFC*>3kvY7X&sp5JaHv5PM_#xVVLAO2d%(Li6GH&;M2(WP|0&aBdw
zlTzeL{$=2IN4`5k#deW^t^mj&U@m;Q&BRzDnnkKRA2rx&<KHmZz@E!?d(neFV<TOg
zQ17tu;W4jNthOOv`Ky#v1bMNkQpxymsZN}*Wr*NoPEJ`xh3H)4TxoGjb=l!gIJLGs
zuBaHtWJWq+8dpgAA)wIsY2bMj>|h<V!WBxz#54<6#WpbbN%)ojCkBS^V&ZQeAEZ7-
zW>$WFBX_LVE<=t*{%ZezVKQCGPJoyu>(L)wwA+u-#_(<HF(L1@ogK+bjtN2_BD|bT
zJce{+@F4}Iau~sT+%3`R=!qe>d=@dHK#U8F@5!Il+BTa;)iY>YwpI1>7ynp%W<5*#
zn_vM}p0^X8m6oWqzsS`$%g#tL1BU4!v~t6fCOwlTy|L)0j~sL3mSflg=C^1NBSn2*
za@H=zhsP1)m`xWR!WDO7$L}2N?ni2`@?`@OjfmCST;1H*e>Ve-C-krJF1Q=gWrluU
z(=_ewu9Cvqa$9V)#Dg766taE-&fxL!N5NwK)=G9`n!IT>O|=cD@4XGaeTCh$X6owe
z%Rgyr%hNGFFYtUA7WXw&LFzgyrDT8e+GcS5zJvMcCa&Yvgo+jqy1K^P%fa)e1>aBv
zr?fN*S45Nw(Vl5Pp{ZG^S}@ky!(hzOZ4Ef|trj|Zh~|4bqgA?!bR{buk|aPMG9?tf
zv?CuSNgWb^BCnQ;F*JOU$K;IjiSqW$kLLs1Lb<`kH~BB;BOQT@@H4(D$MmkW(6X;$
zH+D;fiAYj__K?w^3qdm%k~y<Gdv-+fen>Vwn)3d6*6=EtVd=(ubfWx-%(HOF4z9^#
zFG0TSsr$Lj7&=jtrGJI1@}V_?4;~Rgw9J{1p=Ddq-Yk2|FwkO5|7Kx+330C<tF85e
z9amSRAN(L{<TMNv!sg$PE!Cxzas!#V??a(iOQ?ye+M#bZQhptuq^Z-y!wIFqBigo(
z=a&YMNzZobV1yB1Jy}?gbtIkKoH6pr9e;fNwIfM=GBt_dg0YjneDnFCOeJ^I?!&O(
z1!Cak3Ns5T1@_N|Ld;GZ{IWLEHM8TV+h3U3yk2lxKb$&bV7J-qudp=qQ79_0{2mq~
z1pVwpz>!3gXGk%lbOhbl`hH1|%3R`X$8-~lo{gxavSZ|Wsa(xP-lK!$+tVhlOs9fW
z{7<oRkVgJbRJ7VV-0GcE>(;rSE8qvLc}USaVl-?cOrEx=Gwwts5Idn|$+ZtTG|`DJ
zHB!+1n8h-mJCYpU4YxdpgK?E4RXb{fqmpu`zF})^OgvozH1Ky|p6E0Cssxy%+bTkL
zBnxCmj`toPX?@)q4V1N{v7WAqLdf-pCr4mul^-Y~|F9Kge7H4@0CXkYlGd}JW#2LT
zVc^MxuZMgl{HU1NAK&HnUbDd7mu=dWZFV9#yrwjk`PuBiE9!|ng><J`c~t&!VB*0K
zs(u8Ik<#$##}f5v)gM^Rb5*IWNWVcBN)5%p*?6!vPRjfrTP_*ti#+{kFu3@u@Y;v`
z3KyEI`|y6{O$P)D>#l2-eK3h96TY5;Cw0RN%?A>`Eb){R2Gu6VJ40oc9l^wX#=(Y+
zH;3DMz6~dah}ihJUyCLDeieBI>=y^;c=k#SEf_@AzFr7=i~=-*ZT?PT{V+FA=>5If
zYuJMHFCxU3lI=Xje(z${6OLi<tn&93o?|X&^4WuIa_!jxY6Wsr#*_?3bd@lXEMxU}
zutHZh)hJnhue4@#u4cMgISPYaD_z20{&G5Dq<uc;+bXSaP*Re5r?zl-9NacF5PeG5
z;FvtG2*%eAcC=yY`0Cne5mA-mKscFkkAAqm!)sn7D-w-yd(t15*se_A@CLcUk)y`;
z%nUhyvQ+ZW*OZiYM<Z}|I7ZxZZGM-xLfX1f_TU{>Fo<5QdUK%MK5((l{q2jSZCcF9
zwc@Opiz2}VWe-)iB2RG<$3^ImAJUa&X)&;$<f7-;*BK@(1pk7aFt}9pa#f_b{e3~U
z(rO5ULIo|Az%aAe<3wbdLHOU-^626Xqv}ZL>Y87Jk^a8d|3!gaocoYd3YXqEDz(KL
z7s7ew8P?%vpIfb0czhe?v30+0e6#ZWx~B-fIeSA4zkxu=-%do)fHRkd`9w*>o{{2O
zJ?~uabE&3>|Ey$MP+}YAH8ygPW!u=teRMi+NeE!)Dwf?nG?NB@K<RvFB6(Y(+h~|d
zfIPLoJ>*hAKGW_-1^uAiMIO79oW+(06H2PuzlU{hMk;zqN6P!ouM8e^_o5SdFr6+J
zsqT3uOnoSj$Ozp&20FagzuB2v?CI7tqavkm0k^|z3RJ$G&<#Wvhy4{3qaPJZr9MO}
ziHscBu+kGxLLW08{ZmLIe$t~T<~0rkP<%!T6&K2{xcOC)bH?(mJD!|H8@_=6moFiW
z3&Bp<{8RsRkoV1l7RhjzK@_&bEQ^3{@Y5w_l0F26%&veCaFUfVNa4YSup4m4bcNa>
z8rkM-aOyq4?tO3XY!<bTmi+pfA1)3RnYJYm6lGRyq281{I%6I&n++?o<>cBzP|OJk
z98~#2%jmLtnUJ@W+s2_QdzLn)_N<z$;r@yR8vfIOH25*98%SJ?C?}ty(1hyuftsw0
zL6<L;nQ5n?f0rf(t$CyQEd|LJd)JzGdRfLuA4PPtIMSM7X#>&+z2~T-TG%lfc9A73
za)gTw_DjfhE!>U$_b638fqsu^T$?sl@7r<=CMxaCc4ygMbjqV^&<`oQA*2dOWkJY6
z8yN1GBF`)zxl>%9&t->_h=g)E&WFBWH2<32-ztHVwG9NJ()r_4T>TuZRx`hKS;lD$
zcs+Ojd%0nZf;zWt&SS0Zc15$&ab>=_M&(y%=&e^2EvJPeJyx(0#=l`cK<YH<C$2>h
zL^Ii!F@B^ImVN^j<*DC8N(xPTre+Jp#Z$8jHzN!uDy$$wX_0@6JWg)Vk}63i*r2n+
zbYDBVmQeL(^jc{th$x~;a^iTh&*JvbR}NRzR#;tDUi`b$PUWKYx?sqL1IU27E&U<0
z&DsTi%}*22ZV=Hg4;-p`9Z7~<TyKQ&b7D$vcPlICv=Wh=ZzNFY_JpIx{%q}Tti2!8
zI?~@CDcNqV$;At-uh*rJZAxmw<rj;Ar$ZpO@-L;dLikuN!u(L<eYstvJ5ZH^oR6I=
z!?C7~o)&v@o#Vt#aM#TiBdSi%4S6-he8DMha-;l3Oup71tU(D4EYDhT1$}I~`BFBj
z<5KIkrGgtNzbA_DbU}GW9z?wH3mLSsRFFKXk=yP;cl0#IHQR5m`RhLLH1h1^_D{Mb
z*KfF<*Xk@S!t|IS^HTM2`>?#MqGb#V7Eaibxk${7kV~hl<Hgd4_IuK_9vq#7k`SH=
z=e4+l&&DiO2*6NL9NOUtHT~IqaFq&yl&smCgD8aM`y3P5cz5k0{nTC~#Bq4W=a#<_
zET(+b{3xj?7>ai5!$G`aBV#3ha^cg3uQMsp;g>UDOX;p!n2RO)hG$*mbs#CJCBhVX
zp_@*^p<;F?ewH9J{LwqG-d3$did7g4>*7(geKghl!Nur)Dzj)xswn|Eoy&xvF1zrl
zFURPzQ<+q3y>$`^ppZUJ00gP-RU^Xk8r^;7bsKAI(pUi<pc?S6-5=k8H#(1Yx~zKU
zAT*D|Y0dhqCVg7@Z=0bliY{dDkr^jmjuHbYUk(!n?hD8kt*!=H!Ihl(>nyKsw$Vc}
z=kq5=)T4<+`sUv7=+D8|Cg2=N!N<*42Y<M+v3fL4TVg&k-$7KX(J!REVpqn1rHsAk
zDa{3~vJy-oRP`jk9%Fma&)DmZR(#6Yko9`3qe9wmXS$hMSn%a`DIU?UN7=`}v=>9$
zAN&^wLcRxgtw4H3Cq~D8AjyzNSzJN^l@BC;@*^#bP#7avxK9HzcJY78M|PzvZnUqZ
z&Q9xvgW${6e~)0=SK=A(uW6gBSH!Ui5%Ma*l~ug`y~Xv&%n+A+`$-+!v+C~IEU%Ov
zBSfU&obzmrv&*XOwmYXQmh0X_SbTVdCX1)oVyI&)`k81lAGWujRMokGcIEpkg{(r}
zBNgl8$FDqF+-pyD*QerqZmzEOb+`C~hRZzv9#0r0)Ot}DmhkMMJK_29x~nwvsLa`o
zaDd-x=g#06E_w|!z|f&6Y_*A+B4saS5=yBRa}X;}-rSE2qfBqc%;~7K&}i%?$Vt@?
zMr$au%#Hjg*(;}|Pd@;b0OSUeahxy7on7K+&IA*s`TRU7Zaun$9(W(xyGt5pxU$j+
zz-%syp#6_cy9D15AIB=tKFS0W<0TmT_X;g`c+}YU+uJNS^s!^JraAyk{CJ{uXnc7n
zte-8j9CP5isaeZ%HpqVj89fNv^4oO4ce18KSq^)SUHwFqiZqQsKL1JhCq18$dZS>h
zrPz^&^;D4!$7sg<ro)*irpYOySnNhNiY3pEhm$^WXm-~Fg{7@m@sRg)cUaX4+G~HB
z<jva4`>dO|$!Rv;SPjNm@pqiT+8hOSUWo&+(Oc(HylqIRVC+m4^Hw?Dz5@~}!>GYf
zd#}Z@jmB84y!1$tkEU9zYhzoU$uo66*d?6hj0kf$`Mvs79eQmc$@8@G-+sxP7A2qQ
zoYc*L*AKso2~a6rM9IxhE)Yd+%~<S%pROr`x71=E8oquG6hd7NvuUQzE3J6k-M#5O
zmalLP4Y07Zc=2_~+jIGXTBXGww4`7=Qv1EtAKd&GxvSm?W-zB+=lXblG-Hw7t<E^Q
zfr$4l6%^Tl#5Kz4@XhNJ1#dl3h4vfG&6YQdPJxl{kWq>;FQq=A&+>@~1@xvDR?H=x
z*#v5$YKJRzw!Lg-D2~wN5~FM2ZbnQRH=+YE0}ZPf_M^%wd!D$x=48=><{YWLcQ4~3
z$eyWT-d@(2aJvU>BRMLDOibc$mBB%iO@E}ie(bxM-jtee%^wB@454_y%<k%G$&nOK
z-h<Qx<huKw2j@1d7aCjEa~ntxbzkOi)8;Cr?+$*(^ncyAS5klzK^2>4;dqsJ-#}Vq
zI-M#a+gJlfSS4x}3pS!*_=Q7w8`0o)e><>ya}Y$$>0l*!pRN>;m~~tK{M|AlBoSYZ
zvcq80uE8V2DT95jtHzq-5@hW5bmKLm{G^ScyI*sW%4Q}bmT^uHY()d~x1-;QzKj~Y
zPOj|}fua_pkwVF;A3dFJMJfUi(M+I%(1S4%AB+vt^p2cPh)f(t#(3>ldQ9!#?U>H>
zS3u-6%RtEM+XjCN?u)w#L#gvy{L+Bf_@(V9er1;kDCt^b(pkcCrt(Pi@Z3h?m(Fob
z&;e2eTj|4?HcqI7rHAB*uIsYyo}K-8xNc4N=4ub1?zq+I<M!NOdgSb|D)`4$?O*e8
zf3xeB)vRyt8DzJcb0WgL#&GO4Xt({Oax{a|TG=9YT;ozodsE0^prg8}1CPu&Pb{|R
zmFgKB7Mof2)%xZ2<b$$^Ek|D;%*!*EV`dZ7&xf0Z>hm?O^DbYI&XO)bHV0u$3=1B-
zEX5wsU^Q2&L9_(|DPlS}2H$OMeYahLHDY*-XYII}KSnm511@Pb%dQ6mXc$3n@QV8;
zR}J3SbqlOS|C;*)wG$*a<mJQ!O|_SNsmpjjZei>aM!N0Lhh;E-|J$8Z<ODOH<c^qG
zR1^t?O+fn;Tf0)1Mf4^6lg)urSB*i%ul>cHn@*j<U)m<d;m=0>`Ym7?VMzps0umy0
zSj$_qq(3h!@;?`fYcVlp?@-a4_}%%tU-@dE%==XKh@j43bz6|iwI7UEd9IMGaGl3S
zbQMLssHe`uLGwor&VF6ze>OcM7Qwj45+mdaOT}YTtADyJWEs1d<n3?);l<3o7op^M
zv&0#O6f#;BvQ$`fVlsrq`gmhTv^|;hXMy7tl3b{^%hs!Vgb&(3--7IIu-h^(PUDut
z7}BXO`|PE#XG(Bg*QW=D`TZY<(N8XZTgmwV1#G!?Dqcu#^F&~uOHGkr@+3j!cLkCr
zL&T53)cs1VHwo3fu&loCkR4xNjE{?mVzBHuq;hQ)4MT*UvoWmo+VK>bZkl*ByFmq$
zRnlGYU(zI9pCUHnu+H=mgX_*A`fa+5ebra^xRh3DgN6Z0teE<@B1D>p&9w7dl7oM*
ztor{5P(8j`|1vc>$->G;{Hxyeu`Q;!xL6bFiG>zs2=uQ8K80r=(woI5kMk(aoJX3B
zThZFQnV!Xwv%cO2lg-xwTOqirri>eyicd<qp&HDj!i!G~c^tVILT$sCTE8ym4wvN#
z>xh}7z3DIO&CpvOTKtE808K5yL|<V;z(bCib(tY&f5aq;ckxZw$DwNm-+a>Qp=fY4
zZfVOY<T>n^ebtc5#L%%iEG=zmFA(7gr^V+~H`asHc=<greJ!I;{Tk%-@w9bmPtcKS
z%wogLy3L55nP;^PrmEX#0*T!VItG7Y=#9f0pQgAW_#^h1TI_LQfr9)Ihd?{@%k1mL
z{fVFhS>IFvulaa_E*+0`ii)&6`3%jYYsS>Ir;Y0X;gV7E6~my7+Mb_`a}0P4qWq&u
ztKgKf*L)Zp;bj6V+g&cS)s{xf2*BBRW)oTAAJ{H8*yA_A=NY>hgHYG8BDRn}*2SJ>
zb>nF1@T*F_bvBM5>C4v<byeZO#;3{?kKLBb!%flXyRncbr5R0bA|JI0(F@DyR3ZAX
z9nmnw{z1S;eR{WX=x0qMkw|*l5ilZ-peRm_%S+h$`3EV!W9wSQI|-cX!cc4Y5{~YD
zymP|!K5o0`g6-c4CG%-%T2yM)TPvy@i>6IcCMoMKx)$=hZieTPwzEUXpW}ocT&oFR
z8PpRcP}Sw?wHVHs#i#y;qZodGcI1)@{H>8xn9qj|Pey_iMDcej(#$>Ehw=l6)!u@3
z#^u9yyE+SvM&AiA(1EsYGa{*TNF-*PA}BRDP_OzW<k7yi3k=ly6`+h*V&F1*fM>hf
z+S)z<N%;EJ)tyt1xhER)l}CrM@iMO0y=qCNR_EztQcL@lp+3kFJ3P24wC+m#=0@C1
z%ZsDvLEcDwXJNW+dHSj?41;XsHLytWc5a??TFCc-LAqe>DkVuXVs>s0HhoI@vD<+8
z^JgVya&irMTpY_>mB)<4wjqrXH#~ATFvZj-3b~Zi8C5Bnq7s}p<)6+zXtX;{-&`B|
z(uBTI5Em2U)|Dw29$x!AN`Qp-u|ZA}l{Myqb-{WvPjzqf8&ayzLrFV&&$soeC~m9%
z;!o3^;bafgi`g|G9R8|)FRd}7y(nRpqeyh8&jKgt>|udxy~K3dKe==K?n#!9TtsDk
zTISDwypO2?k_{VH(!Ss=D&Q%*Kx59{nA_;^A1bRSU+^g{|7&bC2OlXkH!BpdcEJgj
zwz^%pSLaa7#{JRZf2|A|%kap8(WGw5(UQ~CKT8V>=K)$Bb=vy+(7o@0bW|6$rKOfs
zNisz}@-i~zA-B-`lS#`jbgMElGKDg-vQz-YTO5e9L-aeniy)9&q{kC3vd=g;I8s0h
zvKpxV5fisY#5lecR?rA3WS7%7O>GOY)sd`rM8!l@wkZDPDhD~@949|CU$w;+jdrvZ
zSQLNQQl-=uJQ=j<ChpVX%>VqX&o~1I+5nNtb3$F-^Yah(LZ}|Avib<iZ4MhvN-~9k
z7;@jirjbDI`baZ#YWlWTYGRfwkb6%|mMj(=P~i74@1V%3rb(7~aA=5MXaADy#x053
zhYC!}Tf8jvjwg5vrEAYYw|l%%o5U4la8>QkkLqMDq=^CEmu>mSLo@gJ_t)8Oz=h(Q
z_-bj%$yLHvulw8_UK)-r4z)TvJNHN58w5vCT$Pjl(Ns`~9RLW}&q6+Tl@q|KTDa$_
zj0!U|Gt!heQDw23acPYlVHFMi2I*`3h|0e+s?r1V!mbF{UvIX@jbkfCE5t`55dEq)
zFhUT?G(h^0Lm3(Lx5#CtvK*+(4pSB-%A;o!1=G&neIZsoyX=yT56j+xeUV{s2>cNY
z6EUY8-CPI21xvAnJ1z8-mX!pLFSS%@b^4sO#bgAy)_(87d;^rY&V?OvNf$v(h6~v{
z^JaS-rcx1M$^9GeBFebLW5}wD0w7l`Fj>3vmjx9sjGWKxU9)NAg(2Mz`K)r_eKeW{
zq>tHZ>gr^d!wg*9u>h?_H<;+eMd^`_j!s2NL4h<YIk^}FmMRQw*W@`~E^<jra|&3-
znXz~7IIRjkMisqDV6X_ut;H)*HZG)GS!hXC?(^l7&@2_-z-UJ=QNT26!tQxJ5o?VH
z$-XqYL;Hm*0(%G*%MfIaf1;s4{eDotesPYu9cjPeGw~~#9PS<ke%w2rj{Wzn$-=t&
z!T6goN1b-B7hs@LsPhv>D}M9uKEK6m{q6W`1(Beaf6V!#vjIDybVNPPx7yC0N(F&D
z++tH-ubk{lwe9ub1HIvqk-aysUl#%dME0{&i;%L?QvO#)bEE(rLj3zqSO$QX3NSR>
zlq+@A>+p1Pc69uGrVLYST^GO|K4o}T%{oOyx!Q)kY5>^uEW)z$`r^R&O8~1uv~361
z6v-bB*b%04YY-^wJXQeoe@&0K?0iwUM;A163>V`?dd|DenIB|^0`#@n*FwqbAW%6|
zKiPzwzRP6t?zapa?8l<Z+gTJ`8*b~DS=pp3zP@pzy;JW9@___b^z%f{8mDs_J3E0p
zqDb=Gaet;y?Vj0H_Iy{X_nD}&yF#Gj@+}`7VB5R~xPOTTXDPF1;THy`9{=Sl$h|^r
z26UOdgBAf~lXgAKvanwv=fqTJguJ2X`U_w{1cTqdEHcNL#K>t8XCqz9uq*aJ#!ZUf
zH9?GNdQ)n?l=>rAP~cbzaw}A09w-$^5N_o{QOZ?Ujwx!&L2|>k7mRb?G~Ho_oTlYt
zr0^NZ4(=n4QKuObZ(&x~(G}*Ip}D#5S$801{mPE`+hRW;<O{>>w%F?eBqQ{5SmasW
z8t}8DH*yNM2_Tr?BxcNEBvga)s6Ls!0~S8P<CtoVA4}ok@y<i|b3nJDWFdHJjSvV#
z7akrylfZa{ksI<U2|slHmE!y9Dn5s!JC{D`8s`+q<%=*wU%lq7<z0i&h8vIRcQ{cs
zWu?DK*5({GvyQ^1U+T;l2f?p|U7-&+U1_KV>G9M0d7%|GU!-M_p~_UK-;bw%lSf+4
z=YPIA?Z@A*7FB?sWB)tpoW_F&L@`2b2B5BqgRv~1UY~_*s>PhptuMel%B^t7;{d{~
z@E8y3_zoJfxUI}B`*?i3;xVP^jMFVj_3>k_wXrdFyLpVx&F)YF^ETri3{k<ey1H5t
zKtRGPWb^X?LbQ4nX(Bd}+B4(w1#djb!%<_mZm>|}w{~YNuWqhKQA34Z)m5oIU)0+X
zzf-F>m%}nTmx`9Ilz0Osn!+*J;w<X!0~2~WVsA9?V99%&<1Q%V;L{QiT8`b9;7j~&
zeYG5ds$n337mH6IG9JJ4!G=YKo_2aG0LlPc(yY;E^SHmzHL|eqh%G=hfm*k~B7yYg
zivtp`0#Wol)0F6$0NIfTi@3V2vasc!7}AMskjgOtL|g+naN7&jD~X6Mvlr^u;J`u4
zo}f43-I<W8{JmCvhhD88^7L+EUPh^0$RSx71DsV(ikqlt<KjRzvf?UqwDd(yWjQ3X
zs(;bjx3V=%pj}z%>o+Q1|E~Noc66;IhLN<bM5H*OIqeCwB7M-Q*wYM_x>8a|MCcfw
zD);$_@ziKee{(;dIN+5BJ#BR<vDj)N4^st(2P3{p_s#J&{4eAa<pmff=0D2o4^+MJ
zJG@44)DsvhnE;g*L=RIk+!7=8hTP?5?^|o|hwBMBE|LX|GbgUyHl-Z<ssViBUkeTX
zI@ks}ukrq{eOk}Wo8lF*O=Eqa{CIBEZ|j7Ebzfyx%JJ>{hi}W;2oNsCWGWCeWahAs
zM$LwkF;$3lIuKG46p=;^@?u!_`1C$)B}Y`)UlkK;ii9BmFQUrq1k{Lb!Oe^KNXoq%
z#QdG*^fgeB(`n82^>6L$^JTU~>TQXRU4HjkQC&^sF^e6a&FuQ>$|tb2F3s8pFN*FC
zK}%m)Soj^wsmDA+iImC7HAfd;Oi0Vo7J`%G;!2`JqSr?tmx>)HX||o45M@9>CJ~UQ
z3y-}Z`i)4i*-k(2Z}Xwc=IdR8xDMm-=6#HyO`p*CF>zU4d7gXFnOC4}&&=o3QeH-v
zISGX4k$jYy@w|kt{g6;p(Jy~t&FB+6pGrP`AQ3nQPx2eT4t{(Oget#7<7@h5Mp72_
zQTY>AUE-~T8q6An!&gZ>_q2}+qBISX!o~mCpduq%e$TzSTCOK>cy++9H01qoK@Q*o
ze5VE;gT~@pwM`W=3IpCW3~4YCPc@i05E=|rH8ZZOKU}&{%Cw7%HtkbX#hO{tS0-;A
z{cUPS%e#8-=T5h4%8`^fMaW<g)@v`?6v2S0ZV{_s6uU_KnL)Ik<O}pcPzS!k&a!kP
zVZu){a{J+O0Ocnl$fh}tzQ%OKXqg#!lA)=&-%0#WxV$HXBgPl723K(KrZ)7V8U2sQ
zT&paAK&l*|sxJdt?Ps;Z$)2Ba01OSUNl69Y_S1BctZz=&=c4Dc4-*rN2#{W_z6XUj
z2h$deKPUvcT64vP5NgrZaA++Z175u&TLT3qZ>f|xFp5fj=b9{T@=hU-C{u#b!q1Om
zHG+lIINPc_f+!SqR2MHFM8&bgcvdD*C36HdoqWTMTsH56*20XY;vSmLW1C{*6j`oT
zTYXslV@;s10VtH+zTVc(7CUhzbG_Ut2_wVJ*37_x;2=04%sMGElNiu%r8ZrvGkg9`
zp8WisOIBLC3@+#sP}Zd+@*T~WM~H;sVB#Tl4kj2%ZuKNI69mbgq-^8>1(i-Z+ppIo
zi#E0nw3W$u#ujXCu2qPBkmZo#bd=`dls8H32>Ls(tFn62ozDX-L*SGzzSJVLfMt8!
z{~Gy!^1iN)w!2?Z`Iupo?_|KX;}QSry|1ZhL}&ATSLg#zoE0k2`pbU;{VIaFZ11v$
zG1UrV)f&sI3KqosHBG@hm<zW{*D0NIv$NI!m6M%B-?r7yHZ=gjZmFX7(j>3SWDkcL
zAJ4Eq*<IZxa5yT~{9dBw<!ILcr7{eWx6QYT5dE0udmFv;eGz_#K^>c^x!fOrnDeeJ
z<vg7M9%S67Ic7(vi=0$1!Z!l(?j#y-6x!HgOFJ1E&0`Z)JcdHU0C*5qD$UZqe=11I
zz#gc;(C}&T$eEzvcSf4g{+9?xf-5vK(-|ecOd@t*zCinjR4-p-Wn?&dbZ~L~hEOfk
zFF7ynTfNw2T{?a^<+r|s3Ieg8b5Z<Ws}<Ukq46g3;9;TZd_Ex|iToE^od=rsK%Ov{
z;vadF^y-%2AI`fhdn>km$?!vW7^HrM&pDkdyS4P_W#~VjccK~aHnzzb(pcYptowR_
z`Qi~8HK2ncQ^-O3L!{nfLJ*6Xc-Ix;`5mF!+(=vIS%}>j8KFZ170+ihDG~Eif2h1<
z2Y+sJ(bqq{)xr0Xx#*>Zg|jRU*&|r^`1nGLtpjH!eGO<2I%ei;guKgNg|f)&5QDKY
z4ii}aphkaKs<>P%<J%=esf-+^PV~<RlRz(F>-*~Urc`^Z4om!iSv_xNE6Fk_k7atw
z(ko-bZ|t-4`p$%#*JBP5u`Wd!%GNvIfb?JeLAX1ctzh1|toLC-aXMH`b(;it4qQeW
z^>|gS<u)wVVs~9HNCzUtBzZ_dRw=*$|H#NOSLA$spwLF*$ysG1d8sYnt1x_hHCEp0
z%A@t30`Ip~rys(j_z<m?_vCo3^V^g0827F0Dv8}ZlURxaapk|T?!o{+#w|p26lH14
zLTa#pLw5j&T@bQNm$Ya~e7Uljx@y!I_~X}c(kup+ak`evnS*recCY`z(^&;%*+tu0
zx=Xsdq@`OL6i~XmrMtTuL>fdwknZkAx<OL9yL&JGv(NV0i<fWJjAx9AAu1CeW9-r<
zR55(K^j71I^0p22FpWPq(z>YWn1g`tzkdp}8R@}y*kD8ZATZ2DsA@^=!Rr<eGz`kN
z`w_1H{o4ptTT^2b92%;%UOW*4@yXc2(sIRF$Gy>U(}M7A{E;Qk8UH-81rKK0L%GCi
zi|vPc2g~?`TJvHtp>W6;BysGp53KET++?P77N6d*VLQ3y#Kmv@4O#z;as^63R8l{F
z49;$Bz{FqK+Nwq+rfC)ljgE9ZB7(a?7<zI(nWa(=3}2emzc_n0VAg-@qE&l8+E9kl
z4B_pCIu-&kv?RoZ?CI}fU}e>1PHbJe_-U>m5wjJ^x-b%FYx*w3*S)eVf0}H|=DX@$
zdIQYRBkECCtRBJm<sT-@;Bg#*7EgiRPU-*$%Hj%()p%JUcytrm7P6{04FgeV3At8h
z@`<4+IAHkX#l`hXE2LUA>nh;ewuJ?J9l9sGy6%_K>-At3JPAApwg#2Q1SeV}BO+4!
zt{QH|U9A+4=Kao|v`=9y+1aay#NdDvnI=MqjBlQNY=}~4BNn>)4appv5k3xoIHn7-
zFCx5%)F%Zjk6#2ZA!=+As-GYgUTL0wi+#Clg}W>Mn*yX=3s=g@#ezR?HCQ!i?@Ng1
z#Aoa6`Axmj#IWM~%MzF?)yieVB0s<HC}&F9e%*Dr{b=P#x|OCUHA1a<3SXm?n&pgQ
zBgz}wOw5cwhg3|ag5;_2HR@i+ZEuGQvzxE<Ud%_);%YuPpnE#ATc54)YD2Y%*l@>k
zdnWOCXoQ<o#5LZQuciH9Jd#N>NQC3PDa)H?@VDxWPd6R;4s_!ReD5^X*nGFJCwio%
zgk03x+$D@5?9K|gTliPcqtBM_uaw-u^NE2=wBu*s4}xqNN6H87{_Npp{-b!yRJpl1
z8`P8M!@Hq)vJx)al_&;PU;3e>^7+J!Z{}9QETXhe5tyV3K8#1%5ymFeg?&8-oSQ4&
zyXKo;gubU-hg@&EyI&Otl;@oz5|Bo#j?K-__oxB%v#8jX3{+T7XJ$C#Ztwm$LHK-3
z@Ou+1PjfNxi#nJP8v1Sk(IH1VyZWd3s&3|Zhfii)1CN;*9%S4jDjO=R=8m$PNu)TA
zK%YqHNZ~yuB+S=?+k+*6x4$#Yr_R3(K%RjPqTGV#Ee*^%QPq2P$@R{O|Hy`>1ZU@v
z(&ea)-mJm9#p3uUO<1P>A@0Pq%*-Jy)duV^f6S#qrJa(8n}Y|)swn+tK@7hEyA-~t
z%WFsO@2T#DcO(tn0z?hr@JOt^Z@gjwmFmUtPF7N9tDU+zImwrwcIxYag0nM}hu$R&
zwr`2J-p8-cjlPJ%Xn&*;rkd$K&i-*tGT$wt8x)o-Pw!}8JM>)%`1!ST0J5{vtXXF2
z{HpR1UGysmGE(D4Z9W()6h01o-G;%!;Ylo}Kzfd`6X*`1%SlY9IGUL*i;j+M=X%=?
z`?Rd@f0gX0e=<0pX!B4CTjU~1{(MwUefx;Aw|8$n$AJ0G#@x?6(_XZ;Ywaf<j=slg
zz3q$Q0GDGOsc1mUJBqmYqY*W2&ES&Zya_~HhI})rU&*rRV(ylfgkLQ1QLuf>L~kx4
z6xN#GPgbkx!H^1gv81FZ#>8X}imn?5{4UN>)@g6cB%GNs4)WoyEBI9*p5$u|bB<PM
zuCU+Sy7gvotHG>R!&OMRd>)S_hc^$2lvY=(L;7>>4CP#6a!Q}8jct#A<kW6;CLPE!
z6b|P;Z~a~CmfBuRT3bcJQTL@Ef1B~%eL8SH=%K0@Xa6mqdLr?M^ZVJ>#$a@GM0+HB
zeEcRiHL`7~`Gvn(sHmuEjaJ?n@``zs{d1nWUt-UHaFNkk;^$2&{b0I5=t34JSZc!!
zH`%Iv<ySv`^bY>f{zws*at$fbvm~`5#QkNCS@B9!tm!8<Qpknt!K6#BAbgQ~o#C#z
z9ZYo^Ou&IFh2?5pWxz(s7<Xdg#au&K3!~Ro0I}5jcmHaO-Mkso8c!+KjGTR-;s3nU
zBL5kG-{Qf!a6X)hq+~aAdIE)1(jM31IcHTMo9a?j(~|bGo@x=Mv%wVhv+ReW3)#=z
zzA|sKzIXKWDjR-ZhEM!3(_>HKHHwOgV&$Q??7Y<0e&rDWOeU*B9rpKv-|koD7DU9M
z@x-74z$9Y(+Vu!JF$>^2E5w--{VHCXR;`3VxGcrcAcJ*nj>SpiV?bUWEw$itTE_|3
zxj<}(lXUU#2q09hY8YwP3XzcvoL0{IrxW5!s;>WJk|DUYb<kvYK`~E_=j}psAyFat
zMne_X@ME>$jrO6ElGxN@yYGvln%W%Yk`S}(!<&UZB-~-%Eyv4%z^gn6tJS}K6c;v3
z_osyzyz*<u7l=i4Wus}sgf+MufTA22iv1Ixd@-=o<)E-ClzA{5?TJ*PE0CjdGxSzN
z1h-g|s_Lf+*Nh=66Z4((^6avOA!d|{bcQ*0z)u7Lo>X44g%QDcGp;=jOZ@k)_>z*k
z8PNRNjo#XLh8>Uxw*D(0bm~n#igwD7G>@#4|1C>-)o0-T*n`wi1@8y{{@Pll45({<
zU+fRI(6d_JZoPCGZ?t$eJ3*}ChsOLlLxGj98F*Ryn<;{W3=y3aGy37ZEm_@Yh~Ni|
zWD=yqOBt!qr|P|sdvAjJ5_}m83l${sq;6vjQ);BBld`E^-_(R!$0_sunLHz}E(!`2
z8xn+^j3U-bSn<y_Xr`kqo7js`#U>5zW{ACAhKiR!c<0(-iB}(s^ok_iBi-KLl}6Mi
zo{d~a(JI2V$i}xO64av=N_bspEHl7IhD~vDbH~cdue4(&&$C&>h~Itdjr8{Rx-Nt6
z=5H=mpL_o`rEtf{NsG%cgwPM(|B$9Z(EAyt2WM~kPWz+NA?1Gn$xxcYW0R(iuct6s
zRYqz15i>G!@rUXHFu8`9Wao&m@03Z8lmW~22<D@-duL_l;Hn`7<2X+-85P+F5eA%H
zJLAmRE&}akfV;adtBzga<69U71O$|xeYuN4!BHnB3e&Hss1f%6LP;&uwI&R!p$om>
zPoDfviQAgLxR;0CrO^uv;$SW|n(sUZ<&WFjdq#w454sL{mf5*U8mA2|6geV>rJQL;
z-8bu4OUuaPO(q@#FNZo#RR6eMHupMzw?}9P?)0&JUqxX0J;|%#jYJvT<BF~!-2F8G
zk@|eHde9S1cn%a^SW<m@Q;n=OD+E7q;q-7joxJlep{*3A$SL)!P*FM>=Jx!vwRV5s
z^p|Ha+b9r56^@2Z|KLyXr#k+dWBTYWr~(IXB*#zYv#3N{+uL<h%gf&E^|1(3_I~e@
zas$09#wL*1=jkgbHj3kO1Yj)C)}D6eZ$3D~v}oF$hhBpTpt6HhA>)cB@TFq9G+1GF
zclhX%UwL)$GQ&$m$&-uYqEiPx&&^l*<o$jQ>gdxH@oyT@{i7_u{Y^yc_)y^!N9Q$>
zm|ghkv?K{0DHf@zRBA01Y!1<n`v<t;n)-U-p`(qi3R1=jJ~|RYVs<WDq)7`FpW=vj
zgZ<cAHo~DU{~GK!)`82P&S@fX2<EU}#qhzu><#w$nW6yo5VP|Ai9-tzqz{bg*P?Zb
zcD&WhrOgsu=x&-EyVr>GNg`R*3Mc)W7Rd@H9*KBCJ~bh16EE6p^<#?FiGnT}i|9Gd
z#;j0sa#H`Kr0Zmkzh($)M1!CkodZ=M@eB@32EK2uz8F^e{6j#Yv#lfs0F}hZnsUGL
zsy7-!*A(ip79&^R@f98~Y#()cqf@N8kcDh?#B{||h6n*1E_V>s-<hqApzwOl3^6*U
z<3`l7REk1o`5)b~$u{fcm<w?gtT<edDg`})P+soY#>bVWUz7utGB7iVGtr5FX!v8t
zmyG<}7PTQc8p)g!HZ|o2hL}Y-=!Y@ovm9I<sI|rr^9v#Em^cId%Kitx)a4#G<Iw~&
zi7s-8SpgNC7Yuzvy~aC9d(p{gHplH@-s7XAR)Q1M9`w#h6H5UrYwIyF>7A?$rv%%{
zFESRGQ>V)l`Up&T&KqqE!O+d9EVM1Rg~H%o_(NylL|;e%;OM6>c3s|Ont9YUpc$5(
zlLL!|dGo!oIX<ByMgiV1IO??pz}uv%<=5Y!g=^m?VVPq^BTJ{u=K~tfYA5`#>iW*;
zWCGLE!|$cP#Kj_S+0n&byf5hfWMj4BBN9#in*eBYko%+X9itcfgYG<8In(i|rLljb
zMSBdas<MDORG#U?xH&QTj|dZe?s3hFo6I1q0%UOpu0AFGj&tQm|J}IyJ>Ryu4_fE|
zlNaAHDw=rQ6CNE%<0<3bns(o+Di~|$a=**_WUr|YfiC`)mmS)ACAEv=`hsBfyeeO@
zB(pn|FqU1mGdqtM3hc=@6BwZ`e8bw6O|G9U-j=8TO;ssoN<C4WdY_uA`lYsu+8%kL
z<0Ydq-sgHIub{~qTU|}DD0KqbBTe|4#+l;-v@z`{sG0ZX{5yrCJ2~44NvY=ge$uM3
z9U{6rl`Ofv)D_H5^;}*2O`}(nN7)e6I)CSVmqm;85nu0N-94ET*fSdCXccSX!^kPC
z?T|Qo89o{QGFhx<6nz$K_5h1i;xc;HeGst2e3}7Xnm2q^o{;ruJINU_bf5mVFu6&u
zwt35>rlu~4g&;Q$9T{~!w$3k%oP$oljP<AV(~TWTCx-eYi(?y>O60>gK@ouY8E`Q4
zt+DbZlCaJr^`0@*QM>@oa(qX4u|sR@*t^5MgQR`je%=Pdzn@J&GXB->Mn3o*4rzfI
zd_d*nroYU<S4sHlcm0v^oQxL_lUMd$8~ud+C-aq#BN5mP*LDvLtkxiaa2Z}m<Z^X6
zMwppzaKKs@f6v)`dz*Of60bGbKYj4G=}YbT)s@aL_+Wh}r>n{ReL{tWkpNXS4zeVX
zMnV{rW0sEW+zsoWY0h^of|_;YIE|jaent(8IvqD`3G0QDDTdj?!xxIHeY5mwsJ5FL
zTzd<P2^Aj~r~efGlSoK@gx(4@tmuhfHZFVy9|Wh^wN%Q9<{!*S{#y6VwMO!2Hact_
zS5>`7Xz8v1rF&J+pp_4`>0fVIAJ?OQw6rO)^2NJ&|Jm>81iLkwo}L~S%yHyy^p?d#
zenY<irR?d|<bBg>WeKec^j4Qe6%b4=U!OWQW1yA&17bBqr{63%vqJ6RW##n;FT7yx
zyrFSL!o<MB*9vZO%?6sQ7i$l=O7<1=4>OsbSw;B5s}@Zo`gH{dFYrpaLdXWcrdi$Z
z-OtyS^NDOf*I~~a%(tdfY1Wt?^i58dzi(@U!?k-zd8HdmTqNb33p1XkE76$yw+3PF
zH0-Q4d$JVOKGSQRTwQMe@%w_=B8J{wyt{9{BKPqV{+!~5Baj{Gw5djipkjT9$o!Kb
z*x>Sp;p-bOxoRA#gb>0kE51GU@K_amf_xgk6_A`~Cl}+zCg1wXp777cV&U63efvn0
zKoEOtrnHo_kKwT7Sw{c_DYx0dmWG6r)rfa3T=)(x5`S_2tv5Q-8f^Y^nBF?uc=Tao
zOCGK;t9|P5d{IcrQarC!|1&TBfYHNxdOn}d?=II^jhmJ9Yhpj-pEd(B3;WmaGSh`q
z7#o`RPxPs^ze6OYXmZ_LSID^ikXn1-r8rFbV1z7p&^>;)ql8mebzDB5%L%gYE%!dJ
z+T(nIVP{t@m1(}KJC^RSrdKnQ6D?A&DBI(?`pjLWi;!pPRW`}a&qR!)FSGTFRT1ZO
zJ_K6*jL9K#E}gZLijDDb9onmML8t?=IP>&+1nTK*LvDR&@EwdhSBSrO8NYqo`u@H%
z9F2yCMli9kj~A*BdB^GdBB;<MXi^+xq331CqMRy(U#t1q3f+aWu^8K{9UHDY3)<)!
zR70t_adW0(n>;F+79OD(d{SeoKht?@Ul7QbYZRrhieyAZAyKjw(C80|3@#Z=WtHMT
z%DPWGZ4F{i)mkpMgv9b^S1&Gy2`rnUlONQ>&SRl_I7GbZ;n|HIZ^U-oi(ref|L0xN
z@fB`!`E#b>S3dgh_9p#s>xeFCrv%tD(_MduzC|ca*+j1b^Y(L-p`@dYYc>Pcb}&9`
z?I;1a9ao)AhEqE1BY=Hga;yVOp%<($3i5Ma8Jr>Ro`gY$1N1}I!!l`+4V0i1^1Rk2
zr4)8#4X<Jvl>2Xv?G1l+%##=uAV29fGf0FD>JbtWTE4}_wXHGgk8zHivsredK64&v
zvo;EHJ95T(7A9vH>f>$cH-~z<-2BcV$XMk@$XMZ)!C${_-5<p%y!c5Y4Vp!}CB@#E
zTW>e*!pj%WnKE(%m-PtYwA$&2Lh0&pYmW3Y{WIx5O2BuAW|T;zV&e~wLBu-)D92(Y
z;?pG)zmoKf$`!oiVF%eEZ8^bs<L<kfafL&@*bQwdmDE2|C+w@V6w8^;8O)<iD*pcd
z>;}msOEsX0x-;g=%QecUzTGiuudJIM0%6E;^o_E8YxoPyYsrYLN*xygZw27RBsBc&
zre)djwX1$UReAq5R9k4vq&J%crB(~9ZV-vgfPTy4aK5s!fjZ2>_Hvh5PxH3yFd6dT
z>qiv!B#6FFeIK;2<XlghxH>TL)04EJQ(2L$%1SnP;s@py9bX}=92?H_&V$H6)VS*1
z{o{<96US*Chl0pYoQ=f1)@xen)fRUpI2WEkJr3a)ixXhimr-NireAHmVmG<)i_+~Y
zH<UnKTq38ne9$KNp$U=WIUyq%S3nzvWQ$8oJDS++r~rVDSZ;Rj*K3KH<E%N&+$Z}>
zN{FDA-uBd(dC)PmGBJ7n-7?c_ziEiUAFA-0T_qkG*Zjw6`Q#u7q*>AQRhwJlDL+aO
zLb`ShwK)mKLtpd)oR6dY*Q;@*ve(yPO}X$fW+=^@MU<tCjq_j_L}8243O>XAJ=opN
zXVGcu;eI%VTL8Pleeexh?9ttZ(k&jvCs7^m)2Hv>mA#4lyFE{5H3+*mJ<c0BF===`
z_sv~QRLk6=`Q5K#O<7QJ#KNcowE|MEWAgHh{|xP@2tN`G6GERPmWBLl_YzA<f)MTS
z98y<2EBJUnD2G7huEEA(Bg>L+9$Z9rTd7{!WuNQu1#9yc0|9};GRBJ)e$Ikp66QT3
z5dwS$g2MX|;gkJ+kDiVWGLuKQ4d{zK^7kTA!-Xw1j?Jk9qOh>Jlc(my|7`@y=b{(M
zgTf2JzSyIYgj`$wrIAS$A6T&Pdvww=ACo|><#BDU%w+oKy$2sb0n1}|c|8o?$i<nX
zwe#7|ebISD-`87h3wM-MpbsZ6dZY8jk6GOIEBfwA;ydO!nIKy3+8S7N$O2S3n!m${
zx%|ViR1!aagfRBeQ>=D4I0-i6M9*eFUwB`bBEMZ}VV9u0o5J-FF~AQGD~b=c_>6#d
z;^qXrHrZB@u*_SxwpU1bEWWu9^9->I)DOi`S81#2ifr_!_eg*wHOR=`4Gx^eu<?J(
zaHeC672`c|H$5uW#H}`gH$&425C)R3f0lGuM7YZ2SHhQzyZ@yG-V@L-<+}%-W;A-2
zpX)eCD*WyLJR{e5qbGyg_C%(ns)}mxrR$~Hn;%v|A-}7*xERw<>*4_e{h#gbid>s<
zMVg{T){nQ4txZTSvxH?Gj?GIxF!26y393}Yn7&QXj_^(R-09HvxZ!)8!}ek&Zxqd%
zJB?XZhY9#v3nxI{)tLm_@r*#W9)h~}0O5l9{2LM)H-5wwe|yXK>r&&NIJ3dj;k&qI
zxm1dwE<*<_9E}zz9CZQ6Fb2YA6(o0ib4LS=r_Aohp+p!M+gdw2y8K)bQLiiE`^R6F
zGtv?E>)hiujZGe^<I3o7uePnV*O!?AZE~&e^-)7r^&0cmXqZNw3V6-$;9Hf3vI*Kf
zXuvc8y?NE|-_qH6dE)zEZkgZ@0r#A5Sy`(r0^7%NW@A6tl;nZ9Qk%=B=40*k7a17%
z+|5Qg)>Q~mvhz#jZ<WsI-ou+8E^oIfoM_8&BxqH$Q&kOLyvCr7YR|tDmMir9>UR)_
zXY3gM9XcMn5X9J#+`C{hfX;>sdUd5c)Ot9djF0Ah17jp`UgdLWZ>&XrYoFybG(Dtv
zSVufP8wdjJj~DO=Bj<62nVN|Ej$Y2l^l)<-zXNl%J5lYy;kj^9EKXJw1Gj}st37n2
z_~py*9&`m~qrRwct!5iXf{e|DNy*SGgQtwLG8@T@@(FW}uac4>HebK))1{p3`O-*2
z6lqgBKY0J(D-0DVADxBz5J$Ag9dFD_37x7ANB$z_vTOGR#^b!|nY6ok#MmU&F`GMe
zhbCwExcw_87u@rY#>N}iSW;UeTOq+bOcn`VzX8n~>wY6juy_zS>e{f#N2**Gg0j(W
z<xICDwp*OA52dWcsgqR>3Ni@$?Lw~fg|M&L87kv5#`tqHx>B0=uDWQw*_a-i#7v8O
zSt!ltA71fOTHD!akQ9E@&_5@gftT@_f`UTAHghD`&3vYcsp)k3n8`L7n{HtR2ORXD
zXJQ)jKMTdXPIj=9csy7VJ*v4T)l?~^^J`*QbgiE6lE%Lhl2wUBz(YXAVjj{wYNS{2
zp5Ba%`7W5P_aG!&XLL)RePfBFt^&e(OUU@(=#wQFBt~XPUbPCXxSbyCaP9ie1Br#T
zT-?5Z6Mb-Ie=G@6A%`f9D@?U3D+8g#<=!Vshm7;peQfw*B?G;xn2fL!4Q1sL&}Sj^
zBBxpkP3O1Bp4kP{!_evh`#=wL;64k$7gPsw)C5UGR++^yEuSLy*Vz;nV%Zz9DBERs
zDPcRtNGz`w+9o}wh_clp5lPD66pGH#uVh&#m0Fj1(`v(V5aKn$v{46QLj7)sKC?6+
zzShQT89q081vGctOtC)SR;77Xb=<~K61~b2wb$imXYk`3VHA*CsLH^^ViQy(rL151
z%agC5S!-tIGOrCOCTzFN{?}rO!hqG$X!Id;P|yN0iWj_c2-DtuMfZ@MWB8eG-zL{y
z>tTq5f^MZIsQpm5;&xW2kHLf0jZZM3#sO8dgoBds?-zbP`f8lR2IsPc0^Z)Vg4%bx
zR)Xm1w}z^f>P-9w2Av_F>_5|8&t{aPM{^%`Arr$eh<}2<aBVC34TmPo1x;H2^HkK7
z{F8Ad1(Ac}2}+kiUQhSaOHe!d_AMc0<Qv_g#(QOo+pY!Pmh6UGNA3*U;5#ikrl$ps
zbzdgYFcUv*8lH)29%5Ywqt)zU!H9?m=VV5W^=e?CN!+r+9GdX*%6E04C=Tw7q<hNx
zuG3@uAF7n?3{OEeFcx6UbH~AFM@4`#K@_?^RTSSC&suH5E!w=g6HssB^y1i91<rb+
z?t5ub?Hbre>r(e4s4UEy^^8nYXpLd`WZtSF@i;XSJym%eOBZq+jUK=xb$0wSO=0?7
zMDgi-kv)Df^a70+jgaK;7{V?UOZgXQmVp)*lbBAsi1qc)iVjs2yC7lw?h+Y76Z?QO
zboyU;{s{jULbwGbaO83%dM9>t<_>X`tyN#enVnM$ti<HhFazlclMWQ!JGr4dGqq;%
zIIPcQx2I<4MKu~7hP4^l6ofdO9a#Qg16F*o9%c7A*RW?V?(;UPB<9uF#Kgol5)LEJ
zbXpcn7AAbk>n4S}@Vvw))Wy{JW@p81Yid!~|FU+Ch@%dD4uWxSr74+gV4`p_ZPnRu
z+4tQ&GRAWE;Gh5o28Q?aeufveTOR!Ko6YoLIVqN$ztbsTEG*&YGU1u!)LWk`Qj?Nq
znSPtsxS}By=a|^q`nrI#z7jb{qK;*MhyOXsFICVRel;;@Ct4`f=nv91fA(fNhbi{Z
zLJO%$cg!?_gAOrbtdA@?g~YO3P0sKkH7*JnO>S*@Aepv)Om^j2L(rNet&<pJ$*r3~
zDA-CGqsX{W@c>KUdmG6JYQB+VAKP#kqDgJvj-jh~t@$gtOKJye7s)znI1F@jc9QRc
z$0KG*hy*#r{5-2IktDw?@<(ftR6>6^F8=4%^R1OuDdP8EaD$S{%TEkxX$#&UAw@>^
z&30y@9dhJ|#^BVyfvB)u<T;0*N}zj~byn78gWR(SfQt#Zbh=Lx@Y0r*|L7?rO_P-0
zRANUgHZG#w{heNkLi6F`^j4H^uiju{r{H`Lwc8ddhY9AAHse^pKEOizK000VRy6HG
z-(TX*YfrjQav^pQq(d9sL~fGW!~!}bwSS%ls9KcJFSsv`y~E#>Dxm)PqbRgE%Ez3O
zlcNZq{e$@K9jSn1)T)BX@ls<yk@nakb1HX6&9zp@TeUYAt&56J`NW=6xA&L$L2oBv
z#-|Y|%;)tj!ly626cu!s$eR(!iG6<-olBkmtdr1(06aM;iWN(tZQ(L-dzLYHsY&Vr
z$wxC<?F{SG<rCB0NI|GmeO*;lRHKu-01-odY%wM1!4_n5e>p0^U-mpNk><J2V6q*?
zri?#O^$=*<BXzU?*52OEu07)L5XXvV6Xzp1TcuPW|2scPoWG5wBH`CB6ZFHD2SRy)
zQ-0AI0@($2Qyy58)u#_gLR{g4r8;&<W+)r{*cqQ<o3NxPF0?2qTWO3fvnkfsG6$CA
z@CdHr-Y<#-ZuDn!)<|(~8q`vit(jH0-~~vB-bMw~Z^`+14&VB`BxJxWbY{~Qz`qwy
zV%~J4rlKNncu3&`D7!sgb72S?OaDq@WUSr42AOK=4wsAI14kP$uQWffe?|Y<1<>lO
z507{3d@hGnwUl+xT3x{MeH57VKSgIAO^;6`j19n&R{z@xVL=L7mRSv_GAd@@U0$4{
zyC_3^Ps}uk{KndxY(_`UV<i~gpYx+y(?Kc{ciO^w_dQ92TVg^2LkM2z`ezkc7OZ+B
zqMw>>R#}C9(Ml<u>!7TkZ8AIqwcnxd-zzd(TGfb2ls0?OCByIoU2QAzx7YqsPXHL|
zh}Ol1jE5}BdlQjjJNC-BApg@AA}WK}aMQ<Ka!are-@e9elE}&&#E$<3I&hN{hbt**
zNg}HI6Hw6;*rG|84;REj?veNVD)i*mqD;>2gITu~ZK2p39q1JXb&eFhZsZI|!#5&6
z33vIUd=>EGRLYAD9v_IY7%O;sUQ1|#uAyIvPTxx`am0a;EXRw(wLx7``>~Ndj3Fa5
zpp)!-%J&jqV9klKI`;5D=<k9PRzeTNcz6_+==I`BJNazJf#LqUf2NXmkGmnvqkd#W
zh0ft_&#fouksZinWY!K`8ldc6J%9F6Uxi{rRWsT^VWLUbtIH&$#<tUkOkC8}=3(i)
zvzSOLCCnb2T`)&{6?sNN_2}`oIUhrgSuD=Q8pH(s<9f~1!>787z-x}4ht+M4^4~jY
zt#9sNZvLCIZ1Y+8bm0xfklWI{amWBcAG!usjs%YKgH-I{U$={Gx$`eqy5<v6wh%wR
zeaoqdR3rJX5~@kCeDE53c8xv+y|ANeY{>Od{~c|m8$t5Vv-9z|sB5vmJ2!a{(Ki}`
z_XM9c^5J9i%(TQofhO_?&=Fe_A~NM`Zd~RS$9|hnO-mcqzm6Dq2a6Y9*>KM?{M-Mw
zXJS8ahD4J$*clC}f<oK)XqhiYpr-@P#8g-Uv%iRPNG7c}d4n{<c&CNd`03d@h~J&G
zp|Jb<;b`@RO{^ovPvG5RV|-@gma8S|Aqms7GD3GY%l7sPVN^5WAxN~j&aW<tJ8_h(
zMlbiMM=&p7R&kI7>VDuecA%>zz82_sZlD7@YoO6JhK(Hp<MGQF%AKMGtmS^&!i$H7
z8?4@^*V|qc7+;Gmh?(RCjwZv;%*|nb1D2-Zs+R!t%wfv>G*19xxXtPK;c3?gB!{Kn
zZ+&9tXvErfSUwT<#d6F0)wp_*kCIe$7-Ggb11tZ5^nd_k(>S_%_vet4KRp&wCi<5s
zIBIyv`L!J~T<3;Sg)!Hshd?StFRsVY#5A)7$1)pT0=ZfDL58R&F$});c{bDaF#|{a
zCH<57@<L+}6O1?xeCh<OZ2U~7mJc`1FmZ;EDda{;AphTabqOjes_19JoR2)9ab;yV
zi#(OV9h?>HMlSsdz!j*nL*;${?$Htx8Oh!UmZq}?#vC^jNyyg7)YQd&S05-lWFe8z
z6#`-DI96IclOOMOSf&dTjDNLg7ffzms_F206Or)%K*Ai@{U3A}a(?L8UTGFahh<Cu
zjD`<?r;MK6!PK#Y*3UY6f5-~|vo}HTnTWAszN2Yos;Vp3h8~pAC~bs9-u%{<OW7{?
znV;_>OhaQz@%npge}1!Z5p%T2Wj$Z@S4U4OTzu1V>9td4V}tjxNjE42?Lg=J+}YjQ
zWmHRac6RPa3pMbBw-L4&8!0;rTnd*PU5AYe%t7r(XWph*aC7?2B!V6-eP<}XK+@?e
z{iOp{cuWVkM!%V%9?mmh2XP?)aQ%1c+Q2}~rPAsyLgx>Cc;9GbZfybu@qqYUrR1Iq
zt?M_O?43;^Y7h!CC&pjpfc%UA8!L%i9tnfBslR7C+|CK(QqH)yNBjN5>gY)Jk`1n?
zSND(7jR6L(W9@>nvL8cbza!c)7%QIrUPVTX+Usn#WgB10`q?^cL|AJAcM$7g*zl0~
zAu#Orr+E*2-g)bm0eR`ks*UJC6WM0QVd(79%@9_G1-EQXULN$B(tzAw*VQw7%^-8s
zcwFe*2QY>9JFj5!w^~O`E^JouB!c?r6FVW#`*nt@+DsR6?wb{|mg)*?eg7HB*Puc}
zec}GK7wBR`GBji4pHciG!S-)C01r8Y($CEN#U~3m5i$EjVX`79&V}ozN%)GeWGR2o
z&>i6T5ebjPCFFLgFg%!1?XLb&r}uV^>5z)b@RU2OBy7N({nXf=fh3prASs4y_0Q86
z?mu2#iCTYML;hWSJm`chW*R5_t*RusYShwwMI0D6j!K>r=NR0J4I8*dRp)YD5EvL}
z+T>2PM<wxg!yh(2JHKfByW<VUDqf(09*K~T9EeHiw~tLbCY%kb6;E`Rg(~^&F4Zam
zbVZE+jz%B$jbxOV@*`oFl$Lg#>F>^h?k8c2@E8TV;6@=dvfcJ}Oy~JWkKjfzV+(6*
z$^di)#xme_N9+GC@|8*0-w!+oOu{KfZLwW1q;(TeI#O|n%9T{TVr#_|#>+n5%|6tM
zuR%pwUtcUt{8rODRhrv*V-cH7Gkvo)|I7{O*MzN9w{;=C^J^KAG(QYdiK@f(_vDlK
zjbzxs!pwB2j02F}D1m7fO4^UV*hzeW1z#BCBah<_56m4=>%V{c>|wF+-OXpaKa72R
z-g`V(spmAMsj6yfMn?#%zK3~3ySJhe^>W?X|HRugfTlkZ%)yH1K4oE0gUk&l-o0IF
zn}72(^jemz+-uze3y!FdJo+e+j_a^IEl)8wqUZS_;`5ADySceJ@!zhe(5PSWJ_5pL
z>(9_z@Qf*?y=PY+w2@U#7H*Hb%^c+9qN%)4-!4b<FjjcH3s(?hSy9>Er4WV?SAAvT
z;5{-MStD3(8>mUSW1##lbgq|gyz1(vMmOyFm_pBYCn)(<RAwBPgwS>2WRKX*Mv)JH
zG0Lsi6?(5VEiEQ9(^_`cxC(qi3G75i(Vk|~6?plb^->uO2xVz;Wi`n?C)@M$R(Vxr
zW$`T&y?rFap<CWoQ*McmJD;<J6khdNjRu`>$T2b8C%hir5_q_8#D#2rc&2PP=_by}
zrx}wt9;jZkTFKlAe!slD1iHEvXHGV@R0c}QK$X4Ec0UY~R2~bp|EYEnm67y!PHidd
zjOwLgk&xJg|F<P^Myt0^E>>!NMbs}TzqMYG#gy;xIFq&SJS&46HV7If?;VNY9o5Jl
zC*0LZk8%w9Oh@V5;;UpRGOC3KVe+ywvexCVv<*=o_teAlnP}haPV;ao`;Ob|+pLC~
zNBl)wTY!p_)0wvS?_c-vKsdAvQBl!#;EQN<b$Q7JXutI&C3Y8g<~FypN#e$aial-4
z+E9=KEN}W4{}+TF2Lh8D8%U-S3neCIQUvK#>7WkCb`=&A4L(v*(s0pyRblV5;0?%6
ziUEUO54UF<&r2;ogE_q2mR;>rJ+*<=MCw4i#E5^p|A{>1{^s6JDJn5vjbA5u84-M}
zqLvmz>i6$8FJNL-f>bm?ZBmzC-)%o{PEip-MqHfTzn*Z+So{e0-k&0Y@(vIB?hx>p
z%N2L0dC?3~<T(y{KH}OQMiE2b#9+a=CH0-nO{|VuDBv@h@>1#acVUEpARDv#q>Xa(
z%6@p@2Z{mP=Q|1U-_x<ZzlikEinw%|2Yu;*=IY<AVLOEGjb5wAgju&sIp@b^s#`Mq
zOhUgs?~QkXeOp7xN1^)!*GA;i<KrKKMO8dJnmn_FyqST3@){iri}9(z9+gx!g|%}H
z%v^sG@i#FwEo0;0&|UzSCc~0|oy|Fu?DTWbtI{R4m}@R(W6e=<rA4BjgNTSIV75%>
z;Lrd2XwwfWX7l4dwk*AZ2Oonv2-vja4}EC}!^6W7eCZ2C0Dwhw@@`;AMg<!O$7N%e
zf~lw5Xt8N>QV{_zIk)T#V@hUe;g8U&1>K$G?8Dc?e$id<>G@}8XQ97-{mSCu<3ml3
zi@T-$el0vIeroV{ejX19HphW;;+mbV?g|qWR3PVw@2;&ur$A&>)%n+t3%~HS`9tbS
z2Utc*(B9z_685j}ZG$U(uA(A^U~{Y1@#y@Hj|i8)n-lAfAUzE|Qyw=YHcQ|os)mDy
z;qZIY$GHnpn8@Jzn`3Miy|!JW4J<AiW-Go_LXo^LfB82}s00QDejmI>>@R(en8kR#
z=q-bil9Cs`%2D@wv#}6Ruo)@}3J9T9xEq~A0abIm6S-<)zan#`MktAdTbOxx4)fQ8
z6I8V?bQ0Ba&iBd`u7Kp7C6<_<E13b#A8dp6jz8`z{#S%cbNS1R9{`c$;KX$LhW?%O
z1pdjle;ezcGth_<4;W{^XFfzQD4+;KcIkF^QH;#M6$?7(xc|~RJ)_66$;eeF&r>pk
z;YB7D5;(9uGx8sM$IJVdUs!k*)=O2t^8WA5vx6<uP!`PkJ8J6Q*CTLue}8|#-z1E5
zUZ&b~lv(#Rn|WO|i?FH;r@>?s7pq0ZpKPMN5jwI{-wij+%8zU9sQIMX0RRF7U_9Wq
z5Ti*L;#vr>yCfP5-OV8rjS2Ur8{2c%gbFJG_<aa0tVb$4uB3B>fOU6b6eEvtnQjT3
zPl>m0ASu#YT$`na%0_SvO#m4E_@x=epXq)lh~MC@dVPKUu_MdG%IYvDFV87jFm!}}
zS~+=8WCa`9etXtMT|aOxvL+}G*?XXg!f>1pc(~SJBOx99^Y*+cS-<r9@ZndztdZfq
zV?;xWzPE%4aX(B_5S~UJs3@mQ9n|3Pus}mY{}q*--Oi-<5*N4@HcTC|bMTmbXev~)
z?y^}PBtcw{Wq|7v0r6e|Att7yyt;bBd}pUf!LOu3)hEZQM~!hV=<FFVoePVYn0PE^
zb4;_cM`&+ku^h6HO&)B-xFOE)&{$nOq(uiXxdOcB&VA{c(B-QY&e(ayjtg#r7467+
zIy%G~UU}+zw`H<nxshzUjAA(Dzkj3WOqeU{VxoQF1f#8M0!vG+?dqA=!wAn%Rv*<j
zf-Y%)>_c53dV720V)~#H<&>1j@={Zqm?<bs*m-+DIhUfC*w)^g)uI4F1mxt@lpxTM
zx$CK^x%O8WbYFMQX?ps$h(FGB)Jn-~<J)!h6WLn^xQ~hrq9pgW8G&+kGf_VqxRkEn
zXv0TDBF!x~UC8@QL4NZ54e6_-gqd@S^esYI1?<hA)g@#~J^mA!xXlP)pd0_o{#K+A
zVV%|ANq~%z_RyiDWU#ne;f=H#=8^^_^^4lzuEBLmlDVvHkE9<|RaYllSXdl!va_d8
z;CN4MpTA=?)z`1M_Z78_Y;S+@78Gn{I&wZl6@NecquObaYRboa5W36E^SwWDpi(|5
zo-ybSHd+0x^48{s2R5h{Q1>3)B-91%iaSo&FkQlh$`InYGiSKIMcccYe%iDc+giHV
z>K#>E3@#?d#!)HFmy_x?M~p%4!Qq84D9p?kF{|w_`X4;6Py)x^F)&!l#gYiFn~kJ#
z?tbQT@?B~VsawmFNyrzCeY+4+Z@a1s`OL`6+vqa0kjCjKic?zWZ~NkcSyrM4=z;WO
zg1>&Q$iUh3I;^QlvMy`Y+F8CFiizHy?e$I;XLeH>+}px4JYF0SGskf7s^o$!9U8AV
z{Zo<|9A8jMFFqXl_~U6Y`gbl3tW0hHF6=lfdUJ<cvJLoG{QI}t#pja*YhQmby}}sW
zl3)FW8Q#6y7xg?hgMm3bjf`q!>K~B~!9Kn@24|Nr=zl*X<~W66(d95pO#If&OrtWN
zg_`3zVvsMU464E>8I4rvbXvaa1R@^Woozu@O6%Yn$g00nHq)Z}AfKuqIgm0zPoN~w
zer}s5k!*S@9NSl`P+8}?F{7rTxepK?>geb|F(h`I$+{{#Jv$BlB(Oc|Of*<44a-`a
zh0?}xeZDnh+M*fI2X>Vno4AoWP75`~W3?1_A<!j|LciiGz))b_sa8@}HZLuiL7kC|
zX6=>a$3qr$s-RGlJ+UKk&d6Wk@NFAXASTXCN8b>+6{&f1sv*LEdVh65f*k#p)${t$
z=Wv#u=&n2{kORat#f629Xy3_eP(;kHjuw-5rb}`IXJ$sLD5z{C-fs$6x%IrSt#>sd
zgAKg%^v5iGBm8Ucx!X`k9*Ggy@bVo}L7Ue`6XB}AeQT&fO--#xq!T39;cnay#&K|2
z{as%HTRfaF-?dyW#EZLnENnQF|3+O_c38X%?H{**&!d|rXyV9ANc0X1Uuirc#yqQm
zpJ{T^VG^Xv1=?WL1j}y;blsLoE`bVHlik{BDMet7(Kty^@;e`AVT^b34=55Mr!N41
zV$T9k?!SXzsqE#;r&JVL3hU~U?t}nre>P`Z^z#Fy*f;`6x40nlZwT@CD0i4!dlK#W
z$lTC8@DcE}GE?n#$FpHtzMZdpJL5VGLdPXiF7voPbPrDMJN{s4*PRrYRE!(_&yDvX
zG;Y9oYNy}(Te2D%=_{FW2ImJJr9%l_-TabM9sGV6)g5`!&24N(d9h!J95uB5y#xj9
zZl`_)WehB?tqz?r;+Je4rzaAQwS-_C`3{0EqfH&67W+y_CVJh7-(27Euw6wPa%rbY
z*}{@K$<eiE);AE>b+|DiR}>NhlWAxVI%g(kCg0`gsRQXSBrXvgoDGW1z0R&jTy%|{
zu~50mS&|>EfT&F+lsS3Lr}}AHX&j4H;Ds3I4)Y2Mngg%xoSlzEj159hy)#Dok3STm
z_8sF95HN2!6_)W<ShCVzWe@kVPw}iYzhJnMo-Hq|5%ZvaTj+$AzJ+-8_=fX~>`i9j
z5%$wi4mux0;x3K3fc*4Pv81Whts)HyqQXZiX4uu<p4X7)W9lioB2W9V12_5)fv3ly
zu&^+C@#A-3gxoI+FRw=f3yVEkFqg5r(LjzuSLYFJc0Mx{jdX#Qii&7-XsFo)Ty!B*
zXkBw-wkqn)u#E=KP^&ZF_Z}WZQt0Hr0&8Sqgm)@{+xZ|7{&B0ITMJRlEHTO6Cy+05
zrKi?$D{FmI;9x$nIGJ`>$KwwNrzxyPSv6huLASe0A4hc4-G$DRehpdyKbQDJi4V-&
ziv=t)o}H?M1a$_T@2u!tVffqi0PRIi9#0Jij1AHfgwSwsSH*<H#eH$chX{~T4jLXi
zli))a5!ta)R`zIj(Qwyb1`XA&xz$FCnhy^5^ceE6aiaX_hf<A=jTe&91Y5B5uo>zF
zoOU|;5J0>dl+g8<1uDSHle4qehV{ZorYNwXCQe(bKX=0~u#=Uh-baIp*tL}>h=CRW
zLEnORp>}-WVHK7H&Y3~GoaFOZ7nW^zm7+|@$d~0O{NH3~7CezlyGjov5yvz<R&Y#d
ztN6dczeW7N-~nXkf*lb(qYt(W0^}9y9~RLcHF|q{#Xt}dBkGeB9{xwbMSRvbowLE}
zKsgdZ8v$#?U3yFhG&S%ybwu<sPN6!0r5TutWF+MK9Q7?BLCqD6c1~IB54>YRiI!7T
zez)_P0R<(`qmR%OJ5p<kdx7xZ&GKHOV`+N&;%N3hV$ee+4Z)2>zT`WUPsz+@Gcz+I
z`cm-_eT#l$5wbLMnp#@1JGB_z0@M}i9f8JXW(8>0-QYiF8urf<$BvX?09S_1%=D;v
z_uou8EpHRYG@W$&mX-tvc61C_ttqLfjN4OE@C>#65XREEZQs_%!d>XSpJM65thE2#
z)Rc{|(j_nY4&oqQ+Kbq*IOpII2Cl46mrbjZ+{YMrE|5;FPdj$g?b~hm*`#w>pPvGD
zaB22oZPSg=r7Hmv$y~^VR#0#ms_&Rp`6R}mJLJgHI>URV)w1pZP4esEHC}&WaVGY0
zqdSMDbvanp5i&1(<b0^Ow6y(qjEvfli|2*PUll|}yAUZUa|MA?V7Q&0i6J2ledkd;
zwJ6Oa|4$};1^n+6XRMzpZu`^tTF%b3{Q#JMD?Y{m9r$#OVsxu&b?RvE>?{bG>#ccl
z@vj<^P{GCJ`aKg<X{)KJDZ869GHJ)fOX}%Ad_268=dAIC^^+4{z0aR*KUrciSSic^
z^CRFRY<K>}R~n>PAKk<=AcpaK+8B`YucoJ`r9qhPQKnvLcnKIEhkV)8^*R6#8224?
z$dHp~E838fZoh!c>R7x-!b--1NlBkgzJW*&=_h6tBHM?5JMonL8B9z}-379{pBqg2
z0DZpYCGG=bY^2lf)7slS(qWdEm{^-H6-#oKL1f!4@20C?`Nntlzi?rUlbLxG?NOtz
zuaCL?pb-|vO3<D1B31n3uxvog<;xwQI%iEPv--f8Q`CRFfxt4d!C`B#2`oae)4^=?
zopxyb!oos9ZcdIszFhk3HWyULlNa4H<FA65)QtnL=Z{8TfAsZ9Qjz!FMc_xPO8M`j
z_2W{&59Fq?FWyb(aFS1j$JqGcoaZMl81|`}U21-dzIuN0%<SnAC;hFP3bt=mcY++&
zk)(d*E>J0l<mTq$+*aeURN(q-jX@ec49@7v$4tTIiWE5nksjpK7Lrm?Qxggb2ykJv
z@xV?&(1FlntYI+oU~lhl?%fVPu2wpi&C;z?PZ$OS<67{VP;W0a#kwI8nuF9y#JfFk
zAcu8+DT}=CpEH7ItO7R<3iw>~Rj5#H#VN%;Mjg^crrQSWY|C!EOn3I$;?C3OYAeQ5
zjn2^yZrc?+)*m~^<GmD@WPd+2W2%2}^aVASL(tw~2RFeTP|%pA-xzhyk2VaGH<she
z-LjGJ-`shK8r}~?MIq}f5%lOU^Z|MHQ&e<xYnv@hS3eC6&5yOUwH0s_seN`3w}pY#
z&HmyIH6&29J9w3rQ*%-czH}`WDvwGTCMK#Nf&zr9gBLlZf5Z~l6lTB#o+cB1Py|$G
z;B{85!|Uwqde{bULT*m_7kPMj3mqM8&a%dtVQ`SpmCz4<=H^y!JXG?#H_Esyy{~I$
z!f`un<hMe9-1w)!^Sbb!H^<-4&m9`iHu^oEcMozUqxrriC2;{anK7q-9sUh4V<t9c
z1u312ZLNIvUZvc&pKf8G+eUP0aspH|RmmBtsa3kpg5hC{q`)bkuQX`h(WDI2rTS&_
zHmDS3XX^yzq=gl{#x<7yz3Wm&t}TLUX?8>NZTik$r4bQ>n69ojBS9=NolfYYVq!P%
zb&WH9ubq8-d<Zt&+aJ4vksk2J>Mc*%;`>AIxEpy>ji7J;goPzs0u`^Zh=@N;pNE%t
zkLdL5ETR(?nyMox6tsi>@TUYFHC;sz9sC%t)d+DlGuvSYa~L0nkv6R7WkS)_8P$zk
zV@MY4cqtDW)vb1&x?;)cawyh3Jd!{+J60J%k0@}Dtf#N943HcLtv*lpIuA29B3nQ`
zWg%l|xL%c|(!|<hccMF5VIYQupm8v@;~?Y?)4O1!6K3%lSQ1^hD*MB<&rRe$PXVgC
z3Y7HX!mY3acvc!jwT64{qa+Os)+(_XRPiwDcp#kU{9(Qfz`Gyu<=gU`kWEhRita8{
zSlUh1Rd;7|&M$bOA;Vro1MnFpq(ieBoKc*_ENd&PB+!>-|D>kI{Y6wXfL7A@F<QVU
zqa1SEL|#d2(QlBUNMTGj0L4pGIR>d@J$AK34Op&_^0eaA`|VMDN@6@)uG<-Z3s%ZY
zybf_qz}hHV*ZcDKY6=Vz&KLe~aYuHLmIvGJ$-uQriL11V(#v|DbHMGbYN<{$j-HGW
zt2Gr3O`rGXKzu()7N;p*f&&7&j6iPK4hCVc(9+VzAb$h4>xcX-)Z2Who40(f$G%Kv
zEf}^|<{t#VgETlocq+xnoi7Kjn3sfPaaKY?LbK7G3can^?&z(x0o29MvQSiF%?iWb
z2vkh6rEKWg*PzAaM3~>BFp`Vn{Tx)7d{J{!T#674J^h~wN_sow5NX{Ow`|Xo6+uTd
zv{;|gJ6=aeM^h^?@Kd7`Eq)L<QyVJ*HrZ5EsI)siZ0j2vV$QXkUguRAV@vn9Fy4kO
z3PFDIF)V!&X(#WHBYlEOhQl2jKlECy3>)N?YSr5SG1cs!n5v65F@%!R<H#`tL`7-P
zWeY0PQjoZ7Fiu=$g~tlk!4F~vdzp-^(z`1N;kZ=J94?Sw%-A|a9gds3evODvVE8k9
zqn&AfnJTv^^6|~N5WMuKPht$IjEgehW>rz<dVf*QHz@O>)^UdfDa~z#X78s;9?yT8
z+=z^cjNCSNTi}T39*#;`p)1f{?0aio(-#vR64d{`<iabi-|hUW%RdJk>OZ5SKVb2B
z(A&q8vgW3zkzuR(d-##@-)|=GjpJRvO^^G#`WKk}*E$@xVjIKTU1skx_<~%YNbjVZ
zmO$<mjO)i;#~}0LV16$8OK=k;@8cPkt^yx&GZR@0Gi!b2r~&eAArq4=7vhOGPI&&c
zroAml%lK-a#rxkIFIlvBbMbf}|KJSktjWB;_xLI;J@5<$&ei@EKu{?GRm?F^h@6L+
z_YT{^dJ9zpx7x}=*{#h_K}Yu}yT9DbU1V!cfnm?~^ee9|pEBc63$X@KP|%g763CJ)
zdE@6bg0GXH=pc4Tl3pwP{2Uz9X%)e|;^0`HLZiiwCbiprQ#T@^0Gxmod@>hMwDncP
zvZd4kuM6*oYq>ie#_p5dztuY<pyaR`{BagkPwi2OA%e8w9YTghC>8=!|B^DKr=^MS
zUD|FWhr@F+(LGYov9P?%0cLM>^mys+-&FN->lE^(^LJ@+<7kN0Z7kGeJG<yKuUA&{
zXxU+k96Bj9^ucuZ1yc~)t9~_o7_B!8mbT!w5xt2OcFNyRJ!E=Xc`lle8`ZS`snU?p
z$;k;)s|gch%0-k?@xfM;Ga{~b^8M<Zm}f;>TV2#yc954DMojr#{wb1*YtO&-<ClT{
zn}HJY{jafT534xZ+eLEoO?D)6Q+qlvBFg|hNZlPUO1Cu@!u=GUDzn=Z=kB~~J`4ch
zSvTj)W$M>f3zf^MP9;M(qBu4~odLK>xDFdW0|&#cMvj`6oFrr3_!MF@1o}HeMMcFh
zQJW&t@y|FI3L1B(Yt=y+8QN@Md$9dvYBC*JIMS-Ka;dK-lBRGld)^Ngqn0fh+tq7y
z=&b?0`-Rqy^V9h@kH`6yAS*PRQOWX*WN-~R==V`N8Gv9eJ}XOj8@!FVpvb#jdEwI^
zOWNMu-Mt~S^paIa%qF}uy%&c7e0dNS)h}7w!+^wwRJ{0ZaJ3*AncNb`_mKi7cMM)5
zs$ad%tGBG91C!ZCD*+1%RhGg^2cDFZxIh(Bg^{tMLEQY*=Y+q}HYmJI*S}Jb;}F;n
zv~=k|BeT|teTrQUabj)xoWWy{wDba^9oWi?Hnvs2V+gU+FK9;;rcE;14)z$)ss(SJ
zi_7(f#J@Mav-cV)VEMRzu)lxH?-21&?su`+_7u9ElA5X`UqK}O8^sKCCl!IXrFOv)
zyI2Q_(G~4PLR_tUH>}*>#LD*M$pASd-S6ZhDDH_XDP0KA9+Tz}OioU2|0*aL1En+m
zKjECurY)_mEQErJsTFgp?Ai6y9lk1>ni209EU;K-9n-qdc9}M!t3pB~QTuT>6h17;
zX6R?g)~pdfm&-=OCN(!U9`!&*>i_h(I@-6O$v&{T_WAO>zGb=P*D>W5`WALd^6S^H
zRFo7HE@j${lYUB;AFwS!^6?2=;pL$Bz(Lf{RS~-zM!9HXER;Z2<r(+wSzBF010TSr
z*2Be!5KLVKEJcHzzE}0G?^H{)2{}54d;W=kLDgi{imY%}V<DljVP*RgeWuA4EYdtw
zXIT$9wA}5<hU`RB<pC3ZB(hVkv;*k0Gf?PU6!LjAw*k4SBxt&nFB$}NJ|d`<X=@Y|
z7P|XS8Cm~(R#8#e`2Vpe`DC`czw<$T8ThC#kCoYZMG-W=evUUDcZX6e%$5II2jM`=
z%NLE8`ulP}P*K19{PE+0o~CAzz|<dJr@79A*(qyS%x}W56-DY=cmR+>#~nT9yJc;c
zK8+%^&*#^F2~S4DS9@Os?kGDPZ0uixZl@i40P@oCzQ1hb@wnWb0dmw|K_uv~Q>b^3
zch%=3>D*?37_4Q%IAGIFnPZ)8g5$?FVCBHDbTLLf)WJtw4oncLM$nqFwuFRP2oy}*
zj6~FJM^8%LqBVwFOV}ZWNlbhY+PoDNkhHcgHFj{Qa`o|PL)mbzb{U8xmon!d;H27o
zbQ|-Y>jj<SPxF;ldgZi2|HIWcaOV}R>o&F<t5IXyY~0vJW81c!CTYyZwrw`HZ98{m
zpMA%<<Nky1TWhX4=lig)t5RE~dbyxWqjTDWK&djc$zT8K9_(q4sPhu#<>5kiMA9<E
zhYML15L&DQ-__*8!h$Zp>D0H=yDmL%kTEzG7M4{prBTFfLTPDf9(t{&%~r=F1rp-<
z)4y%ho`oIyqk^Mz5u({0?O{v(P<`5?m?vwk^zN6J>iFe_qAH4iZr-UkhZFoK3XSI<
zfR7N$S6*3;L;UB@yHfy&2`w$PKvLQIvYgM&+pgNuG<Nfu3qX8)fpp-eNgY*kuhwtw
z0t(lrO0VNpsKv#eH088#HuRcbR;D%i81k}^&H~`dxiDzoIRq#_hZ%ZiW{0Ti>gtI2
zcvQA7LqKg^4Fk;DR5u5c<aMv`bJPrN2YY*|K)-jDHjc5IUvsV1Hd!Bp#ODcJ?#6g;
z#TcbRZep4p9E}I3YHn`1Nm#;{xO0-6w2<4=c(DhGMDVH#T?SABM+1F*>1Y@jbk6qn
zIM*a65#<?gN9`W%^KQ@i)F{|1Rqi>-;vQuN_1u0C+)$tCvLeBmYfXwSA2WLvy+p}d
zCL1IqBsYt|=!G@Q4_*F=mmVJ-Sq;3?!0&%>x}2}-b91*o=?ReAYpcavy=oy2xYJZE
zi^g`o98q62*D%CKQXnDP9&071w6*aZm(yGoR8&N(voX$I3|~3jWX^Z~YCBq*K0r=R
zN}?>v&p)N1qQa@Dtn8FgR=!)E?7%Eh(^-Ex(3H+}q&zbQk<bmfk;nd`R88}}<ad1|
zl}anBn#e&#)g_;8t>0D5@B3CYNZ25ufQFp3G>xuLwflcydnqZ4%7%spa?hy0JN<gD
zC@Dx3baXmnw0>YGOmy+d0PR}Fz{IrN8)ax($>Wp8slTN#dE|f}f|?ctzJFgAiK##$
z8Yz&)_q!7l6AcC9tB8=uqVP4rZy!LFhIaH96mHoMFhE+^0G|!sgyQG0tzn<(KNKjR
z=LnpwiuLit_+cDM-=+3TqyXpcePYC11#qSgMk|XP==2xPuQhq|I*0%%n4(fXkna-R
zw|u5k*}k9L^85Sy13=m~ydIBy2{;-Opb-Y(Q4Dr=_U+)bw=V;8l`EON9`Qt&aD!}h
zk!i;YoN#cZu{t9&q{QRnzJupq`9MHGSk_IyNXm>Ch)aaCILd#cV0|AJ>xga%xCCwt
z6@Z1z0@wsl_$}tk1k2CrT-`2Q{4A?dnu<(w8HqfUJI*NZ*nw`f-wQZ^)<*huj+y#=
z7bCPU=qI_O_Cp3EEVJ<#2kWn)SQQ)ckpDsVJA6KL$l2KL56@N_fBW)B*eUl-mmgul
zSE3LQoR{b2IfSpYK7MNu)YN=o!JGUvE7;$tEyL9sr|h>;zS1P(?1(%r>&rKzng>AU
z5rGB9KCBOFOZ?U8vorS*nxF8|AT{7{_5>x0KmkvWKt)4)=zZA-Ea!memVL#Z-<Geg
zA=7hdlzc4`7(~XLl#)_;-rC-Qz?gx$kn9U*k}6;wE}WP<38x9SAU7Bf6<p)WX7Ul*
zv9i6#(5-A{Ely9%!@a5l@_Wn{my66EjwM$EA0S>n`|sbs{5#t{1ONWjLN&%f=xN<r
zE(5l4MTQOsu8`99oq8*04cA%P{@5=TLM~QdFR$l5Wj3a#JW7UNgl<dXYijH%A7AC1
z44jeIePS!yoY(d>18D~IHFj#vDRp!_Fz-&6{?X7pqtq~w8!xiEc8Hoj(E3qf09vc<
z&(v&-;+TB8%v90CmP`+NN?@11px}1D9Dh?sKKb%q7Dpmx?LVpSgHcEV+zc@=Ff7~(
z$e;!p?Y8^IG3m4xI{`pM9?<pb>^*KF6s@sk;<<H=enl}dwx00rw5WM|x%;t<6My)=
zbA7PAoeMTHN*xqpVf#+}BI?{<+S0<c*WgI!3iHVoFaRi5hTS<#I<JQ_zjKDoW*dh`
z@{XI!MT8<YXhdK1izQ4c1_D~G9V~uETwKoRw}8J+D?+WvYTOMr_x{a_B7DQLA-}cg
zsi+7#+-{6roY(1J9RLE?nGu@0Dc9G>8w?DrvBT@7;ZFt%mb8@qtB))tJ^k+hbCkxI
z0?tTG<EE)pq(LZVxMnY&Hc`{db1(-?OBdfZY7c7Go&|oi_hYXgKgtb!=KM?_kp*{K
zuKiNd%UsvGycK#xz$5p0C@ABAkJfq;@&PzTWTk%oTm!O7Q;tqgc~a2u6M&<*j2qu^
zVjnpC%^HLwtVVqLE{R~j)`P5dp0708U;}zDXz-OEA|}q<TZS^Lxuo_P2bmFX+3p3|
z*>ZhhWB}c2X2y906v!09z`%qEnx>|tjP+XyON-@nbYucxN6P{rIZs^~yyit-VE|rF
z6fhZbx$F+1nB^LhxMCx#{xfN!O*d!!(o8$IGs0N5j+L`m)QCDWtt7yN>X?|6v7jjD
zE0W4-1x|Fr?|K`zu5(kF7SqVc#FVyCs!AV?-6QA=<iUU41p-F$0>-}yK??Tb0G6z;
zx=mc}3i9%CphXkYr@jXe^Y`VWU`E_w*_3FZjBKET6Bs5*iHV3ng?Bl5(SpB^HyK%h
zx9cflVV)g;K{#o*I=2HSA%Etrq^YT?R#{n@X$sfe{#CO>_uI$4U&og^h#dPp4l9P`
z&b2`5!K#bH0HnHQ$fvDkl4)BfK}XuWeI0G>wapf;K<TJZMkSNA2~|fYZDg4t1Iul(
z9jj0^m(K)yAbxilGH4a^TS+*potDi=@L7+tT>tg`z0S{}Tr1xq2#oSVh3nI&KtT%(
zG>19R**V3Ld;G|w17HhCpfDP{HrcA?PKg#$S5Fnv&`5*Zabrmb9yax_0tg$`X%SJ`
zG!~+>o}enbGDbBYl2Hu6_WPliKTs0XVtQ5+r^Ok(%w^wvu&(yxSHdfAqAt%;MbFQL
ze_hiig}GGIvTP1R9C=UJImM5T(V>XN=jn<uh-nB`cEz??>+c|bbHyg|MVUqn>P0Ur
z4->D99AT4$I1r;mjgC1a-YXjaPvd{Q7|(5cW`0hqlRMB+^8z)sI3kN_2ZkN1<;6K>
zG{F2ps2}kjvv25<-3Mpr0*`?3+rFkRqTALVK(AdcwE=u0tVnYmGB0ZKeAz*-F0g5l
zf%a#VhuxI~<k^zTKa6h&u(?=zjo+}Ao41+`s$H#U%q{at)==_dyDx3XkEcQ{0)m3X
zm8ASzuoh-I+YH;{_MCi>x@uB@(VgGU(GhQgHez_*YF$b;gU<pN5RO+-B`0Ly%pI6w
z;13*daC5())tFLm0sr83F?HBElAJrv5SzzE4BmH@+M3GXzbs8}0y#bXMY5k?H_qu~
zPaPB%{c{UIi!(o5ULFpf89w2+xEofiHe~o|X&c8MMrF0$ofKWqZt&|Bwzt2jTNC1<
z@c6i|3<0?>V}E++{TaI(0tYrdC-Y3|TyiiSS|aBO$C?(uiu6Ltry2qhkP)b)B%)tT
z4eUgNaW|V%5Yp$Hd&!J(e5J`>4o0z~$EcD?g!NEr@{k?<K9iM!{><M7eshvdj2Ps*
z_R5lWS7KnqZK|~TUA`bD%1TN-)%<Y(GD9OHZ_^p{{kbdqm|kHiDT`52Q2d@J;*DN2
z?i|HOw1*Rc=|4+CLIw}Wq>Ec>^NfE}?6Rq!v1$~)$ee)|5(%4VekLfzeus_hgiydO
zixP!L7f~8;a+;m{t=#VJ^rEJ7U(bwk1uvl0Q{LfxkLVXjGcTEqpOTVtINEfW$!I=H
z!T$5-&mL}Cey}#R!DuLsbcA-<n#S*iCoBtgzKPv^0+c!k1bga!dnY@srnlloLWA3Q
zJjwY(!x;fqetVPtwle_NQNax?8d@tWD|+BnToNxWE&bah?Xswb=LZ8<YNX4crW)ZF
zmvT9eEL1-s>6ITb-7EZCY;HcB_nB8`MsLWeF|sgO3He8sMWQ3_NeR{%4wd(PU+fWY
zlKNdvi>UEe2R5;yxVTur$g8K;_8GzLfO%N;^GIkYzPa?r+{%MJAZd>{cr+*ncTU@A
zvNLqJSZ~kM*3xqKEeKp0oW(OOm;GaI_arVbB9aS^aR{b^NU$g2cenkd{gyu)!o*OY
zK~YhtWOA^_J0BU{F_uxz+zGNAyg5llM@InoyAPlYU4Tpfe!bHy2xPCd-n!m@5t=2t
z7d4FlfB)0pCiMJLHVqg;2e~CvHR|nho+)@n5ia4m{ksy3(b3LCu@C=H+SH-$%Mo=t
zhh0kY1HZxO=!W5~zB2Q9=KI`Uw$KzYHo=*1pM;Ad<S~`1HeM{WQP6lUL}c}Z1eaK#
z+S621>go;+53^pyf4~l`XmxmU3dqS-jm^(Hv!uf{c}es4T9v=x0J6m}kqHVd9+%LR
z0IA)>PjB4KvO^*{#5}>p&yKa0P_*aWjSCm;A%M6_TX+}P0CRvpJ3SQ@T)708g`&$v
zeE3S+y^$oRPw;1JPAxbqXEpETCB$vXE3rjR4%3ZEa<VX|+CBGh=o|(auB%bsV|MnR
z;6WLH{MUIsT`OmvRa-$P!y(03StAj26v@=$g|@Lpk>wN5qDGcS4|i2_aHeIe+DM3d
z46#q1^)I?y6cqIB4eyGg<VHShO*iL8!Y!!jJmNYSv>_B70dkL>Fto@SuV~|A6tb$@
z`c?%}vcS@4JkISAi#UX~EBF`0+&t_Gqbd8ES_f8p`&WDz&08dZEIas=9DH7H1%4sm
zvRM)mv<7TJ0yaSv;8L(Z_6a8K-&faRNJt#X_7hU4UdUpRL?S{de~a=171xN5aYN^u
z$R-~K9Je(K6Zp6>czkuHQGZsVKf87|=gPOnLG<@_YJHaKX9rOe#-DT0UJh*6EauYd
zSC~4!c2FmA9$G~c@R8(QL2k6Ee%aw+P?Js^<5%e<*Ee7|nSbkOaGnT(Q9mUYh~NcA
zHLFh^?NSZ6<ByxlR-T*_=tQuxu-MO7V<0nm1z|63vcNy#?X?d<W}>NyA=z-M=*UZ%
zvII;{!^7ULuB@z5y3Y6=c}-;tf*c(kX<`YTbYy0(C*Ru^1RSY}h=`ni4zJ`yMBR!V
zvB}?vh}1<(t$uYN<(fCOd}&G32skAVW8jCP-vp*VWM^rvQy)$9H4XNQa)NVBJbaV%
zv`)QYYn@VeVQ)RT%?e(fRz&VL*Sl070H&e<w0Ej5(C?wROJo-@kXouN_$yFXimfD+
z!;tw!Pvag=tj*gx>grE=i@c^5W}-t^TBCnQ09!OJhuigTL?F#0*#Aq+;n?(=ZSrs_
z$li1`UPK9sL^amd%b_ea^Ve^UBvBVSJ3I3@yzg-OIla1O<7=6rppRc(n(f@294!R^
z<kFVpkU!oR_v?i3Kht2_pBEPw^EM}$*w~!?oQWG_5dK{aPfilv0PA8)Mn;CY$&1EH
zu%cEPsLAN%CybfT$>k*<nNIk9Ctg7AQ+t8-<J=n3bd8A@S%cWyk6g>k3#s|=#DdS!
zUZ*Kxh5pnH$vWi;f4QEFg-0T<t}J*Gh@5epw_!S7(G30*awj}Ob(oYKO^#kr5IB|W
zgf<;^lQcA}ahp{M1-W5yI<MT|FItL0B8fGi<Dm(91;4tu3tqVf$TDBHyZ|76<^H^U
z4T$(n1864Q;f|MRk-iP2%s*(6P)T^a?v4bFSs~+Flzw*%^#2ZJto?=tlKw$!-Y5;-
z5VNw@<LEH4HlVvI0D&(5)g6J}o9Ksri97@D?bc_`nS^0lvKHT~D88cNuq!}o|15s`
z-DLoRUJi&pOo1*>1<w(wnWs=F^VmPEHs@sm0rI_s(lsd<rbeu^q5sNZaiT=qy{OGb
z`a`pyh_<dYf&h-o<1SW+*$Rq8Q;Idy9O4}gwOMBJHdaoN1fNW7Tm-X1DUWaD^@C@=
zDuMpa{a&Et8{tP<e@h@f26&qFdYciPK3wkoQLQ<QA$*j<-0U+(uo(ZjOrn5udLgmV
z&esx$PXl+`Ow=}|pVN@b3tbAgxRN?b=1|e34mP5oQ6P=@7hqDcv$GrgoX35DJPIjn
z+11*!;+PmS!u-O*7FamA-=^l~nFqi}kM6Fx<D)bi3j#`UppV~@su<zO;;r=)DhGmq
zwh6FE<WR%NKB4{7F)LH+P%`X({lS;PEv2j>%_MWOBFo!rTV_V8B>FDm*zW$+wo%^~
zffz%05IHo~R+{E@kZP&zMFJ|%>gK8Y%WOSsO6^aB0V{La``QbW-wxmY;S(;1l7dD6
zkeB}c^xWShI~f#IY+g{X2P!h2Z3K~qI!Ey8-4>OQkl-#h%3jx)<uo;J6~!K@O`J=@
z>KO`J;Gwz{56JB`X{x-xOz+?S)4w4641i{MZw7<bO#CJw4eTMD<`xzYA=IQ;t%g7)
z!aN{^g9h$9g@#|M;WyiXSfB!s#+W@>3QFpvc;q6W9tOxdnW}a`hp)c-7&yrSnIpb5
z>qc0PQs=z*PcN&{h72nl55Bodwd<ZUh&K~(u;y2U#P=)^NQM)V7352z@9y!3hQt07
zCw<4EQm(29Rv}SPmC8#_@;=hi(4e|2*(`qzLCPY_;-yE0V1)3^_Q#)(W-Anz%7eR5
zDe?XSZ{Lx8ujD<wx@B6I344t|BW8FPn6l1}VM4c>h>nRSB0QUzT24qD+VWfizZ@X)
zc;spX91eCFotwU`FZ<;{Hz~wg^0A#KZ_{RVtpYj+D)Qkj5G@#n>Fj?U*#!%Gxem4O
zoLiyhn^3g<GWqAgJ`nRAIUV#>9cbK20Gu|zTmUMfJ%*4!GkEY^ZxN)A30NvRhx6sQ
zvRbqa*zP+>x==u!=ydiwC<R|RPAV=;<Ky{e5JAahnIsQ%1rlNDXK#Fd<HZO#+(r_$
z=c7{oCB+42ORAtSiv}2If)^0rDIw{J=AL2nBjsY0c^wgV7R)IlCwLZehzKw{^Pp8u
zY0!~-dDhOoNV+i8w^lL=kPB1A{e=!Yax=7h5q#TeYxCTf(7Q?}3dGkOON#Wim~XOk
z^oOd9YTRP6)d4y$-sL|M#4yo_s=hF^dbpB@2Lj>5*F8<tnQn#8cpOY{&aKE!{ixWg
zsp?v<@+$xq7!wQ841ar{;~w<+p9KLt;^SnYauPs;PP>8ovmzCh<S(E39tIr2AABI_
z;vV88$E#thg)dNo;L3&fN@fP^3$+~`F6o$4?P4wxj{ApS_aXiNC(7=_yPe;et5RBC
zurRkH^Sh|hJ$m0Q!vq9Qx;fJP{Ji9Ma&nJ@gM*bw99DB$H4ctyMEdRB(-t3~uREeQ
zmyn3sK{>h->RCVhX-akwm}(**=099jAEn<W))ovfCy`C8AK;pZ5W92RSTI8VRlTZz
zt58r>Y>x(BU?l+U5yY%@*I_U;0P#E?^&xHnojbiDF&W;@`sCk7Lg4El<Q)|d(s+|n
zB08f7GG3A{XbQ6cNi==1ef$BD2CdL%3zE8Fd(!*HJ7nf!Rj8{K5s~-v2t-Su^07fB
zx{_Tk?_>Mq$lP50;D)mxTugCNfte&wU<HB#3YWsw+?W_3m5;bXEa$g!;F5`~CWd%+
zNj$TPXauAcXw5}N_SV9v#}4{pt87jhB$ah%8JU_k)#d#zV>~4SGz5uPop~&PGBFb?
z{JrQaI=ahq5)5X1KeL0y2il776K_oB^g6aC!8s^FW83Z1*yIl~rJQHTz_G#b*Aovf
z*^VJhG&B^F9LSPdUdFTTn(${X8B0eh3JNTTyJKY^JG(3Y=u=>ut+-LOG)mWnuK}D4
zq!9@5YsLPF8vOkHn4kIrJl#vo%fK#J_!f@kc!3LL@!8Qy4GoP(fOlJVnjgvnRJFjP
z-2qVZNzi{rfcPK{xNYorKJ|aO@c^74_e}3L$$(UBu^&*=8Qlhte%zh_P{gzxRzImq
zp3cPfSPWw)6qV|?3XwnvImuh;{eyGf3Sk$*c}C{SG#fnM<GH1qumFh1xGs^M_rSex
z1BJ7z6{V%0+5iNA0Tet1-Th=2%r1fIisYT2KcKsj_w|KeI*F)iK&Y~k_XA9;{#;gK
zs)gAdV0L)ujv(Dshh_tUEtfjeV15XVK;)e-lsyd2Vn2V<PIYzZu|_*}c_QtUc+&2a
zw7CKr4*bI9r%nBw$1$_cj;??a<rdOZ>=g!ulTL0##*go;wY&8Ny;lTGGeQ)M29W+s
zHM&xN<bG+f&dedd%90^FJCe+@+>S0#@e#YkXTi17!m7makJAJ=e~YATbvT$nO(_Jy
zjaYOH#Rui)HXy;>=R{0|=I{{O1_ak!t2Ft5Jnu(fRz^9anqSpxa)ce(LttPaWc5jS
zLEaYw*nJ%U#$(0+R`@IQz+AJCrDYi|n3XjlT<e!CQQ+t))?C=Yog$A$5gPQTj%z9T
z@(&0yXFMQ=Tc_7>>Im^q#~Nv6{K%RN(J2;EK=mAQtef)jhIDp>gS&z`G)HZmhAA;-
z=-&afz!o37-T>~C%4{OTzY6k5FEddaZDY4lcc!q42I65c5z`%T1o4>@7akc|_gD&{
z;`%FmIo?epu-s+aF>U+Pntd}PAg%-Y`CB7Du?0Z(o(I$|#58-+oDyH?grm3NS6sc!
zL!1)h&BhRtt!C#?4$#I}J^oqTO1Lp=wDBiC#Q+!Pj<~hN0m=tJXj85>Ff4}lN)orX
zV<0cRyZpie@k=kl4kocHEq(%}c2*?=&UII8>EIKM3FAM}V!-p$P=Wn$6vm4P&7!ce
z@xfdO;}t{;U5(-BZRbFeFSn-Bo`8)9s1{P?bspRBi-lNW{KTU;0Um4?@H=EShlGgn
z1J9OwxGmKH9@kQ%#n39fgJIdF2EP4cacFF~$1|@XTE}GX>%1$;O~Gl?bo<m3n#zYK
z0zs)1&?pwjD8%nMhKS!<IQ2uYM5Xx8-)t4QK)P1w7|DzFU&AwA<!{Z=T<gLA#%%4^
z9G<09DCLb^09*i-VErm~!DLwl<*mq8Rqsd8%AvUvNg1gp-*rExrL_$wpqusW`~vKI
zHNgnD4M;Dw?{xo_P~a0K=WyCx6)zj!C279C>5T>JNnfJU+9JQaA-zH*D#v!1<KoBD
zyem;|Hi#gVTkq%ii$i|IO6IRd`QNg9oM;Ce&jqxJL0-P+Xb%M9-^?W*p8}6N?b8Hj
zc{J%eN%eonl`2Jmz#Z?Z44^&uv(&z^0>CcXVaRH++(kus8sK2rA6$L_151VNNGIVm
zC@L&8PhFX>8YoJNbbov6Nb;*25xgx_fZ_;nVS!fhpIqz!Y=PqDE|dA}UqsB<6t9Ek
zx*)R?oq*tCnC!9EdWs7(UYx~;i)gE+IPL58nXP;SMKt_w%kB%8fUKwzk=MxDG5FDs
zaQVOPR_g>z0)jfZGR>_`U*s8i1vZ=Uu0QivHPaGiS55W+Bo<5cdL_93EB8l6<_dd-
zHe0+%;F4FHK0Bq$g&Nuv?rIf;-A}!s^qV!r+IkvtR5U(k#`BZjv@{$9;OTP%;@Mwq
zef|AU-4W4%YE|oz2beB;v5!wqigR*uJOHOj#^)0M{(hW_u4l_Wd$ClK1%@>J6;0pq
z-T?i$ob+miGYB6Qwb?q#L!<vn@hCj}+ThT9$Z=n$dtZcHDepJLo%F_B3_;$`0bh}-
zQew>Cib5D5zUA9t7mB;i)GZa!QShgQY~1^y{Zm2vjXG8|Pa=wte_b7zXK_#l7v)p=
zeWv;7D>JMat7X9pS8UfKj7*lYj?cZyff^xTjtayCZ~9)9Ye<(GO;9YYwl3j%%d3y9
zy14p&&=mo{LuHNpSo?oneMJ0lpwd8D2Ox#P#cgc>ijE$DA!=buhK2}pVhlV&NK<st
zQ8hoC?)q1un@8FD2KvfnN!596@txh#wrmm;gDSG<h9}alHc(GaOsyD4_+0Ug&Lqa>
zkpV>?)+o{1rpGxB%nwrs6JS7Q-%6~M)YXe)lau$KuJ@$Sux!BCV0sX%z`zbR>_qcw
zCdBrmNQLzLI<SiK6zsQpf{J~Tx+KL%js%rFV(al;B3>qdao`cN>)NEaqy&;2@IGX6
z*lk|{XNAgUH8(y~s1ZQAIypHw;7*(wZh=?Bq`sAZZ}18j4`l553~Iuucz@_)bHyKe
z+C5947?s@;E<#ezhWYOGal@-;ZnCE>$bBb<$F1r3N5*FA>9#q%&9GNZhVY)ht9esI
zAn|<C9=Vgy2CN#+XT=p)W@mS|Wud3X;Mdilq|obvp{O&;j>?}{YEWvH$1XO5l>l9W
zUS}<aC6t;?UGTQY&tI4j8yoAj*$T)D6hm(Qc*1eek!VVrz7&d^N$~AsWt0}P4h=}}
zKJZUPyWN&GOqmZ1(-DSK|9ZKN7lhIO7uWRYL+zqxjuifAY|hU9Y?lZTnl3Ds7tG2!
zuXw<PNahHAA9T3w380M~z!>~dEZ**V)${ec#wR-av@*D28_yUlTCGIX-Qw%e3~DWP
z$I-F=wRU~>Ze@GwljV|5WeS@5<y8S)*3=}0A(uv8!t1)<gYZM<r{th#0ITx>pb2!o
zBu@JM+Xb+k=plH=nP&;m^a7R&ghJV@^PbO#eh>hrwS-~|ACT>WPc1eHcl^QH)Rgx{
z)bV#xb=}|5hgKN4o4lLB@~I}qcJIe_1O!LNTP+CU1e7$ct%D?(jf6@9Hn!QLcq|$R
zGPYXh7@NT7Ha9wNC91ouHJ`GGUckR-1jwA99=Bs_yA1iQO6K}6Q?PJ}!7-GEZyh1q
zKJm)PP9eP@(fs?3I`gkY7ObNk_N2eMJMk9Pp>G<q$Gm|uHX4fBUPKWsV;f!I1U@x^
z-Y>wXP4<ImgRC|rg~M8p5{1oaV!=5+o3aDPfG&L#yGTCccKq4Ukt6@523Gbl<>T6f
zPOCzc%;=|SMaH6R)W@Z}=cDOg5an1QT^<(>eH7lVqs#b{y*+f2-?W+oV;v>s<w?>q
zGWQdclZ_x*=xPMe+$o*usWNmgG5Gve!b;!gQ{rIb`NR~%Q1HirK%O7EJk1TC`Xl4n
zkk~t7y3TiEa&pzk+RD%XKo@M61ZcmVULUVKfrIyMF>8)*XlTgRzcDQ>?Eu)H()E5H
z%*eSS7^rqtyZd-M9thHobf`wKKsA2Q25r_Z`*5f?G*tL4A@VeD;2|iTy^dzVG;0MB
z@Rl2%W4$VWDg7g+kWiOs+8)Y4$Ui+-Dm;kV`pFvpEi1ExIrTMuD$~-|_Sl3IFz~y%
z5}3;*r0eHRAQ#eG()b(d>Pn7Ez%>Hlht8BSWIKHsvG7t)R*rdd&{ZLn%nxUP-<1Vn
z=yIuIvR+VFD9XgdG?QRALu9?d)1A(R&!k^i&b6WwkR8stE&!bo{Z|NRIbJcc1S>U|
z(^5NIG4=;Kx!><iDoGczJz|by^9l~>`{%A4bQ2sLZf<dLaE9KY3hOy|v+xC~4r>qS
zS!JQdrGYI%q@$|JmhoQQ4pWo+CHvE&Xz#+j`KWQJMOZl9NCEgTvxVWxrb6r9Eig_{
zYg7g@T3-7538A`A1%)vBUSo~lX*`fMv|Aj9l@t|MdM778s_S+mw0{0favfek(l%pB
z(?clNfS<-qZBGVFMvPn;GN`Dz^9sfO^`!9v=qG%8=q;UJG2$M<TZOWV=mDYd%&MxN
z8EzzXn-dr$eCQdV{0b?1>~XCKdHSK`Tof#9DXeP*+mbAQ)2lzw1`Az^|6;9-2Pgg8
zth@^Jn=R`ZMilm7_RP%z?M#d=rA^}nS0yEl$QCZY3Iqx^6|Ch38hL3!!5tqvy9*M5
zO)u`^GAF)zr~XMv-5-d+SN@dfGdh`DOCcc$4DgpE)hY2p(T}y|Q5ZTMFXaJOrUFW8
z>YdWBpnA}x=EDoJ*D(a^|2#j=Q{4r-OLh7Q*IlTe<!CguUX|+(dojamuBrScb*Xar
zUsv2>iF-C0To)GDi5H!oxkY{yM=1%ui#AWpB*9*1NRpEFQ+rTRcb*o`o`mK4&)j6T
zD?4oZfSBaGrA%h=Qv-RR4*LU9xKIu+Y8-$OxB@-4b1-bR;3_XLR#pIlIqeIi@C_3u
z(g<JWA~LNv{RJ=2@Gllf%5O3Ch8i?wzAH$_Q~i(TEN<zSvO8F6H1<+Y;@|&qv$9P|
zaI<5-ZA~{uPf7J(5c0Y&_ik)_qyz-?qVlW<v->U>U}YpEK9^7vfsR%|)xrG0s<h)0
zQ4fYjSChviq1CUVl3%e0IH$u-K<9@aNOO-Vf7?+tn6Xlfc0;(aK;in<wy{HA+0x<t
zrnBE)8uOvm0(Y5!a$>Wlt^$5{F8Cu)>{i$y7gSs*J$#od;#<i#2nnY35EZ|C@cRB%
z$<M5u@&=To<Y_r|h$x~{965E)owsWZ`>j@cd$%9uEIWq4X&ZESz1P+q+jw1&zn_(5
z0$m+UAbDNz_I&T2SHZVip%Am~Cd_(A#Bevap#{MW#MEWw<ZSW5z=R=UW8vc4{aT3{
zJ20SRWahO0hz)|cxkt60ihUzpkFaumZ99(0`k=Kx?8lSPuo5Qs_U2<*5d^bR<GT)t
zgX;u!{u!)YEcC3QWUSO*DL#>3L`J$c74qQX5lLeCzyU{}WswVXu*y2x+oy>g_M~hW
z=<DN4EB&dmvB74MQ+_f8qEml_d{t9#w1@QOFAY~*)oXy_N9ehNw}PTlpwB#r9&5^E
zI9hM#?sd4}l?Q}X^^R^3QEqPQ5*jH_vZb@ipht*jG42m|e!Ex(uzdUZgNWeRs~zof
zjnZWS6x2Y293h`Fpk6Xc40+1p@_M|jP!te|h7?X@r2Yl^`qllxI%9NpPC2U>Nu{%r
z*+460KyG}jGiN&q5M35FHK`fBzdj`ZpmDmv+H*PeK+K+{dDA)rNFBd#aAsTChtX&x
z1p#mAyX)?+!p(vvsO`uIL~Phpq`Q-UFji_gAOD(yHm)w!d12eNf><D7UmNgYne~2G
z!ktr+(9UGfXr^sj^5_4wXh{0|I5P+gAV-84&T&-@$c1~zYu{&Q4wtcjuwfykKd}sc
zfPXXfIb(If09O^Y)`9f+c$8|Dz!G0BRZ=!0H7+UDAU@TpbCR7=S<2u1>nZUJ&J4s)
zChXy_$^lSAXx?Pc<i6hmc7j(Pd>@}Lt6_~cyu=Kk>4*IrZCJrT&rPit+dMFKT#8)I
zX_Sk3wRm-X67^T7^q*CMic;pLOKRJ%p+;4;wSOijCpU<wT{}E}YlC0RNn|bIX+yzZ
z7>YsXlv1*4p{PAgQd3#~LZ1^E<U=0qxX}nzS((D7Qszy{kKL*39`cInCS2nWrG`d@
zu$zmwox9^E-1DY*&Xy`-k9)8-s=O#CJLPrEuo;NNE((Unw*P(E&)5kuF<JEoa0n*x
zpn#6LM&_QT#?oNtDy+evsr@$e$LI}nZ-P8%`~_+k*67jHLdPL6WN?-^7;`;qW1^jk
zLYT#HZ#>`52WaR}13Tpb3U#bB%q(H>TRn(<-~`ML<hPFOBpCKmV|o554bSUsxFZ?s
zxW%*8g*1Rbn*IenfiPu&$JF#8WtecK>gb4Ixcn0M1uKLEuvanJZgwGJS3Q0@Yoj!y
zQz~^>wnISwto<#8&E^K=#Lu)iIK};`oI$qoa<|nDT+~HP`xEUho{bK$frLC%sFs$N
zs6dagw3aloU~Eak8**Pog`h>hvLo@?^U|gi$=2K1$sqFeqEDmuGBBP!%TNCvKx<(r
zRPM6w=?(FOHbXnMa4CS6hbRHUjVwC#y8VUIbz&I&(DBi@-2<Ingc|mRJgTZL@z;4D
z@u#k(WFzb%+fk1l8M%z0rQ{HBb3;#Ql&9sKAbNlnQKqT=K+T&$@a0GeGkQuF`;CXY
ztE;0{{hjE7Z%y#G_1E8JtGUh0%?T>9v!|?iq|4NT0dqzqz^B=UH`ksSaE*o|r{U0%
zD?V^CRg@(B^Ym#+%ooUOOLsM_B*-}SppyD$R1i3XiYgRE+(RljumJuSG|{J>E?H%k
zb#|78ZGH*|mzwHGc~aLiw~gje=;^UJ{^G0^wfli^q{~Fyz>|6`7v+1xQ*2}%GEPBh
zpk?{&;`hI4y{M`h$Nr|_S21FnEJanJ@77mTA4Ivi{y%{(uqUky)+KN0&Rn40r@>g!
z_Txtc27Z?|{Q7`FxYd_Bm@sJkpo1mojE({z+hT_+v8%;<$8V-k`8lx6iM2W#w&%wc
zS_DyvITcxe%-L0VI}SJB*78~fdQyG94sSm4=`IVNQ7D8mwI3Dcqqv$5DzcU;YNo<W
z?fPGO-G<$+(<M46_Xj1KR30~l+pp9id2Ix?aMkd=!3c0i^W~Z$mN}=_TAo*uo)xG4
z%zgWG89Yfet0M8jh6rM@1pF;hZui?HdlPFy-GEhnR;1|Te30_+L-$XR1gR<SH4zaN
zzoIyTqN)hc*EOV<&m`72`|zKPrryi_tZ~fO%pmLHEQ(((mSFf-PcNu8CpUNWO=5X-
zi1(M5iz1KPDJs)Ih0vf#a5N$=4XqvNW+9-G76ON%QQ-;5@s=e{7G_kfbsqx~?P6p5
zU1Rrisff91ag~bU#VGT5H3u0hkwft+mZ$v&Q7b04Ag%tCrMpnDT{X`pjp{QyU+^;J
zSzs=On<*BF#IV<19n`BB{C{Bc7PyOb|BCeu4;zd|fQXLxS076XiS{e4kr6Fur?Zk^
zwsNe;tS>T)YTfRd>go|xB`5DsX+kE9`zzMkeW~o$GZ=RDFQ(J=e^MI}00q<&U3wky
zYUz_zieuz6;6rhKN5EC$0{v%c)f0`!*A^SfmJ?)VW2^-R@3Vhv!9)Z~&31pCPY1gl
zn7#<NvEV~T<5|Q2@QJQ~y+zpfFDwjS6)hFjaynUw^x&P~;Qdb#QONe?B%=0qP;^v|
zxLTQg*(@Ky-)Na(L4zWT7waCg1by?n5@_@*KeNt8;gV=WjTivE;&JE=q!f^2)%`<-
z-pEX(Phe@^a^<(^_6|wT+PUG>8~H~3go*6iLxo1N?RJCjGdfTUK*3g@hTT6kbE%ZV
z+SL1Ui<QE9Xvv=Vv@FcRAe|;zaBnh>*LTTR7zsCpfa^ln_VG7mCsTKd2uvx7zsI@<
zk*Ep~1ThZ{`KBDt%_YX00LAE0Z7Q^zUty}dBVMB)D_R^`TX8+%b4L~&cxp29B~5|A
zSY5SNjP4h(^1e{17;FP-<K^z&_kZpWr`Jw3L32+}aLK3pqSP;+c+F=k_dpEcg~aW$
zh#qhMrOZ{4y`LtG1GMgoP#?a8>5gDS;yp4~Eo>ikH3BUeaRtuWNV(DXx(_;$L<k@=
zLgOnj5hc;;l(KxHkO=Fx2LT`XUN^%LKya;ea{jAm2eA^ev)gLXbXkW%t}ZrzoH}<B
z>0`Bhg@<1us=a7SOaU6_Bu-Da?X@yP!@?wJh$8I5Feh(<v*5U@t{#Wwc6waMzFsPw
zEg44+98;rlWf1(c-z<R%#8}O)*>hk~e4Z^vtLW$m(Yn23CFJ6yUo|r^5nFtWo|>9!
z2b|#(BIRPF6%GUZ9hq_TXoOn=u6y^=ixEf&2tTh|*9IB+jmIfJ3!K~2`%?*Tm_EnU
zeFHN0`w|dN^@s+^uM_ItJ4=Jx+k#P1QHcTTY+B7-nvJZ@Alq)2kVW?pp<5DYQA`!z
z*Vuh8HD#D38xvlEKuT^0t_r`MNncHN`f-0`v2vpDbe-_#a=w%KcJBsf8E-t@NVqP%
zdPP5wS~Xe$EH$`w!qZ}NT><5jDLUp$%Q!$Z5bIBJJ$rg~Hd&$GJ{x0a0G-*Xw<IH@
zQeUCd-txcrO-WlvD`wwIM(CMK*JvX36)|puc6`7vL@e$gsEA|>DYo`x#g9BE4z!gn
zMALepd05p?awKiaAA7qKP_FRewq@zc%8cWIbWmIK-cL(7EmRblL=6uQZ@psU^g4gn
zTzpwt)?uQcuH1VJic4<c0hHN@en=K0iIgbm8X-HNaIdOh&%>w+>VDS@JA$~Tzzuio
zsvjD(O?mK*C;D{Rp$E1^xkY0wrGpA!gscg1_L2OkJum-uS=~^98N)F$Jl^8zZjjWH
z|74QTX|X)}?i`Z#Df0%Px$>ndeX#1dWpLZq%iw=fD)?;vb~N`Y=7E(y+o!d;*RW|l
z&4%|MPs@FbLWgowjhsOY3Ly)R8q0yN!qjqxBtkbu5%uQD#Jk$~d^mgxp^}1|t=j{J
zx;kMazss%(8_efQv^kXOymIqOe?#_Ti92PPjx7O^Qet|RGRDS*&aD_~o1Mf4CuGPT
zXI3zYA>2I^ahQ`A$As5+t8Q$M$CooTI2~rmVAG!DQa!!T41HbZL=!Fq17+rCx6S$-
z27S=I>+LN*i#0|k8dB7MZcZ-~`}+EtV(>Vx)rw>?xRe56LQ9+B8o0|e{ziln4E7lG
z&Qm}bkqr|fN<(%tX=x*C|139?7blNvbKCHJ1-QgSa6*kkis--P6a-yA&KldOL7t(@
zt@AVf4BDRy`1n0+Ei__HB7No^Z!OiHeH}sy+?s5>=(rd$^Mf!&+3el^+eN(WgZ?{Z
zt+l<V@qo8Uzrn3{gk%ab5MT6@_$TLfIxT;eGS!&_t(=$HaC9><G4Ww<oby;{YCcQh
z^V$z<&=F|!d{Q_7JS_VJ1O#u3o{L(0i#e?NHyG}kLU>@)+>q*)_ao0eP0z`kPE*@O
z8_d?E=x1Ci6JJ@@(A^BdB;DB%v|CgHW}jicNukB5gq4Pyo9DdY`4m4tYi#N8l1g}c
zeE<A6f)m2-=bz!?J;)o;wsvpq%x>3-Rc|l%^kfDB;3#}F(R`y}x4K3L-fys1@PLI^
za_`XqFT1%4^dFZsm_fD%3{ezBkP+!etxLgtrNc`7T(4I|-cF?AsA}2L{BqwTkR*|T
z_FdZcf}tAz7V@~JUqu~o;UoArd~2jqt#|TF3Xv@wHicJs{QYq3(Y0yKq5$1bI+qQB
zXaG*I<paXZefo85xKtQz0Gfz*eBQ0s{N&I{WkTMlfGkUS$dj}qn?$h*6#^{m3{FJ{
zIYcdUIDuT3^z{paW&iBhF^lxzH{uFEXhIAz2#m){CFRg7U0!cNA1WX&d37D~${S5(
zH0FoMhC<*VEFAUNgTM=N#o;{dKjDx!n}|n<OxrtNThsMb&RQ9(wFZYDQWYIQ%uf-Z
zH<H7~{3Zs?@he(UQJac=TIqra;9nG3***DbjA^4q0ihtp=H~8(cO?K98PEL>BLADa
z8Ua0Nv$5n?+LC6gVr)O`L)!`x0nbeC^f3kU_mT1_w)GI*eZUQ$AD13KkTF9RTrQv$
zkb=c%hamD;#i7~V;$#wwA=sONrkDv0MBMO1#P%-=+=PDyzlYFrSfBRR*<^bSU7KYf
zcnI8I^X@pFJ`Q68qQhk%1tQmrA5G)#?rs)<Oy6pa$7@I)V>x@G>LMJ{)AtFeXe;+a
zC?Ks7NqhjH^ir~?*Lwdu6)h}65Y_zug7MQO$#~qp_q#`-RHWa9gd$ABNz8`lanBo{
zI${uDB5<L&A#?19q8Q}Ayy|**1&Cd&wYs=@q<w@vac(l>v)V7_0pX&@z_DbCa3()4
z@!z*%EX}&Ni~3=E(Ji$Epr$vTJYXpcs+B1|!E>-YEiS~&U%v*JQGTn-#y7SpfGigV
zRAy&?JU#DeH>%exlHMFcx-P~qBQay^KXrIV(ADttnfc!UPplzM0J_}mQmWR&ca3q5
zr5_?Ggb)O2tJ_&1AIg9@uQr}lC8lXHnEy(%8oEUdw|;><lv8WUZdtFQ-Y5qM6Pbq4
zUz`m@Tj9pwYRRiSUul)f2(1^5iA~^h*a{|&63w$GPDwTdrDo(a`2JWKx+wT~syvQ)
zsS9Y>dA1%6tiZQ1fMh?IjfR_9tmX+~psn@EP{33W5vWOUK9$1E;NQ5roXA*V12hN~
zdO^uTG{S%ZoCygD3Ei6TBJ1*X$tusy0Z;fJb7n3u(J=VfSl4=OWXOI3*pq~f=691a
z|Et5ZDj}|i9BSmkRSwg^m~9-k=_lS*FglJ$5BUxwPw5D>ALqZV{9N?RryVrZeSiCO
zjcP|l9ZWR*fFH!N;i7bWgM6q57FjStG71#oJb*sDI1sM~0RN78XBm7+hB)wc-{JZ=
zOI%zWesk`M<5Qj)j90oHvzIttDt6U34D!$J%cm&luj$!MD<x7+!OMf2)%x~%^C_?f
zqJh$%wLw?!x={>RtrS<wG!LT~+0Y5!_Y9OqO@A64bT-dL2L^c^v07>z_QE?_CS>Jh
z;f{W`McHjFORzfdfV|R_i$*q{I?h<9y_(%Aih&OtuS)^9nYcByMYojl?Q@b2&Dd6m
z9or^GW7uBxP`p22=(aF+(`i6X!kRN#mA!+*929VdMdLWzALz*MY<34+pwy^QHv#>+
z1MvkBNWV7R$RIgYEPfx_wHNpuHFZ@8b6n9nObc2xlHCE*eDg1!i6-x-aCD7Tz6KRx
zn{0x`PC8$5dTH@pE|LhajAA8NSU%&W{Z_^)43U?&(diq1_gT%bw_q16rVQtZdofzU
zO=CJvr+uC*d1O-9ZK@^&bZ%#m8^jFEOy#PE2E_gyTdwa@CI1$1pGi62l5l{Xmsfi(
zx2}%m4e-t589aD7Nb4CH@gExl2HFbnUEQUnpZq_E3}~}=Evje23+}H#1SPz>spFFv
zpkivfks+bWF9mSx-Zn93&Q@F=p^#KY?Hp4uIz0PZ#%-O3&URkV<*H#}SL;nq?!ltJ
zm2LKbgOkwn`s|m7mOp7I(1Mf;VjZrkbY1eP$U<vNmIz8^ERk1zOX9tiL<bn=tr!je
zuHJ*))naB(mSX>}vr_6feofn=cwiBGn&)eI)8;RD+|HJC3y7e-fQ}u(;NfgdcxZl8
zKfovm>4iLIzt77-L=PPuowChKmzcr*7n02CTj%3r&^yelYHUEyRli2pbihdfTl32z
z9BjPAVpsGQMyiX2Jh>T&<NG0&f@vbp@WCN^DPZ~5jK(Q&Sg|@wu5X){fzo%<`v~5F
zLd?j7?-}{*wsXHy%0yKW&@dienHoy3C^USjD`tJ<MV^aI(u}CNm?IwV_My|V=KpJm
zm>i6;i%Nc_64mxZfUH`W%;!ZUUMDMS_SIn`x^(+^v3YWVgm_2vI~f`Fw!n1sxT|8s
z<{fTB1#wTvTrE^Rz}sX|q(kHFg?5chv@oHqBa(m1-O_me?GnjevpUh~zvky)BHNjg
zc_ji{(XzG>xqlpivVQ>~JzibR3h*9S2GCwCK${n|*FH2sXBW3daB#51XN8D#LlvTP
zChNsF_EL?b;%VlGv%A}-|4bue5$MzyMoF*zD$FvD%88i5AA{>oU93*+X9<GP9`xwo
zc<_R@L>$O=^m413Wvxz{swd~2(ev6a=<KlJ94H_VKSbnHYars<*?%3h+E_lzkBE!g
zqnT!I&_fb6AAq0pK5$;Vv`u=vrH80R!^oFOkR-X4n_JSNucQxv*-&SZJ5kUkgyEf{
z$E`q<tyiyvhsLZ9sb>zJnzE!R_`Jv{#Ax}E^}cUh+^z#rH9G1mctb?qo;SS;2JJ7g
zQUkrVUo*+{IjB(l(Q)yQK-XoybtJLy4g6LSF0LSzq=5i6{Sj^5-e7i8ZMIgeomm!Y
zyTW|vh#`u)=<|^k9tX}dQ4sBafO7Y@5q*!)e}911)p|8-p~Zf0GO3f0uLE`{x%DOA
z_X^EK>vW~@LQFyw>YKuz!^x>E62YpA4?2ONj*@~fXlpz_V${J?*YNQMcKYa9$a{tC
zcQkq5NuFu~+;<t?@u9<|QLbG!N%g}A;n`z(aeReb)Twy&65^9)U#)R1$C=D-JvlLs
zKSZW}BtPvTT1v@EFQ|l*9sxg~vxF6~{U&5n782eRH8W#DQ%L^cHg@#=aWYiPm9t<K
zXjafe^$Ae74Gr&Z!D({tFVzG;4}C;gSu~N(d0;MNP;s4HFYNj~*8UYON!bx_L;R(s
zF;d;#om<%7UszC9VpI$Ip$r@JBPskTsNmQUM>r?9MzWx#rJ=tS2zRmP_4^Vi6(^yr
z@XOTv@4Vs0cPt#!d5gc4s6QiFo4GW;{s7|*ugOG|=#^7Vg^xp4Z#R<y&F=KOC;yYo
zN(cfPHLp8y8Q4hZF#T`SvD}y3+X0b~mpvp`V4n-V>irYRb5WVUw}C<+c>hXOzg*)t
zJUPntmWa&B^_^>klI?qokE3P$Qc=E^&M=;3S2F!^$oI(OX*!$~+4P<9@{&T7bDd1e
z*qpyrSnSd;_zxwb(O!$7MR$Gp^`HXvo4I>~A*f;CnQek;bN-&Mj^8+`I<x=!?5_Ov
zp2>{Bd(4UPx(EcEW0L85Ab8KI^MeBe%V94~sLeN?Pid9BMz27&`ZJ;L9~Wnt4g!%X
zQa&}3be@`F%v_ZzkJC;%gOE@~4P$LLXFl=|VJ!)5bN9II-(|#efwGjwmk!G4;o-r-
zx#7vdRKnUnQ$Y&W=jt5|v}rSx6t$&{8PvcL|IC$O%UM}vpz;7g7?hM0u}ynMMq02z
zW91a|dve9UWR^{Sutf}ipPyS$)R$47gICfV6euYfxii*|8u4&mFj>^VwH^QY72YGw
zf}%bIx3#M2p$rk|x>PHH2`#EsR9y#)P0|j_&2@l5xu_Wj&3ycm@wzi34VmB-=>JwR
z2Pi#*AvNkngWZjA(#)MCm8i4<Wnb`vC|yV(%CCC&(+3?nxiUpLwZgOvMalm4(bkm{
zQ%a%;f)>*ram6~fdN7-|`$WEtdnu8lkVDIi^2P5XMxn(b19FOF*CnuofwOsJ%$k)f
z7%sE0w&Rstre`rlV%-a|D#?YD=!8D&C7#Z`FWrZq*1g!1ig!&c4%6FqfVGkKduhvG
zh&V4aA3>UIb4Goz>zAn#*v$N+D&g;#njaTCGS-zjb~PKzGOO{1nWqv<1>>U{_pmQ)
zCLv5*P+0PJZb@8NTUNC_Q=HWPs16oZ)E_xvSd_IMem$=yUWRchPyQR}O20US)0si2
zV||h<yZc{-ZC=G;A6@C$&i6^NA7p12w?t6`#Cp1Dri&j^qbCwci<7Y77IN}-wD&lm
zRJ5gHdX8{kgpxDk%7=c<&!F)cA!A8H)>r+7WK`F3Rz>S&;{H>i%$A%+<z+bsf98(e
zQ2NJ5SfJTQ0vnh1*7Q#$swL`XH+xsmhLfN?ZMYN-sa_|&q_sC|K}~p}vRZn;aS6)E
zqx8p1`z3ckXI6Oul|8<JFA5|qJ=0vKPnIvgP5xfijk^(e?)|t0q?9AgWq){NPF^Cs
zaqSxjkq`{2M!Gz8*JKEjkZjh?UR>#%6x20w`i!U}@zdRY)<kr$3I}jS^C3Qa8uFuu
zM6gE;X62zS656i8wSY6?MQ#D}K`~h&t41peT$Ia{fF%HZh_N$5hlGR-a!nmyYqG!W
z8zFRl%P!6lf2=euudy#l4LizD!Q9eqin~y_^OeSSnPxaME-?`|v0a4MK)8^R(-s!P
z)|Hf)V`Z6JZ@--`qf`->6~j)|W49FMRVIy6!aw!&6@UBD7D{M%lcd1+JGXKPUP*N_
z@OSL>b+{vTB-dS_EbJ=tZ*w^}2z+tXpqp%hIWNmucu_7~>UzuzCZE#*ZnwG`HS4A?
zj~-VN3qB}(NcJ7p>qjOAONy$Nx%bIkXl*faq98eUAH-@j7??q#GxC=w?!Q*UB2~s!
zcj{MB(5LJN9L`2>yRsL0H$SE{<uuN0aEOb16So*IkTfq_;~RUPY(PV!E26p1)_{=h
z{EK>weT}w=BY=vR*`C!8dy9SmiY2NhM30+RrK>YoQIG=Uk@v0Dn3-S4vSi%_Kgt8R
z#hlf&kwpH!W+jsaw~g(Jc!@Itl2L}^rJs$J9UWZSeoB+A4kiam#E5^SAc$FKmSC}6
z2!<k5hH$n5hhTUfi@So$!+brvCn#9k6E7*7)lf$KZeXc^1r9n>fQ}=h>UI?`tkGWZ
z)ro1Q)E?JFacx1Ro;kG7h>`ea8v&uX82L|>=MWKI5AkSc*{W^t?5qgd4{*<rm8Q!F
zI3HQD%Ju0fxe%LoW#nnlYc1KGYiJgcmOhYgj1I|9s0s@F56TL}XmlC22^u^5!Cz+B
zZT5JRi;K+)S1*n`5eEI7&0MjfuWP6>5Js4pnaBIww5n?ZQx+H3UClJtMai5pxm^Ua
zNe9JcqtZEyMrOHnYo*X_bko11!NoSkCHD`z<HW0C;iZ+~-0{sXFAHq|A&mvmlKK?W
z*ffdpI?@IXizC??>eWL8oVRDI=Xp2+@xI7ChH1dze5Gix6{p@8>asNJLg?VOK~G1i
z*!pnUew|kYUUxkB<z7#0blWUpjP(~;3q%9FzKxmb91p9RY=Q8mm*vm<*(XftpDm`j
zG4#nheD55XWRCB~tjE@pg0ey%{P-N^3`s?Es8HYD_W54abRh!@XNScR);bt|8iylv
zXnt^!QByAvb8)rAXt~^N1n2$RtjZIM-Z9`XH?h#bAta=qukMqnQcz&xj<RLLc+mfV
zXu{s#-96#t;Al&j#ad|d=6!ifYajJ+{3oi9#Jj><ycs|)Iceb2{=vfk(!Jv{pxfzv
zcD$=+EI^FBh=+(tMv5LE$z57Ho;r`aq{e9&STedHk1MXMG-oTXgMvFZ=itijg40kd
z8XA#OX2X9V9QJ%>EKuMrrB115f*TeXTZ4)sPYE8z-i(g%k%f8^wJ&oq{z8zCwejNs
zg>PU#LAPUAh|^6ue<4l+GK;yUnfrm6lefi*l7PD>@tCVFA-Im%)fVl1C4xA<I3I5V
z`Ld0{W4(rYpoL44g6pe~J;c<)cVgaCyK71GnR(=_&<v!G6m36gk!Y~U>A8Q3zrItw
z+~m-A3;rLH&VjqGb_=618{27Y+ji2}wr!h@lcs5WVmobYH?|ww_TAsOzu=6qb=JGq
zv*!GYHkq89oNyx)=6ZL`PE*wM)`Q{=x8dhGM+M#eMzg4#xeTvq>l-qbSV_6{!a!F8
z(}$QtIg^jpQLV|ChwgLGN8WCM_)-Ab&L`FH8Lj@j{`t#oShz2(r<#lPw4yZX52ra_
zSUlOLrRs3vMTin%cJP^lB3hWF)L^l_y2_xaS1y~14>Xd-lIz!qr`laQ)hDRf9&%;>
z>7y;fwRt}<iXCqBk`g(Q3Ob3RnwxVSjm+ThUu2d)V^pb;PzxY}sJy|R(mk0CEzpSt
z<;7>}^X|L-Ck_b(Cq!0P@j0`)yeJe29csdtkSfc<<9AYUtxx3?^@mPJ{#-m#dQBw$
zj{nL?6F-7wuawV+3QE3jaw16KP1RUi&u?WVegC}eZQ{mZ-r9{>5j?z0E^j`sFtRv0
zcKa=D*ye6iFR|#syGrzOcm9c;YbK2KW^m3xtNo}x!|U-?vTDbr9=!_XvL8Sok|gH%
zJA$(U8L?o73j-w`*@VHn@<LGGR#AD501xp*PNclMs%fy~{X>64Vvr%ylHxb{OQGfZ
zcH|Jf!n=Jt=$7Erw8$?f5!lSQ5ozfQD!x*j+!UZ#RP4;~laq>8du&LJrFqv(1#AIj
zMaCQviXK)S++;FWS_BH@%S^EY8d?<|m^NF5Sh8gE{7Qv}v-0x2>C#(afiUYJtQ^)%
zLUn`TeGQ3_43s1uQnQ6-LUr{av4}zY0pmb&i`XE^Hurj>04qr7q5`R&Tv=6eLnQk1
zgttDie+d_#Ja}u*=Ae!a)pVo4px*c646CycWI_2u#q*LWYReP|^|W}Rl6gy5XWp*u
zr|0lKL0A&6iy1}O&VUxE$7?fmJen&D!HSB5{J>7E8E+hmGe393wXA(NiEr<ghi-0G
z%(rHxMdmzVIwv!q@#(-F@S))M-$=AF2z<X^I?v6`HJr^&By0fhnid4U$aFTL3;p^U
zIlacDGKz6=|Kc)$NU>s%W80siS)qZ0q}~;+s$qYEI_I%@UL3TYq*b?c(ju@t>G|PJ
zzZAny2AU41sS905cg}Ph*=6KsJ0`V-#l;`|_B81Ry1H_5ui1%)k`$(U6;PXFh?2cq
z%8Kb?EUb$Xzwp&VyK2Z(RiXHytGmxJyH+UcWUlm8B*SV|#8kPMi#2r(KOgny7ci4^
zYv{)3C8EG*NXLos$1cnmeFiFvb9j^L`_QrJYWMQr$hhb#%?lr0IMh`qx8Dh)wWz;a
z;}ImQ{H`&dZ*GLRpeQWh=L@gf3i$ig`;`*F{mP3o_o3gJnhF<^cttG!%{Cp+<Zmu*
z`@_iuU#>t*i<NQo+#S155Jng9E{uP7?hqb&$=Ks@R_nuHxL|C_6<6BmiYN2V@3Fb{
zqwka!KFI1wXIb+}pay=e?jA&*qog&zq_*AMnOxkA<V(zC=u`6e_Iz9Gu-4+x-E>GE
zW#2o~OU2H|v?VvYt8JV`k02Rx53KTavB}mobO*LTbfObS$A4B_@R^<=x)7l-;A&QH
zHn*X)j2M2HHT<<k5AXeLtsyx-qXwP?(bU**r0-x}B(AAC^OcScT^$DHEE268;_m9&
z3PK7bVl{}-g8X<C(dMoyjV<V&6jFnLuJLDr+#sE!>}FtyUfc!`2;NQ=?@51aoK`gA
zTlJ&)LcXnARWro*g`Xhc2Bg!HHgvHp@}tcYW+yx;AS`etNh)MyX-R;~Q_U1Kzyag?
zoG>KME#^B@#15ZHK%ehOWv*YS@7#4YitYa)&kch2BB3lutbeZHzVtUXY9o&EUHhqC
zt8HFMl~9KLMocVRE3P&Szojdg;FQlUqajY6tu@4jgP-5Z?_*5pXeMsUedHk+`^}P!
z-HdJZYNMNgJ<Oqh08MV>(S@jiLknj$u&@F~BjERkh2_XCw*X>frkZa7B)|0N{OXU7
z^q*`lL$tSmzXZy#(-+IglU}+#I5X2nN=7Ds03O@^r{4n$?aRx3Wz3%hTFp=_qT6!*
z@a1a}dwtd49;e*HF}vDPfjSTV;|YlUy`iGm>v0j#;h#>zG&0Y-RiD8ZmbMAl8y<KZ
zZP=>Hq~#0hTA;LfdqZ{G0T%YVjSiu*yv}5a+ZAUJge(DcqLfBPkj+o!fp+_w_Qck`
zLuR#^(Oa~##$*^jV_}TN&`hq_Fv2ztKl?wUJ@IhF?|y3DTVd8(O5hk4W<~VmS%dP;
zB4aAz@zK8b$~`hTcsibi|FE}1r@CFQ!8RdZK5`yn$)KT13(FESD{PK^tY5p7hZ0Dl
zl-Gw_Iv<I>$?%R-2j~Jnn7^`TX|VXux<JbK8Sz|1mMEn?y-bLUn_84fi{;K~=rt_{
zcRN{$qx)h>O84iKK_uQ@V{lt;$Bt7;4i<N&r(-59kzBB8fg^FD&EXhmT>#O;*!2X_
zgahNHVcNZQ=u3F-?-33!Ho&y+#|~evHoT^$X6`23;ek`aj+noyB%sDo#^U@A`=J?!
zlMr|PfOJVm598MdCUM&Rj+XU#bnP}=5aw(9#pSF<Ur$f+yLVQRx>~=;w1n5BIsu1?
z!naIWcn(j*sCj(#LqQ}ZazSJ{s^_O+G9m{HM-(@M#R3Cz%zP{rJFp!nZZhvLUN6`i
zqm1EjI0VJ!EXo7Yd}L^LJ`#wkv7NqjS0FQQFtTuwRg??!uUoG%;p4weNh>5*S^>J$
z=_bw@FELlqg8VC5cnp51Ba*7LF&Ayr)t|i_%{re$L2=UGD2{(c8PR-Q3RvrZaZ76a
zYub{~vT$FojLl%PpC|zbEqCXP1_tbfKRO>#TgMp)XMFx7bHkcmXx;-o(_hX3`?wW(
zf__}Oj>DwVZbxfVw3tmBbvo%y=`vG}eBu8xWKGu`V(ytzf92M;S!V9Z%6SUC#0u)f
zkvZ4aR<iu$nWQ}ra4*sIyZs%jMA60X%awvk_+}ei8CTtVgx2|o1jMf4c3X-1v%^u3
zA1a<?LG1v0p#<z0AuxRtjSo@uc6%)lepxoR{2$*w0&_Z#X&Ii$?qdRlph2&0k4W07
zo^SHs(@PjMCTsH4w4o>d;*mthl}AwYAX+<T&jjI1doLv1e(U%pJb3T%-f0(Wwmi2G
z>Erd{dbM3nbm-dzMBj-|8@*0rYmx`p^UwD6yyrKIimwu@VHbbJPfkLmBUT~m*nO@`
z90p=hp7>FkwD#UNtQ4$2@SmPy(*JB9N{_)`m-ow3kgawFmMOH{K)7<+<OcEPOp-}S
zb-5;|((~#<H1!qIB=OSb$;YHnX>YXAoqRm+$JP8vpl;zu<jEIv(@JGZ=`IiYP?bCd
z!sqzua>dR2@5;11_CL+sO;jRg!?GGJsM_Z6XS>l=A3r{7-tJFFLJIXAj^ED|r&D{Z
z=_D%h$*dpL*E~fleu?)V^yiyFknNmj0Q05<DI6z%i2!?kRxc;K5>opCa58;owcV}d
ze<c~edUrHzMBNcbe&k?5uV~Z!6Ki?OL-RC;RSL%-5tbJR@1;H3-2JAXD9d$bkOh;P
z6=xkn!^fE#!NusH*WLR`XDFS1IB|E!R#D1IJKdx+8vtEE$HIgMCz!glTEaL`@l^_?
z7_>F1b<KqkKiBuqzw6am^=$<)P#g{lqBeN%B$Jk{wI+n=ufs<t0v{21F0<j6jQ=he
z<ocoF_xlPAbVN=HgLDV8V)5#l8ckHKZ({WuibAEGhd!0s?l=U`cG$pQLs|6<y|X2W
zu;Z*C(@s*}M&=e1oUAAK^>|l52?9iJByWOqy``8%ZsL~S;3x*eOe=Znw7b{oBFgOK
zbe$NAyIx>oO48DVb;RgxM{;olxY=mOW*Rj6`I@_ZnPE7r#BWlMTljYPA*z5ldz*?>
zWhZ%P{SoZ5A>h1r7$9`nejUzkc-i_bOikvIm@;2c_>0B+m4T6~Sv<CSc08d%`WhP?
zT(oZW3bFpB-=!HfmId_P)q#FYF%-dzw&;B&qbG55Nj*9yYB~|8Iy`h&QNhLS=chOG
zCVFmA_qP5P2sHcE96fod2(KxqA=+v0#6;A@q#WkXAHzz`fR~Spfw67B$l{00o25g(
z{Jw#{tgNgin`9lj@ZgtV0%2k-I$9ea+ZysASoqg2l*`-+V&UH1$gW(3?d=I4HVwr&
z%!<>p6+h%*%k>9%+yl1xK5aE|G(n_TwV#{|Fx5t^jRr~LE?`2`MSPl!7btvG?$4TE
zEH)lQ?$$_>&o=ZTlO@n-ZlP~UNe@!1QLf#IS7sN;OeqxL$@NmOM*0ue+8p6-vdz9N
zd$3?`_+@`r%8nz=YrFc<Zk2`T_3=f|kO@_WG%kLx<qHHEL&MuC!<0OgJ51b8NDg@r
zu~+H{kMhC`Ye)#0*-=^7M^>VScssO9@1|Ucm!p`wg0%csuZ<~_eP*$(w!W!IJ`YLi
zhs4ws&VsM4p(E+*#RkYG#uf|gK;@EVm_iK828(}E;UQ87<ofgCd<E*!s+#68PaQ3v
zv^gkB%{_1Q*E!{XK6WJf|M}}Nf7jT_a1Zwnl6-s*!E*!0@kjWl>(xt=3wbp^cs+ve
zM@*A-i=dMiU1eNZ(Tw)6`<Xq3%l?q`(PL_IRsXA0vShph2Zdgels}QAcw+8SfnP}T
z$mFlkmsMp7-DX&v$CZAJnaFgdBtD6c#8i0xK%}p4mm~C(7mPInclzWUb}8#W3OLOz
z+2ydS+lq<vemc#LDkJ3xpHL;2VHMdKnH<6$RW@-%kIWdNAvHM}L~m+}VA>5BQy%Q|
zFJzxCIpG5}uE*k>iqz+;&wwy~<~Y8H+dkJ;cSl3R4}?7g4$j%!RKjyaY|V#ct4V{r
z&|z&sU)+o$AWx4vTt6UHmy$B4$mn8?ji6z*u)s;z_Y<I4@7eAh9b45){*bOQ$3r7g
z8F<X<XxH`BBC)ju)u5tcCU!|yWq&jdRM5T^n~|;iBt;_=B2u?c-AXND!&Irk4yQnu
z3)mwiiDe6kLMuMgpF<`JJ1ty+bQc9_tdGDXV>V=-%loVCBClewuS<ehTWIqOiipQ>
zM^mei3pzm!zw~bVe^4K}7>6<yjZ+jfhgxe8N|kL6`O8E0J+s)QAT<0gi3S`l&i9Vb
zr$)%n%WG?oTE{DM=sI3jAVIyz@jJ`<kbI)ixlq?8EC73aX={roKyIfJfUg&pqlklV
zJvQjV06Z4VI?%t~&j)}oxWoyLCD(&FgLU+?PERq>oK?;0DMvnHiiN9&y42+JbI<VK
zqeK;Pzn{m>km5pUktm$vzdy36s5KeEJTFN7J6x!Vi3F~H30Mw!aQJjk@_ATyXeXek
zK+25vLaIg^Cth7+Kz0Ux+bs@_yi-g2SwNd-&G?fOOwd<U%*+2WKmVVv`KAVJjv$*M
zmE_-9FbV%4-nW*Qzr`7R5)j}q{6ui8bk1s@X+!@cD|@C}en&uDX7}{}eei)g-%aGd
z#51?BxLr0i2}E$k6GE=OpYIt-KhsP(z*J2sVQ!NYg(CYl%|xvQTnx*D4Il9Iw5eir
zYHeRW_1ST_Yi-Wxcw>vhG#U@~bpO=Dsmx{#OoWK9aJ|0wI|taLTDwx7(pG_aG}o=o
z@KETxCpjr)2A}N?`~&r;`8z4L1I8?H=M#Klzk=t#djAxq+;7Xv4K*ed3`!qu^<K}R
znVd&mSJ;rEExhjUmTc}Tv_29iBqA3;=wS0zsTj}|GpvWf-~FD{d`#MOsEo_qT^IY0
z?U?OkYxrlouT4;B5xt!`RuaP7d!iOX*9QrwHbcTBDXf|MZFbah6;3dqXn4{@f)j+O
zuJ6A58$(z2jd@hM5-e{P9^Nk~t_%?&@HoGuB3ed*Y_-z@_Zt-|q0;UO*I$o}30u{l
zuT9X0cSuO_H{#;r`<h=|qoGI-Pfq0i&flp*%RW+^*~@4!($JvBVT&_BRf0fb7!3IN
zQ|U#?dLp&h6oPOzz3`54DBnpa+xJe~TEyNeNJ!9@|FTI}65|);ALe-<_W&KsmX+<-
z?k`U{y<7OR<++uY7#oKh5~)Ml`SR2ogM7%s70^S8dEE`uYq)%EftPwO&U>ho#53qE
z)v|8E4R2@u*uPjsiISrpL@}i9Nza5ZV;#3%!-axqsTuS=Q1q{6rn0hIQ-|*<-f$+f
z2AbMH8U&ZNLjhyE#Sla<9tZCm1i$rc5%E*#0uk!+;>o@RMP*!S`(jg{PLsH_dc8rw
z+Sml>sTDxuwU|8d|3bp5i~6h*qs3FGSEr4|KqF~QcFV|aCT212;WskcI(BuXjN&m~
zm+WTSm2VwzKv3XQTd1h4Odm8^ApNnxv+E}3<bAO!sYV!OhgN^RVha@8dAhzxMsE8j
z_EcGWu_C5#F0B+tOJNyQ3b=N|zSycFp><Y%jx3Dw!SkzbpU~4NsG=IV>2tL8(v4su
zpnnH2C|zp5FL!k@Q4toR)aOexKqCuLiDD-+%O-L`7+gHx{$)pUESKbnuAkVFRg{Z|
zlW+-B*{=|Nr%I?dXUtxR6UhH&#p*A%0$v0@WuVB=?Z4aHn^C*}f`A~=WFBbbZv9A;
zoVY<)4$+P*@Twz5cXd<E^H4a<40Cj1jjMAvEuLvKHvJjs`krwQk&R-Oo$lR2)F4qu
z3^ixSs2k{i1gwu=fVHMP`0pL@9GPvMx@juWAw$VW;B@}inNEWbz2_B-EJb3O&+vyj
z9bY0#hsS{B&LV!h;xhi4L|+PS0B2~LpdSr6&3zT+Foj4z-T*8Tm_%G`eu_jAN8gmC
zd-q<#^7O3`D&F3Goiy}}dVSvkhmyrp=!^HRX{Y-Jg~V4~YI09Q5gG~es3xHluy&va
zJ*)yk_oga~2S48R5;cG?W$u)QO^k9wLb|ucjAi2_-9vmn$g!RuRfY`Uu4T5HR6n&;
zl(!%v{hkn8N%QVw6s)^mD)2;!`_p4VBJS`(vis73zaBzS!xbj(@C>DszF4**m}fIc
zlgQ)A+&H7@?t7Pb6!QBX-`_}ryd>H3%H5Vf#}FohsQug|$IHA_0R^ulT4N-a>wbZK
zCkvI|fIU~!c%b_rJsg^BQhJt10)mnAB@{{oFK912e;RO=p86~EdwM~0D1y{HU}EkR
zIMmsy2}5G2EUBn<v}M_in>YUpLmj$h6gD~+w*3>a_$r3|JXontv7{@DjXDvFU>LjT
z7$o;}o(OkGcSHZUJ+ZPgy2S}DLmp33GvKxv3DarJ_xu8BU=4yk4+t(|%$oD>7X7o?
zL-J)dl0L{^;XN&FB6IH`7XaYR1MADon5gfUukX-o(`vg)gl41JtSg~pr^$?@gkHpf
zwC&#K&6;ne0+L)&m5?(P5sl|Q4_FS0kfG;NrgRtqA7kNCQ_&Jotn~0mO{HX~7v}o1
zSYSej>HNh`Q*Y0I1%$hud(vpta;JWB=?Zf5_rBc3LqQx#ef#99UqI+}VUjy~o3O2y
zkY7W1V#s=+ihA7);5z{rXmNso)UJpfgO`u(d;70q9IPcde?o1od-vuFQc0SV`hmV^
zU|(BN!MV&mjEGU218`SibA0IN$d(ZCG-bKZkgj(MsO`9+!Ay^t?&dzB6cjM)Q-5zU
zdwJ<r3pTU{I_dj>+5(IT_bLN|edu0TkWysqYQJAnLe!6-1v;q@T$r)W&03}@@~-se
zPOp073($xw+|<O(HIT3aLx0{|B<!n|?w6%zUgykX-FT00Y-~IRKpOyUTt~{CFUNmP
zIL7tb7jt%AS*p_yuU@Ln-HeCdL-mKJ9KPdZEg53vg+O#^M?hYAcDey_GMzXJBQe)9
zrh_)8j5P{<v@%w@i?S3phJ~nI!58fB{c)<IL2>|~+kC;G;h=tETQBV42*e-Q3rT}H
z))Rq<^YU=9u|`4vzCZo6yhMiru`_e95au(~7z#Ft!t*V+vuYR1_#aYPpy89ah>xnO
z?`Lpuu*(jMRhoE0iSg#di<ztrQ6j7i-%m5+e1p`S90!IImjSkMU;zpr?;ol2)L6Nt
z={JP<ThP8mgh3P%!3)gl*2ph$eh%Yz$9u(iV#_fl<aa-3W&;#0XA-BF$qymXT=W4v
zWsBv;EUufkZK3+aao(D#Vmv6>X2tD7))|EOD(US@8|%Nyboj<gcRmQe^1bTan>>n3
zdUktSp&V2rdGHGr`Nd)U-*DBQb`Q=2IXOAqc6WE#>!U0k92lphDd~UbzKvfNm;*Y?
zN`+I$n(>zNg_zCu4Db_&>SFt)ab>b4Wl<F(_OGoKHygwDuI~Cw`vLAhR4uTO;L@2S
z%7I2*R1=kMqkX<|GM&u0SU4R4xtj3@JQ`ha1shtXJJt1_^Yk*oB@GsdjnPk^Z$@c>
zUGAJkdW%chH2_fF`0e>HZyezCz?4u)PoW@p^fEAwX$6wxgw<r{hK5%o5M6@42MQa-
zpm}lC<XwwHu)B=nJ8_1?o%}b{aD`OirGR&Hi-YoxTr^E_d|6-6u0`h11`$gOKmh|I
z<LI!XgM{jWvhT{_f*v1Hl8_maIb4I3#Q5CePNF(wS~wl_dFQK-hexuzzFHaSOEepP
zPxZ3B6@*XVs^*DK6OziE$6Sw8tMSPxBweW;oigH}`!g)0XW`0S$>#i%x_a6D{=<9g
z<(`(~7SfHkvjlLTg#&7-O0A&JeqdRHNimBn{sa&`mjP<PM<DoW0PuQC-B0FaJN38$
zw@R)Q9epiDL^q>y*XJIFDO+a8u5vkojJRTQVQJ+U*R+<E-aSXY8AUXlFB7FCbV3C}
zW;h&_eS$etRNS)1J%gjH4bf#MZ)^I%><yooVPLVCp=gAdq@-YdM?>z&zN=__HKL(L
zMFplk+MERBt4`s9JT$rb0w<xm_SjG~K7oe1i;odxIcTOesPwJv(;^dGLOkgxuLvxe
z_p>K<IVmGEn?Fz#vfcB1%-t=|)eB%LS^>GCae%G#cwjMH0z`(g)Kv^Y%9<)m2V^)r
z-|{Q2L}dhZ*)T{tH^L6jdMvg+S=U!qo{KwFm5~K{P^!%L)n&4c@s27{X9tbB=&(aI
zw6$wMHB_z~)f$)?(>DJ?7OqSUJDly;Uyl@;VY#iw721%nm*V|WjD`n0-J0vUEYs7}
z%R2+JVrp{k!8*S;l|JUdW>W`hS%Ox^FI>Gy;3(%8*ak12HVA{QL!=NHi1Sab7W;J#
zPn^eaEr`DcH@x1+ap4OUo^#8QigHi+p!WKEymn#8g9?Qu&bB_+B8!TOh?bF5Y?f*a
z9MRCw4E+85ErFf+w)-O!-E$!mu(>~tEuKDD1jSZqg(<TL>UwJ8MRTVyw0V_SAkb}@
zJ0B#uF+(^S<z^u(T)usOm*T)OvPSZq;&^`H_cI41)S|bSRf4aN^*<C-Xk|_p=Khpb
zrSy|4pr%(;AKu7lph*?ou&P3D!P2P0m8F8idvKAGyP2`ET}Y%@Ba(}PFTJN8YQTek
z#rtm6o7~AlX2I=qWBwoQDlePg>mt6RL!cB0d~B(yt5+4JAokT7wqL5~sK}L7mKH{F
zTgJK11vjzZiKR6;h+A-`Uaw`YXOvED5Z~@53V(P4=Eezh0tIAVe6WjGpvtYPI+Kej
z4OHN(L<3|&Nl2j@>iWf`$SA)SlXA3-qRyc{FGRh!?>wDq?Y;_<Rxvp+!jt67{=DAk
zY*X^Jr>06(P}SN;1;#R?jJW1soNph6gwwCO$+y?HKD-r!*SmP+KA@qyPwK2$vT*A8
z0-EvfTU14i8gxbinvQhwyPi*yLa4%z<1Uf2`K=C)sllhDw6wHPP!JH>j7?3^eg7jZ
zTUc0}0&78>r$7>4ZPLKMOtFBbPO9~R=>gXYWHHl-(%g~|O;^Dqu%o6wCd%oN-97xz
zb!A!D-dRXWoer(M5*;-r9Ce>r9-i`qd#lWM_4gwS3;O*IqnLswQlc_=un2fP1ls~C
zCN#vQ_jCeWw7Qc#0v9rx2djG0ub=I-MHY+cozL2N_=LZteC{Z!m|MV`0CXR`AfUNf
ztv4GMiZJl9uqa-6e|>ZUFkvW!2Lj$pqlJ1w3bIpqv1m*zywa#XIL)&d(XT~lV@D>=
zL?<oU2KGYsNZ?r0w_1YLib_geL(x0oz{Euu?UmGZWCr5SgVV0k4i`PK=*XIuMoV2i
zx&t*%p$@PgU@1sl%S-^HR@>&LrjzYct*P2`?T7adog~*(ENZ)Hy$OSpVt#88>gJ;-
zu?i3b;vltVLDXjB{+=8RIEDEo7fvX8dU!&%PuMJ*+)QU>qjL@<YW1aM8R(}3OxtG_
z@(ixNJ$bLxhQf$xtE`y%-bxPd-sPgu*=%Ko$6Kf0$3+|t^Tj(*z;$LY8N_<Hx~_f#
zPZse;i^EzVjr_yoW8Rm^H9zEtKhxIt=23wg@*Be*YQ#d*%18;&3-KBY_UhjbZ_bdO
z_M#&N*;!}Rqms*Cy2%tZn(c{`L#GOYt2sov(lA+Piy%HfrH0C4p*A5an9Doz&|KK>
z>=8wb2{OdS10O&v%vV04N@8NJUf<R4BV-o-L!?3;|C3(UVZi1T5b*y76m2hnKbw$f
zZ$4<a3a@bUYiNViVg^G|k%SbA(<E9}6*!sJ_AiQDhkj+)>pv^E;2)ZHfp-nRo0|Rt
zcccZgNh6ccH5#J?NQ%v}%TX%TeYwLdU$#_7dP0KH)k`F2>)qj&9O$>BrsUKDG9Vnp
zXSh^KhHbC|I}IQ!2*tiwl7vJTB1;v5ROKRwJ-XU_1n7+%=4=0YLXgSYO98Hnap7FX
zX2D?PW!%QI0V-GlgznCX#D2^_GxTHYSs9D^BENsD9ezH1CQH36eQC58D1esf;lH<l
z8^BAhA(Df&vx2a=0olL?K&j&fVB|rV#C3H7z{lbZu-vZ)@}3E|HZ-7n9NQ}k)ph$6
zkCQ^4gFm#LJS-A@c0@KA$$0B%y8BD6w4-F&)*1%Y4RtxJ7fPexOI2K)uiSRa05SOP
zq06|01jFZt^EJk0-}^7*O`a<{tN}3m_p&T3Y+o}lE#h+YuUSVm;By{pwvS&1X1)^&
zeRi4YB%u@1KK@P-UuEIs9DUCwrvD-Jmr>Lpek9H?L?etQ3qBcM(?-_O%bP37c$A+c
zVsOFSP7uLw%sjFEp9gfhw<>JNz|*s_?f@`*H)HTUVi%@NuW;uAfx?Sad0TCzgAoJ}
zA_fF~50Jpuw;t_XdOhCqmpJx}OQWTbG{oNRu~bB~iEeJHMO%Jgayb4>8BrmMUL;!P
z4TaK3TYEhJqy<!ZOAD1t2W{=`Q&0}mKyG-dGw3t${6FvxE-tP_e+^PJq(HDe;OW&d
zsl`KFFctoMF~vn?;?%(Ul~ZkF(=C+K$|b1bVPD;pzIywNJX1dZy)8Bo-or?^IBkY(
ztN4V{UoK>ja92%mmXxpAbRqJSmzTHG#&ITM%fi|DiuGxAV#2`_SdZEixZ?LP{s6^i
zMe#mLmzS4^xAF0%sEZ;?Nc1vbO;RVaf-HDQ$-1u(Mfx(T&cJWd@(CNj6cwv)#wxgA
z)1V?lYS^5t=siL;l0G9c^5*7Ion+cZ>k;HQ3O9}NkbG-160zks4!}IUwwyk%n8+Ce
z;WFg^C5_0L+aV(OzH>o_9CZn9*?+`6+4L*tDiFy0h)scT?DML_mQgSRDav<Cc7-T}
z2+?ok#$3S67xd%M`9!9WnqzZ1z_l@)y?k|C#oOU>kDlWvF%tH&2lr_-?uCeYdh-4@
zjSwP)s2T<AxOPN9k6`oQ-x|b+IE(J#tHwBObrC&L(3nnN&)LXbu}?c^;u55-t+-b=
z)X$Q8vQpq156I&oAQlC5-hfNcF*eo+oFmf1lB?d$-;oXO%@YE12!*ownIdJHF<|pC
znOM!raIJBP3A-alw=xAX2kYUL2aJy%Py?Q$B86WX@id<9G-&wYOl9qlO^o~{-NR9j
zk#t)?m*S@{EX1MrS;TUvC>r335AxN5a`-sDgMx*P@&d#J0eiHfyyoC9FOjVgk}2E-
z`?q*UjSOQh5{B1f<FVg?aE3ni6u?U|z(uUME^-)F)(ESxWI~)Ia~^xKGEYx=xj$AS
zP357XU}zSHTivEoSCJJrayw4fXdbu$rTD_c4^hnGMo;>IXOtHeC{ZfY>Qi!Rv^XwJ
z+IIY4nEhyvj#b>^M~jWMYmHLsprWay`DeNf_P!^D{PCL+QhmrlAC#~;%<jEoVV%Qn
z20~yvrdVx;(M0ab;23pubJ9WaazPG4dvS$Z7h#3)7y>>M^gKLIP)CjbaoDN>9}do_
z`HgVPcac9mw{XP9{9s$VsZ4+Hh6e}lBWs;D<1bQw{1`$kG#-d6FR0OVvd&j?Fs+Ic
ztYrVrZ-c6?@#h4l&74z^sG%(+m#+3D$qMc3o)6R^eUVSS8zy<xUF->81gNT3<7_<?
z-&2D#3x=_!E{FMeJcICkCxuP%j8PXiSv6$n`id8unHZ=4Qx{j5dRj-650KBe5<GP2
z0m+aDz+-}S)rcXz_*%Q+{rCOVVprKx6Zz{`R+5Z(oNQ@hcvt2+<N)FBXC*Mjkgc)P
z^R>i6fVbTMK0Ap1tAx-M4vCTIolt;GyY8dMQbnDaAz4So#3bY^F;@67UU77<Ia=Tr
zzwXK2zFu*Dkb_k~jgPmvkVl#wb5TuAZ>Rq|wCE2yd}wHioz3CJy{>2)h6qh4R+mh^
zpkgU7RLvPMKfp*3KNcA({HNTM-wO#Q?E29MiV=pv*R$qqqY`nVf`0+5iSL{?1(qN}
zyj>do2BCuY6*&U!b=4DnRaPIDqKFMG?!EeN7p=$u0)RGzQg-mZkm8&=gs&o&h_US5
zqBz?Yn+?@Kxr=Q767P-nVvCx@K&l38^BBN@?4w6SR;LFCE$je}!e=qNZFFRj9gte*
ze%^AD=>XQ9n|p}xJR`0;%Z@Pn-`@P?fVw3W5iW^MQW7DxqHILHDA2E_x|)?Nm3EK=
z-ylS)RPD$;5+bbEo<V&sJPMEoHJ6tk;{a@`hRGq#JQnOs08*w4nWv^rwt&fU!^2BK
zvG)^*@0^7~Bf{K}2L^WvPx<{m4dRA5TM@$B-&@G14!Q1V(e|!JGKPc*C!A!?%7r+3
zf}<E(XtzLX54^qzLz`F!V2ggOE@gxbFojAb<v_+*e|`P_-h<9$0(~EsY^n|fQZO<w
zxH%Txijoy5wUTj>!5G|+&D%KiEj0Xb!WW1lRQC7RDr{z!huQl}JF^aO!}K7V&aPTN
zIjLEAO6H8r$EpC4F2g30>xGywK$jx>gLX~ANQCJ4GpRB%%Ti7*7Fqy3C8f&osbdDV
z8VILaHs?4jos90b*~YtbX{OvC^gC}G3iC%CaXgTDZN|3KP`UGpq95|8FAD}5MwKMk
z8PNCFa_w=aC{38h5>AA6_lFU%V_Gua&w07JKRHi*_CihL^iBap(v%XVoReIDbaf2`
zaL9q%kqhi|>dqxez=cK*RJJaG!G}eB@r(nO1m&)RcuJp)Zb^UxeTCCz$4dOfE-7Kg
zr?RSQh0{||om7&!TxC<!JVG=Umo&RQQ)QdS=>v+x><%=!TCdQ-?|@Vl6ZlNGZC4hw
zMHm6U1c>Jc+{*8cPfMT+15VwhmJvqP1cPSY;P;2~VNpP{!TSgJ9_0K{R7d6w7b#UT
znA>j6FVo!V%8-It<y=1a_ASjU`fI30)!?NNqilFYkZ8LLHZeC$68&%9%@I(0ESFSG
z6ZYgqRNJprmc(}#`TyRVEXX|djq5~~iLtSR=ChwbX_Dixc5a6MBLfl9n?&Fr)v7Yw
zc%tE3HxHll-ytFo1jrXp`aI6!(vyLi1G$D@s!%B&r+plK(X?7gaj#f+*MqM0iD>w;
z(o!#dndV{~m8F>wZI4w-3^P?ud2?aW$qYz1879n-5V;99%ioa6v;Y&*H<3IK;280H
znRi#%|LJPtjpHXz54B{xo-t<xP$pe$0<1+7mw3i6NA7J0Ky8amNliT!d`DZP{&@|-
z6vt<EaJAR|;nbGPdzLWURnhR-u_q6Ng1@FWgO7LtnG}S?&;;<$O;VA)mtRJT(+7FT
zH%*#A$Cj`GIgn(hZwEgHg8>Q2B640We1Bh~A_aK?3wt5|Z!MOphv*b-5ryKf0G;OA
z>Xw&IX;%E{B#qisqSKTmBIr~m{G;X1Avp&}MsVzzHI#9oTt1RnT1LTC=?ZM7yAB>e
zQKbjuc?qPMgPjF~KGyF6<~(9|ay1w<%5Nd8+(zFMF+>6#$fB8^29pCXuK~v`FqkaV
zcwNdODHt%ar=gjuV+?ig`0r~FLZiC%$ME>vj`pP97J!~Oi3^Gid=Kz&pZx=RW+^#2
zIYAHsnprURR$w_;s0vq2p<BJck0}yhDCh>nADkUe=H&^*%{_GS5DgaF7Sv5gQD_q+
zeDW#Du}fQnD%tn~kfNW29SA@eF_+k%&Yf<7fd%?@l+x`XKYnQP3hWm2v&}CRiDMc7
zkC-EeT&c?a7s@QMJHNC6a;@14v5J~P%Wp>RsXNQxq+eT%nh=h9-0v9yhIQ>o>vKBI
zSwZRFn0C?dpbKB6zlwPo2g_uuUJqw0n;EtG!hjPmAI@e19u5Zp?t`13{>@~k@9gZf
zO3d^$@Tx1cxDLe=yenzflehC#gqY<Mb|4&jz8{g_X*|rEvDUgS@*$3#zXhp)mYF%e
zTjq4@OxW3e;X-i$*VnTOBKh`qzifArMw?3F?YH%7W_e3iLxVF2P{SfV(KZ0|Iz~W~
zroF@?xtM(Qe0z8;Dk@qEK!MfpPph7+Woq(!D0$VeD5<4fb}??@uYzo9kema1eb9r^
zuJLf;VbNZ@3a|0JE?~ao2nT&M3;I2rrD(y8%@~3`qGDl5dYY(I4-muy0lOH<XVn_A
zs<JZ8mSbAgUkw`BU3bI=e8*HXtiK>pv3@^$oxH48c-?fpitg|AUXPSyK;Hx;C0q!`
zZo_L?6vL8%k!k)n@Fo#*`Ay=<rpsW|^|l_1ML&s<64;C3TyUkxC<+z;fQGBbxu5>>
zxO{E1J*1NM5V)tS-j2F_!7vK9a>cG~{U-BWo3eqJUNA0(4LIMMRUMVzN6u79<Jydm
zncco6u8OS(n>!eB|CG?6XarR09_=m^aVXPP6F|kS0Bqe7l9B+1s7rl){T8^&sT7MV
zS#v;I6j51u8fhu{p^xox9XgYj+pVydOb?@nI2iB}>-gG98GIp!jbNCMc30q*zRu2V
zyGg|7zX8y-=OiwG2h1<xM<fCUT_~j>atkuLbrXIvwqG(lcFrWJT6szwL#Kag1g-*C
ziWEXjFNIdyM7P$mEQ!Z<YNZRgUxAudEYA{f?95<1imG&O=G5=h`|$lV`OF0Xh~l1R
zU^is36T*gILB)UuYij)+$1?Dcz28E{Yjws*O4TBy1LFFRw>^4&?Wqrk?W)J!!wPzG
z0?t!PBvrgJy4^Ryz~X|X9DMf|U(R1bT@Fluc#*q`PzE%kb4II1wdGVbY72Me3$X)!
z%wFdKmK6#J&1!7yPp5Oij(Y&yhd3)M>p0L~Zo!H+m#;mvsk!Jrh1!$T(!$XrkedmE
z6}5g+X3v~4A1bcHC={YNIX*h#tuko$B$22t5~Swcv!*XomxKu$P4>3PiEJaQ2a!pu
z{r~%3SXRN%dT|b<6lU7?At^oI4#1N0p)30_JUEWtb76u?&Xzg8Ok~@KDH&8sIgyFM
z8?;+r=~j(EG$2MBah)SDBltagf)zp36M(u33(e&GNVSl_bs0%@0m-r;V0^y0g_Jfr
zYqYy%Y4T1Wl3k@rS9bAwxRTg=4in~c-|@&&l<A#AFt(CJJG}D_mJ`34xIwJyAMr#w
zS<*vmjYl;En@R-6LFIeFRP-Die>05?mT~<9uz#j<IkuDkK#3s7Z~3j$=3Z`LhsIlm
z4JFEdhkw2@0R}9#Nl5zCSDoPVJ<r0wtub;A{pRA%L@S+oZu^eMPKEo*U*7)bkAM0@
z$6k^+rnPOwY(>Q}`eUT33Kd;iMn>E`vZ#BghDIr=ERNT-Q4BsSDn1mt+1zHhGqA_=
zwzFV07OLZE{VpecM_PuwZ(iy`zGa2>Ry&mfzp<dvJvKcdY=Cd><YWYu?u&{9u>n`a
zo&QoPD24HlJv^e5@MM2~ztwSLbvMItfbG&-G2NE~k%4C@;i#9_pDvWguYwVM@e>K3
zGK?l5Bx<k15jc-6!hp1lIWm(6CE~2g;B(ma>>7ZALtKrjT@ZqO_D3uksl&4V8d0)v
zTKJ5*U)JJgqt|dKT%9RTkUKha+r{l4?3t4>9xoDq3h^SnRXfP0*5|;v09#QLm%Mhb
zOC@MQ11YJ<Ie@2q0l;%FYf@5FBh;yBq6i(JG?M!U#P<@e@gb}uBzYr8pyEWWWCzIM
zu2@*G?i(+|<;jmDpG^GzzW$wp?-!!PNwHKq9;`(Du4tP7=)yU2ctPKHQVf|4Y}e@@
z&f^+;w)yI5i!P6Qg^^YRO{A9hx4aNwyO?lU(Xq3zaQEX!0(oWd5y78uGyaQdr<p3@
zoWL#iSPmyCr}D|ut4)=Gu6}l(<f?yuh~d7Mx6!`lCQ{fdF$Sn2;eTZk2QYfXD|4XL
zG$NGnZYmLhD7qFAx2HSH)^%s`BN(qu`FR3ELF)ro^>*KJUhT!p{x1yFavR6Rj^=GM
z2uR5e1oAJgEK+WzD{{Ukj1c%!%&#AN&h~Ry7*}^IG9O!C)|@+gg?1aMzvbHJ0j_k*
zawSz{-c>ljlZwyRsk^i5%&TB=jKM&a1$NFz5i-8X`bUrb&8Ph$Q2(#rV{L1?e#Y05
zqraCJDmu_nI7l+`f&Gi~$`lUT`{AeA_~d-asGL@#5jE-+Da69I3s0Q?x{$ggxwyD8
z3SQ*#Z!uv>ZP9U`?B{E{KiUE&S_1fUqpap8-?$>_s?)wEy@$0+yDT~)l5Pg1g_kHb
zp&tb}BljwLSC?M3d~tx@%Dx+o^EDi+W7LSe@_P^x&fMWz(z1HGGO0D}fFoGNAKfWM
zDmb64)T(_56+)EJ{QP)N921kka@U+*rJ|#=735j`_LIe=Aph3)`R%0zm;^Wp$-o55
zglxc6AxUWJ28gK^sG5^b&OAguRbIaxyLFibzFiM*0fN6fX7qhPd10~D6;K}rgLDHh
zQ&ap5M`teb%ga>^boCjoT{z~kWEK_{$QYN&Hj1C(Q7K&-AulVJl8t62+=xwuJ>9%f
z^$C1#<~6+Vb0*H`)}o!C6GuBPUxmsg^)<iJU-_`%RlpSEeLVW;lXRF)#3TbPo=2cg
zdTTiNEBe(U?A&<Dl>aUagIWobX`ak1*c$tfyg1~h27QJRuF!K^?&C8p!mJ#gl2;>{
z@0Oym8ATigO>d~o?7xrL&nvP%$Rsv*g5tmAdec*=6<=@^HPGZTpqCyO=29^?4xWz~
zwOKALm6b=FMehPcbbHd8fa2P)0W@V>)~MUzU7y2}+<Z4b5`(dk@rI%hA<708++7KR
zNZsAXD1h4Zp0!1U_N^po8SV&t;_+q?rd*yst((dcHXVpA1fV19jrJ=Ic-~WL$h;EJ
z>$hw|bCf~}ZFI?{-4MBRni!7BKhe6sB~ox`ix%Kn*A>D$ZffPJu9OR3c5cW^>LeEz
zD3RWdVnwI0H|o&rED)%E3gr~(az2g6bd*Xb7!kAshs%J_rbb*o_oGQf9Ht^m3yW4y
zz&SE1SN8x#Lm$Pl0MtD1!wTId_y1lLpl#Nt|7EW?uViv~zIZg98q=)K$wh(JS<uj$
z6-J=X8#cp~vCYqtk_CN7C2UuxY+^zr^IB4BS7S+8z-edA>-N2`=qbvnoeI5WVPUyq
zIBKL)_*n<nwN-*L2ZM=?{QzzNkUr*s@^szQq&DiM4Izv+Rq(>JD7S|jOKH>?i2PGk
z(8kr4s*cjlR^W%*9^#FQ2@MZY-a9aXHc-i>69n3TcGFK_!gCG0I<A#4ysKDc>IjXw
zLn&`Ov0I)6J#Ix}brdm)F3*38VS7()H)Gevus1j`3qg&e{=3R>pTY>`;&ceS&G51j
zbOk6l+iZCybv8zF%f;g#X3Pd{P0Mq0bMi@#B2XrP)49E`ukRsD7F2W?4NEGBg^$l=
z57-~Pa;ObGeU1d<Xpj(5qPlWsfC=I9AyYSXvs7JAp6!jbMe;B9ILQ27T|W7EoMeYM
zCd84mQOH8tTP@$I5UR1hhbl<bM(^vL&HSmG>udOdk00N*-_pzx+Dl4?j(~W=D?1z8
zkeDBVj9$w=kDFC|?E5b@sqI=M<vK9)=63kF>o~9MvDN(q)fjuoR#zk3D^A{Lx8FEG
z2-hiI9~=`C(;9dc)=v))y+oAi_N<+Nb7r+Ei!-UVI&?zWaFR|a^g@{4sx|^MCUAV8
zjjt8H|2=o+_b4h*T;M_z{+V6|wdeL4e`AkAP@W0%ai!)zK-6tq`k$jE3z%9VnQYow
zSnS7dOk<1AZCXyCui+VUUtet(!UOs%e*v2ZMjVn_8wndsqPGqgn&Zvg0qnIS5fUDr
zsMQ@=O8BdI*-N2n@ufH0nYxfzvEv5P(AU$1<n{AcWP3<754ZBNgPtWT9X&liSXkIR
z9-vmv0HW2k=w53%L+1`Xo(0wK7zL(R*K^j8S8Y4BNK=N3U#VJ#q&s3vY3WjEE3qGO
z4)35Lw&Y;QwH5(M@GjI>Eq@*!o^}7*gNeTU{QP*}n4Ti%B+a{*WZ~TUC0Pxb42_|y
zFINtY`5Pj_`*-`QJC}0ex95L{8Fy{=hwZ(1X^}*i&)Y$is+N)mORkFDmF$#486{xJ
z^rTv-t>{1W!T&|V@IS%=6ogQ?P@b$iIgEU8h!p7LD!g2;p-%s%=wPolRL7QEs|S<K
zyLgq6$?BI32S^FtP@}o&2Hq$5HE3{&SxY5#QJA*r@hbwA;K-R!(`!P0*Y#3}$+MM4
z$H9St)#l<-%Iv6VPuL3m!3|I8qzA6honK3}R?k>rZ%B(v0@$%nGSdA-@SM^KLzR6~
z&dhB+T#>?Wn71$I?MH!t9)PJYiC&1swd4M3yPx?#u&IjU8mY8jNJRx(HAwXapTXq{
zzaEvrg_#Km-2W+p6=fmDBot_<D~m+*{Nj%UE&R5%6d4-0`L2sWxK{kN>|@t<;axuC
zePd0o=ILm?)h)cME09B7QB+PU+bxYM*!=lrGZP`1;dkrr9LUSRl)LX<tDP%4+bu?f
zs}1~c8yzh7B*Kt-kwC&^Ue;*GfM^xUy1=yP+nxq4c6!5f$7lsaDJ#kap{T-CnQ?2o
zqW=xkiFjU%E#|<AXVlha2?*3@KVPO&DM4vRvI)cRW^%r{@BGf)1eBGP#Fhw0B~G}a
z-?Sv@TE5h=enCL?vZil^08qBlW>AkO07VA{*i&}O{BsD@K`CG%`O1mIJpP9L%m;Re
z5~fo6$l_!Gh*Z?(XeH-4h39SyOy#u;auX6QWANCqMiGi1M(E#=w$_y7bE^@8{MgBt
zCoFOA9Z{C^g-JoH^@th$=J5Z@e8@EzJ-xN@h9lW|%`0*pGpR(ltOK7?r@Acxwp?9Y
zT)Wm%$lXLlCmIb6j)BK;dODNB|3^Zo9NlaXNj>0o8J3mxyY%8Lm6Wl|W|NnMj-H^#
zj*d5_P$j=0AP|2Y6TolT2)V_a^;Hg`kr_x=Dz)nZJ}k<vt~Xzz7sU`%(^|nq=DS92
z+i#awgOShhpC2E;?&}%$icY@AX!w0*lyrG8BC|zG1;=myw?`?~Y^*nmMRIX*!S8jp
zoE-bUISICnzC^g6B#w+XZ!CJ*OS}xC8kK>96AxOx`MEKnp8hLMSE9r3`ExGlpVr+C
zQ9QNW=G`2Brwe)euA}=4ZBA01=k5L`P<aT^BD+F^sSf^j=)qn<*2qPoI9)vFPbDIP
zm0*6^?%M3EWOu$7)8?q;-rsxXJ}UhblulxT2o7{w7OBvFMUq1hX%Hwazj?vUZP#IR
zj`&*JaP>WF=cs%s>Ku6ZYU@CcL;p@2gY_dKB8WPix5WUq*zLE8<3`|&u34jRLsx_O
z6xrM;{tWUIB5fdg`H>LGPg_9$+t955_H?H;V1PBd2Q137&W6`@Zv@8V-boQ$HS9mq
z5{gO{z^02wAO7zuqy!s=ySMF0UhD+RKvi}D$#xj|?^1=|a*Jg<>Tfp-k5vr5X!jGt
zTF`MkG>2+ZwXI5|eeg1Kvlf@#0vnS*j`Z;h+kWVCIIVET7l=o7@d2J>d>7)i(b3~2
z;m<er*1}~jj_~AUm9Fm3ewTiOY$K-)jH-E-6H=QVOXFE>`h%P(Sp<<fbk)q|t>mzc
zXv)n*b$hTphBB58&srFRKN=I{`d6KcU~Lp#M*-`9T)-#p88Bg#HQ-(t0>^4;1F*CE
zfsbNFT6#L7<bn?85M;L+?BvJu{LQLPVvzkEsqdhv%S;ludXsGcDDsfdPrq49`TT9e
zmc-+`dsn#B#SR~nL@gN^nZSMvl4}zzjR_PYNmiuODanvqxSN$D*bImEUAM%A`n86P
zsPEMdJa;`&Evun~YhRu)3SOp`@&vSlq_`11YV8mu`+w9I>-Uz@m;R_<ve{>xLn-$K
zyl`mlH3sce4}`Q5aQT#Q>rMIkhU>!_T%-oBCwD8wae_DoM67?mN0(Zyyrd%|Jmyh=
zgqga;n-vf_JhEj3#fl-KbpwQrkPPn1MTa{pym#Jea`cSI4wTL%18*2|>YcYk?JhSZ
z@0}`%D_KSIfZBCC_vcR@oXHg+`lEC84xE@anVFbc+&nxsNH4~g8&VY7pX0b3VH7RJ
ziD<N2!n;eaK`FyigP7@Q3&*=eoiE2CJHxTD6+*16kAthS`1S-MSAnk&=VpNOaBBN=
zN1zLsJ!478F@nPm6A0C!6&oZd6vOp)=JcB13Pe(bobcH`RNM#MEiP#odvGsNaVNM!
zg)fo=8;Pc~Hv6?(fis~;*tvh48_y(_M^3kw9bJ?DII6~j>*5@#Jpn<3OW?Qs<j~Dz
zFqFTbV!!y$pD+sD_7O8tY^QHV$S7SJN}c6r+!xK%5KgX@P2K-~x3zA4#@b7n#s3f9
zE~bc-BSVG;KW!L0YL0etk{La|O@<H=E<=HilTcVy)T2^F=iJ1h0ffsd80gX!Sf(||
zQ0kVnT+g=fWGgPINl0B`31FwqfQDN9k0}kiW-l@c7bPNmaXj{S%~DRg#cb4}@TU9c
zB%36%f#`VyVc~Art4_eXzCkJfLt74XK6z(@VPsuKkB)ryX4P^wNPvIo#qJ(Vw(3W!
z1nYF%6DM;qPOyn$Kr9?6Ac}4WDN)0M-p<9t<NXeFdsi(!Re3)M{<&&n+DwTmM@JaX
zSS!^3JPYxAm9b)H{aa?kphKc+ZCCAZb<wZoD((OcHp};Kxob#`h)9@VG~|R-pflYS
zK?aZi!2s`z;Nw8Dr44+N<MsVL(h)FHj!!UMn?|Kp%GE`CIy?Tu=ofbXobcvtJclxQ
z^sGneepJR?-`1uZ0TNLSxrLim5S-xjkqD0!<lrcSd&PTrDseMq;qA!H<-kXrIc6Y>
zpA^&KO;0;oW-e=pO^_Qq@vbFLjggU-&s=LwrRpCM3A0$2O>b~@F^U*^Km|cWLp9BT
zr+8dM8dD&S3_1Bl(oeiytiJshRLNntN?2aq=CF4HqKks+1_pxC=nh_iuO1fvZtEl%
zSuh>{<c2WaI(#8g#4rCo%Vs-fhH=x}QakK)3tirewC0q_XwY^C;m)2k&%<u{SKA9{
z3jPL;Z=qs8J=eO`6OfUaU~$w$|8ateu7+~LCd2*sQKAX$MCRT?69t$gzuH)bH@0dg
zEa3hZ%G3B^@jdX7HIZ7vkpYB)Tr0gOi0MsvkCHoJE$$2UEnslSfO#CC!pZ|Z0jleb
z!jKSAcOdsbB0|0i{7c4a98w|%BleA-uG)W>i3~2qH!Sb-{Xr~i)Q<aX=qe3#rJ@=8
zz(Xg2d=qAdcJwU!7+g7CaqM;84JL^&y|fi`cZ8;fK05|cWPCcf%dtN{G=W_}^6*}2
z)#(SPK*~O^IF`rd>P;I=_u;}g;Yx0998*74L37D;^?%+wT40Qd>wkW5z}2o+s^ny9
zW|kqgM)b7uUyML>EeF`{tqOM2O{?!o**@IBkrKx^9E$7%H}P23mELP6(0!dFfGWb9
zy1R{uGZIeA(7Lm$@M+`$pU4AR?Ncw$&qQ~3clJx~^7}`B%F3!#i+7xz4sP)Q0X^56
zSTu(`L<oiE@7hP!=cA>(L1v}Mqv@DAuN=7OUJn8*QR_23$afgT*cI!LD7v<TtYjl?
zeX}O(1mLtWLr5IXk_!tR)h=d>TFcstGCn>|k6qDnbp{`W^WU1(R2KK?WMp2Rcet>Q
zLRymt<k6!lo3{0ws#?7kGQ<ol#=?+Pg-FL{;Qz>a%cv^buxpnF>6Y#e2?+t|1`$M3
zIz(y_(%mgx(kb2D-AH#MAzjk_T|Do8_x{G%{@|};t##j5oO8}&{+1*+{P&8I?Je#J
zqPy6fyAYKQDPCD^0Og92q0_!^(iMd4wG6(q(Tb;bP>Z`coOx-r$BMpkPxJdbU-<L#
zc2~SrIt;&|A-QTW%!IwYy@eHhJFgOlJTMECM3T(VQ_x6Wukhi67>9Cwd#T~|HnUnP
zg5lzP41Biw+298*>mlAMl8cSlgiN%yUTBTxh}2UubVt^h7&I<8DPxy9G(tkck3jsv
z4$mE?l-BCl=8U)Dy@F6nq|o~GU{1Xs7dVuHj`A0Tl?bvdb>R039;73Ac35urM347-
zv}AZ6ZLL2*AKvCD)ll0DJsiv`&|=vcBRW~w8R#v?YBLe&NDCUq4x_dgz~D!7aVGaX
z_ibV}ZhaXs)kLL8JMVY)HgJF(5FsKa6G6T4AAYvwq-5aoYqGlkR&%dUFxNK}+-OtB
z`ir&4d*@C_lyGI^yGyCVU$=r9nJWE{LD!8;k?F1;>wmg~cnvWd&`{>zNJvRp!HO@x
z7@E@94Z6A#?A6@05O>*-CNzHd_rL&bTKn@Sg9}aih?48b=eXjBf6+Vbo(S=NN~)Gq
zpP?ls6V-5WXH7pQnKJHXN%pnnOz_R`6yqi8$Xh`92uM{q-rn4hEHyb;1nufE1(8hp
z%D{zXq~He8_XhoZAF^BCQBhq$;bCei2JKsQ&=-w5t~)dReSF?vjfrE;^Cr6mTH0vh
zocEvbxaoywwkuLCyp0`9r$7xpmUI}lChXx&z17N7J1pYWk!GVal&JEjl6e{g!%8f+
z02&1@8f|ZowJ8{)U2egV)@-_hUTov_f9vQE?>2=28!!oh9!%!`1i#XtH*Du&tq=>J
z63c24lzFsNe}q_0C#oEP<^W>bY;`zv*zm^4A7tIGkB{)k$lA0BJk+clCp$=+#~Mnt
z{@j!!QL3Q-t5t`}K$NwV!PrpMe4zBf*>t1t05Y}&4UW2jPqfxaBAZ@W#}ggdJkbQ@
zUE<J$t<vYu(lgUh4_~x2A0d%++-Ue-`pE?RT7H7v|0FjcKan@aSp`~Ixu)M8ilX=B
z<}IH1xBjBkl7~-s<IY8tAKw4b7rD<k>r%tj-c5ger3bjLw(q;1!=ZWeu&AXhz3owN
z3}v&K<QFyC4K}U&Bgj|Xw=Rfh1hsT}Jl#(vT?v#UO%!4TwGceNU=d-78z0o^!JK(^
z&~J=1a}4wiMKwZ>C;}$Re9c0<jYk}w!;EidvcFb;xf=Yky%4!|%^u$d>J^I1bz6xR
zmk)XtRuPm}GRHQq0Zo+B6je*khfRxfhf)QN2egDkP+=Jvu|9b%Sxd^F2%DJ7RUzeb
zL}Yl4!HqG?IBoJU+~N1ablw9k%UbKp7oo&!#yIi14obVmn{YaAU)ql?k)z_TBb~4h
zI55&iZ|0Z27%6EuBkWyeJeS@11dcAauyB3-UBB{hp2%4AP{j7$rnjB~|9<mwxx%0u
zOB=xw=0CZX0ksYd9UUDe-)<3QeM6((aWe~8D~}c`hGY*vm5j^qbMn&FGeITN5lPiW
zjBD;rhMU@-xz=>G#CsORMk83vY<L=<`dgs6$G{6|uHS**WQ4En{BwX&z8?AavyI*p
z_J{6p9qc2>4OC1Zgn-3If2GCcEvojas2!5oSzx&vzKzRL>^BbAr@3#B#hLKIZ`ZDo
zg|73rluZofqPx;dyL-4t@T1elMm#QVdZ8-5c6{xSf_jVxM0c)vo)5`fh20ly@j0;G
z!<_;3m`HJ74rL|dj0WI3eXriNmR$7iGr!Oa{yzETznS4i)osdVoWy-fAGKH<vhGWX
z`k51&?|pd@05!ZltezSzbx}lFLA<PHZGG|@^x(Y~$ObcjN_4X2=h%i?jVLidL=aC&
z2%V!7je(+qRv77|!6|F5P85!+KYk_Eo))~$qBEY@;G!_xWZ$MZ%Tdl`KbTMSSfP}o
zxk7lez^b*|akH0y)D9Tkmv2&cVl1uC$6TJOk4C{jDTf%`5_SFL6Ux?jzxt}iI<hF;
zz}W2Hk2oFvU5O*2i!J3=5+m~nw>@6mK}A6cBa&U@tU+jl_{GLfebv!fL7xIgf~)Ym
zJN~Z<;a3y1;w+3^p>h+P@?h(TZg^ehutd&8ObDn@Ob56Wl9L23l9q7^gIkSturbQT
z!@^#SQ~d9-GiKj;Di*JSQ!$!$rD3locuJs^Hmr<{?C_|NUraD`N4LSmHt7Hr|F324
z*ST<s-kuDmIy`bNLJ)c;@-&I&EL1ye1(7$RY3<bmzTA78_arMWKYuSa+A_Fo%>SL*
z5~)fUQxnfGSI-%CDw>E%Dr!054uBjWe0s>pErP7J+>R%(YCTXo<d>GFQ5|3LjAS*|
z33!p*+v<H)72F$OGfH+Rmq9!%VepFWpB|G0z>FWZl~&Mu9T~b9h-3i3n%0A80WDIL
z8IFFzsNLp%Yi~9xiOzQem4fiTtb2$FVGK!LUcR`cv>($f!QBh#ljJejS9^-u`Ms*Q
z;_JRVW+qyHmr)3KhAz)B9Z-tAa5CR%vVMO;SWddXApa+M9(@AQb@vaaKJ$O`+Vh>U
z{H`)R6-7$To}v@p!{=?U_Hs{xpP_k;nqlrO7c6u`114F7IL3-@v@9a|4x7s=xOiz{
zkPk3}VROsUY9P7$D4;#~g8jH9qlk~9@^1^!mqAX~RETDg89ctRMf&>aSWY|d!fi5<
zEy?`rlM*yP%b_cAEVvHsOgvg7e#~&wKRt-RQXrxc|0C~08>EgmB(3X7=x|}<-ctSm
zE00r|-v$KWtG=%t_)y`Q;7muHn3{Ts?8;&`CXLQFG|W8HyYSq=H%>rf<2)Oej1ZQw
z2vcwN3F;0YwtI}ipz09w$Al}lDl9^(1uc_NpT*7Tc|t<yB5$8lsM7_evz4vR?lElf
z5iv-0XwN#~;Bw7G^05gBobj_!0B5KHTEcMyZmxdS^A&8bXa!lobdD@_TypqwjkJiv
zGDsgH$?UGKbqxUjTz1lD%L)rS_t<j8N4yK|i#ENm2bcr)s)ZVDgGC9HNwl?|JFs7P
zF4S9Rs1&PaRoU!Zb->c~5fwD*`YQ1uO+tGba|+ZW)BeK8akB1|_HyW^m%|x|ulWTF
zh1sH*%w@(q&vUrkSlxXI7K}$9sT^i=xrVO<-kn?js5F%E8jFjR7wq|qN9?glin1Jn
z8~nHF-+b*&PGUd<{NLb;^ZvZo5)8%p%C81i_n!j>osX5qbe@xc9R1~UR!6KwIK}b(
zemgy_f?>-$5f5LY-FW;GF*_C=lmB$#89ia2>z^hZCAM$sjfQ|ZE^FkPt%E2Q4cG{{
zHxF-j_V*Zj^0GBCq0>1&!MohfQW#Nle&4@83C1L`yZ$RG2bNPO&!>mRVy-b@e9vHM
zauc3xXcWq+xP{sC-nn=d78awHqZqQBu1+cI*+EPxF93lEM0B!S-3`B2NEPNC184tU
zJj=Y!r|V&*?c(TsG>AlLQrtXo?>mc%OeSWgr;Gkm7v(?eBx!z<wRqc!9Qj*}M=iVl
z3QA=zCag>w<8U~0F1lkbuQ7#TnZoT-=|<qr`x^Z+Vr@7bY_m-P!}?-S{+%z&1p4T_
zlFs~uC9$^j57#0YRpa-lAAYeUt<@{^XHK*ePQ6LVq5Hcqi0_Rn`qn=9U&-?=<Ag^#
z@AuuMSAuQa*Lvmfn-i7YaT7UF{JHt!mQ~r<a3^J>_}t^j``{p=92QlkReww%QIulg
z0Gq<5ibu6?^6y!Ga|uH)t|`g<kFw4oxkf5_O1Y>Xf~1T)J2dpC5+JRX34k6y5g>w{
z3_*yuqJXGY6p!b&FYBKA519y?JCud9Gux1t1tE6Igg+@=^9|43g^`zuJ0Kl;3<UjT
zf>Dv<=F`Q;iI1}zPaS-2pF($0Rq_?w+o%;E86A9UV`t|^an`vAWh$CoUQYf9&eWId
z7jM9ViG#VHcF4m-ML{$As}%0QMM7{NB6-{VuO<ifLh~hPL+rFMG27ZXFtmrevtfJf
zC0PyfeVJ^0sP+d2q+htp&F%x!g!v1bJ~SP!gUkaoLawt1f>1iV_Sy|Urvj{f(#RiG
zT+#(2ueHF!wcjO%zxwEMW4bmw;P6ZnSmnNmVS|R5h`PEu&p=4qm0?OZ`rON20n48z
znx{<5wr#-KX!)sJe1cjdxu~Yd+%@H3T2y1{i&+B&0~7Vma?_)+41`p{;OKilU2iee
zF0;vU$U`Kt@%Jwr&}`4lPw1+%lYVF%U?k@-?%31U_xHQeN#<3=;OD>TX@d9BD7y#&
zmp#61_T)GOrc<2m?vuvwm?OS2vmlFNnw*a@Vf2TU%OU1cxJL5<EPiY2=M8m(Lt^tX
z3Q49~^~8Q$NV9=xDPDxURc^6OAD}GTn2Pxd%8!IUw{LIPBBOiIu#tP){Zn;TIVoLo
zw2r;ehd^ENE>!^yN~3_qzi<2ncJ{0Q@(Bz@O!BKvQG;Ukz-6At(2ptT`%A_^O|3R<
z%crB&;<du3d>{0*yNkxe_%=^VF*5U^1Zb!|QW@yerH#|*Sgo@8Zf&hCJ|y3M#Z9gX
zcqY`u&P61KjQaX|VbB}tYO~Q3f|4spZrf!x9+iknm$Cy5&rfY&bD~K~w5*3U=jm4k
z7rY?>&n9``=^EN{(wF0(OJz0RE$LOwK%o+r?^SKxa9@Kyl6qr3aX+fy7mpaxX6gZo
zUQakuyDW~|R{POC<VN$;?;xM5%Y8-?lQ?emCI-j!<U(3mXxD_8DZ?>?1TPbQUFeJJ
zABYL5;H|cK-1h*RBEK;hz!;O`sX8DNy$fDuE;6Q&1o=5#@%(xPM7lRVZXlX|zEHi>
z4UEqdWh33mrEni)vVZ~`c3ArC67+lM%_pMqewkc8q|o|LXMzzUkH;9=2sqICOE#ck
zce<p6Mcp)q8a(GHN(!b%5H)`+HxC0Oe70KcJ}DGI3C=6XwYS9qP~9hbIPeF~5xsol
zHyO)Le(k{#A6WCt$)J5CFaM3xD&F4Jm+jOr3$TIZ!p^51JT^}K%y@NY{jCRCMGbs>
zFqYsec=TEm74p?Ju1flVKA0P}m6JfeIXvuku^UZ?GUGP_ovlvctSBQxU~ObH^#@!i
zDDMjjvv9a=*ojI@O6cV?^v%pv<M8q7_gX1zPORDZEBU-wS^Kk_J-@+Z1y814A)oRj
z_}nchJ>mH<FqYE(!RibRWn?yDCs@p^jJnaMf`L2MU&6%4uWQd);CaV)8TrbEkpIii
zRsW~4{qe1dA=04)QCtzdvD5yr=>D!Hf7`d#Hh>oTas8l5<U(jdHH6+3vC?@nJ>VeW
zTJ`cO?6Wt+EU2rbT}^+Lt-jE>y_F_BYIenaHfZ1T7Z{}5l-sA(^cDFXTYGYFAg{`)
zlxx0nyY}|$c_8!NfWbu+4h!F@6ewGaWGC2_^~}-wq$#beHkD9?ATQp^Pu&U;(#VJj
zi!SK;ju|fO`LC<8rbOzG&D*lyPz>#XZGO~<&(&2GMWKPnVHQe>qcLk)d0qxyGvnhF
zNl8hyVRblwC9n!A&%!n~Hrh7p3HFc(-uA8R45_wH=tnUJpDcv&a^>cUZDAquJ&{Lo
zqBhn;vFh4oK&5M@sAD{7DelcnWBoF&8XrNd-3@{_f2PP&T4^?%5V->*(YZgO73d`V
zb;vd9teST24?XKHdfcn-c(^Lmp)jvrd$q*Hu_0{Ie~65~5ut(!R+W(%Sp0vK!F?Mr
ztBKOV-P%d+cuOXv!NngmRhn-qwN6z|gb*mzxXwI{-$RR^T{|p^5~1B1n>d}*d_|##
zjG~Y-?M~jQX!hGHUJrKF<2NF)D<>cY_e?7%fKkwIwoG>s++pDFW}fHK(9l>uV(>sN
zh1^Mbqcd;YnHA%eMDhF9F)9(#_qRjm!WW^cTe}Sj+W+H@l!P9H5#u&$;pBh#hUbc@
z9QnTQ;q4{QQcnI|Wp#Pni)KyGO)EQs!GtK>XIu!knl!g@(Dt|LDV_{2E@3VvTtL2U
zjwb5yFxB1TkY7IfM&HmoD5!sS&Ffjv9%$UJUk3T>0gK6Ey0szi?(unpe7lrqC`TdI
zv9Op)`h-M|x5^sYOL^D62=Z}A_-UPAy-!pf9PnIF>I&*>hT&|R0|;;R7}HDM6Cn-M
z^ibAVquIV%DEhks5tenQ;DE6t{s4wQ)KpY;!0zB)4JZNVB5=`wd2YBvp2h8ZNmGN)
zH_!OQJVM+53|rP5d*6?Zda2Ub{&<!g75{m#m>rJ(!faDD>iUr={Y1MPiNew}uW?CT
zyj@Thy98jHEn(J}Z3?Z?$BFU_FDNpLLZ!NlI3neXN;=ZHz<aqU=|DCQ-X=aBAE5xC
z03ZDK`zmbh?3~JZ2b4ltqadTmbK5&O$V<HVpX6m_s|)fHC@=2y`x8?1Xk$7auew9)
zP3VUFHicBP_@<IiHlX%I=d;jjo}E^C*q*hJp(2In6H8!989(pTrXb;yXZALMu;UU~
zAk#Z@M9XubyY|Ue1QNaEm?o`ccXd^|q$)#DYasD-p0O7BP%*VmDJY^La$?e>Eut>)
zGrOxZNdtNLFfSgtTcJX6i`RvZIUHA2@U1o4bUL#!an1KT7p6P(J`;iJ9~I5c9M+f7
zXZ#dYgYa?Hlt28SRjde=Ux=TN%`3T}!-M-@ArHCBi9-8jvmzzGb!qHtTD-aNDlI8e
z!}>MxR>au%tH~-XQ7o0gQlyA$Ug9rPtCIXt#1!C_!!%K-G>fMAW$eC`)n&Lwa2ud1
z@m?7Uik$#>NG$N*_=RAB>(DE3S=JBRM+Jv|5_Zn%!r!B%mX%e|mV|wc43FO+gp0nA
zgCIjVHRwmz3)(L&cS23}lcbH|N@9e1NxN5@{OQ8@<d}l?q$WCTz)h+XL!l9bar7Q~
z&e38fTS2q_R5a(UY@llly+%Oq4}QQ%Fw}fY0C^Qfl*(l`Sq40t<V!VXI6@HitsBLh
z+=hx+A#@lgBq$Do5AcQRSVRu{UDT-hG4!aNz89Gczs8`m96k{h)j*r=)tWvIB?y`u
z#wNXow)l*v&w`IwxJmI-UV&{}5bV16;B@y2N_*w`;e2ch6aYt_fWpM)ax%{U$-!C7
zE{{<{RCI>_gw$?hqT2}0&b)2xA8n(wTqX5KKO*b3fb+Qf!tF}lFY@U2+#bD?{HwLr
zgr)7^;_nDCJ*ssNchK@7*L_$b>|saUFIw+M1daL&E{i7bth|Je9pdY{I>Uyw{j~<;
znWDM|1_mJAlp~n=E$ctbhLoph8x|R(+d4heC+Z=pa*_wkFQT?+*m-FZu2M-dcg05E
zbc<%D_)35b8>@96@J&C=^fQbaRGoKByiLVQd5I|Ae5{FEA%!I>W{ZG;fOS9q6fCKa
zKIqnrS6AU7Wznx}*gZSv=W-ws%G!+x&fq}}SV6tsP2z<^+VeYIS?~!ZGiX;Q4tuVb
zgI2#>ZT(O*mdaPHoC<gFyHF3qR~`M`cs*QOqv_{T4=4#L=syz)ISn-t;ibP+vB_nA
z-wf9otb9dP(m{Goyh`2LZ5SA1o9-1K?QYi#Yudx|n<y}Wm-OjjWhufNqF@lr!3AE#
z={%0kWFIwk{aeOD%ryR*g5J4*Q+^ax5M+CPltfZ<5Rm@X$Y%agJsA|hv?WDFRh$Bq
zpO}<{WYNK;F1^k3)2Fw+gjvz{#<_~-Rc5wYN*dZ@56Pd^)wLr+QNs3<er<E1hmUSd
z?peMOBdN;HhDj-sQBeY((cJ^3xJ&z2O@U2A#w~YiKz^-Se=FvYRTT>JrP2l}RM8+4
zv9q=%7@vF?f3e`X;`Zt{NF!KbB_izot97FWc0KbMUCP_HI15^zlOJ6mtbR~L3Vg{y
zzkY4o;o!vXf(ohsIm{1C*nR>X1A@kxTY`I`!|&cJ<W6&IKsh*kHBFp)V48u;oHWe~
zQb_3&aC)?;$_tE{1>mIb7OMIoW^0ZGXuY*)orcw~iiTqJL<m19lfJK~510H*z+*Z8
z|IVD2sv)q@SSg1b@bFmR)>vcixnxN=$$2nDwW_}DF2|Sy%9{)OXmgWQ)YQa-RsF=W
z7z&Gv)z4(%o;OO%%hj_dOtlY1e-8~!ny?eJ9K?uy(*OU`e$y&@M#UzkbHkX4zNof;
z^3lYR2F+-fJ=$AoE^3eb=^BVmi;(XZm7eG-Vx^qutrtb}0H4wkez#JB^ew~sUEgwx
z++;~1YdPC#ec-B};O}HT1i}wIQWeR%0zI#68>HlMFnfK40zQ8Hn3(k|;=dO`Ld~(V
zsNdftp43p>0IL;UtDI2T`U;hOe6DP8q#S<;ne=-qq*m&*^}a>j;1i?Ea|BjtTU{-w
zxdV52ZVs(WBsEdEtiSNj9>f@SR8-V#h^1v&o9m_d$v`yqoQ#_g1U@Py&(##ce<sK0
zD$eAyRQM;&5##r0r6Fi8NrNu<Bn!nLMn!xtP|VNIFLiY!yfyNBA>B;L6$1mTTA-09
z8Ju=ZLPA1j!BMB~^irXHSI7-Lj}T_>`|ezh^Qnl@WCNDeT`7b;7cH1VN8oMJ`u`P7
z>Lj67dtoDCptLRIby%1v9(<0(x?b3z(5Sc8(?Xp^Eq%12XhK_c&P&t!g3#FT^T&6r
ze4U^{u${eq(Vu)F-5b4OJMwNq-|aud#mz>YvBQ@aZcc-dFI|``No5I%NnRRCSZFaE
zokr$3+nYj2tYr5&(xS8xwcJ{&HcvADU{miLa+P>5$|aXc&|W2s2QpX)Gmzs0z{fr6
zs?X<WAh~M)=cRY9!SFwL$=epV=i2+Rq8u`KIwnC^?Ah1UDvsk%yK{QidVXs3^CyzI
zF%H4T9UMgDh{5>5oiBvayQ=G{O2kO`>^Etb%z|`Zu-|{vD&90mSi*-AZFF+LH)y#3
z%4NDtd-3lK*?!|Y-v6*;+wgumk5)~--?{wqS!Ec3BEQYkKuy5QvbBJfHa6s<CWN(4
z7^a;o3aiFJ$k(?><}ZHY1dSeqTC}0D@ywDqCN@@w62bsFA0{fJ;(qF5j5(LsnPr4A
zf|?)~z$9V$-91q7c{Shv@GoSV7@CEsslM`hZE8oe7H<ai3V7p`Eef&cLDG9MtEfn6
zLF9%8O~C;>zEdA5UMgNy#2m8-+0V~U5p>tu#ntRg;g9dyBiDX1rlP1xS1(&jWflJd
zpj}%TvV1~L>7w1k(6RK2SM8pUchQBP^H+PRFHzvJPk#bwO5w&!Sve-Yz5UtPl+SMV
zApGCBXaX&Yi9IiFUI@3Yx8&Ks!a>vht|il{h#=F><w}NkEo2Lt9%1;tt0i7*WC5ox
z5|kQ3ypbe@MR_=1mfWE^s~1eS))V;95{DrND*nDy0UvTF%on*kVg8ekz^ZxD0hC%2
zaNp$P$Nz4peDsG9<MXL+Hj!98nIqNf+>ii$2X1afH|*1rOZOE$%-OeLk=fX4co(F<
z*-B`R*8VK+A5@<&ynj@c7f?aBhCX8Nq+N!ZDE|5L=l0P|T~=G0RF1(uVoTIdg0W-k
zdu#Lu#`rYP2QlqI()Mo=FQ6H3HB(U5d7WFD^e3O}zc@UVuzH!cW`j-q7;1Hy>jhxI
zGEA+M8t?Z6hIRs&rJdukmuTv-l^++kz01ejb2=|Al)gyziFck)`(3R-N3uLPx!SMQ
zA{%$As2x#%DFvAR9wi&LC+Z&;&$tX8bm<JU%bCBx*m&d#%cI``bpomuC4o6)O_Z1v
z9Bd*Y{C@wSaa;b-+5Xo8&6bS0DnW?_Zg_f{icHzl7v@4e5W<e)Mx;i%)U9oS88))P
zI$N5>{fH+b8PZi)Vy;z8Zjf0fw>9%1&U<>bHM>mGQP(*$;~);M9+klFA{6v2@Ak3F
zyEF6i?Q5nBV)y^FqPu)nScwwPdukr?;P}!~$Rj`_{QZ|B4KDlX;pD<kvfzRFcYl3i
zeSC1Rv>C(-oh$Cuk^|8c6mdw_I+!47sW8?hHx!ZK|F+k3?~k}T{K_eV(^*%A!udMY
zNM6wMn6)32spqgB*>&9SI~XSiK3{5<w&9m(iFnP(wgb1jiVTWCWL-ygkZ#h+<Il2j
z4g(O03R|?;C(YIv&p!ph$NI|iv$7V&ERqc|15wY!I+Hg4-nnuY*Lf3uh3U;;X}_<l
z)L6+o$V5p+Wd;<FJPp)(?WBdz+wvT?bx<=wzWe2;vQQL&gFn#h<|ma)jmZKfQ6}Vm
zQ*i~(_G|ULOMye7oE{3{)`Ur*nQGwo%`=3M;KTRrtH)Qb63dp!QL&0&G7h~~M4T4c
z07YeXb$5B712khJ4$J$qe)3idj|SrIs!O4_qq-r*f>qWHp)5!nl;+N7^E8HfbLXbp
zQr0!j6CZH@CHLL0!2SW=qHKIBTL`5FZ+XUYX?`))_+Mt)*xmz$MWSE{m}?8ifQrvp
zM2laL!MP(X9P4&iNJz-X#Kc4~OESKw$h=vL`S-}knttQ}xKN^H4*v&|Bao3*I0y_H
zWcZoq7uNjlhgYveMbkNdhu@_yMZ5RmvYau5Qagp@v@Lt?^%t;C*O`+cK|SKBMvuz{
zV2aHvB&6N`QYvVyfqz&-k*HXd7grZ$2L^HnUh7p<*vOJA`?muR|7MV^cE940Tmb0m
ztgB}+&83SrPTljVxE)dW>Ld74&i{_4xrq;bhTyZ{hk+K36GEV@B2xQ4$tS+4-O~Ej
z!RH8^L`naJdmIiD#B=gjZIX@*h8J3Ulc*pmhz<B42Z&!fe}lBWO+&#y7vt0__I5Yv
zbCbo0p6ysAYxL@p5Qa|Yy&R^o=hv(d>SU|PDNKHT^AcBn`3+T0SAH6_ik<Q4Y4^}a
z(pDH)*fFs5Uk&e0<fvaBuQadxTC6}DOn^m1Z-LKuDqxQT06x>_f#1J5>uTd#c-QBa
z?}!d%RY~&J4K?3oZjp-ZX)eUW1+|ShmG0zJG$5dnGo>c>0zd88zWG{9Ib0zX_yT`Q
z*5$Ut6cjUKqoi=8;?l3@A<$l7YDP({ahpLa6V8u3;9oGNzO&tc0dKexFi!6QC-gR7
z7zUw;WUvThaw7{DJ;T-|`yqnUpYbg5lwYNl=C3k6P>_-NOM!+|1>{(t5$->May|Fg
z<RAWlfA5`bo)xJDt<1?+cZz6a;-q7|YqlZJ5~D8VNE>ZwY795r;nEeUq|H%<p~ze^
zIG)ds*ZFXQWVwjKJ?@{DDhs#kG@(p4Mhxv-4#X{#@|54{*)hSVNu?MVl=W(b`Dk=?
z34wPIUP%Uq@#ZC$SP^Ze_(hsRbsP>D&l1@5gmf0qqjMfNhv&pD&#1rbyw0W)$av*(
zq|zI0hK<q*gBIMDZsPIDHe94t5;@d7+9!&rq#467{%w_<?0Nn*{_dskZaGvMno0;r
zZ>Kx>=RR7w0*rlECfkH)E>s1i!G2F!8(c@oPY1!H4JRu1r7ZAZ{FtFVIK0How8b{v
zz7(ae%D#el5lNG-<JYfWYBp1)1qJNH+~(6vqE<~d9%b5%|4>x~%QUO+rhoK0(X;AJ
zM^=0rW-oMQd$iSOsT@1C+f6vZnf6+5XwT7z?OTWkhKApmf%>;AjSX0nez5TK>prB2
znbo2P<a&yV0i-EWth-!`sKNVY1;w+H($d$^#TYkambxate{#@qaM+?p?Sa66)0;PM
zw34Z(st{}()@m)(IeAXb#-*hH`?g?mxf@;Zkey8{s=n`=_slr!SpMjmo-VjJPyFtK
zgdas{aOdVz$IQpL(9}?q%x<W05Y2|k>i0CXoO{Xf;fJcT9l|8NnHO5vao{D0^Ic(+
zN+5gJ;O<JkJmz9tl8fhNXf~C;20E-$n1u|L!r|!;#jz<VOR(cl1Lo7A|Cej`he3BB
z#E<EtK_s*Qr{0<X+4!~fN>eTU29CU`v=^ale1aE#RH(<2HeZSpB32N3p@`@oW3o;n
z!DSh*y~UuWQzz_;6WgVJ>q+2$^Wl+&?<Fx_F5KQX6tb_04_2MA7tNypbirNqJirS!
zeejTJzdl@;!kFx&@C~v*1<r8ZVOM&1%od|u&*qGbHE6!h7;#*h9_fGD$P#;cEDS<Y
zUOeFFZ;0g<60WbQdG%XHF^mU)t9BfAR7Cw0X*P_vHsiMfw<{$KBHHfM9XfaZddhQr
zy5oU>3d*@PpN@={+?~|a$_Lev6Wf>$PlKZue*fyHPoEAxfBr1EZbET%TjPIy;%lPM
z%X(<7tM0WK=u{4JAC^$Xux4Y$j9jytrP_^?D$~Tw64fAJD%KxPjKeiDrFh?`$xCZ?
zDVWN;lCbOWHqh?&j(X#F(z!EUz-UCDF)h=tV}NwqgfCo#qr$(W6gL`j?o2iOj-n}}
zr^TNC)W&lc+J$=>3=`z3vxnJfzW+_>7fLSCs82;jh2QHp+A=_~f0CWO)C6`0-nAB&
zYIX(&)6IfUIg6^4KS-+lwiG#9mW9buI=5<IxLH|QD^+^Kz!#)(>FG80Y<6%pNT4r0
zP`-{0N508CRAf$Y_$tR0DQ<FL)aYEU0^ZEYa8i;~t0kD>_%kK8gfJa)39CwNWcuhN
zuF1DmT_|2};Q4#g?)CfxsenXnuUw`C&rw$fkOu??R*?f=Bs2?pu3&y%RDAq45hkXM
zEU*I>)269vfowR?a*3Us>Vrmc*f9Q`B}>Hxg3QiGX-`505`jm4Cgwp218cYJ7iiSe
zV^gA!j2@;h9<B`pCyGM!w<NTlo#w!(T&BLjzCqcb7B#3tqLd|WKqt4%^mwe(%TJg^
zWT1iez!z3sCcDtoUpl=%X%F&cOIWTGji{p#ezvnVK-pXj_3e`LO>!Aiwk45wXY49l
ziS>S0oA-62IS(br2^kRj75^qu`GEgz;np`^A9i}Ca6m~f{Il{G`m=~K^s7LCJM`(m
zRZbXwS_%d3hSrI>xyV2n{9M#uf*F57>6gBUfdS<WD__{+tQ0oXQo#E9x>0X$uj4v5
zU12cAat|zQM);RH%e`L0Fzb;fM-xulIC)-K)EO#$qfO49)W@wo`Iz)J!ZA4eQz)I%
zx4PD;a4uf@>p6_$Zc0)6GMEk3d<Ck0pM)$+E~Ar+sMvgI%`WPvJ_TJuyDI&2&=`Tf
z(3~gQh-h_ugIW6GA+{MA%oZA+pMU4t;SF71IWo7ZS#46g^z`ey42D7Zs@BqFSHDSK
zb``?$SH6vR3G+w^wF+xU^O9o3sR<8`OiX4nItr(pXLIBPwt-E^trq5RI2AD8QRV??
zyR)DDIC~^mktxnO1zCn;{$f8N=!l<GfT|Pb2MOPI(p?E)vm6`BhKPH5w&C%xZGsRc
z-@?MeAa0|tJq6bUf;GpXNuwJOevV_vaQstu#`JDR$Hy~mo`yCp*ho?&;-rexU<I^g
zBaEIT_!jndJuKO{zPdZbw+8vD!tE*CoZ9;L{^j<ABMM@(dCet>v}<0{`{4uQllqCA
ztzW&6Mhc#2bLK1(K2&yJ6jcov#GJiIl`nX)fCKc<kH#Z6uLTl$#WTbTShzSj_t|;4
zzpwkn#j!k!+QBi~;J^>=eYNCC5#I-sHs5y<^gO=3*FT^VuM&{(!$<L%TrWA=T3V`-
z2Z{D9rSP{r-2Fa@L(5g%j;rK<-w@hHesKM?KAw+5$-?p>Q^nj3?l4o7nX0%B4bTAv
zfXnr#I6<Q;{ZS*AguVU6P`&k<6$dxB2ZE=XvlNxLF^DqWBM^n>HP|0D;!VoD_C>Hv
zkhV^Ej-4~k8U1ToQ;oj=74qfbVsEOF6|3Y_y)!mc&Rm8%bp)OW5$?FOcFY{rftyzC
zFkcK{B09X=(vVJ*I_V_Fuc4A)<Ppce1q2111cvHT>{3J|ZfOTV=OSbkodOycJ@~A1
zZ|;GfL@F}$p1wTQ(1`XH*Fa2}&+>x`kJWO6B1u0Eai_0jll-@p<cl9w`0<(XGhDfa
zl+N~yH<G>|zev4uInx&K(Z$$<7qLLdK{J44Nh7_I@9ixz_+dfcdLVRd&!3GRhM{rD
zrri*QOhh$qB<m*RF4E|%pb-8Ce4u)Hw>R!v+uMAi{FrTyc6KRfW@=_5@YI^b=jSLt
zOq^Gf9{x>G!K`*&vsxfTKazQfnH3f?+<n%A+Z&o4kh-{EC)6LKD7dMuhzqab_WulP
zzn3fJ`hc2&_Vd1>?2GQ4_5N2AF+J-)KhP;5yT`{uIHQb**N(@)3}#U|(u1s7`O#;0
z25@=7jg)u`6X9e{FaveWSp~B#WN1fU8^Pgt`L-B54r)9GYt7PDu2O}P7Uej3q8@VJ
zLuo;orSGwls8Lpy6s~#DzEEAt<e$%MS_;;ou==@3c*>BY`dKn40rPP`|A2s_MA{_;
za`Fsn@Hos<9JxS=d;_sQR|;WauS}2^anuav>7d(NtUa*n`$2YVc(>8~n6Z*1-j~A-
zPc9Ne_oK=<pe2;9-P1b!Zr<EH?dd#TN<JmJqQZurn7OlbTi=777k_lnbK2%}Xrvbj
zsImn0H|!OWSeiNt0gii<zk0zDdubxU2uilUOaQS!C?FdLi~yDB>GK~aXTSMCV70x#
zb17tEU~oqA#5Mwk6GEqqLf>=QQy4y-(l)0SWoJ{>p}QK=YDlFu8Mj6vTSx2rAjpp+
zcg=m8Ny?+!H_`6Fx=Ga19KkDat)LVcC@PW@JrUZHbB7K<T0nYTTvT_ZWx)ougkb5T
zhx_{VbsA_AM1+I0>~_4-oLuGe8)bSSHsQjc60ooD`oF@#ABxdMkeMxAY9ot?fX!C7
zbj@};*+&g|?ZwrT!2NN{EmAnEATncuJ?OX;KR`l?_Gj6@L;CSbO_n!`LgTVfeiMNN
z+m?ZG1;)#>L4{Uz_63=i%$+c&5K>DBq*Y`N@s5Q;6FdjPOe5!LW$j=VT08%D!>tkG
zN8(E%Bvhw}k(&HIKkqdYh;F?OIdBG_ysq^~c(wW3xuzik@s61XF-c!Q#YerTE*A=l
zF0Gc3t?MnL{NHQ5yVfqlzs7bex6H?8^}p7>xIwdQyqp0aA0CbknrE6PYaj(BC0xj;
zsLQ^hnMGW(Sy`jV)N_uL5e!_2@8~mx(1?z=c25ls()EAAHcM^r@Z{14@h4Sn7#a=q
zZmYFqN6pV`H0L4V*YppLfa?}EJ0NcM{Sidjh@8VzGFx8J#;CtEn2kFo(&eS%29X(r
zS5%JHuWU$t85!#a&tmXAW&y5XmQ=|79V&>~S!9Zrd3_JY@DcsAlK0V^n}ZG?7dOG^
zy@^OV=$ldV<u)ELeU7QhsH-y`qW>|vH<N<;tHqZoyWbxgW-N=95z1TkHJa75^k97t
zl)F3*(>UNrH5-CIoEG0Gm?%^YOiZp&9mm00D(;KRRd*1^H7Z!~T55_CGXs<~H0GfV
z7MEm**JB+n=0i@@S@f=Uf(=X>7I`fnR-@m$tg>#AM+K1FC9@|Vc%E)mo=`dC*EGE=
zU)O@qs=%`H)>J1|>sk6S>t-DSt)I7Ct{B+`E|MeI@%m?-bKgWU<SQJ!FDSKRPd#i&
z^awf}=D}e`YyR&+W`2JDZ@jJnN&#;QiI2LC8>d-$*yPL{wW)n3b_MfyEOi!QC2+&z
zyD97?w4a3vsB)Q*>->HX4ss8%70@9yiNlK^izrIp;9GoNVZqG^%w5l}hVpH+aTG?V
zVc8piLt(d^uVB^H)vb&wi|R8>kB<I>OH6!F=X9bg-_nmS?M7?{(|qe9=<?5IXrEQF
zKS)qprb|8&9`8pU-C}CZ1>5}JqGq4+=juNSt;dipX7$r{Z2N9C9cB%`oji84lE#02
z-f-Hph~EAFWle7AX<89!^#Z+`sIXgP$co<j;N}8nNSv9Unb@<W3{UMQP+80NMnIq$
z<Hq<8UmeL2;u!~}-MZ$uLL7thb>&YV!B6#I$5z$u$1O(~9$+A6dev^C9^8VR|8+L;
z`}}1KC!LQ|ftM;K@}_M!;x0?UyFC`D^y<=?kEw2j2!_`Y`yue&0mL;@n7zq>&}84z
zA0+f&7T7P}uZ9Nvz9@5LE2-f2mfm`=RB)WMM!&&xY>A<D75z54he%!P*Z#h_O!<|W
zB{DI=MO{97p<fFX{-n8|J5<M<L2JZA=<r<yKz;0uhwzr<NJo~vzNRa&T}lHBxAf+U
zBVt*<?PlLmJNUCus#QPq;pJouZ;8X*l2Vw^Q+y9ynGxCu2!e*i6mY>FvsbOG)!3gy
z-D)q0f(>f}uPfu>i<odBmO*lu7l~SGX9`9W3Aj+ZES4<cyHAQScxU69-lkqdH1|U*
z1pJ(xFy0ljAoGAQiQ}BtUy)LU7)8o}(QonL=EwiSd3sh>rHG&=?vvhny-5X5d!xt@
zHKcNtKcEW@`93lr>*tMjE@0tdxaJ1J9k5xG^opYEzzLbyG6v0kXkzug>>RB_IkHtE
za@aQPq(y<im$+CY3Vg>Pc~^mVXDrt>DY*!7LO>(h3czZKw@EYfT0(C{7@FW&_QK@S
zm}EV?33g7*itu3^H404wS0zn4K~MK~Nncu-Q1(p=9S0r3u(#8N#T^`v8_GPBGuWfq
zS(FF@j+7Z~H|VNr6Y%EEluWa4s^@Hy>=*Ep7l+J+-`hetz9>tpDEu@n_||l>vVbin
z=o_8d>-?j?UAC4!Ek4uR&TcZdvUBNL(8<AZU#`c9_toA2C9Hy`?4a2eRySgTq@?7d
z-waJpD;dUEm-A+v`u8YZ;_M}N)WdJNAi=QC*Pq~es7<4T{i!6-d-@TqP<=FXbfZ2a
zqGDoQ0<T{uvc{~Ecq??bxSS_s0Gd(Vi;CrvA;w2U{WPT>zCh;7ZTlMU7Czn|8kVGI
zk}3$JvOEr!R41KGc#pf3k3%4eS(HlSrAs2CJucc+lOOrLBZTy|nOU8J5wynp{&f3?
zL*k3W-fvthIu(7D*-*-8o6-v^kd>xO5otONsDdwD_{RY!tF24B>+2L}{|@sNGpr5(
zJ)ebTIff*tyxMmRq51hLuNoV7XH@5lzS+d%aK@aFa+}_U_wY}7{0mAJT@P|bw7udp
zU=;E4kH-=2eJ3)^Dte^Vk?k|OPQ^V_hf{JnOe(X()-H{ak(cT6mS(LER)%C=?U2t#
zKP5L?0}XnP;iA?5f~Th07ne$fLXNW)VrBKz*V98oMD0ktyu9ovXHLSmNbZ|)`^JcU
z0ZvqqT~bsOt2jF^Pi<;ofI&R9A5Wmuyp*0Y>WydjPC`_|Q!f&#ltL4d)f+XnL8*Nv
zNSH1(XtecfNZ5X+3HgE833Ir-RdD?7uc8(k8=E2~-X>>3+{@Zl`Z5Eot*&ln7?dQo
zB&4{cFoPh@ziIJ&bX9-JSe0m0cB$aIv4x^!mTQCPM&()r>67g$ssIcbRw_sLh%D&M
zxS(y;cxgq*L-WEXe=V5VjJf*G{nncS4rS8+Zyx^-t!r!sXE2yGtsK>f$ST*Y{tGAN
zN~3GrKlja`XNS=g>E&3-V&;KA&qMOgW}P+n-;1Z@6pIjxhltJZ(;8xiv$pB&zisJW
zP=JiXVtSHUR@UQwO{tz$YN(`pA@4J&B^a=m323ifuFG5?#YM((>cVej26g(V*)~vV
zwNzJ%nD-&+dwEXX7_`VRI>=NrW1bNTI39A!h66yp9d0vYDgcbc%Y?#yiGC0KU0Rx&
zjW$mYw;zvmzR@zwTHn|{gB$d0dfUxMTLA3ECdc40dOU2Z06A&>G-balj)x3d+WcfK
zdz_YdMVA@9yANm+vxwJcg0k&t?%`jmva#sbohq#Fm9~E!SdFBESR-o-)r!qWKOqzr
zDT+%ph!cevbI7c^O&UyN%o5MQ1g0Xac&apiO6`*v$GXP{XlMZpEXOrxmeEbH82B*E
zHiU^vI$Eiw2)q@8&#J2O{rHXAA*%>+s8XjW`Rfw3hWGR1mK^G<VUb9f&*RH`H;2mg
zWezHB*Y83aT+aWB?~G+65}ZZBgDu>i{)+IkK_W{C*-Iy48DP%70X7#c%44HpLpS30
z&|6-^v!#d_htF#fs%w1f*u8*w*SXNfhIDzj5UVab@a!pP9#L2PEhAy|4nqXT85@fR
zIeX;W!h=vQbv_m7S0ku#Sizh?r=#fjXVO!VegVSJ>E3;F6@43=?00pHFdq21Xn>SI
zCRcQX&gHvWX(Y|0-5&GtV0c0Z^O91*X~^0ALcQ`;qg+u@QK?0uzrVzEkzXo;L{JMV
zY3sM*VUTTtd}k{DqD#IJYa!RDT^3O>Vq&rXZvISiDN8JQJUd9Jdx_1*_jRW)@eHV(
zjNyH9U$A?j+Y=?`IMD#5Em_n^VtX9$;G{$DZ=Rl>?kTq^K6aLr)Yo_76swgAxt^|f
zvd(!Jf-S_bG4kl+LK8hEk5w>v=UuUH6xD}N%<Lsdt*I%J49?Yw(eDOZ`gHK0!H_H*
zWN)zF#k|TzK3nzwGvSB`cVcB_)x3Te4}Re@mi0TSmJ4<7@`c_WN^zDRCL2T<e|<hw
z5`5?FBE48vJFe-1g6x>pjr()tq_12=K`TpNPV)@BELbGQ_0Kp)R$?yB*(e*5kpK0i
znu@kvGt^rB{Y}{R5=}lCC=}BuF_2D;j^<chUe>l`j0_G&Qq(x*z_ypy?zdz+f}Fyn
zCJraOY5RWlFa9fdH)XmB_lxb4KF~o6e6xJ9J*kLleCow2gvz7zyeT99Iy)(_yPd+4
z&d5aOz1B^R*w4hG<FsJ+Z)@;rk|8wOeu?z3>9VivkK}x1dv^r$<$uG9>&Fv?UU@IP
zhpGw!x5;iE)aVVNIte7T_9s7G@9|bfUl>*YQpt);Uv}!^AJZc>?HxvHbN{&Uvrm+F
z6ly7tg#U#Cst7hTn=gFf_-90EMhv^=RYEq=;u<IvZlqNpk475gZa2Pj>;xNG@(T&O
z-LMxK!}d3py&Ajl4bhV3SYVy-#yczNj-rz}@|(xg!LOoO8MbG=M8b<Pf1YV{I4CJQ
zp^?;-4S)D07p>#@LurspFnXH>Pn4}FeWOOZI<vEub;e?W%0>R>azXXxO56TYVQUFG
z)2SD7im+b4;$yM3H<iC5lEDq819;ha50s(X0A_Rvo~3IbnK-FiEuF6QE;*4yfQzH+
zYsq?rz2u>`I0`<?JH}%pd4GLT^6J0-$5B+q>|Z`Q<mK&{g4dayQA`FJN}>>Z19lS1
z57F_f-c<ypHQ+#n&67ekPp@4yC?}RRb0azyk}i1Tx@W(rUHDq5bK*lv)0^NVYU~Cg
zUg?JYc!f?&USRz~TJICGw`rF+ysPN*)8`X#pwnx-B?G4VQ)Pd>c9Sdiz3eyB97X05
zY~YiFwwiHk`Yzk>@382Ao$)}hQ@VeAd<C#F>VCfn_W~6V9Y25fHoX8>F6%Jy4EQ><
zdG2e}vK^p0TjB4xZ<~^P(;br=wiO)B(=<rNG9V!<sP>J19VltRy{@Dcs}S+ud*7hw
zYOnp&&cGmHPSG@@JoOEpQye9|8QEY$Nf%lWy|-E%K2?}A-Ez+v`O)Qwdhw<;c0OW>
zNI$U&Nvq|B7brkSSH~Nrx{T0Is1$DxUS+2j5SC=+I|fEZ4mYrTWs?dx&evWNWLAT*
zRb1ZE;-ao@m2t?nmn!%=)JnA72BxOYImu?~VDBBND)~ry{@4_Z^W;}#%BbrpHXsWT
zg;UR7LiZfcS@l<1-}S}1o^(a(cP6_W)ud$Kzt=klKl%z9GIF0Z{4y%hezh+U>b-?f
z?yP)E#kI=GEsYxg!&w1`eJR2bnA$~>>uSM{IbV>&8GEo&0=@MMeTb3#@0do#HJ|e1
z)y7rhAByT)gsLi&$*guJpcw>D>nEovKTe2b&rp9oLjq&>ut2geJ=nw-IDf=NsdN$W
zT74J~du<^8D;_zDi(&>U?CpiPU(9J88RA`1I0@fBQ!PRJn3xz7pW*j)VIgq`C2)TI
z(|h&mCEA{U{!HP*%eskm@{bS7goQ=xi+Okm4n4%I$o?F84MnxQL8H+!%g2KN$96&h
zmw@Li*$5p)BxtLT>kzm@`Z@|nU&C){eFSO%SEF163rWHoOk_4Ts_=fu2MFS8_k%mx
z?#tzn1#n~oY5p<?9d_-Ec7FndhCh>D?3_gf2ulrxU$nIHWj1cG@8PaIQq#%b+Z$?r
z7SO&Cc5i2dfq&vO#-{R-^kdiOY=l@vPm#=)lgK2!A0yVe4(aY~Ou~3qX_cDt!8YBw
zSHJUtPY8n?{>OenwiD2n0JX#1%IY|CG)({{ZPl;pxT{MnOto085#@e0VtG|+(wpJ3
zA`ATt<j+0M8h9*AP&H-ExRG0s)C>xn6cqnB)~|29LBACde|Qm+=GNaXKT7Li0qhCm
ztWiC}xTlVQK+?PO=GbBb$b7R?`G<zg?mV-XVJO%&$$+s%82k0>oe&)@3;&gxjzBYz
z=HLJz%S~Vk+M3(;LMrdtY<_5h&FHYypMQ<NTP_tz<{^&VpGeU8orr6THWwyq5@Avo
z4Z5c&vmsA5T-BB^KUI#_!T=+yuefkK_?K@5WoC3qe1OnFM~F>&wE)?VWDJTdQ1eUE
zJaS%{CIs1U4T>a-?4Ei?VCxuldI3<eXWQW>Q={B_f|-?(-QVAu@GzR9Yu(n?e$my0
zQKP#BM-Upce9<>P(vc5zx1+lRcT2>TdQuV$z`&L5+x2~WR4M_c{q+D|3hX58+32fm
zjZNvxE!UMFbRb<99Cl_Z?)`K$wrOQLxac8Z%0+YuWKPZ;P2T}L6{PywBXsSt{|hDc
zB;agw^6+LI4M*y-<7<ms<c3OkcsQ10nQX4Ps^JglFBbNDC0gf<g)+4qos)B)MJ0P{
z723)x{B<<d`=>b%iWsMzFYVtbV;doRM?MNjMdiD!{xz#S-S6x}%!P4hb7lDWJUV9f
zdl$>VXG|>6K_UhehHR6P0=d|+wJR4Fyry%^%*=@>O;CQL$oTH#nw`Gw-?!yH%hnz4
z?fw+}_9r02bF~@`Bg<*biU^q?L_}3pwIH`9kOegf+DAZS8H=UEx>*|2Ph8l}i5!_W
z_0}VMK5~udJ>8cqS0a?s)qhKo6+8oSG$?>T)me+c31zT!{QpBoIfKMQZY1LM$tb~=
z{*NUST7mo@@AXA^>i}arfF^=%BI<WTWjA%U;p+1+hCI&FEnXs*LPgu(>Dkypi87z`
zA|=bh^gg^sG$~-vSF^SdzdAd&mOVF_|5H>8B@%bCNXXj@W>(jP+~04Ci|4FHcTJO7
zG=ilgNE*?ZqBHS=C~^@k3CRRqYb-YV!n@%KH$hNvvohcgjN2WNC5E>6nJ1ukvdSX(
zS!q~enaq6Q#hjc2k?=d9mU3Sq6KxWAQiWycon>oGt+?5~S$UB80&?7CcmeLe(@cho
zN1v=NpEBCq2M-;e9s*8`&8QLJSu!iP^0%m|sq002!YCMBDj@Fwei`Mo7aVo%-EZz%
zYZh;F-o7z{Z)5nq^Sx0jFE6h#hDbacF3kGfVuPU)tX7=qMP4b9`To1hS_hUlefj}Z
zz*ztKQ{hIWKJ*(PI}p9whvBzlM6SOgK!Xmu0?2K=<-e<S<UE$U2Nf0SegZ^;zA@H-
z_q_|~ED$IiHH-2fPAh5Y{^GvAK33P00SC1h__~l#ck=T=$;r)*hy=M`nN?NFtIq*g
zjebHnnPqfOXaxHAcb&P2K8&d#92at3HX1iTPztTglsTB(-sR?~tLr$2^19{k@FEfP
z9gAu6OAHc`N8o=+wly^iJ_p2Q=fG`3mdtCd8)QX&rPmMp9JW+cWY*AF@3!(|dVFe1
z{Oan;u>RXR`1BTC5*R1HhCSb*GWtV%Jn6+Pj;Nrth74K#6O^Ro?g2b$v2WtsS$#!i
zf2btkqw|(nGCf9R60K6j>Gg2FDc1J(>eO-Qe;7CRXul1~YE3)JcYDI16Vu~drl%4W
z!9}?sTE|_P%udP3um)7@;;+C6#0xp*jzaf$eE$NK?VQFfN}=K0dwxfPfbLoO%_$0n
z%&4%?H;Bydnp?sW4t|X~@`LZUGwUvj&{~&EijBYw*oid65Yyz8+WCG=xXeM<+ksei
zkFyn@H*dt(mYcQ(dItw(|Dt~H)I!gNiYi0YLS$wx)|#(v&*RfVbaJ{*8_&lCCb7D#
zn4HHApZ2l$Ae-;t<w2TMIGvM^chT8GQOH3fS8>B%5>@eGCJ=5|L=PU1E2oo*xmdNJ
z*a(x$Uqb}?k}E=j3*TL&S4pGi_3>=0DBKCk6b;Wud2gJP<Ly0v2Vr=o2;hTS01k9T
zk{8jY@PiZ#lrnrW8fK<q`g<2wyK-19gv0E2^V&mD4<)+oo~^~e0fwPgqG7-k+Mhte
zYIM5($A|W7%C*R4d9DKvolcEr04)orq|bDoFOID`A#YFi!qx5&D2}}HpafnQXZcq*
zP_muF(kL&<+BrL0ThH3B!wKSU*H2YCOtEIr|6yyzG89dlH+OfPD*$Fmdk4_)7UBP6
zM}@R{6_Qjz>$S5NrwOBXe=X^vQgeZj>I`>ucvHUu$|8*}{#+b-F^Gv>a5rZU&KZ#>
zzwUqS=;O;oDf=d~LVl%wB%s2|jlz}S=Uw@bObZlm!rOL53iREnSCBO)%a#7f6H;Ri
z(s4EKVgZ&qFl#Ey>^Fa~`|;jIMOBqhAMQZ!_+-3^8Xy@_LnN}@oSi>J*VjkCM-Auq
z3iuYR92vvj$;qj-xwZA0(t-QWY~Y<Mx^k|J6=Z$$sg{stDeId{3cDH7>aBO}`CmSa
zjc|dpc_Lf=gYzBHP2gSIrVO)y%S98-0QF$=J7B7!-XV<AT$jk(=GbY^#lm9wYq>7V
zsB7+iiwzhMV035v)ZI50KpO-m+#S`REzQRY1pcP?kdkiSG%JI*SS5FN)^K5=Isb>K
zZw~7;>ekM-G1<1Qsj11fZDZ<}-K5D)wvEYdCc7rvw)>uW&wI}If7eyJy`R1ITDPcz
za<y1ziL=@s13T><S!-a^8$HSb23=orfq53(jmA2mnYDF-$MbFa-iF_Ue!F8l;HuZ}
zFeT4q(D7&pBiGf{C5^+VRolAtuzO}-2pgeta$GvwP|rXGVmq{Aa6Udhj_-<fl0c`N
ztnvzwUs^qChAQO^I~EpPhU0?OvVF20C?8imWn}tR41@x{p5{q(J0?+q3zAF?$8UHX
z0H%bR1TAY@4|E-VFZXPKYW|>ass1<F3$N$aj5sUqV1>_Rxo07cM{J%!r%&h?mrs!m
zX;+xVt0t`7A~Q<i&;ua>RX*}X*vH5C9enUR!O+4yV9qbAoS^~+v;V<g+flkihu?WL
zt|6PjWMDgd8Y3=Grk!TWlSf&83c0%MTw#`^8np{0JYRhw%$)=~Q`6I1^+Z;M**sk>
zl1tSBr051_h;AD320(124k`hI9ZiSQ`Z|oi8`pHr$au}dk6T`xHTTx9)R+{geScun
z7~$nh;a{I`;M^{h**!<Ije;aLm{rz7z>U6poeE_-?I;KuUpV4wu0A|u{`%;-u-zX^
zr*O@T53~0KR@j7lt1Vjp{BYrq1%gRnu-j?EIn@T_XEZMV6oQc6zYG~KIdP%a0TUZ}
zg4Ir*M%#AAKXsG}Ux3?Sb1KIFuvU~eJ6ZKFR_``^St%A79L~!MPBLXWd7eMmzR-9T
z?!j>t9(f2y(JwjZ9tHPF4P4rJYP+SYF_(Wfw>@uuFN*Cgqb9PVXgwwf=BvQ&gD*MU
zF)wigFCl{7?dO|Gk%z#=fQf%1U)`_r@;QH2R%CE>GLE^V2DyOnWPTkraxY^#I>dD-
zVlYBh=jK1w$X%($m_y?oz4~=md2_cJ$h~nE#wXa$i@i!&zg!R2mp)F;Ay=9&*6AxG
z5x;)PTcQHes(55zNXwBEj_^4wDg~T2dvxtEy?<3z)$PVJt={o<5<<`$@dS-}#dRk+
z|I)Ju(7$HNJ54aXYp2|PACebEq7;1=$fWyUSbUr|hceWlOw8=+qrUCO8q<ipt@NMj
zBEn=aFHG^W>c*x$3fNGWT@RS>-EYqR`}4LuB{kY_Z@-WUTV5e3HJ5KNapKu~;I=uI
z{)mU7OV+T?xc>wOE8<0D(Ss^30LaU<sQrbcxS0A^&aCM;r4Wk0yb|f?`7&5--Ga34
z0y6dK>mBrDuGb%5y|Hs$XgiBZ;_L|SN;h#>g%Co>>E$NZl`WxfpuhZ}zQULKg;>N}
zZ9s0sA*TBTAj+<}lLP?7iU7p+G=M-LSRmSTWwl!k<!^6th42s3qS!?tkwYm2Y=M?s
zukGl<;l4f0??gOrGp7}x0>XQ$xkXheDXI?#qj8f4FAK!JBx8>BPwNf!iM!=+ggf&E
zQj)p{4NJ^-=wv;X%nm!vP`qM!EURvwwleVXu{rG>*8_i48F0pO+&%k;&e|)1d5F5@
z^FM0U)%A7MAafWGP#;xmL%9x#!+L{ZF9JD(8V_iOc>;=IIa3nD%12u8xGIn(w#Z1V
zB1pPiMOh5}_v}8XLaZ!JFHtiItRcBgQx#eZfV^|CY4(AL5pzk>+EnIrPsj5Pb7`~j
zWpHj~pdx&(JkLx^gX;8q@u0jV+Z%=6waW2&yWZ+UWz(kbeiy`QVe8*8qeXRd3kfR!
zmPm}4YF<*-6|y$os5H>-|IN7W@7KJw%F8*eOYootitZS)O05sHGk&xYx!FGmk96QN
zghBV)V?{KxfMW)id#=RA9CUO_b~d;D0+;qm6*qLPrjwJ?;~DS`;vTy3H~u=Zw6emx
z0-T79FXQiDcOPMx#Rf-8qmi%uR^7IuT9wqw#oe5p#WFHR#J?wN4t#F9(~F#}VOw4M
zjES8z`^#UCnLK7fMH&nGl{+9PFly*Ke&pxYw*0Y57nRQ%y^X+krKk#Y9hsS)a{UqV
z*_Be=Z0saBL_|WB)zuSdy12~ez)x%^r~>W)HF71~fY;rSJ>)h?{Ex|frx<`VI}J=-
zK4^}voXE7C67DZ7({F_NYY=mc{@$~TT6U~|oHX5W^2Zr9Nqu_0CPFUT#v4>oW0yk2
zZFMgAAqz*-d7Y3RN$p^Yh~Ot7cYBkP9kTjrBR+C~F$!QNKOf&;=B4%Z!n)J=TvHwZ
zqMPCGat*}gl@1^&4Eb|8!av>&107wm%r^y>SHhg_4V~m<98YeJ=J-QiGmO-<oSe7_
zC?+!t##VWRTe_-#xRi9Z^)e}TpQ;h#0sj%zxwJWK{9~TQbyyKUE!U|zR$3}FY&k<I
z-(xi;rCc3tZF5QLAFhp!jr0KSy`$>`P#r?^shAC1&j59FG;l(<tgWqo03xa%!alc$
zT-PYbXQ)%TtBWj+iz!^e&V)Bn54y-mm*z!<&#2r`4h$2!e~3LNe!iO$iOfJ6XdU63
zn-CSWhJ2@|`&38Vz*Smi&C%G%8-=Y7m844>s+196RGVylOc3T~UnTD0<CEfHwyO&(
zAn;-pVfKfh*Jf!QM$maTy2Nfrs<y_~#-?22V?D77VrDi!Hz^5Aa`QO<y%QSMXkkt)
z9FF^**q7n?74o`k{Ti8#&)Z2bgI9%cu?~8$vnS*Cw>S*ixa^R-GoV2J1<Y&X#xl50
zQYuH`F)%TC09P_c>MVuDkY)iu52H*PlZxBkNTSEvFpJnxv;Xxal`w7q?Vex%@ANc!
zdS)i<78|hxl<jMXwWk02)d_#CZNRz@THeg8x>(s!k)V9f1}3?3+U2TJ4Ha#1tfpAj
zturmvE2458_TVha`dlXaG{%`0L)JZB71=iA%iEr=bEN=i@>3l&C!wxr=VZ3P#YTxD
zNxCf`cr;aOD-Dnq^G_|sP5U<mP^DQBVM$5pRk5YT6u+c#!(t>vx5tonr|GtORK!KT
zc*(7n7eK)T4qSSxJz0Eg!LBvb*ArQerER(X>&oi2l$Wr2G61x#D8Bn@8<;e1<Jx_{
zfz79q>G$F*jCMV!Q4B+Y^U_ZL*_H%`kERb)YfkU$-5*{tkpS0+D50&5eP=CP521U<
z_rl<rcJD?69w$&Hag9|860KIsrvLsMzmiz1<*1Xj;(?(T@gMJ|ZyyxFAt8nD6B83G
zb<l3rmCU)Dme7c1US5yHTBLw_!kXTYbOjYIVqn1Z6KG3LNd7(*Zt|kjos$cz=sbB5
zua?<v6*LRPS5H|3+Ivkv0@7@_K)%ET&TWj>yUgzY?o0Fj@c6D>>j4mH{$sJq-n{=d
zr?x@_)OXbLtc^Q5z8s(97Pi*!-dD?n@&FAIFeV(2Zxn(gX+>u&<#fs6{EtyZsA2PJ
zL*{w+Oo*P$p=oJpA^e!#(|oY|T|DssO;FS33+z}8;FFl!epBQ?y@ZxC0}ubrKe`kV
z0mL^qK7JM$H@Wtw{?mDQ3hzHF)4BQi2H>5?szkh<TEHdR8^aoaqhq(VPL2V3zLU59
zs+T>%A@Wz7@PAS*eAF?pJ_%z*%mWYC`$ig*L0HMwf1<CTP>G!!F=eF2wJkZMfQZ1H
zY&{dwZ@ix8rwC3C2e7)7$cI9Yd$#EdJ%Nx3K+$w~kkC`l`B5?^B=GH?0vGgLQ<H_>
zw)dd;R+yMbPBh8a1ig4+wl9n%bBMGY6*kRdoe%iFHa^JAltib#g$eNTc6<X^`9|6v
zZsGUby}iA|QPI(7fO8*@Xqw@&Yhr;tSi$rN{U1yCC$ms7+*qbSDaaq8aWF4_dg||Y
zD+!-<7f^c7_NOrpk(hT1HI)x*!kOcS7DCCj4RLiK&}iaOMMK()7QvscFE5=GzkdCR
zD2e!OvXV?9>@?AF-3;>AU+a5ChyvsqAh~%Z4cBp~KJOdS=ZS>&_7}2_p}}M$u4Y@O
zfBnTP-z7<naz6d__DAx3t&!YDPXk-It<rp80eDuR-)L0x_VL>FqJaOed0jcV(bs=M
zgC0?(Wmg-Ncoe9cDM0jH3GKNLjF;O0fs0E7P;~NQqg9ddBPFr;gF<OQ?|TUbnx^uN
zprV4tk|1GAh5;7s9mUx1a(I5vw@2!DY}ShzLp?n`4Y}i3lEPrt5;Ew(_;JGvh%oT6
zYBzOs^#7NHE3kLgSQxD@pkWC4#<igghU&HERRAa!<A63}3ZUsat&Hu+*7j5z|IS@c
zZ+YDw-%Lf!K+s|&L|EqHQp3CaiYaa>_Qrsq*iUxf<Zj4XUS^&<8$Kils?|`^mmW8$
zXKv*^Ri6Wcdm-U>vua>`(dDvpYyi0Ma!;}KrlQ)~RWXs6M`S;~;C;abF$%(M*4@B+
zUkICdB6M&lUI#Y?Re+N7GX2{)e@{#>b5l_CcL)_j5|VRq%@;H`FNiMn;gYHX>4z_3
zIrFV&v4#8e(l-Hz^G%t(-0j>umZp#V<&C9{l^Xstl$w%xN{N?t9<kphBb|3jR{4E)
zTkJ2n@JvvMtzJ<fRm{!V6(yzmd+~L&LZng-);mdN@fA=y+CV(v5mqy!7hNKzUyA6D
z02f035fgP%lBr{enZV1Yj!yaE;NoHhI=iHvas8Py<^ZGVqdx27GPMYwFDb@**tN28
z*$C&2c48uBZOsz0PP6N~P8;ot;ip4j<Q`@6pT7o_J^+KLxEMkn2WQ>5X&|t~>JQb#
zuaRkXg`8D)S&85gj=mv8n#pbrWtDvK09Ziv@uIj2^I3&dD?2(h=k@47XeCHo1Te?s
zx$mEuRo<!!>1$pm{Q=ieT%9<u9vl~wJGnG62uaDWVEcIEvGz8;qSyuuZ9kSHF=-Y6
z9zBAa24Hgzdwp{Q%MVDJQ!fYvs7pua)i04k=@QqyXjQP3?3s{($SycRoNjrPN>oy>
zR4DE<pL`@_+m@=~nmuV#tmFh&3t!Kg^U>6w@Bhr>fe%tZk}w?r+3gl*XQKhtd&TdZ
z662LDVA!(3&Bg}*FEy7Xu2_!vUrhW5@5w=<$1jTN&ahyKAL`Hdb*4Z{MS92?Uxzax
z-j_h5EB&>8iiUQuUKbbE_wcE;RkbW}YD{J2IwyN3ARkvv@yDm$=QA}sF*m(z<HLR_
z48j5~*0kM`i-m3lc!Wqin$Zk|CFdZ`f0i@<iNyWqASwRqJZ~powWQh_IL0cz>o``{
z<@xp3Hc82<bgaEWP2fuE{Zh*r+ca9n=!2n(!9S4R1<$FQ%6o5X29l1VtLcDxKR-M$
zu+;L9L`uTN#r1jVKpPx;Xq%sUV*&g*J%||Ve_K1XE`={B-6X4S*k3=cVhjQwu*3W3
zn;PrMl9Q4Kw$`4%(AyuCd`<U8o(b7JUe`LT&KsGYSx~d7M|YD0Bf|O4j31<~KW?Vi
z`a0v(%P3H$4kMPlS?K*h5125t1H#L;-#QW+!UV^aI4lNsG#mIHzL#9cp@Up-zFU;=
zkbYdZd>kb3s!gTE*W*J{D(L4MA70h=_IcsJ1ozACW7U=_y@2~NISZ47M1ijsp&3{H
z8cqNYaXi_VN(#~9|3-JX_@$VEPgndX@e8lknnPWb|2;j+(kS3QBPB_maI(MefzuNB
z5u^sUaLR|sBAS8Ls5zma@4Y47)!*)HX-<W04xN;xOE<@soD_jUp|#@gr#@^{PdCGk
z1<m$S=<Rt-&tO}|V$gxd9Nnb>c#-=784@Txv9ABD>UY;UK8UQWt&{sXh&7N!Yq79o
zRsmPrKndknEMs*h*rSuEMVgCp$ItI4Eru~b<PgS*Gc<I31w6+jp)n=dJ@9t_!H@B4
zWPF?`DLeZd2Ab_3<z+Hxy~OAQEOX$WNWgZ)RxY-AtL5#a6CO%Z>n;n@!4wox!OX}|
z!;!Ylo(N1eWmW+}r0Ocn2cim@7Ft&rr?HHd1um&pf!^43JL)gNAoJXcO3_|8&CvL0
zu0n7do5786w1Eo1&iAPD_LL?0Qbe-)vts+7Tzb0Mb--^?Z=r1^xPhHf7C=#cNXOvS
z5%-<XWdHc|2;p#y1<l@4+N!awA6<6`{*u~LRc#C>n1XS)B1dJ+?epZ*`VL6g*FU2>
zit3<|Yl>F?%Wrq1bb;>SwtE2r6*^#Rs!?j`pt5ie8)`Q!Nj-9W5Z<+ojG~4giLjOU
zypDh7P*~Mmc7(rQzi@D2o72zCa!_h$EJ(^y*fV1XL8q~sw>?Z#g!_kZl7%c5>~v-I
zPdR7z@8{O=^-0yvsl!E(1!DD72a{o;)yPUL8L0PHd1PJ~#==Qb+UEIte<S205I0mT
z=*mwlW;}8p`#O&v-j7Y+hur6Zfi8GD&<-AasQy*FD}fVW-joaZC8V+!LJR2ZBE%;p
zaUw3@b-W~8-)RF`t?NL6r+Ei_Bq%jC7r$RO3)l}|gg5J{sZnBTFrCM(q;0Me1J7RD
z)@TZP+TWI6fAUVlw)7H;`aq4EHZLlQT)ZUYPz$<kb6vc|GgJP+#tW5d!ZMC6k)+D6
z7r)XGpe)iz75SE3*yMg@v|6C4<Z#CQp)6bo4JcK1DCH1oLuT@VI{|ngs-yG!Col<#
zvy8-gpGeF~1(=bDaSO~F#EMX#oN@%^Qz_Q2hkUnQCp<@87%f8T@w+NmvGz*)jsb9x
zn(s{E7uP~A*d@l1mGg+$)ziYjl1ZUM#D&jZ8Yt&NpFTs$;odlOP65n7+TmEDhhYF?
zk0<DbAX4t`+L#GJ8-%!Y*Rn%N(AFdW)JvW)&@J({vn@a_2|WBym=<;rg5<wpZdjP_
z-NTG0R~AA)MaxS`g{JFSQb|i#*_6)XU@yw}e%hI!?>P7=xCMuESi8KbxXiddtZ~(-
z*}|fLxgiD(<!>Jm8+$%G{Tmz14!=iO>{ByRK7^YVFp9wYpLu@rfBOzcdg%TP5}aqk
z!-~yp@awye(&^y|j2-Az8(@-WWvxCh``rj!P_RoK(*Z#4sbi0xT2Lx}BsfUf_;f|F
z8t{~lKn-9u@K{gXNFvkH4GQ?UZ(00}CR~pT69K(?1u^19^u=OiREm?ZTB!$mE*YTw
z4KGVSTAZ|=wn!u%7EM*GEf4X@$)HD9SBrFn^f>*R_Sw_bK0B2p`w~bwim5`TFt$IW
z)j&c9U-!m~)ZRThvi_%BfKtN|?^cVK((ClOWBN@VVD-lweSAl|=k7ZQH6ID!sl0;t
zn<ECd4|VU3qt`oMWDJ0$aV9;QDKHf(Eo6CVvN;rx7Ql{{@@XsY(CPvf5>Jj*^4sqq
zuw{_S+}$VJ^>onVtJo!Ar`upY9J&RdPJdZ}1(iuh<mST+6sM%52+O4~)+Hhe?^z*)
z!Gw9UWNQN3VpUU=D{7&sF)f3vYu5y0k4#=(5NYWLb|k7~6}9kAL^0qZD3+iq^JV$<
z20uIth>=MSZ4$!(Gc{T2`LoU6zi0{mt8Zc8|4Xf^Cv6A_x$WMe5kxQ7Lw*WAh)>Ss
zGpJ~)8k>Y@S^wj$v?}C+7s}R>-f`Is<Su=S`*9k3N*J6{?bmZ6x75-S3xKJT{~4s+
zVt?JpEfW*9n`q%AJJpaHoQ?NdlWI6~wvSW=LY`A9e-#M;J+~zga3d16(jyP1Bm2J`
zGPD)>`-Jd;Ju7(qaUWlLteH=(OkhOP4-WdWiHY5KW_xOIr*g1_wfTZqA+4Qn7}}z@
zPWJZ-q-<TfFY({)-4X$HT?1lw;FW}iMhb(QAFy8Q$s#JSr=63ATyU<#hFl=DtdP?j
znkLrn`Yq|F;&&vypp#afa|<lB#VKT1KIEXG2`V6aG9tBj;Bz??V(o9&LFH2zP`a$T
z=v3JL+VH2{xeZY%MQLdB1B7gtsfEXVM^*jdLAVqv*R~s40TH2sxx=|U=X@d=nO8T`
zBcbm@hwlGmzO5*$VAuEDE{)I@`zcpbQ2J?&Al>Q3^-6XoA>9k0^UTkMl9P^(Fu@qa
z>_vc!n$2P@hpo<E+nC%BDJe9&g-!KXg&D-pz4!!l%nSG1#S;L{dl@YvrQ>XZCn<SX
z>$T$~uB;*zMN+8!WRw41@r9VcjeSOnzWi8kqdm?Ig;?+~?gWZJ>=?M>j&D~OG^=<&
zXjwzqjnx#fh||AoFmWp><tHlps^s+yD{H>(yZ2+ZokUwuA3m_^Kvq&*R-!~b_JI8R
zUjk2na#k!O(Ms>=ND)rU%G0uW*G|t^mdxAB&YfS57767r1jslyfGNqHi46L>-_NXv
zCpqns+3q;pC#@jzl7OVEmpa{!{c$2?PiQbYh-6u&miqd{41;2(_?ERN9*`E_&adJy
za`47^ukG`lpR46IItTEWLlo-f4$KKMYB#sHN#!gBbMQEgfANGysQOk|*7p{PD5lEg
z<IvTxG2kdIY<$Xsa)-fd2-VHW=_}Cu&;d*=5Ag5s0w1aF{<v!XH~MmvqcCLrw}jHo
z@U4F^#kxXyYG@ci^dOl92>U1CE{Eog0ii|G$hE>u=7ok9{<44a!X(B80FG=cK(ijV
zlFJJbWhHvR_wC;9sBr`hGQ*}FlDZ7IDcZ=+er-j<K1`h6blntV!mV5}qpUQqYyc+9
zC^K_&QpPpHGqvBW;kv)4Hj=srL0{hLIr{<z4E>z*Wl&bvNc@!(Sx6(~1&PRqZYe!^
zUh3FEzt3D0UY{aU`v)6pmcG;kU0z?0yaUn9`oN!Ym^nfJf3Et3{Np=(U7v_xYvbK{
zc*?&{(*CgH5JwUkQ=8}egyQo;rn&hL@S8|UpMjv)=Zan3e5H-d9@Je62UivCgH6mu
zN=gc5*a;B}rVB%x&&J9c?=#p~`j5KRboY<C^^ZISbE{3X)zAcU$n)5LY`<cua1`2J
z`!-Q<x|&$OJTY7HU9veP>6ycF!*k<dw0EynAs-&_aCRYLJElu6|J~{(q~jd%1K#J6
z6Z+`5ydH=Vm3`8qzl_BjIHNMpPhVSYdx^Cqj!13oEKSmV9oGJM|EG};NX4tko3H_T
zPm#Ap4{aA2m=v61=p+0h085xs%J@p%U~7X1p^0(5vL^~vVM`dSxVdVeI?75QQf|3|
zG6i!gLQolK4<e2s62N&7w($ZB+5QLG=3<649*`^aSh)8FL8IhOwgIBgvyUKQ+n0Ul
zUQYgKFQWt6)#3Hq21A+%18Zx-+_}jjXS_TvcX#(>pXtD_XpBp5fVBGfpM!FR=Q}Ub
zlgJnGiC`ZqK`(JE`aOVuRxdlP5|YCq_eXC3Z?qedvD3E6J`EKW6@y?ojF=_#k*JlU
zsjcld?>~uDDIe-t0iU+R)3sY}FE7y$zr;bJpAoNxR!~C02Zm)>8E8$4W6YBZ!9k&-
zJ_?rmWW~pGKK2F=n>ynwA%GdT1DTJ#v4=GCN;%N>o}xL>!a+tSQ_~A;gqkSXyx*?0
zJ*^92YMv}E8#RelSEoe3Nj3V#bpu3U2D82jWokGaqbtvf*!S!14NV4GH08Nr!P_?s
zSoKm$Uy`hF>hI`w!==UIl7Dj2?X&yS8UBQRrCtG}54jZe5axNf<uk+uoVNcaPGCzo
z)&MGA$fXH-mFk8>35-KyV{HGY@(U=zA%K$t4BkFQ{2s_sNe^MZ8m3ZW^!kw8NSWV%
zG<i~ADpebP^0(++YC((gC=A6=`I3oKMW3hEsMI3W-niDNye8|;z$6ojRzypdSRZDF
zNClr)&oOkL!?AW$lf{mh?U?g4g?A&I=Do4uI&tyS^mo?+QVC1QA4cu^T^CEPW(nP}
z>uVROww~jpb#`jfVu0mbj}aA4>WW4}(ruuqI0-|L>f&R6);oGCxi)Y6PziYM^RB1{
zPj#7%G8;a1`I(`!NFkxaf47#B8iWLRpA&VSWE<hOP&hv&hhi3Fer+cUS`D!BCA}0Q
z!C&5Rn;-aEH5o(5)_oNIJuIL}@0-H=u74y}!oXrkM^DcUXsjA4U0~u`dTXP%`iG&^
zHRk`;7O3~bap8Bxv#O{rM<;5eB1wd_KlWc}!{z?6a{kiv*vi%kI(b<c38t9~NlJ<_
z1_)fA?f6JxTY;0C4xqt~ySMyH(2os({e%Dm2gmFsfVd0;?mOd02fOY>ehuwr)32hT
z#Q9MBzXd$%hu^<YRdp$=_|HfdvL&JZdZARxi=%9bN!=j`gkD-YUFWi#_#`qcp_;H*
zrAA3cW<ZdtG<E!$fL*0fq#R4uC!40W&(15e`@$3KVqPkBMF+SZxhuUug6lB-4n7Y@
z4-mpb&1A=~?J<OF`YtsRLcp^=Q^P+l2@1W);@u$RWxJ`+qRb&EruX)==MNWgZ)gzV
zXY)D;D|iZ8TCF*39$&Oy$3QlSktJSxgU?<}VQa`@(1YLj(lRazZH-;|`@^=x7kT98
zUtv9Qb1>I_TFuW_wZKSZ%=|<g1fdDf$l88$qk7EFF87#Sf|GZo8iuirQ7?iT_>Mhh
zQ2;&o-5y6PFAjlz9a}vTNhRUAs;MP;bluS)GCKM}r^!aW9f9OhyO$8xSL1RB`o>Dy
zcgKXExYqWRY@_N}-T;48qDR(m(97%h?$FQGdJV$0BFZnN<;C#ICusSN)6|I>_Zn95
zQMZoO&GtR}47|5jtZ6*IQy}Zp%ggDt4?zwV7DMZwzvxK<t8*RP+x*pldyXWu$NGJ*
zO1mq($zDm-l|!6>;xk#+7M2?Y=|^Zx%vVDP0*XO(2t;2Q1`RE}d#COWjF}L@T^}|p
z-jPobZ=)9n5-|o^F%|{(yI<_U)g{vuL-hG}E3)ITNV%4>*DC<qZH3^-3k(bl7NF~|
zoS&AMOp6U)M%!C$#HA{)6h<*MQxN%8e;dP-h_3vrDk|;I+hV|@srSyor0!_uYg~tI
zs_pxN&I*EE*CB2cwL_ayBTelSA&_|KEtBr-!}POwZ;7bZCEya!00nWiNZ)4<t?JiX
zbY@XKRxk0hAB(tL6RfWxd_5QT-gau!+LPLGf1EBRB7=<iE??u^_Mk4;Dr*FeGpdor
z`#f2e932yud-&KQdFc`&wa*$R+5$uOh1^GT#v^Aix>CIPOo>FKi0WW(54Enb(ak3A
zpkJ5)sU<f*|L6J1x8OYpM7***nbAMqi)cAoq7L7Cf;5n^gds-!R;H)}q2DV!rPQ~}
z?f6CX?jn@TidcU95cMxTJv~il(5O_}ztw4l-(SjVY~)m3q7?Ce7etu}TW$UF{wQpD
z`12R_#M`qB>5C91Uws&##l%_&)Kh$76bwOyl$c_+3T9N4Y*>|HH;}l4_zbQ`Q>&(?
zHZvSUoFI;?8LToJosg77%f*}*FtdD-nnL-eQ4#i7s0Z>;hg)mQRIRS4AOsgV$q_^?
zgzWF{M+M4-b{`T;sfu+C7eHqSPMMJOA68|)(aCIn!5oTBOmT5{Bwa`KkJK@(4b?z4
zA-87<xw@1y_YKxyfSvq+PhcA?@^(aQ>sNzKA&G$$#U^s&9c~W2fNU`AEf}nNXSAZ`
z_c%?X6&A+03S+SRyl>E%pn6GNqc&l3g*8-cJq9OiR>xM2E*QP4;XLXNfmqwTUcWH_
z02@ILj(smP#m~36p;(9E^BM0PMrQKfVz#qaDjdRdxT$J4wH4yOPd=AsbawVPi+H0P
zTHXO6T0+1m{swsT9Yg2s-|LXT+_WDa9)^hqZ!X-IJY#asxBbW~cp23sQ9kk0l2lt7
zf_td=`QUpjVfNQ#TmGx<S6GrifMJ}#ni_Ozc11-6<{&hWNchoY(0-v3k`qwSv<|U{
zto=3Y<<rM@zbsoz4Vu3`_>C>CUm%ngB+zqTw302BX!1xF)8^8dK1~n1sJYOP+ClN8
zucSK_^<-GE?xdu(%5VkBpp}=EVPI??h&e|-RbgnE<Wml{{%pq6rpS*TIV34us*?!4
zHIkCri{CgKLn6Bm2mr%<jxF{DlrXC8eQ+>ehrwgc*C?e*>lAP3Dsi-oNR*V%)uE83
zbx-;eQ@6wtob4N|uyB%<lU|zI(w^er;1zMV2Lx3#Ag4X7<XPR1)eseG_AG%U*AW-F
zNRdM1-W+u`wL)SnEH{*A%jp`zlu!893#+2qtw!R<z}Eoo?}^#WwepscOz41lOh}OM
zw=X?HlDZ&|zQgKZ>lEpd5s(AA=o_+CV`&+w=yrqp*<fEF+kaD%i>Zj`^087zvpVkg
z7=mi@SN*F9mVvDt_Zp^PVdzUCvN5_GeFiFth@&knCQz{4uo|1fEJCIBksPWVuNCq5
z#Ou0pb3=SsD5GZx0_Wv}miA@)Ui;W*I`A1CmEv;!mkNHjk}VM0-PgYw*};&rsi>$-
zVqs(R33u&U0*bftf7XP_Sy^ii3N@kdcKP!1^26fGmp~0m{VU`VuA@t3VN;lj|IDh6
zF@Q}&4-?pGnGD@>A(T2x!h?pL5<l%?icnrEj=d--5q1thypFMq$GE^|LTJ<&d|U19
zT`%@GbY2h2Uw-~w%F|KxB%CI_q(NZ|GN#)A<33Z`!7u<Eg}KixY)McBM0oiI2M6uJ
z;;{Xs8wwk~YxlS@H%iC)cx^v^X~rWMK6X0+{mqhXCAqIxj|)e}i_g-HgF)VW+S_5E
zFD-2?%m52B(D;!xocZ;GHH6Tjw25Xa1)LFC>F?N4(<{Q`+GIM%3y$xEJbA_5QWo%r
z|J%Dngr*H_&9Jt&P(b5m;S~W(PDv;BZeeRs?AZ;DVInsAz660zn~Yvk$TQtFX$xV|
z<e?#v2~hg`(nH@qRby+Jn3$M1SdPOXA;bUFHxSz?E3Y;!gqJS;;QziT9T;P<H(!v@
zuhSyML{EQ^DVTkChTlVj@xiHWU9*-Ku^>pSAPc;PR{$ejcas0?Zn1pkH}?bP7p|&1
z`FHruej7VGNfKFG^g?+5c{nU?qqTv^Lw#q{3aEuFv}e@7_``s%wPou;k^SC+4jp;<
zaV_45I$)!B|2;m$KDmY5;F>97`N(RX0{*d@pFg*iXRaiN>Z#u=;;I_?kg%IY$eEe#
zZn)(oBS}G4{<hjZD6;)dSn^O?*^v=fupKo~J}%behTLP@y@=JxY$c9!6N>*}=oTFx
z8l~&tH|bQ>15wFi*WlXj;^)Bv%?1%FF76pruR~SqGm@z6W};sacXNFwZL(oN;9ozd
zk&rl_B=(W}T5&$M*?<5K&j+3ZFac&mDEK^)_IZ@?c@NVg;QalZ9_5HNO5l6LxqNnW
zTaH++DaA?l;Tnr)eGH!`T5?<S)B!t>>Wt~<ETZfmk0F}*^z^}|S|Czxh=Y0n!8nx9
z7W^AEYirH4bL+M(0zz7t9PwrQ_Iyi6hRfWV=B(>Z@CalrWHf<+x&bkcs}F#`@jnu^
zq|!V%4~%0|7t2jXMqQ%!PEF8FVqbFpqW@^SP<^7qOi}_xvS#pR^jT4^qYr&?Zt8&`
zgSdge+35NNOw=<Vf;l3q=!Pxa?5Z8ICdpa4A?6o($f3DA0x+_Z=WZ`HL{6lsM^c0t
zmXbwz)ApkKjF$12u1;cACKbLis~Hbp4aFs3DtrY=<>rv+%vXc!a5Z|EDL5F=;lHMz
zZn~cfT=BW$3Ym`fE<xF0<vCNgG~!z!XXuy)o0!brHA&lG_V=G#$ITLAx=$Q!&ulP#
zHKD3~G60ghsUI60*4o@Vg<iEwV(stO?OaWW)#h_vEMcU}q0{H4Gpt>44HJXsHr;~1
z(ALxjPN#q$!tE5c>KK84jMLoiZIPizMKS1dafe&GIewoc7rr90Gyk(zq$RS+$5$19
z@J%4EW_TqnGqb|I5EBFDhHII>EsrKP$1J)hgIi2&?%WC4M_Yfk{3ck%5V%5>N7Ej`
z==yV%we_Ww5^(G$_dvL{sJop^@%RAbSc0x~baXUysSGd*B)H^>g!N9GZI*q^Sk+<E
zGsj7VyqpYe7Ao<<rv_#w9J-l!ijV?R-YWqQx*JxHaArY`mZqxy;Rna$n0<L~BntpC
zohYNuXVSLvZs@9y8u`{cjWt+2HRWPT_F1I8qi_E;mQ^9@1R7_I=5$`JYj-F7VdlHM
zd=)`v|E+eCZvco#1Xl~1it|!Srk(=onfiia;}Kr9TWQ6s1G$)^@7CDd!e6wKnKbY~
zQ(f6N=dNB<@YWdRNb>;JI#My8UZ4fMtm3`Hqxe!EKPLw31X^RiqMZF1md!y<>W!Jz
zj<{G3kAPre>sDu3)>He5XY=HQ$uMwRRcb1Bd^YmO?M(bx7v=&8#1qre;cMw+ItLYk
z)9606upm6QP$#f{9zJQm?BfJ2K0c5MNRqkdUQ2A-vQj@t$yGsniCc&2fp7#%A3y4d
zc-`r4k`ohEuv_AOZ2JU4w?i{jxJ$P<tQ?cB$;Uf!uokGBx|*5G9I6{Y5<EmZ=PMD6
zk4l)xMTgzSqza8OVYzO(0*%FNIygy6Evvtuq#84-0KMD6_$Qgi12=dkQr;i_{q$!!
z!Z;p1Yeh1pwXF%vwV?M7P932ypJh9UG@t!sg}Hk_E5_*hu)fg&<mI|hH+AXTxV{Zh
zt+W}LDmohEQ<g|^;zcrBM0ZXdxxiXK|I*6lW{X!74po*FBL5Ya0#b+3rL4K6!!IX`
zj1K{&^CmlaRu|3ApXA}$|NJTFG;Erd0L9mHX7GYIqhd<P<uJjA7LD-QR+>bsTn{Fk
zJ8R;AeXg~+Gb}kJLOBI}<cXK=O2}8VaRWT=%@<Vl-R$ei2d%kzu3W(05d0bb;0>6!
zO<0<l;e7{GS_0=bF-I{yLspg59x7U96L224{TciQ20&|tEbFB)TW(`2<;^}aRwg|=
zboFuTTx8x9<6T-=T-sXwSyr|@WMxLN8`A5Gs)|ZVMrJ1J-mMM@SJ}9??HZvx;Ey1<
z+e{OLP*hPqTSnqxSOxm@un6**fRAn93iiVj5DhL|>%5a9vHIxw@^^^{&%41iQ>v$E
zRIJ?TtsP`doKZOZEc>h>MmkMB?wq)}N0rB*fEXW*n#|@HpFSbtePkZi+WH8VcHg&^
z{GNzHR=YW9+X<RAULg`VBb{-(l7(2lU7VCqg?vev?hKbN&3!yTmaee1l2o47h~s~?
zciGSgsz?d%YH-c({_Uqxr8AHCQpuW??!0pg+3dK%7ewR=PbSN)=hxG|_)Cf$C;(6(
zs@i8Da_8!gyS)wXh^%nR^l_W##e3}Ri4|(@3GeOc$?u)^HqX>jpN~2Xu=4rO$OjU6
ziltTqN(ehm5Xd!_Ux`JXx>96ZYDHR4PSgDt9UAKRTCJvMqE{D~1CAykoPl_6iSP!?
zPaKAp(y9FI&?sn_dlImo@}fA1^L(9SENQ0uYf3sA{U^>K;x^prhykfctJU9%i-#jN
zE^G~Tv^-JEHAiR=h)cE3v*_Pmf(76PsD%|b4!W_lX4Yh?Y<QQIHe?EG$%G!O3uDQ;
znHU+1>FMa)%T?@<_P?d2G4pj>-`sbbVy@Sld)l$ql`L(k{(|z%*)`O_q<<i5DMu?V
z4*QIT@#x-NDN<A!6m{5st&&0#F}S<GAN%omRgjpMx5Ws&G8J<#uNG1@ecM3&gF^fG
z$k1Vnr2T(#X4Gn@4b9mg@D()4KDoqTwX8X~nhnQhy=Yczfvk6m?O%Q|&A;#;{AG<}
zkap|vqbQP;qElJWShi{kh0(2Kv)_819}5bPYuLq^APIsB*;7`~W74sF|3LaNJHLw5
zR;#kTFqCiDuiw3v(-UE$tt+s6CeYf{@pHMHQ}koqEa~nUI0Ot8#}TK$`BGEnHK#-(
z80hIeGU&;W_APs)ET(#dFUSjS+8QJPYixSe*qrEM5N*}xmSA>&{!BDqEup>Nhw`9)
zMQEI=u7sZ0XtbtkboUUVry4LrIxks)=SFyC<=(coHiDspOP#>HKF~vXLNoscE}@4E
zNe(Y7G~a1<#02l~O_pnC>+$X%|0*|k>B0=%$~qn{F871ENiYfr=ASG6Ge@t<zsm5T
zA^g5Y7R-j1u&v{+Qdb5%S|&ene|yF2s_5kYfnWAFvfxqVqs#hk_u4<pp#ta+-=SKh
z5d5JY-ctPg!oKUG5D9>MgX6&>55oMPS)es?vIP$nti}~dBp$t!J=%Nw<&5DfC!8<_
zjdY^xBI^$Ra+Fl*&gL8|21c(HIzx{3ksHAM@}Y!(v*FHDaU@Pk(s)oM!MXiyDjfpQ
zax=ok(a)w1VA2G|M7onbVuOfGR7XF`$}V$DCjT6I$RO8qV!!WClWOI*ngH9k1$tx%
zG8BE@3`N8>;NUTIk@DXzE!1|6(LWgH=<2gEj?ciTIXT&BV+L$T&5V?SK4CeHXXOQ<
zoX+h<jr5Qt{8+qn80l!ZcB${9CGYvf_e+yqC3s3LDe~Y9Rq0n*7r+qS`KfEYa;OA>
zXz)`bWmJD6%T?!SD>JCs5${ITF<ga&*o^`2Z7y70`wP{VDF2r*YsXUeJE#;AsNgO3
zV*D}Jm0u^h?zY2vZ*+(j4@dhXX%XZF75>^tvlTS(p@Q$;65IRx7LrE&0;xHDvw9yl
zourzO_V~oYzFxlv2FyN{EY1)sog8~fLA`(YTVS1>&dVkxKJ7HJ!!e=VJFPTGp^CYl
z#z*`#_OCLK=&o{4O2Mhg;P<vW-OTGRP=mD&Lnh>A-13ytoT#ufFNOH3_<iwvWaK;?
zD1NCS2qa`0Rem#U>15wnPQ^)3=khw{Z{9NpdUz)P>`b8V<d;AIg+g?vt`9tpbfqH=
zz*pZgKTs+@mW}-T0G|DGdK?_2!NDZKWB+iFn6g@0#LS^%1PMGNaNBc;5E=wDHQh-X
z8*j;`kiZ3Rk>?ts6~bRYnY&wt_sq<ni{YScRurgMLtW^W73Qe3-Y3#<_-0IU98X2$
zZD?xU-awWYH9J&J<V?k6$f(gL-_3I~LM*e>GBA8=S}etJ5LMe96@gXD7T@5EFrj-u
zH;$;z0q?}_ErI4KC6D{^n<hlahv`!)9>-SO!x=nwvb(^Rb6?*pGJ;Scy}5bOhG*)L
z1~WCiS~T1)KSF36n?rz(E|Vm#uWx856$YR)%)f{dM%e3o6AirO^3_-QNn(wXDt*G#
zG!;_U$;Z!8JB}v9xrUER>t-y|de(&okAN`EBV<?%0}eDl|5#?jb{k!9Xt0_q7W_YZ
zg1RW=QW<aC{9eN9N(@JUk3Dxa6?PBj^%3gNsDuN3g^{0`!PgMUvdT&`zfz=sXXk7B
zr`>~-Um--+;$crqdKKpz(bMt@)mN_~m|9;+G@eJFNe~!`+3V6l&Su_7axoybNruwn
zcnCzFXTV3-j!Nybs}Iu|w0_>KA=(CaT2}FJT&zK<Xx#R(ux4`;jF-N6RJC~qiVtg-
z*AqDKJR?28)rd;fR2qzytyg|u`5Z>dz)-^86_+D!;TvLgYGh8v32H=2OvEx$o1nit
z8N&9f0O7v<(#&iyNV&`wVZ%JKx_@-ALF0YDSX&2RVTDx<!Ak~U?GU-WD|aXBH{=B_
ze|~xIi4aM`?=5A&&x?G8yu6IhD08pMl)I<7yt?A-mtHC|A;BqTFy@^cJ36dukkjE9
zDi%uPsEUgS-hot8*AEWrH+*jls#8>C_ra5R+j;_@!D)OhcI=*-xV*;jl9iLw-k45;
z7S)BZx3>?UnDZ!ZtW3;_yI46vxHTc*NhE<5DHkIM_V(wqIkF6}L~~d@{cb{~imO*L
zMAMb`lb08NJgYjWui&IBlfdnU36+JBapo_OXlQ`Kbk}kO{B!fQsHs1%8yGCgPw)@F
zxmjQ|G=YZX2vi6k&$N)(BbW5_`=7DESWv$^Ux)m#l2+Zq8_NN+77xv4H|Kes9b6)-
zHL?@|o%YNW9zat{m*6Gjz%#bW^y&4HG})3S$c&GvAu%LeD4=^ioD-cKxHoaI9#;T~
z;xI!EPQY${QFcxb=s10lwvJucl)9QMJ3Q~#F*ECVW|PfI2-WZ`H`z8s6btdbg5U~M
zB#=BYTVqiTW<AC4&?I8>fp(JtCgye<KqTQcmnm)>W#8o3c`d_PmFVX`_#3!dU;=_T
zQP<=#8(eRc%bgTmN~~!c(B#bky6@rIwc8jA97LnFD6;Ja+@d_1I&%^GBM9_}oF-ee
z%>!$C`f3yJs=BW{#CZUIAuAp2)K80JHQICJ-pGTE-Bd{8ei=T;?iJDjSw3AW){(<=
zm9|hfets3+-dmP9b#i>U@dIz#^g&l$MlAbPe)+C`G8~V-$w5Z?#(?dp_TRsqL9@Em
z4WJ?Kp$*p85x?~hzcV6}l8-GW-REZvR!GU5b~{`F?5g@zURtbRV=C(6{R1F<p`MwX
zK9z|Moi{AZXCto0p!+~*=M&4W%kePGOW>Q=)Xw8Yi*0;7nhkA5ZvCs^UsZ$noX-VU
zfNSTihO+V(%e$-PU|{lh##-3r+GzeLa>)}=x;Gi-+i&q^jera-rKBvv!C0#ky;r>H
za*+v-<m^5IqTdnzh__KwUyE5_e4oij@~er>>8ff340wiP36c(h)hxAKY^ID>PmD6_
z%ae*04aMbajd6-PfP@O%CFBMMpWyfGSby~|7q&%e7M7G$IK4nQAr*ImPv^4fJ=t%*
zRT7_G|E$zwmodBB2NO4P(r{IF#@>=fkIbY0P{afgeMif^<nHv=ow#nIzelt9gg1do
zBxVFipa0B2FL1lMx}Ik=%%F6P$$mm4!T$CtXeyu{N0Q}M_GrBVGxm{QH`RXce9JJM
zvVE-0k4!ZcTK?pl=NLpnljWMDT;?tzpt4a>b2J5k_-u@apRVWb*=^%Na|j(Ivie|D
z3~sQ`?MqSHCU<qCp+1YJPFQ)4o1aUnnvj~h_@fB6*Qhm#&lN|{*{QbWZ<jGrAW^a+
z$L&jkXB6VRn!4&A%bz>m{z=&(9?U>{M0=y&&jTU%`Ex57Mf6>!<)hzid@5b&A^a%n
z0t&!aJqOHg4!xC?r#~sw6m|abPA?}T9}5R@?Gko~^Y=gE*%Lm~MY#-qm8%XB%@=Dj
z^4%u<tj<yh9T;aW|C^;W>`LJExlK<wls?z?1&FTu^nVKj=K5Fe>+8f8G!s%EN=D!!
zvXDqBDQ0*LxdiBAb(Lm^q)+@ydG)uXcu1)x4#wU#7weEKhnZx3lj{{{&~|BzspVHh
zeAsK7+u3s+&Ue2_5Cob6eQDXVpU0oX)Y8IRc7;xupn9fyJB0-S7Coyj$~`P#HXbuJ
zF_HZXa6B;wMvT~$G$N`OE4umWar2AVqVQ$rG5cwTEjT@-Y6gGxifo<2L|D3Gpyq>&
ztY8TUGN!S+=_#qch;z`u``-8+)a=nriy*DFI`6PGGq+|PT|ywvoyDZzR8MO^HawY@
zzj?pQVREw)46!LICz|+<`RNY11kTr_)&@+D!!9!l!NK$w1;m-`e|>{P-8k?$MbqlB
zx!D3Ptfer18^76fxjIVPh$rIzHbNVP@LXXYG&$}LlHE42v&2X$IGFHA@{i6t%*<qh
zf~z2a>-bGTRW~e!lA5XlMcrP%i9xc8IyOJIeX9wnUqDiVEk|ZFfB$5Xk3zbD3xk<=
z!mQE62m?<eT6Q#Zs;!88!`JXCd_Qsa;B_7#=cBmq9%4^zLE|_96DclFhYePDw<zjY
z8KW<r6nVt;X19#r??Zcz=~#jupS<yClr#!B#OrmXq@eqMBT)OLke~teRimojBaPqv
zcxkth96~^cn>Alcj&sVpr7**_S}|0EW%ktpE7}_*Gw~>EROV^<lQB0Ow*q=Wl!`2J
z$I>7oIXOAf`6QGIz%Og_@&fa#t3fHVw#L}biiVNQ+N@RcapB-oSCiH;&B%zBTg}Kl
zdnfqcGd-S1RcXy`ImZ&6v&<p7fG42)Z?ob}Pw1mRa(rd4udnn(f4>bDs=_hy;xlm>
zKGhWL{Nd`3G7;k<3vt)oA1$JU&NS>~HutU}Eb1~5%qJJ;0?hk%YJ2+Jq})D#hX-uX
zbottSOu#Fc!mhGhze~%H4?If@lU%)*Iuaw@hRO_Zc7EiLZ1#~d4{f|s*Tn1{z{)qB
zn-P2u1Ah5FFq&$wefF}44w(n+U?u^(^!}uOi}HM}sV<u5X|{HtZnOvMZ;$rG_F+qV
zAQVwf4HC_-szoVWzf{CHnw9%B7+(FlJvwy}b<`fTomlf{!hVErXSeELYs+{hVLACV
zLV>In?Ay0+rc`|vo#h;_fg6fI==l)R+AatFWw|^;t_S<SEnLfINT<aw4?h^<zJH%@
z1k6+|?ygwz93T}kQc^T5&(6;5LHm(5iko-~8X3C<B?W|fLWvnXl{4=SQh7sY2ngO^
zrRZ3W4|6{J^@YAgES7ZAK7lYhJ)jl}`D-=dTb?=dn1U-S?PButw;_Q~O<gb&DVu3t
zzIJ?C7EPU%3ku3d6I+YVyYXRm-!Pt*z6>LsyH2F-*z9p|F;9L5dxPYqI)DhaK-kL0
zCIx`Vztx+LR~F9#o92A6+&O7+vcUAA*O3^|#S@HF4*&8%U65AT#sa0`iN940i)vVF
zo;6E-x99GRYUlTgAADpM@ON$NGC|%m$l$VmHhOP2LruEkpiF2NkIrekC&`f*Qkfyb
zMZ&)z1wu|mua=CPEC+xM(*z_!54X>)0po?Os#9JA+rVZdAXcd2A7nas)KrV{u|l@Y
z)G2OnJmdx1JyZ$I$2gw)ZLD8WcnLJT5G$QLd!$r{-p0f;Bp+wDA+{~$cqFO#e*Tmf
zJ0*>~oAEN=r>3Uh8TA<nk2oO^1EPZaQC{weL~xl{{Zo!TUrel#_9Yy6%9YI3XAk&P
z>e;bIUgEe)JMv@qf;oocQW6?nTN%EHXqWAT6{J<erL9>`vcvJ8U<e261J!)^go*3%
zekq(Hj*xD=Vq6-nOLHz?I09Gyw$h}KJ&i&j>BW;mI2JURqQN|N(+}wNhGw@iWYGPD
zhI>8d@mJVc|4fdm$c@vY@z$z7v~-d9`WA4~(%!;jmsMQ5M>Zp)HR&|Y=yM7+$T$F_
zt|&OxkMkYhU>hX^F-RS2`q%!AQIGa^2p~=8_Mmw2EoY_-3diWe>6L|{0-Jea5o0<`
zeFNw8PMwqj1R^&j;BTP(RvpOx=SmMNh<R2-mZceYQy?KFr8MLd2aZ-+b<|zh*|#v{
zo9y1|iSvNaBc;R&X`8{}dY!&r%(xJJ#mV=5w$9x@rJ20wR7Ep~5GS)wy=JlOdzG$O
zK3CU}qv7fdcgd17Dkk&5m_4(P2{!|<47_q&@0iXM^sdJ)S?rVj$wIt_dekf8Ep!~0
zmkaf5djOIgN1Zjwf`EwJcVe%8tu>9nij)!MK9Me{I{EDPkf#KOmZ=twGmidjGGQe5
zDp86~M~B~LV9>>({maf{_6TYLFiF(6w{LlKeYHyp85F;BBv&z#nbX*jaQ^dws}&3*
zTR`lRFMkyYEvbRXXw=qagZ)$V7ZY+oZ!O}IUJQO!!uBB+N5sGVRMcItL3nNA3vl9T
zt*7ICrMfy1n{oo-38%$Pb2xUOh?uq@AHV|S46GN<e}{L$%DnpT=60`;bsuobFfpmW
z)}B||<EQcJ-)6kFABj<4KBu#%kUXtbSg7HOt5r0h<7?`)4jjuq%+%}95shd6Ui*U<
z8R6RvyObFOvx}+qy*TdR!?@)oW7%SPA?rMNp<4f2ImK5tE5s}XBe9~<>4M=bU?9}|
zw3H4wHJ*=8)llwUr53PZ`N+%_nPD}o9-@r>Tvi=<I;PP6Nj>0ZZfECl!JZ~Oi>gCf
zTak~})-Hg2u6;#alka@71;^Ib^IXi27G>O5(9PLCJBiv@`}@=Sg}1;;Cg1FH#4=GA
z%LuY{A7ILtsY;uq@*G;DnilIXdAU}Rd5t*od&m{`?aEb*%f{>z{8RWs{vIM|9l47l
zAw^xa!)F$`Zg&ns8yuY2ZP=7-X8QE1e^?^pZRU=C=+5Idf`rF7t8S{Mx+7oQ_x|+n
z#pbg-^$!8xJJKHtRJAj+v)_SCO)J!7W+1xduYF71-zKN^O~($Lsc!|IitGq}U*8x3
zc3d)L+e@wViB;KXA{lbPY)D%5*dzRpb7Yk>-A!L6<@0aFt{PzI`H;;8lEq`)QL>{l
z@*f5<RIg2XH_^iZJeVFUr1fbK6`G25`+#R^b0s?c(r0T_T6ZU>rJ*l@>YAD~pG9(r
zGXO?{nnG2e{!al<n;n1^v?6sVfi>zB1;+1Mgwg4BclNpx3-ef6$-RyiCFeyk-Y+3(
zt7((hxpE7778<-Doc4Z@eRfX?i9rIb5}qc$jCKrIY6~4L_9o5Ds4xLaax*|ho(T>K
z^Vob7*Ne^{+Vgz56^sy4H##!nb8>Q0a}MxwNRwrYT3hvWTF03SYjReC9J?(0Xc1hl
z%1uI8v3Gx4t$(Ew){OHSKvDc%!Wn?0Sp?3C=K-1A4N!D8Y|YKR9bTTNMLrF!u3Mq}
zkRA%Nnfr$7V)YXH8BQ^$Qu48l(Z7!t<hE4ydPBM~_&N9y0JoI%OhB1FlyA%@8s&(Y
z+E1}NW=StV)<pBI>yZ#Xe!4;@{Me-2;`Loza=WjELc0)+o+`}!f$<pKsV!L_nm*BY
z9P|nYGYs^mpA?TAxdCH?2dV-vJNO$lcxLr}H94OmC2hXS$QZ>$_yA0TMj+jQL#dA6
zd?YEEsIxR*0+Dga7-)ou6ciN=!OC0AJ&k$2b3`ueiVF&EcE62F_m0soW{t5n^kssJ
zXQ`|~WlE6jqb+U0r*l-bl&)=&P6OIHYc~jOkSJ0ZA{(3jp+$q=$@Gq8L8$*6*#D#H
z90Tj>!X@0;w%ORW)i{l98;xzFu^U^BZ98eK#<qQTzkBcB{5i?VUTd#4?=v$=7(ilK
zBr5jLZ|LZ#<-hCTFdtf&E~9Ehlkgbg<95s70|4%LqbMZv0^Ag3g{0P{(JLN!k-s{e
zE!V{WmQ!ZqXOQmvj*bpDY3Z@=&d#@aX967U+_m-<XlzNg_Q0Fy8uX~}w4@2an2mQT
ztFL5K^%*!deVYxzATw&TnPqY@xdhI}UplL^IxCPv;(9EGuj-}8EQdIwfP&5<g)A<^
z$&MPJjynKQV8-Gzfb9CH<E`$`Ng#vR_Pq3?8<Dz}SOL!OOWF~lpZ`LII<4;|5);rS
zUMe0H?PK!@fjcLTR#&u5;EFDqEXW>e?CN^Cp!^dP_d4>@tE=iEG#%2x#YHC$0<*XR
z6ptj+w&~Tzrit5Tiz$>oMiL}Eg<zRGr^RuY|Kk_bJ{7PLzN}tVvu4H3{th@^IHP9N
zo36eE6KkE6QxUU$^q}{r;%sO#cox=128ao}fpC=Jkl^5DPaRjV*$SCzw=lx>g^#LK
zp~AS28r%NxJoIWHevqf8cxVua(JP{j`)Xx%x-TC5tVK{~1PYdwy-s^fT7grgcjxSQ
zPgUGP$8!<F)=>@ArCl!HSpV$}G=R}r1NMibe^uJ>y1E+#qM`7ucWZ*gVMh+2Q8*$=
z@$v2;a+kgsB7ELY%RCtSYx8m05&7OeM!_^lN9z+=!2*^#j5i6&aVv93aKL5n%0@(1
z-E85cTYiNXe_h-!4z^yjgDIU;H{#5Vvf@PZ#A|gZ`*DyIjJ|6*IG_}?hC&6s@30>J
zCDH8y$#m`6a9c<9_x%1|<iA>q8MoUgP2ZkR|0Z~#!$gIJjV)`i+Sn=5Hj|zo<0w<N
zl*=5#bJhFEQkno3zD77Sv9-chl%Oj8U?)N8z=Mo%&cBu`;KS$ZtU#vYmM!`VtB{WF
zO}P=g1Ek~N8S^ulthzf>w5H<7b-}QI3nvqk#zeyxpdH9QlglxmUBiF1feUfY5Pb2`
zTMeKu6i31kxozs3^!#?LfeT8VK^O=<o{&Kmn=&PVAX-R=eUWc7nzvWKEEv9^uXjJN
zyqD_U{ITJ&=2#*dS4Dzs_2|M;&o^1VOKn|Qk;U}MtnDI8Jg?f+l*k#fQA|zR3q>6u
zlAa5`AnV?HhIVlb)m!;!FGeG4)Gy3qLvH;ZkAk>`+{Rx^FK_LV+!O6iUg{vcw^F!V
zSn6Rn`^_MDgZT8PX<O3g*YaTdPKM{@8n-E@-PiCraSU0?_>@!(J7+-Bm336rSRb(<
zf2mkR$8#0%Ro9g}w=*)@$*Zi)x~@1(O-hpGWMRq3N=Y$;t(gQ$w}ypRYssGKTl5Ts
zd6>w__e_9Qih4A7!>hbLNuQD}=zNfL&(R*gsgJjrPLGGG3^bD@2fo}NOSI!<Or|*5
za0O)GK47hREsxGkP1$k6SD8HvGh;IZ;|v-#W5JaV(M__?4AOoBkHagIgG_w!o5h2}
zMGMm8Wa&br&-xk;yqStUo{F!2iyDB;sO|hNG1>?2<?=uPf(3j<92OQ<v#_FKZ7G>J
zj4u{mW|d@K99o4JQD7J&MZ^TQ(_8AwwA|J?0(5zp(&gBN;K&XffGbs3mIwWmpthtI
zHmP&K*0L`f#J2co_iy33)Eq3u1$Vrs1$oXx?{vHMUe^^8`Zct%(J3d|4~2+-gt!nw
zFq%8K018I~Ln!FmQKH}N`vJ5Qb^0zL^)PklJ7_-f_w(+JLebs=*k47(P5yOTr<6Iv
z;BR__FB?S!@)GR+=@?>|<4EDX4kYvi8iKe(6Erqek_i_f2Qy=|nF7@tt_pk<?%Wa2
zn_<uc1G8@<yO=8Yw|O4*N$ze$@W$HgBn4Fiv9o=itU8kVZ7!BL1S!vozbv4qnt_5j
zGR+_GcH4jICO6{>>O%^GQtIC{u5dHTho>#pfTLd!+k!?Sjd!;CY<!lQQbv}RRBW{G
zXl{b$fV$E*Q)n7@0)!*lh=$PdPuIc|>s6ZSFWJ=QA(@$(vzNsk=^u0u5FrlO0>1xX
zH9$*+vb#5TEb5`5qQb^OM*b_JUW`FOL9t6L_Ea(r6Z(iTPS0S!a&G$2xb3qp<?Aw6
z6liF+VNmvs=Mp#U0=!e`EG-d|(R=)B|Lnh|(oZLjKiKD@N*oFC9*)Q@;cBj~Pxoar
zsN{_DdRpgbl$MH0#kleK0ZTOmIY2R<k`>lSjSe?-N+;SJ_)fkkH8s*U0x#%w2hbOz
zy0ID<TbzHn>x+bk+IEo9=e(Z+{BEbKN=II|RGJ_v<;vF5xa)RTiH8}wVjUf&ntEyt
zd8vUWqD0~mo;Wz$W~dQDN$6M>6sQ>ys5>1UcT1+M@7gfzjgu-gjRA_fYcp3LqU?2*
zS*uy8`VurA`f_9ApCj5TD&NXW^HGo5AgT|)lcOe};Lj)~nl_L#r}I9=<*RIgl|%H-
z=xJ`OTRAqGd5Ia0zQV2m5g3vHG4?o=i%+Ci@OPSqhUR-%VD!_|(>>GJH$A<N(Of=z
zuYLfYl@0>9%5yk4xW=JqoO)4J)q5>3fzNHSPYo!Djchw(EIN;eqr2(H{-^>!dqRm_
zC7G8f@v?4sGK8LL;fDXN|J`rs0a(_6B;d8|qzE56?oYLNvEjM~3~00HG0V}G7d8m|
z;bwEHJdf<d90GnpnI7#V2Qzx7O+XKvzL^zrXf)044mp$ZB0PVJuSi8<F}fOymm~94
zfBW_=MKNJxb9&O2jw2JVa7Hw#cFYJ|JI-rfFpbat!rSDx0jadKx3s^@M&hzMpD@zg
zGahb+qVp|McXH}8On^}L?C14uA`TuH^*0bU4OLv~2W0X7g}oW@4S{op;;w_lmhva^
z>gW(Hc0{VL^%sp{ZYqrKaX|W}mxNapgl9u~Mn-H%gQ1X+Kdo4kL@d5Xxb~Z-4oPi~
zImC9?^73+wBCf1@v5bacZSc_ykcy?Afz5cukyU*YvSc)80lNzht5gZBv2R`keM)8z
zP)%nJ2F-O-PT)Yw$Sm$eC0As~ars2H`QGuKi)TOK>lMkCHS&Zsu`Utrb@74b$!l9S
z6k+&rtje1XdcO@mj8Y~0xa5^A=ct&#ho!~lM1YMZo{lVIR@zvN;N!`NXc(exiE}A`
zE>ZrMJGexC&R5OVATlU*2yuZ?^v+A`Axt=Ev|%{vK@1GlIV~%(q$GwYI~~2Je(Cl|
zSQ?s|LO@biNEK32f*luEwgz$hv09aNUDvn+TaIC#o}>N+1ZG}l_4Q>)77y@HEr)bH
z*R}&W1ixcrr-Ts@Vs^6_{`_s}0nJsFm7Qn;a=AA20S6$m8m)q;sOVODJ^aPWg%^{!
zvqs!>nFv<^%kZI4<4m4$Tt>|^A7!m|YTK$e*XS&DERt6plP=EkHV?jQ18Dc&qo;Bm
zDl+pYk1Q%S?=6jztj<osAdg?2q97~kI+8yYTqQWE5lg9`epx8mVgBeDs>T<wJ8Y$<
z?#E>y*JiL`2|IgYLbf01m%y>LJ$J>hU6&XLs#t5j;41Mm7<O-(>@vBze7>@S<rkaH
zqW($MTnoD4qw(60!otLbW4BIPp5{$wEi$#496g<f0R|M@^v|(_{F$4>O#t>6sL34u
zSBi>7C?i<eOW=&-7!e))hBtH(jmvIj?`7V%+CU*sfbFeDLPA1$l#2>PJsXZqtsjpj
znx|G!A-T5>lSFqHErAUk3K{qAe21M|R4je$Oa$cm00_!!+f#|3k33w<m0FD_bnSR>
zMojCVPhZVtm;73Gh0-n_Lz(MQnU;uFcyoT6G!hm4{u$RaERZ!&X$4LjP>f4t{5E>f
zE%B3{^QGRjK~08u4D<HRHnA+CPF=-iB3$s^Soq=ZKPItQKHF+m&w5YdH)}!3bXw<I
zPo?Ep_(oapNXuN`BT<E^f=$i@Q^#}~agW722*%ljX3IJvyj|!@prX=i1>!lq<Gp7h
z0eZ%2TwGku)cpK>T4Ti<`2X>IY(oIDla(Xj1N%WIBOmQ;)ZSxtTtBz4&=@i&<5~kU
zFn+yDS^3XC!jQ%JRIi!5qJa#IU?%>!$EZKm-h;zZDyUEY!FA=t9584>2<xX*D=S0r
z__!R@KyB9|WeT9#9UQWf+iYgZ(Bb=;!S-iAd_pQY2NQx{rXbI5t}~&d(xRY189pK#
z6pq74{u3LSa`F}#m(%X7ps;XH*zczkh;?XE(jQhJE+-Zt*^Ir2C<^^>f};bZi`ErW
zfoY}fHKox13zAlcP|UR-_Q!gdZxu}BuY6y#b;jBr4(Ej$-20Pj%O(TsK~;GH=J5yn
z%a5yPV2-C=xAsCxNr~0yer+UoWe&i8r#zHznl@+}`f<(7oSf>rCS63H#vbl^x*dkY
zKH0$249beo6Ky1iUDWe{c2qJHnDJ)a<e5RI+xDli^ZOTUSxHeKn9K*j#VO;mK9({V
z?3P!XKpd9&1F$ht6$;rEVV7(=X*qx8lJ~nHS)wp?h@x8u<ne4LDT7PP(;8Wi!AzlT
zrXE}!Pd~<IF!%qpb8tA~lB#OD_W;uIP4ZqMeHqN;@SGWbH5JR6-H@L*<o|@-d=)sm
z*9EcE{NaI<F3!JH{pV%J*BwE)jr&5A0GBz*%lwE>ri29P(@LV@T#|b7QVE!GVA6O0
zN!42Nzq`BZJFa2I!eqD&Yq&FqfPlz`^22lqA_9sU*j=CMmq}|^c{W3JxwyGA%Mb{%
zAdOv`?4MN9=7DqVfC&|k6U$FqGdF`xc+=k{`ev;_-mj014V_o>1#tE?G;iK|c=_R0
z-;EUJX03TYjwm#s!_6Ayc0kHVO>KGXCUGDzCoB*p#U!d?%*43cr>xEEPsKpE<??33
zHoK4RRWj!P_pZxi#JXWZ!FDM67zF6PVz#Il37o73!XU_+v*OmW4<IAUW}h0OCqx3)
z2q~hUYtDvT22C~7PMh5_H?bZ?+ceFWOO$MblAl|g<PBYn2--ZlA&;%T&onr`*}iNx
zu7Qpmrw@t=3-?-?o14d$<O<6QYeNB>(6q7JQQtp<)$hBOO7EL30{ec3o^FSo;9XBC
z4EaB&x7?~D(MIVL*dlE%U-L$vwMY}PH;UZs7f}~7w|PK$Hs%byU@?NWA%&Rmd0bpN
zpXa`+%N`(7{AR^~>M1^XySD5gt_~Itrd78^M89#)RDir@H_rd^^5_JS!EFmZd%r5$
z<W-k;%4;bYVbpYzauIzD>1MwLleVgr0P&IZ|E>?Sdme5Ov1%cm5CPf5FOGwD%Dl+v
zYAR2F8)9+Fb=|GIx`x&t_51it5M`q+CQ~IiZukr2!mnU-+>9#59_;IROq&Nutj(@e
zQn=hp0CvXWoLsTxc7^H)yNjc!#Bc9M4S*mB=m$b7fGQ@&FUe25ySB?A5yv8&QW({n
z_*^Ul_RIz4@i>E#@>U{bp`&ELBpDoq!8Igx+oaYhf&u{-PCk=^9=X}J$3@j3X#2#|
zu<^VLO26=C1tPpSsGX9-z8MZhUcQJ!<FZ9E)B;zGSi(|K@vI(1s$5%SemgO4h2cy3
zY5RGXzm3@s>pyqL$|BV|*J)cBpg32(A|a~gHsfD%Xr<t~MqbcccY<3$InG*0fD1GG
zcvo&Xz&j?@<<3nK8)<1L4@>|0eigY@k~ev98-ndy*Yx+`mSg^2i`-Zxva9RE$AWj@
zXUGT18E*T0wRuI2kJ?N_?AlgO?QXmGiceR@>aS>iL_<<pH1dwCX}v13#R>|PJe@Z{
zLL8VH3iN7@+3v)762Uf$H|*yvrrkYqHye~XM}YxmnACV`mi6yXn8l)_qh*&FeBR$j
zmfpY50th;CrKle~M3L$IOapb>fJ}9>l8^%?OWL2@^HVU8Z9iL(>4}h~#-WqgSlBiq
zmJ4$wu$Q4F?5TzIj_Y^b-}O6`lj;1Yu1b#FMDEqgrsq$%SaB2iZsN%-Sor22caHIP
zp(^+dw*H!_S$lHAU``L^B0KqF4R&QxnGpISR=N)X{hUxU7BNy{Vud?EG}D=_$&y6c
z2i*(}kjv!qFK<1xy80sa0l$6T4wROY)9nptf6qSdUe>X@(QJfVzRu?N>cz*6X9?@1
z8S}HE!$w&Om$0Onvs;(n-DvS7U(461Ro=3%kkPE4oF4#=VrZnAHrz~*{igog?=vJ}
zwu_6W3Nu@|;PN_by>~h9<<Tk0%9_W2pEL^fiC{=o@I+wu^GoPXHe`yAdjwGiBHB7p
z+6!#HJVhOmM!hX93PAwq&IAy-Ecc<801r)DYb#`p-^BQHkPr5Doy%u&u0W9<dM6Ss
zhxS*jM0ssvJN>+<JUGB~+{_QN9HO_mtLI_4)GaKAD|w;dNQ%1={>kqh>#zt2_+qSU
zOVXW|R6q72z4a4mA^NjEKaZ-yA7}XQw2@XuPcDSS(?c!W`*r%4RR$r!3LuL=?~e0M
zLM?Mh1A>j1U5jbj?YxOMl(}~tr>yUI7h*;bYi#zX_^t>2Qv0t8y=i1#nV~$k_4!MP
z$sw~f6fVsV`66V<c^v<8eXOOZl!_*Bc=&r`KOro!`LB{-dhgGKlSvmW;<SrfDc4Tv
z!%}b}_LZxv*J6x}_AW!*gpQ<Rkp90~ws~?5I?2MhfC}gt-F8>}K#_oyIA9V45J29`
zWveV~oQjA<8U!u2OCgS|B{U?%LCPz7^vgegtX-05`GCP*=`5EI2bCJh!x%L8fOan|
zWU5lpmIU~A?n)L&Dz3iaCok;nsN$`AnRLGND4GJdPIVq5A%H8DmY3Ia1tPat?;gJm
z0G-{BZ{KQ<njtXHg8KkJSpOT%3+YD=uN#BcxP?Yf2pof%w6xD~b#o`}zNaS#nOM2F
zpohSCsbqiXL#5y;>U8~x1(o(z$LDek)=aiz>lRRfiImId;Y6^87~SiDQrqg_<fK<v
z#!b3?${ldF(>=!Dl^)eWJ~%Ka6EopMPI^K2bs~#6K(7-;+*rbrZ7tVb%%6><<hwF4
z_%vV{k5x<+ZF)Vk&Ebpq6LO1N2ye)W52y)-gOM20_?q}|{=Jh-+Q>s&LSe41oG9-Z
z4RlsrkCWifmT0fdWoW$4te;dVkwX?ux_fVk@u+vOrDoBc%$%q%RmCL@o=&ZUtEWZ^
zM*6qN5d&szR37uQHOld%!5oN8rjV;VLgw!L{GC<Z^NZWf;A-R79Eu@x33CC0VDdow
zpnA07<Dm~N!elP{m2=VXT^X6j*;!}&W0gu%&bpzxr^6EXPI303T6$WVyHKii69GN|
z(g6W?Xv4?HdB81%tvL&AL_RG!Buae)6(cpCD!uipO)P#|<o7WhiOP*|a{Lorl}G0}
zf1hs6qBx^Q$e_r7*f`TxpSGl?CiUq=dVLCT44Mzqtcge6KH6E0P#$jfJX?2m0`cjW
z@m~qdVySO7*+ezh6b2>|3!}AiTTq!ER2k4dBI0DB-!(RyK)m%0s#8zpB`|Lx{KgHC
zSRpyj;K{=TCJr!=|5}%pm63_cgvS2FeZwIx{@XbR)N^@F)bS!qSy>z3alp{Y$2J>c
z#Ye9FHl4q2T$9(ZMogsi?@8y147>>CED#?19sO)<CLy|fQm?_Ko_ywZ2=Qa|=b*Zg
z@h%%rKOA<@Gr`bFjHu~8(RX!w1Qi6}m3oRzKoO7G;n4T*{ZXHpl%&F}Yw`o^b3SXd
zue4As&f&ILa7QJn>MJp%aZoCn!TR)xY6{kn!i<;W-be(Zpgq&q=e+Hg9~D_7R;GMz
z$WF`r31nT(H7jOV&)2$2MFTa_=YpV-6sX@Vk9@@tGPu9}%2t1b30Ko?R}InIUt~42
zj>UV<oMi!xF!TCr7;+dhVCUVj2gnS~uHz{`4tcbl&uWG*28M^Vn@!K;EA*1rnKnbS
z{q2F8T9>(-`)1V(ckIMp!4KE-JcTuap>J^oSi5_p7uN)zJV(kyQynx&Wqm-hT8+tR
zFCeZ3bk&QcGPdIhtLD8&NJYlnTf|m^!5UU)Wy<N)PL#A47K$D7ITINYrF!gL8++!z
zHJ?}ve<+3`@2Zr?!$2b)ZJXCAX4g6{`4nyUFXS?Cu-^aPxNfHByr;B6V5~>`(QK#X
zv#=!CR`P<ZiS9U@wcD*vp^#W{!>Hp+C+I7CsgJwn2aY|S=lO0n0|@s36n@?&Aq69%
z?)ukFIZ$?SnUCtnV`K^n>Yi=N&y>m3pFgSp)deg*Xwf!bw;Q|p()_!)7mxhAxFa*L
z0>W%x?88kK<o6IeI|tMy@3u*XU}j{`|3ps<5wbsCoCE^*!6SBzm`{QNsu*n<{bDz<
z7Ni3Pt3jXY7+OS2vnQhoAId$H38vu_mEMDRxMDQwwyncn`)71r9iRv*8fkGU)vXbI
zcJ$kkN3hT+Og&y((qvpb8=8Mz2RBA6KC*b5cpp}KE)(ZZUva3XiSU+*mbcx{U-|(B
zB7&^Mm=*g0!49Mx5@C{IOxS8>c;P56M@B9Lir+_G<Rh=q;yLgE4{5Lx6~AyG=s*tR
zr2xI~JYd<ot>tHG0;&jb_3}vnAXTSfV~eH_%HsYuUdJ0p$p0J6FXjL5?1FRRg5HPC
zcbfD->xz{5wPqtG*D+VSjvjaw9>vjvVUmfUTpkH^gd>0mFC74Y2g>papyrhKjimAA
zhYZe*D=9H&5ZFRR_BLQCsvfz`FFDLt|D7f2G9#B)jS0vjm{{;5ibWn75o0&2u**|M
zWPQGY8zR-;%Cv~{;WB#k*pc*~(KcZNAAs4;n0D^dJe<L?5`8a@BdEwW=rnvKv|DS~
z=sIp2T^O|F7poM~$aYE##hk*MI5zbOTA|VZuKI&uyXiIe^&-s{Z%U_3j8Sjl(@~X#
z4e=haQo{bmuUq<x6&!VPh~Xsrv=KVw!-qURtz{tWXn79^hxT=Dn`?v~Kxg|3amzcO
z3nAwPuxm9wx63t`RR07sJ!BOcRd1lC1v9%mt2svKH1w-XY6~Ey+8)OTungerhQt@h
z@Xz6~Vz;(XvP2i2Au9Rdig>9yTpQI_#1V?e8vVC$wv~haR#2?2;(p_B?VUTzQC&tY
z)d85-pYmLTuqGyX8I5aivkwT$Pq45q@%67{Y|`2wy^t~5U-BRh8QL^R#KiVdr&<LT
zn3$NLk4P9*Ep2Sh4BKYj@X^s7jBFKlMG)-WTQ&6Wq4CpG^`!|*$wQ`ya(kC`oXD_h
zOff=(%}1(rSnvUA)*|&#CI0nK5Q^-P553sxdSc`^8M0ST=LA7%?!Y{s)c3@lsMLN8
zwy@EHn@C8&M{Bg%XuXsZ7(He$=m-@G*op~%0Ueizz?r1-zrctKbAf~Up1{!)6cm&&
zK=NTX1;%e{B=AG&rp{QD3OOINJBCkBs+nNu@9WXfipRp_<!E9%EEz~Sz-!YL@eEu(
z7E4}se<{~X74A(VoBJ}R_YK|x`E18&5WL(s3@LfHv<zRuQi+PM&_|L8w!}Pt%+~J}
z<#Bo9psbWibbN6`Bmo3dXBW!|^bl3bxeozy6$;!OCfE6gp2uCTGOe%;JyQk&mu=hi
zGeFpXtu3z&1^ly^&qvj>okI4`jJe1N$g0RyEX?@fzy<0+qkd-bOIL-hm-jvtHSo=B
zoZ}S*Hz82!(khzpAskya)AOvcSlvrXJbe1A!Q;7x{PB1hxSLr}68kp21%&Otb{%hI
zmSF1pAqNsCg@g<uUzvM&ctHHin<TuO4z$v}S=zPzbq?Ab*K9~xtNhUJ;f4ED2jD5U
zms`vr{C>isiIg$qK!9jZ0!fWx?A!DQ^<<`N&hjr{qFPvSLCl0*s>S1O@OhE#ceyfN
zwum76tCtEoaR2oEpPXLNba5k+S#@~Dl|wBaDpSphtKd{&;J<~puBL7AD=pajj+{c_
zN&fF7#3z1tt$%9RdgY9An@v`ZeBXZzziODE8esU;v^FDbDy+Qgl=apb_)|D=R9EB7
z0u>_3rz$V!2c*a_i!ZRff9TBGZL24#U!%*h@=!8T^+b_^POQB@=h^mIyqF2lm180h
z4FI**T1ygn`~_-4;uz)29lY^>ooSU;mmQEj(eEMUW{I+~(NVW3nVFRcI05^|d@j4g
zU!gdlh&d5(4t8CyNp%70Noa8JKvXQpzxNi==~G0aAJ8$;!6mI7V8PVIdDF5G_CYFd
zvucMW?d`o3cy1lIh|p`eB3E0SCmJSjD$Nb>tY7gs?0B3m_5R+4sQLDD9}k1VmsHF!
zhIWihj48zDl3rggQ~UMq%OFt2er}4S;Mo^wtH-qV-F=W5*wz{b<EdC+VyNc<^j=@$
za`TR31T&iVJ1B)WRh21UN^002IyyR`(;_Nm5(bLz;(1rI0|R2^C{`2zm>vQ6DMn3;
z_C>@8ivsQ8qy;~fgp%M1$b*I~en_6Gm$Q;uWW8lJVo0Ty#c<OgM6?gPrPiHsA-8&F
z+*r!zCG<`oqO%mJc|gQi%wY#`NOpEXxmaxdK8y{Yt};)ex0WQKTyi(DWd6DvzDxh(
z$StIXdkeIe8oRxqs%jFuU3772Nq>Wo)s2Vu;NXBkNhwaUM&r_o5O}lBNG2d1pDGZy
z={yJnz=f&T8f4Eg5m^2OJm>ac6jmz~R9I|(JB+M4xZY#Vl8>3Sb)1w=+d*-3E}psh
zgl{=RmMBww8#Mzd>383&TFOhE{%>NJc#pGz`vOM?$+5}~5DVjpe<eQC)BKOde6(Yo
zZpUCQ1yyeM_tmA8PH_uQPH1MsexeQ;4~S7oNoPevBE(B<kfSFwBq6`Ig3l^0To6dh
z`hW$9W%5m9sH%L2ss5a@RBnD~0^O`oSU6pPcW%qNYo4XT{(*)mF1|ghBJsy+<NLO&
z<>l1_!SRA8-gJ&(oZb!ohZic(<pX+^KKu2?w-N{LE8X7vt2m^&2*cP75@W{&&z`vC
zgai(gyrN5{+;Ou3&gUJAyODrNS4l$DVg)rLuO}kcO!cXWorPRKIb)zM?r>v$eHn-!
z2-*e}c&=NQEs@XmCc?G8Xq??W@)U~isq9N$1QB6j*#I8LOE)}LtxR-G!U#3nt{^VU
zu}@_omtKU4DP4qrZiYl<xTjy~RJ^cQKw3+FS|QIKmP*hE3);tywW6u}tuKP^89Or#
z(r2kiErjE=;=~1*9T{pOT*N0KvygfAE-=IRVEgoHEs~a&Ch$c^<lWxXV8;UG-9KHj
zpD<BjIPWBTUm80O*D4Wre|R&!-3sf6VJKM^j79NA!-~a=$D(UDDlRI*xLwlsdmn!g
zH(=8F@>DmK&ELE_Hg-}O+J>JnpX?QHcI%WrZfy2L=DUhmAt~KkT}$x+^xiH}SYbO1
ziF}lh>{=RtadQY<BXm!`%yw_c-ZjVaDt!SUZz1aRdyAPbgc3Yg7yY<*d<8ko7CH)1
zH`)buUBe5Rm%G^vPu9Q#A%u?Ex+Nv7IQrZr!uRmQZs;$-5j<L@g8e|L?Xe=882h?R
z9jE9gaYD_BESJL<>##wK3^7e`Cr*{E+r#W;J8Qk(;@A&!74@UZ5dvG*I^aV?X;w*V
zLPem2_OYiH!Pw<v6_@IvuA!2dm9^e%xpup+gkgXfmMB8WCw$vCI%T8W6aQTrnnty`
z+SuL=UkV{GzK!5}%-Gno(#WnBIk}J!AnJUyC}5&pB@^(Z=j`udRST1%%=i$ox(t1d
zO+e&e%W}3p+>%!YCTaIqX-!Q55R3L-K!-l!-(B(W@LrvViy}hA`QzvO2`BMf!BKkd
zMquK40nE8@;_OlGj<bKVwA6y$?s6)+w-#1vzk6f^yJhC2c!=N;!bHm45w#Xk2<wOS
z%X9Cee5iq|tJ)w?A|M`{<r`S~BZlke;J(lv?7%|bvncXY0+;Y*j>+Af2LLWq7&hpp
zv4wVT<ls%5E%ILE&0L|YhO2q#q=g|8_ywcpVB~{&(UY3ttV{!uC(A<#WRen%Yr^f&
z8V2taimgdG3Dq{8@2hi(k}1e#KhR*7_%{+_beSaIF#ZnnI2y1xR<|-vSEkQ{5lM)h
zG&Dxz1|7qDvvhjl1s-pBS9P=9)$F?L6XJiKDS_?82h3Rv2SAa29TX1%<mTUiay1im
z_Be98!xvkPbV~qDj_Y1cOb?wvD<57FxFg}h*@0=g-{8lCEHz0{i0^oZ_m?PbsNLz>
zVdxJ?n!pt~0}?kk!)O-AXJtlu`bsk3J;S$e4sr!1b1z^9CHQD){3oTmRUZ<!hsc!j
z_%YS5{02!@&ZMf)l-Dwp#Y%UFUL!a-ledG(A!*gHHVhXVaD*jQML6A?4>>)pel7hf
zh`L*^_X$GQ%@E(NmE1QUj%Mp6#Z(A08b|6^&L{9i!m4Xe#e~Le)+c0wqbo`Ec-I^)
zCRrZTB7n2>eG*y0f>~cQ;^p}$#?~CA`UaSUfQ*MEmsQF1(FIcI0|4>4?EcmqeA^G0
z1VZx0xPh$ZF;{*EEKs;g!7l^jlbOvWC&w|dzUa@TnUN<{J3{+s2i;BJs5>I+PUNc4
z$H<p5q0wU^%O37tUeo5Uq)gZhU*`4*bCwQ)M2&I%x-hB;?Kk<_XHfk`Z#etb7YV13
z%1V5Dr&Xvicx5D){WJV(TZvUwclC80KBt>+)E0wZ76Q-M8kA3w{}C^B-+uf<Na-`k
z2AG<fDdSPs8%{yk1(<aYjV<Zh&J6=4O2=6TlEds_+s^GG7ncPlM<#tLf-@sNaDa!0
zWX9$^@z_UN@v{qdK*^W_g^$0QV{I7%jY~ChvXYKX`^P+T+<dQ#se%7BP-dg9p`pPg
z^8;<~h$}m#$BT`_o!b%65m37QvE%^!4x{FlMy!~jC3NcDxaZ**IZc5tmX?-@t(^)=
zPK<wQTJ&XiB{9O^R}Ju+VZT>`KfzdRvI!S5r!{ZHC8kOEdLI$x8j@@?7KR}ti~HIQ
z!3!hpj17{(Y;>6g#%9sN!yx+P;}H;4#r*GY-w0;l+3meDX)~KIPH3&3nNO`ufn5Cx
zo<F-9iJ$o~W#Q`X%Hi1in@rmP%E;WjIg<>o*MJM2P25{uW5)P!v->k80dvRw6_O%;
zF6>Xy0h34mMglYm2uR*dv030zN0Hvqa@VLu!Yr~pW1WoShqPJmL#MBkQT`j%x*xSn
zW;jbg_yQoPAC1oQh!yL{49DyNMg@02ub$gD|D?mZTgKe5U;&)u483T?Gwf+8bufS;
z7L2M0b1aN!m0zM1DRGrYc)O4_2w0H+M~okIc&>Z`vY8)V<^*Lq)uY7PxyXzKJw$BC
zo3M$n-G=KYi8g==lCG1%&8x21wHxbOYL-1k-p8KSWao-z{aOo~mwADA*FQRh*%{J(
z6yHIG!~OcTXr}Gl?He=9^Q7dX{7#E-cRkonzfH2AkCb~TKD?dTpiOTLNF2rlf;YZ`
zIBB04n-8cUnbE>#AFO}%nQK^(SdfTvXjH^a-fNdx?jgV4tw-!s>k#XJYOiD&l-lV>
zPK(#09q)Qsr%%u2y6c{@sbT0%&<s<eQo%6Vo4p68wr!hei-#%5@IhSfXnScPq;MP^
z(+7|n^WtPef(;*5SHEVTnUj;(;83)cv_?22c9rb_7ta!`hB!PWmhj65fbvzUJ~wPW
z!YS?Jn{W9Bj(zpAlN&1AI?8UR9!krrcS9iaD=!=&`e^t<BXcO0n1eCcP)w6+LAQ@Q
z+IQ+|w)i(Bm1@4h9h8#3ZX^nL1(7)IAE8ekd8mHF@G!LS)G-E<k2Znsw~hIWsN;O#
zzY!}$bMf{JH%@V?aHM|6pkTcIG&+#U>4RfhqxdmK-J~5y3Y?5^<z%C4UY|FzAiB_F
z=^=x*k*_}P9v;$pjfd{O)T=fRJ?ZQA^vm@@a2Og4ECFI;rW@4l_3iCqiYnW83A`3$
zpn7+j{iANGPk1=^X8~o97cA`6ueA%fgjh4A6oQH;A2L{9o$*pwbgZxW+{zlebw)qq
zSL0pBsAX9$EEikKt#I3XEjO`}&mH92@G?T)YSKx4LGmJ3WI8;Ol9E`iS{ff9;3{21
zx!u(yC21`uEC`P4+Ezza_+jO+*D}ef@Y0s&#4+DRceA+b?F|zEzM<#!_TiitlC>Cb
zJ-hYl<%l>p#Kf**HRx8%rj``@?{lYJalYM8qx-eTkQ<$A&)D^;i6PZcKPh>=_x2UI
z?4p~S@xr0F;}~z97!B9TLN;9Ksb6^wm7Wr+zpmkhhrET=gexdhi5z4{BVuFKqhux|
z>x-!ix|>gYt}_BO)5>tZQaueBy}SmbHo4on&@@)-G4N1XuvBB)=-2ibfy76`!NbqZ
z=dv*yj{Tud`gp&YJ)sYv8gOGCmXEFFg-p0Vu=PL-ulzR(7$W<@q>B<d(uT(LBP+*_
zT-OBQy1U6gY)uSq{!6##3Uq^~GjVH2)(pV!1WCwt2x(Zcpr5Y^#2PmR#ljX&RJsK(
z>OK0b66C8@TJ?Ux2mpLLM~3hi$tj$9y<>cImd#h}dLXJuKHj1d0|VV^U^NR%N`Na9
z(xj35OLDR@P8Bw>YKyD6mWqwePc5MHj*Abn<h}P&5fg;pouOTqx%T((4neaCuAgyn
zl*8{D(TNYUmSW>_AkeGQKyymm!tAU^U&5dP6F#_@nuhy;Md*mu9{b4aPZA=|BDi#a
z9PU5U(O=9=)_n3N`$UpL$8$#a+DU3=a;l7HI?}<oI|mSZC)@4e)NMN$v?Z<oX8*5S
zW%***pY88FI_|ET_F8Z#lI7>r=@uDnGxg(M>rwGxS-LSR%NE&gYfyauMTEYN`55iV
zj5i$PpXOAq8)xmF7W>;SETm3*@R(qnpcbQec7uRH5n>S+U>+(9Ttxgw6A_@B?KZ@i
zZX=Z6>%O?pbH5u40k;uMTu%8*l2{YNHX7Lkh#b1M5!`dXh4557am)_$&k8p3<=kj;
zsP$<pI}5Q%TF!Nf94@SJWUZ_QA_vxgvSMnLbE-$8I?Y;l4LMJjpLDxt6|q)wl3v{0
z?~h!_fA$0|s}3oR@Wwuxnp*D9y}>(RNL*+Q!9OA~vqZBK`^*V}!c^<g6~eiDN{J|I
zxbAlCIZ1E6lvxinyfh(CW1A3Y7}Q~3@nB$LYQ4O^=FZRK$+TQxMTY*<H4HK2m#a(6
zeSqIz0bqP@RuaXrG~4EN@833JA~O10O4@3_I&8ZLaKk-6m7qKj#0c@3e0Ns*W_ufG
zDj@dm_?~IY8B5AEe%a1rsmVTA!SNE#uRxoGh5T2T5>Z|v3ahkn?N+qm1kiSqq_F^z
z1DDI6-%{vTKCCJ}e`a>p4WIDgaXsizR5JI;fi+9LAQP#&jNBi<kg^*6+Hs-6zi#z<
zNq6+a)XM5)>ITBi5Lhf=<0<sKxrw(<Gp9?f)(Z=eWNYtv(TQIv+u2#kG}q2VP&m4b
z+gRwu7iE<dI%yBh&|0}k!7Y1n5}}ypLSyBbOS2dnc7AT=!PIZe06`uZOO@F2e^boL
z&kih|OlOO;IR}ATQK5%>cqzX&qmc4Uk}R(0O9$fq9y?RMYC-5Nb2*46K^16^=)u7|
z2?Z0CEbpo5=+PsQRs8;U1e12dJ2zWO1E<{PKX?S|?Ay-$r@tf{DAi6s38K7o>!9dr
zmj^!Hp_Xh{8<c{j$mu=QRf1EhZVyY33H&*W`Y&L_lu)Eubxoe<fj@xmH?Y);M^@W@
z+zOgiWYImY#gaKXYlEAu#`|uQ3ki~iB`Rb9Nc5@xzS_^!$_LRKCnJl)V&=*E62zms
z7-?a5uGXStLID(VU1e=XFhRz*bHq>n<G5TrQq^?s`)DbQa2l2f|IqTQUrM-V5o#b;
zx4PZBm_Q^8+5KKpv$2pyz_b;wE?*zuz1a4mB(Pn_31;A#ddd=zpQQMzS>>h{g45Wt
zgyD6xe#ytM+Y=C^W@Z)z2~5O|gG&zCO}ZY;ZZ}ThxIIBl)UZe;;KDRNppaJW*BUJ6
z1@X0!A^S;$OtSerUKp8~BanEJ2!GRi=ufhP<@<qm_!;g+9Cwh+6ebOivUh1pXmvDI
zBPuQ0AP}D|6NMJbpKZ0c2hc=h;#M?4#Y6J>9-!<`b)qNmXa&jIi!-}e91aNP5JBg|
zf-ls&-~s`a;ZkA)7FEBBhE_4*^uY*er?sCM3-XO5IzAPdX})%1({m6;a%jZ79S^OW
z*+Y9Gr}tYBkKGyb`{<?e+egR{0qwiQ>!*=Ez`h{y7u<J$Om$;0YVtcgyx9Xni*r=1
zL94>;B<;}o)=)D-&o|G@raE$1MwFG+Rj#De)To`6e`oxT2g4D1_;7}rLiW|m9HE`N
z3}1+(^~=UtW3dJxDP`xeJ#m(ffkJF|cUQ9c!t7e_R$k2McfQ3gO}1yyHy?N4DE`+~
z&m?tWv*We=<nB3aqukmenvED*at)!a+g1;%;N|oUGAVi9U$3LwJe&rW2&C-cP}p-7
zy(yB0m>1X!kGiL&HxG)eJA9QX^slN>Cpi=))TeMiR5XN(ehs#1mo_!!%<e|6)bYO}
zTo01UxLpHu7NxP{pdPUDSc!kHuUEtWu4S5@CE)GyQk>xjby)~WBr6HnXcJLjo?Eqj
zbyX^37YRcm+88-zH)P8C@<z?njrJCi&NyDmP*SX%hDB!wNs6ghWK-`84_qaA7^6kX
zfJ~w9xHA>`4V4lTu71$dO`S3EA~rc}P4+=6psIv+oI|38Cuc<#UA)56;$yU>Z+Goa
zBwCHGgIo=N#Lk;@64PJC=`DngH4#el>e9E%aF=tj<nSk_o9^^wzSqN0f9iQ_eO438
z@PF;psLTHyn*jT!IshvrPb*@k)@5-L{Gl(4;GsQ`DbT<C?YEcPN*}<9O!vfyt-xVw
z;D6EElb1hKt*oST{_$ftGOG=FDs6oVAqR;`RN4*gSGOj?QvW&!Hhth$65#xMLMbRP
zW;>in|KXLtt%?Iop>&q+-z9r^@~mut2p9OfuRJ`1;efA`llorWU0+T3bTJxQ>=BQe
zFSUAz#F1H;&E4QJ6vp^<(HbfB;LwByCBv}TOsyLUeu_Lq(hRoHv}3nmk)4TD)dzhL
zhx#|*9$J0tkQD~V_i(*^b|zeZkrSly&jWc3p~xGPl*ft}Lh-MS_sxM71@D)9YF1X2
zxOaD&B>6(COFCfbndR>@#tW!d+QM2_x$lWe<2#{0zjvkHrg~llwgl>_w<J)#_JT%<
zLc_tOX7e5vLX%pjwPir7VD^1Wz$;HRKv4YF=;2oSQ5dmH*sANu8JGl9vJ}!=i)Yb;
zjrrgZT~-!xxc7Wvbr`3xyKi!DuWe}=`q-5$;czee)AzLrnVM!KY1}o{%EE?J>gT9Q
zQlcao(Gz8sY{4vYL^U6}XE<jWjavx<4*5Kvh+L?8Yc6<M=X~U4r1gn13(c4@+RaGB
z=yL~7`sEYsrfNJ8pw*574gKv0nix+8e*%op{8CEnY5dK&`-1-sEUqGmu41pGl`gBO
z;=R(IaE9n}JP<rb4j?8#D%2uae>qy9Nc~8S^LO?mx0qPD5lSJn8Dp0OHv3TNiVUS7
zY||<9yH=ZEEeTRuYbp;`xeb&M{a>(Av{L~Pm{5k1bmPgiTfpSznqK1|D9{^|#Ez*T
zaOB1nlWe-VC9k-IlY)ltZC2{P9o>DS{|^{zz4(O$rU0v(Ew1Q`bt^?l>H@{zz|Ij1
z=v~NTa>`WqS>DI`qrQT?Z>mMp?Wu#N`2d_!a`!#S*2a$FDkVh~HJ8G#FqqFfqV$gf
zhz)6izgRH!<WE%47?$sSF~GJFvr!~|Lb5|jH6jWy?Bc-fE=I+QKd-nruQgPfOhtXE
zAX1v9uC(x{##41xNlRg*j+UBeWqC2mkqGRK!$!CZ`&aS-nJt4zl1?R9DSO#VH5eL;
zOvSq#hWtoeB~5WOQQ71a_WZ{px#$|vF(guD$la%e4!U&Xz(^SPiuDe?eMx}`qJin9
z!h61|aG?VBe9M=282MqdU(fYgTgif)HTdaOH{w1=`E)z65LW43)s+-j(;9oqqFCxG
zbk$t{Rv)C;;+EH=)#v-;RvkuiG9Lx4-7lf(kS&+peel}QWdpdI^`gzWu`%iN7WIDz
z82y0AV_?U!bpz@+f#FsIj8>M*046l@@zY~C2v1XYK!U(sXCi~Tre*~AQ^cRgOOMTx
zqVBW2nR>71=rYl=cTbs-8C)u=V-J)U4GHnP7-C(%g?Km_n$Z<*d!-+8^i~!YLI4GL
zr;U~$MKQ!o3@YyL=b|J*frdiF2m>=Oo)p~j<zz`an&HpW3=_L1n{^~hKjAeyaSja)
zo|5<vwDNMh;;oFMzPxml2%3+X5oFaL4GP0MyI+Zq?a0X~M1=aGZb_)Wp`MhC1X1Z2
zqz5r`=rwQdL9NGJP?Bs`K5=x5Y)`JSNHkcr-&>eSVg0m?foD+;j0X*col6lyn@cz2
zlp$#Y4tsnUz@s^LJ%yMZ4|oR2&(~X>;S+$W5>$LK79A%7h#7HA&L{rApicci1Pn8E
zsZdtAY}T6IiL03gT*QS;dad=fwRt`7X~yAp&GeIRxCFyaA;p_9&0di0X0CaOxuTq=
z*!6ON(Sz(Z8T;Tsw++uFez3cT2ky`jJY5cZQEH2m-`9^&3IT}$XtC*Gr?#syD<k&|
z+{`X-Up+$5ojiTR9zh7BFxij0&y;m&&;*rUWECO$#)yO+>t~(#)!h>0gfyyzj|Bfc
z(-8{;K|*p`Q4#(&=dgGq(Bp2Xxbb=)Fg-R3iq52z6dSd|Q-$Z~iDr|ROAOi5;Dv)*
zUu!Ugd>Dx;{)ov}im%W@dsfBi`kEdd>|beUtO@};yrI{-PTCe2936w<-<|;GOb%OI
zg{|k1%~t13zO@OojSiy;cGA;<fKjocE>sIBpU0e>oP5{)$aWNtZsRsm<iSp_%MUR$
zG~?+y)(w@|i|n5H*)WEF2qL=*dNybvs{6=HDAZkQfKt-GB~3^ap|Q@fUDv@`RMe;6
zKy`4Ad6j?Ev%qBF5YPLjAb_g8h=UazODz2a4>|w)wlS-&3$a8p;Tw_vtNW2rlo;ss
zeVHi2mY=v6ai5SF3=C>~I5A2DbYhFNkWXBtI(rdJ*^iYxlp4ImpQvo)gVbPxDN1<y
z`yG^>J~Dym#2$k?O+{b2DL6=os%jr3cZcpifbYax8ct-d90hPs#`Nz*^7ep6MJcMQ
z$1QhlxU$7aM0I#^#&@j0xYoywdxJJ7g^6;t0nl25huhH~k|5Rjpo_5R;VwE^buoYl
z=I7y&um<oVtVNr4JA9l($+J@G{*<1VUOyPl@HGD=C{kdUoX!t4tsMo1|54H361r)*
zj&|8Olaz3gQ5G$8cv9r<yCN|{HE!4k7u#>$^&W)%>-IBw?djl~w}-E{5h3@RVU|@*
zPT-CUNSTt(_ZVQqM;;>wKkDulD5STR$QQ)elqGA|H-O|hXS#0}S5&08Fxi$V5KIXl
z#BiIfn}*Cr4mSZd1wZh2a!kAj;xzMXt8TLzncEh#b%>7M_nIGMpN;H_D6hbYJ6)lx
zlGe=mVB)&ImdVWr|2CzYtkLNS!(qx$qN(Q+%!rnWD-jztf$W;6IpZ3eM0oQcGLokE
z?-f=|thqCUki$2b2=!A1>^ENnKa>RD&ga6=a@S9aojH^*j)~9Z#b@X3#eu<lNXfH~
zjN+SJK1HMyB1*)Gqc<Vq$-$3AG~su-L>xK6rcr-pf%L8JZyP`;s0@HKyq4PA!=U4J
z?6h}_BCE5?@&D3_$0T@%##?QLzi6>C?)t)~c{r7gC$vRSBFX11#H@ADuSyEXK>T<7
z_oibUJbxe^J^gfVIEs7?T+lW+z!-NS&;I`Xo3EzGPwDVz^P5=d;;Bu~D`Eb!1K9QT
z&OQ|S3sV^7>jG3ncqwP}FdHXlf)F$iy-rVvtH%)kdceQyTV}U|Aq}=S9#;DB>p|@=
z*6Fl(UldC6SQ+&stqqNL##<K!YkL~w;g5u?_P*v$lR}6=AemjPqWlzZ3o|Jp@7cUj
zj31X-HkQryyC9p69A=~28lu^sv3W)af|ZKT{y(HH7P;MjRE1<^-^i*l_vBl4BV(Q+
zEiI3i)NAyT**Q2E+;6x7bJxT$E5Udq;uKRUS1)**X_&XmC@xX~<;TAV7Pd_grW}6B
zcB^@ulQ_!L`%_HXJi^Qeq2rU}`#g&l7)o`^fHyE#<(rjldwO}QySZJ$#XSKR@TU4Y
zK&gm#u};75cl!Xg>uYG(i;H793JaXmGDH+cdD{MxJ|v-0jE&#iMn%Lw6}2abQ+JpQ
zT~m3Ji{)K03HV;}LH7k~Erpl<@f;fF(NgvyK$wl(<V;alVOQ^<FRf;LR-AvTZutpx
z*Y_%G+$nK!a_Vb+&x$L_EcEAMWYnx|O;`NfHfDeRx8*O*j+OIBxI{AKkCcz~&lsqt
zyGAMcAcbqu>t9YEecsa<Eg(Tqg;(GVr4BfvDP4r}RxhSqg3{yj@$>Iv(rH|AoQ#qQ
z+o5TGQ6Y|5{7yX4d_`DY%|X7fvVTLmJnQVKiw)mysD^WLd>o>!q0u6nb4k+aT!2`_
zDpB7B75=TI@s1$i-y}8k`+U@>W{m)B&=n1B&CA;ln&h$1?S8MW;-S@-mls@IBF0wk
zuSF5SU#9Y_I7I>otCqOGk0~wBc$mBfB%t!slN0P9P|Jpw>3Z8>a1RuhC}h;VZ4~6c
z+uJ2q&~t;zZiFmlWlhy(2_N3UH#fMb(Dd$a?K_@#bq$yZxKwhAXViVXy4^(m*5!ZH
zf7+fq8N~hqLg~<PZXpR8=RYm`kAwe&Hnf^ydG*)`WBUaSVm$Wot6NRDfh7C@ybFZH
zzw--7A+YEkg_jtotW`_&U9ZdZ7oDVVZZgy8u0oTxxBDeIw`oLW)lJ@>u8~++Sd!GL
zbv%4G9%#*wNVgUNSGe@AdWm{pNM#qFYzbPL>U_8wCl!_Na=-lK#~3TglhqZe9rPW)
zVU(BU<vkKv`@XCvC#wc-wdYa~m0Jt=fcJhS`zi&*9Fsnr(hH}gpo(meKcRR7KM>nE
zCgNUkn*n(H--0MG3!z(8$Tp*i!3Ren<BW*-%tm6B&CQSAbk!|*7p>C9zR=1hlj*FK
zugCKm-|V7In3Y5CvauZR&9YbqTx<mpez<Ad0H97QkR)EO^@8Q)qGrE%`DKz_d)@$z
zlvhZT`(7C~UZPux1Y`N?*;-bZltNlqzXYwdclVy`*F9*o6xfA(+Q;|3=P*Sg`bHOg
zV>2^X2tDmH4YGsjzd5vQ2POU^K;!6XvrYQo?(1U^<dp8ohWF%XytNh=Q^3?fP*M@h
zKiF4YO>K<F`Ji(Dx9K>8<G&}3(jQhk+{|{P?f$CmykzkO(qsvLOE6Cc_*S6~o@3Ug
zoc%xx<sJ!PBoz{2XR0TSwHL;=BkfJEUg*s!gtg=ULjwC*n9sjpY7jspYwGE3mfvx%
zpxIxZk{zad6+}^*If%2)rS!<t&CDk`oXMhF0_IMv_qPr?g>0U7e93x1S_wA;)CZ@H
za@C3{1`UI~q9VU<D+3M=^IK~!9=wSTJ#YBoJp_VyF+k!d$$V=NP8F6`V#u=JjqMfl
zuytZA0dJFIe<;H6O09}4ZvccE)Lvf*9M9a`T&hB@K<n~IAD##I^dV0I&~J8*H}p$s
z71rXsseSiuC^nMUcjr#p#(&sF_17E|2Zvp7R8&-JP(R7qH|LrtJKYMB_1X3wV_!t*
z3TuJsg#OWCi<1H0BPD<F)2StJRNENa?;UaWBN~9G0}hBd!&<DtoX-ISeqnBhzdfiV
zBzchql1MeoOs<k3ImJ4ZzrQdwf0+BH0@)N7G5h0~UWD8yEwGua%>TXuVe;{R-4Q^!
zYl)g&OWVlt&Fzif!*Rs#-)}_yI6@i(0yq&b_X%R^Q&Ykj{d?N?J`JAV2lbo2DFAj2
zoc+T?PAE?2i!|WV16I0xUbTFEKb)YTUJ1|+T1evHLT6GV=f__li$MtAG&9|{a<D$G
z@~R7V(=nb30{~$j60EIfZFQBf0WhC`_q$-{?>`PYZK|3_-y4cSEw**vk~W5><$8QC
zKkr*Y_apCS*E&$YeYs!T2HcCQCnqNnbUHMlA;5?C)-^S4mX()h)S8SM<sJ_a23N>C
zuilxNQPx(6^YV`X*qhS~h;Lnb8CI;BVH?W?WYNXNMX^iW4=I^X)U9=#pcAAE{PDPV
zO#-CiTF|B{qKyO1;IftAByrlB@b6S_lYkY}YPor}t{1cdjmdJ3d<%$A)&u^VW{eGY
zyWC9*M2^<nTsmyT8SJ)mUv{RzJ^-Q$DaU2x<A_IDS=mj#1|T-juU?@1b}0Q)f?|Fy
zT6$CzWgr0Vi5tVb!43c6u|roLQ4JWl>-Use&_Kf391TEWBLLPs{)OWLcMoVqA~7T5
zCk5S`VK-3vTWGibL!XMVJIj#eP|Zx1(EslKCB7%K5y(5R_Vv|+13V60keAC$x){ZR
za1#^e(>c10ZkL<<Ilh(%YBFJo6LL_>wKF>mX$L<fODz7#eMdguVh(WBdnI7-OxfCM
z+szWN>z`=_J{Apxl$M`g)Ex*ms{uy-bFcSnPA)fp(W_5hHc^W?$4xE_O4+i?D=U*c
z4kk2d*E!+l|A)A*45}+=+Pr9R_uvxTA-KB+cXvo|cbA~S-Q6unaCg_>?he6i5AXMV
zRa>=x_Sfz$QukEu+_`6_`^<FrbU#lbST5Aw194+Ckw6E){<%J|^y;2@q=Pv^<LHb(
zz0EW=2-i~Wx#|}E<>*#ueL}o*4YnhCL3U;97w+DvhcZ!<;h~q^K_d2z1h3Ca^W;b(
zt!+!Iex|Cz;jGuPA&q}}RQ;HAFW=pk$zl55uG8|<wW%xFWwD)yH4Z{CD7V4;`A$S8
znZdcRehyHSr@lXwar;GNRuxG|sQdf(PUes=s;(mS3Y)KVCP30N+@0==MB>Uv`v2Z%
zGJXEYFg&2{+rTfvhnq;lz*%V`TR=ctNN5YldAQRqqPLUqU;I-a1%V!Bwses?ghSX4
z<P)p1H;_=vU@>+$JPZje{EhHC8W|cH!3vlPID{@h60-QyJb3k4o=EAtbt%KxFqcOr
zL73X(x|Bo};m@$-(7sFcOg^K_K~4W}W-c7|L17NfN;NkDP->KBfJvv_(9qC}O|NrU
z&2<I-Go2P8wX1(S<ix9oJ^KJsf^tI)uuPQimX~b%zPQP%7n>fVj9m`K5UrH(?6AD!
z5bWK<o82Bqe@<#70)Uuf0Sw^-i}~yVu+9O2pgV)LBpJMskr7-VsWScwy6!(eYQEj~
z)BhVf+SB2og*gMD-YW)${qy^-AeT^-;WQp&;^6@X4QScRi3$1d3_5nYVRDx#RY<c4
z$W0%3DgdXEUY$c=a_ri4iPh6{(UQpoD0cxtX~0VgC_u(Q$(TQ%E}KM={GExU`E7#J
zJtp)^JrjSacNR`>CGaFefo?o)YzR$(lp4#y3Gou%pQE;S_Nfw^YBxOSW-_6wSY%Vj
z<NiR35Ja8*GD_g1z~+ko%7#-HitqO7Ez})l&*!3Vik_VYNk*<VF&d6|D5`*Ogfs8A
zRL$S$`8!++zB6$m>N5ubrD3QGao*8mw47K|Q{xXXV7fZn|M@KntOqU5^C{)tnz9B#
zk|o)=WY%sEySM#KFSdAuyat`lOV^kOob6u`LO%Nipio_emJ9(Ys#q<5{?O|IN$8%)
z?ne&2M<bBRy<nt&%Wq+eN?PnG2?`4^^Z&4_{Ax(Nv%RgdLWC_vv>aV%i7@C?U4($I
zU<d*D;${Gbdh*kn2EMOG+fZm692C~Dtk%tT>jpjDJFz|G>ebxFww=C{daWYqH3IN~
zkB|k(x#O^_02GocFE6j`VbADwfpSn-S-5cN9vb^dK`q~7s}|gqXWocaDfFl)CVI8s
z@-OG~$)lN{UE?CHgn)7j9a3(@D;LTB;Q}DIcupEO2=L!4YK9H(AxWEx5x_Kd^gi>2
zOw|eCE)l$FQbzNf+H+r6MY@LIjJ^ApBz;iCq_{rp4x<x<S)Fk^Io|EBvGb<&K6^7|
z<&Oy%MrKHwV`xu7{?oKVZTTD*1t8k8%=n(7se&rAbl#HBW)C>LF634LvmmxN6xr4k
zK+w?nbg!?-Ob6zrsi>$Z(nbE=uy*due#}(yBd0(57Yiiu+Lo6CR-GmXp7jP1x1hER
z>-vzz1VO7e(!yVunC=&%Fsmpcfj6+#5)~S#^_#c1H&$2tW-d=-YdMIpN@{eEo2Z32
ztUxC(38*}kSY}(Crm0Xa$(D2w#z;<J>lY@Evs!pb*tdp9=)#J&I)QWB`37LgkASd!
ztEmY!1|q?e-;ea?xLRD%YRL)^QoXEB41&B~X2U2a_%d=Ucn!D_VjDkd3b3?r#*+R1
zf(Np%3jW}8yEJG^PEMXKg}*O4UDXfjsyAiQY><`^ktGy`<#3G(rJ8@eRHr&sMDoB$
zi~zE#oJb1&isVjXqA#+0VjEf?lR|CRwkq<AijshIK4v_Rlv;08oGLJQIs~#r6bvWd
znUBENhnG`MR)~-)_}6z}7Yu-#wuF=@=7C=Y3`WD;;O-Y36zwq@Q55aXB>;JUJt3XL
zcEZI0DITEgvYf)_&#`DuqqAQvv8fYLZFN+!V<rPg+2L@G1SFp=OGa~HTfC<VmFrO`
z^KCIzON{ylhE6x920iQug9mExwGl$TA9AWIAjtT~(?78PZfM9?udZujTJDnT88l@m
z%r8IyLkU9hP8ax2EMh^x<qZ!{k5Gi!^-RPYX$N7iprJtpKV1m`JW2VJd~?E|3?UBL
zoKc{`=U0hll9ZAZ7Ln8PQ$6@(=0vllN%B!n97gkBhzih0k%vD4uoX_460Pe}>8Xgf
z2x4i#yOsA-p(|bt+Cl;lBfY@LOmPUAJ&tB5Yyd-8f^d!J=Ul8(h@edFZ7CTqASzjH
zzd0<7UtNfA+41qSJV2PpL{v1$W^Pv0d9eQ8v+H$@yq{(;8X&CRkceDWkNsv<6CNa}
zy)5MSE5M$OQP0O9taL2-0{7iqyja}wP82xD#PN}-l2J#K{2f7P+O6%H!JNYH{geq{
z`=)Hs2+7KP+!h23iX^V^PS3dK-QP!O6L!D`t`!lh_e-iI(1N4Sf2_Y)KCf8`2$eEs
zs)U$;wKHxM^-myG`7+SgXVLC<C44lHNy)9LsR@3`P9g+WR#(^K*-yBQ7^q^Bwr3i~
z0`c?{=5lr;26u@FXPX-E<i*n%&%|Kkk}-uuR0?B5(s<L1b9ydS9b}x2C3Z2t9#k*A
z<xqY3VmJe^sekQ(A(O9$?FG)ff*%=vvG}QU1AM-=@|oPX>wi;i>Ykfo_Kqy3>2eCE
z0_L{37Q-y9L_%c=c+@C;sx#Yf0ZOoZ&USHxBC_c^mRNV9*}=q=l#;BB3|`1QJ<5rY
zXhz0r6BtIcpJ8**!#SwO*A~0Jmi&bsac3OiA##4P-jhDa&On;aOF;oSdz)hKOIY;n
z$UqGNr@M)X300+b)A?@88MYd)+?#@_HJ5BjzF0lT?D&@t8DwZ@0eod~8aFrhH*o}_
ze=`Fv7izp6;DL|cDf|qWdv9D(&VTaH9|TgRvDJAY5({v4st!Nn%QIfZP`yd|v@U#U
z!-+g~OCl};vH*e~DS)DAW_*-!t@h;+>eFe&p4fI{D4y#KRt=ujE<w+29j6T-gKYh9
zvB`Yc<0L8+n_kNU)svbjrBSG|5{<{XXW@3PQymc?%Nd&bd$as!>5P9d2K@o>s46#(
zxf6W!EQ02!qCJeYAOLhlH2~i&GIHz<P!e9-#*x`RlPd1pi%M=`9dmwbh|ODruXF(V
zYtpjecSn=iBKkX8^%VWJX3J;2A7O(AKJp_sgV1-MTsS?R#aUc*45UNDR3#!Ed=Y=^
z|8?D-kC$OsS5~Xgum|I=+Zo3$Y5<03iH<TJ5c?Tre7Sjg*?wmAWW4q3clgN^UcXtH
zXEKB2*9%k#r-~{tE`1sDOvhU-ueY{{B@Nw5@{_2>Ryz(egngN;fprcpH-nhKYG0?x
zj`qH3foIBmcUBedjN)U7htL_qQ!cxF0bxkY)mVZX9;awm@Q^b<eOQF5O)-tSr(;s%
zUc>p71xq-Wf4a0f_y+gZK!p|xY9c&;r6DvlG}!CY9bMg0hw=OBANZ<m0=lB|xa{P@
zeV^O8jbG4Xql^@Roj|!c?vK=qL53V*yPK>*vF_ZM!JQJ!{cm01@HZ=6QlC6JQ-GSn
z3cdEHQ$Tau2pVQCzYAJ0duvSzEl*QxnFZcHDFeH!JzE;bO~+$hXY^)BKuT3W)8NnE
ztgOW-60LrK_@)3Xm!*mIp<HX*CI8=57R2JG*-2}}W=pF5Z{5J}40>IgnNt1l9<3se
z(MAQ)6_<B&Cz$SyyS!5;D!XY9<Oa1tc+>CS+^u%8k6gTt2(wF)azC?nefBm0)JCX7
z!Qavn_2$J9YRto)5?<}@lRMj?sMBOX>@Jho3d#irh~CWtJ_!6QL)S3ONRoP`ma|JY
zI2j}TYXpsF<1q>RY;M8C_OQX-Y`|yHhKc4rsk0UHCeOiWJ|5@)Cd&w&qvmHe=B81A
zJ>0Xmdau-eV<pj=SJs0Z&noJ18+T1YRF*lm7-##i7U&!0(dXyp!t?X<8*=9%fdjrH
ze5YtyqLA-?9h$YZ_GCIbI%AcUi#*(|0>y-@%taziP7j1A^FVqo98gS%`nWMl?(tNJ
z5K>DDaPNJO!XEp>YF@R(m7&+=gh40($HwJzI<+nlE9E^h@?C27-?Qto1!g?ux6eE8
z%MQAYH8mF78%~#gX0o1v01n-nKMay+-3P40R$qfbYO<m^bGI*|Xv6*_-cWNlLPOW4
z?AvG8fc<R#9q!K1HkHEK+SsO}9@FBhDx6+xK~JbfnP{GNFJU%fD40aQB$-gM-Xoe!
z7Oj3r+0*A}0pC5xopT%@MVs~`Z7y)7)<6RcO9LkfY`Oxl4jDD-OomOFx`FM#z^U=K
zq0D9;BxaahAcm2kT~bZ?AZA4V`^)#-Ddi#nhin~@u8}EYH@<|sVQuuF14~&Y6$eT5
zi{mF(D@7=#S^w7iKT&Z>N$1hpj0PHV2dyK9%}7PC9reYC+Thfp&6SN)1_%we|Kw2H
zy_OP58UYWS7AQwg>fGXGrCdeD>$MV8ao6GNylQdXOiAXta8JpDBUR0;gu9d=FG4k@
zU(iV$JQ76U0TiVdt0Vbq2D`Q0_=dIwtkZrbtLQOMUd3t?>LO<lxex1|Lgv%E=r}xW
zY@RHLXYU`ob#{eruGiaYDeDOmzg=lsUHAkAHP%6d&mM+bn)cNal*Z%8ZR{bWPV$jo
zHPlIMOH9D&xG(!&Q-i+1Nf2g;tzlsJ7mn2$rf>>nd}gMz0D;W)$3hfJ9FUg!?^**c
ztP)u6Bh#a94<{}AJ~w&Gy>p$L(2)1(R~Pe;Ixpa(n?nR@@;Bc?6g3nSezD|_zN~Kp
zl2QtITz5QXjz6Qaf$3VYKmy5rtujApa_Z7_+U~Ox=nh7k#BVP)vO{M5ape7=utLZL
zg9+-FrvU$RU?&9qz411G8c2B0oXNiBOR?-jEdQMf?VdH1!eN#ERV(}D`>oa>*ehoE
z2Nwm~yg}CID#^azLDGdvO4$Ng`}Su&1D-;ty~?a`)KeggvUho+tO1K(E3xK5Zw#CD
zEk4ED!&$F{y+A0%gOi6x`vYCt&O<k)N@}q=&afHHY#Bw~@4tQU4NpFsHbLzL3m6eq
zJ@vdop^mC5uzvDgbQ@?Br~7BdL@IJo%c%tw&s+{0uS>~H*rwXeV=X2q)lCA%h{F`O
z+ab!*I)LK?((KswK1s2J)e}z}!pTqo;G)nA4i@A7`t|GGW_=Ie5mN>vU>*+o$8Q46
zDAB#3BcM|Lv|-h)|8zIFuWT*7A-H8*41(0Hg$xsy1C*x?xJg5Ry{AGzK%nY+&TRqE
zec8;+;s3J&*wF9Ak7ciW1Iiu20%-WZ&RyE%Ova_86pI+`u$t18AH!VNk$!M3|8|UL
z5K(Y8dpG(H2GJU|#`k7EsU#uT&jLexTHj*_0cb`uG$-|kuM~n#ekzDfcazGc)9(5R
zwxXD4fOb*VC6=%xL<s7}#LblPLQ7wq+>4t{%WOSeoPtuX--k)$0D?YJBJ<9|PEJlD
z-4_E}g~nP^R?=-Y%Qr(u$V4GA@G)*>8EJ1xhLS-rm~D4JP-pV;+&QtVbKzH-oMbJ}
zOBfdZlZLXs{=1L3_y8SU1=A`d@QhbM1a$*Og&76Fei=BG#`0eF_E1Z+*UItzrwe=i
z`8}w+@UJ6`7U%n{f;EaxE$m}Z->z_fvAtn<RdV%YSw)!$u)G~7Bzhctx3nCH!e=Kj
z*z6*?(r~iR%1~b#xw6l7G|DHEla-Yw#QB^}p{prI5fCb^Dux#|9Vc<3R>B&D8Li+g
zV`XOC2*j_EUBL-0EUl~t_}#BXKQ-}m+mU_D9G1lpE(Qi07hs)|!_dF}S#&BoDp%9i
zE;G!X5BL@!gTd_meRJyrW*I0a31OsYZ=RGB$maj3wF7lP>oGKtyxz>uK^G${;Ne$u
zOS1m>TVn|OK~|aZg3C=d#X!P;zV-XCBs89dMQNUeMeoilD~(o9QHr8xF?G6BH+_(J
zeCt}bYNoo9NsA#ve&YTLaV8hOJf@iirS}Z5Cbm2bTme|x-dcZu|Je_$(5c|0&5WbK
z?;ILP=mXU8wqVHEIu+V_HSeqw`5f+hyFtJl20ciG+o;>fmX=hk0Q@jkSg5E4)U>xW
z3d)}oq_FkuAyntLcXu)B?fOm@1x1fdUGi*{j8=zM7neqkaH}!&4zMKK#;9|<7K0((
zr%~p=`Nn7}4>0i)Nq0IYS}h6e#n*VK9qxGQdtPpKV*)sODexiy7Z?M=zWSysXHhSx
zRh7x{8929CULjhp;@PRI^MA{M8>J{i(_PA+$4eP-XG6;s6Bps%KtAeUZ88limJ0TA
zf81+7>M3t3J{TXq5LjU9Kw4)A&Qih@38m=_>Cl0LYp>ti#i;YVC&2jRlUy}bUS307
zy*Qf82#t-^hM$lg&(6eg@0^{nXuEqzDow-Ar~m7**#-?fTg&!eq9`{W#56G`bpcm}
zMDma1DMCS-sVm`YPZYJOQ8;*7Sqb3SS~e7%1__{LUE30U1|YPqm`a>SUdq$Z2asqq
z+j2VRB8MS3fmB&2*7l(a4HG3j#ZNu(X}M@htkR+pGSVSm`pl7UZ(0Md;c58=kRVfj
zCs<fl>(vqUiHgx42ApID7)>_i8Lh$XnRxDwjNDG3Bp<3lQcK#P83SZNM!`_Fo|wCx
z=laU8dL)zwsvGwgG6gaMNkdp2v`KFFRiZ5Sa<M}z0W*`wFuY1V!fleJz8vKA6k!O6
zPbB3OA_~4OIZDTii14K@+ui6^0p$lb9+w)3guKmn%MIV*xA-QHoDG?*p+1HQkQ<8r
z-h?Kk_w@8krzn3lD=Yg)r{Ae0=d?anH7`-#4p!SG%Q}(%xVK2WrlBTZ2w&syZ{M1W
zgt1dNXV<$y@O*_7gXmrQwi|**B!@ZQK$aMDcyw@<{0pfdIwoeG5>*@Gwh^i7WfKNE
zdMVcPKX>}z9`$d;mvcS$FtD%+sQz<;f_)wjzAk3a+(x#ZjkxSrIs4))QEHRT>>P_X
zy^E!D+=N!vQ3{&w!FHCGsgmyQn6GbUMwXfszCgl(zNQ%cpR#c2r>BEpwk!l)wr(~s
zly8BF!BY>@EG5NlFgx$kPN?%sl!$g|+V|gy2wo1Nh1KrL4aLR9^}xWuT>csd9}NM|
z*3qS(1bi710B)vgFtIg)s3(q8yj`|XjW3@npqv`n&Tt0*!Y}lr>&(1Vvj_#E_O_}3
z4l`K={qR2a@cv4Der^^D8S|s?afF6H51FF>aDJ3qMaJ5|iwON;J*n$P@!?z(D00re
z_>RjJ&~T+Z6#4vLm66GBT)_-O6tTZR$U7%Sc^DxU#|#vGZunU884%pn`ghdwoSw|T
z%?%A>lK@QqLHc(dq`%LhM+lp=$VIbV8IBM4zCYHz9VfPw?e{`vKmAgtC!h&qEI2JJ
zMCt8^NlE(fJN54w-Q16^y%T3<>I|EOsESwv0Bdiy8$*kWi>n<#zK#O+q{_)ZeV4cs
zDvYcggj0xkUyYb>?q=&q6%-X~yJu#OD-sjuxooZv44KZL09Q&L{xrl;9l_YGi^>xy
zgh-4(&^-(B*1|z}1`@?9pA+qi8H0uk3QYb5h711C8FYgBAeQjx5^evnR3~E>cz$UR
z_9;7QZ5k(ozt2Dek_^#}mhnDKy}-!Oa2n=P{m-92pM@X{Kcf1EpMbTw1;frE^dCuB
zMbc3(Gg+cE_SiXna6S+Mx`2R!12b%3z89`fCqbklBNGV;7Yrjc_QfnJ2Xe=XWM){r
zVF<Pv^*h>3_MqQWv-7k@ARXiVN!^g}p=Y_fw4G1%49^=*ke`7HTFY^O8JDOSj9Hg}
zu7*h$Pm)M@R;gJiJ@g}x^M)}GpjGGRzpPuBRiBUH`r;t$zxy?f+}j-0*9@%=yvv?g
z45Qu1d<4e(r)dzN0pnnwRlysEBg{%D*)7aU)8-$`^8Gj2)NYeR?p{kiQ#&ZqqH>7o
zvfkpXByoPJSVnsK&)k3wk-k`^%M+Zh3Iw<S&FuCP8)dkXt;P~<%*d!70eEW|I5L=P
zhMnXE>{nM{XH_3)ph^I9`(#m@hy$=q`hefwfByL53uKWxyv;9R$lAT#T@&YP9Zn@x
zMXCm!Jn>YvMoNJy;XbFY;nG$owovN4?H+tBpX=KLVq<GtfyswI{~g`^f(Oh(iW)dJ
zCJqCl(FuTt$Zca|6X8nG!sU5$jz>7Y^~#SkskoobBrXpbK`$#oaiXefs-dDPE;!}5
zB@u(30My2Z3VA|N7R$&021S;ghc|$72M$b3QIsH@{m1d|rg)(ewL<XW#f5<5pnrNj
z$HD>|f|@E7YgT>_hj@7_lRTMGGlAs$n&)Lz*9v2!r}S~ex|1S1hG^nmS=2K&gN|F&
z>`AWyHw~aAOumAnAK^EH==<wy7Vf8u_EK#ZY}oq~GIee_Ul0r1AqBrl4nlEqL^qS<
zaD}HM$8W0lyLM4($@iaOVPQaJ-Josj*?H#Qis<g&$R8b^iOM+ghS8hhUA1hqQ*SPT
z2ex&a%$IG6h?;zfI+Me~+}imU$E*u!QF^&)ullq$l^hjASnM+CeWRA^`~Kz(@O|Am
zI<z>U7r!&5+<gK@9s=c+DGnL<0zh{Zb&U@{Ch;;deuH>uG?P1-<PnwwmuO--Ln6Dy
z)>8OK^@QmwX)$M@r>BPrgle#p)XKkoOJ&(3B-9M-uE7F?gM$TO1OOu0K?Hgk8s`2`
zQJIsxv?k#5wv|>?L?vq}6wqr>@%~jaCaSBG7-q@y$CmbFwoXdQFt$29Pz2p`x5K@h
zih_aygbKiyzdL-OPoSWq)9(D^W=^RB2h28v^w`8i`X5ItR=8`|e=r$pU9_PDuyj)N
z!2*sgrDtz0hww4blb7gec_hFPj+d90r#YpAyX^=+ZVl<$*(u^^E&S)tY4C36-uK*x
zW$QhJZg!UhrK1`k8!2CWC~Wh%uS#N}JZ&Z@VR`je*bk-a8=dKQ$a!KEm3=H)uiw9a
z8xd2CA2}N_rF{F)XggH;cI^#x9oGQTzR}Uq*qUF&&WD?NL?PwF9OXzTaVZ7G#C~!&
znV&4KQ-3KXC;ocLz1Fnq5Y+K1Gjewi=G0YyeWNVlt;y*zX#V_hlMMTw0ko8q#T;(U
zq@<)y5F%NJoLS>&euH-aJ=FZnp)&uE5}jFM3jcG6r!bh!InsLwBbq%Z_V>N?0gfx!
z>R>`Xc{Ms3hS-9LQXe29)Y<;?=-R}r0DyY|if}3cQv#s~0xTecD`B~(rw8}^JMJD(
z&8_5kE2%O$@<iV9!OKO3_=}M!Z#l4RMqi_#7+=b)#L6`&U-z^a@LNpVt7yYzXc#Bl
zm6ab)-J?Yvq}5`sucZ~b+db}1rNF@&);%D|);IuD6Y_`jpaC~<(r(B^kddUwu<!k0
zOu)jz_Ga;Ue*Fg&{Yz6H9nmbd<rR>$!_bprc(}ah%;`63)fS5y+d}!&zIi|NWA2F!
zh4YDVJ?1;X5tAmqwrp9CMAW4<LCrTX*1<t-U?wW($Z)@ovH-aI+g4UqQe+a*uv!L2
zu~0_15!47pH^7<;Jqzm}al4oYPpUhHg^G)dI|7`2C`!7=&OQrl^>bna3C{~dk`e02
z1gqs0zS%Z%YvhtWGjY7a5Kl17W^~&_*us05&H$0Aob%NumFs<LXKNqS25#09g7*^+
zihxv2u4{ng82Qz(9muYu72>@;o<Dhf_-Q5e>)cqJi0hTrfC*;-2xmagiup;Z1E9r@
zn|HU1#M_BUNnbB-PZrzb;^Ra8CTWQ|b%CANZKKndvBztb66}lOl8jIpU>N-F@U^uM
z_(d$FAReBrE*(cj^JQ!lg0zCnqf?L*GjVPXJ8{a&A}S$|!#y$T@uCcmwk*vGFqC0C
zeU$00_vJeN`GQNM*a!;?s}iS}n40RRF|dUt#l})Asi{riaM~H*MN1ko>HbFn5y-Zo
zc9eh{q~k8CCCt+YZubNU903w{6&o;?Y@ZHzf#-8g%Lf@)CECMk6e?3v6s%owukaL6
z{l%G?{XO7_{%DG(#8A=5TJCRIZlj}qxe1TBjCFHQhkS5@<^5Mp#?Mcx+r<_TCiHL6
z`;WXLoHyTXnAYOMW5=~L4JnFSxj<z@7RcBTCAPXHudXAvEf2^QZbMRCWLr=^!Am=_
zkV7Oc7#S&ZAE7CGT*pj=OGs3M>v+G6P5m6a6V8G}Pp7j4EM~4wLRwQzogUi{Kg0h3
z&l2W4Y?&}h8L`&NYm9%l0XNi#Vy0xz%xECLzppbHpcobw7H$)_r3fRuWq&ZbrKVL>
z<SI$?&j@^Tqldqrw&ndd7y)3U!!`A?Kxum+LHja4K#HPO5J8f!K0H2t-^wre{iC!E
zJeYfYGu{FX8=Db|8L9`i1BqzGP!0#72>wF_0w0Y9`~0Z<S1#Nl1yi~QmzTACQ1taT
zCU=2gJ1nqO6F>?7bk`qM!LNYmfF`ncf(`7pL;F}65C#py3-lk8p6<>fh@*z1fr1Nw
ze-Q|LKnHdM3MR|*pYH!ZU)~6?IFs0ykem5}fR~h*yl9oML4bk`1SAFs1_lO1VW+L|
z@yY+Z*ntZLOJgTz2UABzW?;Q%;bi&>yfJ;{;9&oscQFxmHWtpW%wM@U*x6V)zA`wv
znD=X0I_?ahzIJpP_0T7~(&C^vZsIT$su(33tM}`p9Xuojz(@+yOVtP-F6(Fe@HM+x
zsJm3+x2S;^nR|FVxmAY(z|%454b6<{-m12YW;Bszd8<{&dCTiMV{eb6$SmnUz0++Y
zymW0xBbFMoUXQNFuaT9)FVa|SM}>J+&MF@)pY1zGTnpV?R~lRUz1}V_QPkE9G&neJ
z?uAE2Ic$@jpVK*nVU}H6^)bpLG@A@u7c1P2YSWTW9F%QVUUh=4_&*m{4;;~+>a8W0
zd(@XUdFuUH>&%q32|qFXTH(&bE5&uNADi`^-ZErWz<T9Hk&uDn^CbPeBF4DX*9ots
zivFE6ovR9Fy3BL=^Ns0FLm>f_^OIIHRlV5}mer)QmuLMBq97Kyh{lwXqjuk#3n9tI
z$D-AXYt=v5_d9KGjTJUF+R~r6VUc-N#5{T2FYa|PZsDXE%+kHu%NBtH=X>%(3}lu5
z{>Y#ar|LDI2ty+bZUU_<28L^LN7{T@VyA+P$OM(U*VDKp`p~G_@AmqM$O`)n`g@+X
z9Vo3YA!x?B9N6_ui!Voz>dwjua*Wasj>Kid1gg)wGP$#B>2Q^Syxfc%8~b9fcFePb
zJ>Q($bGMjgQ|C*$v8o9f%}Nyw@dkf#q0abx8SSBxs{f}UNzyD*JJf1DuOxg<_$_IJ
z9q~)WO>tcGc&7)%UDIu^9K^lu!AZ9-FTim|ar8aC^;%;`q@hrGgr7cxo6Cm7c#PcJ
zVb=zZfY(zz$XKA*JzhX9{a9Hl>D%OXzT3LhP%(2_mRm~SV3NA}t#R>g9A#uGQ2kAs
z?aF(pZ$dP0Uu~ObpQ)etJv-|Yy31{c71ynGL67L5zZ84F#$azkODUDzpKMI1<H&1|
z+gkiQ%6-P)UpJ~p=(&zHzkmA@xsav;RqJ9HSJ)X?_}k^ZBJoqtw6H0{^UZzz^)%&E
zeF)(w<@#@xf3d9g2Bkgd2P#ib`$~qsByYv6;_(e?Borqndq>TxMg-QTav1#esc?Bq
z!;jn8cr_W>*RV0zd$&I1SZzx_!$m)CNNsNvS7QqJR1~ypAD-_8bX>mDsh9V6p6naj
z#-XJA(w}#QjI19ubknTB5<N?AYp?hUseDNCCaKbq5fczNd^TH!pXkvbcjOsVZ>?Ip
ztfIm8E}>nyC}0>*f)O}VrklL8>9DT3k!j7(wd$}=l(}Ieo{X<B22&~L-Lx_%wj{@y
z<XU>qF%)#%zLXSWZA;>A+>Ho7ji34Z$GHUOTGO}hc%4;0j~?7>gC`e=+;;s>E(|Qb
zoz~V&pI<>3{K+p1hI2mMTYN0i5}?0(bYZkCKYr?M`LR+LTjTe%1C_*&vVo7F6K{@f
zOZIjdajF#({8VF`{zP_~Rs))jbhgA9v@Zx1BJB`0|MU})g9<(Si_2qkdAb@u7LOH<
z?)7O<u}{xl9YtW1@jims)ZFDJn3Qw6F<9=gNy=$-{=?8Y`e-Lc(sNtswY4XMiu!HK
zA^7}P)7BO~#4NQhZ2zWHqdPGMY<;QU$=;sk61FG%`L-n1yq<;b_~Y~rs&rHr=fiXN
z#=x(zS&mka!-B>Z=f_=yP^4h(Gq7n$j9)6wjvH;T(#xn8=A>R^<?2vQ#vLY*+6y+=
z%13X~A#m!A3syo{P;O&Ff(RF#PCO`gre@YiRF|H?gvBwlf4<!)%d?cQik<Ar^2Y8<
z?(&yzn7th7d4F#XE6H|#!EKqzM@KDTpWkVvDp(&xnMfz@@!k2JQ8Gn+91ih$&=8|s
zv^_gupTX9)m>4FWxyYF<J$m+XQh0!YE$JcX2?BLCLOy^E_N;rX*0!o?#X-zJc}{5K
z;7nKKQw$R7&Ewha(cRx^r`CGv>c&5OYdV99#HGl{4G+nZ7_V<ppBWE0dUw`3yrMG5
z8lFI6@~k0Mt@eTfb>y%w-w1!^vqjd0p-JFM92M(c`-E#XTQS<CU#C_1K9XdJg))8h
zCb;O_kQJv~+_f!wa~CU4IUJS8ZDZyXTjDHSX|VT?Mjv^cdpYNK$Fvyf1TWGskbYs2
zWHz^2wvc#>>WiVO(N|TR{nJUHst*mb4~g;>0VV`TB_fg7A`EIz8ZImcwe-ke9K$f-
zx8aw9?s#}*@G2&<+(NDr!OwUIibbX*^u&@BxdUEkcnF14X$FNe3PQs0rXDG_R|P*n
z^C-dsb2KawX5}fqM^jL-zo=Y2MlT1XMWA$Xztn`|r1SjEpZIH`KR<wj)f1R$ZJ+aM
zk|lEvkHA<bR6LO4cTe1_gl7!VBMJ2bJk<>13p|V5C+a@(DgT)_6Rbg!(HAGJXq|tG
z^|`%)`IY%^Bt@LF0xjsD@b`QY(kKSu5eQLs^%4U#)99FTM~3*t;=(vtcXjI`O+wE4
zo)EtLQ?kuE8ds*=H)Z_FXvo-&oYs;>R}*B|69?fe7@R@kVULY%ifZbDyaz>iBv0Rg
zj$6SrF*B{i9Stul{f`z+gxVNw4m53_0QE&2;ZQ<&2kX;M%W$~JZd9WgDb#`$i!Tbi
zTF%JEn1(!A6quS6Znfm~nZ!Npzdkz{g1ZYV>mE`mH&E>D(xruqAw_TJ!-y64K$<8A
zh!zupw<?m-K*jtL%~i7u{XOa2Pmva9KNT5=g=+<|`ppcNygisT)0Z@#+SZV1uk;RF
zAo{d`-GqjcvYgD?5?jZmsh8gm=_|NeU95?2mru7{7p0)omLD}7_*LHaR{iW3FlqEH
zKmV65z2|?b#JAR(SYl~U&l-*r$-m;Xo?57&Gj6dPMcCT8LS{Z&*9G#)OG&UUqUhoL
z*5>|MH0A)ETMUpkAW=lld?9tlbqKzRsE5W80vl)|O*q7N+2MSgMG7hH7hP5SGlS$V
z)Gbey1Lqd^fCkxE=m$4f?hiv^N?t%CLcjt~PHr3|_xgjl*hmhh4eALL%K8<F3tTXo
zQ-T!ER2_4TY01Xh{S)qB%dDwnB6^Kv?)4!j_f*<!4->#YO6pI({hL+d?TLNq3U}nz
z7n8GS^?`|FfbhZb_xEq-#GefjGcJV8gFy=AX-ul!BI5QBc23`y(xKm&#)eCj<%}W(
zKSxs~^<Zj1@NJrNs?`%FK2oJ8^dewEvR%est0HSIpz5w}K^IVWbu-=tRi_%|XnXA8
zDvhz2Qf$hSqq3G65$1<;B<UYwKxShZ#532kILXAU8HaY;F@ECyHTJ2F43di_;1pK|
zDS_hCL>!;xuz$m@pti#<Jr`OseyR-89L1;eI5PL)tad$%8g6#Z&j|A3fuV@Tda&ds
zX`f>4k-OxiM}&j^Ho>eGA?S`w75w8HnaX=W>gS+3{1$Q-)EeKxb>tae#a^3hE6cK4
z>Lzo}j6fzNoS5Rk)6*Z`+_y>rN-|=wO!#WIc7-T<DMpT&>iexTj^L`6z<YMONpwg@
z9%jQ1G<gYOfBmaZAwJS+=O>K6Bt*z^R<6gfL&Y?!<DeD9j(y=>0X{+kFVnT)5CIXg
z6K~BGD(<L%l<BuYhfQNHl)6(KO{4_6Px46+)T921dy=Ca^$+A<13K}D-3n2_l8lHb
zZEP_G?D%gH8Dlu9BvY_CYb;tb7&(@fCS`^tB?<7@XR&j){zd+gxuyRll9>B^mjmPH
z&_T4AYF;v@{y94p@jfOf6)thGlKrsgWcM|Sq8CTj9Ht*S2W9w~=bMg{t3L?r5gt+m
z?81_}B#dua6CZpqBodx(YpJO93r@Af)$3<`JlA_jj#Zp4Gt{PkLc7)2Yqwo?e3vxY
z_!V_zdcVz9PswB?gH{5t@Qwafc}>&iNE~P8eljP|b`EimWv%PRy_>^*D`K|~MOssL
z4CA>#8IyW#nAjxQ+xJ5x@tY^?K>Pzc3d^93yadZ;Z=#D&?j?Ir{mn%G)EnL$QO|L8
z7-wU+Zx!#+FjRiPVODevo*cx#0KIwfm8JPlKSJscNTz`rcRNzAp%8eYEsY#V1wGuI
z&)KZkFMY1V!%WXlmk-%oZJ&{{Gx7Dj_b<;cFMl3-8wttMK#gs32ah5Z>iO}YWzOG#
z{5esuW#&NgtA`SAaDrWF;3x!Pw1z2PC`oT?RPpT@(*%QBJ8QkU>VjCcsV7)+Q$>~S
zL^hs}-%rlA9*Zt_waJgKAIBDQ5cRff%3qF@Z0guNJYpu%K(Du*X2)-O&T}_2)(627
z+&A9!O3i`~<ySGJ?!gxWE$`k3FC4R>jXv!c_^<A>!&IM`?C0V&%}c*a4ciY`(c6^L
zSmXQ=r8J^15hYEhmfj4~plv)7a(NqB37hymnx~Rk{|>Le=_<diFY^-hcs>3OQjqxs
zBL=fb+>8JMK~n+F&;Pw^#LOWMFuO4^v5GMPK*Im^&c!au^;JZOja{4**dK*NK3t<h
zjTM^}Ni^?Cb+&|LSeJAo*Bh(9xCW>QHPt+tr#pTmmQtUk*d!n0yk4`E*W`xlPUXz-
zr%+p4&Q*)0JKk<Bn^cisIjuup$9u?+gm0f+4!=Ink8f{e`_9e_%Y~Y4u&)?yY|!2H
zZZF1MR27HL^AuvF+|Q~muG1}q_O8u4xVsA2#2f0+x4JCZKI?W0$jZd0>}|WX^Xb_R
zc5wY5d~*4F7V=7-@qF|;yjR<rX)D0b|0PDAA+@C{xl~uH++O6{#$D*Xlz@3~RI-M3
zT9M3DG>7l$!u+gD{rgiHvoPO$G|u`~D(<!r3*x=;%0@u_x4T!v$D^C#)RNf(9w$m8
zVkfKg*0<Dkx5J(J)2E{<%V$g6$zb0#TeXwk@jOXoci&Z~(A%q9!&!khW49Jfjq)F*
zb#0qFQiBdm4mC$MSYg4Vd-Tg5^N93`8+80J=||r?Uw1Cgs@`{QYTlP!UumR_9`ZER
z>o?g-t>a4dudArbTAT-7b(iMmxY?IYh_HydUD{8O<reYr!Y{w}#g7dkt_odOzug{j
zyocO3wm(fW`5;z5Yz6O++QkUc@lOmc>Usu4o~HE<j#p{kj{Vy}xjfm6y*y>%<AJ+1
z8eBKOHo9^>vk@uUy9gb3dHzPDS+e)zfCUF{RU_-czCF@rM0;^Veh}tzd|qhgHUqXO
z*I4{@oX6sO=o!;G-TKDJWDj}=g7IQZtjf?N>x`dpz?!5tCt=4+lPz+n;Y!SSR!16}
zf*Kjz@yz3E(Fr5!K1+^!eO|<z<(gA3nbl3kL-SH#jtG7Fa+?d8TBnq?Q}9(f#NLP<
zcV(zVi$i_0b)&K`!}&AQ>0cQ4qX$QMn`uE!-7lri&Tj!Q_c~b=?lz;?eFl^d<?52V
zKI84WH@}yxJMPz*l_eVPcVJfMSN6391_lr@>*3^y2DWG&ZaT{HTzoOe(i8gElyg?|
z{9s?6-^hQ_it=Mz=sIc)t{cQ3x5?`iu^hw+V-`unon5p1ta9^V!E}^p`xUDkf}Oj8
zrr6HVvtKHHhyJXPMmMZilLsU#B+))z_`uOKDEKrGdPZj5%Ng+IWKar2h;oG5-~5Y^
zcPNZ6qf!ED0K14c)b^ZTx5zbq{irKBn=JWxZO-nVNtwtZW?xmrIm$MfE|c1#0B(!v
zA5&W2z@pi*V9J->Nfi^1(ixYf>6%t#?y!EZ`-f8|zsF1RNBS}TPOYdCdU@s7#{%7L
zrzkQ=2uFx_%ob?}eE%QXzZ~7Ab*P6drP6|;8~@R5%8F$`hss$c9t$gq^-u0fBTUfp
zw#olwx8NNm>4&P+oO+s-?kB3IQg73yX)$F9{!Y)%DW<BRxE%%_KSvcFm?kR~L0+h;
z5~f_9gNgtr_AS@}-D?crOGv%j2WXJZ_LBY0Qt6T)Bq)A?e2BeDn4f>Dj2ME$AWY1*
zwNHhU-E9W^n7X4((BXIFYGRhuIw>|Ci#e96fPo@OEOE(S-eH<VOky*bIH(ap;h)5h
z!h)hW5adWiFoY#UWe#I_Ucz&lUyv%pQLeb@>PbODea_*f@h$t-U+@-bu4sCFlm@;r
z<!9v->}po+*JB|>Bf!Xl8G*%{TOtJH(hU5@GRD01564T<II5YOl4<+AtkhJ<$o>aL
zuP?<VRYes|vyTd=e`@Z9>8F%rUdB{o67;a{a^PhIN{}1cXDjJo@nb<F3y}3ywQ!Ce
zSxr0~?OFjC1_N}7Mc2K#T;<?1eOkNk;l0RWI|w$NP{;`LC!-+>eSoi;AqoiGI@ZVS
zi=}D3d#7gzJEeuAjthf<u8%NUiA-*#aETvJB+g3J41?Ggy4fwOE@XJPgOcoDBt}Rq
zp~lc$@hnE>3rg>86B^jyh)H{hDD`OCW{9v5-(?aYswu9isP*?@k5NHtLg7s6W0PKy
zlsB1qG{b?(LCA$hH`4yZQf(%c1!Kd?e)+@{iD-6|Ld||Blv4GB1&>#c*u?yf2uZXs
z*J+MKS6^p31mC8LrI+W_3&`Ho10YWIHYxG~ewdi_F&W@=Wj0y(4Exhk!1`Gw*-|IV
z2>sKEo>CghFhtvJ$qA$QfoC=W^Tgu(!wfvIQPfR@P5gUvBvEbNoKy&#8l*>09F_(P
zxCh~;6Nr-lBtHo%hS)uZ`NJ(-h4ibO?7uIg|8oiY!!1|^T=MO9SjKWSm4stq){6;!
zMXlPlFp9N*sl8*N-iu2J@au7>@D?=wks_G^;e#QM9~_>q(63m+38#t^JQ5?U;=)j4
zDp^|@ZzsuW|L>8;oXHVa{xm|TEQ8PRGTJsd2XjU@v5ln5qSRcvm`E`#n>w>61rrHc
zf;f(q7BPwjQDY3m^;1&KyGzM`gA*Qn{mCdMo_Mp4ag)Z#b#!VFj449h9(2eFa>4;|
zBY_A$`5{3F4ua(zeEbpDA3e+8S%RSR7AHn=oD%Sj4?k;KJq%z`|22qY#U@^;xWl??
zNhByR+jt~(p&MK!iW_nsws(PV4U3hMO?(0AFoDb%qy<Gf&4(E@wg{3?NG?Ikzi)`g
zOluQfqsA4RW?0o0I9yx?M090yxX)b6!wqai^+<C6T_bJ<K7K2#{Ph+2xq@Up!AtTF
z4>I%V`rm~#zOyDiEGo~qPTFwv@^+4X+V$qcC^HWe;!I9esO-7}{@~k0{N2)gPk}RC
z?`|Hw9H@%3xTl20(9CJLF-|uG{vQ>E9HjATeZ6{4tKi?ST1O}Z#f#z~1=C0qZA3M^
zW*?0i_A!fbo|k|1Y-1}zGFAst{*V$5D#4E59X3TC-HlX;h5y0Cia!w4suS8ha%e;^
zkcDfRh3>0=(-^(3X1<=b*j8D*X^#3*u^dU;LA{h}C%GVtB{Q+50U5UAC&_j7F#S&R
zVwCihh&YjiAS)*Uui1>s$ndESt_Us9$bm3BGouDhn~hdFm==P=xO}_E*w?1lb0?w$
zot0&<opQ8yU1emER=64z{biGGeU)w^iA();Xi@q3y(24&A(CwY$Hw~F+Nttpd-np>
z*24b4*POGgCFii8<I;|yb|ghG^r4mAuWo&Tou{eKb8N7`b3P1HzM^?wpIe~gndrk3
zd-=PGM+pl8-DCfcB?f{4{U=CW;B@~>VjBed`1gMVshL=qK4R5OOzff}|9NL)<rEQP
z66X*W11>nk#J&o#Fxc6c|5T8dK!n4C1A^R$Qj(%dAQ03l2n5Lq0}cESdNQFX@P_Lo
zrs1S)Yv$x?=wJ#GGO;x>C6=-_G&fZ;H8gRzA2#I$fwqpMM1@q`mQUAoBXvyEC?A^a
z(quCLtj(Re6(}%h*3CSo5|91_k8p!Rr6`pdqo#zk4wj#6*q#l0Ez6_i)%QL976(Sh
zM%GGXaxx1eDi_gaGHb2!E}jaBEoL+GD(TczcGrpnL=R-v#lwAHPu+JQ(Be}kV$e}9
zxDM{)g$>J2$HERWI8m<zCf(OjfV=*G_$o=Ur3M34OdL*Wcu)8)Xf*}nPue8!zugbT
zz9y@n0(TPrZ4(J3!^92b5VS@#X}NeZv|9gob=5OE^l7_2SUh;S-v!#nH-6l7!AIL0
z3#ilEDTKwH*8xI-f~(W7scSyiX}VWCjc6ZD#DFIBmA_v5Pa8St__4lV0%RtCQHewz
zb{a_);&$w<C+r{Mc0PkZVkCB-a%RLs2aFD${HG9>zeD+Q+arv-SwLUzfYam{4DPrg
z5W<efXWi(k&hZaFjGjK+rG<lmev$g~fD+j#|Kc)S%|?QGArvlyy%f+RC+xbd@^`db
z^<jZP)Tqr63e=de%h+f<B7-8VIWw<F1$MIhQ`}#w%`zk1cs(h2stD8+K_CygO(a2z
zF<b)HJUqm+bA^0dKRtqY<ly~>ls4G`B6_z^pqymLb5O!MFok?<fthJmV=@m&PB$rS
z#m=(pv$^`r!1(vwph1F+Fsooxm1>_%Pb~y;@MOMted2c4i6(ijt!Y7JkzprH>uyEW
z0)d>Ox(NJ~tj4Vb@VFO+G@*K2i6?g)IC}5?_z<S$n=vc_8t;?_w3)Gt`t{TBS$uvd
z>XJZX+@6at=G)z6GcRsrDi|mS{^O=b4yXRwSxi6|IWBKK(~7f$WH=cHfAP6A7TfhJ
z^18GatPp_w<Ub|@ujei+1z{X?qPoRX(^bnwm>i1kA<6v1SE`8z1j-}^WPuTMCY3T~
zQ*F|;C?0*9t%5{+Wn6FL3IaJ$0-s(2pN6lUSDQ8U_Ry7_*8WLalMDL2I16+-<-Ljp
z0U|~QcLl*&J6X_8KxQfYENH;i=BvO^DBW?)SkYq~=^c+&WL&WVfhv-KvGveM-jnNF
zGB!Sy*(g!HUb%B(T#V$q=`0_V;e$YGB7jf~qmZKdYrJEmF=k9GLN2OP?vV<4z7EFc
zP>L{r3mK^K&W;ZNdP@L$6UHOJ<4IW~Q243DbU`rU?B&DN`kDG^mdOYj<d=v744*S!
z#Q65~JViP|$#Zw?yEIrZFaM%&eQP_yKp-kB2t*hE(T!ykO<2B(Rhgm{^CmZbWQKnp
zLH^F_-4+^Oq1(&P+-G}jY>;2!M}Jh}!zxM$EqcQ?)kkc>1u>Hi3R&lOf41!p%$KeX
zYAO*xU1uNa5Q!GbMYpy!h0n!Wh4E{Zx#h>&S<{od%jsh(zy;l91PBph0MIO8iqv6+
z9mhmGbLXY@{IZC$cbcmsFx|>_x^(~vVA+SFffOJsgOyHbgk<PjqfDCOmpbg(TF+F`
z4ok}-pTaLh2J4I`2-ERFevgNMxKNy$>LKHW7J2?1;}Ep2aHt(p4<g-r4`_pd>}Y`p
zX!yHx6Ol4((pJM%#_e00lHg#>bnntyZaDvIGF=fIs7nWsW?XS=rfLd8%X&9+Oa1oM
z9)%}32owv<Q~@BH`MTD48X+X7_CRAN$`}BFLlzSRiYNmA)q+YvOlfa8-`r)TV{t3!
zvQk1`W7R8txp%dfvI8hL_bQmA8f|k}W;{3o_nw`FOM470RK+1DLCiFJ;sYRTh9VCg
zY7nSQDwGFA9YGM-<HBvp$=0ewsRb_pE|bu1b_Z$rTxnHlJVICq0+oCLhC}VC2zwZZ
z6HNeULTk#Jp3Qh6G=9E1X%>|W8Zsy+FERm)SPE;K3@kLzp0(z${W53jN(6i<p&Fnd
z$ACb86*QNay0|J(ND5~3zl2XAbht!Ds|U-L^u^&%L=!Pmi<I8IyJ7a)oe1cUHeM8z
zfk4*41S!3;c+$0&mqWt-Nmv7vL4b&>?mf;y;mY{m=+au4G+pXcJMXiPj{d&F!xJ8B
zwP}++H#0m)^y8~9ET233^i*KcTsY6mTJTCQ?YUi=v~ir=2kKY&DNo_rHwJUO-C{c(
zN^jpT!|y+VN*F!{>XRF_W-Or^0FHw^zUi$)T{6Yof>lvlt7I=ae<OS^e16{qzjEN|
z>!!NM15$|rgvH`j8myO&FuwU(qom+(?8M7Yr1TRLy#?DgJLdZczDECZZ+SN-3#bI)
zKmFH6WyZ57=J<UHGzh*X%Fo2mZFlnu1C+l|(#Lo5rmVI1qcIg9(74pQwh}5Ij*8#W
zi~7c%yQ;QUk-~vX9%gO!U6y6q|Mj(D;kmb&214+0H5U>@K0xY~AcSDP{oo&8`?(o&
zS#Znr`8tdE$K(yCeTAy>j8loo^Yi*bV@y*E3xwbwK#hs1%QNEPsAs4DrWy~}x!em|
zWL1<0?`vecMd<c+j@s;0u?#h=Up;s!P&i=ntofQDhV9<n+AwSad)J!*5y%hiL$=G<
ztHw*Zx)fBkS5p~VJXILw+-iM(d@k7xg**>#<>%FS8@0zRgCK`$X{SCJ@Wq0=TfGWO
zR$RI+L{KoW_7OKQHtUywV=@y$UeNN%_n{)&S2<Wiy?e2=w#Tg@Y5#Q*YiKHQHiuoC
z{W}>daucLiE!%hpb%6|05d4tzQ^02)RZ5kB@KgkDykyUcq3{1xDjv&)D=8M+vFNPU
z5QXp8FHTA`H1Lq+$G`=*fQ3Wy2;PR{pitQAOW>wA_2AFHYd*{eL_CCPH}U$)TVme@
z@I6*;wJGe2o+lH#efSS>DBM2z1vHDmf+U9sDRO$Omd+GTD}F%nk5!}J^qwr8l`L;8
zC`(VVf2#MM9*$bak-B8=H=e6){`R|y4Ge_#1sEko4?arU#ss|82CICy%VNz`d#jfE
z^1RYIWt}!JKfw>(GYAm5B(O3|d$|Wy&jnn%=C(MM-__>-uG-aCia1Aaab1jna?h|w
zjCfeL>-qxW_b+7&Nsy(EF&daXIt!MRtM&4oJ~s;n6E4lI7VWu~CM5Ic4VjUtY40|y
z@IO?SCMOSUHniY^cuvg_APf=u!<O?zjf=7vdnWm!CZ`tH_4NS$^M`em4eaQ&3nY-`
zhj1amNa-}aD)G_V?nM&^IW>&)?}N@WZ)XDp-r6g7W=Hp1Ap~t<SHVExrGy=D>$KC}
z8It#A2z5rq&!Vcw>v_F=!1PbxYj3~l(hkq!4%?ttLK%Sh5q|U?o`%*HJ}1Je!=-X(
z5B_spVPm$;Q*~erW_6atX>uci!ju21eY1p_6*TqvKZ16EsaUmRGH=6PHa3%9ky~EQ
zK2`qNz8-x3XIXpufL(E#Spzi13N-a|u>91;NGrD3$JDYWr!`=p<?5Lhbk0S!#F-i#
z{Y@1=5DLUc1_%WcYd7$v&(G8Z*jJ%1dPk<&&&1$I7vyLPWESmcC7q#qM%p!E50(f6
zZ|mfcK$#RD-{}D#(x-1Fu%fTfVjOnl*7Gx7>Q)>7PEq<8s3$EIA#}`~`y4(`d*>yg
zMQM5bl@H_;(nSEuc{$F-9ZEC=YnOp4bJsMZJh5XO_=?uTsC?qqT-@^<!7c#GfdF<a
z(EK!^`?Z6=NYW0JN5z@Vecq%?wfhl<FoI$XO>f;C?c2)^Y`3u)F!LQi^Mbr0$SHQR
zT--Kf?91A3n3v2=-<(dJy^4B|v6OU^uoJp|xPpe#ft5;SE&<d+<D%1a(28B!YTwp%
z8=ZL`8a{Vcb<^-GB=}rLO+A3I!MxRT9HNWnL#AbwglTJ0Vz2>}@Ol?pYV9Xb?rr-#
z*iHiIEsRx|bSs^mReUS2eoCOOk&otKAtH{aQZquM9~NycCwwtO0ajY>!YGtmg)?K+
zc1Kb0dBk!#<c(D|pCPIqNP`4e<3QGqfk_F2aQKW;?GjoIRZF*rD7nu)S;_%o^CCCo
zKXj=<2JRn|vRX!%X8aB5%ktKP2kiGutENhYx`&{1_|7{G9p1OW_<&D|;GiUVz&!2}
z-gZmH=-u3*D0lP}nhzA`oFWmv=b}SsdASc*2q<GO1o^F?1CKyWik3x4w*)$z_JEAm
ziCX|!gFU}9qyG#_%SyF68DX+g2i_-89AHO-45*EUSYmtf%E%<{2E~*qWwZ`(too<C
z|1wB?f>}$Cl-5dRtR7H=18JlHlJ+Z1Yb~*=9E>q-+jZv02%Of7PGNS*{~dHbj;>vy
z<JlL9ssUm`{uuqJ>i^>DyW^?;{`lVr8IfeW#;0TxGOrb(RLE9VX4yBFYhNl98D*AT
zN%qQ~nb|AbHM6-l^V)vr_Wk{S|9L!|d&cX$&hzzpJzuYL-n4Z%Pjnrz2M0}$3;uCb
zK*P=amSaN$Rs6_$wjGmknb+XFjbUFkknt!%#>Q_wD~|6($z`+)>Moo2K4h#+m~^AO
z_St9m(|--tEyZD24XB8V&~@%Ws_gV|qwSwxXB|4zve=5X;VGM+HixjhSs$YP_1+DQ
z(07SMfdumo<qqeLV+#%PddVM4GCI7^Qe~jR2q#XkAUHLj`qM%yvV=z7*`e58FxStL
zisPALinJ4%f?qT<YH0AiBc4q!yCD4(f{w8p5%UFuISz;*t)h%7+vv?M-gWd`*5vnJ
znO>{+48AKHsSQO7fey1Pzh2N0K)ml8duxXKEy^rgqQoKHCTO~#x^!bG$lsx|rLWMA
z9_3*n_njKj2YwOowcp<UTTBxw(vasB5vsbpbYpa*DGvF)<=X8vDOV%d%HXgT6n&L2
z*%U_Agts)oO@;if?Vwp~c}Zm4EhM`0+h%oL{^`9H8f9Bx2cVS@Prh2|K2Et8Hs>~;
z(%H33H)4*@^xOLD?1uI?4$y;EIgoxZVO_Na7j%5YTHq5wbQ0B54TFj61=N3beT1K^
zi2U6=J<~U$ggOb@r(Ch9V6|kxbNXq{(BDYD={BGGefaf!hSRqz1zHYhRzuM40im7f
z4~_2MM#rx}FrdWoF3#k8y^6YFuD`A3fW6zOQ>RUfAcBUE1hV}HIWd}0+z{5&Pc}5o
zHm_TH_@#^Pb}{c&^xS>kw80ns2ZB(iCNLcWH{u`xM*wC{Ww0M@o!z1%yE<CDlHbce
zhhnwIUw5!DR+H$c1Av5di=^|c41W}hSBO5ME{~^+ABlbEeM<%ZQql7m`6<L*W{wiN
z2O^v3uzNg#oliEW5Z1Pg((Lim8K!z7j6NxhKLp3`enf6wYUMP!09jlCEnmOCcFb!)
zbg_qyk6tht?vmHNY4RXW{;I>(Uz&x<8SCvgGT=}q2!$XnHN;8B&&3lGYuord#!o*-
z%rh++!md`2Iu)o~1~a52puKp(g+_LA!^<lyf~B{_`sJ#d1S!&;E4iq)t3Q8{c?~@K
zRDw#xwko??vCM@Ri+8zyPv5D$*M65sYwDtFcqXhG{)kwa8=RWE9S9z1srXN1`-m}1
z`-jEn@5lxobqcU+$|KReHv~2i7C;~V`2`)ZS0F0mUaPd~sRUOUztgX6RGLlVuo4kS
zc9NMeW;D=+*arecMQ<J(KR&REJnn3%PVHXv6;Jf;>15Zu#hyQTE0_mKp6*6~W*c3K
zz{yJI1MwF&X!-beg2Q3!PxQ#-_Ksc~Y#2p8gs#5)f8AZUPqFtdE(mFnW)`CmS^ZG=
z)9KpxvKtT|G0^6YXC9fvLam!BbuxxaAH;9>nWr(%^SItOS7w8J?ty)G0Q+wInN$@I
zw!nJKB_6)3B{264^R38&NLiX7fS#{cpsph0teRr+{wGb3HjE(sNHFwoa9S-tE?vTC
zL~d}>YR%s+Y#m+v$#Hg;<@9n8Yor2Vl<UCaN$P1rdCG85X}8_b@cCB1d-J&Cjt*_q
zrC7Z}?IozOmatYkQ;I-_u%8nHPvkgy5TUnP`s<kHo;_T>-(UgLC4+STBXpDy3mFHu
zB?j%I-?5J?vAo7chmnBTvDxe_MbcJO0Vv2nrHcjY=y4-AbnFwJ3vboqhK2fEuGR}^
z-WP;)0UmRysh}*&tPZwcoHPSlQ{3#Ydyk7n3|WXeN|>sS7LOY%42dHOGzTCb{rMgb
z^x~#CAYdx??9H&z@n6g?wg@LaRtQagMwC8EnE47y6Z-QNR?luoc~_IVIf_DK6*^{s
z6bL6zO}!KHew$&Qyv)I5qnO7YJ-zOZe3qw|vf{y0uo2+#;}vKrl%owi!+s!R*|3yI
za#i=d?xGjUFADp{-k+QhsG!(a$-g&@1cz8#N9t89<!j739lo=WS+ao9uk!|c?^E0m
zybzr=x3S;VFP~wgM+2sTkF={;j(eGm&-E(V<H<DsWH=Up#I|pboO9sXRCfe^k1qJ{
zd;9CQLQD2vsiEw_dnA8^Bjby`1ioe~%H8thTTVMnE-{>TE4P5@hwwbfGu+$o<hn(2
z7-M3_YvsHwq(!3~P5`!t0z}cJGJVoyZf#V`pF-f5tDA$I8dwcOTFV^tpR_5xHM)F@
z_+Vqk{9U2h99)?Y$?KnLQ3TR_7bLpwY%HTm-g46`N?gdnhT&W)wLh|O((`}=KI5oK
zsUJsZ8zD&4&&?JGeemSV>aY72+fB#x$m1kUBUeJ9aP)p2V#6=W+CEY?h>QU7f%+fk
zXrSRZ4UHEMSw3DP``I4*)LhhaWqIUD;UaTAr&|-r_b>wImK~Pxl`Q2uq+@`n3tk55
zYcX)|V8gwIN%NOHaC?8>@BF*Cem!8MeynwLS8#lDd0eU}l~U(1Av*pjf`YymsB4rI
z7{9Pf34F3PusDiLX5fTRTkKDe{R7fYb0cEt`>hOkiY47}VeQzLQ4hEmXE{Y+2>}zu
zVOU6+T0KG1_eo;s75%e2TKgxC`QRDQmZSC<PWthDmxK$QD&Smpf(=&wVUK*a(Jy{h
zAL$ie62+eHb!q?G_7P1FJ(q@A4{>Y|ShY<A;WT^-7bJqHMJ14-liBSi^9%uJqBr)v
z<|zVY?3Mz}==sC}6l4!A(m+2<{(h*9usQxcoujaNp{+ycx@RS4H^)rzi1h_Nc0#LC
zHv#D8D0c=NHkReU;M<#>X7k;?f}+qP{S86mT}&yUz$ffKZVJdc2u+(5FP~UFDi0sW
zDi08Xqm=jJP-DK;f#-u2tw;fhK7~1iIMrLs0lhg+`4OSP1kh>3!0&r;5adFqib^T`
zb2K0^nYPB@m8#|!S!UTnt#cVbc$g(&81LUIr9);bTIM-!SC)f`mG)(<mZC9N?|ua9
z{_h|Ku$okFtZ!U!`;+;5XX*(r{XXN#b87oO>!!C-Tn7KY7qyMyJ<Z<Zp`Z_n6+ZV;
zHRK082Tf62YM{XfX@IV#GJ7910YSoC(D^w5xqR)JBVwS$JL67YW}Vjy43_fi9k3mb
z0Ng>dQtCoEcePl<x8whMZwk+O$}M@&{_o$w#zT!)S_Z`J;4z^Jw$%=wB?B_^3L{ii
zP+SazsaO#f#3SC9Qu{9UnbtwLEgD0G3Azeo!q+C9a_zX?0C;Hs!LWa_g?Qc848{x@
zb;$lvpzq%a5;d-wrKMa-^V_}cb>5O>F|Ad1tX1jht%-o@v;TgveN5Ge&HlB|3QTkz
z0NwPv-3W5yObJ{A)0xZ`?c9_G=Ply>edo2QkD|?ZaL11CYU3z_|BnZCR+EAuSn`eX
z|1qQ=7BrzEaj`o}hf8-V|88Zgotsn7C;_Y5o%PFXNL1g=7j|n1wn7TDL=Bi&NN{I>
zbDC0O2z=M7W(((kf`x~X{q<1e5Y{VPkt&TA==T5%r?duM<o(+T@WzsdDe#(&!wn;m
zWa%N8Wopz{H8$ZGh3UGC2`UOshhZpP5GdHyp2{nbkaqIubPt+b=LKl8ll*YxA_mV#
z(tn8{$hM|zsOzS?vz%#KipfAj1PnWBZ_hwCyS{(b>9!UI(?fG^J?@#yPul;SFg(GD
z9n~kYTrDt{X~;nrcEK#qqB7Mkx;}|2wsV(k=|6pD7!#pMg#18IDpn)nz|2FZIM|wz
zXezC=>$J|@z{2p1&7Z{bT9{1>ruI&DU9$8T!aUy>i$nK+3?jsxrCp~kGASu$Mnf|{
zDxh%0ry0d_PxyCg<t)PPeg+PN@h3@t|J*Z{gx(Z`yMc$W2Yz?n(%=tazse_z#Q(?f
zx&dd7(}*-Mlf_uNaxIOn=1<mZEVPqtTXCI9M_3u}U)UPM;~Pu#FC6<^;w7NWWG07F
zr-POf)`)XN$8Lp(8Qownc_R=lP1qmXNO<Fwyc&B|5vApc#cUw2$G3@=66RHsJ(3p7
ztwL+OvC0L6WegL<Jx7A3k(inkF_ver<lc)_ul%8&`P(U;hefIn_G@pa0#KZHK>Whl
zhrMAyY>Dvhc5_XVL)`#7V4xp(nE9LEtU@-vV)F`&>cT%a=RY<e$H^x#)(OY4CRm6n
z8?cgf$-k_{8vMOkcc$Wqe!U_{TcRCiNpa-9@uI<P!k8sc?c~R3xLbJu8uQJ#+((7?
zK_D?O!#XyF{6vkLi{o<vJ8cm+J+OJ7iMvHZFm)WlrK5Jn#qUQ>d;=K>4X3o5HTEq!
zv5~nK8t1o@7dXshPI=WxjmO-gR4136UK)r!CNpLrNC$tP2deA|J!6MYefhY$>bAKZ
z+e9psmtcmKn=-PG8W3;HQS=3fN@|}+-RS%WGsj^jZb)V+hT!n3n{4<oY|`-P&`7v<
zzL1}!=n6s0oPn0f=q>>q5pr@qSH>#2gTv<L?`eo2VjKw{xGpN-D<Vbq#Ws)uxVt)J
z)l)=_#pMkR*Oa6~u#nJqDY;uxQ;RbuM*AlY<F7W!V*`PB#Ba94W~Jl?76ayX`GZM~
zr|wn+JaW9y$-&b%{4=jWeHZEij!`;wTO4GGNLhK&;Ju)pC=T>ntV~3t@p<v@6F}16
zVF_FWgo%z9A^c>)E&%tlDCp<U$df6mtn;sxQ26olgzB#rI%|<KmP7`YvOpzbgMns;
z8<&17yrzV*^N};Hk<V;|sKTEf2Wg$XG)%WJT8k_W6ezL*3-4?Kr!jm5rxWUn>;PLh
zxr$7vL5Qa?FzMtAk`!G9O*Eep!pIF5UEoKLX4BxG{a?v|&rOf4il7#3<g^puMb`<P
z-2o^;EH^&K(b^9SRP!k5sw=34F)=m549R9a2{Y@+)r4*~Xn9s@FlnXf+61<GeC_fF
zA&cv}{gC%Hv&Rq<-%YT;i-)_uHs@O#Sg;@6t{4S2x&2bt=}J0K5ldc~qJ^wt;~i2c
z>z^Za3z{b=j#OJGBxL!}!oFroltqxl4GyGPVd;Q6)dw?U1|8b&0EJ1MX{_$;MKpMN
z3v`<%89obaU1S_%<sG6=F$d$yfM%HlXMMv>8mLM=?KuqV7A4~66b}a)#6oDuRy`FI
ztmF>#ipK`%mAo9#D}aggF4MIcV^DaPV3DNOH)&)Q2^B#})C&RbOXqKLu5{w6zIVZ9
zJq=-mUfe-1-oP>Ey9Qi|9plNFnYbDE)hUx!vdTIpqeEOo%xXS!IW1TQA)AmX0j88Z
zCxRqTY;Uw&ZtnzVmcmFR)yOHZbr_`hLX5Tuzo<(SAo|zdc8{>qWva$c^#vy!;aS8&
z9ltcs-Xp|2j5qJmr@uam1%WSkAYVcD<a@`zs4bS~4GbF^OEkMqh8w?JV3xXefP34p
zaJ1nx+BODV)u(pC+sz>2eLa@KH51->4gLX$=RBiJY$-M#+HjP7{x0ZnN+fLA<#63Q
zcr8~<vG3edzUCojdnTd&1c|gcuM{?$IK@A6%NA}N_1hjGpELDb4|zCQ9-2?9n70B|
z9MZ)2^Lhucq#+jY1>v3XvCIC27bcLEs%kwHgOl7xug3F7j%L<K1042v&RpFc#qdhY
zAzSXRj`l-&Vf(FD+B*SCFBzlyLJCd`vfb^Q{ox!J9Y+o(ZWm)}y|0<pxn&e9-bQLz
zSQw*mc1CW|lc>ZEct`4nZ`&5n+38cB`@MG)8xE<ybHT7Wy5r>KkDrmP?2VlN#;O<Q
zYPn2sexLYxVsm^WR(r`K{g`}~QDXF4a|b$kWdb)@?`||!v=|VaRV0$EI9w_IXDNbh
z=HOh)X`HougyV(oTY2{0dezz=Eq#?+T=g0qA9kW~LCV+NLSH(1<cvP9V9v?9ITHMB
zjDH53cy4z27k*9B3TT$_^wHi7Y7+&N=VFxnslQrQG{Iv?ltbAKG)UZ(Vdn6fzn1~`
zu5`AXJUT-?$o}x-Ps|PFs>3@FshIu1zyZ;Ec0ctP>H70Y=KAW-mN?-_iRrTDgVAQA
zx!RkGXmDJn{tKDi9AHjiL~ENWmnD61;-W=dAKYx(e+Cf4&u#u8=$^UPMRaBfXDlRX
z=39#MR_dznGt;H~E|o^cb$jRa`c|K09Dm9_Ma+@#q|$UmXrbJ~<n0p#&y)9~C6nB?
z(1B($9FyOuP>saqHKwS%m6+_SJ)iz?Uf-XRd~!?ZN@YboFO8sH$^8D?2*uDi;+&ql
zEO(V1r+pM|X*6w6$c>s9U-P4Vd9YaD_AZVn@fz7%CPl^J;hDo<Lui+vdz9CDos}dG
zr%TRLw#5I;W^U}9&XFn()w6#JcmMDgU*>eIkWZ}xa!D&ePl)%uEc6%*kAD_;_$uA1
zS%|8M-Eu6fno9@A@;-v-m-~2rQu&4#*Hi)~{o=IJmYwz0LCw6GAF>-`dzJr{%=hi>
zke26T_hT}~)gDfyj$9=jUitw?-d=Bhv{ArNG{o;-_>TGcCJOxj5~qC&r>nnLTHZ5%
z!nD6IEtt(4vjoA_#C)B7TF>`8gLfiw@0Keb6seSa?%Nw*K2X@XP)`1`sE%*`8CQ6g
zO7N;%D9u~W4=NHiXl`aYRk?}qQbUo~edaM@Zk***&})M8lzh_uw%~jk7Nx*3GE*~7
z#^vpLdW74=?GDauNF3dFS8QK%5uHXAgqk9#hclaDFJk>KJCJYerH7~7a(3EG+mk)s
zBqV<kA}3yaIGIltWI=G{=EmxusVCDi(&o@T13%yoKAr8T$v11%q_$5RKuax49NxWL
z&a??nXw}PTLRK~l^iYiBk1pSN`@_CTT5hgO{MAk0I`dsQ(q~5tEw0Ub;~xvo&BL>F
zFXVolQ#4|q*`1}=7T^;+TKVKphL$}(dE9sA_du4?UVbv5Pmn|(#FvKK9U8y1_FAx?
zw))pz_9@CoGVPW*=20u(HxHVB;XF}}adP~?WM9-SD85}(w(mB!ySW+GsoByu<zdU0
z7b;L2!l?i0y?D``{Er)=A$G>RHdzi632JSVclUjsp^3Z{t~yfp<ldg8>A!hXW-O-B
ze{ISn2;LF?C2E^;O6hRrRa>9CExDkM(My%^nUsJ6Y8?f+si$=Lt<M3$9k=x<tnu^w
z*vGAY$~nDDv!$bZ_X_O;?Jj~ZPVP1Br_?ls2;(O&Uf=waME?{Vql7fuAJqDTHv1_n
z+_r&hbd}BWkKMN?FdL1XEs&y!{-@s;KW*&!->iXK?mz}iHIoa*AI;xj_GlFje?%w`
z&JQzZP5Z+u(kd2;+l5)Fhj)-BBhAF|y?0rj4fN1dO%7G}z-|xG%=#W?NJPeg=rj(c
zVSxjm8ZMao=s5J$5|e)EcFDW}Ga~-DhfVs$p||}FZOW+(AFFF=jW7ZAP<WiQ+%3Z{
ztoln*os6XU%8#Qe?kC-j7!IYFIxMfsjt!)oS+}>|fE&k67uh<F)$crF3;MdK;L|~z
zqa)kasZ2^Sm7O;-mN?c^ZzP$%Jh3xlv8j&t-9L(gVaelQ->a3hPNaarTJ6A@4~;T;
zDxRJe*+qoA+#B5+AK&oUrrr0olmygQ*p`U);*Xc$>Xy0DrMv3BC*46Ck`obF{J{<>
zR(Uah6NfXI<!DE?u#8vx-#eAOQrHHt@J7Yy*?fCe6To{N)9*Caw&_;LN<9_=r<B3+
zV^p7n(pLVKeM9?SfAMzfrh!>Xru6x3j)Y=U$7AxQYuf0U5U%ImqBrxpU;^#NEZ>2j
zkjeWjRQGKP_vT-J1GE3~t(&=dNOLxtR`uq(|M)8SQ`0JL*#JXB#`fxKil6)E;xSkA
z?iZn*VuoY_cV@Mov%p9)rCC0Gd1@$+SAc7oQZwEs6A;4nV&aOt1k^6KbEf#<H>Uzp
zbK&VP)Jt(fqCn?gIgato)Fh_Eaz4jn=I65z*yDdS8A9$G4^E_;H7WEBs84-_d)uZT
z`~LE}^r8G|*XdmMF;3F1Xqmep<+AF@fqRgq7k5ov9<|OTxhejLfsA5c!8V(7h~gM)
zFcz2YCmyE4q~}%g={3pp$DcHu9j7XhElBdcWUjP0IM8=d5{=XiyA~JN>BZM4nH`A4
zWL&t40o5;U8~ZPwh1fL<5XUj8?!Fq|v@vBalg#xu&wq5wj-NPA3LK!F_GtSz6e%UE
zlj!*MzVK@)b_EXwh4eMdDAHLkV6RSqZl*y2lC^z}Y<FY+yx6=>@^C7Kro7;F)o^a-
z1$`4rYukCR2xdi<iNd(EqJW_#Q?wm>_62>wy+XrWZduV*&*CwWwrF|QPwvS?jP%;S
zTD@__>!-$!`JqxUta9e1Jhlh(2va%KNE?^8cb{om$&6~;h5_++GKnev<dK8KG&0y`
z<62AlX+p;M^AZi&z?`t4nQYXI)_k%2_HLSV^&4(mbn=1oLe9Hdr<tm*`D`87F^J{R
z4_VTuj$#8pgYVIM@m*{S^xHtl6J5MVI)$ih11eYa=<dWf=gH=e9rzc=-oPVcs#Num
zPrzKj>by|z)Vb)+sKyXU1pRpi+}97@LT#No7ra9kK<xZ4DmDHdQhi1FkYeiI;|+&C
zmrb=tAR!Sb>HpmHfEDPui^biey^?RDPGcpKqiNoIO{BrW4sTdA2y?oCy)NiWA4bLA
z7W~Mgj08gJp#P)FQfGYs^`g`gW)XXbUjH7D|5UdduPitV2(jNXxfsf62r>hZ#|->C
z&H3V%Emjb83#V!h&hvdMJ0+<SPMzQoq_0^H8Vq-z0={Q#0uAcJ;A3XV$Y{E9FvdLx
zZVOX+23;m5?H)Y=-nziZTtTAPq{bARAL_qait4_xLJ%fquqpd}s~-Q$6DDoRc9_6t
zyGVF!()#d<>@^!u4<;DdcK4p|*6%&MOF81MA^5Ad;8*_~O`I+*z>?>yZdqB6ui4Bu
zeQ)xF0y*v>%&Q4~$unt3@O~obm4JS;yC$^A<CbL)9AA)8Eyq2&1O-lqQDuGmTKDGq
z*StC}2XkbVs_pMMsPq1;mi9ZEh)bb%WA%?fsico+S+V$g5mXpgp9m@lt{)<c)v+Q*
zRg3uQ$ufVEm?VPkwgB_@hhr!>N_+g~b<ti#A0SBuT8GbcbU`}@LYjD!T%Q=?5<Y#k
zN{U5%D}z4#Zk4<||LmjuR4t;J9rc~YeJbNCP#PCz7;E?!>uyJK=<e@NlFtJqE0I_y
zm!~(7oo&KT+~KlU(OO|f$xszRiZL`OIju1oD7s!>brU$SLaCbD*y$hq6={n(G~cON
zC}Lw9QzEZ`ZMdod)~e2^&Ev5}`F<}+YI(cV?ps7`P!1R_H<vgzsxd{Y9&r(@h4Omu
zXRUvGv4>xxuWT=)G94z0;}#9Na;0*Jjv(N9mIuhZ2h?1`*YB-uvkOY(cENH$FsP$K
zjC#TAL=N$N)7R*{Q$2OhEY;e!8xh(Wouo`bG1U=Q1oGLHx-fovP`xspc<DpJ=zQ}K
zG3tBRV?hlfO@M<guQws6wOnN2z4!pIJ59q>OitH7#E-J$O|HeJYufPXh=Vb>31fr;
zTBSp=9E7qqB=3KC#r<lWoy|dO$^S%x(ED}<>l)ba|J-;*HC_=${d+We>BjMx-M1{D
zx!c>-y4OV*sr8#ch5|IQCqzRur1myMkS2E&c1r7$9I8$IzvtehSVpbj&hPw0vEhv=
z1}rdEUr@qk2*|t_#*<3Xy9<B_86mXmL7*hb^+TQ$5vFJ81fo)z8n#EE-8Qpvf@i32
zva>Lf*TWlG)lR3WED2O=*np^0b+%V?hI*c5OjUpg(h)g*8x{Muz*OE<_5F{Z?8JDP
z=F_DfwlIoe9X(<`koD~XL_xV&4g4FRJ{L>v9$FX=jVA0`*S?tZt5k$LTEEY$U8?L`
zdl8yb<R%dNrZFY%4JcEzg&@AHGmlkN)f4%+uNJDZX8cxj`roO6vfa6W73u;gd)xH_
z=ut{1uvk2y8^QZ@OY^<Fxdvh3(WT07FHV`10JBgxjv)fPEnfvV@f}KSGBc0yqWtR?
zD3r*ttPTa+lLg-(P}Ng<J)fjOO_vA~uuO-p+5TsS{VEg{tY_ct7Ai2XNW;VJW}j^}
zhIJBzlu37K8LzoD_-y%Adhdi>QqQ)~DEJfjPu8y*Qzk*hSgt+F*MJyGXPrM;CG53Q
zZ<4gj>s%(0G0W@xg@S4YeZ2xV^i>~Hq_cySw7vmy(Z7$r-PUOes2{d)oBS^8yza7G
zN{ZpX$ybzR!9so$3Nt;8jKIb?u<-pd{wTBXnEYmTr!|okkcarYt>6!rE8XFuU_X@i
zsPk%SZblg-z_Y7M8_>f_*88CRQ=sW{whmx@7=M4lfZ9M%re>0)sxu~R1O)fU`(5l?
zM+Red=A5S>*Yk~1#}738QUkQ_^Y%r`n#H4y2bC|jY9rKNY%}xI_pl0*7(4=ds~7~|
z0m}_9ZQjqh04aMcGBA3+5<w06U0QU{{PnI_T!#T*90i#FT?OMJ5-5Ez?3SV3+7yem
z^j%#JqwtnonLy3x=6@}I0ow=ZIKLug6{I&CUevnR!^}@&um#q?MFD<q1`5M-^6y@=
z{Y*GEU*0FnYnk@2@{>Tp+-}Qkk8`a?0Y;@y9Fdb#?Ri-<{oNZkVT=4xkHqigAK6dU
zJ~h3fe+Sry1Hc53dj;NV8E;0gH|;KFx8;pEj-Q$q4<Rkxio~cqPwSGXB%iSGeGBq<
z73|wx+~vRiigwZ~7VB|Ui78KTERh%b4*2fwtZx?}41JB5Hi%HYQ1cbzr;`!E=Ps8f
zlhCd=Osm`!lRx^2o*?Eqn~r&>lkqsBKhM)G&9Fe)SuJTyf!l2Vu<I(YC5OgeNz(5t
z0x#TcyXUR?ullL3R_ieiReaQRK<)sHwx2>RX<=GM)_be=l7{&9nr76o6ci0a5A7;b
z|FSj?z<!}MR7jBYtV=s-U#P|eMe>2j%M2Sk@Ge*{Ltvke=-(*7I;58>{_<vju;CL<
z6tIy<{!5R}Uflw~S)9^!o~VHbgmW|Y{eq4YAhlLX2t2&qH~3JdXMyDBwqzqNQ8hMx
z`c}*B91)c6(R|%ESD;vip>X}ySDFwhdIlsKR#L}?1LhX=V5cy#Zr9#mrQF%Z9N@;%
zIvyQS;wwc{;MNQ8-^rV+$^n&i(1coVxGg&Z{9+#?l3M}(rrDvw*8M}^rIe=&M2DXd
z_adTrWz05J1-2hk{bWZmmIUlrj@3Jct3cP4XM6KO5B;);pdpv@`pWbi(UnGrKVs-=
z-u9{RWoLQKMRzl-kmd20CrwyR#Ve^t1J)V1UPV&=a^Qg!10pK@z7K;>JE?*8*}`j5
zgCGVrV-$*;6P2am^;36m89CT#;3)KG+8KWfi$lBVdF_if;1|&({r<!#7Y~pWk^3@g
z_8f707_VKs+9g-ygoyN|Yo(7Y_{&Y|IPzx*ArE&(FC|%N__Fg4d5&UE=Z=-eVV;UR
zuvUJ)g@BB)3s}D%LZVckC|%XHnnFm9*`BolzV*bKG0@fousThO`~2Zq^AZqGMZiwA
z_c=Z^ZG7P3bVMTm*H2fJgJ$pm(yFbw-m8%>yv*S|oy&JyI>kF(wOnm4dfAIeBY1{i
zZlw{KX14iBIX^l0`ixzeUZcBvGmt#J6mXLLYU|R@T1&+(<88b%$rpiJ<jg!<KC(}H
zbsNzh^R8emL&)x3>{AYZRDsFvdDJz#R1ChZ$bXcvRUlFU>>Q7qz2Z_O3G&xBS66Lp
zxGy!vBapZvrqe)95V6=q$`(D{5JKj`Jj8N;(|qQ%S)&QN%<-tmilAPg5O~Qt60RKD
zBKwQqqe`Rrc;|PGt9=E^G>1mW=R_b!rX8~tk%~Svw~mymt2iAHj&MP_V~FGqQVTD1
ztA@gr$({ZG&K2GG**av!wfFO_baS_4LN3Y7Z;QX!sod(RRq#T4+K>O75n9JDS|Sh7
zTSnSR>#5~gu~69k*<QbIu~54E$UdG|`tdj6$i%l9HFOe<`6GF&_qT24bU!X=^)>k6
zSNU$hiknZ5mAsow@kkba619LnBjP17kUvWCn299+U>4Z_hQ*TmG&pr3VEVs-UH$i?
zx6_lYRydZcaehniFrw&d035|Y+J&kd=XYzh-M)p|E%$R&OaG#lXugDQ$Q^}~?#MQ)
zoTX~s%y0jsQcs|qE1#`>)r62|;dtO?#{|4n?}pqN{3Ctk-(Rc?z=d9IZPj0R!;<0q
z@BDyW;0C08HCJT(J^vdebP~!>a=sMB3#8t;Wf)@qxZ(Lu&RJcs(dx=s6?nqvIANwV
zQGihBX7XztoE>ijU6b?MsQBj+R%Cq5)DC9Y-9Zq_7h<Vu!EcIcuvk}QH5G=)a4R7H
zf)F9KS#1sA(Fn6OA`GUb#`zY}u@%k{#yepoq1Ahrb!lgH*spNvt+nm{SC-8TV1TOy
zl*K5fK8_M{s9(Ez;-HntvBmmtTxO2y-O6Q`uKGnD?~St<t@Z06lBYDyH4tC*SPI0s
z(Go^-5(18RT28uZlDxpil-61T=F-8ZJvV%6b)u>itlH#lzQ+f7pqS2NnFUn~XLc$!
zr^+@Y>7)u?uwTl%LybWx;oqo0LclDyCN9wQt8IyI4V&6cQz2TqJEVD=;s8=8e}8lK
za~?HjUgh>P<ZG5y){*MWWa%ILDY#?;UwArgJ#pA;URDa!Pz4oe3mgSzKwz7d4|a9?
z@<%2fuF$#$1E{noQ6Y_e`W56LzH)h1yAt$sy)W(3BnnH(R_=7#W*;cy;&Oj~d^U(T
zRsSX<a-lQ{b`BFmqSrK{B$sN2Bz<Ec$|H`#3qm$0Edw8yQMhpO12l*)Fo<>->UGV?
z482H-tXXCI+3K+1+*<3-T<UT8tyFRy^HC9PhJfVXOljyxiKMyw=e}s_iG?#S+=z2T
zV4eSDt-r<sr3@}t$Zj*me{K?vTR*_DOnDhqy0*8u9o6m3?IfiM`YoT@fngE0fyDI{
zf<zTtfK6X17*nVQToX5^FT2<dw#Ak0DZ9@6f<6WCQY0y<_};FkdAQOY?<J8p<I&r%
zwNQa-7pJOV*0zw3<xoWhQ~8c~WTH37`_2Jmm%1LS&%&q`(JrvA4cWSFEp(Zk`h(R2
zR2{7(pG^W@kONTu`?ptU`spV<6(<rgkM-?u%usRGof;CntOyDoy^vtNYk=Cf9as(4
zbM*k28li>CfH#72A3{J4`EZGRE4Ln9Xg%9T&H2e3MzsrTUHsp#tZf5J4t5>zqr-2k
zZC_(yd+ApQDp{2eQUSE~s04lD^y7Jz=V~d-)1LmGHvkdbL&(@&qU6y90TbYjZ3i}s
z#hq2~kvaTCS7RDeGC^J~T_a4suTD7RF@dhCsk45ia<7H{rL84kB*Lu652wu@GOOb4
z@&2MtGi9wI&_!ZYyo){s<ip$RZZWB(bFeJtfqfuzxb(UTt3zySEF%f}<a=fAQQ22^
z92#{IL-evSg@;wP1T9{}W<(J<{jA#^y|JYt`guZ1LIF0Na^MVd>760L#DZN-*@QWA
zBgyXqO<(jfAdDiSTe<f$^!}EqRpZ_nz{udCEGJ{Wzhc=!fS>K;3T{-mQcYsO>t^5a
zI6O-$=YlfMY3v2sbMo=0Wp}&nx;9hPHM{i0PVsh(F-tmiZ+%*ChiV2~#}+JOodKvv
z{wAFB63MH@RiOxXjFQZjU1F7#^McAxYGy%_=y#QFYY}~e&#ge6f3JPLb#tC6aCQ^H
zHjmD2c-~`yeAdB15NiD|#~D!oj0dT?j*zX%{}ln%+jnu#eGfjup5oo3#%>Dg0Z$VY
zZFUjTRMe9mRV2H{9~mDxhr_-R?B3rF4bHJfoy(^@)e~+1rdpRa-O;=m<pN+M4n#;i
z0URJXwQCA~b2`D)8l`v<C{;WVdh~*h37Bl`&+(4%dx|1paXesg4-??Za`XS?Jn@v*
zsb2P2Z1Q%;WN>wsxH;^MS%bZGLWCTT<A>zqDKJ4f01k8k0AE1>lK^PYC-?ES-5#M<
z%tDW5T|is1<!NpFpNxLk_m`5IjhgS$WaM^Eu>L4pbY3o*GA@6zi2H%I8MSnQh3N3k
z(fm$d^Wsk0YuDfx9s?>LTeh^fJRZke_cqR2t~5BNTml!KXXKg5q^B9Mk7pWIHlNId
z!3Lxm@@y3AwoSZNvX$=poYy*@Di89K>52u+uY4C!-rD6S%Dr4Oh5m$*5+GG}ZB^6f
z^qTMZOE}K%Z@O;udPFVQmT&s~*fI@562b=kKHkVU6Ob`ti*Ew1)_t#y@y9DQ5^4B$
znGb(D4;?M)ZuDxSSvoBaymIy$%p6Y?27hx1x}U#F8pODAVg@VEvqsOKy&}ro5$3U!
z1iqblFIHWjnCp^QY^1euCv&w%@eXpb*DUk#ce>8mDEfv=!1d7FG9B673pSfUkEmx}
zwi>HH4y|MB+gcqSzv*tf-*wE~YjM7zUU{%(%a%2N+@_o2vpn@d1@9#}ys?V}hhUBE
z+@h9pJ91;ptgSB;q>Q^Z(*u9JDSk}Ynkx;@T15Uvo&7cBPqXkX@b!z7)8Wpr?whrI
zPK@_z5-)(wF{`d|9AL}U?R`Zt9w_vJCr<v{qDD_K<gZwC6kcwjW_jaJYY})>Td8+!
zl>?u#fIbfO#z!y%J|4DAHL*<Jj6X=did*Q3d#@~-IM<u=!>%f=<E+w15*oa0PdhWN
zq%+Z~-s2Iv>$ks}b)QBxZ1xE%k76Al*F7Usr1&BWW&q}heb)VU#_jybZ6-3}>2bj^
zTh!rCoJ-f)@pKzCt_-yw+*gYCaR0M|KkVsalZ@OM)MLWOR7NES;QSU46@X+-A-I4|
zfMe!4&pSXV)%j#@nQWb8M>TDft+ugh_&eg9On>U%va3`D*w?XeY4%{J27ig%3=7IF
zJ(GH+>TO~TsPXeVY*SvYl?#z@C*(>oAZG6Gn7a5$u}QhkJpJ<FD|30pvIWy4_?rgQ
zqyoX7I3m}m=HS<)cw1PRZl71f8yKtGi$H?mqrv%<mx|ZXV5{5QZg$&po2cUXe|fMK
z(QbQ<Ao$f7N5@}X_s2IA#i6g($GsYCcyB+Gd&6;5%WT#{z`*~Pw~4D5$k6EYEW5`p
zNUyzC6&CWfzIJAu$y2F9Vm0`t(aw|=#Odn1DRv9N;aA(LR4R{{`)%AVQ<8bnO8N}g
zq&o)<w4Cd|mPZe&#HL4TXPB_{DEG0F1)?<0pve9?Es-{D_7uMWe7(<p`zHr54NS<T
zr#@>|3%U~}VSUbPF{R@P9ed*m--y^?K7WAC&6FEy86ZKq){choP>4lG-v0B=d03X>
zDjY*DJw3eQ11=7Y6zzP(-AYAoyo|Cd=$#OYH*T-u71w2gW6os||C!4BXIM8}i{yQW
z!4|J8q?$&2Vb(jP&TfWL9?9xb{OST5QkM$u9a01$Te@s<Rj&6}Rq+R{{E?+^h)k%b
zgRsZDYs0z`#bNE;AeTH@v}+1?5^WN~YB@%Ie!DYE`u9Hl`jz(mtF2oN$D$EWDq85?
zZAsW1yW6mLC0-#&y)i|8=Awu~gRccUy^+x+Fiig`HX@1DY*s8$q*UgML;#{>j2k(#
z4BpIiC|>GwoqooCe_qA6U$AMvwdd080{cOwvg1bd*~ZYiU1LRyT+1o1xo~v#xMS&@
z(%Iyfxurd<YmHZT6z*v@DUKLL0PZRuAmfE`j0GvxcjB*mAv2?+#-_WShuWH))$KHs
zG86xK?mv0JP`&bm+f>fIT3<WcyJ^sv#Yc6lzI$~26TF`NHa)!B`XZ+z6THbzsczc%
zO=-?N#T(<O->_pmnoX+#kI?2+b@*A+2;_MBgyPp>kLA)K=6IU62UKLl)>jtRm5RCW
z1O)Nb$WYD?jt@n|P*>|^__im8XKBZ+eVt~q@Z-Q@s(acp*R6DFmo=g&CXKjzMWXhO
z_j`|<RJBh{tWO?Tpe=Z6W<auvxw8G!SMZ2Y_FvTbBwBN6>&Gj+d7l>=tkP)V7E$3d
zK1Q(Uu4(GCBvO5%E2rBZ{Y~Cjuy)?sf66Vk8xA`ayYRr7gEw|~c*HoX<P9%Q%4K|F
z<;824x7>&gC)d6kyqt)W?kOz(p9fxNWV?SH(dY8|m~$$2W8t`GrgmTlyMOq@zP4SE
z4_AGhYF^8E;sV^a1@oUeLc}P!&t-vYZk{{*bX;O$eg*m~sS15wvWL~aQey}GPo?eb
z*)V~&C7zazR^7;la3@^N(7n{i`hwD<HgDYKIPMkOsHCFc18x7u6U!&7aeYlFj+qJO
zx|q-B>rCew+IAJ9!}e(bM~gmp&CVWF*@JP7Y8^6+FJO^(9Epa<1pbN|kZ>u8A)^vH
z1AO*0c~V`eA!~bGb}{P$IMQ&u%@9+2_OVzT8C+B+Z3SUC6iNvv=B)M`E>d0D>{}IX
zt18c=^jq;SCx_`IFW%a{HYFa5X6EwtzSu2)k$`yYVB*IJgj1miiXdiKOda=$oUip*
z(&^S@4pDS!<z>s-2U27M2AAP6-?BvP`g~)yF86bb`5pZELaVu#Ja7CFoE*4`h6cst
z5FL|w#22IaDSSyV4&kT8o*nZ^+Tz^o!-5Utl_WzD%;9j48|v9`wAE7?mSBay!TCJB
zQFF{`K+H8DdXOY#B!G<iX;RBRW|h+~3u^CNYezc2o)>tGyi9k;wKnbB#0mRFg}1hq
z5$Qg8hmSZvJ-;+6!h|b*R;#<aeW+bMuvyRrqg0>O(y(>Cm{lqrB12PHzzV$$7?}A{
z6-zX(GQZfE(3|YiUCfkz`%E$E@Q2?*PKkCY-f7xu;X_Sj^fDT+<YzQy4($ZvjCw5u
zr*<lRp2}5;;H}TkT&Zd-x;H(ejG{dIQ$a-G>j5^4rBMBD8X(rYrZ2Ze#1q|}RKPnw
zfA=I?bA<zhmNkDDFA6M&iz>PzPvSayHpVKwk7?KvOk1N*KcWx4zAPkKJrBjHnYu}O
zR<+ZUZOML})kYuO1e=7TYS3<>?<o#iEZD;%*91Bv#+{{>1kHn@6<=LkjR$4$Al@6<
z4JJ?ZDtQ5$0W}Q_iay8rZaYht;6#6HEHRi&UoB9Q_$>MBtJ;<#g~<2!oPUsa%|uRe
zV*ar=bE0Q!AODV(mZ>-m(FU9sM~o7I8qT>_^sb)Ur}J4L=OY;xLhRRINL>B%8B5@9
zD`{HJ*s6<|!LLIq^?f-93v-Jb{;28IFy<E%39mP8e@IOhuwgAYJ>}~qon}1H>k@5y
z>Kfh-^YhtB<<8IE-C8TFm_Eo-Pw+Kq83^7IC}a*G6edn9DVo!iB7h_<d|GeMr-jA^
zx_|;bE)dN`B{Z3L)bq87QX4!4!;W^Btquyeu}9H^{wfeA3{QO}TmGKb!`RqL2lZ0$
zAd(vw)u!InrJn4%T3KOMBhLVMVW|<#PLt%tv!jEzUt-LkNB_k;@T7O`+g9A~grW-o
zDH*XPZm_-|dF|S~ZDX+nlkp<r>+6MV@XK3T*Bc!+4hO88_QT$mPNTpZ+<#BblxS<x
ze6N4pM1z<sf-OaY5OeHd;VH~!UOFD!&T><$Ia~A^qQD}|IPJHivst0lFth36$r^_g
z>{eA<RT8Y4npt4s32KUt5P()M52Ht`-9|C%&X$JPL-NJ^GCyI#!;aUS(%>)bjs_nb
zoY>(M?KArq%|~eP<z8i@_7Z6!zEZ9oJM96-0F%D~qkCFr#Q62ztk!6&bnr&cQ*AIV
zh;&zT99B5WL`lpmo~l}R(-fU7w6_jrX`(hNy-!QsKs+mTvx~8Lzq0bioz3?Wv<iFn
za|L@Ob8Yt0tnR}#!oen3TiU5FmF7C+ZC&!mz|B4<fFesF-`yzJ=-tly1g-dE;8FYF
zswhe1H9MDhr#X$4cyV(caS4UZ#Kw|MK-)BVGG4_;;LdGO2jLAq---*7@RI<1L%_3Z
z$W`}65JGLAyk{$&eAB7&30XNrza_Ns4-t+Rih%zh?3vT{guP5x67jyJYgy?zvKm;m
z`17NW^~hpmpI~Gh|H3;TIqTyB;kjaaN6Mehtp#}B3e3);O0LD!$$tQHC$?rL*G2Gs
z1wF4T&gU8otl0WY>#j(-oO-4jX}5{sEh5uod?o}h4*mzSf%7>N<4LOQF;9RQ|IzBU
z+ItqH8G=m%=7Bkvep#xp#{m+0$j+<RruGK6vfkw@1o1E|mnj|2;B+s>JG(8I{bK_r
z^6=)pFB&`#AA7Aw%or{C7vp;2JLXh>(jwAij&h7HeO-K_sayyuVISI{e1RwLFD4J)
z!%oKepZ$;Am~zz!<ndV_MO#!aU)6BhJUT0t5(y83b<Ui3&=V-vRxYNjX;~(%I)5qC
zlY<u;0cUzjK6$+1N9Kx33^eC`4d1&x-#rup<sZmtrTt7oNbVcgzu#6k{g!32ZStgS
zLFr)Yi@E~p4GOJWBwF)OXwDK+jw)+j$_c@4f#i1$E1|3?g(#j25XRw`6FNZptz@AQ
zX&ph8h`+y|;@{-?g2}$FeKKwb;05|fCOM^c%-Bg%)b-q_gg59|AxT=_0p3=oJWrhC
zc<c_Fb9V#x7s|jyg0mR5!922UQCo(6F0{ReJ1+v%YuWl-+Dj*KC6kUS2YxGVycFX}
z&C?s$@0#F>@h}{GZQ)-T9HryPMLkO~LiM{$0;bch3q*+i<Ck29X(p{h;Ye`mwd?!~
z=<3lvwo(acRmW8tJ|&GfG_${C^6_6M+j7jvMDtTXq%5CWqZPqry}nxU&h-e3Iz8H+
z)ysWlSV!2Aff%?+5=KKcW27~!B~C~L+Mz(IHk~<#qq_b6OAzUSayg;@JS!T|^F6xt
zXYiX>0<WwL8`I=$ZX7c;wY#P{P8F(yiv*%)!xCoblk?>Uf8ko`EiKz}BU5sl_JVf!
z)|WI6@B~4n(H+?zZB5|nvgOR=mr#UEP2Kh@P9=wi$H2e4C)Ni`Hztg!rjL@}uN=5i
z^hO+Ph3DyEsaEBdWR$`aDq25Ol1je>VrvM0wjP?xDowEZuL+#?aQkUegZH(X)8$U5
zESdsRal&GE%qd!T2^wG>5AK==kN68`gi5Dk)X{$zG}@iBGpkf7?mqByck7^3zTNT>
zi{Ku}saAy3D*_r~)lOeEb)FqBzFlo!uvt@nadNc^I8wAV=!3flOz1u2!UdfTV~YYj
z`W#VEI+tM8ZatIz+tZ<tbdYFoq|%)7zmSb_XPKH-x-KSF_ut!YcLkkXH=c}d8v7;Z
zk8e$dfD(b2y4$zRe+dxju-i|gMNL6HNv7jvZTTNeaisOSBeGb8a429$%7UJEJEA>j
z@K;}6Zxxf^JULq+Fkko2q%qhRX?0R;XPEO{SAjA!xm)cDpQw8V#93MBhu3U4Y3g7M
zrH_?pdm>TC<HX3ynB<L!r}8zWW8}*3>u<>)xLxzhDUo^1o9YGCYlXsXN6fD?=rW96
zJvh_$l-8nb6%>n~$DAKMwU&Qav0J!K`=nkk|64Gq7}q*od0ZrA{$gp>Cd!eS@zCLQ
zWmHOcYLve-k=)e15s+gXc*z+E2`vAv!Mz5dpMV*OS>fM@wkZo|p!$#lkmi$(42-JX
zV{<fWbgy<R8`n0~+gsceBePcH&+&!lX>KRDv-`H?s`4zSpy<tWt-ZZqVQf+Hc@!>R
zI$%$$`-eI8VsH6;!2X9rtc86Xr|!P)v(%KbHv-DHf4o`}2n8kwd|;iG<5&G16CJuw
zBd!zd1*S3pSv(f!549pLq(k%XoSwqf=$C8T5n{A{_{lk-$!y_y0X~aKn2oGyMW%8k
zA9N*%P0hSbK~5%)7(ebflyb6#u<5w_%uWC~&eq_=YiF!<sVCasS|Dm2xG#Sl&jGu8
zUUwBgh0?CHci-u3-Lp8YV*Ip&vFO60_kp6zJr@N5<2*QG^FeFIn&kYDi*}apMUq#q
zp0*e8A{$he{*_DF9IA`7(o?`a6<kP+bSi4l88M(2j^=%t$Zu>QuW`C%fByN4(z(X@
zQ5vob+txFVtsPPMEM^&X+c!U{;TXgeZi_Kp5yxHm$AW3M+Nblc>su7~Vka+Sk9$ue
zV(g;MXKN65ey=nfj-GcpqEF{UBaOV%E?36XjtER@7!ao$zs7Rst*$#Ft7-Fwi0+m3
zm?qKio+CcT7H$#f6|#cFv0;wo^7g|`of~3qN_)NI>L}ky0w9Z#*R!29ujI~6h1v`1
z;k3xH?&W6GiU8?y3HaN-xqA54eY~`WNrg$ht%d6}hPKzP@V$G)=soITs=q!}zbDS;
zH}@(z&-OwazPC_-8`;6&5hzehWqyTJISAYt51J}Zi3%Z<!KmsycRk-9odadVnZD+<
z{<!D7!vbIH?&drak2Oi&;n3)5nLRDo1FIw8(qSFq>x1M)bA}X}DW)+`v5j|MlmZUH
zrW}2$^FMry*(i?jmq9*bRjr+0h@tJ1lKXwW8%oRi)8}MH(@MUkjuqc59tuKHN^5}X
zI_rUC|7KH;n_`f1s+ys>ZR@|g|0FYcq29KgWUhWgU2-D;`@RTh1m$g>7BvH<gVWW1
z)bgjlji?Hb6MU=A)_D@ITZ21Bd2Bl+6CD!vML7Pm!b|JyrO35JT(PM1<xS))2WE*f
z*z@2ltQSA&=uz5Es<WPQaENF-s-ef-!U`fY+vhf<jz&4ptV*1;AIxe!1%(x@5}}CH
z8Z~_)O7)fLAI~TEivWMSd0AiAWVx~sc%EK=-|{-oQr@h98At9rZB{My{+{+a-*;O)
zF$&M>HBCuD5ls#ox3Pm;3;UX$aHpkXBRNdZ*>nqh4zqxEno9Wo%AbcO^aCL*r_5xi
zPNQagM9RmW;X4F~%jW%*s0r@x$?K)1b5Zo?I-ScS5h7|nT~nUvN%O;`AhbB%Zdew1
z<~z5LJu*{uSk@T8t#mYc?kC$&joDK?BAgME;iHDFT+{?r`pC}Nc=4;#7Pbbal0Mur
zc&UNu>?<hKX##a9;V^75xE)8Mb5jNXZH%r4RCzXkl6=XQv-tnmKzyxLsIQ-yo_Qbk
zIJIh1xnzFo^rIol51xF!yY^t=`kZy&h~benZ73xvF5hJzJch)k*LA$y0D_Qa*R!Pv
zH}9b0JAV8jo1&*c7x{KsNx*`igF+^b3$)o6l(&E`l97=&lW5EHBiq*-E_5SAE0_&E
ztOF#KKhuO>A;-C%tflxo3)yG}d-iglK@eF{1Lh729SAivk0=7?>8c4g9G?9<WRmwJ
zO{=^V{dPkuGy(gI5G}OrRwCo8X&&FSxBa*^{rG}pWW?$(xgZ3xdxqmk`{n-d+weoI
z;Jg#4#|j3OF^n}+q2T0ty~aKSd2-eitO_b;7SzwoZK4l6_|uYPv5WK?Vub7+6$*nX
zWQHD!IYn`=th=Ado5W)AvewpC{nPKoS`i}0VD(C&3uwH>hVbF0d*3-&zKr=-a$&cu
zzW};!sD$?3CGIx?a%cWuiV9R!dQxiQ{#UqLjqK}U$8V3HPF;Hn(&kr*EuUL)u{IA>
zJw4gFDmM>TkovYsAU!zGM@O5gX!|DEwi)mlX#^R|n8uO|{cn(Yla9(aIsLHoz}MJw
zC0{)2)lvWD!*gB{hdU&fB3Lh|o4#g!sZ2AbnfJVp?>}3Es8N%s4k3m`iubyDA16A0
zKiK6eE7gwwi@v3IXw=&KTi@CAoW<HRN1fl{T6>w^NB%6U4PoE;2-th$c*9?JFW$U6
zg<~4{b-ts}f2CTbdDY#&K{t!FD{^IL)1CFmy?*()CbzOAtRGe&Ej3oCUe@EBxPTQQ
zwY|O9N<Vy+81lqw@z$1`jh2hp>Kgf#w6{53=RWQW@G``?X$&TNYOa7M4vd~TVxy(C
zDKPHYWRMJP#<AIJPq&)PU~i92{IXevMK=OP%fhpx!OOO*0V(Tx@V|O>fIr_1`=c_W
zcaNRTU8%`aPxe0~uUn`ixRw}LN>@F@aFHQrzVl{qpyQt3fnynKc$G^7m>A8lMwh{J
zGrC|1a&$_jpUEtjiMR7t^vxCbP655#|D}@SI(A5LrLx&z;uHK&#GWK5`02f~5|Hp3
z8@$LMAQ?w<zp~G=k4F+NhOIu$@hS--jfRO7@@c@lGvZaCz`DE8Or~?8#^*U-Mo>1|
zCvy83QJNO}dSerPO5fzUGakSVuAo-ZWWXUAHn32ZfCd2tWFiosgo51Xly!xI$-<^>
z5`oIXM5eI}o7dd~g-Y4`Hivv<&{)Fj{6WkKyi7{!+f*1YH+K!Pyi_?Sv;B7Kc#u)n
z#=#$5FaKGo{1oBM2~{{KU$Fo1NMI0iDKma)+2Fi2YIx1zomHcO&2$x;aQB0qc{yVf
zGrFg6Xe{j=onof5k}hNL=KL$^nQKlJXEI)s1==EUqvS5XJ+`L$*c_AoL{y|YK!H0p
z<U0lqk3W4%`?TvPY$Yh@VCVP1mW)_H*k78Q-1K%YuBroZdf*w;=ZY?PsfMhC52QM!
z9nHUWpd^CEeh=>${jO2+Pf{^<wJ@7qouZQ9JWax+f|RdY{zz~9kb`p@6Vw=FBczJ3
zWeD!i6B1ob!QQ9Zxk^&-J|zLy>F#0sQMN!!-*<yc4T79B)jMkUCPevO`}^VkoZ)J1
zDtN(jh82#wj^U0F#LjnFfD36+!5U6i-E2_u@~~j4Ff&-z+%%M*k7_MElNc&uVc}{1
zFS~qaqT_U?qil%&Key1_GSBiAK_)>J6yzqPg0H!bY}h~EIeHlrIAm*cv^OB`0!lLN
z-v{gFo~0+NK#&xV#AFTnkS@50lVZ}M^j{zA`JvdsRYf&PsPW@P3{LX*r0NQd(XSVC
z#w;cq%)LKVvZ28IqZxa&8r{Y^4?H5C+bxv$hiCb2c9|B6FfgAA-WN>zQpu~^qnq?F
zY%e!eX8g$Jm&;J#Lw`?i<x381PCZgzYzMuBXBohbW1M?nSE{>o2dnfiK*<^^DDI~c
zBWpL6B=W-qo3D~Y{%H%=3(hO!y5?@_N}f7V7!`YayZfDX?szfFDMH=%YML3gVY%Tw
z-6edVD$S;-PJOp8PTuQtwLZFgJn72|ppd?&bWk@}>Eu)24|`<}lPtMuzeLQbydFMr
zZ%34Y8^#d3rd$mL21ogtk^(dLf0+8}xTwA_+Di#YDM)vTG=fTlf*{>Umy}W>H8g_~
zDoCdiA{_#Pbd5o$bPXZWFf=0!@y_`Dz4v+Z_uPBWy=R|&)?Rz<eT-kprjBm?tS>!Q
zMRmNfVhfX1g<)8Omw2z*TqEx5yrO)F(k32q>?}BXB&H&f-6H-`KE+_iD1eo691o$T
z0>fOMEt*_iWTJK?wA`-VC%#tyBM~e}E#41;MG&MynuBQ}LVj!LJ9+(CdSBsl4}VY2
zHEH*wGiq7uOBY$tY%ik)=jh>4uq-_Fk<=p2)=#sFa|H|k9o%sDnB!`^imcjy_pAn4
zV8jWSq2zQb9qzHaV0~XFc8?hwOWQc<udsj#r7%nNMLFwJepO$H`Dx*Q`Eo<{vRIC0
z<>I!8&rReGW%GoLSz!nnWX8?;W%{zW^u~8Tfo%`%{EOX^@~G8Dux`qoty&*q?LhP_
zxMn6b$APDlH^RZ*&!k^lyCkE9Jvkvk;lTotN7=x$Rd*NrcEi;tMR`fI69pTs9y+YN
zuRh14j?f{;<)_QeZ91}-tCuC+j8snE_G7x3N)fRNH*@C4v~wq!jfWRJP7W@n%hUwP
z!eXyz=@7Qv0Ubvq6Su++{#XJT#p>fAPpR2OKVT^HBP_uWxy!hbuAWp>r@upbNj#mN
z1z%)^2<Mpg_;(h_J8q{8d09o&o}grKcZH;oV|Y91`H|!!>*Sqj^|$lfjxD^$<P2q|
z5Z{aMJ%nM#yNl>dxO6%?>J7X7CjvC{VrZEViszm)o3)G|!arY1IRL3-sPxCfAq(Z+
zj8Bv+i675FU;VqX{+^v7Ml!ysA5~jZC>p}{;IM0r^HD?0S{%%a*;$wGN{`=!>u<lA
z+Wv5$Fcd7Gej=0;aPFyHy}$>T=6afnV2-h$5`f{tteJC~PVDf1y6;c}PtSdX$t%cz
z)+T{D+U4aGQ$IO;BsBnub9ja9o@*<><_;F{C*<TV5zKB{Gy;5&!|e%uZCt}p$DN7k
zTU8<-1tK;KDQhR>VGm^wo`m7y!Z$9KA8jD3+df?*zuXJ)Ss3FTk&o1cS!+(Td&)mA
zbLE?8Eh}W`=E<3KG!iNud_J#ricZ*J&-9G)toHAc_dbYVVB9hyIsN<I@91Q;&QMLQ
zghd0#z4osLI(+Jx{+!j8mXnCIT)|m`-#;%(v=!7Ge9-_rtXKcVmYS+=Lym%_F{6zS
zCRerVqWThD#&Ga=5<gv2nE67qT9QZp(K7Y2r#r-Q3_2dFTjAlx_#Axid(?Ih^8pl$
zGG1%^p!j{~Tb6oCq|M&7VBoH^nfYmPQfOAjw#N)*19{+t8LA2};xz83H@$egB0anI
zc;#b}3c=Z3!a|GTHN?czrLigcuOs77{jiYJ+9etV&714TJ16~@hPimTC1vFb0U^IV
zaTeOqp|B7&SQAO$B6xg7+PNn2Y$)bhBhP&Q=EUL0nPApvTmQ}`uW$3Lh(gD|25M?o
zg;^G^QO<(xT4{}(CyoT^IX$>A+4I(UK$@Qa#}37@&N(49pLF(~DLV1GC@^#8aNjUs
z{-!~VhVE8zZZL%Hsj&HoaPzl4k4;?d%QNs?agFnqltw%X4liw?bvM|{cQ|K%hd#34
zmX((kC4Iev%a6bT>z$eciMF%fBvHewmC>@e_xPrI0LAaX>MXCi2^MJ;b`(Hp`Dh`X
z*P1G;m!@mA>d6K>g>3Lghi5BQa!;<7S9;m3<c5eHFoF*pdw(q}57rRw7ZlM*rP`U<
z7nHgx?`NwbC@i$0u8ldi+y9PxPiZY!xHxpSh0_yde@JfK={c@xYcG0ca;hX`Tv}Fc
zY$ZYsyI#wq^|CH~kKS<VS^*uL@GM(=eq_+E{<~atXAdaWj(xD^)@&9P<v+RPMQN&v
zZt4q3B``i}H+mj2uttxFAVRWo!BC*tO3duN#~pQ!v2)Ah&STj{k9mvFf@xsu=Oi0o
zcQ3p)!xq(J3EWu8sRtR5{iP<JY?rw%G8DunFV>M;Q-R&2uqM)n&nCJr1I~|j_IYAX
zc63~nHGgKxn$Af}{n*I1c>%6zXLoA2p7TQ>qB*qLv0)MS)-2C8KCk{(f&RgRm!@U)
ze0jq@2Xn0AQX-$`PCKo1UNevHT3uW)g+t~VG#bfd<@<tSZJ>U!k{}G#;Suo2UM6ry
z_A=+#S80cf!1@)MMFCBSeV3|(*=muTSsX%V>PV7X-><ZBxrqN<SjGtwpnzZrO(qLc
zo&9GH_$UO;^+raX`W<5JtyL$1f`UiSo!a88^ki8tOp(pOhS@e02&pg>FpEfJ9wxB7
zfm17(7Vd5L#lWF%e(bzA_7LSlr|7Vtu8C7W*!TC2l6&@PBBm|Td0ZTH^`pGM<`#Xw
z2;u4ZY8emxb2qLLK!T0w&ebD=MLJ15<5xrH55iEDAIxdrCC3v?*t{E_=6GAFrOX+)
zyAp8YyY)`iIW_HVi1t0b?H7YoQP&{QF^dgc(Q&I->d#cA`bxvxR#VAfKx({L;5EX&
zM{5^s3b0Al$091%D{XT;Vsa(ce>$+d@HpE6Zion4AnoiwRR-^T?^@$d#;lN~0sV0x
zv)!M*qbSx=?ZFV032AFl@cmTRgm#qRV|w}{20lZ~)w2ziZtq@JeVk5Q&b_wT2o4}q
zQlU&=4F;A0fcn->ltU0FaHb!KkT5M8CI0fVPuJcjFXsm|&ZQrbr(xf5-;!%b5k6*z
z&s=HYRX5LVBZA!SKKk}yN8c8zZ1bpYy$&W654=}k8hQOwt<vjxn-&f&>Z{UA%<w;)
zULk)m*K(xGZqlwG-7N=37Tw;wtde<KS&lv{yuse>&{1G=pBmbVrANW_!Hb!{uumI0
zXa7UvMZd$g<j`>iLobfUbv+03iU?^#=+$5=ZI_`j?KU^KRGzikGD|928wuL*RM!2Q
zwhlDt>O^{ft<^IO6?=2ZL75O^xN|~rwCil2ZuKYBj?F6sI~1B(bl4I)lpeKWo6%>H
zZNc)9=qBJMz&gpj24@V8*`m<JM~mk7f<|;AL_lhFy-|J+SXZPKc6(yjYWPX$%SH?q
z-orI={%(#<`e6C+`wDbCo)c`LO~rO)eSH#bxp-Quy?q~vCa>ed5ck7S(mXi<l|^X^
zE>FP9%H9)V{3dM;a3&#uduncL9;>K32Y;xSMYJ4V{lXc?6E#Ddf%XI$s5cwuH*lmu
z3m`fdS+D20lru)gKKH4O9_zjqjH|RzfTbS{;FiK)aCud@NGLdNUjgQ*_E==?FNw7%
z3;9ai$#%W7Pjm-qH2^WV)w4LX5<}Mth$im=J0v!hHVghJn^8bH!xNR4Y%noo^BzHX
z@)x%he+PaW7|$WVr06E_(Z?Fnl2f(WE4hakW1807#k0e<MNO~3tMAI7?<gT^L8++f
z@buJhIWQnDGmN{SjZtIl$ul#hU2?jp|5nJ$k<R|xdL2vwRYAb7qn(W_FsZD1_=rWj
zG7aKf``Mzw=;z=av9mnTZ5;WQXVcI@3;u-b@LSdbv&hx|=DvLgPwT=09xuA`v5DD-
z-2(M*5G}jNo7B@*_u0+=Y#~a63IZeYM(=xgTgXfxjc2?pF#Gj^mU$d+)K&j&sNMm0
z3usmycvW!o9I6wS{MUq*{D??Hx7#R|x5$c5)>Wy^Omf)#(?lv@+YW^EM>w8a!xudA
zBN<)UR3H5i`1#)LUiHs+r<QRPtVsG}`ip*aZt~&-&C~j`l8xTGJ*>N>W65dn>9ccg
z4U7kY-6A_}?;YqUKvforx-1Ct)4SgI-0ZPi77N{=wstW94Fzn(Y`%m(G2lB<HtrnT
z?`GlZcfGhN-}%S!{m8ZY54oolJ%*=l<Ckv^>>Y|?gZFU4E4#k;HMg#P!uN(U)D_S{
zgl`S|tGzeUX|u-$H}@N_CL1MHsFkQ6p-m+RJ&&E_S7F;ve%S>`2mIT-mKe7`jl=x_
zs?KX)bam~`XPDt(P8Joiw{dv?#3iw>ogz7DBWeU!rEkMY<H+jFSg?OkKia!J*|0eq
zal`i2xs$<6hH~%<YV01D_B86w*yKL<)fd^Ums1qHFT=S$O20VuyNctRCSV!ltVkq$
z$waX%-!yxP$Yw8Q7$9$+cI^-ceM&Tx*9Icpq~jM_Dw`FoKGGn@!4i8t#O#n6(6TCT
zP<q?ZyMa(4d|Hxng+SvIa9;mH$rr4+Fy|A|ppDV_vxW;I=tKNMkdKRL0MpnH-<Q6M
z-kHq4HNVQ9cc{=Kw#3eUH!!}d(UdoI7DJ+S<F^yds_lJt&qk9tp9|OF70>kjO$)Ar
zM~BBjEQl34;R7~$vvyzlv==Ds4!#tf@vx(z+y9PAR#0+)$(<v1Ip2ezx7Imh$%fPd
zSF6@I;DYhL?l|W<9dE+AnEWp2gTgd*Fx8`nckcSxzT|KnOsWmS!ZC3T3^MjT-pXd9
zubY#s*QKq}S}W(X^(MoQAMXcUoVd~$AaUqNI6Yr*`ws3pu6q;g0>TQrUD5wp9sT)^
z{gJF=!$-}9Ec0aTZKHsyb&l3-fs7uGkjFFmC9P)!J&?5-S6C|j{=S^v<?Quyj;!dS
z#g?F6E*E)E09ixs9$>*B%{qAcn;|3}rGNL!k}9^T?|r05lr-Bn%xFL3X)Zp)a6I9{
z-i~}23eDm5XjmTcRQ|)C)uhD6S>oA5Z5j<tRn44h==JT3q!^Vb)pKsH#Bf?1Yo0$r
z4^e6HDA-gAZR*(8-><>q?~J;i)aWHf3YhXgz?isVRsciM)E8{o=T7MI@pHq{-R;F2
z$&-@l+kDkXo`}d>5jb}7b<LliB){(=#J8?SXF0d+Jm&9JzhTQPhK$$ncr*^SHtCg<
z9=hf##Yn%!1nT>h)*GDND(Mt+fw2n4TR-cvjqb)vUByATQ;PIr0@1?q`+ah~?GZhv
zuQuLn3}Ys`o}TSxpX<ClZUyn5mdOdzI(96ZzZ<f}$L}ROTaD|#%X|ZC>UBZqH<(Ci
z!BlYH6~{Af9L&@mRYHi|`2bNooVx&~XA2u|dZkLo8Z+W{vvnq)MJH&%3T3RMW)pdI
z;_}~?)+5j&!!}sBb>sV$3Va}(=6dDTk~(I%#(p@7cwPFaze_H7Ti8-BlEeG741+;2
zZA3l%;b^DTRBJLv&@KyuYXT-9W1MBWDD1YV=y}O+_g8Z{{l-a|Chyuu*R0!456>d~
z;a3)Z?MQ>5>>#W98{ngA{#3RLE;8+l&GFXnCYev2L|6JJwFrzqBQYAZnvz(7Akx%C
zRvoL$3svu}KSnz{r#=_0+hj%ZW5?S+*H@3u1H+8A4l_XA4&$?Jmy^(A_xEaaf7ul=
zB0}Gqyqawt?F>2=meo%M&xQ?&765cXCxBY6>3}Oa(g_bx%^p2SqoyE%m2{2uCcnX;
z8^jie4YifCV<`R`IQNIg<k4SG9X9I@8&=%dFnj%%$ATa@zv#ah5#Ks&2E`wf8X%TJ
zf<-z}BOL3@xUHky{3}1dIO8m?6+ZuamMN+P6*t=|FDv!^dkKOwFMsFp#jH$6Z&@OP
zieTPNJw}8|)%}VyjVkH3S3=|xy36{Qu`CxMCz+l##A`VRXnY^I%$^95aLBp`qdAu9
ze5mvxv)R2iY<sw-Ej;F2oa5K7_SWGn)*^~(s`D)Zo*Fop^8H|&@;fQ{-R=Jf`O?jC
zBv*W_CU$T$YP8(rI$k|tCJOx))+lX1cQ1o8k&SUONkD*b6Er)5M54k*tuQF{(^*d*
zH8vO8ika;b&`#*y7}y#=k1L?%N^CMlNACpn^?i#FzU|Nf?VX?|g6FqilPe-Lz?yHh
zB0V<$gUd{6WNu=QSxx(nxvyux>Zlji>HF!u1C?|fJt}wh8HBJCMbAFVX$spS4%@CW
z-eB~ZAp{7cV_Xq^#dWiQp+gOQVxVgHj!)VvExeDE?Eo3+A8>er>T|k+;_zyl7(Q#B
zTi046&kZR64z@N#`2K$0?H}h~xGE(Ox2VkiZtX)#khN4{ILZp+rq4mr*6P+71bVHy
zl-E=%b@Zqd2GEX)WX(ndS1!Kh6Og~p<^Y*!98K>GmVTJ1pe(}K1YwraT8!N-fr<sD
zgInK^KNq`Lmqjy^0zXvQ_2qfs*maWPo=+8K#%$iXKGG<{Q0WDTveDTr*J55}maV?R
z7{liAkRa+UZv@WGh)4r~-sr{f$~e8+02lkCrLQXdg`Hi-nLr)?N*@o!l3ne}eOYFd
z57?4}--4cd#4*plJRF#V`>(V+Qk}GQJt+?InWY6E=mCH`TFw-%1{{8@<0QT0YX`^^
z>t;{UiuBuJ2n%4??=$Hp<~RY|VKT{WkFotNv1&s|St;SYC?g&(i4t2Hxq%C}mnX4n
zj<x_L{kETI@h$5%Tep6@E1H{mJ}N)fX=}f14hR}0F7x}W^^BrI_syS#y<4ITN>aDK
zczU4WVeB3@c)OwvP=2hzo7;LyU0d6~)ue=NW(VCGhMajku3L>qKkxt;u!vK5RPVK5
zz5m7AQ>&26E8&%s6Rj9Zu_GMgjn5OoIYKS4Z;uCy^ZeW9LbD+gftv5-cW)k5ssKuE
zFY@e57_x!l<UrJwfBsK}jN3Okx+A0RmmfcbqxW}0>fW{GRsc&MbnT3-)!sHew{IJe
z{hb#2fHjVvTzt(|7vSZi@CRRlL>(M_o+xBjf5=SLez0J&hlPT7!BQ}cn18<cg3Wz=
z5Vd998cY~&@wdU5{2n`d#ca8}m~v!IvNEAE@FvD;D-FF$#toYtLX=G0oR)Q-@7CSt
zLu*%JJiNt;=Kt25J#P7;FB3oTA}x2bH6+;hV@SyB=S}6o+jL1w8yVAQFG+n=XwV;+
zSoEmGBZ#_4*=$}%@2H{yAugjXw9-AvUB+8prWdM%6AovWueN8t-gMS1R9wEO;3+yU
zU7}EOOh@w4ZH(}FYlZ8ME|K~?6(#C7KJ)|2<@s;2hAjR;w_j}<cutFtimlASlfC$>
zR6~<Nm8Gb%JJ+(9y}apLsxp6C5R$n?jycl3|J>93J(@k(rP69=yknqC!;Jp6q7i>{
z^w9Z*RW0#No9L<T7k7P65(Kl<$5LZNwFKYrWlvX-%NQ!K*Qzwq&s?7J)NVK(GBorq
zjLru}DnOOy7^^m?sHUuoLk!Ot)fnbKTh;U_|6GWNKGJCk42mM$=#*TJ<JyZkd51jQ
zlb_KQX=7>Z)j+4-s+N45l6rK4@@ce37XLZE1et@=G%`dKSb7O0FGSrU(Rg$ZXqJ=X
zl^$P4+Xe@CT(9RDh^Y=}SrNW$+tJ5|QmPeGG53TO?kRn;F%wq%osI~SHBTj95H6P=
zCL@)83mfQEJozjCoHuSF=79AX#e8n`N__j2U2Buf6GsK^eE&}A1*I?)3<NK?JdCDm
z=3!=ySE9^yR<z3haJXyF_Wk|pbSYe+M??}-ePqV>HT$*`ROaZNih1)~zQT#a`^}k^
zON+5nhBJ8Ala1kR4A0wg@A^oV*3udg%T`pY{OgIBbA6}JGt4&=5EfGF#>U=`c8fnh
z_3*vC=SvClC+n@GhI@9hwi1=LAWe`Wq!U=Vs9t82V26*IQA};Bsl6?S10{Ul5JJme
z?pg6!IViO8*C>5jWSwj&FTXlF(dnepbz$_D+{afvwYDX9T;Xr|(UKL7et-U*l>~%_
z)Ew~~EW!=udm<Y)6!gv<o`~h=C61Z_&20$cQ(CreqS-nScRDjmpBMr~KGr!1p8XLH
zap|6BxjQ&sOjVezeR!Ed`zE4r%W~vK9TO8^U`3Ue-kWZ2al1rLFiq4xuA!;YcKQ&V
z;`gd5P52t$P?IRPNXi$YNtTAEFSeHs{2e(KYS3}k*Oz#H0<X=0YEfWcm^|PU|5;BY
zCNS{pPbIVD363mi^kMv!2A;_!G2AYad_+if-u6|R-G#QCXm;kkG?!f}Jl@UH`klF#
zloEXzJ2GuJ(_+f~A;sJmS;|@q%(>s)dz0F?7kB|5dN^QwE68Sp9lYsob3(hGz2d&$
z0HwLxgqX1MEnMjSShmPz3?n_K=STKMX&ft<nx=kcuufUzcA<nUG^wek_V&U?+6V)0
zYiuk@Ss$OHNskr&AkUN9bY+2l>RVt<RdXLELeHP<&+L3+a(^h!qYR_d?`>8^OO7e3
z$95Ql7t}B+mq=kT#s28QqA#J>-`a?#Z}&1^fwm407B)__YX*@kLB~a>9`8yt1l&{G
z^#&#K3t~|2puxlfewFe2KKJDCku{$g7UEg^pV57b1kDO_;%i=3p4B^itMW{qmfaR^
z0!dd3L7y&&t*@1+{vBx7sZ~;Fi-!h|N&jsnGyGLo<PJcZNADJ7UzC1HYh6QPK~^I}
zF550XF=0MGt(yF$$pnsarcw7*<nj&~%9i<xL}Z^w2-t3T@gd*Y(1=$B!EHPxR19tW
zo-@ofS~;B9yOXDnU2tj<LRwrlO<^byOz|O8A3UJs63Yx23@L)O;92Sz&_BlV2t$Wf
zXCN;a5jSKJOwK5Itn}UIB*12WhhT~1hE3!~c7SPiJ_)od)Bt^`p2+AxBy60&xtM*?
z_oVoR*0#H2r~wp1OGI7titLer%?Zv*^G%gTWCge-f#D)?)iqDR-G!kxS1;V3Q@|P!
zmDxY?uOPi|M&(h}nsNF>p<iVt3@uG|gOv;I*5e(mcr`q?{W5Bl@mRf+00k^~`K_)f
zWd6`i7SIi!LX3HQwfg`xm7B4k`Gz+O++lhCi63x;l!OGN@$u{PzbqUn$BksBJ`TDP
zW|ZC3D^$Rk1kymw8d8J(yAPkt7xGh*p(Q`3Xl=P)@@wHhZk#sn1C1*rW)U23h!b`-
z70|%3zQvhn(^gp<xK&aUo)qa{;jV)a*=rh5D{(&brecBNm|tX`mBm!_a^%RC-IX3F
z;^iCyt&QhW7R--a)pv1s__fONsmyq-e&2u=9#>VC%qFk^{$CtZE?O8EW!D$x)vSiR
z+Doo;tv)3TMM=~n;3<h}aq&Ma*k8pz{CGn|&BwB}mDogh;W%hD-F!D8d#o~b^0VPv
zYiM1f%&%4pn_p^&Ac}<RwxXRu4g!9X4_{gw2E{-9OU5%ktjmo3Zb#FKl7$dd7d8Le
zQd!(t0U#T?+j!c|@+yVWoJC0t8{3QDxf1-#ySvifG1@fA3J&af&fn^6-7}=ox%&;J
z5!^;-t*y=FSEd1OT_I5uqs7SUnW4xEPwk2fXlS=^=%p-oCF68h0JJKM?AUx*Iv&UO
zuj8daXp=6N%RlRUm~dN|6>c=2t$<N9JJ&A!`Wad5?Pa=P*^xtmh_bU&2(&SD5t4hd
zvT{@k@~+%D(ws@-1L(y$7GVENA0Zj17jADj=!z~H3N_6nC?IR$Zt_`lirdLf2qz_(
zwj>x6$?T@&A&#$Mpv~ATGOJ-)uOBORKl{AXy)~~9rY1za@F0wy=*|@Mh$n-K3l1;3
z)yqG@8O!_q@(R>6{oyCVBKvwa>*Pkr+{z!R0{2@u@anF!$%GPypw@thdF==H*blI)
zrK^h=J5k}wUX8sC0~UgC@%|WL9sF0Sk({~q36A2P`#6(HVZXagdpSc<C*>-4W>^16
z0q_Y|><&b~{XynG)WNjcnHWzs5gcNv85^TRTCeAB^#yo#Su4VZ((nVO-K@#aX|3Ok
z2b<|^#(fiXj3CRvSgE0Fa~mP2Z%3TL(K--0&w~$rFbW!K{b)_nqvNMD)K_tg_{vGC
z8lCfcGo?+Tot$1-Nz1=csR`rjYlfhQ&6ZHWb3|pE`rLt5Aja=#RsKRf=v|!P8VCZP
zOSD9MeTWMu=?a9I$mo8r{Sahy^y{i`{rayDPJT98$t+T36J+jG#K`5pDd{Vg)K+&I
zKzK6n0-@;8xoT*sOCBzg);BHdvtPRLIpmC>U8IYu?>XTD9DTujeu=(fpqZyNCS%r=
z*;d+5cGqjVFiws<0P_7Bt$|&+%6uxRh4|XO;MfHaj(o;0tM@o=9JGn2!ogeXLqYa_
zsualO^J{SNJ}q}g^(vL8!vPoi-bXSpVunxxeVj>)ry;i%FJouPxH)a}qJjuv`x?(?
z7~P6;MsU%aOvg~Aq{+kE{B#C@J37^{l~KW!B<7Cd`@ttIoc$7UH?OoQZvznPdw$wh
zUWw8{e`MXCtMU>OEZ{^{_ugQCqm>bCdG6w3`i{I(t3yjxw||fuI!@_Qp(mcAP;#P5
zAH0y*j(_Ug176H@VXohX0y3jw72~w2k{j{O8mPduKho~{UM)((>K^5ly`xpwl&XmS
z^(}b$0Mk%(#TW5smsClGW8FLuH8WV6eZE^}YPs;c!$*~^T_X_ksWXXeJj0w)X_w+1
zMYI*R{7zvgkXrA)H-1kLfTE=#LilHOw0%+Yca9o$jK80aWl%8Yo>If$*=U}riRI&|
z2MUt)k4#V9Y61pX?uyB+Y##*pt1bVDG;jiak8$ewZ;?2$p275AbL|nHo%$RBKHT<0
z%vq$P@f~V7XCO%UW0+o`pVao*SA?Kmw?Z57s}pm*!^33f=cbJ_RxtH*ChB^ag^c)^
z@eEgJz?Dcji0h^p&&NnD0E+zUqXW9ziRd4&=LCS98$l@l-($NHWGm@iX-U)+Lzhwq
zNJE}~=Y(Jft0>*jmo8W1A3EFY3CX^G@LMb6f<l?l033lLs^GHU5e9Nb?^vqjF@>Fn
zcW(uzt47%kp8b$Nx5zfzNZt6#Giy9^NU)ugrN|1^?iFOG6nH3x`$If9H;`Dq;QGNx
zA|JoFinxF|=Z~F<Sl5Q4KZakDsj*ya=8PZHHF(sC=*W=}j4KsiX!uB?Lk1l-3i9h%
zehUyg*G2JyvD}5By`phj6K{7T$1nE}A2wEh(zL=Pws5Q+?R3X_A~>UU{D{)Mg`+fu
z1Vs*5P`Uz9cmZdDsRVf~v+ESTIG(fpoKZz;yD^^wR@#Y_par^{v2FfH*CWp-3l~=+
zWudJMff7?a!`vX_lAI41xvH)_fqT514p7~#64Fg1%JSZ9KzO_<JW6mtsI*;j;6-&a
zAf8v^pT~REt^Ogrg%8OT2~(2QHMtft(bm`b)N1eoL5GNjkEI+EMZunf!RBbzb=^`U
zq{}Sqr2njwxOiAnfPmi`GLII59sC8X=H|S->RKy-R~;ULv*mY3rpHE!yZovzKD6|+
z2}#mRF|-|=oioRx0IOGS94u6$U_SODvvV2k-!zh>gHqo!t)T9R0e-n0c<6OELU?3i
z!G@1G%D99o+v|Tk%lt@d-@+ug;Z}FgxZJg{!;|G`i+c4Hxt(DaG0(r1_^ayb^Phz?
zwwC=?KpOkhmw7%*gPaIq|D^8mKmC-*(W=^etTk-3xoZmcRbClTmJGn#h;2JyJz~It
zSa#<*e^v5-DA8v+o1Kvq!a?{B<CyuZRbEX_(u*bo(dC%V4%Su1g(tpJYR@VU?eny<
zc=tjC5(4TP=b`lrci})ZcgsBp9_ioySvqB7lxGgm_$C2=Svqe*T#;U$m>O3b2W8~V
zq+!7d*oD{*i(6dsheFnoIvQHphRf{v*3YoU)rhOuFVa1L-el~f-tkHmLVv;O*vtHT
zd;s#+FY)jomU3B2vNqIsrl-ro9FRI0*t+UB9NWuw-h#LuH3};dT)jH_IbUfo!UN6e
z75U+>=fUXNVcy%%WxgJl%jPNG{B{{M5IXL*JBAMpq8ybq%c*PQ!B(b^#mmV9YRRz?
zfTLw#3LY-RvVACjHZqTN-yF!7I_U<a<GB`Sd<Cfj1<0pC?^GS9V5fwax4@)so(=Sn
zm8^fc-m)|k^(RPkz&_oT0>Ld`NNZ%!PMiJl8co80Te{T+NIujwR&5jqrB<E;4o?y!
z27iG?u{+;*>Y0+59q8<+p8X_68cO2;WJ>n7&^PI%_be^l8nF78WivW@hD+-Vr08RJ
zHb{uFiCRDLhuDqpPXLD+RNjQYW2p;b8L(SbHr%V*u`U^b!9i|KBsMy&TX1%D{rU~Y
zU+d)JnKPEHQA%@zcKG3C7B~pz;lO83&sBxOE7Rl`CSIXIrv7xrLA3h3>tJyA6CPs8
z8_41=H;yyC0v84Z!0l3_KX&m848L+9&S;4lVs>Nq>}v_M6z<ayGri&-Zx+R0^0oZ6
z!X#q)Nr{zC&N;!xDbIwt_!H&hP3?g*9vT$__~(;~%U$h|iS6S|4euXXSiHBAXzf%d
ztk|y=6VOT%hH{VUyN?)wRrYCXu9GPBhATk>G)*-nS9@Oeq;@OaY3kzdF^X){+bMB_
zna~}@UY^NsWS#+))e#61M=U3Gjqp*M7AOy%-4`(ykcf7~e8rh0&RucI#VG>XB_ibF
z6-%p!N5@VYSPuX56+b3YIOE*NupS-1t=OI$I$=Za$Yc<Hj2WroL@UxLpHEvg=kYOq
zZ!Ur=y&ao}kV1OMDo#Lr?!U|&y%(H|3sH4%Ifl4py=P|S#HukEgC#Z8M>=~oVq<{C
z(XKks3*yxSQh7_AMlYE_dHIEl_2}(y0WweJZxrjd_K{kuK$DHUu9!jWXQ})1X3)TG
zDjrCYQW$^~skCN@8M5XeE-=>ceiw!kXeBB<IOQl&2MgSk8p?S0Mf8~GU~rqI86z5W
zdW(skS#gLQnmMim2-d2ls=8^mRuMqh=lsgO;LHl311P!t-Rbl!tKA@qztn)u0Pz6l
z5#vV7Cy;yh_n24Y&UdP)#c{v4?p`5hs>ROqdl*AI3RD$E-+J-JFPY+^aCovF6K?$Q
zUn7Sm@2$I4yngsY-*Rfvpl(~o)^$XB`UkJ;Qk58#rm-Twx<$5b0VH+X_El+R0(|_Q
zD4fFmeU1_mu@OFTgCf`|p1V*-k3>}1tZ1#$y>+f^=Iq-wn-;BYeQBv~$DD)mxtG;_
znS{_*S4ix`AM)s7@*R&Qt(v>Av-<&0m%(Aco4yTV_q1L%4l70)D&NeJ&QKrct_N5I
z=!yK?=I!qor2CNLx!2}uYL{#U2GdB70cNAo|3bfI^SrwEJmSjkaKptz?_$2<xeD?-
zOa_uC(fIgqt~k`OobdLpP#ww`kaB)tXS8L2$`scC?Fx&NzIR2~YX48G7|T`nZ+_;~
zdNrNodPJ#o%yhc8pasdjT*BQw`2h24!eYNY_dN}2FX+G;V6UnB3Wqa82^GL^Wgky#
zHJ!}e^1D6gX^saEXLaZQahjW|2wT6(g4+J2h#oa?Q;iU_UtQi5>wiRuk*(Viudp&S
z`Np;?ykN~4lnB@{Z+8;<1CE*ZL<Bfcfb+p`t-?m{&PJiEreDT0cRmN5bTZ9A)|r6g
zlS}yCD~7bcIQl(XCP%^G&PQLt;n}|&c$@&TmyfeUg3augS6*C$$h`xOYNr!3zX2*7
z>f=UkR|LH1)Sqqk1i}(wX9^3ZdB|FD-HXCk#wF#Wo|HWf4}WpF?z-I0XLb48GI=R7
zt=H}>c;yCB-N1n$&lc1ev-TcBuIFhwZ_Ep*k|qaZ`cxbw0=_|=319dq8v}mz%L%37
zXx;M&QV<*v)CVV;_x+-N6VcS%cu-C;YbI@WI%*0mtdcGVGcEH}%6`$V3aS*~+PLeH
zdX=^ha%4o&=YxyVa{GIwcf!eG#K`#}mTAdx9E86m1=9Zd*tg!)Q6Qatg%blr#lHJ8
zDN44IFq~C}#_vktAYzS$b(By1@0=jnTvsI10c0&pj1)VYv#56gc$o}sxp*I*OPylm
zi;_w4gn9VBre$?6YM-(X`br9Pj3xIfXc1ze0nUz5eJ>odfEM>5h|9Cck&ZkaV?W7W
zN=u~nc?y@5=@mbFmNorc^7%TD0+e2U7Xji|HowM}IiyhY=%P?glUIHA;v^xoscO7>
zG!*1gneB&izmvX-6^4w;^%~y-1C|&85Er!ff#PH;ba3<aT55k-&<=WoeQ4Rqie-73
z5OU7X%PT6I{rH}RQ5Wo=+YRTbL6+}782W`PF_F3p00i(aYhGhJ#cyZjsTiKMi6We}
z0}daI24ReibMM&i8b=10J3Ep9RExMd93<B=f-L<uHhd<7ta5MuUWJ#{WM-dqK;vGP
zlch`D)c*7qNKB0@6OZTl`pz>_W3QrVmPmP$tE=3LAZYek#D?FdCJq7w3lAx4)xkVM
zq@2j@?IfFbj({>$GGLSh2kfv^9qa=(F4+-%=`e3djw|uLtQWh#6$cgcGP{>wXoCYx
zAPDalvURUIJ{8sql785XFi198{nmk?&2E*e75y(`617a$$>*?)6x68((7eU;()Yfv
zJjXCUn=BI)T(RBlbBXK}J)iWv_H787qzB3&p7u?Gr`s;iCV<7<00Xh3@$wOwPs9jS
z&l(w}^O88unCX>>dg5kHS%F?Ds|*|TIl$Jon2_6O)f{}FIxw<nEW(E-U-fySr*Wg7
z+@-O_F|1cm^?v8r*t&YNvq9&I#OR;h=vEvE?rQ6UQM^_^KbGf;Oaf=b^HhIqsfBE3
zf9_r*x&8g_Y9(z~c$MmQGr@vJOB?e?@EjLb<Tk~Fg;uwq>xS!I*`FAIbqYtKqKn{+
zSos#9g|xRee}dz45XE^vf_wtAfSfr_qH%^b6cO}le1K-%{W&;+%$maA+Q<jtiIJ7{
zPZWaHD}W%GXWTAM2)(ZB@BmM1?6UixJ-+a&lgACk1dS`g9*+}1ABe)P8dMfddSXDw
zpIL=*I~BBjeXx9?^7H*Cc;t6S#Y$*a>xamo`?zavA*8tINbnuw@ghp^K-N^l%cyXn
zsdsB0k!D@Kw@e<6ZPPduj1A-3@<N4;JpejDln>la>j&>AEi3|GwdwSKRhZxfv72Xh
zmH~(>cFy9o)b-OPaV!HREV04YfAU+4mTX>LUOx4J3fu*m>Lrqr`jY$kJ6gGP5F`Tx
zfMU#lUSyNp`j!iH;9cKFl(->;|1h_ifyr{Ql0jh_F&S<Ao=&JvPAM8>gW%Oz2!}`+
zLbej)qWkYYGZVMR8Wcx~D8)2CAm`2JuaiFK6{yewLVstpHjVaj20=y?IQ#~3c{{aj
zc7LJu4bZ*wZs+KNZc1=LyVd1VK;maj%}>1{w)CoxphX!hf-Bwu^aZg*p^gRF+~;2&
z4Ow*bYJe`qm6l*GHXrH#?EfW5k{T~<Xvc0hU;_Do6H_247D#hxuGc@;1>VK0UcFEn
z)ErF0XTZO^U%v&#6_)PxZ~Hs}b<uR3VP8hN;F8^Zzzdf0!UM0m=hs66aPNhIVMcX7
zeVb6Cm}UIX8wf*anaVjWP;M<xK_@80)Xhl8Lo#rX>H}B+F3~L2SC+<X(1O;w#VcDo
z*<cJzHu3D@W9*+LNhGX<f$9jFe2qHBzgGWT5n$6M4lhE;tgDZ>=ywmF(N1o35j3kJ
z^q$%<0+f7!+<){-T&5W8d!s%!$vyylJ`h<!$Lt3mk<G99fIF$)Y7V64<6Ukhu$Inl
z?!{Wg4dga4CrB?H4V~MA!i{nMa%{*3WjH=pE#4fk0)~D<<Cr=&l&lM?5q3ozXX=2Z
zM}malz*7n)U&tB{Xu!)Y!mjUrKly;_b??6r=oizw;{K|%jalc5S+oxx<V!OmTN{c%
zLSQ%Z*sakghAJOBIlbpADf3w7h=$V+SP>(U3M=&$<&?uXT09o0b6PhYA_z|F4e+E;
zPn-lU>=m{~MfQLC$s4%tYbTopN^z;cwVN-VhTGIg)M>CokmZl9V^<D$aiCHI?qNnj
zTIzU_+szc;?-@AW%^i=P7m!>Kv<ps_g~1U>>&=`1aZvK%toqc*I2b{V`Q2+LB-^Y+
z^T6kaKWUvUI8J@`Ns*(0Cix(CG)BN)!NI`YzlyK|c#m&E?d5ApN2~b0w-+V34I`OC
zV4Y`ucZ9hXI9fn!FQ_>bb<7OXIWMuM3Z%MFEn8-l76r2U<w<kgZpMGp4endZ&Wutt
zQU?4tVp~i9WhT43HYEstD=By)Q6NzhbW?Ug2`tBn=m^{e^3=-~?d)}O2(DfO!UDOT
zN-=zt>c1&o937H1(CdjJ)b`weT4Yb7Nnrly`|;d7Ku6$=x!X-h2>eqSYYdBDhb(B`
zCAC}ORPYN_xc}iODHV8swO;Qs+y)T91a~3$<`B{ioE%4m{pLXuyk1~4{Y`*(r?~i8
z$>ESqr|_q%2w9=a##jzu#t*A{#ge|!;iGPXPHzy#U181A+@yWW$NH7;8mefuj{p}@
zV+<6E3!)VdKP~e1Sd)SqW0!3Z2>V<{$UXclqZ4pgxM*|UGJCB?#zr~7OTWPRAOts8
zMPRxpT_gf&2bPpIE2UHFl#2#|jdbOSAEN+Y!8J&L$3_}EpF%^*u%<6Wvx4`ruNM!h
z5~w3V(G$Pwn((4L_<sY~LSu}h*paE<q6q3|bq0&%EU!RNBvwM=RmT{OKyv(h!n#~G
zi%+DQn&7%msv8opA}Ns<@WdM_Mn$A;Estuq#^=nS`gxw6V72QIq&22Y9G$90Ts8s%
zU_Ai6wQGbgjc1N^uS1n7_;Zpc>@{CSDu6T7JPGC=i!^X6(#g+rCu33x%Mg<cP{dXM
zAuVfGN$nfbR%Q~r!NAP7#!II2&xI>)MLvO`j67*dvP;LFxUfOKB!sCK_+l-9$go#`
z+}RNQy~wxf!6gg5KnanH8FnQVmwy?PB4xC<bJ*j+Vflrb!K!Yw!HUrGh@j-^6jHOM
z06|E@^pBb8$J(H<LN0G6=!vgNzh+G7*yM53)9P0zfKjxvCwS$rLWGz+_zHp)X{kr=
zZXV1~++$j7$B}s`H5=QkqmI4h5I~BIyow&z>Su_s3vC8$_^tiUGyC7qIDg0zPv_~+
zWmD<MwOQ>X@z@b2IQx4&1Y+pPm6I+BdXrgdc%1>Opi#cJ641|D!^q;Frafa+RakHn
z1Cy{IGi<>h>MupYg_}~Pzb0gxOGi)Oi&e^bA8u-w$eNsKK~UxAW0gCB??t&N#AaP1
z(y>=jmVnmy<0N471c+vNP!WagY2M81!(Slhx2g~PRwaKo^UN(pk9<8`3|7yjIukr>
zJY!J428<S(tRii*LR!8nZf`K@&HB*_62b@2f~LA>FJBPs{nZ<G`lJvXdFIN+5d2D%
zi<TL6Z+v=+qYm~Jcrs9vlsL5xwl?m0>AQlOR!sEpx}yspo&R7pJQI}V^d_;N5Y4)R
zU>yL^7wyS5>Y#D}W5PubVXgO`*G-TB(2e+Gn-`7eWg&z1?C6CcKt)QYJ>T%9r{}D$
z_{|nh_|X=CUxf0h@vSi#P#}h%3AP#NO=65^HI1HN)wh?Qp{?*=q7d|f%|-lrXcN|7
zf}03k<5Tfpv%E!;?@*<~2M+*EVSvN7h<{oiC7K47mJJZT+yhP@1lE*|smxMk!cI<S
z^A<%fF>iTA;gRo|vUH6?fVLlk9!n|`_bDx)?gJk#uQPiU7oeUvAa*a2nEg0tD*pD&
z0+jmQpheh%m%ra1GYDb|_|!D#FL!Z!5!%ouMF0%GV#~uIco>k9WBmxVz_j0^#<1;u
zSbjl)t}*oC^bgYVEd+^-Bz<Z^QWhs68n7_Mt<1HtJm`dS47~5;`=q2B$$+sU1O%Js
z#<7#YVw+;)GJ0YZwB(<x0^|pukF(*nV0S*iC1ThKyD;jpZna24oL~!~u(}fLjQuPt
z?*ITX?mei>d2DM&GH34)0P@nmaVArMdZeWJ6BDqQo7kALjwXfm@4;4!Bp;9b!ivQX
z@ECovUx`AS)W6<^F-@=xJY(DjebOP~w}d<Txtvb+e(O1xnt%e!p2z~?k8hBR8L-`>
z|B5gXD{@UTALZ42Tbo(3LVOx72ij8Q6GI$tSQTi8AJfjBtRmCtVHbW&ZPk8H=Wo1;
zm|s}?awW7W3OsAnnd13>pU>6IG|dQv@EgYwG3YYu)}F3IeI_X4)-93};jALy7Av)I
z52n66+kRotAFW*x5+rV2SM5uLEf?e4q$t57OPMF0!meP+k}|~wlqeRjK#+CF|10ub
zkfbb9pE!Mb`I>=|PWRO&^OhSs&Y767Tq($(PL~u8T?2ul<S_PPh5udrTvTtRizL#(
zM-Da!x!3t3guXS(3`A=NJZV!eL6_3D&g2p9-gE*iLZReF8L%Qf;Ek4@TnhqZvC|4c
zn0Txld!+%-ospi<bG?PcIdkjEfDw#={_eriPWBysuk7L4w<>pJ+OIzq#D&p1gW6Ye
z*g7D4!19G4#)L1TqQIwTXh}^q&7Z1RY+sCuS!|gB=2+aU&Ay{fit0^-Rl)CZPIs6j
z)(C;Yi<{gxq|qaQct8~xf$USX2M@-<t^fnF^$90}r+_9WNUjCiFbcN+9)U@S7k$)r
zk%z4Vpo5rf{A^6TFZVfJF*=tFu{@miTIc=QJf2@QY`GXvpN5a`FQC}LJ61fSC@ccU
z0RYpD>hqMJKI8&&I%oXt85ow62W442OBKN&0Vu9(gHg%BpZf*;O6iR{tX}~`Or6^E
z^FEmf!pb95>n}jbK<RPY#hc^5EH;>X=CUE&^dX-G;`}2vrb$AZI{&SB2rheMMfaF<
zg69@KWOlN(4?kVKT=jl=%*-&lk%o`mgXKz`h4E1=0C?76R|EDr+H>oMQJ(mwAU;|=
zy*$N;k77#+?~2{ie6UrhJ!4rwdJJY;7rXR_ShW5(x>%6sJ4KqM0_38uYSa`Rt2#_~
zgKkNKiy`aNzyI5S|8IjLXY4avlvWx-_ECl4Rk-bR4c46;1EaqLrps|&Hi9JM*%iZ@
z!aHgUu9S^+cVS(r6#%AV2Nnqe-ejX2I_-<s+9B)rb(Wa$#=|*+PPt2vxIbN*J16K#
zP2Zcm^l=C@?T^viq@@7@s)UQ#tRkVi`xUvN;~hS_xUYdc!GHTdwKn#y)-7L=&o=&<
zYisrsNQI9$^KyA-klWct`-f^>J^myhP5rxCX)1ThUIhxmvwu0WS;Zd3(lPwJTt{m=
z4f?fR4>2?Yt_A1O=b-ELOQ<O|fIGmimIEtKplrpvFRC(mQO%llH@`Q4$K&|QXz1yy
zk}7r=1NWBv=|G<bD~d(?@^c?&13(vV0KEXiUef8;&!JP>$I1&a0souFmK#X~W3<`^
zz>%u5+cafL&p2m&)(866g7B?a&P-57*@^cz{mXji1==HiVN#r7EHt80S33t({vAJB
zh#>?{BgvU!_3LL)fee1|qmtN^(&0u9kQCDK$(#~evf0R%{^XSP*%0VpX2!Lp7CNtt
zD-XJu+xfWu=?@P2^DfjbXH+@H6vOG>sR&p<mB=QqMk?&K0>R0c{Bj<H3OayaBi8;`
z>Q{w4NZ8{aZ2r3y<5<-c9UT|1D;kva{eozAPvw7pf>pHhd~G7zAfSpU2il4TClX@o
z9sRYc{;qq@2hWW&Z__-<F(71j?_3&OsTn%I>l*OpztPtiKct3V=W?m*<tQHR7GmBW
zo{ISg;HZ<nfuktCaD&B0*_iza>x?1m&%aCJN@RWF6rjlzpmnyInX7L1jHh269&_6*
z^Q?Oo{qTncxK8gDPVJ|f>gBJ;Lt5O}3lXM@vbiOIDhh|<D%1C#&4g`ZlMxjmms~cO
zr5dVQX>f2zEvO|4NeAabfbUQPV6gUo@d0r>%11ixx+ss9{NVSZSRRu6tQ^t-#f6wK
zpiJ(16a4;vS2WHymeH)H@ZtjvJnC3|$D;DgF9YOOKnVh8Guwy6aJ|A?uMV!&bN>I!
zM}Qh68`=UktFXHLFN&}xFtB(j%jkX(A=wmYNZbI!vR7OiNWO<1R%O@L-)1bvWpVVg
znc7GBd_N8oQS0~yzLP76d2+EaB>44KzUG7Xn{T&1Sx18u=`)}<P1F@dCVguFf8+#<
zcmE0&QG*{%f)F}>lj;U8LeabJDBga)X=O?Zn^yF@UR$6&L&v@3j*ptW{Xfq-$Fp;|
z0g`{#ob)_mQX)^f(b($f&ejK$S@02oq>Vs)l*mtjN^)Fh_W_Imw~uSrm-nkn1#L!V
zf0VosZPm#3Ulg_+X8pnqveN*nNU(-Vla2u2Xta<wlKG!U5dddIBA;7;4G%@vEMt9&
zP8v7{6P4G~O|gsX^3Ki)Jc$xKDQQFj4FdPOFKksndZRQv{aH<;8V?|PK&}4=rmSC%
z09n&*io-HAR6*&pOX?7_S;sAU+9@UCIMV+xv-9+Ef<^Wc$P|wK+#OQ9v;g@GJ-v}6
zQ1YwhQgED>kWv67=gsxlTQcPw^Aj4rka)-r#bSVTekf^&GuJlDZ_nhP&Q10<7JJ2u
z)<0t4zAst^YZS*WthL}Cw?Xa3DOT#*sQi-?=}Y9f-pKG*R*v9gRIg4`kQ~Uj8v>Zm
z(gPMB!eale2PvirBo$4DC<_|Tc0g57T5;9EGbY^Tjg6B(gU?exwp=uD`VS2>ABU+1
z`@9#eCt*gZNJ&Sa{;NQVzR4a4a-guTPQ|}}vjO^JYdE%ZZi}=>p11HDdp%ct_&B&g
zZ9eGvpl-zR<y4}5?EDy4bgE8pZnD|!yW*|xgV~y-^R8Ffe|9<yf3>}c)w;J93pKBT
z3b2V<bizIiWFFSou{F&fgD?YN%Sq*Z)dZ^1Z}^ZP6RGRvW5RYRTYHTe8h?Xl*D6bS
zj`$RA*qmmSk)99UyRtepJ%RrQ*1d&_3}U8OPhCkF`@JO^zQ5q-^>tkpRL2bMf3G@C
zZIgGL{9Y`Yeg0-c&->#do7glgMpsk_v@#e0t}jE+*%K+qll!FH>THt6`wa|%5%>B*
z^%HzR;d*(ESlEZ&?Ay4UC%;1jo2xAw*O#nD?(WEeprqvVsbn~i>v&l|v;g&<r{F+k
zP>`f6W;+slzLRfjfqS&of|H!cYD_VW)>m2Tx|JRQL^6+fXCo2J1t4U(s8`b8Ubu+)
z8{H?MJOV7DGoF5J_?-}rzl=`Z2pz4AsRqRYEh@T(Jr33i&?ZBp5Dv7O$aXRQeL7Qn
zD!}v5ow>j|DLM)qQRwBf>BS0iLm-M|(wAQko~P>=A)|nxGMem6A+eDq<a)IKi?;R#
z`<gpVfjnWUU+#wO9pA)mLJ*{WTdiZ6Xx8QppmiQir#K&ZnpnIm?p|acacpE%rI<ew
z`db6Z$#Jp(i&A;!U+BN${}DCOG`gPB{^O^jFTGi{L|xwCyLkzHmhl`Q`4ecrMNh%z
z9%&DN^hQl&T{4*h><fr+BLV_OhnuCPJct%?Akc+i!r#YT&^XmSCdQkNeU6%y;<vpW
z8S~x>U-{MIX<I@77K~r%in82aAXlFf^r8j&<k3m%Hq&?Q=0-cdL>005HcVjeH>RbS
zn0V<ekE{^M1Y0VoTJWXU<b2TF7Z<tr=evn*Zz_N{X|do&;QYwmsoP#wKro`%B6}JQ
zt7~FJIIhPE^j(GEP3@iEyPCbFCTtw{l+5xOEpbn#-uMOGA@hj==Q3MMDR=u4g-W}8
zi^*w9%VaY8(PCsiwS935Bo5GCh!Fw`2wts<Zp3%?Q^HARHviB@E-`k_einAD!V~!0
zsm%lM42mF#?emlZ+6Db9&%x(${eRo;oYtT^jbZY2F{&SmSwXH`Ug(O*oxYcZ5Mu5(
zr;Qzn6C-ldU7B8rb1@*0i7cwxt$e@ud;_7+jlJWZG8co}C(=3ac4p81hjlCJW;_%3
zL={_%Mtk-XR;>#E(!Kwy41qy<6HSH^szMd8Z`x(DqHk9$@d07NK+mmz9SCS|g~Pzo
z^Vwo*Bx#vB?}#hx=yOrV{R?<N<sq<DzI?~|<j)Ijn#~GO5GM2&d(YfdP?QLN#sGph
zTKioZT-am+QV}LBSkef#SVzKxe{TUv>+8^r{y5U{i-R+Zz(E1`$qu8UudvN814yL3
z7vwca?RQzgwJG4*#dak_D(<LChh>mdTd02dpkom1QUt^8ET$Aw+%AN1fs~E0=GnUs
z3C~!w0^df#pg40RaFn5<zEog-T)~E`Ib&J1=?T;-KfC^>-!F<oVL47Jii!0ngk^PK
z@a9}`n#(Zmz(H8rK`Jci6GFLmjlALFU=>{l7R%)&Z@;=)|9|cEOh$N;CLbee;3MMe
zcmZf%OOB`yS0*}t-bh;hGRbRgONju(F-ZI|5@QvXe6kJ2c@=`MA#J}agbS01paQKz
zNJ`W?rEMK3saR#HC>C%acTVCllAeRZ7q_F|;$-m4p=ISFI#e0VT7MGAK`L3GTE?Bq
zeixLEO1#xqfYFNqS?znQupp|IENlmY#M$i#XNBc3NYs*}+U8q>qhB7DB9KaqoU1c7
z!<+PdhG=$CLW>yL4#<{9zjHoY2Osz@Gqmt9YzqzpWJBq%R^l1&wqDFIYo-e*@q`iz
zLmRfQ;iKHSc*0RHZ;N%j9t=!XGBR<ehOEWIwjdT|1@x~Ya$kPOHdX-UtTO0<V960E
zA$pU*ArH(k%U`kTHIsMb$6^j0Y=DWsiV9Ew1QBTWA;b)9j>|kXTs!Iq`&*oaFLtwi
zYe%ZGVd9>L8rw$X`z!=d_Xx|I2yOi<Kfw(A%Ajc^>FA^5m-D!3Y@jhA4I%DKodnA^
z1E+913kOk~cGo|m5)4^Qx$BN-9Wx`iW-o*8-!;N>M=V6tI)H##1S)6nd8^hIvIJNO
zaIDin{K3#5S4_C89KPdmyYiSnIl3Mf{wF@JCB9+19zX{3Z^bznP>6}#YU)U%f2BGR
z0GR(Cem;j;QpmcKtBkMY>UC2bk?^n`svlyfv*`F%)$?pBZrD5^s8-3DAeHhFV1${X
z3&G$sk`+dv6gv8V%Fr+Di(TlLj%u+Q`qvvGXi{q3LHM)auw(T|KRH5ePsvD}WWIrf
z5YjmE;9`(dq~8?*ms0~e_X%LavUdj3=$EcH<3Y6wjS5je2>AZ-eU;26PrZGfJP_;`
znm?&7JJXQ0POSl$v|ugf;SaJToLErcJMjYKzHA+CMn)dS!02KZm?3xh^{dHoEnnSO
zmuSIOvnwH5*YZ+HZ%+a|kh>5(5KJJT-b5U3s&e@X3shKlNJGAK)l*>Gjr(|oMz!4m
z>=0@H;v;tSi%U(AU`Ty4*twU}6o&{ZLcawvyx(kM#(^)!TDbFX;6XA9Qj@^QM?(vb
z#g+iY0===0H*g^imG;8M^V5nar}A#31HJdo8cZ(_PPt^l%gL<J&t{I^g|s3+&Itl9
z3m6wrlb*hlg^w*lFsFYEsO`5nkPx*MzM;ccv3r1*g@~Vko6?6i5xNkKEX{OWI|uHo
zP#sD3XL%C^$n;{(<N3QeO?|M`A;4k2#*-$ldUaA#B-)oozrfB_);Fmj?hdHb){l(V
zv{iqffyPy~w&1Rn7XLvn>r$dwizkXj!R9l0nst^)vPopQ_UG`Ooi1DO`tyn#OYes)
zMCN7v?E0d^P@tF%$a#}8cZ{Aj=^LJ+?wmWv$8R?|evQCSQU>s`;h+Y8pR%uF_AQcl
zRs13VK?I@`lAN1MKpp|X9lM&3m1$I!IEZGMS6Z!GTz*W{muk<<4b@J79DAeq=z!t>
zq3*lmv3|dY-*(C<BV<<!h1=dMg@k0JLB?(Gaoe&-%BT>L6(K@0vMH-%m5gM|DDGRx
z%6iV*=kxvjzJENg=l{p+)hq7%TIXD6UFV$ZTqvq{A!!&=LY#E7OY`}k@sC9bn$?8;
zT7LbRG7F1Z3ty*3-rPzt9%$YK?NyO~m)e1B72QKqF3NALH%~K0opgCyy5>?JaCiHD
zjaQ`%YLnj?tn~cp?}eQg%vDo^8<2`e3QwGGUNXD{+4HCRt_qvV(&aDRq#Y<*5nb}f
zU;jeHNjt%lVC_IH@i?>oRk3>F03NFVk`akMY39ddsq`E?n9qx<Pc<<AbiGuSejcxD
z=eYf-vi?V9TKpCvzFFn(RKfXIc5E!ddb$S9AqB4!aCujfi=E$T8d5CWW?YI$;tDYL
zPI)B8!Q+MdFvJ|<31c%a;y};kQ4P@$dp&sNRl+$~372RF^ceffO9tykVr0+0+wN+x
zxAXmTrldUh{z1Zw68A$KUG6yL5al4f2;?u&j;U3swe?n|lHx@qa;4awqjZTG{zn5f
zc^<1uwWtr>t-7^vCyDUOtsunWakznH!}el}R4Y^`fQy*#*G#V|1zNbOO@Cn9{M-;F
z%Plt&oQZlZE)V=8!xl+{{pi3@Z&7R6i843SyK(XO^~5d0%DuExxOQ#E1hOUEYx>uz
zDs4T{pfyzFPlYYfT!Jhh1fl;hl`r!4?tNX;vxi2g2L?u5jf%(?aiz`Ip`_8;HPQ30
zYTPX&X+-<jZ>v(&*0;!xZ!5A`Ek=_ZEk{lL(_wfFRd6lQfb6%%7mj%hN7CNU!gd1t
zhiu^E!}a0XSw1c!&U}K1?x@CV4*nwrnd=`e#IEy<q9LWPIz7CtuP1#j9xNqZ{lge|
z?zVZ!q9K5)weTQ4UDsaOPnt2fPjiG>7d;t>AJ1m~4#%o5KWPq84oSw|4=(%g;pyHH
z$v?l-ioNVVk`;91Y3Kt(wE}2CET<iky4RgFh_a7Xoy{+*R#9z*Ye97VE_l`=Yl7~L
zf6Ps&mE(QY2%_eUBZivXa_Se9f8L=@q%csv$zi-GD1x)pNBvc0)2j^4Kina|5GA~6
ze>fHfJw5HP^qdMq7rcEOj4E~H9Fbq)^VHEJKVsIal01_q?)q7jYg#rROH9#_`awoV
zd^}<9XSR7xDmwv6SNI0XHk~Xylkab*sEktaE0=$4H0GG5UEzVy^(EWyCVW<9ep*Q@
zH|7NojnOml^BMS6P!leGpb6Rd!B>3vr~B}RMJWd=kTlhXVsp4%0>ch2y2N^xEa-Aj
zjkb2IylHs->(9JaY>1Y6l3)L$Y=-xj4t-n3fcH(mr(`>M*$KJ1kO>Eh1(cea`2W?e
zA1_P<Wc=fl5_c@jJE3ErRm*lHy{<WU;;ubpkn2O*Yq*Ql&q^MPb}Ngv?U}%(KBilj
z%+Xsu_|i~c$e;%cIS0*U%B502L%cx^7EVCsK+SM)%#VUOzM09=3#3bNO#jqr;teCY
zT-E(PPdy<F4=D~`nG9QJe~c9Dg}NEA(OiRs8stXQYxZ0&7eg<riYtcOSM*8ZCbmEX
zPVY`a5=Oydui4?rqhBm<-@2Vcfrr=Ov^!&a3O_XxunpVT*IfKCfI|oju<Sq4z){&)
z#LOMq<xyDibT8dRDQRL?SzK-Z;mM&J{(`ln_|BM!&pCa@GGk!>Bt^%(-0e^nv;#rb
zM04o78UJuh@?dOH{Itb=5#Gd<l-%_v3E+!25AhmG2@7a7Ad7yZq?<TUG%CFOQ8vT3
z;d`1iJZ=l+=-zuKclRA!6hVu0wU{A`BY)=aDa?WS@-cq<YGmzQb;;WELHyjjqZOD`
z!`jiAx^sQq)g)IFU5>&4O@cLG+mToX{mh7~tC?QNwz$E?h*9U#&vd4%yBag556*T5
zvfSsX?4DdqzCUj4K$zlgTP@Rvsb+&foo+Hg7-J|Zn#?JO>UBtxTE{cp&M9&#CfYF`
zm!xZ=W%Sd<<8xGsqVEK@xm6`)9n=RXrB>c^-&O7h=jI^c>@=#JO!a(+K-RDvp}OKN
z?XrJdNb#W@XvVv@Z{8VD>+0OyUmU&a%x0Z_cC+1p;8yKm_}TN*sEE<^4iN!|Pc~OB
zup7zUxV*^VogdmtQewHnIOI>J+d!;W(!_UX!SpYNf|vxZ;w}=`VmyY(e5;N`mJShE
z{@`wp5q_n=*Tzb6SiQb@nIZ9G^u6eNbE`zp^^Et__Czv1+;iSr+3??|O-ozdvliO<
zN`I$}*{1E`Zp@JqjtD|;)sa^_9@20b`WTe>v`S+YcK`WTC?<{w$&3oacN#wy9ig!Q
zUcWPW`>NvCx$!-GBWG;tR(s?2_wFvA{Rd;RlNF8reep)2LtT5bQ>-#}wuw@=X7>U&
zQ-7E2|7joC7j(rNS1%VkCm=}g#pazMhDuTAmz8Ae@@qOJoco(w%{nq1`+s&7*&>#V
zStM6G3QPP#3jMSBC9rb)W76E5csaGYJ>5;0wUXxjm8JcS0eD$z;rB|3-?}=2WWJ2J
za_#|ZhterR2HkGGv-dBv0COewI4P%D&i&Q>yUY!5Jw`OyQdg~o4h0t;ol|La-%V<3
z>y0^5ydyp`P)%^v`+81N@Ma`}h$X&Gvl`v!`RlhKw}uH6&fj}*WQmQ#5$_v_ue&B<
z`QX&Kw$*PYdQ>$YpA9-a;)Wpsfq@YTI)1dWug<UWV&GCk9!JWI_n;ru_;<|0Zk|v*
zROyN8v_8wImiltfd1EiGZ7+IRrR2)s_?LbfL@A!~yX|SOYf9NI#T(f-m-g`{dq)E{
zxA(scJrXSy&0rZ13s~{@&ffSnInTWM?efRZ=l|q}6KaNu5Syr?7m2M}mYGrMSMW?6
zuN*g4BTMAhdIjMj_l&(|&Su5AIITnD)4VLf+uzt7!~U*s2fhq_lCz6{H!gVwH;B%D
z#o>I>d78xFTsJkc^7o%VJUx1x7M|PN3Jj2<nwS&zoMoEZyD$`>TIwee8*{9@`3Akr
zsEN<+3zx0t^kPu^!%9Qi)0bs~2BZ&<W9Ql1yQ7;oTo0L4xI5Rg@5w19Yr|WCL&@1L
z$GmOQv$kLO8#lP`3S0%1ptZpj-Mr5JBJ(FHL8)-}kF^jxhbz>IQrYm{;a1$+6bj^Z
z+|gXLi!<|kCfxIb6pwjYqvBPDg8hiOQb?%iJmDOfBV5OqnXy*fZ=GD8Yu(@9-&>BG
zY~1~%7^%27NgFx(TR14=^u7I`SA@cu0@mHU`S!i)cZTgJ+Z8=)o<(G`=Q0g`+6dfG
z+5Eo$XCraXtJ97G$-HF#p@G{WPiw@MDDAlHmucbj{k@#__THA)>1Fig%?{>+KKhsD
zIY`!lV!|Z_>vG}fU9L>^4Qstk@*-0U!1+SDICHdI#i!uVDE0$Kv!^l0w(=H?qC_~p
z{Mvml<Kz5Fmr3zDG0ZiME5lbNo%iw_Dv#7>$Z>)P+B$|9={?g78%u4OS(JWdISDp)
zKQP@l2qssN-&@PrXQtVkTjJPBa^5#H8xCCW+URC4?qf2k{07;WMaSkUXcL1aR_o1?
zGiPifQwB#q357N8agN`<_ilT9H?Og0Z*_mmgmY&yG7vu#__GDs1N_;px3vy3js1ms
z(aK<9C_QM2VkiWbI`twGuZwrtmk6Bq`Ac+$zFpU-X79T9_U`I^qSd6<>Bc=1THpQk
z@qK~q<yA$(?$pR9+P%fRo_70GvKf#amQ%C&rDb<b_~t|OWk;rC?0WiWe@9D3p|I8k
zD%8QP@nMH!DW~o<|JmC~I`VD}beMqT;puKqKfy07d=!wnbkeh|z1Z_W@iPwHx^;6z
zpS<QwKf{ddRr#im4&~tdRSGwk+|KQ~_On2rWaC=E$jToQxj(<QG9u5xOLnO3rIUC*
zTJ1yfptd!X+IU!Hcqfq0Xz#Tba}|82bjkC*x4Zu8@Xzu&-Q89Ya^rKfNA3_S72NTk
z32*)^>@1iLDFg5}wAhVXH|vV1a=2#Feoq-1{)IMfXZQXC36M2vNo8u3rpm`YWZ@%w
zsV?o(2)F8$%%>vqUHvtwMnO4dUdYDKe2;m^&DV3bVczlC;nVLT@}b+;4~JMDC;nAu
z3DSPxK3wAer<nR0G|vw`CUSbIIw5fD-SE2PR<nT+Nv8eOhh&f)hn*V(??4tNlHaTy
z;K0nS@=KR<O7<|ZS0>gRr8#%t6eM4nYH0e<Q-K#q@V4RB^3x=uUNTn)&5@&PiGwD(
zC{(|Ws!0HPvs1Hv8~q|<e&raLp?Kb#4{>CiD{tH|6RLBa6hDAVP(n4FK3Nh2Z}I7|
z1WDB3c9SOY8~a~2Q4{^w<8W8QZFRnh%XBHrH=w9pFTbmQXCmuT1d~aC^1&*vJnK_<
zEzB>M)^xWnbcLw{DGy#ozvxsxj;m<Cn64MnEKM*WHzp`Gvv8vJGTXdeB%iut8$2d?
z;?uz_v!;rQ5*`)JI8p)@o}-Mx`lArI)5#7ypCi%iQGc3UcCS=KDHNz`%jM_a+imUe
zwNBnO<{rDA1mbSh$E&@gATVan$HrCf0B9?JufTB?Q8J$LUzbv_%4fi^vJ={=1}YnS
zIFIWS=igqmh-1f>mZ1iporRu0?<1NGHR{!AQA^|(gLSz{wd==!pcgwlUA%txMbL`6
z7l#KN4uVr!w64J>5+<1;1sutbS{ByfK4r-vdgJ?^OyGPWsSZ!-bC7`;iqM@Q5e4#s
zQ$Kxl7u}Z5k?4e1vHVJm6Z{4$1qqVDhq)U1<ud39uoKRrdy}g8N1vGY%A!T%@4c<x
z-D_{*9FGLmM8Ee|`T9s#NglGG&wEw}7E>v)Ohtoy8lx6!*a<O5(GYn)T6Wkgf%q4X
zi{dwoqSH)!h%RES@NVzNR<ktT^$u!Sf8{zd9lM^T+vLy8x5^M&f&XsCRzsqR2NNM2
zgx$Z3YSGe}ZXsuV{{GqJkaVYW0Iu!T0!5!aj7?lHI*Pt#FAa5e^Da7o&`P97B623H
z5O5fja%ea!E9XKUD`~Lo?^pCMQT>7Z;<ky5=$qW5su>CHn+N%eWRiz?+E7w{E`x-?
zbUB}22cP-g44`^){dlAX5k9l|E-|{ccjN_1%7*BSjI1;5#>%qgapg85x3`vU1J3i3
zo%VnK6%-tzRN=WY-TkFwN}Vq=4OewlJxMl4>z`gxqTeFT*vhRti125mQ;Zhf_D?JN
zY7kMTo%X0erAEy8=na~Y(qsI%NSX~kpo_uPNFjaVFPR6>9HwgaRsfpM^dlwcoq)|r
zQ~YB<Tyu_mF)48L$bY0p$HSTS(H-U!tR$nkj_$t8g$j2qgPeTVc6yrsn>~{IF^UbS
zaJzO`J(Olc6gIoPRAhmlX!Ka^u#j=!IiP7Dln+ghZ*RGtP41$({ADsgB6Z7ERPlHM
z@$eGx^I=1U8r&ut46}YXqqb<?h_#@~(Tdz=`KH8JGx=rBB*Lq>@daunYo7Bg;S68g
z?jX8IyumW0#5larYIx_6p@Q#*ixrAc&3Rr6$s~5EM~_6xzI}*u4*4w7%kSLaC5Vbm
zskbOYq;r3YyLR*q34QORLN-Vz{LbVP4W-rApxus`E0aJmeCTN_@8kQb_}yYx;U+Os
z0uKt6;6@=oQ5U0HyU}i!C8`(^IW4N8rB*f83}R~@AAU7>MtrWCRe*$=p}if2Ivkoz
zRGnwwuDvF#bQ4#VWbwLk_vYU3Y7HfKl!Yfd)RJg8fsfV4K1bx0KDe9n0A53Fs=o*{
zGBh)0NSWL?^f>^;f$9esDd*g$IH|y0UQ<bE_3U(kQQ_9IBjy(Qte0+?Fr0ss3f7ym
ziTrX;D~-Zb4zDZkiUw}#@?-``sFJ}Hs>j<V|L$UF2Gul(#e$paQ9_jZv@4nz^mm9E
zST?iF{B?TxNu#*^eIPj!OQIC@i93(}72b(KcJ-SbN8p7ZuWxOr)W;_=w%2DXE*Mb^
zw~d7VYVjcm<0O07`B!HB=4fO=O#oCjF^faX#=JFyjy8vJ;WQhEpU%<r-y_<dG1+*Z
z`d|(f0P`Vc%#l5uVXo6-{k`4f4N|i+yi##-ieXryS}o0BhC?IgByN0fNK+iqrQ}s(
zV|Sm)zH)#J<71LLMhZWL7V#Wx;Y-&_q+&<B7o8RNHoB+0Z30H>^LFLi8W6eDE+y|w
z9c4YM$Mq?bwMH1kW6_1p-(xm1>D!|2Whdtx#GZ;)46lshe>QV*Eq)G2JLx?u(;ZZA
zW?mtG?-}IudGgMn?EJ7N)%QjkiEH66TRsbO?##M*FV8R?fbcjk_AyareLxQBTGiV2
zc<VQ-F?F-Uu3?>#g@FPNAQfuP#6JF}LmospRy7DoyY*S`MO%)EH2%diu7aiuDi+Zo
z&&-Zac-mh3>tAAQiiaYvt1fGjNwg|xt{M&6q#0M$^R8%opWwNN(WmtO`eLC`Zqb3M
z641zQnLwq~P6?Of2bKbv#!VyniKdT<xMIJeYy(<ODT#%Lq}O#=ea>D~vG_Q}>7T%K
zGF0CkqYonp&WMet>;)Avn%jIg)@gUoYq`+E)#-bK-NWZ^#}zphjCSqKfU|l%miGb;
zSdf~Y+?Ujt8{hAI;B26g8NGawjoW>u?Zxl5@Ie$E>hFF5`NWDKxQwQH?l3~m`$M2e
zxP)cFB&+#OL}!+xslqIza(K*t>De(z6jaifs^5!%hfY-@{hH@-c@L%zJ%v+!xFk~#
z%7zc=vMmt0Q!dV2S+d4-Y9EZY=D$pyf^HWeU040#BN1wgIw~NBOS}Ef`x-+aHFF?r
z9&{0|KVZ@b<=<v#{Xp0EoP*@2hbPgYcwC&TPU7}O6#o_|v$pu)4Flb!>wNd-P<5K~
z0lJ1!j@&i}KE1T}x|mMvCL24w+J_c2*3YHvn$Xz_)-8nw(Ze&reo(2$_KlRnnb=1t
z2PZ>KjVSu6x1FYre)55v7kF&$4|N4>4c7mjosveypRQE`6*8%&(JS~iV87OE@8~$x
z>xrqBJ;8knB@#NOrO%RZHH4iYAPy9tqUfK-d8FW-99S_GE;DUBD5)R-b0(LIbLl&j
z8nN>M2IBdBKn7GxMuAtjVGj6yf;rfaVn{Qwrp0L;p0la_4&9{Kc-&oWEk6$#A~cjE
z@J?ufzCgEq<I3k3&1%q#28g5S6e)pSx6=a<<6EHo6n4j`YR9an4)k15Bzi)X&>)*Q
zrl=c2KxrI5M?1KJ%{h_4Lyia0Yl!0gx6TvJ)DEO+8dv4@)zop@bI;`pk5nP^Ym?os
zncra3o`dad%6^h`{kR(14Cb?Hp|S>JE%0~hr^(hN6Ns)LL28ZyMdyDxQA}J^?Z6F{
z9ut*tF*A2I@)p?n^)?V<bO_?D`-GFk5}B~YRh@;6LZ#eE#pC*+dDW<4m$u*x!Cj>3
zBZ>=s;*Bs+e%K)nwaz~Vq0>`!=*frO^DPjn3rY^&u#X|+_TMwYmm>;lMx~z(27rW#
zj03DZ<NXw84}jAq5C`?a4G9BWZTm4%NrO|yCF%P<Rew`IMY0p1om?X9yynG;bg8n@
zzP0u3xn`ib!+>=c8JHk>C@z7^5#8~$ok{b$Ae|Vo=(&o<a|eJ_o>wFXROH~QR?mVo
zF5GIKdzV{~#@M`Wvb$c=X%E0AN28-(n&_s7RW6vZ)v=29aSL0-nbrEB3W#1<gFNUZ
z3tuxm%DBxK4$*0QcL;O)&B6U&1d0DNLQmpyTxLYN-_)@-NpYkj&ZFNZPpVMf=^=1_
zQwxeDO;Unpi~q(ti*u|m-+zqe<YzGNv!_jIF9CnsW+TgEhB33g%ZW_yDfS6(x=;&0
zH-4tQ;vaTsx_M|sn*N=i`!_bwBom!5tmzqIFRPQ@&QGeO!73ax0OcO^6D71xQbNLo
z-wJ^eYM_;*%64G{dqBb~__$!mXsvJOhGC5F5IT;jm8;Wsg9w5-7c83y3V7qa6fSOZ
zJLJB8^DL@^%EsRd7M&lvPL6bNx#SHOKB>SnSB_InPwW=lPiQ}AA}R{_(WM-DsU<wO
z8*e(&+364qfa@HFt>H~<N*iW0UIMH(Ecj+TJ^-qtT3#HwyrCR<y42t09p9f_>{T{)
z^%yAqJrAL}YHw}S^0&eQFDD+Y>SIQg=)&$aCVflLU-3)?SfjNE<7k-u+d`^c;+Fj3
z@%ZB^>$CwNYBpDn++l+uct$)=@Q^4OkP^hU`EA%5HdLOcEunO7RPFlnbu(&oJ_U3s
zy&xr&cfjUxazrfE3+@*mm@-@Q##d!P2>Jk`Gj)l*ZrQ)C96bVnt1^4N^UB=@L&nST
z0MHf39N0*GtqE<f;%9B6OUqJ+CvKmOjg2~GF~y5o_!=lE6#&Z3cH&Li3rA!outR%=
z<9q#+XI{eB2_4YNj@#ud%K?F^$SLr0Y-??OJ2<GN!kuR%AyC!^hVVF66~AsU7|-o5
zXNM1qo5oHtv!H52=_k6z>%?B(AQ@%J32Kwu;ZvoCY%hFQ>)pWsTH;3m5&ySQ@`caG
zI7zkwmK8^NIr0e6jc(JUr~thLw36R83!3GL2%>W~ST?~1g_u@$GEU~lU~?%(AvU&p
zXCWP;w@9W;Hqex%C6ehx?3F(RqG)wzvTSn>p2_XHHhln<{**Fv+~beH*)_ZBl$mZO
zt^4#Uo(IdF0iBP`UW%0cIx$YWKe%_UWPfo1-gJXSTB2lKoD-;1T0a^JrjvalAShoS
zv}YC-(i#6qM5msN2mJ`;olYn_4ZqveN@-YKVL_554-Oc;R;nM7US?u6_cyZ(1zH%A
zBw*~@=w4?-kzv?(3DEXIZO5uq*8Xb1cRHvXv0?kCzXaM}{h$6?X#diG`lm8Oe=HR3
zgZ`Bm=&wo-{RMg9?<SNTGnYvTI`!#jUSg+1AM9xgyxjwTh>fBL3>_B4M&_RhEYJx~
z0OIbLpjo-y4p>{u<zNw{m;9eeUrzBpWe3~}z<61Jhje~u_3SA?Tz<cay`WzYNFqq|
z8!DI3qSElC)}KT=q!&^S@~{6hWXqx_a!c)>>7jZTQvMh^dZ?h&<yt+XLW)kifaF6`
zta3<^@<-^PhUlO#7r}F8)qyCnQjTPu^sA*fQUI+m6}1|GKKMw+5Zw<`yHh+!W)ZB8
z9R;Wf_XddJE-d)qqf?gXBxTt!@KYGr{hvwQu2Ld4qQSEId3k7(G`-*J@;CX->_OK7
zhaSG@9$-oz0Sul1L(>>R*#v|WlDmR}g?`j#fbM#7hdPV`Z)NCDhoETIbO^My6xJh0
zh5^(4y(k4?s?kx%po{7OCeBy|$RcTwuJag==a_dw#r;SqEccPfK`Y)2l!Q#(P=L+>
zKn=9ufksTtHxj^TJX)o)g+uYH>7+)9%pV4pC@DEu{YN-#!a4t-%X8SF26Trs9RQiQ
zs3!IfOTaMF^rJzS7^%59K{Hd6b<m5Ij|ee_Cv@DPkSeUBbMN2~05&j8{1`^Lv)6lY
z%_J%sogIkN=YTjdrG9|^!9ycia<iyb)pSDViGg{r02^Y-GSjZZGLKpPPBecSmT2m{
zVaknCIq%gcoL-5+G}{`m_>=HWHoEwPd30Ld=uofu=P0T!!6WIBkoSTl*fx5z@shCz
z#*irG!DMXcg}ER)_V7otTV~zjX?}N8$7z%dDM!pyfiUWKvhrXH5`Mh9#(Yzbz)Q(4
zibAU~K~uJH4mg6x*Z*q-JhR;;511{4<V;yuAHv&r%IwFN4)fzU(msJZJqYee6T6l5
z0TdnDo8tuDBkX4Aew}fNWPxLcQ5WiIfkjxx?bCvtAUpYki(}XdHg;YlShh3w03KUg
zOV>XMjZjWX5YxyWq)lJd?4WQRs97T+ZDlZG%Z!1-Q4(F7<^+v(`CGrEY9HYw4ui^j
zjHn84_^L(Olv1>wX+nB$Lds5U13;zoX1ix|frRIIt160lxTd)n9S{CWhdd|Vn>dQN
zgs3MXFjY59^=%Es(ql{d9r>CO+rqm5?LxX9aq`$0;a&gEBrANIsR>J`AI+W_%pRYm
zm1oR;P~r@{0B<@;KyxJ1q7S$K%PsE{`l&#$?6a=3zz#|u-|+2?rR{iUT9khPs#k|=
zjk&P;*AEqq41kR_JOjTpg25>qf%i&?7HnuB%IpFx*QcU=$#U7Nh4n>bcK(tFU5CfI
z{v6<gA7j8(UH&GSEK3&un=7#X@CcDQr2pjVM8|&y)=~O-AGv!=;_3@(uxn1MKyu|z
zbR!v=(`GpNFZ_M9^4SID3Vp~Uk!kw~ND6m|2)v#otCa_AZ1KOJE_MH<1)CxEy+g1(
zC`B42k#s}i<WAses_#tt#F_fE>2CB2U4}hEKh%~=_XW~RO8A9(PiC|1Zw<}tg^PS?
z+4w6;xC+kd(=L%8S<aGRCSyFjnV)l#&E51Kx?7zw?yZ==N-_Lhex4~%j-zFqm!pK7
zGoN@hscVIHZm!=fptzPXeFveN)$)=>E<=LR57<2Kd0zdvcG|4@&hu?2#JaJHgWZ<{
zuO92*BwJB4UcGx&T&K^6|J<aByQHGi%QMv2W_{!_uqq|<S(4LE3~lfJdbMKl?7uvu
zj(04{t#ceD*}TI{u`C%9>z$dh>cCRDGOahqdqOqxpBXJ+MqOckr|6|f*VpMgT5i`u
zy?6NTjl-J5)kroQl4vlYuX0xVLw9y?XXoAWZi0q64f(9`!rJ8X&(BAbtTPwKg)PLN
zQ&nu4_C7RDi`pGWn@IY$idzB)F^5KM$NZqo4{TD8=`*Tc?&SzChPE<&HK(9Y2GKbz
z^6PuYnm0Cw^tdM&vgvv*-3-`cnGG~Dyk7HX7<2|C36=p~%MG5Daliv3i|!8x{qpkn
zt%O5ny%Aa$qi=I_%3!TfHONyaxdAatjRG-mC`Zcn7PEdYS;4m7OKxi@Y1v3%t_frd
zTT+tR2`c`x{bt8#^@TeX_3NjN4Q~^Of)eIkBKw^60TU^Lo~3c`n;-55KNh>a%tk%U
z?N4#R<CG*ps-zcD*rDK(hL@KZK&Y6InzWOp%-QI78nzD6)hwsGGc*L!In*5HW0{>>
ziMii>&O|l?bJf7#j|7x!q^#U7IS)A}_`$@&9@bBDEch=mE-4H9FTJF}4SO-})lQ$^
zXrL24`;-n2ropmuX(bcHt7j~(>X*L5<GmTCyA+liNYlg%ejAB&^l&fxf6=p=ZIWU^
z9s}X!ZQq~_l8&1EYs@WsZCPeWdSGqO_I2YS+~w=bjf&t!&4T*Wz`k6UW?#OeyzeS9
z4u0G0A+qC=Rb|V3@pV^=B3*yO;W2acSF&qbhG+wI&B)8~f>|O&H>a6hyRw*6i8|KG
zbDU50Uem>u!7KiwEjO2Tcb2bXvRQ`h^!ozUl4MsWV7E^Hbcv(~S?EuXqbBZW319w@
zoTaPtW&65Nbm)dhf6(=)al2bZKjpGMrQPaZ##19U&pG*s<XlDRoG*sqmA*mn<9dKm
zr?XO0I6i?dK;@*O#MHvM=tgm(a+NgE;w64b@i%7t$VU-f^7KD1=@6cAm$757^&-v1
zKDPnSvT<fjvkxzGTuUl4?X&z94=U{Cmr0tdH7`k(C?mF99l>--d7W1C(>rqDgPojE
zi}S6~Yi@RKAfwe2pW3<n!}pE)loQdh@1wJ{bZm#VZ?h$?`@F8^7t<IOEnan3UUZ5p
z8}X>ttLWcZtIwuFa@1jKe_?r$Zmv&pF*|K5{X10x4tcgKgFgaBWV!aSa-IF*Rzn%h
z)k;aS9(P!Ylpf=%RI=tbx9;!+@qxQr!Ec4#XiK`>WJlOjw|(_z_|E*xtJsW^HB9>Q
zm>zX<YTC|Dl}w)f9b<xi0m0cB!mLALj2t4h?8#qw70I`{e(=69sbRkI<;b+o?)y^3
zjN`)&-qm7PM+~_F6{ab;Gs0be(|ldpdp58i>c2Z)y8copmlVkX1w(tcfV4@Js<{eV
z+jmNu<H&%b)cV{@=c<@N+hX(b7W~duY{`O9$QD88txrQzi-(X)9{<=jk$OrK`+Kvh
zuScwp#0QB%_w0Ii$%mJ!0vKMkw+BS+`(|6*%JeoCVq%SKk1_BoAg=Jn^mv%~4^<Lu
zGl@~LoB(=R(@WOnvDv&%Z@^-6D{Iz{%kF8f`mo_s-NQX5r?O2uslHass=DtTBUhf#
z7UuxFm9Oj(Wmxl3ey1mP)4UTOFgPw7p_;+%NwcQ0!evFy_K!w?bnVvc=N?RaH|hQ9
zZqYC>En~8Q(|I%Vb-kJ>2;30ybyMg5y!Yff5pkRXA4j&hE1mH@I^MR_JR`(@%l?;V
zFP_H0rehl_x7DD^s2WVFLm9k8r=1fxQysrkRWKjx>xqkN-XU3UXF1zPw3Tu%wV;jm
zDy~+gnjmfwlRBf#Q*zD#;j$$5dVD?1K+=HtvG`$#LR@>$eS7(tN4AvL+KIndE645M
zA$fgxn*L|-24)!uRL!w{BK7p9w6E3GL1LC$rJo}*cS{A=EB%#ho@rA2^o;y69+~o{
z5{T{$YcBCaxnS9sqT1wNAW)^Y{raQgk5cFH7I%HtP_1bT8Gg^&xssk43<0+fUV_e)
z0kT)0(%y`K6|TGSjP7B9`T6D~exl3wMz4FVVC`)!OCO~fvLE^u*WxO|RR80#4`<9M
zL4qTaZ#;fw^+zGKQJ<@PiJx!swGn!2IJKxhrSa0ut!4j$Iq$T0f~nk#*FupHn`Cri
zMZ6-uF+$C3XVSyulBu~?nrji5IE|p_!OnkdQKql{o;P}~+?rZ;|9n^^w_jtZhh(EX
zcPqusPZIj!FBc_o@_;@Tcv6DPhuBMZMiq@du%v2zKkDJUk;&P{?U&S}xUIDv6za>s
zTF@rWR681z9Nf3tJCOkuNy-{H=l|^q)-3Mo@e`HYcFT?_Yg5nqu1rY3zG?S<D$;1n
ze(x4@B*D;tG~Mp&ga_c|W=SiQ-hl<`IjjumQO-xVIo`X4D+@gFh1J;dnda1eXDOqy
zt&`9A?KgY!KBW~mR1#$#hvk9jQL?5|QIWVPFOe$WT}t5DG>VRnpH$zwHS}SyrG6*Q
zB%fTaRN+nTzJJY#^r=B21Tvma=Q1z#8dBQSUt^}gyJyhfdS*C9;j_Sv|JL93@%KHc
zF+LN{o0viNSo=@@3tgDKqu+)tPmF^M3;TVFhfBETd)DZiof~&<-84$~8scbgW59|w
zbj9_A=)9L=N!M|>!!}p*{UR+#LtKR!o+HLSw7VYAZwJdQD<<vLSZ-7FEH^n%Tvr{n
zt@NXPaEr6iQ+q2uEw{5L&*%O!%crb&td}mt5Z=yPkMfTNn(2Zf3TjG&$4)t3QLyLt
zsxC(;lH+f$Dn$NJTeOOs7XF+5M2-1u^UEm;k>ylAv$`eXob&d5HK014#?sm#T*;H#
zx1!^NJ;CB{laow3CvhQW+FXIs)+tQpbC<^+8_U_|i}$<qv5`x21<KFgJlU<g-6~$5
z%Xmh*ot2Xu0Sz8?uk6WcB*a*X9)?G{50^=&i5_2>_GIp{Ze$F@=N+pQO`Q79&&sd-
zyk!5{rvMO;ni^n5F#xCEznXyDa?O@Vo|{ib4=c=GD@7Ee{_!H(5ie&J{F6)GLKt1_
zrhU#Ig+WzVaTvi9;hlHMTfL7s8uMf>ORl=7_Hp#kZ!KS9_9|~bCUPPCqlM$bK#uhN
zLG5P?#pfRDFTTYUaRhJ?ev*Jwt|^V-)j1-u0XV9xcTGh!T#qBecQf|&jdp9^_i4P~
zrCT~aRdGV`Xpda@vne=rHzh-lq4SI>XUEEW9JOmR>%~-fOs}_J@R~j}U&DE8Z*{?q
z0!fAq(Ek2i{syh8ic)-w-~f1#T{*JVN%1d+GX`@jadEwA7o%^%yY|XSvUx^KASI(I
zM}EqT;(OVaRqqPA50l{&tFlQGUNWEK!R38=L$gCuGvae1`yG<``x#xY0hlqnJCpW_
zLDj5i)O(Mun*{Qrt{;74IN9&hIeIo~V<~)Uce}u@muE|QwL13I=PHHm^lKdMjvRx&
zko?qhj);9dimu7Xa!Z)EA>@u1bMKLmb$;q_ygpAu<%&3)>}WUvcR4BK1B9<O5>|$)
zZ-Z-??3Cqv&Pj*c5YJlZ+N`K)_RPlGttQgx@Jw6IXHu}=%E<0r@%e)w245z%4WEwE
ztd`QZO=I84>}Sgi+e00NrC1Ri@iYRivp#lLA$4mxCND9BRt;R;>;#;)@U{o+;PsmU
z=fOQtJit=fzLw6JLBWpqpsUnN#ikLS+Vuu+d=xC|Vt!2{U&Ijolq3j?tLnQXxr$Y0
z$*g33CA$@~frrT;g97}(Z*RWZ@EyHI{7WBKQxf5tSG%Tt+md}JZECa1<Ej97u+hG6
z6A(M$&bS925%^1LesK5g_A8Ic+x4m*aYsV(=W}Dy2sOO6g}XGxpEd(t&%ETpIa|;n
zofjvx^MJov2<zz@N-t<aOLkQKvY9t@2LIln4O#c8EhO!H(3|$8F`)Ku4f~CFC<8=S
z)h8}-1>$S0zpA)@RqQbLuW`mG`vtUQ?mpnM$=FzR4v=*>2qUEOD}RcXsXIff_Q~hI
z@hKn-2z}*=u6xq{-BK~($)p3<FlU*;T#CZ+@(npM_qTnMG+MV#2eP-VevZ)SJ!!1y
z)n*^s+4rm*%*LQdQUdNH9Q0nWhNrZ*GbsCwunBX>UscA=o8}1L?;TyV8J-GgAH>!v
zFngyEA#Kq7J(y!cfj0~(d9~_%V!5~7jKKpagU%*T7W2j=dL^jsgGsz=d8ZDKP4M~P
zHRi$R8<Zuk2-ij(UGFhKrv`nkDuuXb`Nn<my5c`EmSy@W{1F7h2P7%{S8U`1@ISS$
z26QFABu3=^03~|@CA-qMO3i(<x{pb1?mA?@XcK3@UWOT49Qx~6Y1rkQH#tZ&PI@Ze
zCVyvV%jm+w=eJ+$+K9M(R6BafgkRGSy!+P5B~FeXw4?g&9Jx$k`S#U#8|&fkwr{4^
zs!!B33iIIa#%V=S$JC>ph`nki^mu|qS!dhP0MIQ7&Jp0!9$IC;TIRDV(~N#p4h5vt
z<rzb_Iz#Fi(Rp00s`~7N>yBKIm0IY!mNt$3YsU6wBeB8YP0gKCn8GSsY(ViAS9IeR
zd5m=2nN8Vt+D4}uRSHD+MRQtZ*-d`Uyn$t5SCy~k>4i^=@i;X~oA{l&<Dm_YG<vzl
zd8%kQz4sxcl-ry(z+dy-kDrMCJLU9i`9ib1ZN-&6t61Z2w;l6I%XOa3If;6toa}dH
zb=4m|TihS-0<Nx!YceCYWgs!nJf3M^0f&p7mf1EQLsL7D*wF9rMB^O$_lt}v6Uy%w
zTqb_Pl7NyD@B8%LO$@R=@k6qn$^HZ<R^_Wx=}rD3gJ-K@cg5ZXKvU*uZ(@WF+7@*>
zMfSC_jxd*x7yngcP(;qnmIog5_ozDuV=pkyDVAVocV#qpQ!glNYD}akqYDCT$-tHx
zh7vrzQ@pW_kH#mKzP>*0XC{}ooBPHqHYluk2o2^tk778pzaBZNSl3m;6!9*(TJRJ2
z#5e$H5`V#rzvvqJ=7B*Z9uS9h9}dTl(kqsKyGCA<IrP?Cg(rD>D`7dZ%8m#<oN5;`
zuvft8EbiW_*>rAxszIQKe77y_bmr)dJi@Rraj+ntLf9W}x>Xkw%Dq4D2HC+`qRZ`)
z=NRVyTZifr_Cr9?FQ4zN&(@`$aCh5EreuL>ne{*-lm@CP^S!%Knit~hokpSrSAWYR
z0H}+L@G#8w_5KAx#fHv(X30zS1&e8t{4&R~^l(EWXS?&_hV?_b(@ltiu+Srl;K@8*
zS28OpStvd_(Gm+OQGKq4l=J-Tm7VVz=;YpzW6PS<fm4g=tNISR#<y|(f$UXSk=C`#
z*Pk?2Msz5(e^W{v9-?hNL5h5VO%YHyGOHS2JjCr)6bp?~2%a(}LrdoQbYK6Bb;a9b
zj!ct-+o>DmjrS$5?L2<v5c4VpUWrQ{)7t$J8cHV}GBu2sCZ9QEDx?X6zsmb@Q<_BY
zsCI!QX7K*gW}S*GtseDD%Uay2lDZXs8m835h%Jm|Q}g|@P90?o>vO>)N-rO|ikyBi
zRAQP#r@s>rD}D$$tv;dM_tWVt&+_c*bFFJHzXb>np3udvs`AUf<$os%Ni>Me<q2&p
zG~vD(&=R{&o%&pa!Yd(&fpPrgiF{JV<$%3Kac0GY*TMWquQah&%Ayr4YNPe_TnY_#
z_J{IvMS!|)>D35rivn*)A7iZm_8-kr>nk!8LG<9Jcyn7rsohzJM)FdBe>WRcTh6xR
zHOVE7FAcU^*v%wGeuKv{26bztL+(-tjZ9r>r!%JHXFxWQe`3ZD#yN9nua`@zSM<*8
zU;*5)05C|58Jy2xdj)^wP)0Nu6Jc9zo@(;&Mh$-XgO=lhx>|WqY_CsQ_-iy^g(>xq
zGW|UGU04KEZZ_zJ{M^i?M0$B(Aaxk%O*|))qvqx2X#Y);IDUzeb?Va{6Fa^Vw;`_x
z7u=Ml`gv44vZZ*vA7qjNR@R2gIPCYIibs4TqAMq4NLcfU5o4In7N#RBRXOKbvBXP8
zoxqq@*Mz;_<ZQr`ye3yjYJDekdHCa+o?lfua)1@8Q9SMkxoo%X_}6~z(4S6`ddWOm
zlqFf3j8=5DBgSe(ND+@q-enlns<d!7rQ7TTA$XT`;@gUcn{42aA!Rq0UdYoylUG@^
z^+?bF5W%6E@3vbp6~&&zQ?YbSEfNVqqIZ}u**hux5+a+uM-UsHU|FrK+B69eE@4a_
z6@7HeBv}HMK_8g~nprG0bWU*k!knjFtO+pZ1>vyj>(OlUGRE7Z!hZy)lC@paIbV|M
zZE90$+zwRuLyX)4ilLu(%F{A8+^(29gCX0HpGh-&M)gc<@y(hUV|+(Krv7ca!$^5d
zQ(E<xQSApg0OtnP1FiWWK1O?MJ)Y!;?vB+9LIFdT<y1&7Kd~3;t8;vK%TSixpZXlp
zGvk0g&RJSn{&%DzJiK>zV?yNBA&2@{m8c|0une+MyjW_nXN_r2ExU$UIaSXO|JzT4
z*C>$kaF}lh)CP)=&6qT3vvTV?ak8=Su(<(`)TLa~#A3y4%eq;jOh!^d=aoe#6CLss
z>V~q$BK!^aX%m`kj-+$zg=h?#uq{}W>y@R`m-rx3Kn25$qxcL^KRJbI-SxSNNJnC$
zS_`#){Z$vbQ&$VD%juC`ZvaBsOI9npFir5wC{2G<wq;m=9HD_u|C0?1l1WWU_zHvz
zBkbZ%@z@kWM5Uj%jTdxU+%mVO{6Y`f=rc3|L}+Ef7@t-K*L7GjWm->^b$jm&hxjrJ
zkRW1DU@d@nWn4wy)?gK#l0c_>q%<TbAvWL;_xLi}UH8-OEE$|@&a_`pOsgc_w)%R<
zIolEmQl+cXdvFkAfRuscQ^xqytG5h^^RF&9n2)~m-)sUJf$*0H8~}uBhOOiIlxx$4
zM)5k0{-cg$t0TtFn79gSbg!U5AHN~)ZAl@i`%#jIkfJ3z`oXH8m%qlrETGf<YO3JE
zmT}?1QtvmV$^1zSO0k3_I_KkQS0A=4-0_m_jPoIUT&?RFRQ+8fhh%aC#FHdEnW`wA
z$9z(MNbpQ9n_@Lc<$sj3t$`W*XHp2}{c<s&%tw<!<9{!hc*%;XlpZfq%MZlIysuh@
z;$p=x4tO>Cr$)4m@%`5ZXZuEJs2?|SwrbyA9jP}I$=Fb_r$v$>%I$GOhnSyE_M0Ij
zNf>%m#KRN4y_$vZjGXfmKZ_trAhce7J%~T$t1sF$CXe61^O8lOqa`#d0w^`{5t@`I
z%GMWOK$H)n+XZV0L62LzUuYTQD+Zrgod9N@<yTGH(m5Y9C!-gxD$nWqWE)i@K1Zwc
zD$?n6o_kN@imIZXD{Le}V9}@7Wy@~>kJ-C^Tt^6-#$Wl?Z{iLuq7A`zJ0=(zB#$M#
z#qYDHSjklEhb~r3&tZ9NI95mOKZE-LGz2@7nV2yZFXYI^<KC)VVLP&i`+lL`UMQfp
zMf^0P1MnKu7LazDJ{;#YJ}1#=9`Lo%2O552ShB2fto=yAN8Ol?1H$?W9Nm8$#Kwme
zY<05VryWYV6g3+P0e#$er-F-fLkl_I7P=)hk)T@;=#SRINo8+VjN8|EO}>m+7YSPD
zSIwa|Aht91Ds3K(G)9yJND2Bc^GG$hJ=u$9B`>C4I!o6zX+P9;>#WsVm2F3vx1Jig
zq+LlSCN!b6wMftjK>A}>5l#Mp);;rO1HTln&|f4EXRESn*=5}C7}Ka4;lfwl{5D@7
zfxvH58vi#;qIHzA%A$=4<FEG@7c8%^WU_`4FmFB38o@ez!Lk^kY)pE;pprw+YO6oB
zKZb17yclO~p<xPH)@;YB^j^>=1m)d(H~Ho>Gp4jNQm<F5)yQ_zq&7okP!w<Er2>XX
z0c?SWRn=<M&^3lyNFlzoV4;CAWYs`M4g51D^eOWbeFz7kF1gDSG+%ilC_l9hdfR3!
zC73#?Zq-00Iqr5t_cVq5fbX`2M(?or!P4OVtidlnqE;<Us$t2lj0jO-JK`^;CvYQ`
zTDhcn1F?|J<1B~{|3NF|70;FF=Y$dM-)!COPn^S*WbV`ECWXe{&UYVeT`<_rL68>^
z{WZ9!tPF_g@23$h$_^G$x&??x@?dJzlF+3@GNA-xrh^)5_AiECW2+kV<O;7t#2CjN
zZW>T7#eL;3uGVBhf^Nc=wgAarWqiy)@}9Y}_U2FKch30ryEbGWGrZK^IsBB^RHl^i
zD56*K8kCE#{a0-p{Nz*CeS;y`H5M_X<vu7;fb=DEM2hNySH61}-jCL^hXN^s_hicM
zn>C5E%AQefH`KE4P;G8{bP~r|K>D?2b}@?>&3|E+Dr_zpot5NaZHqbG9Lc}->Rg&f
z)2S&x$D=iV&N<!UUZC`#e$~WzQbN<s=#^>n0MRMc(*m<!ulK0FY>Ema#LPS!HFoXV
zQX)f=!IPRiU=`5Uc%DJ?i#jF0Ww!nVT*wea!h8o(we&L_QDgWryyLCAOunC@gt2v!
zDzwC2G^P8bJWo^cp~SDuyvy}XA%xMc!s6qHI-I2(qJQP~t(xFZ=$V*4c6Z(Rtv64z
zc4vQ6hYd+ihUIrnYTXUUHltUIwb0PHtVPj*XhNN+ijwNA4LigXaz`d?(IkH?Bw@Q~
z=90en{`xF22ChhNT(UE9e;XR}fGCI(@}%2aSs`J(_%M<5J9!@7{#e?Ipfb7|$tmd%
z`rI$)WMiK!H{1nxdayJB`OO?G>oW4WEnnru1Rto#uF1&T9Z2W%L!*YFF-2K|h3_Jb
z+6B-fDg<QNSQuEdtu)^8)hTp9CW_Aesd`z@8reLhwFUfqDo=3~7$uY=!QN#qMafqv
zdul$iy}ZEpPYQyDoML<I?JU`^Wn=zj@N5@QW{%^z=w?ro2bL$E(sj1*vSiY=Zf{kX
zj*xw=81w(YcwxK{p0@z&g}+8VWq$`U-6dnnC#XoJ%OG7Lzq52%q`O~d*Z0AK14Q(L
zAVW>xXZf;d3{bl3@y>|`x@X^dhe_<JXk=4_@xD|ACeF*l!;*tYkRpV`Wv05kfYb+!
zKSh&DS;x1E=Tj-MhY{95<5v|N{;}Z5{Dpc{$eRot2&9CE5zQ>|TU||0AXu^xg{DP)
z)tJBYfQ%>ehI8{ntNF3jMG~}~{>Lt3QK}VIgf&}tmfG_8VxP+s4=G)8Q<}NO?A}r7
zL$HQs(>f~T^wkONL{hia#2GazkOyRp%zW=!){9h3)6M5O)H-GY*$T+@8^)$&pm3Jb
zdl>lggo2_gF1pyWz+(FA$DYu_4n#~j!1$<2Q<g?TK_2O|*8>p)Cy<;g2ji~EQf;g}
z*wHF`{&Gm2^30oS(Gx^AVJC5KgWY|6HJbSB9rGcK#Q~y$Zgar?tfJs7(}t{uGPUHR
zQwH9-0t?4%=B4EV=(|5Wa5K^&*1l=a=ilVfBT9`rIP`d?HGdsb9J*&*URX2y@|!wk
zdcfX;aj|RUnJ@1@V)~>U+VTqK5FNNRs5s$9Llo2w0$CTVCD!oeSCH|Kp^!;Q516)f
zlI`_weVZ6YD1*>2{i_P^B1kDVj%P&VQ~?I2Cr|nH&x|p*OXENN>ST*an7CLtz|;GD
zp@R8|G1Y}KQE<D>7ZO81vw72br%o;eM5lJYQBb1L*in;n4e5uSUZ+^<83!Ft@0q69
zD($<Qf5LjDlnyg_>w*2ND_OPmcE|)Nu~)$pKINC>Tj77jN6W+@Hoj*uABxE=GKV6w
zzom3yUalnu@eK@PaMlTZhUwQ1&QS$VmyKexi`Tzv1hW>k6<<ruAucjBvTwP|+v$-p
zV!&hC;URGtPdhr@Qw(Wg2ikWwxSNn)Xe?k0SrTkxE`m&_Sdd#niW#j(9lv>u{OEL@
zqgrrioLN|mwdX{nAd62%@U-#0v>33#-?Wv5UEy+|sPPYoGs~nI_&D!o{lsISvRD4j
z26HwAaurStG^coyQ=skX8H`n*3|UP<@&ZTur{sk_ha(zIR11r@YzA{%A(?lA0c;=B
z*zF&xaG3$`F8O)fFMDW{DzoqY!sB9xl^cny8cop)uLM$$FVz|n1@(a}4=p*Vc)Kn*
zChg6q8cW+rYV-S8OL)sy$$akbwLKT%&DoRs)!j~Ww5(axoKEt*0Sd^$Bvme*AzE*>
z>79+RhPBf7%5Q3LzM@`TtNF=CL06aiAX~^hulAUz&ZrD)#ImHu8}dDG)|60W;u~0A
zGsSdrlgh52YmEGPi3Yq^sUMX1lbkM`e;*^7XWS_F)sR@j2)o^S!d_QJrOtV|%ksbt
zTT><F_Z6ckc;d2hyAxII*z#!y3hzI4oFvNQy`gpkH{vA(DxIkjO|a{XnWAqVtx+qb
zDb1F@Q$Fk+U0mHaIj%KC^ZUozXsCJ1bt*Ew#$sWs(1L+)cub?#gXutb18|G>fv(R>
zXzyrw(61a&>RUR5qpGnvixYK$8nVxxGmE+k=ZqR<JqqC;9I~OYKOb<f+##9@(Oi<|
z$<&6E2Bd4$w*=t5AJy1u%SOFghWjdOG`kv*vHo+6!fBQ^<E(eRB)>#Lc){S1Z)w|c
z{=ZjSXyXVBX=_Lm3%I_WLc;<E&qvo@xE_wbF<k`kCF_2sPMvbt@JqjIcMIE$A$Z0O
z8d(OEo!qOX*&l_pxa1fbFS{hAq}t-6x+c@c^KRq(vvedb>l>kkTPprnt5TXu?Da0s
zmbRHE`R!c)m?!$GOiJcV>>k@N_At`H?PATr6aoI{h1fmcWmWsWR{p4x<vV-79Ulae
zWl<_sFCAIP8a~FX<?>nb#M4z7*~8<Cho*nmGo?GYb=*G{vAEIf&G2|o07=lC=&lny
z)OcR-P^~#boAP#pHPfx{GaQP%-(O2JEAcEH5vHn3<jnB+J@{#5BlbZ$Bz>I}9eJ80
z#Z-O7cmk}izJ~J-k!n=8D%&<5RGfF9$XD7~HxVv4N8V>FJ2<vRMS{3ojFffnTlp*k
zmv^Gmg7gMA@fd=YLk;te12Y+!&bEiCf84y+#31BE9LRssrPQJ|%$R1Oz*JX4Ci@wa
z>G3ct=O;{R%8ov{$n3hpXIebX*tBXqYx-pbi3RV&`<Uw^7Yl!`%1u{A$%c3)``&GT
zy_*_Q{F6F66FIRO03D8uO-p7MgJS}jkb*OE^~d|c+jG=ApH<C9J}a!8SGFGTGU|IP
zFN(zY_uS+B8gOE`bh*;`GL%P$Yf4%*@9s-p7f!gHyc$PWn-~Fo(tWHl6V}+()QWnx
z+L^;$rJfhEXF|QC`l-9qedI>0>6__~8#B)P<wBA*n6kN}My<uU%$;4>*;QUe!fbnN
z7k$>_HFn9%gq}%7_QBQMM><H+-TfOqoC@7>snlDKrYPQiDrO==q@tSA&Wzt^l}@ie
z;glSEVO?`3>x&1wEJGvJS~x-YP<1@#?F+|(wCmzp7T!am2Hosi?zfP;8Kg%!V*59y
z-<LTsvFcT7fw#L@M_kGK&BCUq{3`f`nqSKzuEy=OUr6!D=v|?o;eVUG%pl9G2OM0E
zk_M9ZQwzpO_itQhTb`W{@E5CPIZ>87?Hl{f@2R_w*UI#{Y%KD)PJ5AQFiKKITy%Uo
zvMRNJ8fhwn-PrCjSPE+_FIhcwt26@3wQ@7rQKhc=q5O~^QIJ~6vF)v8WoAjcKh~Rr
zF)P@IjqTC;$C04Rkja)@c+xwLJ<3(3F7IwAPsGn<R{opbn=y%xei30N{j~f8qn0Fh
zcQ!A1OGV^vBy6N@a<~t^1qA>9`;+{3-z10#NhBXx@zqxyMFF{dN&8~)1=A3nD<q^0
z2m-m@JTA9&u6Nv)Zfb^PL-;2St#oX$I1e{VcOhX6{D@!<{=<lih@pRC#3Ur7r6ev~
zl#&#^pnB<&q%`J&po^1rl#aF<_2CnTp+EIy^^3X)LUtNKNUaW$!zX9%)fU5lEVxTI
zaC**GI4?6dOGMei+1!%rvZI-`rLLu!g^%k;OF4K!WW!ef2JVKIrVQ5EQP2!+Bk1ku
z0=*%HU(wse3~O(R<1)9jwsn#}xm4SDlFQaY{-mL}7DmfO#nQ%B-Pg@h&sSR?>uZmd
zwm7M%z$ND`0|Pi(;>@_b9UYw9WxVB29*ipkzoQ=uo#Z-bg0q)D`Ol(mXz6gNIJ;SL
zi3>^yV1>oRxg@0pg(XDAq@~Yu0YapNFj7Loq5{GaGGZ7R5fQF`e@?<|ZWdNDx))Xd
zoeTbwKWT%*xyT3!d3kvWdWi};yIBhfOG`@&VMK&PL<FFPfV+<q&dgiD$^F!SM!0C{
zj&-wj!Pz=HaiJr^-3kw!{7G2pKOi`|Xleb=z)tS}A_`C@<Zb36BrJ##a&$!DI%w^V
z)3yBHW&B@TyX*V7SPJP{x;uNgVPQY4PW`7d;O_rD(SI6RVE?C`i-()T0h|_CAxj5K
zM@uIhP?MnW!HQtzGFRPfVFS$^E;?g9&~Gnalt1a=VQV2Heo+J?B`qQ*4a9Zvg0Qf(
zu$Z!xxHRUXsIWLjN<|8t3?1OVJHjV|7SLBxMdFgA@WqSD;usZS;Y-remoOKkg)c~n
zsYqXtmJn0<Pv6T<?l?0itR*@r+Sm4f`>Omu`^u=eS(@RT-SnNE9sWZqmmM5D+;MK`
z$6P8ZTp}WZ!d$#sW>{M%oU^+PAG)9auGrGe*3;5L)y>(F>tI7<Z2xN={{U}gE@ELN
zCMkfG!b%7Lxk(C`iAqQcSYSl4W>#1$X)9szlmB+M_%F=;2LZyC=2&4#b1?xcX)$pD
zF)K+60W))RjDVRW)<R6g61q#8pA>=>Szu*wwm1jNf5}zZ0r&534z?)C$T*leSp#ka
zEG(_eJREQ*6+A87aJE=82RR{>7#(b(`N41h^c4E9@eV%zFY5hIOJE7~*Z<)~_~U=L
z+0qGE*bR8KFg?~3K^jdiUsTrj9$p-!s1mTeE3_9Lbok`GQ@p0i?58rT&)6~8PmK?m
z4_<tHuXOL4TD|I0MdXc>&*_dlA;O-&C!Bwbl(m(Z|Ce$I*CGB><~hw=^=uQ*wplkW
z5J|gqbiVSkQplLwl3zOJl2+fibjPn`ZB%a{l?YL4UwLy!=t*Ogk7sAB@NJD3OxEpe
zEM?A}!3K|t7~l;On}sOI(iNPsy!-Zs0_UprmmB#@EsOe$-=02)nzWa>DG?=WDDmTW
z{*!s-LsdHMI3FDY3+sEt$c=>C_t2g{Eb9Z#Z}%iT;`?@Hc6C*6o(MU90qtg(PQQBA
zT)kTbo6Zdd_pdQLhTDEK)hE>l6rtk{hH#Li#y-jahrKrshw=^ohHr@?sgY$wXvn^e
zvSm$nQW4pgp(rAhB|;lx$y!X7C`n1y5?RX(%Aj4cWgC?(WZ&NN9^dDA-+$jfp5r~<
z<M{PYb*<<1IoIpFuDR~*$#dH=@U@tSiCdAJ%fU82yseSRhTmwV2Cujok&^AK5V5>2
zDczo&4-M!egU$S>4>SDF-~WTd|4BK}<|)D)nXy8Jbt_$1RSdQoRhLPY#gY+3`nnEW
zS^8$F7jQ<pK2f*Kj03)}Ax;-ozliPQ5ZLXM5Me-my$^Af-E-7WHf|{qi$v(1G=x`5
zq6=Eu<MI-9{T#6&{&oMm_+CNFeDny{!N6X#H<oxgqQ=s7ap+=>c6nORlK%OIAiuu{
z)j0Z}w;nakRbY3>G>b22PQ`r)d48EVehbW$xtn6w++&N&daX|TM-n`x7jRz%)sz2Y
zf1Ih`_P}k)_pQqnrRt(IM?9a=BmcDKO#a!qf)-iZhA<!Q*4&A}VtDvuDa@&7)^X#U
zv|5wb@0T8<R^-fmv$fwxhbRolqqnizNOE%8+yo)m-xT9-0&5JW8l-DHi5XYc7+;uh
z4fdqU&WE_HtPPM}QNo-)Ogn1fQv;jFh30Rm$kH~NG{YS@k%otWxuL$}w_s_fESY@=
znh9APvo{M`!ukfne0W+<6DIdh-twGZiZ1Q9GzeL1w{{exiHz@ESq*^S)x|za+$zK}
zD?E~_7=A}z!R&Uhv!&bRZ7W$6zf05#f|<UBzUGq&VOQ5;r-OEf6_PL29GVaIK|A{G
zz#xglS8aEao^~nG_U+S{S95>g@@05-)Fot>^|yt%Gs+)DM{7%!?P3`=4c`uBt;2pi
zMk2p&m1^0&sOfKOGrceOL!?$^-hGx^aOx|bFGf+d?RKss{0f<FIUoI;KA5Lh@GT)&
zXWL3`okz+Gm)4av&LmOzVi?$Iz5OiOtm}qbjk;y0n{yqW+aKO9H)hxD=k6OH0&iP?
zi`3zW;OsGj`pS{!Zu3V*)wNge-`qJ{HebtwSZ@dE{_tw2?$67j@CvLr{6GXOwb}nC
z7FMIRbvXbZF3jQ_gZc~PL;bGiP+7S#pXMGX{)Ri^pi)SVL9opfXKR1Q#;7nMK0bW@
zBT3D88)*xwqsTuIxv>ib37@|Sow30usqdzzocR1rj2K)WgZn@t1cuM_awZ5SRIN#_
zr*t>fNYTiPKG~9Z=fchD64IL00~FV*Lz+VIa$}8zNhu{~ug$8`n!;BZGW*slMb{N*
z-xoK+R76v7^4zG(Bfm~Ke&cH@^P%c{PKP^bJtoOGIL(ANdkLL%{<Ycrxr3`fWqd+u
zF!erOtG#u(6vq^4N{4vgyVfhs)_vaxk9rIG8>&x+;RBQ9<#jj5)pq>$>YhwiL2cN!
zUG)~!<3m&8gql~|m?_FK=(J5Cgc)|h@NyEMbWm=rI+hR1N{8WvwA@&I%m_te?Q*z)
zf9PsfHMvmis?cTns2(T5RuD&AH8x(h{T>jEUh-RAv-{2@bY`=*(-9y0dcf4*jpiF{
zqxC}xd5W4Kc=BqdY<<jn{mL7`CM$dtrFkZvv~!#_aqs4YLULo>l$kfWnwd1)WFMlc
zx@OVyarQ)x&Dx=?atf?Ma#yUXsN7gow}22AeKKp{rPiTT2adJB>B;}>rtx)e%@`z3
zpz}2xZfU);X8peF)45Mi&leq7y0&P&aJ#Fehym49;N|7nhoqIA!>+xmv=-n^#f654
zbop?WY4dTLoxgVVd-z`eOQGYtUfgKFZPrZG9-y%^u2yEK`Gl*<jk$l<$?@5wV+TYY
zf~~FFRwWK~Ca;Eu3T${NU(-ZQIO04}qkMMlS~&YLxxaNah5dr%_hp!tmz&@RXGr0-
znnJ;StwRR?Bx)6C2d9I3KTU3Nu%Oewmn3MkScC~XAI|50A~cMz`%I3>=41!eDC*9S
zvb%=}b$8R|&Q|dLiUDr|-xsm~F(S{*Cxxf)ic!UBcFK&ad|;v@SXh_kI;ncCV>S%m
zPi?)zXUG2H7+rjxxr8;Qy*l>GqHfCTx8Xar?yEV+HfPb0BUZJNHAiV49~$o_YiG~}
z@!~<6fkB<`!|Xb94v)L^S-t!G-9M`xo_U>aKC@f-HN%e_I=mV3_2u(pBKYq8w4W`m
z2TvknXjliYG*3*qf37T_|5F)GJv~#_XU*C0gDxNqk`N0zN*5=Q=hUTX5lfd98NQJ=
z*EPX{U*KvK4DzBHjNX!I*o(SBq@h6du;179{bvL5h^O)9*f_Z{t=JJc5#JO?9@ScV
zwubagS-8ETg|n6kp`BUN#Usy5HXA3V%_)_tTW~zf`^`NcOI=SBkNCRw7&wO5_nQ!u
zb~m2y7NMC0+w>c8HneR{d3pHE)o0d@($R_mog}&TSw`yvba?Ii`<uM>N4}i-Nit_^
zIJVh%jtgfkCI?c;19PJBDH2gtQ@Ej$y3L4?byd79l!%Ss%cYn1`@1=*Da9@6IDWH>
z*;2WmJ}5OT<kE0csk#Bj^Dar+=cH$o43z@?kfK1G-<1=T_8fgCuxHj5k96kI$2icz
zb40A~e%f3k1+k|uv0)hE@&#)FiD<Jz!Ez_Jnkw-KFy%17+43yC4^J-;<~bNY&=HEr
z==$f957e2lMW8JrjKGq<DeW=gsQoTAQx}VM{z2!zX|EPBN4d>`x&UTJ<7C4nx`>ks
zYYH<KC>?iniv_r5arpmLToy&?ImuSL(h2&7VKhylk1P?Ax}BTw`ChemquXY0k$g|N
zo)p(z>sD;?8g$`%T%hU@B88X!av$_cl$pd$2gG9JR|}<Ef#yU;J_DXYOs8Xn&Yga>
z8pK09bnf(ve=2E2h2XSk<m_>dBOEa`g;Qe8BzEX2q2jRBNUeONS?$=Pp>Rzry@0;L
zTECR}tUVzw?Ac7=eaMCQk^9MpZ<q0c@ftSAIpuc(73P0sFsA3j#}_WmcRS{fUBonu
zN8=2Q{WUtWD9C3Ja_4~poSJ58?t!F7f|Pas&oiz{34xg&DVI)-FR;jH_BHFKONTI;
zb((#ggjI+zW3_;mr;E)bE`p(PxnS}6l_Sq^cIWC-E*%4>yg^M0l2|rY-?fX2(IPc%
z?s2KQ4#zv#6n!N`OoK&8ycy&l>Lx9hrfcrVwc@91uyVChng3m|&3NmAZQtnQ&^`&8
z+q7t|>XvU3N%9#QqGuWLBEQickpweV8D@U>B*v@Q`aZ9J#UbuLJtTKZSZL1BT3`86
z2%&w?l8$1>D|d2O=%d`LnqsN@T-iD1-d>fZxs-}cUfN}HOXS?^3skLGhNiZCg@~b<
z<F^d*Ob<z{xktFk=UsK@9sPWA=mA=aWs*bBP?)lh`h8`)*HzkZRaeH#z-OiR&duzY
zwYo?7wcg&=f5%BtO<r97Qg$Do(qu>7$)U<LEkbr$^wzM2wO{$AJ$4-L&dUmyIfV8X
z=rRn^jkUAFOqq9)MNqm(@~h*PZXJ6V<5DatKvhY}2GP#D1KL}!sNow_HpMBqe)k)p
zLcv+?|3?Yu8)tPXxv_m@WQeYD&KzKR4yRTd5#-ZX9LFV@v4Wc-HtmdIYwrh3^c?GK
zzbW#!bo_$SJ&o#&+2mz6rBi3Ws;L~9QGa|x5ZyCiYe4~oCj`W!kGwucHK8Cw4^W+S
zX01r*(q+3b2g2xcfEl}ObB>bS?aUKq_;8v3UGmo*hpkB?B27n7)6~G(b9(EIg}*h0
z6T)$u>L^i}uw8$Ef{TEMKw)4c4urOw?3XU0KQKsoUVy7U#VKzePoHx<VD}r39;LHl
z_=XZXAXv40&xBTgU8Ip7#5j+0CJ)Vwf?cy=leecYsHt6|d+1ZouAweM#J~^jtqq9)
zzy)c!*kB#1hO4*C-F8JD_KjfbHGBx{SR8k))L2UEQBw$$T>gCBAF5hMS6080c2P95
zKMu`a8MAg2m?bZT`M9Ya4*VTjU#}kSnBCQ=sq7<=jVbr19wk&{R=pu~q5-_W8?~;q
zW82(fO`qTT)l~_6`0z@QPk;0A_$6CvlxuysO!8ROtL^&vOTja;_y+l4%yzc7tGCC;
z2z`4Y%9p0z!pp@ft8TzENA)79;d8Xh13u@S_*PaQ2;A>3CXVzTthcv*^f+@>tF&M6
z_r>ff?pAkK0qMzG%K=og(oXlwt2JRqq(hp#a5J~6aA!NekA-tleCkD&?}rz=hOUd$
zwI}RhWJ|E9xb|StnL2s!%<#ht+_S%fTsGdv_sQ3&rq-T)-=gOke`3{nyt!K~>_(-X
zv>-`BnCE$L-Ne3?>5hF9vlXS%84|)4e_KeoG=m3$b2VYdqy?db=lN3IYlHFT5Z!6J
zz&&p~G)%V2o3a`S1y2)RSH<?ViX`1xXsS~$9J%Uk))*e^kuvl6ds_abe>Gv}rF}Sk
z&HE0A3sh8fw0X8M5+=p_+<Fc`{^a1UA7PGK=V|}meW^J-uji7R$X}ixjYL8wMnuL@
zw_h?f&=~hFTQKBBWk(yIYyRE5a|yvuztCo1e=QcY?VnPLEuirjhvU8ts~6@fPq!`j
zrrk8|s2&Qg9Uve4{w?i|$HZ=@{sj(3w%MHrwBHNtD}RYi{+Gz@glJx*O{P6P@2y|z
z+U=xPo|n;?cz=bgo<nI4DKbo%t5Fh^4io56PF;yrG-~^JEg>_AIdJZb{Q3Cgn+)Lp
zpN8DrE?TNJA8gyv7!`X-VdX-xM)C9&Nv7^)4y@uW5w=7f4#TXm_`C@-8I5+UhnZhy
zFY+acKEFHa3O=)`?14(k%i!^o8OnEFmm4;3)CkBsWe?3KE_LubYjY+?Oj#7hR!m+g
zdO`X&d(k4vY%sXCR6M2g?Ec?HKh9NuC2MWSgtElh`cM35j%BF%2(Ji4oa%Ahn!DhE
zX(-uL@q@R97uWK(J6qGOLY%qdx3)7nN{QrO7xsnJ)?%GiHp{>6)0O8n>yBig2LbX{
z_qK~Rp6iwu+EldnbHe#UNx?S7V$4`(x;1cpnY3Nhb(Rzo%@Db%{now4TT^D7F%9yY
z6H6HwnzbGU^`!?^NYl?FxCj@z*Os@+h;}xgOiO#2OK?Fp=f7Jmd%TqyA1=vkm`(S$
zrG6F}zpE0q3tinL;rvmIX}e%7^6Awz*!UyZrzX1cstXfia_?JTSLy$z;a|meUDAAY
zyGw+oRGue%Njbgaa>BO@>(zV$LIH0suZL1XWn*nLHxAc%X!5jo&bqcgiy4=+Yu`;b
zHW8)YT^!asz`E>DttNYMm0zZ&;sfKma5OV~*X6Todf{c$(@G=5s`yb#rhvZ{^&H-v
zyn3Aav~8m(X8gR<-bcE06KL%qdi`A$@b*=4%=jwbO4{^PI&S)Yo1p6?#(#lS-JWXP
zQcdZ(;+#G8(%>vjdAi?zPj;Y%`T8YIF~@3sv(cqw7tDVg@xz#Yx-nbk9lyIKkQy+1
zd8Nx7Q}ui6tVjHCO?Rk3U~f1^^=o<F^_fSc+)@7;Vaea=o5<NpTsK-S*luO#PyQuL
zD{o!Rc1TK_D=l4@KWjt%XqmKTdg=w5<Akr!JBV+wc5OR1rq({n)uz?bx;$>pp0ITG
zpk<OJf#C2TBlEL#)F!dzpF`8HmsMSBe??%AT{5<Gdr7q3v&ox3p%`tkis-IjO{tkO
zO@(iA6#n6V-d0inG4c!dr77<6ey6CJ-e8+-{;_rZ#!0TO>A``f|0cL4@^8u!U+f8+
zq&<YS1ky%f%=qbt1GcYrqhYP^$ejz;g)2?t0{-V6zxBrln^B)r&_omxak3!Bi()Fl
z^3=oZ_xdR+Z?H|h)>*YA(=>W5-v5WvqcgLl(@mLo(&m&2>yl?RN=;+`tGg-kXlw%(
zLY;=qm=-M+cke&R4k*|z6uc0<6l4n96cf&rAv6bzI8)8I7}%N|2=nP{b)=pXBLBH~
zdU5+p%JA`-var`GO$KyeNm-Ixu!SL%@$9s@K*FS0{Pd>epRMO)VC!piU59<xLbI1-
z`~ZE|B!4zP2GMs}LrI1Beu#|sq9d#SOtMVMRn>t*es9~{fn5+UOp$Jr@nCNOm!?Tw
zOvA4l71|SsQ+X(VH^Hn19nt??SDt4+Bk>Ts8G*V6)@*lvp%kquFE{oIw#4!O>0v;8
z;?3!hS+A$0OFWYdn-m7LDT)+h7~}d<+)eT?`iRB6*!0FPm$E9tWm!l!Lz-7%*DDr{
zbD&f4_@@e{!Oe@?ACdvpuZ!H$>C$WZMgi0C=#buUH(|a5(qw~%o3KkPUfb@Re4o1<
zcIs_<NobghAQpdfNh5>^qt_PH0|diOsri`E|D6_<9AUIvyeM$-F80%AWFpDV!(jT!
zT`%#!(0Y0wreQc!ZMKy-OkX}JM%Xp8g5~o}S3ye==BVu^F*=rRZO3Hl#8^moI--UC
zi`9ou0Nt6Ikkm>iZ}v?FYnAdbv#3^w?f0e`JkU(eJitu4*%2$WxxEz4l`Okk8fwEK
ze<hzRz31qEt8GiuMRFIGmgIyC!Qg{nK2?>bnd2LtOo(0oZ?AC&GK1Nw7x<dS#irG@
ztk{0jcaQRV-T@3lb1axg^nGmu=he%!7Z<R(QtqtphBxEF%%yYPD<)g?-RpzGvgIN-
z*+D8e4s0Ghiu=!6K3&$Q+7Kc>s?<o9<x&zg>A0rAfret~xG)R$cCVg1+a|llU2zd7
zRUS*09i{wNBnm>7;;O2{As;lw`R3v#7OxYC2=l}vk{r=x(?gg#Sh!_E=vNpHI(G{j
zd6X{ak1X{nLTTbg*aBBq_T7z}KF3*U<rV1}8M!f=UeIC{<Fe^`OdT!V@|$O}lOv8S
z*{TQD%SH}tZa9+{V5*^XQfIUaiOw(im5GzdTJa+%j2eVOMedh3$NpFGH>5fiNj}{?
zE*Uwnx%sxYbc<@9aWK;U)W_NJb(Zp9WLR0(tBbr_K0-C1$Zu*=Wqd&kd;FPuB0{Rr
zpQGa=*F&rl9i`O=oiJ#56kk`|4dC6cZc7~Lrl)RV&E5N*CFf^7jRf|y7&dhf`a~mr
zK}DWcL&8x_uC&<&+tFCAm;S<^BZU8TDd4_C1AKp#O)(dP$OBcqmEh^}G1imln1;Qu
z1N(7&PY8eHwEAkaVaj~Dl7L8`yghHL9Qj@${K{;8HvQ|eW56lt?3At2J=KFti;Va<
zPz1x?G<UNVldnE!C$gF@8OHSoJbo&1m)&~_zw5r1?C+}3^-!-?9=-HJM%%C&pC)_h
zZz2vF;Tn`5Aw$$NEY3-0#NcPxCdiYDJeMr{Ojvp(lKdiMyu(sv!hcqDz7}`vQxqXw
z)?+ES_fD4}_l4v>o)v$i*o1}qUFPqMY||}XYJHiReZ7?TN#NnJPX>hW%(7Z<r~bB&
zeS&wkO6$&=jMrym2frbTi(K39QPgV@y<eg~x(jx!Ju)<dhsWM0xb}Ve=vuGZw2$Mn
zA9XeOJ1t}Jplk3wkCfSs=Dsic)F-Q5Q=^q7+MfRK;W#Rl&Ua2c;6ZqCe721k(Iu2K
zS$k%1+lQr6b#L18DKPP$!)(V}XHplI%B<HVX;C<{x8cewA7?)Lb@oote6!{4B;Q!q
z(Dt4?o~gB~yKn3`c?QyGlwUT5v?udCl>4D|xuci;|GiIfjpw|~k?tg^Q8$vob8KnO
zBPG|5XZi98^#x;m9PIY7?_(P*2*D?)_0-fN2g41sgr$Cb!o4)I!}zRCsk&bUY?Z5U
zPDIfKWwN^Z{LsJn?9R3!Ew6Rvj;wDyLzzpn6CI-+^+of`jHTl$cCXui8ka5<N!+OC
zo^>zf5gc0#?hV})e2V(awVh*4=a5$JhAQnrsbD>a!81)wyJaT!54BFsHQH=LFYj-U
zcmNrT#wEV)>gFCtT$U$mERY|stRxlEGdkyPa^Rna>!dT^;ZDx$$ENG0=a<r%)QdCL
z!Y)!Z#shs;)?$~!ihl(cze=CFT;BKI>QaF!p;Tf$yoBhvy~$B|o0fXXk}EZ}BG>;I
zW~r4lB{R6Pc+)Xz{kPX|ulTt<hOBe#<SXP=*@d_}s9B?@>ZY<~9AdWoYBG6->$YPX
zqTRUw71ldp$F6L5IE3+6Q~sT#&n5IA&G{?re`Pg3*t;%O9nAMUdOE#ze~m8N=b!XG
zl^EzF*g8fCxG#ZwVA7_TkdaZGB@uJ(;!V^mP)E-6@>kA&Cxyoa*XZW>r%}}PcvWTS
zR!me*ZtS+ZiGhxia$(mI+=q;;XE-%|HZ;8gp1KS+$@o+r^6CZZg#%k^uUJ~TZ6mr|
z+4Kd*kOhtzQ7zBI`Kd)W=!`=ovO<yHwC?&a>~q)Pvs9;Mb#)rI`L$b1U%Y-to;1Bv
z?FD&Hd1HtV6;tz@)TL-HeT+vr*zd{olFwF&KW<fa1&a0I_yKrA8FFeHO~~6~v}8q1
zfjzD%=jY8GY{^VnyKC^jP=P)EYEQM3>-c6>&WP-!8=)HzplJ}`!&A9uO%4nznO_^;
z$2I#MTm~o8W&<NQY_clt39q=ccmC+8zrnkP9C6_#MmieYa8$6<-J~-VZuru|DLv+g
z<*nP!{Wxx}?{}2m;0gpXS?(qyLzms7NIUZwbEoG>`LEB4DANxTwZ{OjL#Y=sw3@tl
z{HK<FP#<$#KdB~8^C`gD$+CLK(LI`CYT9KbyVv(!{ZsB;C_WgN-9a;lFw>113rp1J
zEQDNc<jR)6+@*)|U-xL9Ehim2Yv#*<IQL$V55EvR;YmGP5!WSoHkR~!^jYWqhMl!9
z;pERM=6c4%#GBVzT3@Ta9FZdkaFt)B3Q~HE6#!1@?{FRn(e<8(&X>hS_PYezDD%vR
znNj<jdn|EKFG73R^=S^bi;D?OjYhv~eI4wmDM6dV@4Acb5TXyO(#}~XWr?$XyQ#y$
z0mp26T)SjwVV|H*$i?Y)aDb&75AnKUUgFKIkRN?z-N!R~=^RuhR`$9ETo$|VEmenu
z8{(8K*Df`h(q^|bvU<H_*#-v_nik#xV>XqB3ej%SD}9^MD+D$NSieDrnHypx8N!ku
z^~NKJVYLU-P2y_nB+Et~=0K9}7o<S~<469ILX1JIB5r=gcRY_7mwK3UY%CU8PC*mA
z{CEp}$QCD7G!g_(b9Lb#=3Ibi_@A)c*fH00Vb31LfuIXn@-)?WRGiYkzn}dzXk1PR
zK$K?iUF^R_o^-n1l?QfT??@VF@`r@eP4IR$irW)a$r-_CxRpoZziwpwKrc&#X-oGf
zbe-6X)}E~=oj$D>@L2p8glvcJq+RyU`j$%&5ZVcq9Oe{G%cOmxtjn~=N*|u5wckmC
z(nmwdq|W9Z1KxKJRiF!?B3hccH^m5D8<QRH>^qV&Brj7{tVNVxUYo25eT)+CJk1^*
ze8JL9i<?OT6#f$6b(^qcN##bdbUu<wsd*|{=0m)G2Znq-{qLRv2aHBhQKGd00V1sC
zj}mWstJ9N8|HgljdI{`>F<yBphIcJ09>AyXeD<}TyYB=e{Tu#E3WV%Wi8ywPfuYWd
zfEpdw56?Xb^9fxL%?ZZb*nbi#*3E$^<kIjeDWPfHlB=tj{06p$53Yvq2R0zK-}srT
z0;%D!jw%(bLjGNyShyc@Rr;j}RC>I*g<ok3EtD*CrM$5QdVjpEMJ3RB+v#S0j@hTA
z8=xXOB5}8&=CTh4YDyxln)rEVt4JL%V7wvr;4P6Co^YNDHG8el%wj#E?gUpCFV000
zI9GH`4{91D?cscx#OPXQ&vh?kx4aRnk;mpf$5Sz%psbvGu81Z0B6R`gGL|;YLg(^C
zM>PF$oWPzfvyWwI0#4w0SnOec{p0delt58n+!=g7I0@>m0^G`N>z|M5F(=~P7mROi
zUR?-Hw<ryF<mzJm*pN;S))47)MN5lgBuUyRUW}5t+dtIOZ8T=v4|;TtJbqZ!I%k7-
zZ(8l}dK$W#y_Cr@+X{g==blTOhZoZCAK=qEHbSeHUcVcEyb=>jNdNpOBbQe$&PKq$
z%j@@*__oVya+PlmDc?P3+*1AwU>hz8qT4WMOnNR?_DQaL88_aNdvs7{HEapB<z@Ly
zPqiZ41O2+lfB#;dZ!Bnu=c1?Xe~fH-2W^#o<S=M{{{em15|Qz(hj*o%5V0ABBUgXC
zk}PY5{5%+g00&v%ctpnVStWU2z_{}+YHY0Y-~)OAHS`084@J*(p{T?-K7K2(r_2Op
z&&AxZgZ>BkoF6CNta#1|I^S^nN4}&&XYV$&$&Sq?#u#MNoPT)P2w8X=Hf;!_CtmBK
zs|j!TnA9*O4iuh_h5!D%61H#l034H;8|uL2Z*;)9&_|MGo@Dwl$;4|@v{SvmCAB`5
zp;8tEXbgw4d$pYhMz&*Xxct8t+Yfa8+=Y%jSq55MGQ3#OQYXy(GZH9!xad+HN;B(*
zo;wW;wkX4i)P(;X5pZ^w+eQjCWte}$CjG%xo)~CAsthlVp}yJMa2se^S^dBSFLHXF
zp+=Dr)cXIRZ<8O7n?QmAPLm4IZfW#xCA)}7r366PPeGv+{X-`C#4v1@_@GFde%S^`
z3KGmeAETW{(dCnJb`a*d7%%z*jr84&yq@6m7^>pjwG80VJSwIUPi-(3F$~uGVB~C1
z^lZ(-AFgTT|F0rpdYdkbtqp%rdQtb^aA)<2WEq?^6{3J0N4GGh??QBuLKgUMF*krL
zkI8QiHKU)v>9m3>U97kir3&Iux}sgP?X~e{g>q&E;277Nhu;uoc0L9`^NmIW(b%d4
z5Rz-y2-K-~XC45OoXP2}r)r(p8h)HG)KPAyPeIrQS5#uK5icJ=D|EXRfe*>v9`O?G
zq;iH2#(9QbVtE8D=tZdi#Xehzfo~&&?`XP*f~fzC2fq@_uvwzIS>goxqR-aw8l8zB
zU0d8S|8oUbfjv^UL@o{4qv9c4?r!Op1|3hsP}-}Bb>|=70YPdS8YI<{;lo7xS$ci*
zA)<4Zo(I>v1&>^S(E`^EpiRT}L+%l^$Jw;)fG1f_D3`F;t`^|@hs<&mVYGNU;1BG0
z%cHOnN&t!)J+mJ<83A`uWSP+e+F$MGP*RyE9dO7G(3Hu|<(Bz?g}#H0sQAA-jbFea
zuX7S_#sd&%q}@#bN^H&)IV2sJcL}A^&lP}jCid;$k|PBJgRh1b>1V(>NHfz*z7?aQ
z#YXjpflz0Wg@ZAiwc~Fum0=@fVJ5qJRIB8Le4c^l_^$|!93rl%NYJ$L2pnkZyfV9O
z1NZn4XCysWxHg>OaDL)VcFL~Vk<v_209eRZ43!pbK|n;KGYLR4Utk9{x(Xg;0Tnpy
zKT|fKL^*Om;wU@@315upGw161N<fw&?wO>E@hQc?Z|iZ`2sn3t5Q5q|A<N0ao&Vq}
zN-y2ci2V9~PtB8Y2Z{#ZbW%Fs2v%Z9wcEFk1-+29Jbe)5EX&eK>NNtw4dAS)oCH#|
zb^5Hix{UEiEc6UpJ%twGQc+)sMXzM(XrZ^a;0jMT2SbS=&__?a7{0++CS7%4Yrp|D
z+ol;e3aw>P0V#3z;btiDfMyA~sKn|mpSN@~ATn4Vg5(`N=Ou0IZ!n=uWH7u2B+*Z+
zxJN#NEwE<OW(9b%_viwV(hV~t2MY2CqNg=gGZ+_ac%@{SQ#6C&Egg<49CAoIF)tO$
zKjiLk?c2{RbO2^dqtB>00ik*@0Wk;Q!sx)&Wpd4G;*qDYmU=qaPAIl#ph@okYN82u
zvha9B0t`UCSzMJZ#6Q~20L#4v0qta<DmUmziF#_bF#!7OLm6Z{7z`nJTONG@Dv)DR
z45<!~j8gzbILeqDsTE7T`KvG<h{ndc9nh)0t%w+0i;eh#w$Y07T}ElISg_KYmjcS5
zS;rvLTT1DwJ&31vY<o->K)YL9#04LZg8$*6GVmiB8?pa{;adW~43Lp?pt&g&?B@xz
z5nYR4j99|8)!mHpoUBIHaYKY63<Ops@pZu50Rj>UiRT@=<*>2|BSAnSGWN58)JbH(
z!UYxS_%YNfjt$;G)450_MEkKrhe0YEejHY&U4RlpC@DuBNrUZ`s}K&yFko@eubl<Y
z6Ak29A8qTh%I0L0KLs-<Lby(zxr)x=>3oJNMVk^sm?4cEd-)NnG>U)Wf}eeY02Ty7
zny!u34sD9U{X)#>WuOx4w%Zpr3E$fXX(?5h90Ys^r<|zl?GXc@3Gr?!#fQW)U>Tu*
z--0fb^xUNBE6F{Lp>|m|hyxtc_6C4rrGy|T>^*EmDPT5u^)yPo<QIJL9!7alAhQI5
z9O6hCeMB<fphn{o0ciq^&MiJh$>j4WQr?(?A^_u@iapx-vi-ht6H7NKJq9#F`}A`=
zEb-^-dANip2JHYM7Lt>}j5|8wTM7IIjv2i+l^EZMy7ZfAXhaCKfPfvYLjwm=%^LXM
zQ)~?+36cH#42aN3bYhis8lY9XB_i@rvdrIA^$4s(-ljNyfoT+21?7)M_;5g-(P0Q8
z!C;$$4t<)D0kv)zKBQa{T#Ai&3U=7Gj@SPs7Oau^It0f~F$^TQ_aq|Xc+;N0H3{g8
zc&Bps>~TC|0V?t@^cXBoo~70Gz7wPYA0m$dgx{)Ys3Fe+CU1Nzv;#f)$Is*c7#;IV
zd~|RcHUd=@0&M(L=}|zOjlXa!Pm^c3@{6sa!0dB}t<eE&t3hlFfhcI4&c10Pu~{^Z
zW7W|NBn6-eylg+&4~-+7Po-C%*HU(zayr23{2qWSDvkzB^z*8o&HECN#~=m24;!L`
z?rkOXNiaurd1+v@U&E~{OX<M7P|o&a1it{MDftf(*e5)i)J9SHS$mR~<u6!E!)_jw
z5AY-$NrQrHmIM-HcY}(sna|qR!7Ronk=6UK1LT&oFNzs?hT?SO%DI}yTCf}H1bhCk
zDjw)$>u@i?bsuL#!hz$zS8S<%c$mj|^)L+#N+kq>hLCII=}48m39kQ9ah2n+7I`eF
z^ZGVxxT?f<<1-xVJ7fDC=sIbQp8Peg<E6+zn$e02wFrhd$7+NHPuLzkauEbfyG%BE
zsXAyP?5;TC4d*tIL$jy=xN(8S)L}!EAvS58t|C37zzFY_OfB73Vi=s~Kna8fncA01
zLyv+4CEl?hI7%`{e1%20_`;Pn<WVlrWd_$7L|8XVRh=Q749<e$2?-Lgex4xqjDz%|
zCLY&$PR53G3&Xd6SMxzPoF72M`4-)jZ*gvu5OE1g?<YH=AB3?c(m0IO+BzJ!ILiP9
z&V#o)Zk6(ju%I={WY3wYSO(__=s?m$Bc5Ll{uQ4>$ViDdXR^F$6gd<92+6ND34BLj
zuVKVxpp_wp=g4Ww3@-|U9GK6uHSG1;oX8l6LgUL~pd^P!4j68YM_#yUU>YutoLNh;
z4nR{om(aT!8cuA;gzrrewu}r2TeSnzb8$PMDeN#B=YL~)zQV5q=d%Q7|3UVIhe^8{
zsBoSh{PoYe4h@MszQ&O1V>`R^W47d61&-7mM>W)T?lGi?xfr#Tp>?Peap^W_M9$03
z&M6K??La8I2$=G=)}gX<Il!DcJET}K_JZ*eh|194DU@-S{f<yAApWxEM0(8)-)<+z
zJ|1#aH3lw~SfyutSC?`;oh{880UqB)eI3=z603C|NM1)X<Ol*832Ovd4v^WxBnYTN
zvatww(3?p_o|9=!GZKJP!+AUISppvU2df+^OGCN!GLsu!V-Y8lHh4dI+%(}2*}6^!
z)>vr-xv~R}TG<k;5$iBvDE|Q{eO94Bn|g*@NfJl6Vb?KK9u6l4Ksn#sGOQgWVGwxh
zHc0t8V?B?0;MHph&0`~hz}r$7-t5@^;JX0I&%k(M@KY?p4FW0*hP<mZ)Cv~)*G?-o
zxM|f3hj7FF&Y`&@sFIGuRT~K3>co*x5P>Ac@Yowr=nh2Q1umRQIPz_nb0WXNidWX6
zR^0SU49UGC{Nyfe9hlI28+q}9JjC?>3V^)bjM|XDlP64X8Be$FlZ%G*aaKdGRs0Ub
zsm&-|NmBV{!p#pkIxQ#M3OObG+=v&%58jKnx%Y6~)ASynEM~t2OPl0fW<Cdt$62)C
z$`03J|CKMQSyQ3z;UUEX8yjo)`<E*nCe~`EevCPET<Kha%jXJ$v88{T^B8i{IYk~U
zvBy;ELVCm_x)J9nvlIE6C&aR|b1I;S*eG@eUh(2ybRo|Y*h0%sA*a%=i@Z2mSLAp5
z5IA_}d;|6J{t0_AF68TDAr_h4@LJm7MWQKGov6S4UACz<&4@{RPQp+pBvgD*{~U;&
z%Q|NIQP`_l<)_G#ZA?ZU(b$~1p^G=sE<#m~%K;<SJQ3+9V58b~8h)bZL9~~e;a&3{
zJp|2ppm`Fua73ry;2j{U7-&Im$Jecuo<hDP09766BOwv#-L?G_p(cBgKSoD5Y(<&9
z#hM0I6yR4g$7<D^UO1&PM=YDe=vVUL&fbZmEB~sq?jJ(FWI+EDY=dURMqjk;?Qx!=
z?+Yf3+G{B3wU$81lj!66HAZ`p^dm5ALI1>RVM(e8f_z<AB6`O;`J}Q&oJFb5kb`~W
zsqd$8j)hp357Mm39|$Ay-Tik!L?y*zld79ZbNWva4{j!-hIr8LQ*Fwu6vK!nASpHW
zNZ)VY#dJX81jayb{2}zWXHC|=Vn^Qj3FPhO8N6S9*en06Q^+A;LSnhditpkJXf1yv
zCJB*wAjBg5_dZc755iZL6LDKTFib{2`w4#oPx8;F!R$?@c#fPioFdnL&);6G2Ik3&
zI!SN}GuRp&;aCjE@2;uAdS3(`^_KxErS!MF07x%-Zqv&Y29H2}z(i@`%LAhV18nTR
z@s@A!@8Nr(rtzWhp#D}5MVL#8aB;C#g<p6N?99F!;O0+3`KysU#QJ8faM(y7h!N&q
z|5QMq#7=~?pGEo<8+XU;#%q9f!}c0|JVyi*4BdTDYfunftaLBu^h1!6lTQ(61|}ot
zB*M?2bNus3u#mF@%R~oP(<N1?It*35>@g}fAiUOFP8)c^1nhTN5$_AU5(u|@f%5kk
zSndNFWT4cS8FPFhP)*F33E7cbiAY<qi5`#L6mQC+D>)aSsMKIhZZI9OO%6{3qs~2$
zNi+cQ@Xy;4(VZ*ALN%;<)8>h)!>z?&d?xRb7!crF2un$N+V^vtZ_ss=bB84fX~3kr
zrx5u)XAQTQobMo1dV&cJ6(ww=7$T`Rd6OGBGXCsz6pUJP+k)hL?dzEe(1i4(w8TM?
zYh8;TWL{YR2jfn?@d7MMgV(+NEY$a>d`fKi&El-hzzNz8Ibk|}1*$chFd^k<B1Pn-
z@Y^*M*;n3gMYKIvH3tVk7^GzYmvc2zgZ!Xz9yKY#72|<wqtL;`<Om1pB{tEKFDe+L
z{GJ)ncHPH4{T;iq<{*i{&(MvWp9Wp#gQvOrcuP&<mWq;D5&bj45{SN#Q*W3t`RF5{
z7*iA<bfmsp^%V3_gp&hd{8v6N&Ztb8s)t_i*~}kKu>)p5#9%W2H&WdVhUAF3LX{dl
zQTS}=#6Mz`g#H%!G~o2fWkd3Dkky>jc;a_dos1+Ak_q77LjF1TSY=$mHyRzSsSV>3
z8<g7SiD0)u5=2<}E8jSOR3nPqjO^_o@A~eg3V>P`pcdv~{Lwh{*9OG$$qRpBrPFa+
zoqJ%Ws<J@x5@345$Uxug<5Ykwe5k7F7~rr6Us<cbUae~{1$*tgNn?6-8iZzSv4iYB
z#PqtN$Td~PuY5Hk?AggINJR9?Y4YrHZ+qaQEfGfMiCbwsr+ohAsf>$)wD0k^CAWi#
zS}<p5cockw4;z)n{VioHLb`L@K;0Z9yFmUZ2R0Uj<cP0|1c9pyw(_yhaE{-m0_udg
zkW<kh64qqx#c`GK{V<&CbOup|OPJva4%p#E&<^$B*OY{E|3Be4rQ4;QHs%c4TrzS@
z4W!!rgdyVdJa`c7QPJ)1)nN9_C6OlzfRiiWRJbq70yilOYZLZ$B$rcTw&t+cl<kaj
zV7s%y9p$cTF9TI36SJ5M;K>OdKyc5&|BbG*RS_}h9H3iv3cikn*6q153h2rLy4Hkz
z123>n+WRC7x1=a(4Q>Z1BPC@BYhp{!K$qK>kP`-uUCg511<KY3*tO!n>ww&H|2~eX
zUZ~E>He^CBgReOC_LR@XPL)i~(mG&tPtya8+*qL621wi=vm+c&;-2<7H>zarE`1HP
ztKB0Qxv4-kr#q}jx(?Ldf!Z+@{ynAFp;l%gme>otxdp(aeE-7y<PP?tAYardcOw&g
zgyqMtA4Fwcbz9(rsKQZ>Cy$_OvC6pI9z?q}lN(>$KanZJ1z$SnP1Zg@5n6Ti{eD^$
ziAb&7Ke!KLC#k>X!=+Xeh7&G6@s<AM9e}k*NjWY6XmN*iTyTyQIbnkr@3<_o5T|0Q
zghVjE#t&Y_?6Qd4nsW?H!>K+{T>^i6+;>pjh)9)#gL)t+r=B7?7pRF_CFPj^bW&XM
ziP<g8$O-?d8}oLt1BHfQCT!oa8RaNFzH&p2G7yEyXoc#dT5^%)xQ-N7<Odb4B>W8v
z=C8P|Vgm#3tx_1gi%GD8lLs&&d(;2yv`T2i-@2EKXwO}hBXocv-S!lT*w18?lgfF3
zAtI()oG=AeigXHT2%mYcbixE*S^whivJ!GaLs^d>>l+R<SgXKTwqUBPVjGh%33qoQ
z&TqqP*qk~lLX?mmcC<2<VdIQ%(0TH4H+aH2u_wr9ir5B{>pTsM+v@_{$FoQ2d&%)3
z4cL*zp_j1q4s!<NAQ;m_O#qBNza}64IMA;e5I~j!4*Ei^Nt0B!wkvt(o7=wMg$d!H
zEHp#!!dIusO<>sM)j$+)9|FC^vkNA&AkMnp@r$A4jFsN@{yavwV}69gqYxCW%2!34
zzyy6$-@d~X{{gda#Dqv|!1_M|s22t=>XOfwF(A?pdY;hQFiy}w*<>3M7kOReLy$%7
zo1;S)Pm!-c18T!v%!+>K69{o+_QA#w+_9AD9P=1=<HO;{=m2l8U&i(S0Hc!3j*$4E
z+7qgukq2TiYG7S2N@>Lh9RpiwA&EG9gSI?Z_{ujt)fW;waODJo@aWbQ^-u60;6mgD
z(2<YLF?YyDs$DF`@qq^jk0uFDF9DZsTtXTa#i6sMcYwbeS>p^NIDus1f&ssC<6eZs
z2CMoCt1{zfj}6N7LbP+wO#5yS*8tB0pBRu7K>GzMhW7k@T%`$6Kh%SrzE|_DTa^zf
zfM6yE;8Z`r?i6EvR0+wM_m++HIa2eof8rkiT5$9ThjTgr>NwKYdKMP^@<q<>dk1mh
zfW`^%mdGnuP$4#IL9fONI$PE8PS1m|NrABa0V`>J6O^r5g`dNhrwfTNZq*r915W)m
zXF$H@3$a{O1FEYj13!ruKz<|*_H!WT4Pib!6t6xHJwvX;NVRT9OivYIg5Ai~TsVfD
z`<x;SXFb5J%d<Phf45dboX5T67LCc<ysQ|JIj|}vTcI=8;NMh*)HDo2^6%tq9I==O
zzt3a54f&FNU8F%87_>{qCtd(RmKQ6ETht}5gJ9x*BN4O{iCal|eig%-X9~rI5qXXq
zL`Iw@m}%K0cEm$~$tWTZ#Y%`hJLbDF%>7N42>yCM^gfUFh6Q7<`H4;P=#BG~M#dox
zar*?P9}s=O=w&>DPq=_^I^P8HUJm^oAojwNxg`Rrnz-V7FaReE5O5NvXSAq2Qdf7?
z+2u1ILYj;rc5pV%?cX?k7|F?kwbNSYjC9;PJxNqNvo(Udb#8wMCL7FAnh`t*3Q=qW
zKWOYEf7BACM5QV-4*9^LY!E6oxChe@jg(DTkVF`!$qgXP!Fperz0`%|ypfGo5q}8b
zewfrgq~SS;X<Qe0Hxi*T;}`H;`$pzIUu|+4aPBV1lXMJBvK2sFT3MkI1NFQBsV`q%
zVxkN}UxP5q!4Re(tfn7;QZN31grE>|t=ra!bQR^n&lo2NTzEj!N<@GPNoTr+2+<wi
z;~U7!kaL|HxfRg|^PZyvkNEd<`W}bEEq)hTI`l(7dKn_loM<QDzO^QM$L%0^&kDxH
zS05Vm#B2kM_kg@&4*-)`rFNvK8Pv!U_V6+|vqK<xgLp$Y9wMMlLl#7y2L?G$C{Pa4
z;qTjBdfN+;*BRw$#JSZauetvQW0QVeM7s@@5sAoK?=n@ZuE!zrJ2oUEi`~NCNOd6%
zm4MHeFR(aoeqcixvAShD66<S8K8bOPUkt17t}-)*OczMflPVB?2oX4@3*H`1L00qm
zaPiR~tI7Z*m-!aN6rJe?%#=WEG>LJ!=68UX!6Pq2ILwjFT}J={m34^&i1uB;@(_xp
z6@P$SWbq{*Az|eCMRW21x+&TP{5W+N9R^ItlG+A|2(pLu-Dbn!5yy0Je*$qa5(n>M
z@_?esK$KSK$mTTCCrt3?Wq6X8fs0RA%#H(X<$*6m{Lu&4Z-H=bYZ_p}RO=T?2_ts{
zu9AHzCEJ(gpiv;&$P^k;pwY<S-%4U{%z#vHU@}*Paiz#$HKspq(GgaE3ReFZR{ygf
z+SxnJ@S<{ffgDq|Mc#^syK&3#D_lHCVkb!A2VJ162XzGc{P%fF{mDbZscBphNv+4u
znaM=zwd8^YD}J;U@nB>!LcBXSF%ahzW6*cmJzc91Un&4Uan*-0sNbRPEdTwzrB}%*
zIIASCi0-@9gi-01sZ?KMpvlM<K7nWfzYVf_uPF9PBC=d8oBJcQ3U9SZ=$DIRYRP0$
zO@v>5+X2=kU*7k=eiavF%)2X<D@U)0s3JQUh0%&pf$*wFS_VOOfaPjv0lXK)y(P>v
zWe3^Iwj45?3|osOSck6ql8t~b%;y*o5-(6qLj}d0zal1xz<c)imdpOG<lmTP?nax$
zW{}utkC+hW0FX!QGZ2+56)!ve_WSVNs)(4X3aq!TzZbbf0WjeDv<1?KuufAL?c#=t
zy5?Z%nZg574I~F%UxKd*!wea`#O)WbP1^}`O1grERAB2q)m|pM#tb~`3ryv8Ca+_C
z-@Z_3+nb2Mk8Ollw9mi_g0tT9-m%FHJw?tH{+7b)%rZRISuY)#@nKlH#R+yk^@ckj
zLkpmskQ!m{+m+3op(`zSQ2X}+CZF>aHB22g+V)}q$yeBWYCneo1Bs1~F$u))HF4Fg
zY%g@`u4H9&Wb*sk;zQ?_34qBHC7^FFY|E_G*faFJP6`NGS;unxk##C>e>h}Bk)bq)
z!<5=<Fy#l<k!O8NR~DK+zrAwjgho{rwF={|pIQ3zJE|D)_)l97OzMeF8r^ubwWYUK
zIVMP(%v#3inpA9`z0cQ-Y;$H6ERwwx+87cV$Y;>Csw3^ps6+}0U`xZuWeQu%XQGI+
zF$2_QY0dS+gM|R(y)OuYZhpb}1M~dw(x<$w+1yWhTQ{w-9+ceg!1XbqG6%~o(BX6u
zY|3flT_6)caDzGN&(74?MvYh(7lom^&+F}%rP>M}8ObIrI*_Mg?P3z@-+}cDPZfYI
zEEqY2Zp+Q_p<h=tF$<1{JttG2kTTx|x$xG@xxNXnD*@7_A^D5$<si5MA6!Ja$UUOL
z<466~!XbRgg4{2>&gpwHxTYj7b1vvXRv`oIk)Z99Cw{%}s||Xd$Ay@#gw)Pd29S-*
zzFx60q~eC0Vq6|f7h}R@g*V!J3pe_v0=(}?LJA+YL&$kFTo+~^<7^xpem#QUn03JU
zanrK$Dd`GUJ8qntPEeSc3QwJ0n9*`CMfc|Z&*9_JbldU)2QkwOr9{3<!u7erH+w_3
z2mUV=COJ!Av$cO$#H1aIHEA6>uw!Yeykzm!VCwau22*|b8Yfs2gj5QWf90Bj>)jcx
z{s(c=wng^qSxjwbS~pe{C^AfKitmTcQ)H?Wi#0FUm-+F29;tV~#T!a~hAXQ78lL7U
z=2(#!KL3Zvba03N!Y}D9j<y1`+4cJeV~At#H+ntaSC*{?+B*vPIC#{&06dFdK{oV%
z{`~(I0eP2JLk2d`c`33>Iq^A80P8zNd?{=tJM@PbuD^;OyiVLBjJlVNI~s@w#o8rH
zMg1_LmAIncBTSehs_EO?=*RB~+v96aF2$QIrcfD>RWT-`9{YdH8O<&o#C^DL_HQ>9
zGG@*S51N2K&xjv$<3#o<npGa<4~Pv4BMZCZ!`j~t^WfN{ec#?yU`29-jH-R)D~OF@
zl#7oW#a9&vYcbhzeDQp4SmeBh8AK|@aY3&5P*=jaow)hi-?f@pI$PzD4`*4EUraL#
zJ3U+WAji^v@vDdpF8P-Grh74J%QUlQGz}yYDsQ$v$>PJyHL-}b9zs4?wHh<XRKNKy
z#GbEPQ%S169@<xvxqG9i){P%IuWa?JX@G~)!zuhZ5~Fp{454ole_Xne<f#`XHrVdE
z+8Kr;6ob;{azh}Vu*c7Sb%1y}VcMxWoa{-+yjac+UC3-kKm1arKd7wcV14ikwd#YP
zM~<;0CmgnM4$0_0t`)vwz6)Ntzb<kcO)v07P3aXXJxC}qz}u4rkS8?jfeVzs`v*m8
z4y~`vzJwgJ=-CS&|MA83?4SKkG_d+Pgr<r^9iAcDc}=X{l!0HYp?C6|RR+Z2VEDx~
z-sD3LbywzEVnS0pD91V+6j_i{NA1(5IHKgNhKKmQGQld}x-N38?wz$5yHD{416yH&
z7QE$sH_4>nlH`odH%V!D8vVshXfpqUXel*+FChERPNffr;3(2pBg~oK@kD8Yq8xm!
z$#xrjo0!Qc{YpyGtriWb#gBfy-#R__!v!Ga6?^!^`2!&%3k{h;Gp;o+wd3GlKIkIy
zyuSM!4;D9btp%x3M(s@CQ=!Kmqs^YZ&A#xGC<gaFNThwjR)xRZ?e-7eOWzJJ)WZzt
zpT&gNJy*marqn%GHQ@mBWa1-Vh>KRp1MOTJq=XOVh&(=_XmPaL7+zdKN8Hof;SNtC
zoh?xQMRu8p38%hn?SM$hkTv<x$7RLExMwyc0*L5fpW;%cMLH|uAqlg1C}!`0ENk^5
zK$Mb)j`2V=+X9ShlMffvIG1sXyjj|YTqrw#Ofw(++6QY^NJv7G^*gvN^dGJe5TJj@
z0c+8}<&_}VfIt7!;D2!Ve<=^ra!g+#ZQ6rp_tY=s@{LmXB#Dvg`y*H{J@}Z&CoCIX
zc_<egv1H1Ld;VAER4(DHVq0cIZq01m*$7@{eCYY!@U*@?*K{#4b||w>U-SXT=xo7=
z;*~aveeUe*(4`mkayGktHJxNr8g#;(zQrDGa=@j=R@SZVTXH1}4!#=Fw|O`&)k=1m
zW9r0qa?x@UM%LbI2(L>Gno&w3FI`^B_*ebQKm2Z<&4^-ncc-}P+)SAK^FtR*ReKM7
zp4?e1o?yfHx~9EzE7QAom+Gi1wZfBJz6r$Yw50I<=aqTetKM#3cL=Uj8Jxm|$5e_B
z%8f+OuCHRE7yEyal|6V#bHS-h#FbQ@F{aU(>y=|K{IA@@tX7u^-J`ryuiD5Qox09<
zN5Rke@3!Y#Ocej#m+Tk~>HD*{cJjq+@DeoimfS|#QS>qVUcl}3tK_8-McZkH^tEdL
zY?bld(>IASv39JcJN&P%&eq2bmBNmzKWdL#3FfNv$hn1EJL1Pot7(O*6H_Da2Pq1%
zl?x`FT#XMuUiTfMe2%{{V>=sl&iCZMyo?uHKSuc_lfPk(Cj?z0-)Pl*^(0(VOnVJC
z*o=wN*ILfyXP<d<>05{rv88{ZaJulcz?9Yf?m+&5dY?DJYaQoC7p^Z_1a~a1NNSc?
zH%TauX5oF#D%}n`L1uhk8IHeB7~0-@qHhtB2KwZC!Ex*>^@?pvt130Q%z~GPTBdp1
zlWpgo*I<3HrSD$Ms&-7wNzI3(^JF-sC5_IhV)AvvtF5KphG%}Z3F=W9ymn?-^=kb?
z+g)D%XTSKw3>+nw<IHZW^hSg~{c+WiU(@ME!t!;G(Hk$Vb5{ma2LCP-n`I~)R3Bl@
zy}l>@r9C_Ia^^yvS@83&5_Qdz)s-TyO2L{E{)6`|;`h%6-GAk8`&rrlai58>qYYc^
z*>Ych@-E>%!8Mwg%sV@70YTe7LCqKH+2zbH?3uJC`ybzyI9N96Z~Nk_mgw9yP7#A{
zUjNiD+?2oXXxwKCEryEkP+}qeNLUQE`B3?o8J=c7k?3~ls)W<sE4smEK8{TVitEO~
z1FBEeix0LRnvLPk>UfqqI!pUp^f|C-`t<w!pZR*L(u4UJvFdY~zD}gm;)V)cnxtJi
z?8Knq?Hlg1GEX{nvzOA@PCw4_XZ~{bb5qhTxyXYPV<OGb?#KDmXetV^ca%K`n*M#x
z#4JIEkgL(AGB^3wyEFr*s+=QL@9$A}Nktws5VVXx(CN`|x;3h2sbS>~QCcKhp(sR`
z>0O>yu)p>+nXnk6$1Z8*_4jmLUCr*RT7w~!i;+#oxV+Mqzyp`pw+vIxWGD#y_*<M=
zJh>`9Na8=F8@^iWsC}b-bmaZD!9DM1ReiRmc|!k+8ht??-%F~bf6KjZSDI>cjwHXk
zeXx&fI$d>DW7&*6*%w1HTq!!$w@VglK)XuVqny;1rynm9$&~N<uy{>>th1tn=1F#v
z(qFmg_S*jN&zBz!*bC2vl{wBQ5+~lbY}+CAGRM>2>i$r0_F|SteSiDcdcz}r@6^u7
z$}bNS-MJfehHYic4BFdU28WerX!(-G(c*?>H`fk0C3WEmD}+kN_r_4KHE4%1(9L{A
zI<m84G?QuR3o$FkWxwAXcfPPwz3OXevrw(}(bj*78&hJltV~8t{ZoGWZKE**dtds?
zxL2zmSnjY<&>Ee%k^q|6)fDLAvR5{4@d)`Or9?aU`Tdizbt^=_o_^lO`bnt~#fjH@
zhYw6Ky^@I>Tc(xm9s47*0f#|jkV50Tul#<)h3Vaa>Nj0gHQ#$qT6qfx2EQL19tg(A
z#9tZN+U*(kK<M4XLQ?hJ8_jW<n5x3U9{sxIIW5@K2G<OVaA{`GTHedoQ-8*<T_i5`
zDyi5{(4lWPfA9Qd8m9=ae|T$~f#&Y%GW^D~SsCKQ!(CaAxb*uTFGx)7@aM0(7q=SK
z+B()YP^5f!vhlb?w?`(^KWSSZ!K;G>tTf?;g`iNfH|65N?63cl^_DI1p_TJ_C#mGq
ziT0QBsXbm?r3S$%<uQfS?_49h?AaeC2rlduW=)oU=u~*h(b>_OTV{2=&A$DGiipq8
z+>Uj#!%rHPYP?i0QavwezHx-_jQu)0-9o&9i}xHl?97@RS6Vz`XPGS>sU~_{XR>0s
z<(I*z=j}Z2Rx_Kzpd%kw4_wtBDLB`eksVa&aIbC^@|CMU-tSrL41Wb@zQxZBWtAkS
zc4phfxj*(u8E%~9&mFHn)QMFdel>AN^+2FwaA{R>ob*d+M>nRmgF`=RjgBPWviER2
z#g23ENbNiR{@Mse>4Wo@QU6KXN`v66x+rLD@3H<F6GdKH?ckov9oJ$_rk)XOoo-qm
zIp)pPG?=05^!ik*w67Yiu{e~N#S|O*<O1{hxP$fjqyYcb>0O`jrJ7lDw|i>bk`E$U
z`>r~7u+W71!+KxVXoZp-OTWy#nRmhX+zyzK`@K<qeOPAS!R$*TTRvCo777Uqr+G$)
zDh@{cdQzV`RFUZ<Zn#&Qz4J<&|8l8<g4hhhQ90q|>HfSMs+#$Nj`urM`TSIQd8;y?
zUi2VG4Ti2;?pXeeDqq!@(~{(r7;e)1LBeJ0e|henS-h`YinLY-iKn>*!fxAg%lTax
zO3=?<Exi=?(rGlVrDt_=Ki8s4N9_E@CsO^!vTu+cKD41EQULF#e5bQ+>0?D2_20(1
zd#TxXVz^VLV~Gp;p@FiFTo#F5bE;V;QtDcSDdNhz7VF{0Nd6PUm)6SjZeZ?rwDL4=
zadXUlbtkFxo#K5>?C9*Sy*;mJT)_4^rx81=jeXN`F=6C=xms6`n)G_}^+~aZa5Y}1
z6euW+w#O|Rk~{yDbQv)&2lj<eStKQ-@J(FUJ+a;ipF`(AT33hlc0S)9QMK@jcv`nx
z0G|>bbT9ROT<e`1w-)rgo^+U+au4-6u{o{PoVz)p23FduTQzIP|3%YRN442J;g<3N
zElw#KC=M+y#VPI%#ob+#;sM%X!L7KpxVr^y@t{SDOMyV3c+j9XzkAR9FXtpX*?DJo
z=GmF&o#jW&J++ZrjO7=5Ds~CnUheDu(#@SRhJZZ+BsY{4Sp(xk9P<}6OdWM)QbgP9
zMoRJ<>l*_jr2f&3J^!qs=&=$>1nFOi-Bc9BCEv~fygQ~id-njEyuHEp7O5(q&-o60
zH+sH%D(-2Xz(QAtqdt(q)G<Ajv9>PN>^7!3V9(gdpI?WMAe9{)fsHP}&&e8^ip+i4
zaX!^EBQ9tefkJk*i5Jtde83r`%oI<N1|b*DHTtXbMiQu-Y7c+zAR~I9Wf7?QlTGtj
zYB47HZD*Rmzl3*@2PJhDXNft0gTsnHk3|p1bZ0GH6w&^^KPW}t9i(sHZ0xl6<U0Ly
z>V}rDH-73&i<r?VSkQuq^ib9Y)lrK6x{4R^@xBhPK~2ZYOVqZP5IZ|IyTJOqjz@!m
zOPclV=c0HNP~x+%vT(6R-FH*$kwnxzChOI|wkG$>GK9k|xg<ENvnQB(0PYt}KrXG*
z96_2WIOcS&_eD5$@P+UI!b0Yb01dRfyww<HiXkpWWi$%~bVuhi$oQA(J-r(><wMw}
zZRv<LSH+tT!qFo;4*ab%$h4%Kw|TFRkOK-2m}9Mf|LgJ_SlFJTBg0MBZ!>QF*t~Gf
z^yV!s=T`1|2c@LhjrtE_V|&q&ktGkrZnoe~g0I)XIqD0EXy;qYYePtNtCHe9<MP26
z$$<(E*W=pgMr8p-e;<t2_38}7y8O{()z>d(WT$YFE7CP#g}EjhDCAi?9B9zI;5*YW
z=Ue4vxxupRUs57b*R-BW)U3tv@A7jw7xK+%xl<8>^YCeLv5fF60>p9G_PT$9%V3Vk
z#eM}MP((oVHnQ`*IXlZYfg{P+4MlEqs)YPNj3Wwp!0s7dk(ogHa{d&wtFJR=^B~OQ
z#ew|-gtn02I(|E3{;p7=*HpCWG@it>3e~MJ`Aw|R-aRALtMOUZ;7H5m?s9wR!1Q#;
zM(nohRv@VM+xVye$Nf^HL#o2S$@o^+<b-<D`uQ?4B<$bl0fM4%qBidQ#&q_HC_a~g
z%JRKd$2rrw_FKhy{q^q-e5kKZQwUSb#x>z*Bv5*9LfO|$2ON&}@Q%--{Vq)VPDiLN
zb?A=~ERr=@zQ$T$a2;yU%Ne_g#HruYuxAjYI?xI5@;tk_ksNC&KN5=XS0TY6i%IrL
zJD^0k!4mzq9is0-cU_y%$KBz{t)LyGw($uJMi`TPnUu=V8+dT{(;nd4S7X|fpJy5u
zl-5LbOzrJ8kO&fM{nUKScw28H^6<FEjpjxu@U7nLu90x4DOF7(uyUmAtOL2IoWr}g
zpXisbl7RCZ?~nXkcYs2t(IiC9BMayZLJ@iM8aoLT1R`e=p3QOPiQTK?jwI@HYZd|#
zaa2B?`o*$PsVUyqQ+mX?qB3t`#x+q|y*O_2GL5<3$pAArekCoMYvOKh@!4Xnw5)@x
z2V+DAt~3gG*0i6^R*<w)y&zDSN5@4QFIA8cJEAZ)^{)D8R<Bbj*KpG4bLqYB2X?|<
z_DD}NLH9${=g79T?a|htU~ATp+0`aWkLIgENT>4fmR1xsc<64@ixc$^$mxtY3|#r%
zRr_dqgqI@9!A}USmG|&!=(uuk1}kvJ>PaQ~_7;44?@OGe)iCuoQcETyEqTZ?DIr$q
z>2!wMNyB~$ak+gu3n9wr-F&~0$3)2G`6_<6{QShg1B{IBlAM4mLQ9X=ez$ho4wS`g
zI+R{d=K#1CWFLH*uQheOJC7~GrrLd>iYJAW2djry2z%O}MvYYKuaB~~hXOYahco<L
z_`tU<HA3!bSaskYWp-*oh?&rq#u?%zK@W!2Ch%$%HvLGH6r-3o3q`@QND`Cc=hv9?
zov#E0AJ#?<WkA@Pwcac6%P~V&s}*-M{0vk;bp9%}@$ZoZDJfTX*mA*vpV^3Lp69Qg
zMv1z%-{0a>B6bYnbS<39=?736%Fs9ZkHpiGsG`fPJsc%@quA=lun{v%<^l)AF&f<{
zb9@lNp_!(z@F1;PE|{uP0Ka>@2a<XQW+j75j@hP()@`%MT#%iAU@h9)Qzzt?nL5qQ
z25#Cb_S0KFgI-w$1Q)vofz|{2(?miUF)QV2KYTAu^A=F#htni<Jcmrb^@89hen+?|
zXFou+;j25xJIhH);+0SAw}bs9g{_#dqnJ%~M2&sXCGg8Oc=40nMXX?PQ91(TaqAU0
z;L$i8C^`gI8@MjAT-6sVKRubB9P~1PA9LL<FT5{40uuaM<va>g2t%W+TJhKY_TB67
zUss{!WAcgirFjcl?@kEZE#}-%r=CqFWXxlR&06vPNmsVn=mO@!?`~Cg7avIk>Cx&U
ze1*hy^u?^ihplgWbRh=^KAH%QWhlI_+dj-0c!shJ^iswOZJLk1QM?Z@8d&DKyEPR2
z{s6rGYe_DowoPsf9&4-VN%nMARyvy8Uv1y*-s%3)X0@`}Fg9Nda@e#9xkuIX4GD6Z
zafjbE?6FzCBX7jUN)s;wC7oVE{3wKKtx49Hw~F^TI+Yc6rVu+!SLouVlc`&7gz@R$
zdJZx@c+VEr86tpWrR_aIXiWg%m?UbOX@0iI7~&|OYvK_p`vIQwT686VuEHsei(M+B
zjnfRSG5N8DLf|wPl2iO+2Jxx(<b0w}Op0@zoy0O;G8NCb7tOX<ean(2UU2RM?Pq$!
z1mIMZ6uFm&2K=#@bY#8A@u?GmbC0hyOOW+eIN$BKF44vMSFDfQz_GJXRzZpF>olyi
zY1d(W9oscsoQ8o8y3pxCExbYH^f)TNKOf5I^zkkC_2TSQ4r$Lc#NQemgL^E|O@kC0
znSlhSo<VsDd`}i!fCj_+0D~WtS(A0vfZgR8(J)oMl&sOVUBU@rt{M*GfT916nl0?{
zgm?OGpr*@m&7|+Q9R4nO-&k9BD?6}Jv_Cpu6m_a7uuLM9&^cd{>tq5428v24hTG{|
z-CvX;b;op31q$$)SLv7UVm7YORlK=sf(4#B(Kny@04ETU;#_Myy<w9yPUWG*LDJaG
z@sXz)#ov&eFTz8ct`W4v#$o`9{sqrBoMfaQ3jENqoI<Sem+pvRTPXR1vnqRL(MF}&
zhLB&Nlt5ppYTJ#>#IpCSjfjf9oW`)Ozr_IGbb)%@XWR-i8U7GvUyev|j;vO^%U-IH
zh;5=cDJgnDoHF-LvO?Uj%Aow@K6r<3A<oQLi1G{g6zq0U6{L*C^jNdZOjxGaRd&jI
zF;7^dBQ6Q0)YLULZQ^?_+J6-e<TAEGderKn<<nS@NAW0d*13Pb62=@G{9n%8f--I<
zk1-)Z^6FCs<$>r!sm;wOQ=Be2OJbuUC(~`7iRjkD83GnzUqHV56|(IzlRg#GpFHRl
zCQg}VHvD)4e1~Jz$X%h1mj2p;A}U|#i{dIV+%3HBb^ijB6?gS(Z~2QB^Aa0Q#HUGM
zNUu7t5|AoVO9fL6C7uRA<dGy3X{Dpn%FAe4*{WGs>-gEWA(O#xyYVkz;&cUAlq#0`
z938t(QXE}a+u&x{GA6aR-06v|&Ono0m}t5%yJei@^{a}^rgPB@^Bezrl;V<A!Vz__
zdyumgdGE)n^s#>UcrSsST{4hsVrt?0hx2$S&ucO>lQ=~v=+Qwww5f+veKLUb=?9Oa
zd6$~0G?ND|&;jnpl+Ox?Q?VG9)L;L}yL=vyWplIJ$6+7Fhw?{h<2l@-=WhMjLCH<j
z6c@)i6HgL^UN$-G>-p=Mwz<Hm7&_w&8rI$LXmaMU%kuG#&kn1v?fCc|6(tRXGCx~f
z{Gw3lR}L20Dw+97x%Q#2AIpJ%cTb*%CN!k(P<XXx0bS`%WnV81I1aK+@a~iwXe)a9
zpvZ1@7$VZ})eicx?6Ukjl`uBc;A4-4tpjuFHvtyE)X3!A*^~JGD*LZ5{q--T>Rf<9
zy;^88TrLDLHWUX&7e~R(Tkc|YyaFjOSRuTvkj{gFj918UxMe>#8vka?ZlkIGBis9(
zA$rT?QNieZE`Yj`#VldN-IZ>^Eb6LHlK)ruDo5V|i1V<`IS*1dTo9#H&BY{uOlaQ>
zk{evP6!pHzEw$-GULM&NN_jAn@sbyqdYua$$7+&uNnnKSju7x1mTKt3-PTrvgG?(j
z{|I)N`Uic1H9-kxLo?FfIsVQAG=#;CkMuI;&!Ab)`e&^Z!mfnx+^pmT?R1cL(>!#{
zWV~hABn4bU58HHX*G1c>3KX<X;~KJ(KA{on+I-NvtIcUCI!-dRPm)qhgg7Jrk=4h)
z)_&w(6Ttg#@KhsC(9TY=hpIsb%`fZNa__XKA>^uC(k4TX^D7E{%+ULpyTntggN}^0
z9QZ>j!B5EN`-PYj?JE8TG*@Xa+1U$#p~IhnLx}VKt<yh!m~xeyA=7MzsgVXxtXzPz
zQJZ#y;^&v+_e?e!?XVTettm3kjiBL8(?PEz$@1(=^d<}G=+OH)VorS4fc0d}Dg4Hp
zA0fuG!6mU2Ub_0$O&?#l;Y%ga+uox3hQ)Kyg~Pj6fE@d7i0<#@jpE#a(^;E#=5bo|
zJtIA@8?4bfG-DsFpwkd1g-hl2;4#*XR%0D@D?5*vMS)uV1@0T3-7b16wlnqsIm(8f
zdpRbL*GN`ANAWslz}!zcMnVq1uZUK}dG=2Hrn!As47BWZ^YOJ43bLww5C>5j9f?C%
z2Vvfz>n?~4!Lt7j5P$y*rcY8+la#r~-<O=-*F!D;7Wbb9k+wG(A!0Tkp_VpK%F76n
z(C8b}fkAsSS~SDQr_E(pKi2xo+XAs#ef)*qktLafj3?SS8~T7U5gOwwzVvYgk|#iN
zoen{1-t2;snE`$QC09L=%8zquLp;Mf5t%DwYX_5PpycK`6|1;OJQs~^wv1ks7D_kD
z?+=CCeB=XbAh(dcovd4<$Sw<dPdj8wUGA4`tiNDWyCWoZ-Ve$yFTa$p1`luCX`;dy
z->?G&fS`d;r7lsAWA3VH#G~Dh#jf|YTqgwQl4mo(d-N6Mp&}1$pa^6~Q(!<m?9|HF
zH=pk80P;}$m1NX=i*78azjy85`e`JD!{c&_r(M{rg+|Q*&UyaCUPNdMt5fPapMToP
zC1<wvYVf1+o!#&-v{2WK5pgxSP!es2_>Lrq>*JT@JG#AYPzXr=nsrswRUs*2Be&FU
zZv0(@Wy_Gnk)r>yE<`xk<@UugV{Ga*&(w}Y8Hn6U^5)D0R@g0s^i`#`a0C>gNVHNS
zS1#+E7xtRQ&O3Uo7>-FSicSn4TRrsh$8yNhp?r$Y!;6fb_3LkvbKvhX$JJ|lFAHyI
z#d;jv^K$4VEzh~;<4F(-xyJZ-)=TRToM!SlmJ(yDJf`HF#~;^8*W0?*;WyK67lT2e
z@YA@FCqCU@uR5Sz6cX;sM*LF;Qc9s6&f&dv9BH<&T)WfH5FGS}Abn;csc3%>FaqHD
z5SrPvKb-t+cwkcro1)EIWq{AV=w3p6@2&XuD~rrGM)(D~l0Wdnp3as<mLKD&37F3X
zE3aKzS4P-OH)2J&r}mv@rPNPLx$&r=JqXgVB8`E^kCSFA{L6c83ZH)w4xXy8JUR0o
zQ9m?wy^DJUp8vP(m<80%TG*{&dSi%R5ZMO9W4y+h(g{J3^_%CI=7h!E6Ylu@Yl<*l
z7Dy8Y(#2%bJ#1xDw_Ya3tC6#_{h%>jr*Oy>n!Ms#xB&YPFfk$@gYm9U@X`kVY81J1
zS1&;`7Kn+S53vo$^>U(@%#Z2lX-Dont2+ee=)|Zu+_vdaJ1!J+%&gQlL*b#8OF+r;
z{@7cj<&=8nd2g&p7o`WaS6?4{KiN%#2|7>wfn`gS#Bae3R4ar9+oM|{@Aug~{3-rT
zpfmw;quIO(C39~A+au0MrXY(Al*eKkI`=|6<I^4)&4L&^ktA#s7SZN^@6q=E$a<FK
z6}hmdl!iE;B=K{V>6Bnw-f{(fn+k~d3TM6pP2z@x4vfW$=F&{_ikf;P?h*A?TL;wv
zqGn?^b;<Da%-4(Q@)ow8769yX7F8J$vFNvyYACs>2DlKLOoiRGmD4D+=2$SOkGW{%
zz2d-iVd#BR-vdL2`B*f^ijte~@bz=i{1ByqI}cB{?r|D03|yEZzWt$ahgQJR7|h3L
zNhIO?N`N!Hkf6yDp4w>6ly90TDr)G04(yLf!ab;Lo0SE|i3NLLa8-ZdT8L>=&X?Sw
zCpa>967M&X%X920T4=Q*-m)uKC5H%~ZV@S&bZ|+Nvar{&_BX>*M54A!QmV@7_;@cd
zrWLhBv*Ts)gI=`aF^5P*>LdPwyu%p~n&GE#XjoGC=T);`f^Y&?H6RO#ah1W;W02u(
z7hw6c2fS}@3hE0LXI}QSh@bq`75P><!D8MQ>He2T9_*UZM4y3t<jwF1wBQ5Z@Q#-B
zBFQd2;5+cahcJ*%(m4CxJ-Oc`jRZnbGHT(-Cq|(e!M;N<HO44(y&|BS#-p5$R`Pah
z+jLn`^kzx}3?#XtTiE~AchtNuhGuPVu_$yd5CnQRBOF(*N{SwcI3t@<mjB_96tLqY
zE(oJxi^?_Ls8F|I|MEYNX+??&opq#xt_-j%STKX;rW~-%l2UiFYm$uk)4m463~Os^
zC*a{h69T6c#q$l$K_amfqH3X2HaFVU6T5EMPc+Rdze4<!*oFD;-2yb9YGtl*0^&n7
z143_-N^S~9mrkJ=bJhaE+fG>|p~>Lew1e^%_qAwFUAT$ao#K|3^J%=>WMJ^efsc4~
zi*d5FxGB()`yMX095Yv5M=$UvU02zJAMT)e*~wSqLhJ1%?p-R)Cs^*NzUf^k^KhH#
z;`{<S$we1)C0X{vJ%=a}xw#35bvV?$Z*!{h+2yrF*9&0YS5sy}#fJX&ek!$EqU*={
z-Y=tBx_HLh&}o`gEp9Ai1B6E&V6pVmRnsHC!BGA&y>_PWYQjf~PB-e3nT%P9^@Ku_
z=4{aEx(X1|ds;6d(L_0!4gQJ$XbDWs2mgKAS(@uhr`p7sdbbL#mCbQjh0`-wj)izK
zKM8YnR7@nGu8_M**1#)v^Q1W6b!I{~@*|Va_c2JD^RuO6JEK{USlPi8Pb6Meo64kt
zzdxzN=*0JU5J8<;;13N~nH^JHQ2@WC&%K)3<W3i><0fiNp&KvNGEpdKmuB~!XCWCg
zqDRU>2lW#<6qyBU)3q?Wj{3pX&7;ni*4wKjyjhb?)eM@P3Du`^U-3VpAW5v<S|@IE
zDf-{KoV1V}2{9cIKDhtv^zK$`T^K%)Rsm@l?U0_lpKQ4Si8g`KeJ93sYMHL0)6G8t
z<zoHhG4DIvX`AjRJLPdEuwWqboU*$bm(@hAT9vCmg&zh-Tt{<CgR8oT&uH>zp`@$V
zg=^>fx!~@93|y#xP!7~Rq^<dHr^8tZ*Wiem%O;5AB)aFJEIn^50Q3GxBm-0w4tC01
z*uQkW(NFMYseKT!LGP2FZRu{~%98&DYvlGvy@%g{8||+njB^7`n>P|oeJ5Zc;!=~>
zs}B!pgI?(&rt?|j!Z;fy2|3RB=VL+P{mVv>T;Bu)x(YCwNy?P9Hs84L6G;8fVp@bv
zMC+;dfsQmPQAxr`C|%j!QCTr(*LB&`NkyE7{Oq>0C;LNe>y%*?FdlZTuv&s;DO%tr
z#ku@+f!*dTNhQ_JVt%uSEPVt!o<DioTx3In8IO%p6Z1Ot*L}DtAi{D$%{wy>gH*MA
zw*&m#hFtjRsMA5O5Zuo(%BKCBJ^-#L=o!;`m+o<Y(t7f3A;<7_(HebGB@$z=bo#Nk
z(kllpIDik!8p{ebwtJKZtbeckYOnYkW*FPQMB?Y^U)v~_i<K?6Y{t@?7m{=k*;CAE
zQ_a96pbPtI*K9vYJ!Ytx-9vt8ENT@abW>5={yU^TFhC|m0q<6}r=#1R){i$&Mtr@c
z%i86Zvm_)yGIV396a5<t8bZio4>sNPcc)>BNpH#jRR)SCoh8TrDT2S3Yn=tnG(JN$
zI&CunE=*IepP^X)ba1^jfg|;w)&?5-U)=r*-mVWFNHsn6(c&6T5;kb&LQ)sfiwZ!;
zr%VgEaCG@3i;V0<@U%5}6nAZI0E&qFE*m)G@qgP&B3r!zS_(n=F+$$YlE*~glhzvC
z(mRJaW_WfV2S-*ul<~wbisKlgVel{3F~<9Kf(H-da2FsSG7?DBm}~<-%AX3288KFa
zrf(>aJ(i0O-PV&=tu1ao4tjkYyYJSC%gqWK4T@y~Ty;wtz3-*Wy2Du&UOs*{IHF(y
z3L#DQ)ZW#V*0AgkXu?ipSlQ}=C@B;KSJ=RBxb$TjS3lIO{Jn>Ne|R^|SFkeVv*Qqe
zaq9{t4vr-42(d7HZyPnQ0Ary58g^Z0MoMjiZs&mYX#yA?=vr>Dq1o*5T0Nso?a5s=
zcAGKz==m>M$%&q!C9$G&Q94S=w_Cr_6&I}*Z}(&Bry)+dv)vnkjjKgfMF)5v#2rZP
zHNZk}K$IBYA4|RNyQ0{6bll@Lw2%u<`@mKOF5R@eT+;x^waQEWH(~rh6yI|zu%8)c
zOu;;sr3bb0{^(~c$-eb#T9m6=@-8Re>?1O&Q77k%UG3dP0=A_W5EP}PxFMnC%5#PS
z2M=_P0VX#DFI;yOHF4hWfhSKuR&p!s!X7B)fn9xzwu(N)`5;N>KtZRXnZb|5^d_hE
z$_STpKq?WB7I&n;H^Y=<s(3j`^0V(EPa%sxACnHSLMne9`Dq7O-e8&sMAwOCD8L&n
zL~W6t1aIU*WL+0jk7-Za_j1s0c^QbYIyyTj_q0<=+Iwc_3SL%19Q|)w<|w{*K}QrO
zHjD@d%3Hw`4m;Q(bu{-9lDFHE4hr0tqQN$NxiWVxks*U@!y11`0Z4NT%l9DBv@UKb
zzS}KV0{V<w@S_WjQ1p#GmZW9^i7$trTS*_Vs2FmMMoP0n>B&?u<6e~XrxOSV;Fk6}
zrri^>*KpEits!?h5L(-%w~(6)Z_*jKroJUB(DS%Zy9{ok?BVmv)l*-u#!c~Vtf7kX
z6XvCZwqMwe3d(rQe^3OTK}BtPZ$LRn#T1uyEBJUDYtM2PRx`Nd+^9yP5p;`$AYS+9
z1?Ak}UMr0XKl=xkL}0Uex>>Ej-KsUlwW;<|_bVb2jD^CRiH#W>`zH6Tc9yV(CJ@Ei
zj-6ctF!+~WTCXXaP`hQd`FoJ>`8)fSU^&A#OM(cxL9e15v$5{zRDB>m^lN%;^&!YJ
zdhv&|n#0_Zo1^lsYhGUD4x=C0q<Ny&Z?0YV^NVepcEUBPMjhxEyGKHB^%qMnVFU~Z
zKXiT+1k?;|rj&GYT8=Blkv}v(KdJW|U?*_RSS1mqpm{24@`NLhEhK1&;M%KULyi*P
z-U$7kUVb5B{RcwB2B$U!jEuy=@n<+4x{I)ypc|wOCjC9Lzjg!>*B!`_I#E$$mOJ%H
z)~;r2%aah2y5FN|-_+*d>+~lAXVoU@?etWbDKwC-F6)4iOF|IAm)?J`K!F&y8)#~2
zpJw?V{yNH@)&*uLY%rFocD4%?sQFY(Ia%wn{P}}$yKzxzMA#}>@IqwEuxU}<(Iz<m
z{2T@H_E+ayH*dEjeOgB~TJCRrGYdpi+qCCS^Yb?v8B+AK2(-ra1RLPpDsgWk`>=yc
za%IxgzIOd=qz8pezzo|!<1?O%hCxcX6n^u4X(>caZR~e6WCA%<DJOA8Ju;#rY&}yk
zgn?<tyy>x8wY|tWn|6`+sdUP_jBt$(s_~@{ox8I<HR7$H+k2pNfJ<1<ya`Fr!bMZ)
zcWcBss4%g6Axo(BTy*1AfbxKu=bkXcA1FGT?UFz=4;jgVp@;*5sj`x7V>dhO=wjL%
zST;oKL^a;&S)xx_A@YWARs`9Ev&V5(*o607Yu=nW)R<B^D!ENZ;>i27ph+f_nG*F*
z^I{;nw-lK@I);=7gKP_PFvEVcQ#Q}ULQ#Mv{IDW#G@hFBMD*cWM1rAEC06dlyv;b}
zET9d&xmUC49jSJxr7S^_@eklfCHWrJ3;}n9O)K1xQ79&K*w4PRv6n@BfB_Hd+|E`J
zX&uCUne1u$P^$0%-}H7GRrErMAxH}!9+mvwJPEQ9CUWgQ$}EcbY~LFh9%!18cYyXI
zVv7qq(mzGoP3k(0eym^JTAPi9nS+53NekrtEt8q!(n!KVFP(kXk*z`B>9U>@dp2K9
zgqSo`8>K~!OhdlB2Dn^hA%ypacpayLhqDByL1J{rt880;24{H2k`4rShKNzr2Ob`T
z?Bd);Y+I-3I6S?~&(EZ!;6@pIJIiI3ari)hdIQ~eAWsdg71ufpO!Z{n4NEGG+cxCR
zhC;3K;1450LUk2AR20m%pBuet@~4wd9<KIs>3-j*wLj~wkipFEfR&;ATz_7VEQl2t
zc;pVialUDBWq<qz);FKWh?&X~(97W!=cnU#^Bmq8&7Cz=IxH}+rkwoxC_kX?_}QH5
ztRJ$VP)+e9F0Po%T$T1f5D-E$8NH|?<iH$j1eG73U1<-n2y=k*yj9FERnxjh&r$4%
z(%b3danpE8Ze}Vvw=h;*c$;p=HPR*w7e{n(pUhvRbv!#Fm0A=9RB!-n0m?!<FmrCn
z{5t0+<tl?+a1Z<K!tC~xTk3@Cqt7w=t&6Dc66}IYbAmldl-Fj(j)RKcL03<OL|Lew
zh1`5xe<aCu+(<9z!&WYBx<JVj`PmA-+SZ(ngjb>nxWj3(s%<-IjPTIB$7R{z9B@k8
zXw(qjvcv9E1LX@z^-YvAjP^H~=+#_z-C4=3n`yN5aTsWw&Zzws6PT%kP5@H^@$Oj1
z6UGOj8{d~W_Q?iM$zW^6Hk|o@22ISKVZ82Aa~Q@BnfKaA&I<TpA4Bj-j3@pCxz6qh
zHmKdcJk3Uk;#qWN?wjR+?k&A<6sYF3?>*qAx;z|_IVsib=wxGA7i)8{X!M@A>Fdh^
z+N`Ftg4gZ=ksjvIgE61!VPL6mzN1$8U9c)R19g_iJ>O`XJT~U`k()_DWBelRs5|Di
zjuy2IB=&A{sDlr(t*{6ip(@<QQPTWVJKca&{dLlZT`Mk=C6L&H8%&Vp$>6*$MchNG
zZmZx-kYJC$E<y6#$B{73o+gQu07%-1i8nZsb!#_(S>t}^SyzKXSe`yR{7=Jpi4Wc@
zT!}uzt^MP43_Pw-7-ppV=COdxI%sKL{A!19f^=}RnCNvpetk2J9FBLf1OsKZ@$76h
z-E+eJWrs$sx@{h1HzE-iPvrfE9<{Y7!=+A6xM4$meF&=4*bztG64fq%y?cLcgMygV
z?iiAo!bZlq?MY0BJ?F-%m9Cx^a%o*31uf80OyU?Q+|qB#I<DJ9JPqawLF^g#OANQ;
zC|w;Xfh>kB{Re%Qds@)x=_hf{Kf7D0AD5dxdqdsEvpS|q#Xi^&HRZX2Gz)a`9i<kQ
z9+>j=rl-<fNx2NSS9e$N>U>LouEqeiqJ}pA$AG(1Mf+mt<30|PP|U%i_sn#r>m*yz
zhbL2kc?Wz{hE2PhSstAm0=sZ(CL0vwdEnR4lWso#mxV{9t{ml;OF?@foZVqSQIN|Z
zs>Qksk7O2RSZp1#WT4}OyCGbg9cm``>jpP%1)r$vs{f*LbB?>pheRLb_`vRyLu|Z$
zy`&rpU2KozQF1xx<Rv<Kac#Hl6AS^KrZbN9&Rr+ZA_x@!iA3Jpqj~M;bq#IlxdQ0o
z0r30#xrHqUWe-FAs#~8lahFgzfd%ANs%!KS8!40Fb(YIiY|mNHgppbuPh`&O+#k|y
z2e<B+;8O5bNLlvoc_bvS<`NTBwtC7geB`gj*B{Sm%AG-oZb9O3w(_a+)9O%@D|iBS
zSzSPT6xi*6z6NLWhe9`<n<sVeFu)a-EG~?$0%&{2awyM3{Tr;FDF$~7_I>vHB+Sb3
z`p-u0_SJ=rG}4{Rc;%Pf`hSPyItzIx$Utb&pybEAx@pf?N$*Ah%w2e3ugkzA`c;D8
z5C6M`IxID6=wv47bq)D`gy6#}G<w2gx|YJZ&twc8V&-qod!<Pe^dzMNHFFmXRTR3p
zg2cnJI?;am{@+{6y2U@NLYG1{pEsi%-UF@oT3m0JrZ{jI=k9VRH9R_e-l!YcgK~fw
zs~sMy-fq^|661e7`-QwkIBe=5_GpMx%Nbes(SvNE98_YP{P4fU)>umS)IZ%SH4_ux
z&a>K5ej<t4x$}zJ1ZcPZDtJrXxx9BJhapR#;@@rHup~BFJoE-0n1ZWQq=R5vnL7Wk
znh$YdxaH+!egcd6_Zs6sOq}2I5#)}@$tB?Jqbpmtiid=4P1!QeXCzahWCp^vuJ>$1
zQmMrw$G7fR-doxZB|+UjnqRjWacu3Icryd9o|KAzP<hnRqwcdq%D{uy+u5x;K;f<e
zm44l|a(EnqZQ)`&bk#&NJ{2%vW;Q$Zc#oSqr4J4Um#*the#26{&Z!UPGgBMm_#yyO
z$*N)-I+>1`X;^$r%gLShh83*xa?yP@uOiD~T0Y0~zH!iy>e<*U$?*KyvnW@*YvfBp
zk#FYdP?T-qZ(%b$Ib`ndF-ez?#DOd=G1x$<LylJ?7E+IP(UtyWn5)a}S%J=auEq=#
z(|nEfF>qo8GZ%xG`pmT1cVP3((c^D>Lfp8rM|QilSrj4na0ci4Jc(b;CgRZ_Dkm^;
zj)aW4+(6r4ONZH>6<t#~^%ITdR4L+f7k4z2v=^TymL;ZZp^@JOhaKu_5f>KISB6eK
ziutoq1DoyCAs6Bq!j7rU!35{&!jC-X@&H994;RqTavhUzN<0<JJl!v5<GZ8cy}nrb
z$fV%?cqq5TZx19T|H`$7;QbzyW_`B#Z}kqx-JPmj6K5s8@$fH=p2urVjb*139vn)}
zB@MM&W8@9`e+mXZZ!2>xIzjhkY4P;LHBZ47rKQ4A1;QV(6p;Y0L`c#06xiLH3k{&a
z&(fP1pOo0s+k1DqZD{GfcJnRYsiMag#E29{76dtJ2)owBp5IbCJEhxG05_ppG(r`d
zegQ$Beup~G?6M0B1{A4tHqa=~yN6YB>K@hXQ-^9Ij{OU2HkCGhbgATob1@!UG=X;#
zGVk`zc!N;9jD>*EeA<RQbXh85&?|2w;F!dLE8~T6r$Yg%7*gldF_g$~Zn3G4RvEQ?
zRcYcCO-tea=;Q2^AF-zW$NRc$gS@|t`Mo6}?|7pz|5W*=<D-q)r;w6;69&tQ$`#H?
zvtDmJ#CcpW^CY5o{~xco_j%xkP5ZzgnsCU>6q}|d568{`40=xS%{1u!yP03jsU}(`
zoSqz}xLo<`umdS`>SmFuEBT&9Zje;H{c+)XfM|vwyNQe<pT-K^LdF41+9Z1xdYFfk
znKpPi6h($-q)nlAm_1mlqw|Z<pm1@_G9F8h6Cju_AI}O=v{kWrpG_wC%1wvZR9@Z|
z!`5?=m%Ym7SBO3_p6-1w&qlSyygk(KI%MNva{MkR{~X*o*67y*+Eo`701d5syIZLG
zBvezxYlVgn+hfP}*rrMPvDpT0xwleOmEujaiWSmHVNFpmn5xjS{L0-nE%ekO{5NXl
zZsAXND5>ZWi<|$mp8WH=iUUV%=ih}yH3DmXCFxgTZxj#P-iw^JTa?D(yjLzd^H<M)
z8$Cgf2jDm-UToJXjm2dx&v&aH7q@%(vR9PRXN&3D8X*;0%g!yI(>~Ich^I<+9u6R#
zv<E~BA#^H=7=tHA{XYp9917S&_jV(A0C8A{^kZoe+~v5LyW-4QY{jV!ej=8gOhtA{
zdc^1pMb?rLV{X#~tXV5#%iOU1%xbQ5^zI|tw^CO6NKa6?Dcej%JH;LENDnCDLDAY}
z&*@A{4!=r#OG(R>D{i#R0)0M|<T~oc;w^k1m^(+zJ%O1bPR$|ZY1X6T5Jyx%x)<PV
zlW&BlypFrl!_cJg@;unML)24J*%Jk-GJ6@CUs%Z%uKe<fs_U@6te06skKA=wl_v>S
zm`4H3C~h%J5g!GzoH<s|yJh1r*VKfYf5qN2&Ehk8WF{NW>xh)4kPu4Nh)Dj$3{tVM
ztzI;~&PsotGMfif!eyA*W*E8M6X%{&sn8or%4PC!Eg$ieJx<vv++~bs2-~J=J|R*j
zu>SaQ?u>V8bqYW2!F5ER-+B%|tcy)>JT1R=C$<VX+Q0WHKV_+K$mE&pIX+ty$KQsp
z3~Q@|q4~w^T;b)smeT(ix_=L;CyD9Waw*sRKw5mc<yCWtr3l@=0!7Aju?+dr+CdGV
z>g+EHwyXw+xJAD@L~N>lqYEDHC-cTCL1+@$?sV(2#;%tIs4N-DDLhhPr{)RVR_70m
z2Sm6u6BqWyeXS1b*#eIE=_*yaIh0rD65%Jq!kfr`n)EGozGqkSU)u4iU;xKprr=t<
zh&3aaj&T|@!nLZOrD8~Z=>`4K2qf_=ijy4ErF#&QS8@v{PTL|Kk%_-->6Bhi7UQ@6
zC}+P@LP0lX*T;fUU5B667Nss^SQ};;$|4w^_~$cxtV2PASc;dHOC$3H?(vzcHy!q0
zI{`B52hzdEZDqzIjbXW)IlP=$SY}=^2N<T8{4Slmr7i;+UO>TL(*FWwOpKp~yY+o&
z&kn(wrCBcdKf66oM7OvC;D&{%Sm-(ILxxJJZa_*IYntP#yy}9+FQzp!nZUvqFL9i%
zO?Pca6i$tXmA#>v!DZE~G41o(#w~J<_7+N=PjPd^ID$Rf#<+<El<aL^DGDi%%WoB3
zGQ$Y)(=N?NnE12aZaK)=PcUk?V;85A1WUxqzz-_>WFfvk@Bg~~;L`bCA?CJsXci-4
z!saF~FeF{gX~Ro_y60a?Y}a9jL?t{z6Mpa~&ejALQqDzHIE`oRfq9&_gE&za6CG4K
z&AgfS&l;=0G}iXTy6aAYnpzoF-ceK&7f#5DjU+p1(S2ioAIX^<y%!b)vn!<Hk!}^x
z)*P}ih>FXAy-$xLi^YH?^XE8W)E08kqcB~^$|9DioP&?l)p?JHG9CzCw}oA|l?jUG
zPMBBzl7$EXo4zJf%caAjEyC+ZO*AoJHtTXyr(JWzM1t7j`JMJc)6Y8=9W>|P>rPfA
zMcH#tKQF>h^I7}$)RXoZ&Wz7!sr`pcwmErYUhp-xGJ(D$ZG|*s+{lzYGc2h1Yr7M!
za;<%FS69HLN|wfZoK&kfCp2st;82W6^ysk1SELNtAUeBJR?nt}tto1GT!!T_t2o<R
zRRVo`jsFSKmIi7zqd57qpQpG|zB`eV7-egUhI;kt@#g3=7`$RWa7uR~X}&DjK65)v
z6;>a2#lM`k)dxiolV#@ME3K5RI95Ho=n;7{ra~%f7x_E|ghV?i<FdpAM+`aIsUrR?
z?T1V@4gh<V#{xOST;ls+4=P8;FPnV&#tiaUd;d{Ii>eA&FoFz{al@0Q^rII52d+}z
zsJFgWC2>%)*8wM@=e4~!tXY_L?w6OAFxV=?(i9@mY8sGJO7_tMzgD8nCi^KOuGaM}
zCzrn6XpHU`;;hE<jV#V)=v!6Fq~=#$e|3%=?fChGd8r;>BnlV56bOSkS~pSgXE<ST
zh#$|;sGIB;73lhq$?9ePp)dN~!_BF0H>8S|lijKRa*ga2gJ2}h-#<gQ%g+2+nK(SE
zSPs~!9r1?ExXbr`XE&?L-m}Xvr;@}F6+wd+$<NmqnC>Hj8G~O_lE{LD<5?6OjBu6N
ze>1Df$Z(50Q^IE%ivv>(q=76;DlbSxgXs;?W))K=bGYMY7+9T_{k(fN-S-*JuQ)1Z
zvHL3fb;dxW;%J3FFG-44*^ZwYOjGv7=B*sI3PD9voF2XW?w&&sLej0e?m^E5LWIqn
z@m|+}WsIWav_tQ2dQwd|SPYc@{>qPILSA2=L4Fj!+Vw4d618rL0Xs2cCSNhjCnEV`
zUV3L1|FhO{miO-nOF!O`BYV_Yo+J00S-r_`_ok>1T+7NUaT)lnyv*f()XfoJQtCo}
z8_BZ&rjaz@#A4Q08I(9P?e2wKKJY0Q&=KLa>GWWk2A5HDJa@U9#Z~5h2YAUaKm*Fy
zq&&GuV%L@VLc-9fgoi<`rnpvN>h;-Jv$H~eUwuZJ|GKNnh5h+CqJ;6v`Ep7Y!nyw+
zmGOf19;?0{p<L{;tkWa;n-di*Z}j8Y!X8Cc_<oEA{!<$`Sszpu#j7l3<PEjp+>)tG
zNy1}jEakBKWG-jzTv2G_l#x#SM+QS>f}kh@1EyK|U6#Ov*T{Iu;F;VvdE4NlPZFin
zZ(Y!BumoMutGZCZAS|xZ^{tbkrTrc=*$W*q@^85Bh2zqw^|gOsYm6u|BIKz~`<OeM
zk_$s>+1bO(U!g7j+rsx7dpNP8j<hbQ-^p5frY{^}nx*<pX1uN2#CR>g)P;TYXCEQ#
z{Y(L;)qo_fGA=`<3f)MW4?zT>u0rP?BiV}|DATk|ZnA-wm?`Igw+KW2w6|f#B)y$!
zWUY1j8VXe7Nx0#}vdyxgBlHzN%-??J2rno9Sn^e*0cd9`&a5E%);~G4Sx)y`zdEM9
zx~(Iu@Lv&H8$0a(=QVy!;YGZNpVa-bd-Bge`~?nHXLyp9qXxCO+HPuaIB_8-_JZJR
zv{P`m;X^xxO5R>QdK(1{6%s}R57Rkj3&>1;Jur8OTa#nhkX)aPOcw6sA<$L(<F{Pp
z+Z-5rtLR(Dphp}xbA4wXW0bd<ENX8b=Xt&z`}(moq3#8PJnHl-BpI!(hpvJ#m<_G1
zD4NON_qjL%(v`v)3p5hh@>_6kW0Y^k<atUBWeDfW|8n?W0Nd~D16(Te1#KgfQtm9{
z|NYM<+WQUQVy2KA^f%|IehW*Z5#if-(_36w@it5W|C@IpZs_djndlBJX&<3F1qioT
z32owT|10lJZiiZIDt)vpBL|+Bv;eX~G4&)|`D*m)w-&6fQfC?csanqwpX2O^wz0Ge
z!MC$9)u&(RU4LRnhxSwfl#P<h=~6Ndx4ygf621{&(mip%sJL?1x1YYDB8WwIod5s4
z6v(=W88j1SM=1D>g<dgyQDOGmFm87jtAX8TV6U48Hxr{Gk4Dat+|fJB()BU%h6*zc
z2kMo02&C9c+td2?yway91vk7Lmq-PR(SS1Peok6c+?u!nGR~rEXN(snss3!H-TqF1
zNytR?kKTXqDd*dKtOA1sAqM1FaMC63Zu@Kgh0jcnN8}QkFN}yD7{c^uzf#KKlDrzH
zLsiew+msAxBbs8yS#}lBI|Rd#>2q?-hP5o;pCyr2u2Axl#*}1WX-oTcmK$@p6Q%^Z
zHGLz~5VmK!NM!r#L_ExSm~<Q|PPxnYpU3ft`;zwz@};Yb%QnfxKWyL8LmSbP%%wCH
zNl7i;FkZYgt1_P|lsDkhooohoSp8iy)D97101hgTh-JbbiwK}jT481s^&Z$o-T$iC
zZ36M%$-ng?`Fo-p2BG3mYUR>UjrgbX4(xE@iH@=VR9ZtEe-&hHg96aLtdel}0!MIu
z;TSh-E?w#`W~P$#BkAd?qd(e7MODV`^A!^_co8hGwv}L$2&DTe*K&cPU!mcMsMNgG
zOijr@cC?54+R$t2Jg=uuR#+MLoz4arBp38V{5aI+e~1~tt!?h}H4g1AKYeWBTS2_A
zrkz~S%%GM(<fTU?BsbP_{7>8zTAcEkXD^p&^ym7StKNc{jXY-YmkcJGaw8UKq;@CE
z-ntmwD~Oet$KZ)o*;bo0?L&ZNKAN_6qxa$rbJ(D9g1nC%jeHNr%nJXj{tr5XPd!?u
zKx|dGNR?PX{qEQ_`L2naGJGW8)hvYr+4}xb<dK`g#22`EoNY?Lj~hJESE-s6rxii`
zGNUN?A!CkS{#8=*%o%3_Mt>zbSOLoE&c(5qqtnp6<SScj-njjBGt*5&TV}sVSkH%y
zarVlALfz?3Mwftm>!dek*dwV9^N+pX$P4pv``RgzK6XFZgjDKq<@(o2%sFFrg=Ca}
z|Jgb5liXPW71W=7B8ha0=ZgOZic~upX(bD_pm^*mN5|s|5X(bNLyxbX0Ucy2@O2_4
zL(}s=&UF9C+>LPbd9auxl#`Q*OBXWV>Ay(U#*DI({lg<DN`_G%@uQKQ{#^n2=FJ83
zMM)FmwIjFJm0lVdqu_eDTWss@+ky?gkEdB}+h=2+FIVXJmH&*7zXLE-dyCo;HJ8j5
z<1*~#N{_#BbON$Jx8h*h$vvLwF5mK5Qa38A{qge=Hd=cV{SF($UmY3D6sS$dCBK6r
z1V*d*Do7eleEoZlv+b?<v*Qh<$59%7>0W5235n^$Dt?#_nRj(8CYCCFM~{+X+A$}>
zjM%Xgnx-j`0*W&Y24m6A#Jy(2N5i9h67$3IWscqFA9+6s>dv1zw^1ox)OT0b5R*lq
z0BzE}A<yAex!;`W?VNs!(Z%uEZy0gV{9Ce<vsGq5j{Ei0n9+s^s{bP{w6DfuR-wz%
zXny9mYXq}QSMd53qvhBCGgMIDa{9SAfc;?X-P1!x+@7_-&H1a!4q3gpbH3zYPAx3i
z01=qvE1=d-P|>E-SfISwiADOs%V~#prW9z%f^5(d9rA}Bqx?Z$Z3!%)MWs@^yL?{y
z#C}PW5`l<B1CGc0hfLYd{D>Dc>h)QH4s;^|UwRmMlxhAKg~=<ThpW=@bof`hA35Rt
zBkM`_;Mxtt5^9EB4JF%D+8G?oa81d&bYhLenlI}#M#%jS!ED?EZoh}>!j*_n&Bmeg
z)65Ldakft@oT{MTM`&{y@;_OPCQbVfPn_1$DL7cDVZhWF+D4fahP)`?!bx9!rE#Yv
z(Xg~@E>c*M%jx?#o}6#gD)afvufMifhp_vN@h>di7bmWd6T}jli^j^6-pPtlzT?0t
zq8lsdEvq9Zh=5>X|NDEQUUE_1lzQGqBhpF};kSx?a%(SN+VX8Q7KIub0Ynh@u?mJr
z|H2c>7ZfrkD~x_1Nb{*wOPMR15P_uStWx?foBlDPyxcG2&%6lTO^J}h^P2Xe(6?sT
zdUiDXpM?KQ_3~I^GzR!bjZ4eK&oP|T6!*<Xe9=KAppaO0vAA^afDJz_N1V4~6x_E_
z`+z5>5JDYxJ%<_bC^Sidzh6?|(sU}>E%XKeU`LXE3D#s0F%mR}`2WldJ0cav8^^sM
zgW_GNUTD!WHn91HnJi^ZNuPxvWf{WjRlKE<-f}w@&w%CQY(G7c?D5lt)uftU|6F{5
z`EXo0`JBeSy2}`qRU#QkQEIKNPtN!T9dk~Au%ne9Gj#lK8B<ND<y<u1qJc|8hg=E`
z)tG9DQ(BSW&m4|K!0d!h<)n9*P<PX>Xaxhwhhm1jaU4-IK@&*3Q*~W8bz;-=kijo|
zW!UmInri2L`SoMjNNMz>lr*O4Z5ZFAdqkViHrA+9@=$`SBZjZ2|4xv(V!$x1W(W0~
ziX!(ZIw;vs{=3L4aJVoY-xr)n@<@PiBC?4Yv$XL0Y?Xi3iBP(mZoE);cE>m7IU$vO
z5j6My?h(Uw=cz@VQjpCQP-gr6F(fkexkdhY55oiJR-fcCiwOp47j>BA2O+u8{Dfhq
z$WKkL?CAcuF%*Ueqs%d;@*<0-{*km3SbhQ9ly^N?r7G+M%D%9!`^dE`X}fb0HtF~w
zi%-((y5O%jq`_vxG-B#Lk&pHPx7A!)P(n46$d|y@esa0@Sg@3iiyD`N;Snim@g8aS
zy>9U(|EujZ4~!MB^o9V2uw<o?yKv$@azXukGySg{BXK%?d3xvQ)KG9T*dgez0wqpG
zpc2e^X!MR2{un1UYeKh1OL}#r*Af9qL<5ex)4$WZL(-NF9Cq)Q+e<KoidrNQ@?0)>
zXjtTuP4H&j8%7?iMgy62bkE{{bALQyNzEbTho{HH($|fxA)$>qx(CkgWU8SJ1w=_U
zC7n4+BHU<yFoo&$M?grMlj*jnagg5M>)NU9Uf<S7U<ON}?LwAE-h$o<uLUtaNp?+u
zzN=G_^+s^oRgY`gSV=;0Q!y;`E(`h0Yw$(Y|40z>CLjEDTOSSdB)eZ)CJ}37aa&aq
zG>3@DbY6<Rk%|IS?Q!@<#l1Lt#nY>^qi;JnU)V}4OIcX*xp<Iy?(WCAvE?qBF_~30
ztpwn_UDLlm6esw1fWO$0>H>a!NVN3R3aX^P58}F-cD(!9M9e6QUbO|@Fcw3B=fMix
z9cENc;=-dw0nqZ`Z(W)%7~FpAN~a8~N(o%Op?PM;2~zx3kk`GM4BurBxvIgwZ29^z
zWbyBr3<3|IJWo8a%4b`Ug0e@jv`&M*S3919(E=@9sS|#6q`iOAr>^6j^Nat9a66V8
zDaH^!A|=R$Pgx2$0tXhIFUheIP%O3yzX_t|yyZBps@!q76enHhEpPj1eZHfA9=5BO
z0S7k@9X;NB61>l<pyS+)?56)K;VKK6S*{E1sGsFLYd`(`b3HoN^8~;lz(al8jfQ9p
zNUe!gR#U|d1drG*6>B|*pMr%$^9>VF8#}g>SzPY1c$uzRt1f2vonmZg(>>HJ9i;MT
z$sj-QetzK*Bk>nT@0QhtXE0{t0%uY1<XL@xHc|vVb72skGVprvb=XP&{nw7atm>L!
zM%@|@yENZ6$%{I~pJ9&X={<zORUv~|#aaxum1dFRxf5n?tCwB1l|97MplZ)y**sGM
zCDR3_?|zN`zyttQt@fi0T5@O^iV6M9%0xRc;w%ro=G32Z<n{`f+%Npq;(>ps(GtlS
zZhh$o_>|7}-_C5*RzvsnR^n%^scHv|Qxtwof>62mx@?f(p(PU!F{1?-5J(SikhV;Y
zb!VEM_rZe)54AJ<H43&y(l8{F%0ljEmW!<*(|%jwh=NB*9WUXbau8tzr_}`+a8rr$
zK2)ifx3XWK9x(>^dgg3lbYa+E$1A_%M3Ez_nZ)*jM3^!I9D&9)3(tcG(dcXMJe}~T
z0Y1H@ZS##fq9x}4K7JJqj=ZV<NSv1dnaPxZu+J(LHE)7oE6+UM+NJB5zbPwPxjGZy
zu8rWdz91Va@&q%o*;Bnljg-Hck~6=_l8}Y8%LLuNd~>)W_2PmoOVve>o+8lL{6Eug
zw%$kM6tWO7f89_3WYf>Kwvx-<rt@b=j(De13+yd^D@b5O(RkfQ$P?lIRlLA;hpH4M
zSlq^HM|OtT_cwFYOI$q*DdPS?D*K%)2QoaF#Dmu2IEmzOAkkjD`(Fy6jjOL{rEF{^
zoR~3moP!>=W-dU`yQ0BBlLjI2Y_n#Wo0b5zjOyuxJcr6utvUn;a!8=-BDh`hyJ9HN
zpb;K0OG56&w2`GaVPY`-EN1YaWD*BvyVW34F|FzQlRMm9_C+#}%Pybv-{aa9g5C`z
z_e<4DwvQ{nRt{K4a3d{kU)kvqj$L|=1Vvts7MVMas*R)Ghrzns*O7$DE5F%7a+_4{
zpH3-Vjmn~ac+jvAk;s1ku>CTjA2Vd|F-c}<;|l<b6_9_vzBkMy`+@;Dhwe}i8`sN}
zh?CFuF=y+!<DC&3bdIiKeC6|#sbi?&%n9H3Lk{5v47V2gH%#<nl%Z*{dbOXHRp*lP
zk*^v48+yAM5n_Ul9mGd#&-$-WuM(^94+?&bm_D@2qYt5knU2!0@}`RXB|PpwgrfVL
zcx8z{-K_Dm0YV7~7i-78QMI4J_C~!D$N~Lh0yrP^+HpCit<%%vUjL1PW#&RiQpSop
zZ}kd_;YrclSmO;-xU}h*!hX`MD85in`K_>{a300xbE6l-hzMfF7pfm5hiNJM<9iQw
z_Rtpxd<XT8=WE?_jfN8a)sHO94^H3y^;q`%QX6dSX*3)weLN6!@$;^W?F7aZ`k99K
zXVAUi@S_A?h*$L4%X{6V&VXd9^)mW462?Hy&zv|*96$ZG9g;SkP6CU%gZfN1b$0!<
zeM_yDHtGoozjW;%()~zu&mUQxm5^D$Y!tI&8L=TQz0Jl(5%ZHEbJe)5I_NGhIh-{i
z_kJ-YUH~}P_Q|L@<!b4Mxx<t_TmR$^`9_7&uK36x_GmyfPnCV9?Zun9yulqA=*7O}
zmbc=wI{xYFF98m3;R4%%yYMaU|HIc?2gTJqVWUWJ5AG}yEG+H>cY=FxcL*-Q-C5ir
zxI=K41b26b#oZn5zQ6kJKexWRTeW-U%&9ZgTYaYI>F($B%w<kolL2;$Yr9hTFVO=9
zNFYl<V6^zJ#c|6gX5=1t3(=3T;Z-N06kT{HzToDL?$d-AMpQcI5=ML`ysP)V)*d3@
zFsEO+oYOx3<%dVUwT+buWb)@l!*5#(05P_*g#vE>8CrCV<z`Npe-n5|Ir`jlf-1JY
zvKhYN={WTP_xpwxuqt+8FqG+}+Klch1N!<YR%D&XR`?)DmjGYz8{$!g9$IUS!`l3a
z;Rtfq#eP1s-2iE|Zjb#~J(}{nFHnXy-u+oDPK>JBLaxQMWcEiu*A6jg+;BGzb;TT&
zY{8)_2aXr<xm&r)>->0e#^V+JUseT*`j(=T<1Wt9b1kClupn3oRzeT=KD~5>oSf6_
z^&E4EAG*U?GxfB*Jn_kSTAGdE$sdJ^V3;(_f|%iAdEy-?Q%4U*KdT&xQT+J#fDgEg
z&2!(5O~#Dnzv01CWdBO-Fp_NGzGqKKHXr=`UmSt3(eLo)b2bY$_bQg2K|T6Ov96wr
zZz!$dsd)4TnU*MmZ}Q~QrDfV_{O&lfCPqPK<OD+kk3@%l+@3o2&l%_-6Ws*j7aq-Y
zL+a(v*L3gqdy;SR;fD0Q6h{sR-?%{!`ebYi2)*KWeA&6J)C9|%Ak8);-|M=(0Kri&
zF^V<|%peprJ+QX=ofTO@>q2t#QnJOwolh>DUryj)F6{J+LMZJ~9>fSli~%P6r{+OE
zx=!D#ldkqcLD+z`_-h8m6}qXfD^pFKF%Wx34{<M4Wn%mtTsX{A!+6e-g+Fe7y<N~c
zRCxK-Q<J%i5J9A6L-W|Vk?~&0m}$X$`n@JYg-}p~aD7gqB(xP|oR6GHBEXY|L_;v_
zErq8UHR;skAon%2BKP4LI%a62B%S@52w#Ea+I90lI}m?0*opqT!=@CYl&$NlCmN!|
zPYV`D10gF141taD1|en}?gYBjf#)CRZR^-<-=;LdK&2>dAq-^k58F-q+aq&v*JqOb
z_<b5hp~<b?h0s_0+|~#VX7M|Eo1Jjzzo-HeNQZBPsJ{@=W@5{c)7|*m+f6ON#?YM$
zcb9RJK|$UrPi_9EJ-e#{3AN<{OzeL9R~bTltIYz<eY{<h_25a>s}>evKYfXulysp<
zgzXS0W??s(ZK@?M_WptS6==p0+f5#O0qQNy(~D@hN5jNHJ%V=X%>6#GX<+sjhtZDB
z<s}+=;kxf70|Y%jD{0i?f<&86+m0QM&`16vtQ#(i2J?VKg##@Cd)MI@%e+fY@I&b6
zWZ^VGkK(V+J=p^+Nqn^sv;W{7XcPY4dM(C;Q^^krJnnD%cl2wHu-*wEPHsIn{W_4B
zVlwP2=z8$VZB^<reN^@)Ukw5XJP9{zAcj5QG6H&F#5+<B7={#bV;BTK^m^U${W<$g
z_io0W6~5<|Wpwzns9IbdYytu5pIKf2%Qr~QYbUYBU9C~Ns8<{FU*AJ&+s{}RE=R!Y
zzta#!x)*98Xf&jaiNW<rgwYq38!Pm!0a0|+%R2>sgE5Zd$yu1JKeM@mhdg@a?_=5Y
zYiAA4q2!~G26TJiSBeqK-S?e@kW?i?)Z9axA+j}jA9X{nts;g8Iyj}{w+U#EH8kyp
z$o?&@d%mP1Nj$84zJ}o^Z^~UP=;NT_#g8CKD=YPwNH?Ai@o-mjVgH&zVK5wY2Lf}i
z2P4bsPyF-7Qa`_0S@(XQj3>U_kXwjc_9Eom1CPPk?NfvB=J@)d|8`xnDw*k+D@%ng
zA_rAL*3?f1>eznM16R-E(39h##H+Xys-lUo^{_VtLIty2Ww*TF(f+m0cI&>}U~2~2
z0R~6dMAd3$Z5X=)ys>{Pc!>-=F@f{hu(J<z6Hva2EBpn2*qktLZ*I>C+qq=PC1`%A
zk!i<^fR7%pMTXd*yLLD>n?ri8fR!dL@+5l+1zk2nRI6u`q<}Hr5tEhq4uNod)HTCP
zQ4Hly)=_s45^zHQIp%gC!>o)eyK!9H6%W5Kf91|gra`$+xmLI8Xxmvr!Mo?qR|779
z_&@_MMZ|<fJ_@6!FY8*@cy<E*Gl^CHE4l?>-|z}MyE>rj3&Ou%7_Z!I5Np6nBtKft
zEY`W(6Gxmn+vH>`NJ&-a70E{j^9lcrwT%&`QPq8@zBEzFCSl3k&;0kUQED!ffCHhR
zatfANgX8ATU*gq4gy%>S{x~id>nQqkeY7d`EQITsE`Ha*>h(8t#YKUO)t8Ri78DDS
zABd_A+y*cX8a^~i>n@jQ*v%&n`Q<7aVfBr2_J;yrwidw(<pr+{K6F99x<=#Q*F{aS
zQc1SE)=RK3i=NmWrUhpdpPSGh)p_Ijxc|8C*yUZoTh~m0Mgi_8c;|I*>FwV=d5tz=
zgLA5yw3B%4w^@zgxxc_YM^?0gXJSIomW<oT#X?7bpj5-CH?XJK1OJWKgwt?wm_YND
zR9;rpkg=$#TsusHpyxXl=mKV8x((P``#^~T8_3|!qeqcN!RD^r++*-yJNK~_c;!)o
z<dH?#at3j&EI{%yl?O+&744>))b1-xc$XD*7{vb1AM%Fp0&sE9Jrzd^8@Y-zMJ_kD
z7WbnMV(?<uJUK?`?-X(oY^$yAKKv}a5c3v$iG{bq?Kjx7<zKO?0y6s3Pudn;0rm~M
zIi#h41>Ed)w5-vzLbA8wO%1=;VkZu;1m4L4ay*g_IXNo3r?6_tUAZ_h;fo2!`1k@f
z_Z@>!V10!)40(Y+iQOD!KrvBhnZr?j;Mu6>;9cfc>Kgk)-Po?v?f`{_3m2oJ6w8PS
z`7^xZGxX~%@+WrH(yZ--M3hcv{k0&ag*{VFWpn;P(pQ15H@n|8Lwdh8iPHU8$e#*(
zDo9RND*g;wwVB#gzbRNCDym$=^r4~Q>hT+f45i7Qq3_TjT!{Z>Mo*}5mkHcuQu8r)
z=gC^TbepJvl%FQxV+VwpT=G+G1$^5)L;R@D>vchm%O|@L4N>2ltY>cJAu;IMPYB*+
zT~nCoI%y8*rebb+;(*a{q8;cg?fnR?tRnMjQoINm{Gd2!0T*9)^l}~i)K+LPI{mlq
z*>U(~PE`jIb4OhQgl0blqZl2C=<l=I+i9d1Y;FU4uY7II>`0b%N|=I&QX)T5Pd|AF
z4CVn(3s(DoO3n9L{z+@M?j>ME-)N@|mg@G%axMthf76|Nu%IMZa+Y8(E^tO@Gi`iv
z8d9XZwK#X$*rW-F@)J&p0naa6+&y5Ig5I8}Qr8qnQQF(67Z*7}ZPG7?`k4AZoTKFI
zBO8O=O2eC)T)B50RsI9XzTbNMNj>uR?&8(>_n*M@!6k;7f~+s(8-A*YikWNHe>SZG
z%fuEmZ5YJe)V}%=@#P}uEe&ev1d?JnJd+?TGbBuy^ACM{yk;G0ieG+F#@7VJ@>`R|
z9{RLKjwZo6JocFCeR}VJD$JFOHQyW}m)M`}P=9%s{&Gxp*}_M;>eM^}0BI@>)&z;O
z{_Xi?zx!etJ6xFq*3wK}4R>pB#oxU;@HcQ|c`c|3aC%SJEekIvbM|p67{Oix5U9pF
zb=Y9&6C5Sz#_Pae%AS<d;8OB4bkaOMfX;jhNU%FR?eIAU;&z`jht3Ev;SvW24y2Y>
zX(}exsqS#U$bCo*Nj2&a%uNQLdA>&QvbT$y+K}0p8YVQKv4%TaSw6vC>Fen^y+%oS
zn#hm6bAa9BJ8zIMfjL!V)BNlaf~&0iUtTeCP&J}M6(^C0a(PpB&Gfn*pW1obAzM4}
zk0DKSr8xzQoWa6)bHlfVvYUNgsik!i2+jJ}@dDId%3;oLYc7*>LsaN_F$g?pe5W>2
zdZaq$7gY!iPHE?T#!(P8mFd6Hd(<KE1W1l?tN0-j!n6`)Po0GF6R#vli4n9M61CQl
zK<RAY>_)v5bZ|@B`|bbRrs3iKP3CPq7fbp|{UM!75}`|B{L2?<8LG)PdMY>FI4H{E
zM#}c1SuY{O5b?N&y0^)+XAf~xF|4WJGVaefA^mYRIoSutZ-n9`g7PETOxrQRb9?-A
zs~km&%mUx<L#?DOmk(j#6+3D|p<R^0Ns50C5<FO@#zJ0{oH-3(bh0s(bcX&94))3|
z-Cz{tD^$Dk{C-SS=FX+~7<*{Wv;0f)3(w21Wv%^8G}<a<+GVNEE#=8xHC*$}El*~!
z0f=9jxtQqBI{Zd%tEwqY`cJN~9=An_)5*27cYO7rWnS^YHdES-D#69#kYNhua-)q^
zeXE#Vr=FNUg8}r%wYjRoY@toDCHx-C@}=~|9@Jj-0?m4Vpxvd|Li#ky<Lhr+*qirR
z<cKw1Wm>a!KZk?uU#A@KK4?#|$FiiLW#ZlW3bme?AyF30tKPma{E%p;;m9*pPoDRa
zIIpYl#Yq6a7*|r+zW*R!b6{0hgtyY9$(TS>CB+@a_nW_{&+KvjT?yDaj_%KH8zuCN
zqiW7S32j}oz8u5BZ@YL7VO%0UByQx=PlC6#nkU5u43THIFYCz8onisp%UXxsnvq^-
z2RNYUqAHyU8c#@!0km7)Zl|Q!HCBt3a<`|ez<K>kKX~o@C6hM&3%v!G&I*k?jZ#{M
zZEd)1?|P*a!W?`Z1|$&;PT_z}5McOAoYoA=&<Tb`IM4C!!${H(#_q}#DQM`(U9;V{
z>oo-bW0Q*d+3#txv`1QI?6$5wO(SwwJu{$tGD@YN6WHP3cH=q1wLKA(E6R2G-q9+D
zhr6H1`y-g&tSL;dcr@1np?dkDvc!6t(!k^GlC6HQQ>Z&PK(7V1u01seR0WU|Fa0RV
zyO39za~3M`H~oIL{-etQeLhuE%x&B`$9d^@$wknCX3Q(rn5s~*CF+yy0x`faH`yn*
zSE8osRkv2G@V*7}S%~xZeVk7?Oaf)Ii}W&d3*~@!!l>*#&EKtl6ioZw+`|x&kvPDZ
z&I3Kk-HFESIMZ#`*jyX6W#1@+#+Awee=1GkenQ$dEWSxmB=517gMbHXFpPeY$cNec
zFn6T4mrA10uiTuC$S(YQ!Oo<Iqhv^*d@A_jh?+Ci76r)SO{eZ{(7nXW;?dR8p#1q(
z``p^<w(HeRnOyJk{Z*dvS%2sxqb^#`4Q0AS^ZtEpy#Lp*nsZJVkXyR;{J|MndSGG0
z?r4x11p*E#C&LQ5yi-kxS;Fpc%VTbW+i480oJGlQa<)R=#-;2UYYi@Uvb@!Wm<ul@
zkI*>K(}J*n@5({w6iZ=r6!cDVVW?UD{8t2X(~(+xkH{({eTF|RvC4|_Nx~$r*vj%G
zas{#Cq6#A-+4^a$NHerpwq#T}x30X3^*v<EALE5?v_7Qq2U)kQ@1_f*=2Y-7dJURo
zYd8KU<<bW0$MHCHv%5t>S5~?+F&(Yv%T_2-&d@gHk|{I$D?tMPOJ=Nw`|TTg_knp*
zk=|n~Iim#m<McP^#$TsmI3S!>nmcqt+$gD>XPJ52qWTNd4Dr81BTi+3@m0^a23G`M
z<<*k<GoBg(<CBAeZi8^5vnqtx{pM>5Bh+3j;iyI}%GD@TEHCW)cON0P-w=|b7M>XO
zh?e6j4{!P_Oy$1FzK-nv#s*oHGnQeU{(N}3e>lJMD-N>mB?QJ7u`57`E&OcSfIcXH
z?wK5bD+=t-KVJEBEQ+zN!*KGV;OxXHgcuOfkF$bSs2fcyQE=H0Svbm~`|}HrEb>c6
zbO?{=cD(kz+g0ZB6n9=SUTomtX~7F1N?lKd^7CA1$1zzA=!DA5%){fry}sunEJJz~
zx?xd-7H<L+(d*Q*ri(BTvyUedS5W#RS~z?JI)TYqMXP}fI&?*lz<ZMp6z9#B*qAa$
z0hCW!nISbF#iguBpc~a4uCq!%%a+r53J+)Qcv6Fzti-^W@QVrwM6&k>+Cbj(yV3@L
zQxBC&fOKuA2}2we#RL3vWXGw!DJ0>o6KlsZ9S7h%$Mf9bgYY+OhdC&Y+||#}JinLY
z^9DAP-AJA(7Dm?jJi{JOSS9O#qYx+%o+&cv)^ocDOt^>SW<pCT1%MA7a}+A}7alGi
z<oNboE&t0_hZH&623cG#ExtW|W&xD{-7QUImPLcW*8S$OCsNC`;*Y{PW+$ki_)aC}
z%@l@})7i1RMp$uZy?6w&;L~H;%zSUZ{qgKoQT;?N@nnL1_diJSZodX~BHTm2qu%0b
z{*P?qGEs}>A)Z3--{4PIK2BZ)1E?!0CL)iVuwWzm-cqSYke|Wg-_(gw8gc)`p^4Kv
z#UinSsUD1?*UoS!+Wz)rBG44n0kjKeU{PbhBy4gQIGRRKfdpgQ#j2|y8T_GIH2c9_
z%#z=QrDSnplK+XXDBmc!r0CH!A1tMY1W(m0@l9>#b>!)G*5efM=?7$R|Gz_|KK829
zzJ9*=aoM_cQM%!kEeNiPsYMZ$tL>UsOOP3bGHaHd<V?J_mCz0!JVXTl@1&94ApBTK
zbsXbCWLO`hX@(pRkpC;ahg8;~D72lhtGGf>Usp&^z^h$eS}N3i4td~dB=CN+@hDki
zs#{;AZTkA*p94FEAe^0r@m93zz5@M5Wz#XZ(qFrU@PKkL`9_p2cO%<97f2}?SlR_0
zI)e0a#W=@dh2cra69_#<*qR*}Uj~8FKWxukGDHd|g_Jgv40P4%J71bnxG9>T3jg|}
z0o{ku4*9y6>b8tZLLe%Yl_x{qc9*q3bD55j##bmMjGi+?J9@dr-Y9W}^d#~Fe3Unf
zWpT@%*_q#t;Ru=S!jsYvc_pkdc`Yxhdv-Abx;8W*)ShpsOIy~d;H0cPB6^h^{PT$C
zVy`bNs4H`^AT+>>Xl&>!vJ;&t|4`k`R7cscoX8Y`_kMz&x``QHJj_}^JMQtaj*5i2
z;J9At+FRvr4kem>;AsJhE!&Mnj`<;)r~V2i?!L}YSE<R0I`j3vbdVqXvwaESk#m}A
zLMwAg1z#l2)><L{aXObmc-@tVG(5${&*2E+{Vp=}ZS;#MJty8xAJD@U|3^?3thPjk
zO?rj^?f`kK$$RUn8IiIGS)gsu^Iex(e5>Nk%x@+@n}D=hLbnLI=-abK`OsXhXND1R
zDoG-K{^v`reZad42jF^Ufi?Fi9yATzrH}DFnw!%Yfh_L=<w>+rMGf>J!u5bsC7J}c
zqPS1AZzTs$;U4r=Anv2?3mBEl>akmlVpKZHStYR<=4l=HA`Fc86o=bFK0z<l%$3De
zzd4Ek4vUnmPv&>BcsL3i&(%<{7sZx8vg4z_2v;X_iNo>Wxmu^qQ8+Cvj9=cwTflgC
zez2Q{{nAT-kuI?lr}5~c`8(8HgshAXQOplSd>Q-T%9YdH&EU1ug!OoQ;c6!t-<h2l
z>>H71u@)02cdJ_j>uW7K1r7l1)+ly%0#Q^`FNrXM4Zb?iyN#Zvx4RH+TCzo}Usos<
zBHn{VQ`wtti|2wk*Lz25caLazN0X~T8yKu%nd)_BK88NIJ&k=GXkBE9fJ$vwb4!u0
z3rUVwY+n(WF6NW7XMb`=uL<L8Br+8miU7@0NQtI3RpPPz)+Vp}1a^BJPb^#x&Je&y
z4>e8lG#FZh5aD3CFyE9Q`ZnRFB!3^H7!U#76rw4AAs24CA8ZyEe0}0?s(rj>DIqb)
z7igJ{fRvR?WC#vuI;ToKMaH0C)Xi=j#e2Q_ah}wn*{IS09joaZ;B_0L1{ksaN{lRY
zb*2C*J;pwc3L7sarf*%eo`L*?(4{*{6ZP2d7}0(CnZ%0c09wXjNJp=Z;l6l`W+d%U
zmr5NxlS|mgLu$bGF_1bFP6tiqxrBMQPgq8oDmWfR?$t_d`L(a(H@QQg*G;7w0JYIM
z2DnU5I0GMnhPDzwFP5gNV$~^LHf8Z3wf+>uRTl2Fy~hdUjeMKUC*MR`{(N^d&$d#1
z<crn)B%znO4SAVZZ;}%a841=Y>U{t>2A;`xiVkp*^6?ZcAL>+Ow;;eL(of|QXS}@5
zuv0d`IUQ*h5{ev@1W6U4O(ToFQt0E4Aw`|7sRD=T31u0|_zK+8&S$+yPhA2P8YaY3
zZB>+WjHfly1b;^5Uwn-ELb+P6oJuz2O%c|S72=z64+(bMhVoJZh=uWN7ksZwhgc<q
zjP-{B<9^Is)|EJO2D1OuYn}Iq^WlI_!+V_Mvbg5n89HmNQ$JH102zN@oe-WzZCpr}
zLWS6e=7?t~?8412!`F;TslrZLvRF1IV*X<#0RAL7>gZl1pkTW~r26F3*sib`-lPIy
zpF|F(O9*Aa@cursM}B<?0P>y<#yDe$p8p)Sm)&RRBxOTax#YHC)|_+Gix~{h?;b7K
z8tkh)A(9KZOI?4Rph1!limyQI5x(0f#ixBC#tLD|H8-~UqA3JR`GWLM*i~^ZhPV*f
z`Tdm%oC+MqeF@>9)U8A5DiK;?7DqfIp-l{e@ks86`2)w?zWwi>ZvOlBHoEx$^7Hff
zchQDquc3buo4Ij(oMneEaI%lYuOA)SFB_289Ih^MPxl4dd_KQ-e$kM~^mbGWjrXX;
zXjSa`%!%=b>`|cL-?_gN9ykuT{JDl|&9RqiWsLbDU(INxgz)=D4-NO{NRL+ZI;`W~
z8{V(0rc``thC;b^YuX;KVi`jrOc@GOqzLI>V#LvcBm|h;tFI+8PNlj=v^~**&l&uH
z55c(2P1HILQ`e!7R%$b0?2|{g^0IZW)$vw2Cy61hS`DT8cr8BxTd5%jip}z>2;`L)
zoXw-}34DQsYJx`z6az|DRD5aHMizeJI#PVSmj~RsPE^Osz^p8rd=3JNB@EXs%pn|k
z?|eFo=u0=XQF@CnVaAAlMmuJ}Wu`K?aUP=_=?$+}f3>{#>drY%oHUbWp2_odnrI9C
zzZc%9=}?5R7cZPI59i}u-DS%U{QW;f<Q>rNNT+fk=6c{pp%3b8Y}deVXM(Sc>Z{>w
z8K%A6<{~|l*w?jVgm`y3+`msZsE9WgEG)btL=k}>Enx7!abD(<<fu9qXeHm(=5&u!
zgj%oook8f8V0r_t5MAVH^j022!))F`&%}ER6{#q#G)13YUc=atdaL@2)z63a8-Cmv
zma%sCZ(nLPrYI)L3t-r-=rsEk+*hi}85&L;tSlTHu<nI(SC<xDhU0~>zFdgh2Un%T
z-kX$BS^D|*(O79rgpDOh1_opQ?FH}?^0rP{ir2`RBwRGb@Oz~#ZtMh(js~m*2gK~^
z)nVS3TU$-79VNiA?2$BYZthh@S8%?(Cp*16LvXL7zy#wn*2VXhJZ+tRL$50jt3547
zOO|2wH-+e%*TREt>tBJ!5SK$KyC%vepXd<Z1B_vCAJ9P)^Qj*f)M&W5S`=ydnx5FV
z93_jn?nQ{#+aZKeo6wB1XDV3Qfxt+ltgr_f^V54?ic=M2Q?q?Ox(Qg_GZOHH=N&wn
z>6<dlATNen9zWQ@t}+3{{C&(ywums_Os#vl4{ZzmM>jMJTqbSRjDK$y)AMN#`B3fn
z)yTDgOtfYv$Z~H3ltK0?M7iV<4JJj8yRaYiMpcn&2zvW<sfF*9r`n};^3(k$<<HSH
z?*tR=%$>zX<Ol~NZJWPSngsGq@co_Co*;+Tdk3?AoH{Q1Z1pt0o7-?d!k1@b;IpJ*
zsugH+cQhsosEq;*KjWD`mjOQ$2p-00dAaP&!gu~YF*2Ld@beVb_Z$)%LV3#VJW5D{
znJm6d7g544-DPbCt3TEe2lIX@so-UUi?g_~G~ixxEVY-#7HkHW0b7es(XIMOP&F=j
z4hG&ItHW1wJ@dDXH>EJ#+HMDk)*9W3OzoDYuZze$FXY~<%FWC5b|)@6W5#&xW5&4F
z@*3d4!rTW~GDZloq}(A)2*QG?d?Wkz$u(ayF2Z%o`&j$whEODgba1aBTva3cCqR_D
z1fFqK7AK&aWO8531La|bXem9Q71s0iq?xar`p2aenb9h&f&GC?Vm@3;L8FzUQ8+OF
z^Z09eGZtA8Gk356T?{y<c%A<C0Hx(+=<(&}!&?b26Y(hL5A_M%%mF@E(}}2IUk}UR
zrfu_N;;X%5P(6h~#XyEXedc|bE!@jDCf9~^frDjloThOd>*~b}pKg65yD>759>sUu
z+Qye{H3QlqgNzSfh^v7@#)$KF7^B5#A&<&@6hzRzJF2fBWq2*Xx`gVsf`45+2iV`9
z?KrcAl@=-~{O}Cs7f++D%f!PMM|yvSG1W;WarG1>8m4I$Ubt&l6+|uEsLg)<r4YqU
zu%{aNIrGk%j;wps5zB$g=}PU#{Sz|V5KVwgtg6fO55aAF)|}{_FUdxHOpEpd!tbfG
zb$S`SY~SWjU+hM0Ez&;kPvn!^{m1amTdujw7_^WSlmE^fHNuJ~y8GaU{Cyv8#mIT7
z2m|a`CYH24Sx>Rp0_L*cCsH@8d;V#tm^t?(5HHIG9JxB0#@tUmMe$T18io@HY`{9L
z!=Ucd@%(^K&!}gs74TD^XJ1drK1p!F@eC5lt~bkD=JHD2#Ssea7@%iK$4}FFb{S&$
zGZ}(;W?J>#r{p3xvp3)IoQpE-c_(&!2kQJkP*ybh%08~hduxCH7I5?UW?33BM?d)3
z16BaN%zsyh<I{6kfzB77&Hwf;(0d`h_1npR^a9y%$a~jUnqxyTKzdps*IZvzU-S<x
zSlNo&nTPct1UmDXN_rQj+NNXsdMpd~#MS_4lxYHJ-mCl`1gocIsYu+T>hiXR5g@ZZ
zq(_>uVhm3?X>#sSR=C4rCbFTBmo?<6t8nKkKfQ<|tN^_E*o0L3WXkA*P~0o`6S8{c
zI|y$)nuENZ-HNox;}Ug0m*p4`$)LeARfoN*!&1iQ3)SnL?D}~9vZ7WObQ+Ey98Jei
zI>w}ba>2NmB<UEZjVXk8KzyeK=clQZ{PuOdO>Bs9QX<*tTb?DS#lJt%un>5MT^2y-
z_av`FKVGn?`(DAdTRXA~$#A(iT2Z@x`7;@yTd)pFpL5vf_MV}EZnAbpQ8a)=i*G+7
zK)`pYvCK}u$g9xD#oKF|71yI@7~cB;qetcRE#qUh{riEg$7buH=E;>q>fjG%Tu@g1
z%-2!m?Sxgs)I>=Jcz3z0g&Rhk228>ijzr9l5gMdg{1iyP1Gb(28fH&F-oIF(n$rY5
zDUwfa$&miUW`p4X&ex||>5~OTz0at+m683A{}kPle5otj`gPRE=`)fvVD(Mwsg6?=
zLXz#9CA<xKSxvJ!RFplu)7l3K{9DEF$;|bed1K4nHU=VqG6*-?6RxiLaxnYy(P6fK
zqY|$iIz|oSiv2EItujCS_H)+S4yD%m9O=M{5<(_Z*A}b?F&e^kdm|8*$(oTXfvIMR
zUZP!qLVp2+rr5cr1y%X!Y}8I|?!(b|Q9Re*PrHjE9y(3-Joxjs2XNk--f0&VHigMt
zcheoEp#ej+Z7havohw*z@#;i3j#6Ozv4Zk)Leupha2Un3KbmAEc+gx=V6^k)n|5_u
zQ{|kJow+q>t%}AkMH>Jhzu$sg09Um}efII0ZT06zdQg=zLJs$D+JRt?cxy+cc>eG1
zl20ghkH5NIWX_L^9ZyheqDp5M=_z<GBI|L;5JcWFX2giBa1|_DkiD_N16uAs!q;9n
zZaz7>MnaFw7shKCWrQdLhxu<D)}I-i4kt%<9a&5bQsbzaJ<U_dwd&*cmCGiJ63FLE
zV09CI6n`;kCxQ93MuGB4uel{N6rb0;6Xk(zu4>mbAaV)RWI{ZRF{4UEk3`n{&TUFy
zS~#N&E(Wqs4UC%Jmx}sqNi<;)&de)bZdEM{F+E@LgQzaa9#S5;Jx(+EnJ{eb6$iH*
zP-8m<87Q>%LrnFtzARf%n4lb8yae153{`<vx703VX#Rl|*;A1<I|#?L#E8<-ZiXCF
zr_OvYOZ#^IMG86p84^hR#mhv&#oCKe=xJ<3@cKkmW}0(nsVL+*VO&B@dw|dbY?i)J
zo~yF!WH!f5dSwUWocSyCr!YQsnLCUl`F&D-VsSt2rf|0=Nnhm~`%UdGdp~+e<tgwB
zKdK%2jfO+u?-WFSRy26n$O4`6gGaxL-76GCcgY2=mxIJBKcI@d+U{~r<Z#8Nr<yH7
zs%}=Tt$58x*M%kB108cAVqeK3-Sv?^usSP|8UN`PR`x3p=JEjdY6<C|Ny};z3nnTd
zJn4no@V|eZmk0FaSZ0gl=e|Vf+N}L?>7SM{?x*Fi9p{-KJ{N4AN+fx&|CD2?j;73R
z`cl#Z`YHTVE4dI5FOO&`XMJx^aIUjPjs5$a-aw#2NY?I5C&wkt5Co~$5H8>j#xJ(<
zG8b3{Ms;_b?%REEs)jh~w|b*=kIvGEiQqSv!GEEn(B`$+-y=l*&Nc{zP&fMNHj=yr
z3@=N@`Gi4oNCV;GozIRbH>W>XReL+YXjA{z^d5h?ee>Pok<q}1eqoQ>v_DMfhrgfB
zZ2JR~G&agP@G!lG#;ebt&!FPq;W*O|TwYhQYJt7+IMa%0vcJ05&_{I_M)rGm98xaT
zVV0g%ueFm(J)Jsuj7KphZuefZ)U^@}5CFeqAuxeqajF({_7^P_j$9dDODx*JFxj(W
zOQ%~Vf(W7$&U?&S*J||cXwHkzFXgU6zx_?Ua8sHC?r*a{^B1@R<Ot~anpN4i9vd*U
z1kg)7A;I_f7j{jwMJE|h!r$m~%>DcZ&{~$K!oV-T9Hx;A2Jmc%{YL81Eb+652R@b0
zExZ1}6_THQl7wm%W9JnCc>lZgrp6L{Zr*BaNR3YCWy=&zRL)rlcViAls{+2v{>T8z
zPOZpv7RZ>%kM}05dur}Lm@KrTGNfkfm?7xs4rI_il7((~J{16fugGI8b}<^M5!0<>
z^vculeRE9(pS*?**f16Nn>Ho8Ym?7utqLszs=(QTqi1hpj+afT+;0^7G@Gs76mm$)
z2|~_`^9&O2-?dwZO7O@2@Z@sb94)_}`urH=451q@Nqu<lP>6?E-8bG*9CU%>`)cyO
zuKhiA!R^V5Ar<us^311U1X_UJ=wnTyo>RdSXUgZNsP88WDZtkL^e4H|<&K`LN%uA|
zWpO)hIETqazmHITu^(3q)iT1kW`F(_WiOJx{*?~~Y&`Q3TSn<It^4hD9kKp#yGi;D
zVXU5q<A%~)`W4oZjZZ2#_4L>$&5nK0hWQw0r9)YmO(?lFD)*KJV>rQAxK4a}(H1o$
zHW~=tkM8q3p=FWBCUm3A^?YhL96tN&aAGbGV7odp>riA~A1m=xYmj3XDt2(U#RFNk
zO=m#&TaA0CPX@|4-FLv{zDp9}Q>y#v&%E3yX55X-8_cF=x_x(db0(YKjW1$;T^wWT
z6ZEL_;~Eb0y?iEn^{nH_Icb~vi-6U#8^N2e;V9EZw-9jDHSW8rc$^y?9VBld>zp6l
z)*tazRru~QaW(nX!$`!Sx$E-mll!s&oF|d1O(+L`^c(-PV6l}^CW`SW&K<k_+r*B9
z^FKJf(f0b{r>8CV@#l<TUy@-LEL5`2gTaK?XCJsmiF&@_wtmtzfwSQlHO9v_?(W=*
zKk{C^G*QKIzu&)u7Q|a$yP;sA=946uPjv=Q|J#L9MnXZnTGTL5Ne=cC4ipq36co)*
z9i_*!KNaWbP!MDU1qIpY8%oK_#KqOg%$b>$1@d8I`QHKJ<#GRa`rlDhf{TTVgN;Rk
zos)~5o0A9l)7~ONNkIw?nFtwjKbnlRxC-Q$`rj839`Z|&JM0Msh2AJ5E~4g<b*d-i
zKrMq?!xy^?Q%H;+Hk3097Y5X>p%9hk9>i|}I11O9U}0iz#YlrLeWBe_nE&iTML7Sf
zl#XAB1qNx01aA>!CQHNHll+#bNJMUYTLB7nAD10hckA6H{%~L2J*qx>pRdsDemI`b
z6h&On{5c^NU3;vB3^31IO(ga(81CoIWf{nkE!n^p{R+!P&)<R71`X`t%>@{%6Tn+5
zG#!$*`fFi`HW&Ps>ZLsJ?jhheie4`e#25YfQ8hx``A0W1TpbgBI5En(OJ^J&$@p9R
z`$x!uIc}i>kV3<(b|YTFfMwvEePDm4)zyFBEY5ToP6bw?G9J?y`dK4J!vBkT9Jd(v
zZ!|=-sJ~O1SQSkwb+<}iHKC|2T6qps1GP%RwNT?L!b_k*NqZ`mT2i9nNLL5#GavX)
zaKfMY@TJjkYXwEfzhQ}z&~;IL{3*!6wq*)V3$^bfRRc#p8AhY^0PqjfIJ_;yUwt;?
zJP+MN;!1shGS(o@N^8lMZosHfd|ngodNj|E+zOH2@*;Q|hC#9!J9ERQ=TPgqx}b^d
zPu5YNm7jHmqj@P8PzaC<PVxky-w!^2%M4?E)}7V{%A+w_7~1&aP}OSL^5Gx6`co{_
zi&irF<50cis+Uk%jIvT>7)>knj-Uri)Vxlvr`6jOP^1QGDL-QYpb|5M@@C0V0Qt^4
zW}hA)e;I{R&pdGsgjT4_Nr+)Wix>6R2|$xwG)3hT=qxA|A7QE+LO}AYdV7I%yAa4Y
zG)ZZVKt=`cw7p$(-Kl{5w_2J1)FQgpQMP`6tCv!>;!1)84x)4VHe_W`lq>23PG1B;
zXulj(fSYp96Da}ZAath2)aPlfY9h4JzDR+1f_y6ccEC~+rUp3@03EHG9mYmW&*5_W
z+`ao_KKJ$bgn4uQsmHe>xzxNjael+CLAH%iT&9{xPgHcyz56b+`~6}*)8N;tm)PA;
zzsBb5<O_nBNeO7_Tg+_V9$tqeh92YfGJGtMmNuoeQ!Qhldhf0v-`g}iQ}kS5*VCq-
z!IDEBnN$6buc1r%=nPUh&Ry_-8&en<!u*uSscY4g-!gA>T%{OJxIK2S;t)39rzg7~
zo+jM&yWdB24EQXMr6O<QNY)s=#Lt|K(kzX#Zi<qSPX+W_UA?Or)?FG_Ruw4mEFqXH
zimlM>ISDV+;I{z3Gm-2HpI|Os_#LIDaqZkte+JS$4%YW3)As6>dRK43FLf5$*%@cY
zT@aAy#HzIp%ZzTJCIE*N2q@Wz*n`}<Ndt3%8hSiz?ZBT-QIA3`1BCyCEgEge*%*x=
z%(6UKXW!ZsJBbkdp=pw|dx}Y=?KBU?bc)3H1~q?BXWhz$Y155)f()5MdRV9aQ;_|@
z9on;K^g~p4r>z~@`-Gr7Dez&LqAAi`ZAo(#BLeAAsS(avEYPK84`u>HQB1fRfFP2g
z^lfX0)#Ydo_1gibc~Bv8MP5$T?oE84mPM-^I>T+O?rEr@m`pj(nQ^1AQyMn8`X{mj
zAaChZyHPyMf%lY~5$qT$zPNfiGI`B?Q{t%ILx}zlV03IBpYng=RS;@}DqxF|hqq<o
zNw^9?a?l_WHEs0auiw!kM1e3Aysy!ZbY-}cdCEf}Q0!tw;3-%0A>Lf4iPWqc&rQu_
z3s#*uILxTehRn8~3L;dbJN4D|zv4rghq6nscp1|Z#8hp3lXf{RYBLyeg`M|}d8z2M
zlNII+%||xOmRaRb?gpKF`N*bRh=(2Cj^@$CI^~To&*rG3U0k?&$`f_+*r)r@YtrX=
zf5M4Ge}K_WM4=8d_)M<Hw-Rg5n0SI&u0HDVwaA(_#&&p~f>(D5L_+k_Mm+)3cn$R5
zFx3AIqg0z6VPnk7VbYOBBU;X-&!dB78()W)LfR_q)T7fq_lJg;L!|4S)A6?##zbLf
zsuR-W=@49BzIiByoeVlLg-*53=m$XkC2VNAW~J@BGRmlIo`aT?A2cE6!qr3t^Tx*e
zD0$Pz{ZY-w>viry?%$(>nOtw!l23O<!4_QLK#skGyz}n*=NG^C$64|YIdAd(d*_L;
z;N&VqH;`;de^zL}(NJctUFXO73%R$nkNC6d@BNb`rf|FvU9#HeMLF+dX~ewSo5DIc
zt@2VtytgjtWz?usYfAyB?Su?^zFr-JE?>^qGiHt4xA)n}zj+2}_Fg$V)%M!)jIP3#
zhpc=)L?;tOA-WNOqHGuE>sBx5H2MwNhCheb{}SqT^%f}Zk?1XrWVC@xzb;W89Tq?u
z$x`jv@@(M1WfeWWFT+}ycG4<vUzRRlxK4;<P^0Gdw?)H6S)fXvP&~tNL@)nT$@Vw}
zI0RToDW|;=KuubRJnH|&;%rsf5LiPnR7Pk-vc{<&C>@p%XraPZZ=ZzH+~yUjj5kh>
zcNdof{@mJ&_ODAKgOdH`h8t^)ty17}NRQCPc2|2l1d^s7AjsZ>5!#7`&E>CU_`tsX
zW*szp7~XGOuRE7S6x!PrS*)6E^mVx^ozbb^NtiEs=uoTYx~|wlMGo!yVZm@bsJp(H
zs?CU%ea$8Tt?&_`;7Z0xLpTt)#C4M;YDtTnJpcf!3xWS2CT7rYQ&Ous(KF;SBKR9T
z#XWDTrF|*Ns``>-G%W<yedot@px`FMKH=aru0;&%C!t6@N$E&P2rUW{1%7~rU61$!
z=2&RC4E<pE>u4a8=L4h~vM_9|MMMX_#_;^o5t@g^>?)U|RXK(SDWBhExunZcPV!g{
zxr#c`dK~Z&sZ}YBHN7RVclZ#YRS6np#@Xvh#FlbZ9@@j_v7>AIB$P=fm}()6cVu?{
zYg4rer4>0V4>byILTN~S3pGUd|1@Zt(vT>GeYN5LYOd9R7|C@@Zhua=`xIW|&{JY>
zr4`39@bn)r{0tSXhOwXn|6d#W;iXD{Or$F-wOIyISm*Bp_g-Cf_RP%h%vC$f9!BzP
z;}ys3z>#9#LTc4AyO1n?D@{UJ4zN!r_ve=0dxQeCHbz7SlnlY?#dkXfo1A3}N`ZBD
zXf?1clB+MdF0I{0Iwzl{^>XI(ikjBinhG}gg&X?<alWzp8b(rD>cy6s7|Sy?xlT8V
zwS2)Bsg#?g(@h&h^O)?zP)WimSH|$9O~_S$(QgOUR1@)4)pS^C<xCpd8LuxCsb$(g
z4VD@mo;Gwhjv6UHWs*MVm!t0WT@odRZrhnoRiNYc9u3UIhb|<y4HBK#xaN96hwZo%
ze-m0viK^3b<=6WhMHw>vv$RF>#OwE#sS2~*_9b9)H39!sF4Ay7tWeBpT%EKBx7IC!
zc;c&W!K|rp+x=J*Mlr=%KuA+8qD>1IO(lvGea>#9nX5=8;EE+Wl<W_T9DZNIxyW6M
z#-b+bM|K2_o}X=A{SO)lR%rIEw=-526U)?>?EG4B9T3<<%T&#N`n<z0fX$RU%hih0
z*LIU>Cj@1S7F`vyW2Qar75+;ZPvj+pp6qsJ;Zs11=E;O%lx|yJoh&e<+C-opP+jkG
zm0$Q`WME}~saH<bkTGtx5tp%r>JvX2thF#y^f+DRjsDNT`M!>5rJ9k@;|wvdN&g3S
zd^MPjCI#2&ukAqOqzJ02%_6g$3kAnjezw~u5$qpwl1HMzknZLyQunvKB+I2A?37+%
zu7gVpKDa6o*ao8mKC20GM$3&GawpzE(5pqM)+wP@T~p8IU1K+zg7fqf+M|Pl&)jlg
zC3;6#W8#@DjuH1++oN6r+(BQc)NU*W!Qh<t9@jPpNp?dT;JJBH;Op83kTgRavT`?p
z1GC9~io7cjlVQ=2GJC796|A7~YRUKHzKmh_J`gQ+w4fQ+a;2C4H0cN#5<}2wsNy~7
z!X`Ac^)h<Asf7pFL2nMO_~7=nSvGdJ<gr`XnU{K=fusu3h(un%CIxBbyHnhzzY($D
zCYSQU^dqWft;#dW?0VpoNx03IWQjHR#?&ACJgBD|7}Q86evqk|rpPgx;)?K}h}nQG
z>vWN2tcr(jrxvbV3<Pkan@FVxz-;K0F9P8f#yE+nQ~C+I48}+(%k;!y5^01xN$a&?
z>Kq<iM8uch@#L_l#a6_078r8ptI@|62BkGC-rdmoET|xHVb0mBv7ej$D}2Wpe+HN}
z40FGh`LyEpc|j|@arT67rSHV1^sF07^3#?!vaD~IxRS0!s)G1SWM4?|<gxj1ulfgm
zw;qem@z@IB+Fd~f_TlL?B}ZOa6?Kb?0_}`t7M1o#ZQ@a~S`@5CNXekgn6fvU#eUTm
zHKweb#_O(JG#OzbA8nm@d!E%xeeQEh2(d1!+PG=`nmD>-Nhit4mQ3mwFN=6nciXug
zLU^$C%a$=Yf~e@OPUP#+k2yr=!GomkDNpE%etgMeAS;=8*sb*uKd3@AOue!!YaNhE
zSqyGS`4<}ci>6JDr7x|ID`kdoqo$hD*|<gbV&SG?E@fcPtelmjw8-)Y<@uI=i%BD3
zX+Zz<u=T4CaEir4u^>ZN#5|M;O><uFkK~`G*6m0e<yjZ1ll&`z%Tu*r>Qp72b58YK
zMuvk{09>K#8=NEdV4;`pNt%@yv%XsdzicnX9Z7>8z9#tdabXZ#{gojsR%JCw!I?ns
zS1I*x=2m&|DUpW%3K`;BY7xsv1pc{b94F|OKj7pGraH=hl@7=$;34SR@2F;s6eRu|
zMa1p>F(>-&x4z)D9a;Wmi4fCH1Z;#>lwqvq!wfG1j<DLViK|NnfqydM$=@L_N)cb#
z|Gu<oBeBtJOA5KpU^rQn-T!IVTKMvbS!dbnOJg2OhBC44iSiV{98cPuqmW^RviYwz
zwFo+SXz6|jp6K^>{X&TlQw>d-P>PP!WQkKq0l3xj%o6iP7|sK4RBTvy0H+19muUH%
z5%ax{ZRy#>@sBcqY;XmXAQ&XgqWiD*QpQ*F(GTLfetdv1@P|k(3LYUR{~re$5fSl!
z4)lLl{@)KOq~UDl;$mfQ;SBV!v)%h)<GjNI0Vdt~Q5jVkWlTh3(tO2y-_yea&@uJ*
zx0&gUkbZ(_YN!XNx_zm|*p5C~t_-N^G<qZUrA&N#IR5c)_-|2&o9z8In!ugDbrdXQ
zlMdNe7^ltDGqqOI{GRK^;>p0^$atHt^ivtOM|k*GDbXRoYhspyhn4#a5Sv9M-@m;>
z+&|1ihKJ^u>YA<U*3E^Ut*O24FHn2aOhfdsNEe9OJGnh?F_O~SQGL>Scs{C>3jpT%
zha=`%T%Kh$o0H1oonPxFtsgeu&==Jd&If0kU|j_k<2tv07)Ux#_8+XMnAD@+c@KNW
z`i0|CRJ#MCiC+GmkXFpD-D#e`^m`>zhJ1gbA=jVz{pw1dwXU;(JEY2cZRMx!*fA=d
zSY&}8QnQ@M%W*NtYm!<4MSvQBb;r)k-M^5^tw+hWXZwEq<%9D9>oB!v)e?Z7j~^M5
znb~)VjUPD=c=Z<ady`O%-V{G~a-D*HlboH{&%N`{bwv^<{<OI&y1jiDxj&R-vg%Aw
z@CR;l8XP!mI+Ubt-KRSQ?`#xxv3rH?t3WU5Z#shF&np|~z$Uvf`1tvdNszjST-j`o
zpu<o^^p;F3AKg$c_3}2lwA(KAcfl7RW^vdPwo~vhxPPwdw$wX(#<4gIcH`40<32Q!
zK)cAJ3KdP?Qr15tBT{JO204#}N`uu0pDC2$cI<GPnmQ;@&Ca(5+^eh{JD)5WV`x@t
zq=;?J&VI#V@U+ouP$M;sCplYm+h6QB9t|_8_<!JX*&SD6z49inP3E=DVLE-}mel&|
z{U}QFEld+wHfZL3k`5{NAg#6>*C`{t-nDt+>gob+==axiA+i_?F*#gyDkpF2YrH+^
zSJEY7SdW#sg#TF+!cyD9hqJ$;yW+zs#*D<PnHGj`jnuRFCQ7Uvc0Qeu+xOk{cN>gp
z1iXton+!m{76t19!1a53o0D!}?bJ*S{i|?8?V#?$2ST1-rT|w-$b0JJb(1Xg?jg_H
zztlAF2fWb4H^Mf0_Z`)~L_n@7Dfy3NQ21>Fqv9zl;)qIvaw5X3G#hEH6EtzXUr(Gi
zpKpT)wQ6!YpEASAA?w!wBIQH+Qlm_jivW_+I{Z>{ct_K8VI|yuVHSOOX`yxvpC;}X
z?MPc5o1A~1-ggl?dO%6-yiUxXi}vLIcwuCs>wUOd*a@Hahf2k8>c^d#j+f=PnG(#W
z_IvS}0Bb9ko%nAHIeEhoj66ZfaZh#EFm%6>NeB9!B7s{#LC`_DyxD^$G(||TD&4gV
zcWN(coF9@2GZIC*)RU?=YY|fA@Q)0f3M^k}8=#=^5*Cz5@T9I7E!Q)tENA4h^WvH@
z<wy2`!QmbI8rPx5I>?7xJxC_qO5uI-W5UZqf!1gyBRoC2mw7=gQr~tfbw%V-OHC|n
zgZTnz4`|m5{q)D6U1+qdCl}c^MmPd~&ip#mbW|VyX56>MX5j_xDE{+0DXkK}Y()-N
zc5x<s4o%I!USU`IZDC+o!^fCP1+j3pIA%&-Gb_P)7>%PqPit9vFVlZ0RP>^FJ}>TT
zv~KiF%<PbSNcT#>o@CaF8+Ixl+)sa~!cXMM4@e#76g{w^U$66Wn-)Q=lVQsFa4Nkl
zWy}IUFMpHOkIpBunGO4Q6T#=CF6<MV{Sbm$!oBFtDa^+EOSzDcto`;?cwvoeX=W?@
zk#00dPoo@CV{^}(G7%x?dC`{#S^e4kR~^idu8-|K*(zK2GB-6@RL1>b=}nJGiAQ!A
zm=!C6?9xn><rpm<aRX&Piiy}5VcYMK>&q$kN8+po0Uj3t*ULZaG{xVB_I9cc+Ql2`
z^6g97F9aFQKT0&T$B_AQ4SaN>CEvU)*bs~JuHw3$pBy)z&zn!_!S^n|8wZo;D=9Q$
zxwTNoM~vrKx>si%9^5w52qXvTfCeQ^sIyJr7q1QO=)98lpwP1M(1BuE1|62xg;Ogz
za;^c*n*pt$d2c_iqq^nWRj=}@XH~m;C*<9;DPo)1i?=@}$BH-q_Lu*9HS5%Kx$Sx>
z-?>DvqyO%M!~S*{!#IgfXlsF8sor^BKijkPRBbnR;Av7Hh$h$kEs-DY#8)t$m3gbj
zKJ6o9wwg<mhm*;65p|<1blX0*tC4sYlPksRpv>=rqn!<&D`(VkCam!cjpg<-@tapI
zRt&Sh4E}@UK&P3;@mnD9DJClZ!lxU(1UI6#gV58<@PTp0BD@Nwt5(Was$X-UkA;D$
zpyo)g!v2S<9ZS<Ov9s~<dOR14jgeVg?ePQ(?CT}?!PWuqCbJ#jA-TJ*=t(AxtC}Mj
zK+IPsTQpl1^;?mfXct;XFezW*jDQOK^cdXp(uk)ymp|h3*s6BEgmFCL2dyNBfOxXF
zk@E_P0VmKx0?YpkJOAHSO-Ljf%FfKi=)V;+CQ&YKl>#T^;SD#1UuTS}$%JZ^%2nBw
zRh^NO$`zltr?7!b%b)hBo7uNWfwsKvQ<wAPwi7+sq#bq#vPqGKSvVCAyeR8<5nsyo
z%{kT3zrka@JOh1d>?E6oW>MZLWK9J9@~_#kBY(Ifk5^>n)Yp;aNDJDqt>dRS<)sR&
z4%VdaDp37+7L^edOH^G}#8*fF6E`HWB`71yAtzq5(Kr@L9L7KYU`i1HPeGR(O0ey*
zbA(23R%ZjnYnmoi+KV$k3`8;N%AieL0+mop?nGBLxE}b>zZ$lkbsXfi9$QtJ{&GkU
z@JW2O<Z-b77CG4w&~?&S@wWn}<Y9ZB;Ps>FX|L&qpb|bVc%IFy*IBLqk!~!UmH09=
zpAzu^ipC$z-%xaw@|lDNX*iLj$PwCs4te76D-9wA%#a(1QatgiD9@-;8;un-zO56k
zF5d?<)Wx_~#dBM4F5)}Mu0#DO@y?GS-+IX<>%{k<$ro&I99fS>uK7d(f-AEQf$vm)
zCE)@BGV{3)oAoZa1Amd1+$BG7#zdmY1aIrM{l~ueoygxY=gy<6T4kI5ZK=Ts+E7%e
z(IxysjbfzUQ?b#j^U?VX`=9dt^Ls}Jp`oCdKK=hG9~Yv0c?mTUCK&}uW;-K$D|0hv
zm;auG&XiI6EEb&52cJl+RqLLmN0<@n9peS<LX0gIb7Lgbf94q-K4_!~5i4bE>M)s`
zDdT>Ev9)my=Q*q9&PhSa*&CjD7#%Tl>dl(Ze{OsQl63ah*L~ZqLNppVxU`9gA9A>A
z*0Z_M`Hq5>zf9*Rf2mcUxl_4lx3(>68h&{iCOK+!hllD+be$bO=y&I#j#6Ha@nWvb
z^g*W1{l!~qCCwqDxmcbs{Qt1_)=_aZLEq>uvbY68aCdhNmV_X|T>>oblHdfFKyVEn
zT!IHDxCEDw#XY#Y>s^v33Ga8#ch5cNzW?k@cU4za_e@v)x_V|dv7Kn+bb56M+hVl4
zI9a%%0XSj^v3jSU=A>&EwZ)9|wzOlc>G<v1hbCJUZdiDU#<Mk|^R={HQqZu-=U$gq
zZXyhM!>jxN3mI^H?)+9eJo;#`A8PJFVJ6<y56Pu^f1Uj*mcUjn_c-gh4K3nM{lO5Q
zR)iSSmqHomS%-!8fm^=wg}vc^T&;dCR?9bJ5z@D)9`;tO;OjgO#2MIDCbACqVc(U8
zbhvUD6DHP{wbH41EP#l4E7B5sI-=5xOg>{fZvP@a^Q4zlS@@#x5h$oX-4IckwBBRU
zunj48o9Sk+Xd$vmgm8Gb(HW34nj!J!6_SIi=|affqdvkhM3p)oMT`V;h||O_io1qW
zc1ubc1XI5FFdcID(r#(KRM=ro-@h_j*`))h#nmY;bI8?}qmB7#l@Z*)g2-~HNx3YC
zpztHK9<-8@UATjanl+E;-w|pApGC(wD}wK5RW*PQ5$BWxd>~su#D2kk<vT@F?0A+i
zRBBVgGx@p9tJ;>a_&j|>cE2lb`}E2Ejc56Y&4dRA02n~}f4lKepf{eOt&M}R&9B>S
zyKyp{QtD%_tBAaqOBP56k5b1NLQO+S_(jEJG<3~3C_gEwN$R^fm$OL{KC`(=(};&2
z#-#<zCGl6%^x+#eSg!9UxResHAwl`U`ATugpKox1w4WKIgNZboDEs)=)bDotW_Q*h
z?kBYxb6!{PWutksE^e$`8*A_OcapuXS9q7M2b!-=?hXrA1_lgx?pEFS-!&!Ai-ei>
zUD4hM{E(j)@l>9>IUP9KyiHy?esgd>aC2;Pdp-c!PF`uh_B<Nlb=tJ;w~bRLNo$&`
z_MD-rPV-Fia<#Z(%W?da+GKmzNAu<8_{8F}Zl^s~4Q15x+GO(dCu>B_QgY76%h~p0
z^Pek=eLIV{tn*D5=f}tU1JgBWB3_@|abs3C+qKnjzG>S#C;yz}nQcGX9LxUtsWEka
zaHET4z8vXYz0^BiucT_|`y*8q4tMTno=q0aNgI$#r9zCti!8a!kXL9Gvri_6_;$7+
zfn&wcAMXTH(!9d4oqj5(<ltJHd6kZ;o9)@-4a0QLqnc(2?|?}2yBbUN!uslFadTqD
z0kx38v2RSu(?hKBeb#ClKIIk3+lN$9wtYitn?u9PY3d<)7roNLAv9^Swx-%2Sob#l
zb0J@91irc4en`5m#*QK*fyLObS=q5(?AlsTzdPESyLo!W*POijh&2g2;>lTrJmf0X
zh-449rr1&}4~=VT<0jKlIlVHjq$0BuGq%>PK1qa0U49z*t2qYnhS8ldD?;A6<|ldR
zu1&P3hK}Ai&FCbS?TKA3Ld-$lx9g*3*QM|Db8IN3`bim08(1;jCSu3Hj}19o(?4JE
zjuO|ZkycwZY6{Qm#h)l3+ug3{H)(w@-Y9n6CR`)jp8Bfebl%GyQEY2RR+TVs^RmP`
z%A(n%j%Z$J^L>%v_Tf*$E%SKS!g|)7rf`9c!^_UQm$ofQLc+m$Ur+b@<ZU<R5+X}8
zs&A=ZjsCRtY#g@ieY1VAbJ`X*X4}aNnRIs-N}CnFy;P@8tB#jgG3`C8v7KY)+75M*
z5Ru;_olK6(?WQT-P1bAnIBJ$7{TOjqA79pRZerwd*1l+-+jS`q8ExY#sX5TQHNG9n
zn)lQhkeJtjm{q@q_xc)rNG2jTk9V<Q5j-eznkwg{eT1F7b(-a1dadtSN*L4m&BB$p
zaqkGCTYQo~n`I*FwIW;CpxCBtw0qW<XZ+e=8Yizi+?+mZUS7R$Weps@{eqd}<lOb(
z+$CQopeyYCYuVEH!gpCMURSGED?2Caq{o1-3B<f>x|VAQ+qjKKr%TsE5HGjz8X-p6
zWF`*}_oVrg=<&m)Mf2mckgF|m4V8K>+8#*tU6|*&$nDVZkVvR!$~^NNv#`6n#cp|=
z#9+))+A8TM+dTc<02018HeM-SNptcd>uXxe4)Nzyb=RbKHzIdKcc*%{Cn7h2UN@z8
zUuc}?cAEHI34fH0jpq%?ze;-F-?{p(x*+~yyyxr$cKUWgpma<8<3anepX&Bz7AbTu
zL8K@bgVfn?wcSB{>-B1Tt-IO9?a<LAWbGTIYvl+suy}epu!=A?6i!;1B%mk6yc$8-
z`{7e<=`Dxe1}i%wf{0gReX@wT;>`zIugj7S1?tK3qs1hXtDYDAyE9jA=%d%v0*cTN
zzdAL0*f%$%m9j>v6@}#INyq97#o<{Rxqo*%n0+=>+M86K{REp@q>;`mTN7sEfGWT_
z<mzIH?FGFYd2d(V=ppN6PuI%M;$@hJwY!kVNY0JoonSM~=j#t^UO!UL<QvYF`8kRp
z10QSpMr&+u!`QsI%Smk>_uLc)sX3M86>iB!Pk+lwULY1!${Ci}9hp(nLh6&!<&H~A
zXr7V|QzKWNDed6+W+lgYZaY6CV@tZmT}AX6lC+n7HOH$Jpdl<{8bYhX%p`T&83!r0
z@%PeY*)?Z5aQE7&e9U~h6>zJxwWvliiFQ+SQF37=6?fsdolPG+xxL!y>2?&B%s}(_
zL%~vBd33&n0x`AMrSZ+kDNuG8;pW@WnbyLGn>f<Eq+CM?%xnFz$5T(g)I!K+q#+xm
zTklBMV!xaWlp~d_VjO*LQfX2n)f}+x#Lx<tUt+ziOPZgiKA(zQnC3Nx{u9o|;zyew
zL*Z2d`+Rw!Hv?u6^P9ozH+5RqebH(mJhK-=LlN>J$)(KiJQ9O(&~>!?hO{*&GG}LX
zUJW<7R=5ysO-F=yCGJfb@V|9`&AfZ}jMp(~D$oqU`l7+Io%hvjOLOhXmnM^OQXQ=s
z^_UGy-SWT<?w!Src{es8din;!y?A-~%9py%drqFu=Y@Yhb8}YPBCWRZ7&H91>#`y@
zaPw9s4f@h#)~A#okD5Q8U(eOmmgqx*XzF!$=dQKh*+aGt{cn#*9IkvP_oqv&Y||HX
ziS=03k}_6>A2+;hChEi`FdeTCF3Hvu=AxQ(D9TRqx!6%Ly@=?E;GP%sa$&M`#E_;}
zK#tuM`#fK=s;48<2%GCo4@OQ9pvqMOTX-jw)6Csq!jGjSbEhMj9U7QL`_RB<_u$8`
zvaQwOpz9C9N~8HJ@zcRe@5s|@MZFt=T_LKMi2pz*iiqjPj>!NZ7tOy@*;s29-h!@V
zo9>XvzG7nPm%z!O!6`EV^FZD7R+wlYo)#p#!?$)nS~p?&fO6j03vkebdx}GuJFFZF
z32hlXOi)=6NCpk0Ok5P~12wNxbODDCUM@9M*{+!Fg`B>l4O<zsVNARq_PHn?g&Y_i
z4pV;&_P)iw4?w1s#LOiWCO|YJ{yF)%93TLU$tCkhzZy;sEkJqy)4hNQvws4_0Dnxl
zT=H+%X~ld4<45L=7-H5k0%n8fMQp)A^=+ZILr(c>B-h&9hRGi=TG!eFf|{(0F1LW7
zAH?S)hAHZ=iNVH=C)0`s!v^n{{*xUU2PQxlJzzlyh~q2volVMr@(~|5j$Et9y#S%i
z2Lgb9#(*Cn2U;v4^NzMWsu7V!$B2f2J8<*b5hXBz;r%wNldpX!pR`5A*MfL@j1-?I
zePD98vodQ}P2h=pr#*Gf>r|%bSOhd1#7Ju8<A?-~HLM-$A&g}Q2Fk85$~UP$XRA|u
z2gtK2U6n|6O*jH5BecYJrM`Gyr`%Zc6TR=*4E>%rn<-T&UZ^cBW-gk(P5HBOk6bQm
zL_Y{X6crP;0}hiDuNh9XA6~}5?hxO9<2fEKxy;F&(*ctt9`s9Jsce1+beI$}`nS5+
z`o8b38fp`{w|5NXS2Ov5kG$dXC|bcOKyb<ZIT=v$dla1Cml^~lQJ6>o6#z*f8qCJC
zNB$^#6$4uORf!0#Qd@zt0`6OgNjyUBBqO3S<66T0_KrFa`Z?NXz;Ik3PCPK!C&6vW
z3@aBEb{P)JoDvM@SMv?@NAe<7q+d<q-y(q|n+wF`mrkgbbRRf2vHxf;J5=6ChYON`
zv|?~Kickz(pj$g7s!XyN9wx{is4tqZglV!*1JP+;X?)%0uU2uIivqoH;9`^%GC9<a
zbO8VoT-$T9r))4j`<RG(+v)fXjXWP4%9i0}bQp5WmbqQpQ0KlA`hVH*5q0@Bo+*#m
z{c6Y%4CMGeh><<T1YNO{g^J^GyYxBy8p5_@4kqIb)MO3-yeLp%8!5Pzuml!I@ZC4U
zON?{?9RS(eKwbfLu7vn^0VaJNA-FZU5f<kcKLF=O6u5QL>H{O;Dwgm>8ZV`SfJ7f;
z+Zg^C(Ww=PEF%sG_DshMx)2Z@hQSGfK~VtU0K{n(TCUyg(p!=qBOX0N^5ZW2i3M6+
zBSS@mZS!U$>wkj?yJi1-H1IH2>HMV-Y(3CR5B3Q#<iNb}DeK>m@X|2Cu_v4m?#){)
zOZPsw*a8M{*1+7CVbaY|knz&~8mI`h{+#Ha^~e*E4`?m#|B`}y4fc7K|LYb&Tm;$<
z=P&WT*V+z$8#anYq0O-oK9H(m@|UQn(8BST6yyu@aq_QF9GtR#&~GaNbeZYi#yrqL
zhYkt6C>A_CQw8weeCVJD)6ucCbG$3fxa+)b%+0u4|FS!$7*B=j<#qK`qD)XU3xR7F
z_iWVYa*E$zaYHce1Tp(+)<lIAVk)}U@VyR|(N;8%)8T$<Z9RX!cJC&GdDT5(97Ty0
z5JvdP99i0ph(_urJ`b{bqo>=uuM?T#qkXS?vA!Iy?-?#RA9RfN)|-f|tB<_Pcp__0
zJbe58Ei8W}mCGB>dLX|pCciEpVKhZ~tZH42F)T*8k008TzW04>VhDsSpfaEpfRN<_
zTD-m^I*&IR7<K}{^ZF4XOZ#^sDB%~qmWt=~d+Q5bD;E({dr!1KTts2eMsiJS^tmz(
zX+FPOdZS4gwi|0iPWu^cSS<6p<!3A3<n&<`3HXqtBdi16UgHYsrqjDv+_r!wBpO6{
zP^W}pR%c3sh~o7JbyA(THx}6diIzv>K#oAuekn}sW1DqEm{6c$czc2rO$foDjFI9<
z#ruOGX5E!Jr;m&C69Y;r#Fl`h3cuW1RP5ck^bb~9_LqCyvS#7C)0<F_RuFt2(0)!K
zr?kCB3=*KoWNB9;3UZSQFLQs<ih+v=Z%acq@&?fnA9ssvgbfis@0bi{Re@}T9LW*i
z=}3YK=UQNK28Pf6LrSa6`r|jN99H`g-T3|{GsL=J`d6j^G*Q^^04`e4fHB^&;WPV8
zYTh-C%b)QxO$Zq*{t8dp(_<!fyvf&$x{dK}{m8+Hcrfq1$yuYw<2T6`z^FdO=vI!p
z42ZgmZ^v(|1!y%-+mgmFH0|+s;ljI<2D|z>99^bVn(fUH2JCPM(%alYp<nRr@xu{7
za$!6WG}Ee06<GOHY8Q>VV_WNYF5+7=j&DB8O?RD{T`~EvAAfU<dr}PkNhN~AM5m!p
zM%0Zumr_@OA|^_Mn&><dIKZ>Cb3_yiG#15Ipm~O$K;_4w!3Z(};ES%BMdCN8vXj}v
zbhmhr(ZTk5bCCC<&gJ6$W(LLbQyPP86|M>BA-fJ}=ts?PYTlsq)*dsc7X?Gd<JYjH
z!=r(0mr)3y6rdS^pfVlUZzpy?TKCkCuiv*aL2G{z?bHa^G$Q?e^Lc|p(dI@7f6D-H
znTf$B82ux)IuZP#fKhn{e@VWVVOS;(`h6_`Xn20i9DhW&;8{ieRoV#-LH%P68%W#e
zkEPykCMf=?Xvf9>tAePy`>%?nhbjUesNj33LjQpZ^#3m^U>>NzexM@3`+*9$2P$YD
z_5%1o1=53F$h17@#s5`>{{t0NR#6C&egk;A2yg`3wj(5>Y|hmxbe8A$lPL6l5^bEM
z4x*|?c_M_qMtsRrUM7yx4d5{K?q85i!9F_sN~T;r2MYk@0~oxK)7#QvPKRJ$z^mo8
zAeX@u@v$+2iP6-&A3y0wh7LL(J{q+6_e$_%Zmk25O9u21aEM6Y*1maDB7zsF!3zOQ
zWV6h>&OJ1VOhsGMW2_;WpXfsa6O|fkjDx)lyJ81Yhujv18}o^ZH((|0O@6c-3cw{F
z?^k|yryi8|Q7%nVzBPLJl7=(x9pQc%6WpgmbWD4-j+PX{AbuhPPoRN!0!ffQR)@--
z^%{>@haK7Kbr60-SS_1ZDH40DIOkd=2kw9<awJT)*(+pjm#a6>GXOobB9oRLWUGy?
z<c&iHF9}pSruw#k)**J!2qg!9%EoK(;DgrxA`i#l_|>2z+&8-?yG0x9e_Z<23`!Q4
zS3>P5Ao?v8CYz6d9{gCCPpO50D9AM<$Vc@YfCXE)uO5()Toh?Vs;+L0d32<g=E#`g
zJbwq*>CFyC#WUnI**EzKMtvFqU}uG6*PtgPG5FCs9RmwJg*DJcG++zCCo=%q2F>x`
zZik4YW)8vNB!mEP0^z?c?0iQ#I!hA8dOE)%)Ayf&S}_LuPU{a1oI@x6W8k_}aO-r2
z-|udF;|NKyy9geSTsP7vy^s~@pC>8H7vww%cPsmHT<h^^={pV{EYwJ>PSiQyn-g{#
zKEj^m?VA!(Fb~ZA*obQ@q0V6vXHNt#Cgm`t`uvu<{R)a!V%ohZu4#SmYlb6mCKrm^
z{>SLP;r$<@y9;_ax?{8BtEI5?=orDAd#2OA0NR!hes30S-Za00!ef1%`D#y1oV<?U
zrX$S=p|4NkV0k<MR)eU?t%O0&PTt9%+m~`LQ|)|Elo~CRE?DeBf>3698=2i)FolF4
z0}>(6P4=r-y!)ld{S-*NQORJt`Jj$cQ{diFlF|HBq+9ZwW+R8#4(#yBv?Wc$M_cT7
z?xa%sHh`7LX%OvTX8^qMfyu4f-Ahk_gV<o;j<3Go5nL&V$B(zXi-Bkm+gm066@%3Y
zDhbEM!p;#8UlbGxGy)_ZiJ9!@-gu*;7Xvw<YVC!go}3Xt=J(t(9Tn=GQ=&Nh&gcNW
z;6~KH?4RHS5Db7uZINPNNd*wpZ%-+KO5jBCw|fD<L~wPt#6czK;Qu0qOW@Z6@yLu9
zK!E!R9NeA>Lvzjc6M?n`DPbR$M<NhS<{W{KwG|gd@<d580DoYCT>15Tq`Q_c!zOJ}
zv){dFNn9<CUp3cjZRU7cPJd%`TPulp<v1nRq`uUQ3NhgF<hteL@=SQD`&!-A2ZCZ%
zV(95}0l)f$ytiffjdv`Pb%`l-WiY!fhL^rLlMg@z_{Fq>_j5mZ1Hk}10LWX66BR6m
zcz<?Zfm3!2iwb~k0k8p3p#XRp_`4ba8eqd~=pp{y1PK0)3Y*aJAFaU+Z-1FXX8gZa
z0Kba11r8a0;BO)KML_PrUu`fbM!$qZxygLsIsOQYY=Oats{AEG66}Ne#~!LOQP3ZI
z9%+!l{xJuMDe{j3SkOO_-mU+{fFCr)`(I~Ycp#ncfpqi-#<c%4=6{JD_)og%gAv1g
zU<}*?V}K~jz&0@F`*ENT=!&ok0kc1q`Ef77t)l5ChNYUq3w1Y-JkIB;+4DfkC%#c(
zOjg4%9Nzu-WSlO2s~y*kEZzPlMDJk#MxM-wS$l1g*fuMI&ZVrGunR`*%|*{?w{QMy
zlTF4XL9Tk<VfQYA5JSE*#%>rl4`M_l1_%W#wYHc=i1tv$1UPz3Um7cp*vB5QNfe${
z6P?&@^L?#5(!_WQbr}Ac80lMy8_3hGm{vd9A-RWf8e6b=y4-o!NGYK*3k+vG3;LRf
zPgjV^R*Qms#1{*n^~<VBRu5(8q8WJJZdKS&AMakJwcxRVps<#yQxZ?0iJ_ComEZ^k
zx|Ti`MGYa#b+fJa#C?H^U@#bw(3&id40Y0&*fR-O_Y2&K1mL~5Gtg6NseWsh-SP<;
z^XM6t-$@CO0)(3^+W!;tNC+wjz%CjZme4xw<HR%U`X$K62VK->h2?(jh1bBmwv`+L
z$NQ4V<d=s9Dpk_JKb!dP+#BZ&G$sK^{<!@6nAGw&)OAP!1s(o`K?-SPc+0ncOLEYO
z81NuA0JH4=(U2#c{*s^y=3Wr~QLrwBJYn{L*7EW%DJTYpXX<Y#O2H``{_E)%v%SN3
z{zL&RYH?&j>xatz{|cmqx2pUba`@=MS!jQPJ#+*fstOk7nX-PPfD9q%>qQw^$32^V
zPe;Qcf7b8G<I>)md{#k`2J1i-Jb7|`^A5Undl!`saTebC`NBB_&7kubAMPnDu%cBP
z2ZmfwvEO$2DZ(>vOfon`e!OQOTMI;gXxa=B6ULtih1{=34DMN3B>a6<_ZLhKm!%h`
zc~`1r9n<{w>vmb9kui@tZmRWRI_4r}f5W9t))1Hmpe=Zjk8jS3?G5H?f}r+(?8#Nu
z;8WFaw(3Wv$Cq-Z?-?YUVL!8tZ?KO`QEY#nn=T84pKP}i*tthS*2`fRum<Qs3C<&a
zt-tSAEjE*VwK#BS#YObvXdTidc9FXiO<rubvm5ze(GbAFV+68|MCwj?OL2q(4gara
zS^;dUMWJG~I&7<USM0ws8~}D6gTvP3X;^jyJ;oy}zZ?!W&?{rGOb|5j(bdInLSzV{
zW5Wm1UHU9?6zw7i9Xo3V7bL@8L*$!d3tw#!hov3Q#zd%oa)nK%($wX)UBFgV(+m5m
z`C??Cw{eHA%`dBab+B%L@O0D3gDDPUi(O%Zp#PMZ8)QKJ1P=_wnSsF7{iQxBuD<lJ
zDoVusj|$8fxmu@OQA=2|m2YkPFz-6U$qT~C%OdIlH#nznp5zWRt>0)&uy`vsj`c=x
zxB?9ZgQ1hFD`yoWh`;m8k3HM8H7FMQgLZ_`A$UZL@CM#^WUH^C1L;VFY46anph5qO
zgS@jv06nzT=00}@VDA!>VRzZ$+wKJO-aCYrgbH?({joO*_vN5_h-y#1%CWuaouE$!
zs=y<=uOsR}6`o>N>n&3P-DAN1Njy%>=Uy^~ECvLAaUB1#w6u{1wMygv(joB-mFe0C
zuPD~%9x>W8bwY`utz5t5Q<9tP<K9B`5!{=9FAWyOiwy+%tt;FYFY1>luHV)fvV(AM
z!Kf+vzW<3ro$I*Efu9l&b^MhHVL`)zWgo#%fEkX)V#bdYtu%V^N?61kTq06SkL0x1
z`Z>Oh-iw2hGA6ON5zR#d7e?L{A&8&R09<lcfN3A|IC_WkbL$}TuYvNw<8*oF!3NUp
z@=kc-i-#+ApH;kJ3c^G0NFinS;~no>72?_Zm4dm?_7KiCH`PfZ;^4E|nD7F=p}@dH
z6E!KQ@MU2Lzq2$hJ9J>b8vXxD0OTYEfU^DXjF7K-gm0_1f3xtA+JE_-t4uH%&%8bk
zBGmaRU~*mK-aB7#D~bUS9nS~n$ur~$D~xcQ1TIt%4zz_G2M+37H9=G60^?>*^g@6P
zzT0K60J0ji2%`^6xrJ#3UC7VeFXT<e_Hp5rP7;S(PIds~oGzS}qM)Xy&?Pr0lAqKF
zoQc-mLjN;BsS`SxpXJUcO}|O-=dMAa8eL%S7JQfL)|%}*Prm@F1=_Hn^SbY=ZSu)`
zAHive)`KS&p0*bHplvT8@YS@s!bEQ7L?UYowFmYuFmL}499ez!5J$FblSZ~?aQ_Da
z6I<Wm0F29YLC}?*cmD-6!pg&>&XT}#=yx|{30s-4)C}4GViiq9G+vMf#I}~)gJ1xM
zgdgf_Bml=m+^=N9s!Oa7p*K(oWCMV%1!3~}=osK+&h^_cpc!>2sI&@4CrsGKu+#Nr
z#{Fd{XVTB-s~k{-86L)ieV@D%Jm^-=(z~1;Rbsu-o@UV<7IgM_T>x=9Y$UidPQcAN
z$T~>NIA~u!Sp3?HlA;T?Cq6>yXJu<fR0PpPz-G&s*$XXw8`w6%XahW6dkGJPZz-rC
zKVDh5KOikhAAs`g55f~|`GN5V)nWSacK?Nz1o~tMwr>&spggX20L_~}5YeXr6~g^T
z!a@;SEvmBIgQB-N=O55WrvDEpN<ILGk8r#H3iJPmF(0ziJzz(E!0!8xJ^cX;{oi31
zL;eTf$O8UpifsD_6eS<@Df<DeQ+i-9{XdB3hx5<)|Eu^1pt$=%r;Hwm=Xf9<|ABba
z2jW5h%V^SX_K0-uPBX;k{mxKGUc|9mbGFy#`QbuP&n`unS#j%6v^UJ^no}oDve;LZ
zF0UKTN(8K#uo%XAEo^MxswOm_2-&}JuW4{vu&|jGo@d_8JFBSUHdAEPktIzldPSP+
z?5u2>uQO1(b5(e8J$HG1d+K@<_O)if<_QK@`QWEp<|P5h<o2#b2Mq_~x-9#!^fOoL
zfs?pq9WQZy3pbCfqWb!87UDTvs^#j~ghAZKqL1r%yognz+8HTm6`xzZ5%Bnd1$T_O
zPL2S1er#6vU>SU3fwH7umE&exSPk7Kvglid{*T-Kx~>WX+%d4X-!(3gC^w0GB0De-
zx>NL}5?QX%Lhj<o7(bC!eb>6By&Th}S5UNH6AKph`+q5lG$~oaj_d1j(^={D*)x$}
z;Rd#IBGgA`qtKu~Dv!Mxic4iMI?50Y3eKvxO#dcbstPKeoH1bfVQ=^W|F~^c`2XDY
z37vNi!|$YfYoSEz!j6ja5yGGC41Yy77fYo-dHr-Gc)y6~t4jsU%C%qnK@U83un(Tc
zk~bC&8Z6u|70A#GNO8H(ulzl-w=WIUgS!#@N%fmOYh4ISc|dHz!~acN7|jB7cKbaC
zKCOkJU_CZ^)Ubty$<Fo`bRX{TLu$BxLMx%Xb9nQ)0hZr-2mt<LJs`Lpx>u1qT8e@5
zr7nmvti(PFimAq9qAr9QFLwJ3EGTSmg`hFdA*`s2#usVpQh+|0&Pkf$!slc+-mqh=
z9-x9YcTAWsa9*zYSQYUVP>q-hxrk09PPHdn@|hwSSf~zHh(5Nq_Q7Jlq*Paq>B8T)
zQ}B+6-JwASWFSEBoexvsHYH=}vBP`yTu!pLPjTJ@%s{pY!OzKAj};KvxZP!b%5?7|
zLF27DW@m2KD`X;!`z1twpG5z{j+svawwwWaoftw}gFxFt!y*96c=X!Eg0C<SWCs&Y
zAnF@03ZpUXd%uAPc+}wZ2z74a@t^%VGqTo&Vog0g2g%>NYraBKY%Ye154PI;B4DpC
zCG9k^mV97{m|^I2pVCc;$~3;IL{xtN^9>ACklah()@cL3-}1fT(5Ubl2DpB207AD6
zMSWY7c^(kGkvM+SS}kdTGLZ-pFy~hA&vjQ5srW_+$@IZfsQ0^8_nTKlfoy)fiJl&c
zk69U%p7I@R^7&Mi0N)zygGNguu%9F0V0568vfB_fa>b3EST{@AzmcXOKixIXwAja;
z7aeVVG9dSuj-<%Vy2ya3*f4J4QIXq8(V`!_fa!&g{<o2zS)t?ZYdvq`p!tzEuOEN2
za<Yej)J5Xr9EdbD13<;P@WmFAkJD8a1DR^*pnEepvHKY{?IWkSe2zXT1ffz-`5bZO
zh|kzyMBx>HDu6i9D46LK$bh0E2Ak?Z4nLKW%(H;xa_H;AfmiPZO>W?>v+dR4Jkp<o
zl|y^4>~|mykV}nLu4FmO5A5Z4iekZ5YQbbX_GRP3i$`qv&Y$<{7kbCJNAIG;0qKZG
z)ZP|s=>(ys@ZP;Jk54~<o)hlFJ#`g(iXTb}4?P3Qw_xut7d^!fY7PLrDjAr+W#WG-
zCD$GW?l6$R%scFXjclkkF1z2T8Idvi8Dr>2Nb==b@yzsMXY-e=umV3cNqb;6enUOn
zIi5#`@XOZE>Mitq_{2{QI=~G?0Cwv?2+-UQj|d512wf!8bR@L8&;bltzyyA<-$i9e
zJ6aG<0a%=P^DyKc*{gfp<TSPHl)-1xa$neC@7HMGnzHdi#{rR<t|)2$GpjhUV>nq5
zh4T(!^w$a+CYue)X)g3<5&4En3AMBOZ>p2;5k1JT3SH@SO9uUfCxD$V9;JgX2tSBi
zFq3@`6Z<f@oLBdL^U@y6yUjZ@g4j))z=d*r)pw1>NA{3nmh-CIFKp>PZj4i~uN^IJ
zP&Ur7Zs_$AG;X%-u>A0zsY#JF{2<6tMIbHHM>5Y`N^Fy?T{EPW54oD0A;2<6)OZjb
zi1hx?=rCnc6M{fcZ7P4K##>t$bu=_zl13*1E=`N`ZO|@K8{rIdKP}i3K7AQzQzD*u
zYF*+nSWe1w^%`UH?fmu`KiKuV9L^?@E;&T%(~gdW#~_IKYxu~m<A`bd<#!>fxOcCb
zhghVkuC4~iJSkS{Q*xhf9!#|?3JMu{gv&9%7~o1japva?p5^7PI&U<ZHk~~vlYK5T
zGRK@X6nk1$7mwXKAv~GJ%sAtg)YQyveQ>esnJjdb32_^kJvnh?#Ok4XV!@l}=9vP`
z!8k*vza*EBaGZ5p1t>Lg_8m!OE@N@jBTIc0NJv&r(o!uqAL`^wTP~O=)LqMPOP!yy
z@zUk(|7`AZI+Tn*zUgP9x-}U$G1%TeIy+)v@24_6JJCBbuOK`QKa%yL%8IvdXY+vd
z$cyCWbjw2ca`!T3m#Q!B;$=*Fit^iw{o_v0aF&R?h>#7B^;Ij^Gdsb%@}^lW6R)Bm
zD@Ic0FVobrmd|EKHe+m)vn`DlEhcu3G&X=&s|TSO==v{a-4gS@U=<54xiPozWH5T&
zbZidzG`*gVi8;wG$ZfS@WvxVhvnO38b9-IsJ`$Hh*s<u=#1z8T=yA?Bt8{STd3yZ1
z1S@h$1nnFA$@DBk>0sZxV*Tp?yE?7@YN4AWi-Q+i+$&5+PTZbud#Et6d4Y9337R!T
z$}f*$lXH#2noLHQ-i+UDb`TTv@hpwxZAfFhlpncKcdmR<6BYJpa!zD!J%mte5A#TK
zO%Y>%^}=z;O-pEq7>gw>jqYr&JgLrD`sDacmHX}fml4L9w0s)3%S(m$RsD-vy74fF
ztqR(<G0dA(mbqdPrizr8x)vNqd9*+Hcqyv=?F1X|_KV)N*4Ub@gqp04jH-VvbU%w2
zJF_m|L$<BhSL@-RFD@+C+VQn*+CBPuV$)Q5+Ec#reX)J<*7f3gz4t~rStZ=zIsJIs
zu*GpBR=7@=Hj*v)ROA-=MS--to#yK;uS<-(OT9b8NSB<M@%g5Yd#iKJ?lUu*C~o#k
zf%EnArZ~eVLh5oK5h;;mN@`*~YOZTt2yPl}hC>iTEIFGRuipGL^?0{My2;VpNI2+8
z_Th8GMJh>9@B7#0dNkJ=^$bQ$PTb8p{k9e)6V>qw5;HU!XU96FyaT68<AD)JR~ry_
zTjHaLIOB-EQIOqJz$Rb>m=CLfkd7`&%oi@8FiEyv>HP*#6(EBEX?0*DzCRob%am>>
z>Fwe)moG%%3s(ZoV84UX(L@QodF&9a)88WQELH-w)_5O%n-ft1=EEq!rz49#_GYki
zQB8kqa=EAi^wI~A*Wat~763Tj>-2#wgndkz?J??OCklInz>DrJkdB@Y3w<@>_V=Tb
zBsWEbXbI@KHDI@I@V(@D=XSRU#(-WxERYU1;pcNg7vL12uog!!Tfpwu3cJrX3myE8
z^b&9kT!;ORkd7fr%2z4;eOhlAKOVu31oMCNGf3e3G&lJBW!e+oiudi_d;kDc^?w!w
z`nlO+c(odOWV)0t<ES8via9C}-ycqt6>rSKFEQU@DIkmhe?P_`k8(2i>9P&i<^J)N
z|H<1})73~eI(<F?{42px;l@s7Z|5niq$911U_N?*-)6eNuY*LMn=Pq}1aHvv*Nz(~
zSVj-z|J?^~VSoqVvIXndC+l)ZFsMBxSQrq&uYj12DN64B3=jZ7ZuNN#<Eet-)}>44
z-ADAN@AvH%$SzwHh1PRc_smF+n*#qE`Twpq(KF)p9WhoH2D@UE21(3D;`PW`HwEF@
z7Pk=>gLrl=Vvh;_x&87k$sg0!<2^d|hD%tSDE&+<n92#7U=yFjZzyS+$4=*?TovAp
zSpT|`7PQ%Qbbj&);`Lw8ejU<+HyedK#f#tflNJSKKrhYjZUK&cP{t9$*BF^%D$e-b
z1AP7rNBU(?{@k>>MvUIx6C{e1lW&^y?O|%AOGUOLeG2Y~`5Pa1yfltaO)!HgYIU=%
zh*~!*^hCT>E`LIO;_c4(=ym;;{AJIHx6O%U>y48U_sM1QG|0$ikGwl8$%ka6lBZvk
zox5XX|L_=92JP3Gu{@f%EvG`vq<WUnNwp)&V79Hv_|e(k7h!a2L}|=eGCDB@-*mWC
zX(WM9-=+qxUk=*;zAJv;9P;8PbGVjy_TD<Pn=O-0|L0YBV?B#bK#mf=`R}qpAC)tt
zhieR*9jp`eM%4TtS6l4ZXU^np@rjSX*xh}8&|i=8j@IKWr)|qS*U==~{st-4M&k@&
zcX%(aaP*L~5OqN+Olo#f>Xn64t=Rd^;ptb1#zb$rTnFkVk2q4erPJKk2#XWfi8+il
zgXE6Et{g(hhkSM&(&Xw;=mZ$#v1YDdeV4opFE6W;ERvEWuta6n_Q(^Tsr3aSHo1(y
zfV}@{Rc_bQ^{OGi<ySmdU3K(kaNiNru|z3be$c7-`hA9L9O#JfbV6nq&cGI>^_Byq
z0tA2#zRK%xtgO4da`Ix--qL_L00U43CLc~h0m)5J$((Q48yg4^Y(X!B-G&}KpOula
zUe?gfG4jJtiaA9R8zI~uZeor0b{<o68PC6iCj}!+0G+&v?+>SQV37jnn2u}W@AW;`
zpXS`p#3N{rSN9(3hgpXU{DCC5_H)@z0EoULM(?cz$N@+LV`1pvB@~d|>dC({i3lTu
zo4K6reog-N0E`4rirm7vrVG$w8^UjAqX2rJg$jm#U<Ryby^xQ7qZ@rj^2cG`d$Wa;
z0$2&h)iYnBvwMdKum(&4?mc9wI^p_G=U%4!srLq00P4y7Ho%u##%{JE?(r)n2>*PD
z9_z@vtA%<xd7(dS0tvTniF4Cea|$WP|6C??;+Cot^A!v=Jy}UZc<AU{8ZSj{y*y|t
z!YV(Lw@l~i5ATe>i~U?vpOF=BevqA(yrY;~SyLZC`LV|Vwhn*DvKOBqBzrW+(ygJc
zF)-APFykwS1s&_2f-VUw>wIa0B4e`Jl-}nbvM)qGPtVzn3gq7A7RS~WF&=0Uo$%Hy
zvelenN*pH~)O9E-zV}SLJ6f;NQ$HGZ9#3;X(8l;_`bhH_XFN)L6@wT03d1Pm)ng-v
zwQFCtN3&>VX+zdJRX4M9edt$9g&9I8I4i7=C%$7eOy->^EumHED834IoGxyzv#vK_
z4ZT*%=oUj!ia0mizl-lZ_nPqSuvkt9-{o*H?CD_If{U)XJOW9gNyi7~FD{(7!%`QV
zZp}UGKXEmBHH~8bP;`wc*~++<z4+3={mCO`^P=bO?Cw@%dRt4+z<BDZy~LJ0<m__L
zWYRj?;x(7kWSEBMn9%iFsq<d^be*PyaYx}$^pve3_3U%#hcJlxImXX#u1)HaZ2j4u
zB7N|a3X(l1qo%^3%W#i;q=XQInbs{PO(&G#-$Aw#Lo6o@OPqJ)CnbsQkivpam!TgH
zVd75+8tEg*FP^q`utwJ*{L15Cy*?FBOTIq!y(+`<`S|-1kI6^AC5@1(c@|q6+=>fc
z2bX=D%gTf}UJ|dH!jrJGzOB+}jLODJ=o>m)dWjynfg6FYbxSIntH+7fgXKw3$gL-0
zRWc__x?zV)J>wFWGB1;6YhFA@mB75Ww^ot2QgF#ks+Mfa?ptYl^TvM7>C&+TK3nhO
zP-Wx(Mmw)w0*M-Jf9U(;i^5x`3I8`=>J9^xV-oUHY$5xO1XV(#7N?!-{xg33x;-g<
zq&8`5$((t~f=5?dI&W=sDzQTj&q|<gXVi!0^hmO$mPRlcZe#PZuH49nT&(TIJCHeL
zLnK*V8gQbxrAs@DkH3s<D5TTm>ETqv$}JD*xyYt75>Mcul4(j~W6t;@W7;Vx>#@wR
zlGYijyVa5F0D5`-+F;2o9rFh^p?m@}4>>Ipz15ckgJ_(mR6JNX$pzTSsFh+(*tF^b
zF<L1ChNMSa%4wai*YaN`T$%_h%3x%hM(2H0Rl=!$N}YzNdK{I9+{=m7ZBNNd?r8Gz
zt6sq(gikhLx9x)~rKM5VL=e)aRUvU&x1d2>l#>m2ii#QBRB4(IlGei;o~+^u4sS(<
za|YToA_Zb7KW>F?$fb54Q!2v`Z7zQ<U878;+M*vGbcwQxrcPv5WTDaA4gDbP?3~CS
z#-4^acp7iElaR1OMVmO-AB2+X6T$InlJ@h9f_Y;{;yQ)sFbCg|kEu*F(foE}@*kcG
zMQ$Iij+ynTEGxMiXclxyrXuK4jxfFYft6$ClU&SF)o^pE@2W?ujUUU5(dSg?Yci=e
zJejm4lRbkpQQ7g#TG?DyWxZ?UqnhsIvShC;0#CHtNU`8!^-G4?#z(KQ2ud6_8H)#0
z#LHMV)jqgiYN%U0W~wq%w9wqQ_{=@Kt%Qx5t!)vPQ<d{E0FT~0?0nVNCZ<Q@z`aN$
zjI(usQU06`qNVlaHhu#=x7ncI{(1kK!42a|IU3%(B%?beN+#w{AgLTNsUF<uMORe?
ziXk1bFC*A0S|hz5*0c!wP+n!xv6}IJ;DT^~U+NzBR`F%!pg9LIX@EyFTeM`0KJv|T
zpNR%`bE;|^%^pkCDRC1&)61#PeNL4tNT-;^R<(uhTGnqK!ofLMU_3VPy>Mmb^UBFH
zr^mG^No6@ao2x~H{d})vmd0z$Qod{aOnd7oI5?qk`2Hht$rgpiZjtO#3B6Onj1r@z
zjhS?+kxyrFUn0ZmsKeWw(zxfdZWCEv??$*@xt**f9ekR+;r-sAsx{wW-eB6FGB!I>
zP4c;xgxkRp5?LxS#r}%FaZ^lo_Qy_&$B)@-Cz(f(xA<GSY-5cJ5RH(WX}qpB<d=jQ
zY?{^xp-*g{F9ctq_HPM#Q#}@*{NVp`KM_+){;`8$Y$BB_3DcH#;0?0_0QVC;u_O|i
zcu_Yq&@3!1RT~NXQ*+R#5}>pF49DpUMC#yC6#!Qa8zT#}j&y3%m}x~S)jF6DDk}?i
zArne3k>5Ys1Tq!v5KCgEyR8OjuXBAaU5_b%VJbQ!e(@yzarTJi&+<=zJSF%xt$806
z9}AT6_W6K982z|?wgP~oHv`g^V;g5a%+n%L66wd7F|%u>CgSfaI4z+y01|0zOl(!Q
znu#%r^}b;^7Y+5Nku+p9=9^N%pY02v9JJ6j`KL(ag9S+YWo^!MvZCYmyQ3AV2Wt>0
z_mN;I4OvwI<BTst?lamSa4yZ_O*~1WRX()WnU8@aV+a`8h(S^`D5U;*s&K-gO*6Be
z&spl60?~QWuCu2bLv%RmnEN#_?0ZWVzA#|q!KJBAn@&>6r${(XOCG)Nf}|4Bwt1v%
z<bES08S;(TLhrA5pLetXv1&_3*4<VMa2V>@2C<pDeWacatQz~t#M~?ODNi<{LMPxr
zis9{Am-x|<`&k1cr#Yx>y(05gbM~z?>I>43K7o$Y`m(YC^z|dUuVPFpF0CP8%ufs}
zVSd20vP={2*nWJp<BskUxst7z@xnm2$nTWd%VTye18ewwuC8ej_Qi;ayrJ}R$ogN^
z{EiD{l-;=V;FlAO-H22*3+DGn+~wU{tT;a)%4Y`SE<O_Eu<FP$uAR=}){&sDV=Q?A
z-$7kF93UQ$shNZ?{z2(AJGuD9V74`ddF?*MQ@<&erodN2G~$YiWXIyAUzVSJ&B17i
zef;&UBc~)oKwe1pbA_XH6?J2SN789+64jfO?@qSbwuWPkM+@Quf>njmaHJY9so?u0
zUgO@PmKT|L%whv_c+oPXV3vh)s?Vb+C89Pe`1!J=7KtcF;*w12d4_JNW>T&Ua>-T7
zU*TKzS}upmKi6HMvd2)REB?7^qgElUhTT(d!u=HA9M^IcsY=p6URflKVJm59zds{D
z(izfGB~#q^++N|El+r5qPReLm?>tRmdGsg+%}CgYA%9pHgT78mm1dfLrVWn;>yVjv
z3!wt@><qDDz$eF`&Dc<Sb8zOKo^hgUhLH|JbXnW*%%UbuBTp&vidsZ!wsRo{q=~;&
zin_3$Q1a0RZ%%{ZOJo0jG<@pLWnH-(2lR=rQd8BJU|mWw>wZf$b3j{Cn7s&6&B%b9
z>yDg|5K7ccAL9@wZ>iHG8^^)$tPiMurJ90hs5Eu&&Mhf8Bod#*P}ptzy^nd_n{H!)
zM(etRY@$6N^B&(VT}i!CDaTaZ=eaN~qoaTKKp)@Nh{E2f;;}ZW5LKraq;b-r{u8H9
zLP)e?vqNbTIdXWk=uNd`nbR2ZXjh44<zK!w4^Xu%ytpLxFx8Nr{+8ClpioauBG3nB
zoO{P~K;;Ir^t2!#KWWTto0{ZoKVdM~N-L|!SDu%dXStO&K#ky3Ywpd*4zu8?TD33Q
z3vY^ox<zhDLIgckt9oi1YqNS(`I3(Z4y(tVue-Y3^1G7@rgfJ-yZel3Xc(dwIg-pa
zrL5rGgfUgb*F0ks;wXB;TY6lEByV{tQZe$W0g^I+&x$N00}A&&Q2F7yH~TDt|5nJb
zPGg=p<aL~FEFDQ#9iC;5eZRSn1jfV)jJ)D<R&36ys>tj+M~U}U2Ru|#klxL3o03mF
zgZ>q4(h}60Qqj5e#kMMnZIz;^uN;CIqaQUU#R{1{8tzSwcRD817%8%0v;3$I5jd1m
zYAz8U{j3?ODlPZK{D}1x{Xm?QdB<?xG8S>Ot4<)(=?{w>Q{OHIp;00<rVVqka1EMk
zYN1?-FvhRDIB81Q3Rfcy!7{{C+d$gUm!*yjD?FFa=xSDrQw>XpBl7v;Xoi-*e$)F9
zdb^{!+KrPv3Vj9?A4Qxcm80)PEwRv(ljr1#=&QHY&Tpxs-HX|Kl?-D?Ca+=zI1<g3
zH>Z+L#|dVht;H1OvsRU?PgT8tR{MC?ActISxm$W6Be-a$DOKJnrole8cHT%*h4%UA
zFjHyewzp=;_n3^N*8XP+>G)#gz3S4FS<6vK!>yq55mq<yErdgCG^41hL7u)qo!*pb
zE<uUJD|&Ngt=h4C4_$aWk0}tz*f6@9T_UbctLwt`p!usg)A1_f9{aV(CYCzK>LYh*
zdCDoxBL?|mrvlS{e0za&&#BJ~nvQXKnTfWlkV9g5l%xSO>anMD&&jYxcfgdo;yOZm
zLGdqfYIxR8wPH2pY6W|rIF<5CBvK|#xArp4xS_MEr{woX4J<5;a$=h@+rO|B)D^N<
z6RA$i@5d_MaWR&25$cgwS?zv#_GQYcr0S?5d^$?J%5c=4M9YLvF^aO#ysL0kCbgnp
z^M!<<LgFZuRPA&sEKN2o!`l}qg1S+hPJ?w$PVUS_x&6UuRpz96D24P#uG~Z0=UN)F
zi9>|}#$DrW493E|sTE6>`rO9CECmGN&pWcQhKG`B0(-tFe!Gs6b=mdRme#{i_pwgT
z#AE-Yz7n-2MIVt_8;!(UN~0g)ggN{}Yv+<D{<UnvJH(3TJsX)Um$~0_5G(mEW1kik
z9q_DOh$}*152?aN>&E0^p{1zs!;bl5?i?A8yye(f;Zr)dIZK`5>UFDVt=+Rz7J*mx
zcWhp=Ikv&NP3$$YPtpUmB`F;S+4r1iARKTdoSt&CJ6@m81D{*uWc)Co`mwp%jOoBe
z)x5~SSt>9P#OU~~M?<N({B;;yUr9oLKVuHI>)UUx2D<oJu%?F$*sB52g;cyf8>$$k
zm+_@AH$8%0__2mHN114Em&IR)e=b<dkIK#`=#Df}GKb633w?c*8C&Q{?StoP;fjA@
zvrPNS)j}-lT3TO;;*oYLWxvPr*nj~g3vZ&NyiFZr%~QMgG0QYDo8b*jYSj(0ua<NC
zc^*+B5oB~9s>U)i(oaunDQSWQ(~Gme;)fo`sze1|Sx734RQ@Q>u-3v&UC;cO`>tps
zW28L4tGqm5<C8f-lAMzRyHkbf<OlXbey$WG^;t!!;qojK_t*~%N8^W_OE<Z*D<hMk
z6Hc=~B<Y#;RCR+HnK>@!7%%5^qc=_Du;XK=7c8jaO!cKkx%p-te!S)4@XfrXE9o7h
z=8%vZ!5eT%`*@gPYZ)!Cz=M@jH#{O)H<)c+!b*Gu5PDbEAZhoCg?Iq=FerDr^RPLW
zA@LK4o68N0Z&O^gC%STK(=miwKzJ0L+trO5sh$+pR^WC3MO%5guT4aDX8`i1BB$Qt
zJXw&|m3wnic=cuw(vyvOrEw;RQBjpVb~<*mi*GfyPT2BgPrdi{z$4ttUdVxOO1{Dn
zxVK+puhA@9x3e^_@;0xxqr+8rJ%Hya#KQjcYp2y~`O4ZQZAtZJN<5Qyiu<xE$1)+>
zO#zQC`LI7gy(o%WtgQ+SX_uP@vE_|Pk*jQ}!}(XR1NW$h@<-d_CzXPpv+LIFg_$=E
z)@(Jbt6?|h<Amm4-aGDv-!5I9NZf7Q2vDWg8_fz*9eKJpqxS?~gNe(-x;^Zn-*&I8
ztl0DL!Oc;&W`EKrG)rEVZGuLAFowy{m=r)HrO0X|HA~^!l<$+&%P~B9889>Cs3%JA
zR`>k-l9^W4E4nUX7-E&TNotw2G$&u-hLq%h%-3xdDp5Y7KjYG(^&S^QOp0QC+Tdj+
z;CM#^zL1qNYB=}N#EW~|VX>yq!8{ZhL*(Go$IFy|RL$sSR6e&Vqa{0fBt=2kOH%Ci
zsoUab;f|;B-U^|~>Jb&@kqd^;i`8XoITCGs<09qN62eBQBuQtoZWx>6u`M2MgaOS-
zT)du+28D8xZ|FlAu1C<noVF_dz-impg2dg5Je{AfWYwuTiyJIm4bOVVz2S!Q^eMHl
zO6w@qnoZqN<VE+--dRgrY6o<k*ov1!n$^2B#1S7l^edFd<ecqan@0WAgk%Xe%C2$N
zq}lu+d0W_#Xpb2{B*3M)FeRYfnTp*NLt$&!sp&sXG$liAq{cahGpA@~YD4Fsn(b3f
zdt{_ySDh?ncgbhS!0lY&ZZ%f4F564Zzr|4gMd7onYAB?T{hYAEA4RCRyGuOjhx2ju
z3KK;Lu{BOCSK;tr>@f~b7qfSI9?UKa{eJQ;=3{vA$I+(_X!(`?Tov6q*woDwt*3a|
z6v^)fww(G;yA93r!Yf#2SCnhcT^Dd*`;>I*rNSy$%3(iB>%^ItaLm3<NO#ngo@qR0
zLSkIAKIT+Cv6Rpq<jhM$6oHZ6(EE~m{`I58YpWqxEx*cG=trkVFdf3;ZDpo}b0W;v
zh$WDUGhK6r{I#Ler@-hX(kCPCYTK0J6XnznmkaLSY};+z&K^9U1t%2GyI5|%nu;s%
zo8qvPlq@~ztcb>>jEj>N*qYqXd^9%T%6NpRYB*q31<Fd|n`?sq$+PgCpYuc$vOYi`
zE?cK+@>Q(VAdq_>_nXP-v-+ykC4s%_Co|GaS`gKm-V-w6-fBzFv0f+L+NB0p@`x7V
zRP!%XnSK(h204KRZJVwAvE7H$y1Sxw&Ir$FdxA@vc8`gQ>`ih?D7t1-ZJYvXv<*^w
zCYGxzmS{ivj~1;qXaOyFU1hVAHCJA0JYFVmu-9!bkW<#J8p$39F+r|53YDZ-3(MC(
zjR$G{NKm(-&+YI1FpJ3Gy0e)VDh?COZ94jP^J`DR{@0JH2^@tvj1@MnXt2%Vx{x+o
z*b;Ri<1|xkQ?&yc3FDvrFMZ!~oA4;cf%;H*E0_juUPe0E!eeFfpu+_eRr-!tf^gsP
z4y3PdmPU&EYF2eyMY$%PxNj*Ip1x@jykatn;!_z&tkUmi`eMzwh3v(wX<yc$ZE{t{
zSfhrQK+Pjq5ikVHBH+jK=-@MdMdFiO&lqgR3Mbdz{_@@9U^q*QL8}6HiZU)oPD}n{
zowX`^x%!G%rhXSoAB|Vba2e0Km~C<?QaK1woJSHgRnK26d_L^xg*M3K#G+6PPU2)_
zYz%oEkgTb?p_7A>W|O!R&YBv7jHR)7Qd0TMUx|6|<D~HUqc|kr6}+teqW+uRxa`?v
zF;e%Q_dTdRbE@d$%0V`oJFu+p4$^H{mT=x{W8atkSW4UnX+FoRM_r^aM_@bjS&=%Z
zawo(JrW8ZKy%%yd{ikB;s`UFNx{lIf5sB(l4&qO8T9REy>EUPdbfYA(btJcBO*bW{
z4F#}2pbiIA&N<|UR|@5FM)9HRR5Cj&X=hoTBtTxa@j3h~;!XU#WEIgPLlyZP!9g__
zLHMhiECxj@(W$BWz_F+rSNm>-pCnh{YQvP8Gmv|1Roj-E=h1-vop^iF=TLB*tNL0I
z)EXs46pw&p)hSDi0KrG^Gx{FMblw=A#`&a&j!n>4L@A)^sBst7MrEjmMcWWt!)Q<u
zJ?{!ry2CUyPM*P^FCff03B*%Yt&q2fKAqqV{^o4v7+b95GW-3ALhXECj(iA?5J~Nv
z&_u@ByYR4@zRvZzV8;qOkOjNiGcWXU-A5FUz91P=<te+xt*nfO8CT9dH`g4)C{gS$
zFPkb72N``|(PUzVFTC!$+(k~a<V@|0njmSjpGF<(QBlkzYc3E_^%SSChyEMYGug_C
z#_k(^$kt3Ri~iOi@t~D+|M-qxc0di@>)94MQ*EFA(~9APHo{%(bTPWFXMrPYxrSPw
zM^Tvz^A7!8$8PNs@3@i?Cvk!~Fob0ntdT3q1i`tSU&mW{`pCfBB87R!n#xVqg#cv7
zB@hPl>_Sb||5MplK*hCm>2?StND_iuAOr}mjeC&B-5YmrtZ|Lt1a}$<?%KEp2=4Cg
z?iwJE{4@8xn}6=iTXTBtRp)e9?Qcs}SJf#)J8m<_4aM0cM5+}OxZJ?y(d=^flOUaX
z&R$&=*9x)F>f4{Bu0Sb#JARr)Dl&B{XOWdDILJkelL@2zz}OTeWCS#&C03R|Y`xaV
zLTMsQ%`u|sN!3kIzkk_;K3T4-h*{aGz-~(Rly6QQ@RDP2CBu=-WZ5+|V>q=j?-nfr
z1_$wUsHUEshDy!`cs7OM0DpGpIn{PUiA$47XN6^zaJe*N-#e(NBzM80cKav~!|==J
zyM=P!bDz_C>0Q~lEl6HHp0bq2P4&rXA-7<0J^P!H$%Hb;<~a>gz&GZTbEfyZirX5#
zzF%<aCF-=c>GkQn3xuyOjwiLvcSv=@eJ6WQ!NK!Wty(a$T${C5uYTpyLiL{8LVA-6
z+Zb4fb_3wbI6Q`>&~L(Y#SX51xSzP(a%mm)@N6NLNs_kMbHuL&r4xVFyILumwl)Fr
zo>&Db<J=<ef;WAsOBEG>YD=}!7xaZFim7O7xv3^iWHE4wufA&bMMd{*Iy=xDLmjQ1
z9@+0KG)$GJ9kgO^J9|Ra<Ohf}o72@IhQY@%85FyP>ly*Nb+p@BCH*ctq6P7%gh83Z
zQf>^+lMK8&%<3)|Y%V5R&hAg<^NSiT#KqmR_cAN4-4`8Ha}Eoe#6HtF9uo9xRTg0D
zQ9PMgIDerAw>HVKnMiF-nkvrl3#WF3#PK8+jPp-r53H^U=bhHs^pdCIHiN#-u`8`z
zmzG-%#}f!8a%u-RChsR49g$ab>sk~B3a6OzrY9Z-9b=$0+T{r=*D8c3S~yJ7=u(`v
zt)S{CVh{3lg!t-mX{YN<=+TMqH{uY_$k|}MW-RR-OGhrFpUkfEj+n4@*#L3$o>{UH
zN5-+NoZr)Rpq|afdqo!Sa1<~X!ilOmhFY$3ePtkY1k+pOAs=u`Y*=qg)k|EN1c~W!
zebZy1{&Gm@P6x`kclcILGIhKSixsg+dB^K!oWyW1N8}nG<qQ(PL*kJ1y5U%GNm7=D
zU6MzX@LQweL8eM^CX+620qOMc^2b5*Bl@dzaDEtgyICu%?Tp$Wc-jW0GNhfL(^|PV
zxeYR^k?p0NpK-w2`||FfT9OWIyHO9RQIt|#QT`bNT6;Ktj2+K<av5;8`EkFRvweKT
zp4v5w{4z(jOX6!N2P|yTLcOo0pg}*<Ozu^WEQmjzHAhSd{J{6v(li3=F20GDCve}O
z$(0qS?4qCgg=eIeb<RWk6i&zUO{7%QZA5R_XNUzeCQ}trLYJH(vQ9}VB?ZioZOuto
zi$PjP7*sSnSC{(O^){2D`UWmcT|T9gnl?)ap`WWhVK?sRFHZ`9C+9ZGqUbmf1Tw~y
zTT@u!o^^*j$1*LjL6sM13snyPI?uZoLOWGj?-ux32L-Adq}PKh?bRxWHL^B$&8^^;
zqLCb})$1(Wc*s$qOTP{U<Mx!y4I}C7gMpjcE`+W5YYMppX1C-_Vz+*iOy_9ql=%%h
zJMaB5fw#@&5t5B_z9v{FQuCX3YK&IK(ZOVkU}0Ix`1SVLxKI+Js6^ag8`_yoKVPAz
zVo715QeT21BS?%zP2aSAH9yJqT<M%h^QP<iEJi0qRn=WdP4iGd;@4l3q`ub2h7v9)
zd!qE2?3Fz2Y^}P1lR$ZhDA(h;lL^Iz?+fvm#|k3U7}n+5q6A8wLvpA-7-_y{E!9jw
z36iW~%z3_({LI{42Yrt1&Z;iA;+rkk_q+ur8{3q(xE(r7Z253prYaJ$J$5#S_6*n1
z=c!fkY!1!Br|IfaQ%3z^h<H1i)-6A|7tJV$^IjmjjAzT4G|jzl8ILKE&-ZXceCZg>
zCT%oP>>+FJ_sJcUG~tUOnMYh!2<$022A8J9N-T$~@mVTw&0FozF9U!oTkFWIb)(6^
z4JyKThi|KU_OZII<9+UM?6v}HX#1ACl-imjoeR1@&LJCHTHtqFR(S{RRX5Ewr{MW)
zrL|lN^{-R~o@SU=G+yf(LPWIKRlM|VT6Xry^t-3ewO`|y`hdn|BvmVPEoo&U@XEda
z6_W`RJNLj;Z1gE?E5Cjgot_FhNa6SS*rT<+H}qG&Qg$sZ7R-6L@Q$BdsgrIG!#m>E
zF^X&O2*jc&^!7-SRHCWbJbuCapkCyh)}6@@UcI{$!EvN`A)Mnq(^Sv6q?o36^&o5|
z$!AdK9Z#{r`{-3BrF%J_w8Z`d>GRGkGwt=9t)iva#k*?YAx1t^mYbNNYb8$xy;T^s
zM<G(s+Llb=W!y+|?kwJ+<tJKow9`|{;+Mvou?f<JNNq*9+ldii28ABAgMO(hR>6Kl
zA&Oby!t}gN<Usa?8$-`3DfuUK2;~ds3hiR_Ce5qhSE9E(?-FAng)$2s6v5ZoTM#be
zo0BS;dej<TV2?J00tJ6-8@DjmSyGWWm|j*Ux2_je_mVxjR{n<kavE|gQLaTiW3-6D
zcacq3W3yOJ*Cb~U7iJF0+Uh4?jcvy9wNwvLp<Or;s%;lp-p0GIj8(gjpfl>Ju{zs(
zpE1Y*W^p-xDU{GX&}igHm)N9I%Yjv6nG}y?nlg}RRI*CMN{1x~pEP!X_@vz?GI%Mu
z^jX)CT9}x|zScDbZ#LAF^|nu?<iTq`1}a}}YG{L#JQ4?>@)dPBR9XGjgY{<B^2^K(
zLM5zyu8jl{lru9Evi;GQ&5DE7+(C}a!TA$2H9|iQoI?6dy<rS@Bj25Gnr)s{6t)0J
z?3EUh!MyeKa0f#ZwF74^jseoWSyQ*iU7?Lkk<Q-3zzs~<Q^-5g)m9-JEYF7rzyo)<
zuv>38zO7=Opxy?vYTlN0-;L4uLYQi6)>56TdWa#3J$yb{^^jBD<VKzGY&X1Y!+!L!
zfjP*?pt`yCfn{?uR$35V0gvV&vHv>%Lem2j2<9#aTE*w~7j5q^e-`H>=aim2TdaqK
zIh#UTItmV7R`b@+;{-U-Md*f94V9N@2~9TjIEznpGSrNrIx}bX*KdGpJ`X;Gx&GjG
zfSN)#IKeCK!gg9tiQrV1Lp_Y6?#Jf3*e_XA9b3+l<2v?`?YNo4W3nZVW@ES1`osZM
zP({(1{_B&ldBfo4`aM?e6U07NrqYcZ@tVfVL=V+m)<w}s!r;>H$A<+5j}Uk`Iman!
zs;UVNons7euT5Q?rf<NDf^DP)GhMz_!nzP$g+w>ii_eFwOeFT9^GH>(Ju)~|{FJPZ
zlIUn?CHAX;=Zt_@k9eT9f_{raLiH<dhHzK$!!}J@9_6lClCi`<mvzSLQ%V%4>s=P<
zz{j6HGug%|bd{38eSiOC6_5&)4m^urbEk%5{OV=^!fvB3a@b0aJ>)IONTM3(->I|N
zg2CJS>2BhD6h|$u+NZ)&$o7~U19;6yP9hqAtv;(+QwfOU3?5|has453`XJryN#-lU
z>;O;)C*!5Sgnob?Es4fd7$wPB7{$s|SoD*c$Ub5|Ms?$caG{qzNqy0c=#%&z`4N*^
zr|%R3s$iiB`A*z~09wGrW^dzU(slbsb4*KPv#7^7E_{SJ&lOG5UKU#S+KPdp>Fyjd
zLllL%PdRginlcS2Ay-~tl9Sr`U0<02|Hi70u?<n-xEt}zMl9q#m-=NZjBP5h$-@I(
zGcAN%9UC>xXBP-)SYWoFClXF8bRO4P%hMj$gF8S>0&ZJo2G6VZqj)`zjyH*TF4A6B
zX*bu*O{J9AeoZ$Qf_Fg85;31^lk=Z9V_O@$OfBvWUdvN^SLj6L``)Jqa(qHYWh3zo
zT1H<hYZuQi2XfUe4U^6jjaWfeAX$I;UiW1CC4G9xDTc-4!N8zR0Y;*?LxwG>R0krQ
zQ!yzgITd*KBsJEZm15f_sRt`M(fhaidh(N<P=*vMhvFNwtrHcF#98nmI|}x^TVvg9
zVx_yzVe%WxvF!w6s`<-LHl3|SEN2aB@vhFF3F$$ZdMdnXuDe`Z?>h2X&gw3>T>7(n
zd>o?%)zvhj<llsMhl+*GpKePLcSgdjJ(Iu(3t^&${j9K!PB-Q)i1&iSwp6+X>(v%)
zV=#MSq4udb@I(fNIOGy)BO_#+Y&3<nxIGw`E3{IxV?R%_=c{#8k8Tor3SU6hdZ6mv
zQdJJ$aQ^0Qo25H<+ew0VsbR+L!SuX=-l{?xm;SQRobbSR;k>bW%%4>lG0paDZ`55=
z>S#(@P-<jL_4vlPNr%vjuZqNM@Y9J}ODc$jNp!9BXqI><&t_9gq8V9WF=M9ZhkH_?
z*BK-D_yku+?2wQ+<(;aBsSaY=WG0pEF0+zm_*|Fwtcea%T8@RD@|SoHeXO@-a*HBc
zvu+fQQfG-eDLq++e4W-JY6VIaw@%i`mBzb6^w7v-jJ}O}y5W(_gX|d%>I$!1v^5#*
z4WiDdWEr}PH~GulI-HYKn=c87x6QC_#q$Sv?^T=R>(3;x<2S+V7Ui*P&BAoiVdFn$
z(^{*=(D)~c1b2(N3alv*uW~0G?}I4}78AZ>(+<fZx-Qyk5`)XEQr`m?hAcA{Jc`Ax
zbPlVMQce$Nw9Bm*ER$EqF6in7XqOUm41atx8O^<pRA6P;f1|{^+*xuvCfpG`bSBx1
zX1+R094s6rs;M%sqm;i>FR2)}WP#FT{2Huf4P8x94?V>6Kxy1ZXiKz13Edzjo{tov
z(cxIiC8zpXFFc~7Y;M}`ORbX@6`)Q#r$I1<%jbe{RVFj!qEvHa2GUoR#N#XdagdIn
z+~tCndWAaMPTp!JN)(R|kt*4mu2bKbyqunqBAIz&tt%#TQJGm0LCua0o_du=__Qqe
zDQ~@ZM@5#5y=oTy_}SD8{PLK)Pj+7Ep1JPa4Qr9zoW-6Z<qOrt8)u=cHMYo8H3pcD
zud>-cjo9dU^3tEqSE9Nz80eF6T+q472TT#84I(`IOhxZ%tbA^VWESLzmP&bnx{iWI
zGNaFL*ouU<{UP@;;*~!HHFY*OqW81eljF3KWv})~NBZlV=QYjmBxiB7arzltBge;%
ze36cJcFT-fhXiXcLghwFmig?Hcn&s_o5HWYDvahYYoctL9j#Ff&&M2CWEY(%d`QB=
zy+cgW%3gN2>l<7gm;Y8r!>b_V`Etu~L*Ub@n(`qU{+!&m+Wa6#=frmDrd&D~ira3M
zKCg##23)swJ0$rS@skg=#aMAa5iPZ3>rC|h4t<dXKh087xvetv;jQkodm~g8=Pd8c
z7~rD3cliF9&WuTWIDZ)0PLC<S?uyjnTYiA333CjShM{hKirxM#j^(2`RQPk30_j93
zOcnehZ)ZFvlC}>4XEs+XSeKhtHXieoLJ_tPGwI>m4|i@SY(KefZ^D=Ez0bQgc7tB+
zm&oshdEXp{i*uJZ5HNA3T~42c`*L9n@TQK((28f?h;oyxxaElB54F@F7yrT${#skW
z<(IpsE`yyfDP&`c<rJGeBe8iWMSxyZ*F7MhP#O`=hj}l`W*dBhQuvI0JbOXsMYo8*
zH5&d6H6HjqWldy2>SZFf<EZW_T_-*SEot3L^z|g0R?vsTL81dueaJ4NXao{2GPj@Z
zR)dCC2{I->vmz=3f}}H&6^6p809l|lD(7P+Tqx#6jS6{&p^*b$%qjZ@C)JAo9)_HU
zr-0z#-PNHg6gFEbvnqhFUB#(Q_feqzGsXvVjb*SRF^;i`3jRUoYjQ@^++Me~5(l7s
zIwb{lx4(^|y3}!nUio%p(nt72f<}811g4BzS5&TL*Z>XHlX42<t>(oRXMN2qC$-ko
zVptQSblyi7y)3nv@5YYuvobI6r5vo=f;L~#NyP@eh;X|Xy&^KiJzMuZH^?myI|a|A
zR>f<nQC-p<wDWstY9W|I5rJWgur*4W-$Ri>dN67>YR@XO;*Q5J@`F^Gdn{kkVzB8&
zoNPfCvsK|dns}D*yU$pimQu|nE3z|K!YJ<#bgomqzo^RU)l|!Jdhy$;yYjD>V?^iM
z=Eg@aeq-8O#Y-f4H9G&}`$T^J))kEpg$<~1EyjYKE2nweUuA4VwyBj7o0OYjTVFv(
zrD|MMnqFG(wb(_-H<mK>9gk-cgJXpJqYly9yyM~pg7WO^3FlkRd#h)%CyC{1*&mgC
zB}3N=Pr+lH{Y1O8^={@(B6NhCFCz^^54t^lw6q6P-=@X6taXKt1>DjYP$2u83;bYs
zJSIaFbZsbnyy3@bozn)K`#Q%*iS=_PhxI0ICh<OG&o2C6|4rgqhy$7E&obBgs%i8P
zT){?o^RkU-GY9%yj;Y753ZupCdq-$`BIJ0DZ~mOLhQyHpFDZ2%tS!OWUL<P|5z(Al
z%-HGCfjbCOatOrxd)v>`wu6uD7dP$aTqn^krZe0b=D=4on|hm)-z>h)os0Gbk5tcF
zSEo3>FuihD^5wB>crjO9@$=s9-gV+G8PW{*@rImf9P%&D1L=7?>@RL`1@)$fj+kuv
zl<fQOMmf!vfGTfzDHlRbo#)-l+K)6h%MDAHVkf_Ni`%?o?4zAL=#fR|*(|f+=L{W>
zlU$u9@|^wZ`FK;y<4_$@HSr@kAR1SYF?u<?#yuJ7t*x?SALU52HjHJdLei18K~f($
z-8ow(%;P^LCv9OlANOu`TG?RMkv4I{Wm9d4XC(0I!K5&#oIg!f4Xtp(wq~};&Di^w
zy}KYxFI=!c-sLQJVk#;BxpeeJi&gQxO}Qq6`r6|Hf>ph^EBUdx|J)<@@Id}-V$5)J
zi7oomj-`NC)`*%<`RnA*$}DRBd9!jnEdtw#ZTF|%cV(LM45_$j97|;bK(M&?&rO#~
zMhSb7^EcN47|NgN(b4XkfawQ;UsvZ$U@mT!tFZT(DyEdT(ca>mTsSO`U3mQ+GwA&>
z^+a0m08tK{)=ASnUQrFJzPq-E{r<Hw!A#=_Niw5vP+iq43knAd-S_tt1LKMPtXRR(
z8NO)IdP#7~#^fzilhY!7lkdrGo=qtIV#2HEXYRqd%87czU<n#VXtNv4q1g)-YnyL3
z?_1t0sbV3ej+BYi=BV82rvj^?pV2Yp%iKfBHU$pQh>MZZ8q8g7_BkDxP`0R~(ZUy%
z{U?vIG1P2Csq<gZb1u<4G}GX$sd(+_ak}Z5F)!&3N@nr(<Q2%^U{_MdWpDDzSmaA?
zm(oeRaX3@kv^-Oz9;2i_hoKyI0D}YavaJ^>W8!v&trsPu65Xh%>nxDl?i_{nemu@?
zsG<3iDLclDrkJA%1-VTG<ppUmTrP!s3!ZA)8Dz{PN#&fMEA!Fh$=t%cjYf}V_tE!)
z-zyr&2nxMqm1f=5u#R4|%)5Qg5!w^T$z&pBD``A#F*&raxr44^n{$atjtW+*^Dg{q
z?a~6bN>_P(ODtEFgCzUOtIn-Y;*O&5l%P=d;hW&F)gVyW-HV@TFQ%D;Dfr-M-J;&&
zv!DVrDu+8Ur$d$@<|U9tHjwZ#N2Y;N+>bUOwN0gr`6V~Ql35OSE^NzT?6WNSPlFgL
z)7L8$TV(7Eu*IbG_f#`QeN|R!g4>!j951C4UYJsF8;E`B?_DZkxi5>mytR_)V?AX%
z5U1EUYMdz<o$g~fs5u~i$1`U=7yUfB_p&?*nTiK@h&X)P_dF<SXMdRJ>L`woBhyDP
z?U%{9&CN==cjg12<+$sua4x{z>*lSE%~#u&<Ebk?<1#RG&hs={EWWopO?{P17b9Af
zotAuMi!)Vawive4BeBU7B>}^gNCpdc7$|D8-3;61pwQ0rO+>MxsrLRnNIt4^kK+!|
z?G81j!y}BmhC|vGvz<&w$lz0@sw|Sp(UMWt!F%yX%GqLMT0?@}U!HZiZLtO~rhfg3
zCsZ8OWB=}4gO~AI1MXCm&JkDlP2G!^!0OGI$ZhP1m5&cWBx%(^L*4pCzJr|b>_fkV
zsAW{{<yUR&>UK79(Z|8@o<`H4G(3t=k8gZp{a@s|toBkI!n-iIOQz?=d=KV3fTS*D
zRhCb%mFf{*laYR;$c{*lRVYSDd99EQaEuzg%5r;rM}zTUectd4H!Zb!GZuH*R&l)Q
zV^*Hv`}C@eabLYlL<Ke84m-ILYI;+t2ELf-N<Uo$WZUCvG-d5I7Rnw`#|Y9=k55>=
z<K@x)g6~B}SXeFMQy#MAMhdrA4i-e5ybo`ruoBfm5mbFn2j2#vd6W&7z8gYS2UI*n
zOz-^kreNG}z4exTy8I|#^wqtD<MdM}09Yn#ZC8PMF7a0#?}s0Z8;`T&5fzZt0TxO=
z341U2Ngc$FKRnKRL<(Gx+OPBYK624wd2<#NgZJg*+Mdq@NknOTkG3c}@}5uE=o1Pz
z>3kPrC;w-!S@gK$UXe!Ip>ugX<!Z*<-us2E^-kZ{<MbJ+;k$rv_NQ4!t51A{sB8gb
zn4Q<=SfuGlN`eT<4hR&629Yp%F5GBsl`wWz(}1JJ=wC>XaOOCvUx8L&<9b<+C*Yef
zmiK3hk*4dy(YXE5g=~s#$QC~B)y^T`g0`Ny7EwxO@@mg{L01{cdoLu0onNv+y|wA|
zD=d)M(F9}}lan}x&xXf5Gm_*irc+_rd*&_>@ll5-j{DPPFrDL!nSo{}h0k|Qyojk3
zvQ{mVEN$f;`srWakDrpJdkAFt4Hp^t8rhUq$6ch%>~*I5>0tzsE_S*A3qy*HI>cxK
z9CuQGNF2NlSloGnT4MAn`Y6tO=ZxNj`=uN0P}ivFq~ti)z_dh#XaAUE%-69jd}!x(
z)s<mspeUWKSX0~wP1ezd9A2p_GqYknsp5CO^iE^e6uZ_gwb<Dr`ce+DD7wuU_x&!S
z^a$>-u{&^zi~dej$tb-qvGF*AkJ#cT6XM-0A!2D!OC_Dypipgh6jI=f1?!xwWf4Jz
z|Lqh*RvuH!;49X-0URxe&XnT<)|2eq&S7bU$caPK<tfPzHAkZ7kssG33vtV6yl?z(
zg=gsc&t8(DfMl@v+gkT>28%Vm^uPF&NR+IixV{0ww25+jnMCC-`lYnTibK-bgE_r1
zE{8hBVUGNbXR$HbWP;WVzF~?ch^uSiGv*=v!fv%RYwP@AYl=BCAv*0aw?@V|H5QKi
ztDqBdS=_L%tQn$SYqmPOHY+b(vT@ltQWB5-5fAfxa>hU1r-^1VVLb$Xh<D1*uJehl
zxI{t^^)2VRC^q$Kbl81g4ugOX#}nx#*n6JB1sKH|kdNX_;<2qjAGA$2(BALy%wHh8
z>dnz8qj`Ul>#307>N{Kkc<>S_Iz=*Sn~}SJl_3sDxc#gYAXs&N=6Ttu$>&9Uzhcmw
zB)|}N)x}kJ-hTIB(M)(hm-g$peTihlZbYnV+SAe{FR;{T;$Sn@ZEW0{GX?i@1@0iF
zRdzXMv6)D$@OtO6(>1netS+_Fq8Lg$AIe|Tl}N@T6<Y@$f|>mYy71hkwb)Bww7s8E
zG57Cjg9dSkhoGt&;igh97SKS&<Q?QRTg)}71*EXHj3Xbo)*QT`GU7rzs?=fufhxew
z+YCeZC=1;IikNU^{&zHb19<0Yb`{6InW3e~V5feglr1KdXx@VluOs#_$o=s14>WU|
zO1j1BPMU<hxwah(`b(${!Y!WdIpz5$iJRm|25j@G(z=AjMEUG~#H$qUiBy_+?-V@u
z185;7n?3dNoou(ewxB+vDK~iwIeEuStc)uS;RN4Pw9BMaGf0J0<*VK9`6KpJ=_Ni=
zT%CHwf**ekEKG(P7QGiCHlsHdU_`y;8fDT%JU7(D@@pbYe8#FPZABj&=mIOVCL4oo
z=F=2jWyUqM<vYgP!3@?V7;3VkM=#s^yM@XJLU6+ffTx}m76ZW$<185&6U@hvhLWUD
z64FfB{-&$`vBH@KL3;*0-P$ddCt)VWh?W}duTT>M%uEK_IXXfMQ3^V-<aeC#7~BLD
zpXlgiS60MQOLuObeGTcKSKrYH$?=rUii@O}p=KX+{3(MbSGrf;z-&K0%_X0G6ZY_h
z6Mg8p7Wb{B6;B~tEo&n5$0F`}2L(z|?1lwPujS)zT=Hy!!&esl9Hrova@Z9&7B;nW
zHW85ObFK{;U!g6z%CWX8=Tq5k{?g^gfrVCb);3df7LOsQ`e~can?e;g0ZBJ~sXQeX
zTFc2!WKnnedfI4fX+1WkFCgi+sf5+S$_?(NFJ9iHUZleA`DGc%5e%U;s8IkdY2ivz
zM;T17FvJr{HO}(>L>E$F$=s*I>pZVz=rdmjyLCVa>yESoUS?6K(`UcLcK<zK;8RL2
z<QYX7>;2)Um(7iGWc>!ZYyGMPnV2S|l=ybCV@k55QZ6m-=&{q*ag^O~Dyax1W0Y1A
zxd^aqA$>5Be4mh<@8GpSA4Md)Rv-f*6fQlz;zv(ab#w{tOqxR={mCp2*r71G5J!-3
zTWzSaEqu5D<(`X0PkCjiuXxa;JH;{`1O^e)>gCM!j61W87w?}EU)(zVVoJazxcP)x
zCl=^NmDt?rz{8l;GSqL||K8nblr^|dT*vG_j18>SxiF-R=%hFzk7v@@nVnkWOIjto
zF@OP5YmtP|8>WDKE44+bRTVo!4RxE}Az10?;F=N$$w!`lH!}S|q^e@0I`V~{JTP@@
zym-U44<peb>HS%lM1(1(KKz@X>tM_hqwHSh9yw2TyX+dR@)b#ps0PgjBq2*9l$>RU
zD`O1PPWDcM7iHU2^QgP$ylywhCO27;Z~<DGV|be)xgd^Ua8T)o=y;&Uf6E~+-q!k2
zLzDMyxude&qDHjCLDp7`==r#;ReUtihr1`qBUa>br3*TZ@~=V5xM(0N)lAjh1+CK7
z0wD%>=}4tkJ7s>=MyCu!Q%lXX#-G-+=3$`kd&;J<ZZ5GN#t0D%4%4z~>Q6%}g<BO*
z6v1H$w7YQ&fvHn5IyQBAY;^-vAW-d1$%LYftjjLrJjrt$3A<*yGx|c~sXhpI<WAfi
zi8#)@L0~aFgI4z4S%sEnfJ?6py|p{knZcvk$(h04mN#h$SLLeub%@<!vQC}I3Qq&l
z)!b*|oAQ1ei?T(Ah6OqNB6wf+628Ns^c3T0{lV$sXej+tb~DbC$N3z-eZ`r_dpUC=
zwfxTKev?n`_Y0)tvD$3WD#YdYKC#UbTn3a^j^bjr(BzTGravE{#{78hKu5QRpj;QP
zGh(E@4XRw|iE*;=o5G&QjIG<?PZCDYsM{0o?+s2_n76In7!|FVza%A``tq?fgvM6G
zj_9gB&FL+!;k$Gg+=@wonU2oc`GBlg%jPN!7j1n$S*I}FCW-M1Rubj6<VYls<`19y
zV(v+%oMv7$I;OOOZX|h?ii?)?7%}zw>C>&Yz7n0M^GQ~YeKzP>JNui>9C0eoo;5sk
z&2MsfOJMjU7zXc4m~-X?m&2{_g0vba7b@mLEN}*rRo#=Sh#M{H`Q0_qvnKL6L7S;V
zCCav^htOUP<RwN_5vMpcReX1uF~d(Tywooq=!@kHwppY@{Q3?)>-)?q2P~6}r9N(y
z&WL=O%kPAI$Z`<Wk#mp{b^~1|bSmn?=E7B|M*DPcAy53tL&n3<K)-=>AWcFga?*+n
z18uQhaCFxcQ()A6fWq*ddILS5TI@pat}MC^CoXjrca7h9K>2QC0E-X)9?MCPALl^@
z@<HLI4br*V0J-xMkJ3eCDlV)0-Iv8eE@q+>4qFd>@8*g`<3)lG88|W3p}*M8Q?x9=
z*k`>b-xksCBJmR#DqwU>HMD24KVymxQypzl`2#l(by%eBPWIzGRvv9)wNOr`z4@fL
zgr@tqpNDrf8B38lR}7E#JFEG~({Xu8gvXv947%4iclod$C!tM<nA6MO5&v3vqH^>i
zNpjApixbnfJT}GQAn5tX*^e)I$*#w8Tt!Pe74b^n9!C_Kk97mg<&03`Wk(mvUbFd*
z!NV88L8JY?g-Y4e_l`aywMU1!HF|H;!u0PheHhez+&qERPEC-d&#LbX%YiVDVyXRu
z7kz1RtEum*b>tGhv4E-zgE|(@+da=g;Xt38%{5E!Odod^4|m;xw@XTIkmOSLF7yhv
zc41R3KZPC_ywEcM-(P%Z9nrfpy~i;@4(sYzXg~0T9-OS5p4HfHx*Tmy!K9V%vBs!U
z9Nd1{a8JbB##2l+bS!vkd;9fFY26R}nu~9kvlL{mnZtRPuK#rN;(58-09I>OKls7u
z61INyzzE};e_M!rK49B)xxyCCGuAy2QFT)p-}i1!(6h8wPi>lsf7^pHEQmXAVeo^J
z(X>}`G5UBFJmUQA)bhHlSg_miPF0mD?^8+PZ>+WQNvTdn<k{?gz*h^WVm=4X^QDrs
z+TvFkH#Z+!(mCXkK0o-M2S#y<VZ{9BQk@P|o$cogSXhabCrV6YLe3^|tt3Y!6$bRm
zioSgoWeHifT(PX;p$41XkV<^XDhz2i%ou?oY(JCSpN2AP<~MR#j!MqSbS#4*{f)rl
z+tASTHi<0DBAMygWIQ9#r`nyu+qWp8qMNY;;=*vAuHqdEsGJ3qL32eEc?}EKPA55X
zZIZ2!H-{nHeo{Y5TQa!acroz@KidxpJKdS0%dE@%loUV|nTuBFvds-EfjL`SG6`eB
zMs7&`UHv<3$_drP>F#Xxn|8R?j3;H31x~3u1qTe9Zx%tLB$xfu*_eA<obpF9J;a>q
zoq8&yvyT?9Q_v;Egr~Z@=~w#P6PcXir)eJQ;iN0sE1N~lN-6Q9WGh@r6@@S|qeE}$
zO;;kCtz`Gx6_a?PkO7;Sm-0zO@Iv@158BA+zyem3ZW6E|!^5T>YZJFk7S$z1DctX{
zq9EQs9w)+i(LdBT#XMF=t*6BD^<fS|eTjtVs;ITRQ^zX<Y2CHcR;O^$2JLEf)aD>(
z4PqOLE%w34D7wUWF@sxym*tyPenXXZ{GgcV&3BZMhiZWd>q>4SGOLVzic}J0jL_AY
zP*F$oe#XQMRHlY%{+Fd$G;ml}ih2zB6MRkMDZxZCN?{XS=L0sF?y%d}AYW<oew&;I
z^G8Kkw(<hv{Yxjt2Mbdpx1TXo&^5MWc}C^>#q03Cthu$CVxhzg`{t*n#oM`EH+}e8
zIDd?~%k1^kS@K6c0zzZgB=rRcNUWwu0t=0YxnraPVgRitC{y-=qF6Um(0+#eTn<(>
z6Z(_PW#g+bR<OoI*EqPR8^<ZiCLZR3sZfU^`i??5=QvvpMq^*)U6Q;RV{4Jh+FQr0
z7NZSW9KCYp$gh0LKN-TBp<^7nx}GG7V-YM_0Yg<#&iG&}r=^5N({xX9CPEd?)Toum
zoca`sI++AZsIDs?nQx@~Rps5#Xc%Hcob7s#v?t0fKmWRev!-td9{#w{`r77p#k&N~
z)~w6-V3Lx9S>#HbaQ$o1H1AFqdXjQaK1Z=pH826xFS=q-dp2;PuRR>cK%H?=#Zp^j
zA%uM%(lm`LnjS}UO?nTv;MsiIm))K0uBpfJOY^|e%a5eM!mz=%hQvj4=I+w@<QO0M
z(|x!ctom0rh<ePF@M%Z&!e*dozxieiNx@mt1&^t0)4)SivF3J8ISSv5P54KXmh|r}
zLDvnU*1BjHMv)K4DJm^J;0Kqb`(wjuZk1-Yf%ocsTltJ3tNDBv99==4P)g0Wh33GA
zxU69jnU%^2>jT-7GOef<*y3PZjf=Q_LY<;DN18B^<TUZDK<GlcdNnTv`AU%SS!(?=
zX;qALaO7H;m>eqA2fQ((o)Y`IF|wTQH3i*$=YXsmKCJZu@KXFvLM#jYIq#suEU}WL
zfSPd96d&Do)z=UfTzC4ZZ;aC#3S7vyIg2n6Am)e!`%&Ibs_J;&FVISI>PQoNjmMKQ
zWl7Z|29YR%f)=>Dd!VH1ZA}h^y7q{5)MFW6$c+YKPDxZbBq+@gV$_e_HaFd$ZWTS8
z$8<YFU+3oyX77;I%@}|U{<HHNE7*9NnS_!ouc2nY@*V>HGW(2_s?nR~omnD&&)1)f
z{W7X!PV$H`i){WSh1EdJZ4ii~>*3dBiA|j%F-lADrS^tO2O@>{mSMqNJi(MCFm)Pg
ze;GDSk?x;>y=?4NBM(QfmakYq=)!y^WX;MBXXpH+KNF?7P^{)MrWaYc?;5p*R{4oR
zTvG~Sekf^&?lhi=svp<6LN=MSUiCQBn|9w{x?{Gk!w!nr*6y!$RAljn@r9qH0VjU2
zO{{p|{HZy*EHWofAQi;iDpo?;B))jw_mtADIH3KRmd~z0hkhY-At(1ytb5MlXbm>W
zCTIMHfHN6x6XOcio>CoKgjiPr<4ni|=>RH&bQ78Q#A;HkUim`$Ea(YjRJcJS2RzD{
zv#-unHG}#+JzY%slhvqU?YL3)N`+E3QJt)Sb~`T{r7<l)QuBp6XJ0$JRNbrtEKXQK
zP_sjBj!jc1nq0V3fHHjC7d39j;0wQ@mah?Iv^d(c@Vyu@y6T>Qxoa_BsTOL5XPWpG
zs<%kS(!D32SoVsHyUKM^?^3;4ih|#yak8q7GdFHva3mw}E~`M7;08Knr-eiOg06?b
zvJKo*0Be@|_=j);J(;@Wi_1buS;He*iV$WKM#^htVm<VaZcsX0xwq$hztp_5R$N@O
z-sR-Np;~5Q_5m$3VC-&{Z!a|%K3ftl1aJX=AlyoTw8kLvrs@3njEf^f%k962k=*qj
zW9b7m2JC-Gy=ueT*=Fh!YRUYN8-!p0n&hwKqxIi93(i`#a@v+3?{B+ZY5B#Adj5+D
z2^ic@WrB@N*&-s}-|kC^)#jV~5+M>!;TjBIc09JAC6ahDF)Aa##kn7E@O(8v3H3SU
zrw}tM)1cV58;Cy7b>JKBU4ep6<WI(+Vy%~~!#)AsF$0HvJOM2T&e^iXdSivN4l<NO
zbFsri`inV=(FmI?pHsV2YTmy6m^A7^>dSv!y2adEs*?LdNZjRQ>N_9Jj|+PUh0IX4
z>pKuD^k+OL?+ex*75%D8hZdC&&dfAyZLgc_L}^3Ra%B{!NM&Ap#YTTE*X#W8#WN}b
zU5jj6^@K7hMr^7>Txf}?g*^jYi1AJ4?SMX_g?(|w5XuHZ^pE3UhjeIunZ{b-s|z|E
zA4gk`jq)%M=(GyJtwdi%!@#a#T13hFD*9;+i=?*YvehyyH4{qnF<ilfwE8SWIy2Si
zyx$*q-HTItg}_FX&NXnKKNm$J>ZvKBYde%DfR=$cH|f0sC3@F52*p<)|8#woccDfh
zN|JN`a-a-WJ3n4n_ok}FU>ZRI&yoQ(7@+os6EIxQ-=5=&gk%P~F1Kp@*eK3VLGU`q
zY-P@2+<oVX&Z`NR;Koi4C50!$^xq}ci@p)bxk(q%d`5?|B{XNE6r3R$@r#&UKe2bk
znu3VgN0$l*cdJc7ep$t08d}sdRzSmXZBm@UkDIn!Y;ZsGpNfeumqvX;uDko@rwxK5
z4zsH4^5~Vf&PNrbp6U*)r(+3IG1<#OO=yaTcMG?ji+=sDMGa!@Any3o*8M{f4k9u%
zg+bwYESx6sZ$7WXRhLTfirvi=dD-HE6~e57J9$7ZnJS>qmNBYyZ`!|c*vpDzGhVy2
zem%(Lk74$1&r7-dF#5fISs~a}=et?z0-PA_gz6fn+1u0958-VdH$lhnesCjdU#!D;
z<VrSq=yQ6-FRyJq^!34q&3aL@ZwP2@9S*sjz1!zVR^n7iFYzJTqd3)gGVzM<qrc6T
zTuNphfcVuueSL<`B9yj?i*MUw;V`})j<AvrYK<9<>p#!w;M`Brrvk;is}4Z##v@FV
zM*Ke6{ahU5gQ9#P4s(K{$rsI%##@<!o-YYQ>|HM-yo8H`Kl-YdH46<vV0vXUELiF>
zo0iaZF1uB=mlTWW$+a2X>O_4F4y*mqTL%Q$4C#~zeq)PG%-5ZV%+kit##MqoF+zQ~
zQBH9l?&L^it6ZMYlY4u(n##z&_2jc+=Z3rQ7E^C&X1_0}^(O_32l{N-u1M3+H*#s;
zH|9U!)?)e1RV-#TFnbNU^%-rJ<Q>d-re+Yr>G&#BwMEzYwFu!l8W#m*WE(HN8qzj6
zJsa9>+llWGTZ~?KVPDgD_R$@Ff1sg%ClB^oZ)$z5{KR#<Z3Yq~DUTqWW-UNuID6{<
zb{T5)t8(xVTqd=)4#0DH8l*xh&EPsv(x!@2u(H``DrF{LNy3*dqcf);!cKTfhum#f
zq{s7xWu9xTd?A<kxz?^BC_q#{EVK4$0c1!so&=$zX*C7L(5h3w?f%o!(H3!v-^_#f
zYpWb*zJMv|PT0o73&f+i!7#95U>9yrzsRas&|rxNAmw@H>g*Bh@;kw{HQS{aZnhwj
z(J$oY&MEB6YeEvKo&$gU_3j-A%Nf8uJY>(@y1_`^1>Y$F;_h{|mHs%}F8IfYX<7t1
zt_y~N8EC4Zq)w>=Z;FALM!q2zDKgD;<#SeI%e8mKHpJ|WrTPRVJbRkKiA|lUJP%Ui
zBjVhZ;imgUmkA>??o~j)UCK(H&kbE!9vQfH#?ysOQ<e3LTaJuHoh9ON9>kq$Yh-1U
zQNlmG)yoCRGJH)M&)8+iPqiAE*?c?ZdX#l`Yk%LG*>aO30pd}@k6-tSNIR@6EEnAy
zsd<0?9LT^Tw23TCH0kO={Hc!D!Fo4r`#W*ix!$MYi)QWy*%O7i1!X`OqGjwC0j^QX
z4mQ(d*XRr%&%2|RUm_GUw&q8raqBd4pM4zd)Rc{hD!Gd42n$CG<-ny<24eJ%kP-KS
zf}Pff>+1xQp`Cz`kN{>6?Inwl>m4%f+i?5!C7m}9ge}2J`f^2a-WApY%MJQl`|s!U
zB^i3qtYef$8KlQTro8VOsIR~Oidq!_NFqwo`8!<E*6g-APRSQ$lyhx^to7N-Otds@
zU_VN6USeI3teyaCucj0ywGb64$_L4qdyRZ4QPayUz6>Y$cs3$rizr}H7Sc<o35k{1
z;f%UWM%a!`kjljg2@5<K(Yt?{NNJDzbfbG_d90H1{c-KXq(S8ib@Z&3!Br~VhSVWP
z{L%{FtGTyrz75;%*g0U##bP+1;js^E#uaw5`(9>sLb<HB8>w!iE<(Z|ROSoudvQ-K
z)iYzx)m)qMikD#W*<tI~UvF{=qE-YvHK@1^oC{fQ`Sy*uMU&<cXRMMvmo9q0Ex~B^
zvh*~5+JS5oo(^!(bn{=b?`0I)U*c0R*M#(7<Kp8!piuLI8K$_Pf|!AP$&SKneK#@5
zI{x3*H-lQFj)dl`y_`oDa=E-eHaC~FcetEF*cNCo^h;FBJ`5s+d0*c`Mo|QPo_(Qi
zmA}lD9uyebN*TU}gw@#5E=H_mrbWVgAXHd)bP~%7ST5<IrFQ6E8@x0Gekk;6$<`7+
z<;bHd-&QB`mQZj?*ESaFL)>(H-k*`8p5ke9Y4LTT6b)ZY-84oAS)1yW@?0;#xc7h1
zIUJOJ&ynw*8Mxc6XS8o_qjU|3{jT{UXLt(A<&WHN5B=y{wS6GH%9Qc#%iGkp=Bo(A
z=kyw|w_TxcjJJR<$eP<D;X4QMeLVx$_nuQ34Q-x)xlN4yAiGH0HS%dw_h_7(IE118
z&+G5C5!d&t1(Q5IeuYhWV`q}yr*;e>Sj~s=7=&iDNb||h7au9Er7h^bs^7NU{Eo66
zbhI|t^wm>Rn3MybnYV*%e@E}t>*w%}4<8GKZ6tib8r74g&+#!Kl;}lIE1UdFM$mwP
zhSMuUrc+-8LG3xy$aSsd?8W}keR5ooPJXIy=<RuyHE9dlE+T=AbHxb#6D&2$e$Ax~
zBVXW5?JcG$^oIyTL~!wGeEoCy(1M-9A_}uyMD|TSCU1lAtJxs=hh)xI@R!^$J*Rel
z7+dgLp6iu5pPH~c->-N5RB(C}&xlVqdC`)M*OK_9%2CBa??CHy`X9>5o*oGCQl)Jw
zUqg8Xo}*Et#GP>O{Nlf9@R6e&)2-c=T^=LVGCwE|42fD3_8#4*N-=_4VCu&Or)M+C
zi}Q%k*|%fsa)B;FaA!J8s<*zhD{U!Z_YBLh=#U6?ER3z)4onVF)0Z7t$I69n%<l&k
z7DEgtb4zD}DP)TvWa-GHan)2)YpwJFHIypm8MIaz8k4tQSsS=V1|9rH_A5##I5WyJ
z!nD?LtMnA-Y;;Esh{{RZnO1-jC~Pn8*uHWY6Yz<j_<PW*ca*F_wYy$Z2>Rbs>ICQ`
zEOepN>3u=)xm0YA^858wSp1Fx?MTS(1D#C3JxyJ}0QY?~Z}S5I;u1<;Ys@@E0{i>3
zBf)Qav>P=TC{X#1oSKWisB3PGNH$$6eURbO4mX>osFh=(*R=(BxK#oc^|XfJmGK9V
zP6Y09MV#pl&c+jl{Ms6nB(Z{BeOwbKxje9b-%j+_HM_*e$ZO53;HpKSZrt_N)k;S2
zld3Q6MMG{8w4Hjd1eVE{a~8fdxYl6^gyC7S)wqY?_YbIEp7<z8KSv(GgUT@Y008vT
zuK)_tPY|#l&$I*}0|4*sv=q{wGX9_g006(~@vDEkAQli4M>ji@e@~^TRJ0$$2mt&h
z{6EqtK0c|KJ3$O>3@ognOpbruGTPag{lx_t8Tnt>jo?(p{#O8ii7fzt`Ue+GCIA5H
z=w@vKWpssD|CR19ng1U3&EFpYxB>uxh^>vOg_)Csfun`34HU>^=U{8*U;>328aOch
zPn-z<;H2<RoNVo!>>wsKPX7x&f&ah<>S*BT^#7ITPtCsn10Mq;BNJ<rM@4P_XU+cf
z(Ct5P`mNOe&OXe7|JBltwzk%G1~w+v|D%2Wl*arY_?TMT8aSH#Z*)ri2QI&*`Tyzk
z_79(r{{t5bh=G|2lu6ja5n^Bm{lAL+m4%z3^gbX00N`O90QfTlVSE4p6fBG!ogVWZ
zlZt_%wTXg*iL-@?3kxIE8S?KL(Ue%4q!beX_)YA82$c%{8y^<t#|y~(uYj3_9rXM0
zcPPpw0utrq0CI@}g}FpTng3qe{wg)0+Lt#sF9Cqx^e4nO>;Ddd8T21e%%UI;E)X{}
zCo7PXm4l62hzs~n5J;~~F-Y71fZy~d#J>A~3n47}FD;mbg@o8RggJ$oSw%tIqU=E6
zKSHoAyeU$`0|0*0pAb6d|1AX9e;_b(F^jRVv2y@LL|9q4I7LK-#QsT(;6qA*<val3
zH~k5L@Z!n;^XVVH0E)2w3*#~5VrFGwW8-4s66F+Q27x&L2}0)Zhm_#b6Tol!6N0_!
zzlC7`4>f@7TwH8Gb|4p!gO!_|9mv7<2gF}F6NEfPTKfV3cs$Vf-yphTp8lx?kc*k)
zxAYvGoa}#vAQ5&pAQuM<2RA1>8!IQrW2XHt|KE4h%Y;-Y0KnCM@x^NTzd^8YigEsC
z%?e`vm!W=#-0Y&<93nz&>|&3`0tt!y9pbM{o8@>FA-)O#{H8w*WnK7h5dXJau#1ZP
zhGJ%8eJmBsVw}RD#~aSacY;Fyn4{EswYa~x0|3A2Pl#t>h<_UD|3LuR{sV%8gPV&(
zSd@#CRaorN*WAp)|K#rLgR;WI$BOPZ{Ru&!g!JD)FmwOQV9bx9Fo=VhgAK?GVrA!G
z<z(mjJH%h^-kVxXy?X`#L{R}Ak1YKArD=c!fSNcuTG*KVQJemi@?%DOU)K`=fC2H}
zTL2N}NPx%s-{9|c@L#E{Fqus`5CDLINB`se9S#s`i3E@ZsR%Jh%84;S3~Ve+O`wkd
r#NzMG60|>9JcA$sjBITjO>F)%A=0B}0Kl8aPvv7H#d;s<@#+5n*7MAk

literal 0
HcmV?d00001


From 985b62570ebd41750a6457b230242ee87937b1df Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 4 Mar 2020 08:24:44 -0700
Subject: [PATCH 127/183] switch test harness branch

---
 .../Dockerfiles/moloch.Dockerfile                               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile b/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile
index 5305c03cf..08894df3f 100644
--- a/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile
+++ b/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile
@@ -3,7 +3,7 @@ FROM debian:buster-slim AS build
 ENV DEBIAN_FRONTEND noninteractive
 
 ENV GITHUB_URL "https://github.com/mmguero-dev/moloch/"
-ENV GITHUB_BRANCH "topic/netdiff"
+ENV GITHUB_BRANCH "topic/netdiff_2.2.2"
 ENV MOLOCHDIR "/data/moloch"
 ENV MOLOCHUSER "moloch"
 

From 02d21e603439c7ccb74141565d0dd27e9348bad9 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 4 Mar 2020 08:48:36 -0700
Subject: [PATCH 128/183] temporarily pull from
 https://github.com/mmguero-dev/moloch fork for issue #2 development rather
 than aol/moloch releases

---
 Dockerfiles/moloch.Dockerfile | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/Dockerfiles/moloch.Dockerfile b/Dockerfiles/moloch.Dockerfile
index 7b930eb30..cb05e3ce8 100644
--- a/Dockerfiles/moloch.Dockerfile
+++ b/Dockerfiles/moloch.Dockerfile
@@ -12,7 +12,10 @@ ADD moloch/patch/* /data/patches/
 ADD README.md $MOLOCHDIR/doc/
 ADD doc.css $MOLOCHDIR/doc/
 ADD docs/images $MOLOCHDIR/doc/images/
-ADD https://github.com/aol/moloch/archive/v$MOLOCH_VERSION.tar.gz /data/moloch.tar.gz
+
+# TODO: temporarily using my github fork branch until issue https://github.com/aol/moloch/issues/1162 and
+# https://github.com/idaholab/Malcolm/issues/2 are merged in
+# ADD https://github.com/aol/moloch/archive/v$MOLOCH_VERSION.tar.gz /data/moloch.tar.gz
 
 RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \
     apt-get -q update && \
@@ -62,8 +65,11 @@ RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list
     sed -i "s@docs/images@images@g" README.md && \
     pandoc -s --self-contained --metadata title="Malcolm README" --css $MOLOCHDIR/doc/doc.css -o $MOLOCHDIR/doc/README.html $MOLOCHDIR/doc/README.md && \
   cd /data && \
-  tar -xvf "moloch.tar.gz" && \
+  # TODO: see comment above about aol/moloch vs. mmguero-dev/moloch
+  # tar -xvf "moloch.tar.gz" && \
+  git clone --recursive --depth=1 --single-branch -b "topic/netdiff_2.2.2" "https://github.com/mmguero-dev/moloch.git" "./moloch-"$MOLOCH_VERSION && \
     cd "./moloch-"$MOLOCH_VERSION && \
+    rm -rf ./.git && \
     bash -c 'for i in /data/patches/*; do patch -p 1 -r - --no-backup-if-mismatch < $i || true; done' && \
     cp -v $MOLOCHDIR/doc/images/moloch/moloch_155.png ./viewer/public/moloch_155.png && \
     cp -v $MOLOCHDIR/doc/images/moloch/moloch_77.png ./viewer/public/moloch_77.png && \

From 4e78ea810725232c966ece07584d0cf51aad75c0 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 4 Mar 2020 11:23:35 -0700
Subject: [PATCH 129/183] update elastic to 7.6.1 for security and bug fixes

---
 Dockerfiles/filebeat.Dockerfile                        |  2 +-
 Dockerfiles/kibana.Dockerfile                          | 10 +++++-----
 Dockerfiles/logstash.Dockerfile                        |  2 +-
 README.md                                              |  4 ++--
 docker-compose-standalone-zeek-live.yml                |  2 +-
 docker-compose-standalone.yml                          |  2 +-
 docker-compose.yml                                     |  2 +-
 .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json          |  4 ++--
 .../05e3e000-f118-11e9-acda-83a8e29e1a24.json          |  4 ++--
 .../078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json          |  4 ++--
 .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json          |  4 ++--
 .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json          |  4 ++--
 .../0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json          |  4 ++--
 .../0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json          |  4 ++--
 .../11be6381-beef-40a7-bdce-88c5398392fc.json          |  4 ++--
 .../11ddd980-e388-11e9-b568-cf17de8e860c.json          |  4 ++--
 .../152f29dc-51a2-4f53-93e9-6e92765567b8.json          |  4 ++--
 .../1ce42250-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json          |  4 ++--
 .../29a1b290-eb98-11e9-a384-0fcf32210194.json          |  4 ++--
 .../2bec1490-eb94-11e9-a384-0fcf32210194.json          |  4 ++--
 .../2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json          |  4 ++--
 .../2d98bb8e-214c-4374-837b-20e1bcd63a5e.json          |  4 ++--
 .../32587740-ef88-11e9-b38a-2db3ee640e88.json          |  4 ++--
 .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json          |  2 +-
 .../37041ee1-79c0-4684-a436-3173b0e89876.json          |  4 ++--
 .../39abfe30-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../42e831b9-41a9-4f35-8b7d-e1566d368773.json          |  4 ++--
 .../432af556-c5c0-4cc3-8166-b274b4e3a406.json          |  4 ++--
 .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json          |  4 ++--
 .../4e5f106e-c60a-4226-8f64-d534abb912ab.json          |  4 ++--
 .../50ced171-1b10-4c3f-8b67-2db9635661a6.json          |  4 ++--
 .../543118a9-02d7-43fe-b669-b8652177fc37.json          |  4 ++--
 .../55e332d0-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../60d78fbd-471c-4f59-a9e3-189b33a13644.json          |  4 ++--
 .../665d1610-523d-11e9-a30e-e3576242f3ed.json          |  4 ++--
 .../76f2f912-80da-44cd-ab66-6a73c8344cc3.json          |  4 ++--
 .../77fc9960-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../7f41913f-cba8-43f5-82a8-241b7ead03e0.json          |  4 ++--
 .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json          |  4 ++--
 .../82da3101-2a9c-4ae2-bb61-d447a3fbe673.json          |  4 ++--
 .../870a5862-6c26-4a08-99fd-0c06cda85ba3.json          |  4 ++--
 .../87a32f90-ef58-11e9-974e-9d600036d105.json          |  4 ++--
 .../87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json          |  4 ++--
 .../92985909-dc29-4533-9e80-d3182a0ecf1d.json          |  4 ++--
 .../95479950-41f2-11ea-88fa-7151df485405.json          |  4 ++--
 .../9ee51f94-3316-4fc5-bd89-93a52af69714.json          |  4 ++--
 .../a16110b0-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../a7514350-eba6-11e9-a384-0fcf32210194.json          |  4 ++--
 .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json          |  4 ++--
 .../ae79b7d1-4281-4095-b2f6-fa7eafda9970.json          |  4 ++--
 .../af5df620-eeb6-11e9-bdef-65a192b7f586.json          |  4 ++--
 .../b50c8d17-6ed3-4de6-aed4-5181032810b2.json          |  4 ++--
 .../b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../bb827f8e-639e-468c-93c8-9f5bc132eb8f.json          |  4 ++--
 .../bed185a0-ef82-11e9-b38a-2db3ee640e88.json          |  4 ++--
 .../caef3ade-d289-4d05-a511-149f3e97f238.json          |  4 ++--
 .../d41fe630-3f98-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json          |  4 ++--
 .../e09a4b86-29b5-4256-bb3b-802ac9f90404.json          |  4 ++--
 .../e76d05c0-eb9f-11e9-a384-0fcf32210194.json          |  4 ++--
 .../ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json          |  4 ++--
 .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json          |  4 ++--
 .../f394057d-1b16-4174-b994-7045f423a416.json          |  4 ++--
 .../f77bf097-18a8-465c-b634-eb2acc7a4f26.json          |  4 ++--
 .../fa141950-ef89-11e9-b38a-2db3ee640e88.json          |  4 ++--
 .../config/hooks/normal/0910-agg-build.hook.chroot     |  2 +-
 .../Auditbeat-auditd-overview-custom.json              |  2 +-
 .../7/dashboard-custom/Filebeat-syslog-custom.json     |  2 +-
 .../moloch_regression_test_harness/docker-compose.yml  |  2 +-
 sensor-iso/beats/Dockerfile                            |  2 +-
 sensor-iso/beats/beat-build.sh                         |  2 +-
 .../config/hooks/normal/0910-sensor-build.hook.chroot  |  2 +-
 .../Auditbeat-auditd-overview-custom.json              |  2 +-
 .../7/dashboard-custom/Filebeat-syslog-custom.json     |  2 +-
 sensor-iso/docs/Notes.md                               |  2 +-
 .../sensor_ctl/heatbeat/protologbeat.template.json     |  2 +-
 77 files changed, 140 insertions(+), 140 deletions(-)

diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile
index 442a398f1..0847d4b0b 100644
--- a/Dockerfiles/filebeat.Dockerfile
+++ b/Dockerfiles/filebeat.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/beats/filebeat-oss:7.6.0
+FROM docker.elastic.co/beats/filebeat-oss:7.6.1
 
 # Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
index 281534b3f..cf7bdd350 100644
--- a/Dockerfiles/kibana.Dockerfile
+++ b/Dockerfiles/kibana.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/kibana/kibana-oss:7.6.0
+FROM docker.elastic.co/kibana/kibana-oss:7.6.1
 
 # Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
@@ -77,7 +77,7 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     # cd /tmp && \
     # echo "Installing ElastAlert plugin..." && \
       # unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
-      # sed -i "s/7\.5\.0/7\.6\.0/g" kibana/elastalert-kibana-plugin/package.json && \
+      # sed -i "s/7\.5\.0/7\.6\.1/g" kibana/elastalert-kibana-plugin/package.json && \
       # zip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
       # cd /usr/share/kibana/plugins && \
       # /usr/share/kibana/bin/kibana-plugin install file:///tmp/elastalert-kibana-plugin.zip --allow-root && \
@@ -85,7 +85,7 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     cd /tmp && \
     echo "Installing Comments visualization..." && \
       unzip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
-      sed -i "s/7\.4\.0/7\.6\.0/g" kibana/kibana-comments-app-plugin/package.json && \
+      sed -i "s/7\.4\.0/7\.6\.1/g" kibana/kibana-comments-app-plugin/package.json && \
       zip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
       cd /usr/share/kibana/plugins && \
       /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-comments.zip --allow-root && \
@@ -93,7 +93,7 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     # && \ cd /tmp && \
     # echo "Installing Swimlanes visualization..." && \
       # unzip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
-      # sed -i "s/7\.5\.2/7\.6\.0/g" kibana/prelert_swimlane_vis/package.json && \
+      # sed -i "s/7\.5\.2/7\.6\.1/g" kibana/prelert_swimlane_vis/package.json && \
       # zip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
       # cd /usr/share/kibana/plugins && \
       # /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
@@ -102,7 +102,7 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     # cd /tmp && \
     # echo "Installing Milestones visualization..." && \
       # unzip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
-      # sed -i "s/7\.1\.1/7\.6\.0/g" kibana/kibana-milestones-vis/package.json && \
+      # sed -i "s/7\.1\.1/7\.6\.1/g" kibana/kibana-milestones-vis/package.json && \
       # zip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
       # cd /usr/share/kibana/plugins && \
       # /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-milestones.zip --allow-root && \
diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile
index bc0b8749f..98ea2f797 100644
--- a/Dockerfiles/logstash.Dockerfile
+++ b/Dockerfiles/logstash.Dockerfile
@@ -42,7 +42,7 @@ RUN /bin/bash -lc "command curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -
     git clone --depth 1 https://github.com/mmguero/logstash-filter-ieee_oui.git /opt/logstash-filter-ieee_oui && \
     /bin/bash -lc "cd /opt/logstash-filter-ieee_oui && bundle install && gem build logstash-filter-ieee_oui.gemspec && bundle info logstash-filter-ieee_oui"
 
-FROM docker.elastic.co/logstash/logstash-oss:7.6.0
+FROM docker.elastic.co/logstash/logstash-oss:7.6.1
 USER root
 
 COPY --from=build /opt/logstash-filter-ieee_oui /opt/logstash-filter-ieee_oui
diff --git a/README.md b/README.md
index a08e880f6..1beeeca03 100644
--- a/README.md
+++ b/README.md
@@ -141,7 +141,7 @@ malcolmnetsec/nginx-proxy                           2.0.0               xxxxxxxx
 malcolmnetsec/elastalert                            2.0.0               xxxxxxxxxxxx        30 minutes ago      276MB
 malcolmnetsec/htadmin                               2.0.0               xxxxxxxxxxxx        31 minutes ago      256MB
 malcolmnetsec/freq                                  2.0.0               xxxxxxxxxxxx        32 minutes ago      188MB
-docker.elastic.co/elasticsearch/elasticsearch-oss   7.6.0               xxxxxxxxxxxx        5 weeks ago         825MB
+docker.elastic.co/elasticsearch/elasticsearch-oss   7.6.1               xxxxxxxxxxxx        5 weeks ago         825MB
 ```
 
 You must run [`auth_setup`](#AuthSetup) prior to running `docker-compose pull`. You should also ensure your system configuration and `docker-compose.yml` settings are tuned by running `./scripts/install.py` or `./scripts/install.py --configure` (see [System configuration and tuning](#ConfigAndTuning)).
@@ -1771,7 +1771,7 @@ malcolmnetsec/kibana-oss                            2.0.0               xxxxxxxx
 malcolmnetsec/filebeat-oss                          2.0.0               xxxxxxxxxxxx        11 days ago         459MB
 malcolmnetsec/elastalert                            2.0.0               xxxxxxxxxxxx        11 days ago         276MB
 malcolmnetsec/freq                                  2.0.0               xxxxxxxxxxxx        11 days ago         188MB
-docker.elastic.co/elasticsearch/elasticsearch-oss   7.6.0               xxxxxxxxxxxx        5 weeks ago         769MB
+docker.elastic.co/elasticsearch/elasticsearch-oss   7.6.1               xxxxxxxxxxxx        5 weeks ago         769MB
 ```
 
 Finally, we can start Malcolm. When Malcolm starts it will stream informational and debug messages to the console. If you wish, you can safely close the console or use `Ctrl+C` to stop these messages; Malcolm will continue running in the background.
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index f6ec212a6..81620f417 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -98,7 +98,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.0
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.1
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 73c8f7588..8a63900f6 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -98,7 +98,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.0
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.1
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/docker-compose.yml b/docker-compose.yml
index bba1b07e7..64983c4d9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -98,7 +98,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.0
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.1
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
index 5bc3c655f..72977b57a 100644
--- a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
+++ b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "024062a6-48d6-498f-a91a-3bf2da3a3cd3",
@@ -10,7 +10,7 @@
         "title": "X.509",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":17,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":25,\"y\":8,\"w\":23,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":25,\"y\":28,\"w\":23,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":17,\"h\":20,\"i\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\"},\"panelIndex\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":86,\"w\":48,\"h\":39,\"i\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\"},\"panelIndex\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":17,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":8,\"w\":23,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":28,\"w\":23,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":28,\"w\":17,\"h\":20,\"i\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\"},\"panelIndex\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":86,\"w\":48,\"h\":39,\"i\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\"},\"panelIndex\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
index 522f87185..b8f47497c 100644
--- a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
+++ b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "05e3e000-f118-11e9-acda-83a8e29e1a24",
@@ -10,7 +10,7 @@
         "title": "LDAP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":18,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":27,\"w\":25,\"h\":27,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":25,\"y\":27,\"w\":23,\"h\":27,\"i\":\"9\"},\"version\":\"7.6.0\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":18,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":27,\"w\":25,\"h\":27,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":25,\"y\":27,\"w\":23,\"h\":27,\"i\":\"9\"},\"version\":\"7.6.1\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
index af04729b1..311e133c4 100644
--- a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
+++ b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b",
@@ -10,7 +10,7 @@
         "title": "FTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":47,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":47,\"w\":16,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":16,\"h\":21,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":37,\"i\":\"8a83e818-c814-4c25-8740-932d60d2457d\"},\"panelIndex\":\"8a83e818-c814-4c25-8740-932d60d2457d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":47,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":47,\"w\":16,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":16,\"h\":21,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":37,\"i\":\"8a83e818-c814-4c25-8740-932d60d2457d\"},\"panelIndex\":\"8a83e818-c814-4c25-8740-932d60d2457d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index 679198b74..bf8cf69d0 100644
--- a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "0a490422-0ce9-44bf-9a2d-19329ddde8c3",
@@ -10,7 +10,7 @@
         "title": "PE",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":43,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":16,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":24,\"w\":20,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":24,\"w\":20,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":43,\"w\":48,\"h\":39,\"i\":\"7a770e13-2143-46e8-8e54-ae3cf477c4c4\"},\"panelIndex\":\"7a770e13-2143-46e8-8e54-ae3cf477c4c4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":43,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":16,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":24,\"w\":20,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":24,\"w\":20,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":43,\"w\":48,\"h\":39,\"i\":\"7a770e13-2143-46e8-8e54-ae3cf477c4c4\"},\"panelIndex\":\"7a770e13-2143-46e8-8e54-ae3cf477c4c4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index 079b4d53e..619d7523a 100644
--- a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "0ad3d7c2-3441-485e-9dfe-dbb22e84e576",
@@ -10,7 +10,7 @@
         "title": "Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":26,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":36,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":11,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":11,\"h\":8,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":26,\"w\":12,\"h\":18,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":19,\"y\":8,\"w\":13,\"h\":18,\"i\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\"},\"panelIndex\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":18,\"i\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\"},\"panelIndex\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":27,\"i\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\"},\"panelIndex\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":26,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":26,\"w\":36,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":11,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":11,\"h\":8,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":26,\"w\":12,\"h\":18,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":19,\"y\":8,\"w\":13,\"h\":18,\"i\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\"},\"panelIndex\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":18,\"i\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\"},\"panelIndex\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":27,\"i\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\"},\"panelIndex\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
index 599e6309e..6e1b687e5 100644
--- a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
+++ b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Top Connection Duration",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"2e33c0bf-ffb8-408b-ab32-0c6539074ea6\"},\"panelIndex\":\"2e33c0bf-ffb8-408b-ab32-0c6539074ea6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"92ba4d29-ba43-4806-b545-79f60788c795\"},\"panelIndex\":\"92ba4d29-ba43-4806-b545-79f60788c795\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"2e33c0bf-ffb8-408b-ab32-0c6539074ea6\"},\"panelIndex\":\"2e33c0bf-ffb8-408b-ab32-0c6539074ea6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"92ba4d29-ba43-4806-b545-79f60788c795\"},\"panelIndex\":\"92ba4d29-ba43-4806-b545-79f60788c795\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
index cb7986950..c554e0977 100644
--- a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
+++ b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa",
@@ -10,7 +10,7 @@
         "title": "SIP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":63,\"w\":17,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":17,\"y\":63,\"w\":17,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":8,\"w\":12,\"h\":16,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":44,\"w\":23,\"h\":19,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":23,\"y\":44,\"w\":25,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":25,\"y\":24,\"w\":23,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":16,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":16,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":34,\"y\":63,\"w\":14,\"h\":19,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":24,\"w\":17,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":82,\"w\":48,\"h\":32,\"i\":\"986e38d3-b2fb-44cb-b4b3-efaa2d46ff62\"},\"panelIndex\":\"986e38d3-b2fb-44cb-b4b3-efaa2d46ff62\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":63,\"w\":17,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":17,\"y\":63,\"w\":17,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":8,\"w\":12,\"h\":16,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":44,\"w\":23,\"h\":19,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":44,\"w\":25,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":24,\"w\":23,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":16,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":16,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":34,\"y\":63,\"w\":14,\"h\":19,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":24,\"w\":17,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":82,\"w\":48,\"h\":32,\"i\":\"986e38d3-b2fb-44cb-b4b3-efaa2d46ff62\"},\"panelIndex\":\"986e38d3-b2fb-44cb-b4b3-efaa2d46ff62\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
index 1983bda90..36aeec114 100644
--- a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
+++ b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "11be6381-beef-40a7-bdce-88c5398392fc",
@@ -10,7 +10,7 @@
         "title": "Tunnels",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":31,\"y\":8,\"w\":17,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":18,\"y\":48,\"w\":18,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":18,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":23,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":40,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":48,\"w\":12,\"h\":19,\"i\":\"bf1d77e6-2814-479a-8abc-6854aaba0d6d\"},\"panelIndex\":\"bf1d77e6-2814-479a-8abc-6854aaba0d6d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":36,\"i\":\"4c91cf0e-8f00-4682-88e9-e7a4da9cb818\"},\"panelIndex\":\"4c91cf0e-8f00-4682-88e9-e7a4da9cb818\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":31,\"y\":8,\"w\":17,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":48,\"w\":18,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":18,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":23,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":28,\"w\":40,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":48,\"w\":12,\"h\":19,\"i\":\"bf1d77e6-2814-479a-8abc-6854aaba0d6d\"},\"panelIndex\":\"bf1d77e6-2814-479a-8abc-6854aaba0d6d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":36,\"i\":\"4c91cf0e-8f00-4682-88e9-e7a4da9cb818\"},\"panelIndex\":\"4c91cf0e-8f00-4682-88e9-e7a4da9cb818\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
index 5b36ce287..83b796fb5 100644
--- a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
+++ b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "11ddd980-e388-11e9-b568-cf17de8e860c",
@@ -10,7 +10,7 @@
         "title": "QUIC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":36,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":9,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":23,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":9,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":20,\"h\":21,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":9,\"w\":20,\"h\":21,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":30,\"w\":20,\"h\":19,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":30,\"w\":20,\"h\":19,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":19,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":36,\"w\":8,\"h\":13,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":36,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":9,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":23,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":9,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":20,\"h\":21,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":9,\"w\":20,\"h\":21,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":30,\"w\":20,\"h\":19,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":30,\"w\":20,\"h\":19,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":19,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":36,\"w\":8,\"h\":13,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
index 076f9d836..edd75c1a0 100644
--- a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
+++ b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "152f29dc-51a2-4f53-93e9-6e92765567b8",
@@ -10,7 +10,7 @@
         "title": "Modbus",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":53,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":20,\"x\":8,\"y\":33},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":13,\"i\":\"13\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":73},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"15\",\"w\":17,\"x\":8,\"y\":13},\"panelIndex\":\"15\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":23,\"x\":25,\"y\":13},\"panelIndex\":\"16\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17\",\"w\":20,\"x\":28,\"y\":33},\"panelIndex\":\"17\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"18\",\"w\":27,\"x\":0,\"y\":53},\"panelIndex\":\"18\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"19\",\"w\":21,\"x\":27,\"y\":53},\"panelIndex\":\"19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":53,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":20,\"x\":8,\"y\":33},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":13,\"i\":\"13\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"13\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":73},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"15\",\"w\":17,\"x\":8,\"y\":13},\"panelIndex\":\"15\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":23,\"x\":25,\"y\":13},\"panelIndex\":\"16\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17\",\"w\":20,\"x\":28,\"y\":33},\"panelIndex\":\"17\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"18\",\"w\":27,\"x\":0,\"y\":53},\"panelIndex\":\"18\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"19\",\"w\":21,\"x\":27,\"y\":53},\"panelIndex\":\"19\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index ec1fee9fd..02aea1dae 100644
--- a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "1ce42250-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Sum of Total Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"5cf06729-4907-4824-a561-a3c50a23136c\"},\"panelIndex\":\"5cf06729-4907-4824-a561-a3c50a23136c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"b397c221-819d-4fdd-b3e1-3a424d643ef0\"},\"panelIndex\":\"b397c221-819d-4fdd-b3e1-3a424d643ef0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"5cf06729-4907-4824-a561-a3c50a23136c\"},\"panelIndex\":\"5cf06729-4907-4824-a561-a3c50a23136c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"b397c221-819d-4fdd-b3e1-3a424d643ef0\"},\"panelIndex\":\"b397c221-819d-4fdd-b3e1-3a424d643ef0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
index cba65c9f7..2afcf586b 100644
--- a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
+++ b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "1fff49f6-0199-4a0f-820b-721aff9ff1f1",
@@ -10,7 +10,7 @@
         "title": "Weird",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":66,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":47,\"w\":40,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":35,\"i\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\"},\"panelIndex\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":66,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":47,\"w\":40,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":35,\"i\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\"},\"panelIndex\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
index 3958004e5..4cafbce18 100644
--- a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "29a1b290-eb98-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "EtherNet/IP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":15,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":77,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":30,\"y\":15,\"w\":18,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":15,\"w\":22,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":31,\"y\":34,\"w\":17,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":31,\"h\":22,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":13,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":13,\"y\":56,\"w\":18,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":31,\"y\":56,\"w\":17,\"h\":21,\"i\":\"5c779394-cda6-4315-9bac-00c25d6c08a2\"},\"panelIndex\":\"5c779394-cda6-4315-9bac-00c25d6c08a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":15,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":77,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":15,\"w\":18,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":15,\"w\":22,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":31,\"y\":34,\"w\":17,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":31,\"h\":22,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":56,\"w\":13,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":56,\"w\":18,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":31,\"y\":56,\"w\":17,\"h\":21,\"i\":\"5c779394-cda6-4315-9bac-00c25d6c08a2\"},\"panelIndex\":\"5c779394-cda6-4315-9bac-00c25d6c08a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
index 3644212d8..1af4b0891 100644
--- a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "2bec1490-eb94-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "BACnet",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":73,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":25,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":25,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":25,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":53,\"w\":40,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":20,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":33,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":73,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":25,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":25,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":25,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":53,\"w\":40,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":20,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":33,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
index 002904280..6f53de2ac 100644
--- a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
+++ b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "2cf94cd0-ecab-40a5-95a7-8419f3a39cd9",
@@ -10,7 +10,7 @@
         "title": "DNS",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":60,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":40,\"w\":20,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":40,\"w\":20,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":12,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":79,\"w\":48,\"h\":18,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":12,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":31,\"y\":60,\"w\":17,\"h\":19,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":20,\"w\":12,\"h\":20,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":20,\"w\":12,\"h\":20,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":20,\"w\":16,\"h\":20,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":60,\"w\":31,\"h\":19,\"i\":\"df0ca665-47a8-45ea-b2a1-739badb538dc\"},\"panelIndex\":\"df0ca665-47a8-45ea-b2a1-739badb538dc\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"asc\"}}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":97,\"w\":48,\"h\":41,\"i\":\"0b6ca6c5-38c1-4811-b40d-d1cd8229bb1f\"},\"panelIndex\":\"0b6ca6c5-38c1-4811-b40d-d1cd8229bb1f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":60,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":40,\"w\":20,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":40,\"w\":20,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":12,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":79,\"w\":48,\"h\":18,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":12,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":31,\"y\":60,\"w\":17,\"h\":19,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":20,\"w\":12,\"h\":20,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":20,\"w\":12,\"h\":20,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":20,\"w\":16,\"h\":20,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":60,\"w\":31,\"h\":19,\"i\":\"df0ca665-47a8-45ea-b2a1-739badb538dc\"},\"panelIndex\":\"df0ca665-47a8-45ea-b2a1-739badb538dc\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"asc\"}}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":97,\"w\":48,\"h\":41,\"i\":\"0b6ca6c5-38c1-4811-b40d-d1cd8229bb1f\"},\"panelIndex\":\"0b6ca6c5-38c1-4811-b40d-d1cd8229bb1f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
index 5b78836ed..d1f925c53 100644
--- a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
+++ b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "2d98bb8e-214c-4374-837b-20e1bcd63a5e",
@@ -10,7 +10,7 @@
         "title": "DHCP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":49,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":22,\"y\":28,\"w\":14,\"h\":21,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":14,\"h\":21,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":32,\"i\":\"6c78964f-d1c8-4790-bda7-8802a7ea8986\"},\"panelIndex\":\"6c78964f-d1c8-4790-bda7-8802a7ea8986\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":49,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":28,\"w\":14,\"h\":21,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":28,\"w\":14,\"h\":21,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":32,\"i\":\"6c78964f-d1c8-4790-bda7-8802a7ea8986\"},\"panelIndex\":\"6c78964f-d1c8-4790-bda7-8802a7ea8986\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
index 21c0606a5..89ae73fac 100644
--- a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "32587740-ef88-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream - RPC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":29,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"7\"},\"version\":\"7.6.0\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":29,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"7\"},\"version\":\"7.6.1\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
index 775204526..23a08f30e 100644
--- a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
+++ b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "36ed695f-edcc-47c1-b0ec-50d20c93ce0f",
diff --git a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
index e4f6eef92..20be6d583 100644
--- a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
+++ b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "37041ee1-79c0-4684-a436-3173b0e89876",
@@ -10,7 +10,7 @@
         "title": "HTTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":58,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":19,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":90,\"w\":24,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":90,\"w\":24,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":130,\"w\":48,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":58,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":58,\"w\":24,\"h\":20,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":20,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":150,\"w\":48,\"h\":22,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":78,\"w\":48,\"h\":12,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":19,\"w\":20,\"h\":20,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":19,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"vis\":{\"colors\":{\"Count\":\"#629E51\"}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":7,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":39,\"w\":40,\"h\":19,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":7,\"w\":8,\"h\":12,\"i\":\"70661228-52d4-4ecf-a5a4-139d0ecdd662\"},\"panelIndex\":\"70661228-52d4-4ecf-a5a4-139d0ecdd662\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":172,\"w\":48,\"h\":42,\"i\":\"7337ff11-23e0-4f6e-981f-a043f15e60cf\"},\"panelIndex\":\"7337ff11-23e0-4f6e-981f-a043f15e60cf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":58,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":19,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":90,\"w\":24,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":90,\"w\":24,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":130,\"w\":48,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":58,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":58,\"w\":24,\"h\":20,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":20,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":150,\"w\":48,\"h\":22,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":78,\"w\":48,\"h\":12,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":19,\"w\":20,\"h\":20,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":19,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"vis\":{\"colors\":{\"Count\":\"#629E51\"}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":7,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":39,\"w\":40,\"h\":19,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":7,\"w\":8,\"h\":12,\"i\":\"70661228-52d4-4ecf-a5a4-139d0ecdd662\"},\"panelIndex\":\"70661228-52d4-4ecf-a5a4-139d0ecdd662\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":172,\"w\":48,\"h\":42,\"i\":\"7337ff11-23e0-4f6e-981f-a043f15e60cf\"},\"panelIndex\":\"7337ff11-23e0-4f6e-981f-a043f15e60cf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index f67191346..728ff9fea 100644
--- a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "39abfe30-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Top Connection Duration (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"2ed3d708-31cc-4504-87da-63a315c76e76\"},\"panelIndex\":\"2ed3d708-31cc-4504-87da-63a315c76e76\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"35ff09b6-1039-4b4e-9469-296245630598\"},\"panelIndex\":\"35ff09b6-1039-4b4e-9469-296245630598\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"2ed3d708-31cc-4504-87da-63a315c76e76\"},\"panelIndex\":\"2ed3d708-31cc-4504-87da-63a315c76e76\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"35ff09b6-1039-4b4e-9469-296245630598\"},\"panelIndex\":\"35ff09b6-1039-4b4e-9469-296245630598\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 0dd078344..4abc42f87 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "42e831b9-41a9-4f35-8b7d-e1566d368773",
@@ -10,7 +10,7 @@
         "title": "SMB",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":13,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":21,\"y\":13,\"w\":12,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":32,\"w\":20,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":20,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":70,\"w\":48,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":13,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":32,\"w\":8,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":13,\"w\":13,\"h\":19,\"i\":\"c9b45e56-7e2e-4949-ad5f-05504515cc70\"},\"panelIndex\":\"c9b45e56-7e2e-4949-ad5f-05504515cc70\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":33,\"y\":13,\"w\":15,\"h\":19,\"i\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\"},\"panelIndex\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":42,\"i\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\"},\"panelIndex\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":13,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":21,\"y\":13,\"w\":12,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":32,\"w\":20,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":32,\"w\":20,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":70,\"w\":48,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":13,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":32,\"w\":8,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":13,\"w\":13,\"h\":19,\"i\":\"c9b45e56-7e2e-4949-ad5f-05504515cc70\"},\"panelIndex\":\"c9b45e56-7e2e-4949-ad5f-05504515cc70\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":13,\"w\":15,\"h\":19,\"i\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\"},\"panelIndex\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":42,\"i\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\"},\"panelIndex\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
index 5d71a81a2..3e0dede3e 100644
--- a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
+++ b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "432af556-c5c0-4cc3-8166-b274b4e3a406",
@@ -10,7 +10,7 @@
         "title": "DCE/RPC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":69,\"w\":24,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":69,\"w\":24,\"h\":21,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":41,\"i\":\"b3cbd28a-4659-4e23-bf69-106fad9d565c\"},\"panelIndex\":\"b3cbd28a-4659-4e23-bf69-106fad9d565c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":69,\"w\":24,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":69,\"w\":24,\"h\":21,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":41,\"i\":\"b3cbd28a-4659-4e23-bf69-106fad9d565c\"},\"panelIndex\":\"b3cbd28a-4659-4e23-bf69-106fad9d565c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
index f3e763b8e..0bb1c5685 100644
--- a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
+++ b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "4a4bde20-4760-11ea-949c-bbb5a9feecbf",
@@ -10,7 +10,7 @@
         "title": "ICS/IoT Security Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":34,\"i\":\"02fde066-221d-4262-ae35-742f7bb8933c\"},\"panelIndex\":\"02fde066-221d-4262-ae35-742f7bb8933c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":16,\"i\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\"},\"panelIndex\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":16,\"w\":32,\"h\":18,\"i\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\"},\"panelIndex\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":11,\"i\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\"},\"panelIndex\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":16,\"h\":18,\"i\":\"f339fb9a-7660-4b97-9245-14116c969ec9\"},\"panelIndex\":\"f339fb9a-7660-4b97-9245-14116c969ec9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":34,\"w\":20,\"h\":37,\"i\":\"ab1a666c-19f2-4954-81b7-18554a95818f\"},\"panelIndex\":\"ab1a666c-19f2-4954-81b7-18554a95818f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":18,\"i\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\"},\"panelIndex\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":52,\"w\":16,\"h\":19,\"i\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\"},\"panelIndex\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":52,\"w\":12,\"h\":19,\"i\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\"},\"panelIndex\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":27,\"i\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\"},\"panelIndex\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":34,\"i\":\"02fde066-221d-4262-ae35-742f7bb8933c\"},\"panelIndex\":\"02fde066-221d-4262-ae35-742f7bb8933c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":16,\"i\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\"},\"panelIndex\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":16,\"w\":32,\"h\":18,\"i\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\"},\"panelIndex\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":11,\"i\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\"},\"panelIndex\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":16,\"h\":18,\"i\":\"f339fb9a-7660-4b97-9245-14116c969ec9\"},\"panelIndex\":\"f339fb9a-7660-4b97-9245-14116c969ec9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":34,\"w\":20,\"h\":37,\"i\":\"ab1a666c-19f2-4954-81b7-18554a95818f\"},\"panelIndex\":\"ab1a666c-19f2-4954-81b7-18554a95818f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":18,\"i\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\"},\"panelIndex\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":52,\"w\":16,\"h\":19,\"i\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\"},\"panelIndex\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":52,\"w\":12,\"h\":19,\"i\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\"},\"panelIndex\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":27,\"i\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\"},\"panelIndex\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
index 63f3fbab4..41362ed08 100644
--- a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
+++ b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "4e5f106e-c60a-4226-8f64-d534abb912ab",
@@ -10,7 +10,7 @@
         "title": "SNMP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":21,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":37,\"y\":8,\"w\":11,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":21,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":22,\"y\":8,\"w\":15,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":39,\"i\":\"3c17aeed-cffb-4aaf-a3b3-710de42d206c\"},\"panelIndex\":\"3c17aeed-cffb-4aaf-a3b3-710de42d206c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":21,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":37,\"y\":8,\"w\":11,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":21,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":8,\"w\":15,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":39,\"i\":\"3c17aeed-cffb-4aaf-a3b3-710de42d206c\"},\"panelIndex\":\"3c17aeed-cffb-4aaf-a3b3-710de42d206c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
index 1b9763d0d..1a3995d52 100644
--- a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
+++ b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "50ced171-1b10-4c3f-8b67-2db9635661a6",
@@ -10,7 +10,7 @@
         "title": "MySQL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":24,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true},\"legendOpen\":false},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":24,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":9,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":15,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":24,\"w\":48,\"h\":32,\"i\":\"04e96790-2a76-4656-956b-bdf780792c40\"},\"panelIndex\":\"04e96790-2a76-4656-956b-bdf780792c40\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":26,\"i\":\"27a5666b-5633-4982-b276-ecafa4a38b74\"},\"panelIndex\":\"27a5666b-5633-4982-b276-ecafa4a38b74\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":24,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true},\"legendOpen\":false},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":24,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":9,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":15,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":24,\"w\":48,\"h\":32,\"i\":\"04e96790-2a76-4656-956b-bdf780792c40\"},\"panelIndex\":\"04e96790-2a76-4656-956b-bdf780792c40\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":26,\"i\":\"27a5666b-5633-4982-b276-ecafa4a38b74\"},\"panelIndex\":\"27a5666b-5633-4982-b276-ecafa4a38b74\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
index ec2f6d10e..99f823f37 100644
--- a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
+++ b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "543118a9-02d7-43fe-b669-b8652177fc37",
@@ -10,7 +10,7 @@
         "title": "NTLM",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":23,\"w\":16,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":12,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":27,\"w\":12,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":47,\"w\":16,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":47,\"w\":16,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":24,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":15,\"i\":\"810e5272-b5cd-4e76-b0cf-32cc7a3f57e8\"},\"panelIndex\":\"810e5272-b5cd-4e76-b0cf-32cc7a3f57e8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":40,\"i\":\"cac38fd6-65a1-4041-83e4-f95e0d136537\"},\"panelIndex\":\"cac38fd6-65a1-4041-83e4-f95e0d136537\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek_ntlm.host\",\"zeek_ntlm.domain\",\"zeek_ntlm.server_nb_computer\",\"zeek_ntlm.server_dns_computer\",\"zeek_ntlm.server_tree\",\"zeek.uid\"]},\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":23,\"w\":16,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":12,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":27,\"w\":12,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":47,\"w\":16,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":47,\"w\":16,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":24,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":15,\"i\":\"810e5272-b5cd-4e76-b0cf-32cc7a3f57e8\"},\"panelIndex\":\"810e5272-b5cd-4e76-b0cf-32cc7a3f57e8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":40,\"i\":\"cac38fd6-65a1-4041-83e4-f95e0d136537\"},\"panelIndex\":\"cac38fd6-65a1-4041-83e4-f95e0d136537\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek_ntlm.host\",\"zeek_ntlm.domain\",\"zeek_ntlm.server_nb_computer\",\"zeek_ntlm.server_dns_computer\",\"zeek_ntlm.server_tree\",\"zeek.uid\"]},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index 3bf8a5d06..b94093517 100644
--- a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "55e332d0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Originator Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
index 9c57bad1a..4bedebbdf 100644
--- a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
+++ b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "60d78fbd-471c-4f59-a9e3-189b33a13644",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Sum of Total Bytes",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":39,\"h\":50,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"185e3f31-3f18-4df8-93c1-617c0323f051\"},\"panelIndex\":\"185e3f31-3f18-4df8-93c1-617c0323f051\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"887a57e9-3078-4fe1-9ea9-0ee63abe554f\"},\"panelIndex\":\"887a57e9-3078-4fe1-9ea9-0ee63abe554f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":39,\"h\":50,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"185e3f31-3f18-4df8-93c1-617c0323f051\"},\"panelIndex\":\"185e3f31-3f18-4df8-93c1-617c0323f051\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"887a57e9-3078-4fe1-9ea9-0ee63abe554f\"},\"panelIndex\":\"887a57e9-3078-4fe1-9ea9-0ee63abe554f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
index 5b223c65b..fa3c29b45 100644
--- a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
+++ b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "665d1610-523d-11e9-a30e-e3576242f3ed",
@@ -10,7 +10,7 @@
         "title": "Signatures",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":32,\"w\":48,\"h\":48,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":32,\"w\":48,\"h\":48,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
index 712eef5fa..470165134 100644
--- a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
+++ b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "76f2f912-80da-44cd-ab66-6a73c8344cc3",
@@ -10,7 +10,7 @@
         "title": "IRC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":27,\"w\":12,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":12,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":27,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":37,\"i\":\"d32001ad-b1a2-4fde-8feb-c06e3a7b1f91\"},\"panelIndex\":\"d32001ad-b1a2-4fde-8feb-c06e3a7b1f91\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":27,\"w\":12,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":12,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":27,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":37,\"i\":\"d32001ad-b1a2-4fde-8feb-c06e3a7b1f91\"},\"panelIndex\":\"d32001ad-b1a2-4fde-8feb-c06e3a7b1f91\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index 28e48fff9..201c22c12 100644
--- a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "77fc9960-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Responder Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"18ef74a3-0457-4cdd-acdc-2c0d967c4b7c\"},\"panelIndex\":\"18ef74a3-0457-4cdd-acdc-2c0d967c4b7c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"bf8d1e0a-e6dd-4ea2-8466-220565d99081\"},\"panelIndex\":\"bf8d1e0a-e6dd-4ea2-8466-220565d99081\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"18ef74a3-0457-4cdd-acdc-2c0d967c4b7c\"},\"panelIndex\":\"18ef74a3-0457-4cdd-acdc-2c0d967c4b7c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"bf8d1e0a-e6dd-4ea2-8466-220565d99081\"},\"panelIndex\":\"bf8d1e0a-e6dd-4ea2-8466-220565d99081\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
index ba9305c55..56ca70d20 100644
--- a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
+++ b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "7f41913f-cba8-43f5-82a8-241b7ead03e0",
@@ -10,7 +10,7 @@
         "title": "RDP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":40,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":15,\"x\":0,\"y\":40},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":16,\"x\":15,\"y\":40},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":12,\"i\":\"7\",\"w\":11,\"x\":37,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"9\",\"w\":17,\"x\":31,\"y\":40},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":12,\"i\":\"10\",\"w\":15,\"x\":8,\"y\":8},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":12,\"i\":\"11\",\"w\":14,\"x\":23,\"y\":8},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":20},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"14\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17548109-6b40-41e7-997f-17290b9759ac\",\"w\":20,\"x\":28,\"y\":20},\"panelIndex\":\"17548109-6b40-41e7-997f-17290b9759ac\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":36,\"i\":\"c76b082d-e205-42f7-8c7a-46be60fccb19\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"c76b082d-e205-42f7-8c7a-46be60fccb19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":40,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":15,\"x\":0,\"y\":40},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":16,\"x\":15,\"y\":40},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":12,\"i\":\"7\",\"w\":11,\"x\":37,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"9\",\"w\":17,\"x\":31,\"y\":40},\"panelIndex\":\"9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":12,\"i\":\"10\",\"w\":15,\"x\":8,\"y\":8},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":12,\"i\":\"11\",\"w\":14,\"x\":23,\"y\":8},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":20},\"panelIndex\":\"12\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"14\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17548109-6b40-41e7-997f-17290b9759ac\",\"w\":20,\"x\":28,\"y\":20},\"panelIndex\":\"17548109-6b40-41e7-997f-17290b9759ac\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":36,\"i\":\"c76b082d-e205-42f7-8c7a-46be60fccb19\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"c76b082d-e205-42f7-8c7a-46be60fccb19\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index e0611a4b0..4d70a4000 100644
--- a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb",
@@ -10,7 +10,7 @@
         "title": "SSL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":30,\"x\":0,\"y\":64},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":11,\"x\":37,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"9\",\"w\":13,\"x\":0,\"y\":103},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"10\",\"w\":9,\"x\":27,\"y\":103},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":14,\"x\":13,\"y\":103},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":29,\"x\":19,\"y\":45},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":16,\"x\":8,\"y\":8},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":19,\"x\":0,\"y\":45},\"panelIndex\":\"19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"20\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"20\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"gridData\":{\"h\":18,\"i\":\"21\",\"w\":38,\"x\":10,\"y\":27},\"panelIndex\":\"21\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"22\",\"w\":24,\"x\":0,\"y\":83},\"panelIndex\":\"22\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"23\",\"w\":24,\"x\":24,\"y\":83},\"panelIndex\":\"23\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"w\":13,\"x\":24,\"y\":8},\"panelIndex\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"w\":10,\"x\":0,\"y\":27},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":19,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"w\":18,\"x\":30,\"y\":64},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_16\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"w\":12,\"x\":36,\"y\":103},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"w\":48,\"x\":0,\"y\":122},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_18\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":30,\"x\":0,\"y\":64},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":11,\"x\":37,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"9\",\"w\":13,\"x\":0,\"y\":103},\"panelIndex\":\"9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"10\",\"w\":9,\"x\":27,\"y\":103},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":14,\"x\":13,\"y\":103},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":29,\"x\":19,\"y\":45},\"panelIndex\":\"12\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":16,\"x\":8,\"y\":8},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":19,\"x\":0,\"y\":45},\"panelIndex\":\"19\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"20\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"20\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"gridData\":{\"h\":18,\"i\":\"21\",\"w\":38,\"x\":10,\"y\":27},\"panelIndex\":\"21\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"22\",\"w\":24,\"x\":0,\"y\":83},\"panelIndex\":\"22\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"23\",\"w\":24,\"x\":24,\"y\":83},\"panelIndex\":\"23\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"w\":13,\"x\":24,\"y\":8},\"panelIndex\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"w\":10,\"x\":0,\"y\":27},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":19,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"w\":18,\"x\":30,\"y\":64},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_16\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"w\":12,\"x\":36,\"y\":103},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"w\":48,\"x\":0,\"y\":122},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_18\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
index d67ca606c..a128764a8 100644
--- a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
+++ b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "82da3101-2a9c-4ae2-bb61-d447a3fbe673",
@@ -10,7 +10,7 @@
         "title": "Kerberos",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":25,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":25,\"w\":19,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":17,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":19,\"y\":25,\"w\":19,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":15,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":24,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":45,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":65,\"w\":28,\"h\":25,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":23,\"y\":8,\"w\":13,\"h\":17,\"i\":\"7d02cf7a-cad4-4b2c-822d-a255de92ce23\"},\"panelIndex\":\"7d02cf7a-cad4-4b2c-822d-a255de92ce23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":38,\"y\":25,\"w\":10,\"h\":20,\"i\":\"defd333f-2642-4357-822f-9fa6f09a9356\"},\"panelIndex\":\"defd333f-2642-4357-822f-9fa6f09a9356\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":65,\"w\":20,\"h\":25,\"i\":\"6f759830-50a0-41d2-a383-b8e307be3ba3\"},\"panelIndex\":\"6f759830-50a0-41d2-a383-b8e307be3ba3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":30,\"i\":\"f0a6a77c-c3fe-48e1-aa26-870211f54ecf\"},\"panelIndex\":\"f0a6a77c-c3fe-48e1-aa26-870211f54ecf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":25,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":25,\"w\":19,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":17,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":19,\"y\":25,\"w\":19,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":15,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":45,\"w\":24,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":45,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":65,\"w\":28,\"h\":25,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":8,\"w\":13,\"h\":17,\"i\":\"7d02cf7a-cad4-4b2c-822d-a255de92ce23\"},\"panelIndex\":\"7d02cf7a-cad4-4b2c-822d-a255de92ce23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":38,\"y\":25,\"w\":10,\"h\":20,\"i\":\"defd333f-2642-4357-822f-9fa6f09a9356\"},\"panelIndex\":\"defd333f-2642-4357-822f-9fa6f09a9356\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":65,\"w\":20,\"h\":25,\"i\":\"6f759830-50a0-41d2-a383-b8e307be3ba3\"},\"panelIndex\":\"6f759830-50a0-41d2-a383-b8e307be3ba3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":30,\"i\":\"f0a6a77c-c3fe-48e1-aa26-870211f54ecf\"},\"panelIndex\":\"f0a6a77c-c3fe-48e1-aa26-870211f54ecf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
index 7a6beceb8..610c37af6 100644
--- a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
+++ b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "870a5862-6c26-4a08-99fd-0c06cda85ba3",
@@ -10,7 +10,7 @@
         "title": "DNP3",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":37,\"i\":\"20bab908-6058-4f9a-819b-de9011dd65b0\"},\"panelIndex\":\"20bab908-6058-4f9a-819b-de9011dd65b0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":37,\"i\":\"20bab908-6058-4f9a-819b-de9011dd65b0\"},\"panelIndex\":\"20bab908-6058-4f9a-819b-de9011dd65b0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
index 513dbff9e..048fd4394 100644
--- a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
+++ b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "87a32f90-ef58-11e9-974e-9d600036d105",
@@ -10,7 +10,7 @@
         "title": "MQTT",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":33,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":33,\"w\":17,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"x\":16,\"y\":53,\"w\":32,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":25,\"i\":\"12\"},\"version\":\"7.6.0\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":33,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":33,\"w\":17,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"x\":16,\"y\":53,\"w\":32,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":25,\"i\":\"12\"},\"version\":\"7.6.1\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
index 8612e139d..2588a1e1f 100644
--- a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
+++ b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "87d990cc-9e0b-41e5-b8fe-b10ae1da0c85",
@@ -10,7 +10,7 @@
         "title": "Software",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":36,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":36,\"i\":\"f99c68bd-2da6-41d5-bbd1-45f85e79526c\"},\"panelIndex\":\"f99c68bd-2da6-41d5-bbd1-45f85e79526c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":36,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":36,\"i\":\"f99c68bd-2da6-41d5-bbd1-45f85e79526c\"},\"panelIndex\":\"f99c68bd-2da6-41d5-bbd1-45f85e79526c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
index 2ae5c85fa..59be11bd5 100644
--- a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
+++ b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "92985909-dc29-4533-9e80-d3182a0ecf1d",
@@ -10,7 +10,7 @@
         "title": "Syslog",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":12,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":12,\"y\":34,\"w\":12,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":34,\"w\":12,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":13,\"h\":26,\"i\":\"d1325585-cce1-46f1-acfd-59d64a8be83a\"},\"panelIndex\":\"d1325585-cce1-46f1-acfd-59d64a8be83a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":21,\"y\":8,\"w\":27,\"h\":26,\"i\":\"2abd9c38-fd1e-44fa-b391-ead499a92787\"},\"panelIndex\":\"2abd9c38-fd1e-44fa-b391-ead499a92787\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":20,\"i\":\"13e3b050-3d67-4745-a182-b462852a67ef\"},\"panelIndex\":\"13e3b050-3d67-4745-a182-b462852a67ef\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":44,\"i\":\"59631e23-e452-40a9-a9dd-7d432278d35f\"},\"panelIndex\":\"59631e23-e452-40a9-a9dd-7d432278d35f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":12,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":34,\"w\":12,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":34,\"w\":12,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":13,\"h\":26,\"i\":\"d1325585-cce1-46f1-acfd-59d64a8be83a\"},\"panelIndex\":\"d1325585-cce1-46f1-acfd-59d64a8be83a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":21,\"y\":8,\"w\":27,\"h\":26,\"i\":\"2abd9c38-fd1e-44fa-b391-ead499a92787\"},\"panelIndex\":\"2abd9c38-fd1e-44fa-b391-ead499a92787\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":20,\"i\":\"13e3b050-3d67-4745-a182-b462852a67ef\"},\"panelIndex\":\"13e3b050-3d67-4745-a182-b462852a67ef\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":44,\"i\":\"59631e23-e452-40a9-a9dd-7d432278d35f\"},\"panelIndex\":\"59631e23-e452-40a9-a9dd-7d432278d35f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index 539e6547b..b3bd61c48 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "95479950-41f2-11ea-88fa-7151df485405",
@@ -10,7 +10,7 @@
         "title": "Security Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":12,\"h\":23,\"i\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\"},\"panelIndex\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":0,\"w\":15,\"h\":23,\"i\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\"},\"panelIndex\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":35,\"y\":0,\"w\":13,\"h\":23,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\"},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":15,\"h\":18,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\"},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":15,\"y\":23,\"w\":15,\"h\":38,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\"},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":30,\"y\":23,\"w\":9,\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\"},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":39,\"y\":23,\"w\":9,\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\"},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":41,\"w\":15,\"h\":20,\"i\":\"071a1c98-695f-4708-92c9-2c950e515131\"},\"panelIndex\":\"071a1c98-695f-4708-92c9-2c950e515131\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":30,\"y\":41,\"w\":18,\"h\":20,\"i\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\"},\"panelIndex\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":61,\"w\":48,\"h\":19,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\"},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":12,\"h\":23,\"i\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\"},\"panelIndex\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":0,\"w\":15,\"h\":23,\"i\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\"},\"panelIndex\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":35,\"y\":0,\"w\":13,\"h\":23,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\"},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":15,\"h\":18,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\"},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":15,\"y\":23,\"w\":15,\"h\":38,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\"},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":23,\"w\":9,\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\"},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":39,\"y\":23,\"w\":9,\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\"},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":41,\"w\":15,\"h\":20,\"i\":\"071a1c98-695f-4708-92c9-2c950e515131\"},\"panelIndex\":\"071a1c98-695f-4708-92c9-2c950e515131\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":41,\"w\":18,\"h\":20,\"i\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\"},\"panelIndex\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":61,\"w\":48,\"h\":19,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\"},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
index e6e44aeae..b8153d2da 100644
--- a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
+++ b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "9ee51f94-3316-4fc5-bd89-93a52af69714",
@@ -10,7 +10,7 @@
         "title": "Files",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":43,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":24,\"w\":20,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":32,\"y\":43,\"w\":16,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":43,\"w\":16,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":16,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":43,\"w\":16,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":24,\"w\":20,\"h\":19,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":63,\"w\":48,\"h\":35,\"i\":\"8e4863be-7d69-4354-9eb4-4e30a7c983d6\"},\"panelIndex\":\"8e4863be-7d69-4354-9eb4-4e30a7c983d6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":43,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":24,\"w\":20,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":43,\"w\":16,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":43,\"w\":16,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":16,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":43,\"w\":16,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":24,\"w\":20,\"h\":19,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":63,\"w\":48,\"h\":35,\"i\":\"8e4863be-7d69-4354-9eb4-4e30a7c983d6\"},\"panelIndex\":\"8e4863be-7d69-4354-9eb4-4e30a7c983d6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index cf30b91ab..22f83dc52 100644
--- a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "a16110b0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Sum of Total Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"95f9b964-c2a2-416b-9903-8b969247e1ab\"},\"panelIndex\":\"95f9b964-c2a2-416b-9903-8b969247e1ab\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"7f315dd1-7809-49af-bed1-edfa12322240\"},\"panelIndex\":\"7f315dd1-7809-49af-bed1-edfa12322240\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"95f9b964-c2a2-416b-9903-8b969247e1ab\"},\"panelIndex\":\"95f9b964-c2a2-416b-9903-8b969247e1ab\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"7f315dd1-7809-49af-bed1-edfa12322240\"},\"panelIndex\":\"7f315dd1-7809-49af-bed1-edfa12322240\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
index 0ff0fb0b6..5fd716138 100644
--- a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "a7514350-eba6-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "PROFINET",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":69,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":69,\"w\":48,\"h\":34,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":50,\"w\":19,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":27,\"y\":50,\"w\":21,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":33,\"w\":19,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":27,\"y\":33,\"w\":21,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":69,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":69,\"w\":48,\"h\":34,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":50,\"w\":19,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":27,\"y\":50,\"w\":21,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":33,\"w\":19,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":27,\"y\":33,\"w\":21,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index 5e5fb16b6..7481515fb 100644
--- a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4",
@@ -10,7 +10,7 @@
         "title": "Connections",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"h\":24,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":61},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":16,\"x\":0,\"y\":131},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":21,\"i\":\"9\",\"w\":16,\"x\":16,\"y\":131},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":192},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":192},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":192},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":25,\"i\":\"19\",\"w\":25,\"x\":23,\"y\":106},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":29,\"i\":\"21\",\"w\":19,\"x\":29,\"y\":8},\"panelIndex\":\"21\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":23,\"i\":\"22\",\"w\":17,\"x\":16,\"y\":83},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":23,\"i\":\"23\",\"w\":15,\"x\":33,\"y\":83},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":23,\"i\":\"24\",\"w\":16,\"x\":0,\"y\":83},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":13,\"i\":\"26\",\"w\":8,\"x\":0,\"y\":24},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":8,\"i\":\"29\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":25,\"i\":\"30\",\"w\":23,\"x\":0,\"y\":106},\"panelIndex\":\"30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":21,\"i\":\"31\",\"w\":16,\"x\":32,\"y\":131},\"panelIndex\":\"31\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"32\",\"w\":24,\"x\":0,\"y\":172},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"33\",\"w\":24,\"x\":24,\"y\":172},\"panelIndex\":\"33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_18\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"34\",\"w\":24,\"x\":0,\"y\":152},\"panelIndex\":\"34\",\"embeddableConfig\":{},\"panelRefName\":\"panel_19\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":20,\"i\":\"35\",\"w\":24,\"x\":24,\"y\":152},\"panelIndex\":\"35\",\"embeddableConfig\":{},\"panelRefName\":\"panel_20\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":24,\"i\":\"36\",\"w\":24,\"x\":0,\"y\":37},\"panelIndex\":\"36\",\"embeddableConfig\":{},\"panelRefName\":\"panel_21\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":24,\"i\":\"37\",\"w\":24,\"x\":24,\"y\":37},\"panelIndex\":\"37\",\"embeddableConfig\":{},\"panelRefName\":\"panel_22\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":29,\"i\":\"38\",\"w\":12,\"x\":17,\"y\":8},\"panelIndex\":\"38\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"legendOpen\":true},\"panelRefName\":\"panel_23\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":29,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"w\":9,\"x\":8,\"y\":8},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"embeddableConfig\":{},\"panelRefName\":\"panel_24\"},{\"version\":\"7.6.0\",\"gridData\":{\"h\":37,\"i\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"w\":48,\"x\":0,\"y\":212},\"panelIndex\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_25\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"h\":24,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":61},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":16,\"x\":0,\"y\":131},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":21,\"i\":\"9\",\"w\":16,\"x\":16,\"y\":131},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":192},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":192},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":192},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":25,\"i\":\"19\",\"w\":25,\"x\":23,\"y\":106},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":29,\"i\":\"21\",\"w\":19,\"x\":29,\"y\":8},\"panelIndex\":\"21\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":23,\"i\":\"22\",\"w\":17,\"x\":16,\"y\":83},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":23,\"i\":\"23\",\"w\":15,\"x\":33,\"y\":83},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":23,\"i\":\"24\",\"w\":16,\"x\":0,\"y\":83},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":13,\"i\":\"26\",\"w\":8,\"x\":0,\"y\":24},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":8,\"i\":\"29\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":25,\"i\":\"30\",\"w\":23,\"x\":0,\"y\":106},\"panelIndex\":\"30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":21,\"i\":\"31\",\"w\":16,\"x\":32,\"y\":131},\"panelIndex\":\"31\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"32\",\"w\":24,\"x\":0,\"y\":172},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"33\",\"w\":24,\"x\":24,\"y\":172},\"panelIndex\":\"33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_18\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"34\",\"w\":24,\"x\":0,\"y\":152},\"panelIndex\":\"34\",\"embeddableConfig\":{},\"panelRefName\":\"panel_19\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"35\",\"w\":24,\"x\":24,\"y\":152},\"panelIndex\":\"35\",\"embeddableConfig\":{},\"panelRefName\":\"panel_20\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":24,\"i\":\"36\",\"w\":24,\"x\":0,\"y\":37},\"panelIndex\":\"36\",\"embeddableConfig\":{},\"panelRefName\":\"panel_21\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":24,\"i\":\"37\",\"w\":24,\"x\":24,\"y\":37},\"panelIndex\":\"37\",\"embeddableConfig\":{},\"panelRefName\":\"panel_22\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":29,\"i\":\"38\",\"w\":12,\"x\":17,\"y\":8},\"panelIndex\":\"38\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"legendOpen\":true},\"panelRefName\":\"panel_23\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":29,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"w\":9,\"x\":8,\"y\":8},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"embeddableConfig\":{},\"panelRefName\":\"panel_24\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":37,\"i\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"w\":48,\"x\":0,\"y\":212},\"panelIndex\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_25\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
index 656166967..0be48aa86 100644
--- a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
+++ b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "ae79b7d1-4281-4095-b2f6-fa7eafda9970",
@@ -10,7 +10,7 @@
         "title": "RADIUS",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":49,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":22,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":49,\"w\":24,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":49,\"w\":24,\"h\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":22,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":35,\"i\":\"1422b8a5-559d-4c37-91aa-cc36a293ddff\"},\"panelIndex\":\"1422b8a5-559d-4c37-91aa-cc36a293ddff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":49,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":22,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":49,\"w\":24,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":49,\"w\":24,\"h\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":22,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":35,\"i\":\"1422b8a5-559d-4c37-91aa-cc36a293ddff\"},\"panelIndex\":\"1422b8a5-559d-4c37-91aa-cc36a293ddff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
index 0dd84847a..dfad011eb 100644
--- a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
+++ b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "af5df620-eeb6-11e9-bdef-65a192b7f586",
@@ -10,7 +10,7 @@
         "title": "NTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":29,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":28,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":8,\"w\":21,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":28,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":20,\"i\":\"13\"},\"version\":\"7.6.0\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":29,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":28,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":8,\"w\":21,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":28,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":20,\"i\":\"13\"},\"version\":\"7.6.1\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
index 06632dd42..dea52cbfe 100644
--- a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
+++ b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "b50c8d17-6ed3-4de6-aed4-5181032810b2",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Originator Bytes",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"5a871ebe-5904-4f52-ab3a-e3da4846933d\"},\"panelIndex\":\"5a871ebe-5904-4f52-ab3a-e3da4846933d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"3b635110-907e-457a-bfdf-b86a667a8483\"},\"panelIndex\":\"3b635110-907e-457a-bfdf-b86a667a8483\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"5a871ebe-5904-4f52-ab3a-e3da4846933d\"},\"panelIndex\":\"5a871ebe-5904-4f52-ab3a-e3da4846933d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"3b635110-907e-457a-bfdf-b86a667a8483\"},\"panelIndex\":\"3b635110-907e-457a-bfdf-b86a667a8483\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index 10a5098d8..dce2c25ea 100644
--- a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "b9f247c0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Top Connection Duration (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"c96be8c5-f3a1-4d01-a747-66cc2d298318\"},\"panelIndex\":\"c96be8c5-f3a1-4d01-a747-66cc2d298318\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"266c822f-c268-4e47-a53e-90b6ecf74660\"},\"panelIndex\":\"266c822f-c268-4e47-a53e-90b6ecf74660\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"c96be8c5-f3a1-4d01-a747-66cc2d298318\"},\"panelIndex\":\"c96be8c5-f3a1-4d01-a747-66cc2d298318\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"266c822f-c268-4e47-a53e-90b6ecf74660\"},\"panelIndex\":\"266c822f-c268-4e47-a53e-90b6ecf74660\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
index 06c0bde06..185b2d3d3 100644
--- a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
+++ b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "bb827f8e-639e-468c-93c8-9f5bc132eb8f",
@@ -10,7 +10,7 @@
         "title": "SMTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":40,\"x\":8,\"y\":23},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"7\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"9\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"9\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"10\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"11\",\"w\":10,\"x\":28,\"y\":8},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":13,\"x\":0,\"y\":65},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"14\",\"w\":13,\"x\":13,\"y\":65},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":22,\"x\":26,\"y\":65},\"panelIndex\":\"16\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"19\",\"w\":8,\"x\":0,\"y\":29},\"panelIndex\":\"19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"20\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"20\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"633e2c8c-ef8e-48b1-b0a4-546a5adff4e4\",\"w\":10,\"x\":38,\"y\":8},\"panelIndex\":\"633e2c8c-ef8e-48b1-b0a4-546a5adff4e4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":40,\"i\":\"10319c5c-00bb-41a9-bbab-010e21fd4dfb\",\"w\":48,\"x\":0,\"y\":85},\"panelIndex\":\"10319c5c-00bb-41a9-bbab-010e21fd4dfb\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_13\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":40,\"x\":8,\"y\":23},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"7\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"9\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"10\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"11\",\"w\":10,\"x\":28,\"y\":8},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":13,\"x\":0,\"y\":65},\"panelIndex\":\"13\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"14\",\"w\":13,\"x\":13,\"y\":65},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":22,\"x\":26,\"y\":65},\"panelIndex\":\"16\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"19\",\"w\":8,\"x\":0,\"y\":29},\"panelIndex\":\"19\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"20\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"20\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"633e2c8c-ef8e-48b1-b0a4-546a5adff4e4\",\"w\":10,\"x\":38,\"y\":8},\"panelIndex\":\"633e2c8c-ef8e-48b1-b0a4-546a5adff4e4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":40,\"i\":\"10319c5c-00bb-41a9-bbab-010e21fd4dfb\",\"w\":48,\"x\":0,\"y\":85},\"panelIndex\":\"10319c5c-00bb-41a9-bbab-010e21fd4dfb\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
index 8785b1f0e..65bce743f 100644
--- a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "bed185a0-ef82-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":7,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":0,\"w\":33,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":11,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":35,\"y\":14,\"w\":13,\"h\":20,\"i\":\"7\"},\"version\":\"7.6.0\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":7,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":0,\"w\":33,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":11,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":35,\"y\":14,\"w\":13,\"h\":20,\"i\":\"7\"},\"version\":\"7.6.1\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
index f497e2128..5257ba03e 100644
--- a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
+++ b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "caef3ade-d289-4d05-a511-149f3e97f238",
@@ -10,7 +10,7 @@
         "title": "SSH",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":30,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":30,\"w\":17,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":17,\"y\":30,\"w\":17,\"h\":22,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":34,\"y\":30,\"w\":14,\"h\":22,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":52,\"w\":18,\"h\":21,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":20,\"y\":8,\"w\":28,\"h\":22,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":22,\"i\":\"1becdc6f-a3f4-46f7-b5b0-72a67a679e0f\"},\"panelIndex\":\"1becdc6f-a3f4-46f7-b5b0-72a67a679e0f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":18,\"y\":52,\"w\":15,\"h\":21,\"i\":\"68d1576b-a947-46f9-a99d-b951a09a95c7\"},\"panelIndex\":\"68d1576b-a947-46f9-a99d-b951a09a95c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":33,\"y\":52,\"w\":15,\"h\":21,\"i\":\"4a419bd4-4f84-446b-b269-1f6f1c2c27fe\"},\"panelIndex\":\"4a419bd4-4f84-446b-b269-1f6f1c2c27fe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":24,\"h\":21,\"i\":\"db42e16c-0961-4dda-a58a-dd44b5197bcf\"},\"panelIndex\":\"db42e16c-0961-4dda-a58a-dd44b5197bcf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":24,\"y\":73,\"w\":24,\"h\":21,\"i\":\"26424c79-7bf6-45f0-bf5c-ca687818490b\"},\"panelIndex\":\"26424c79-7bf6-45f0-bf5c-ca687818490b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":94,\"w\":48,\"h\":36,\"i\":\"4afc3dad-4ba2-4e21-9f31-87453145b668\"},\"panelIndex\":\"4afc3dad-4ba2-4e21-9f31-87453145b668\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":30,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":30,\"w\":17,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":17,\"y\":30,\"w\":17,\"h\":22,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":34,\"y\":30,\"w\":14,\"h\":22,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":52,\"w\":18,\"h\":21,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":8,\"w\":28,\"h\":22,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":22,\"i\":\"1becdc6f-a3f4-46f7-b5b0-72a67a679e0f\"},\"panelIndex\":\"1becdc6f-a3f4-46f7-b5b0-72a67a679e0f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":52,\"w\":15,\"h\":21,\"i\":\"68d1576b-a947-46f9-a99d-b951a09a95c7\"},\"panelIndex\":\"68d1576b-a947-46f9-a99d-b951a09a95c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":52,\"w\":15,\"h\":21,\"i\":\"4a419bd4-4f84-446b-b269-1f6f1c2c27fe\"},\"panelIndex\":\"4a419bd4-4f84-446b-b269-1f6f1c2c27fe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":73,\"w\":24,\"h\":21,\"i\":\"db42e16c-0961-4dda-a58a-dd44b5197bcf\"},\"panelIndex\":\"db42e16c-0961-4dda-a58a-dd44b5197bcf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":73,\"w\":24,\"h\":21,\"i\":\"26424c79-7bf6-45f0-bf5c-ca687818490b\"},\"panelIndex\":\"26424c79-7bf6-45f0-bf5c-ca687818490b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":94,\"w\":48,\"h\":36,\"i\":\"4afc3dad-4ba2-4e21-9f31-87453145b668\"},\"panelIndex\":\"4afc3dad-4ba2-4e21-9f31-87453145b668\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index 947e103ff..8e7ee927b 100644
--- a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "d41fe630-3f98-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Originator Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"aa2d7102-11ce-426c-9979-82d5bd6d6d3b\"},\"panelIndex\":\"aa2d7102-11ce-426c-9979-82d5bd6d6d3b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"8519445c-b38a-4d86-bff3-e42b2b231ca4\"},\"panelIndex\":\"8519445c-b38a-4d86-bff3-e42b2b231ca4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"aa2d7102-11ce-426c-9979-82d5bd6d6d3b\"},\"panelIndex\":\"aa2d7102-11ce-426c-9979-82d5bd6d6d3b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"8519445c-b38a-4d86-bff3-e42b2b231ca4\"},\"panelIndex\":\"8519445c-b38a-4d86-bff3-e42b2b231ca4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
index ce51f22a1..b1c94180d 100644
--- a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
+++ b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "d4fd6afd-15cb-42bf-8a25-03dd8e59b327",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Responder Bytes",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"d4b659f9-f6be-441e-a6c4-ea4acab7619d\"},\"panelIndex\":\"d4b659f9-f6be-441e-a6c4-ea4acab7619d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"a23bbf3d-6744-4dc7-a46a-50f450b6bff4\"},\"panelIndex\":\"a23bbf3d-6744-4dc7-a46a-50f450b6bff4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"d4b659f9-f6be-441e-a6c4-ea4acab7619d\"},\"panelIndex\":\"d4b659f9-f6be-441e-a6c4-ea4acab7619d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"a23bbf3d-6744-4dc7-a46a-50f450b6bff4\"},\"panelIndex\":\"a23bbf3d-6744-4dc7-a46a-50f450b6bff4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
index 227f044d8..b678b9f8e 100644
--- a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
+++ b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "e09a4b86-29b5-4256-bb3b-802ac9f90404",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Top Connection Duration",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"03359f20-178f-4878-b423-ec2b347e5d9a\"},\"panelIndex\":\"03359f20-178f-4878-b423-ec2b347e5d9a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"e854052a-b93b-4de5-8ae3-46cef99a54ce\"},\"panelIndex\":\"e854052a-b93b-4de5-8ae3-46cef99a54ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"03359f20-178f-4878-b423-ec2b347e5d9a\"},\"panelIndex\":\"03359f20-178f-4878-b423-ec2b347e5d9a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"e854052a-b93b-4de5-8ae3-46cef99a54ce\"},\"panelIndex\":\"e854052a-b93b-4de5-8ae3-46cef99a54ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
index e2fc30fbe..9efe8f0d7 100644
--- a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "e76d05c0-eb9f-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "S7comm",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":51,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":34,\"w\":20,\"h\":17,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":20,\"h\":17,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":14,\"w\":20,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":51,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":34,\"w\":20,\"h\":17,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":20,\"h\":17,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":14,\"w\":20,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index 299eb4b65..990d2b133 100644
--- a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "ed8a6640-3f98-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Responder Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.0\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
index e7093cd9a..e1d65e8b1 100644
--- a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
+++ b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "f1f09567-fc7f-450b-a341-19d2f2bb468b",
@@ -10,7 +10,7 @@
         "title": "Notices",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"5\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":0,\"y\":30},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"8\",\"w\":13,\"x\":13,\"y\":30},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":17,\"x\":8,\"y\":11},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":67},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":67},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":11,\"x\":25,\"y\":11},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"15\",\"w\":48,\"x\":0,\"y\":49},\"panelIndex\":\"15\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":86},\"panelIndex\":\"17\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"18\",\"w\":22,\"x\":26,\"y\":30},\"panelIndex\":\"18\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":12,\"x\":36,\"y\":11},\"panelIndex\":\"19\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_12\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"5\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":0,\"y\":30},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"8\",\"w\":13,\"x\":13,\"y\":30},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":17,\"x\":8,\"y\":11},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":67},\"panelIndex\":\"12\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":67},\"panelIndex\":\"13\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":11,\"x\":25,\"y\":11},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"15\",\"w\":48,\"x\":0,\"y\":49},\"panelIndex\":\"15\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":86},\"panelIndex\":\"17\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"18\",\"w\":22,\"x\":26,\"y\":30},\"panelIndex\":\"18\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":12,\"x\":36,\"y\":11},\"panelIndex\":\"19\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_12\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
index 9686a795e..11858d6d8 100644
--- a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
+++ b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "f394057d-1b16-4174-b994-7045f423a416",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Sum of Total Bytes",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"0a22cd88-c236-4994-9b27-db3f5b731d7f\"},\"panelIndex\":\"0a22cd88-c236-4994-9b27-db3f5b731d7f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"4a3f5963-08e0-4206-aede-70e943fed585\"},\"panelIndex\":\"4a3f5963-08e0-4206-aede-70e943fed585\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"0a22cd88-c236-4994-9b27-db3f5b731d7f\"},\"panelIndex\":\"0a22cd88-c236-4994-9b27-db3f5b731d7f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"4a3f5963-08e0-4206-aede-70e943fed585\"},\"panelIndex\":\"4a3f5963-08e0-4206-aede-70e943fed585\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
index 5edf91968..8522b7b45 100644
--- a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
+++ b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "f77bf097-18a8-465c-b634-eb2acc7a4f26",
@@ -10,7 +10,7 @@
         "title": "RFB",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"legendOpen\":true,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":21,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":18,\"x\":0,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":48},\"panelIndex\":\"11\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":48},\"panelIndex\":\"12\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":48},\"panelIndex\":\"13\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"14\",\"w\":15,\"x\":33,\"y\":27},\"panelIndex\":\"14\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"15\",\"w\":15,\"x\":18,\"y\":27},\"panelIndex\":\"15\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"16\",\"w\":14,\"x\":34,\"y\":8},\"panelIndex\":\"16\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"17\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":38,\"i\":\"2e466042-c74a-4549-9419-847d918823ae\",\"w\":48,\"x\":0,\"y\":70},\"panelIndex\":\"2e466042-c74a-4549-9419-847d918823ae\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_12\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"legendOpen\":true,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":21,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":18,\"x\":0,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":48},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":48},\"panelIndex\":\"12\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":48},\"panelIndex\":\"13\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"14\",\"w\":15,\"x\":33,\"y\":27},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"15\",\"w\":15,\"x\":18,\"y\":27},\"panelIndex\":\"15\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"16\",\"w\":14,\"x\":34,\"y\":8},\"panelIndex\":\"16\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"17\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":38,\"i\":\"2e466042-c74a-4549-9419-847d918823ae\",\"w\":48,\"x\":0,\"y\":70},\"panelIndex\":\"2e466042-c74a-4549-9419-847d918823ae\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_12\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
index fa6914bdc..d0ff3b51e 100644
--- a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "fa141950-ef89-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream - SQL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":47,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"2\",\"w\":48,\"x\":0,\"y\":47},\"panelIndex\":\"2\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":11,\"x\":21,\"y\":8},\"panelIndex\":\"6\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":40,\"x\":8,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.6.0\",\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":47,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"2\",\"w\":48,\"x\":0,\"y\":47},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":11,\"x\":21,\"y\":8},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":40,\"x\":8,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot b/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
index c646bfa09..46435a12f 100755
--- a/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-BEATS_VER="7.6.0"
+BEATS_VER="7.6.1"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json b/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
index 211da4133..362473026 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
+++ b/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "072befc0-ffba-11e8-a854-ad7782ef6a55",
diff --git a/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json b/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
index 1c89ec697..7fe50ce71 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
+++ b/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "1ca59220-ffb0-11e8-a854-ad7782ef6a55",
diff --git a/moloch/moloch_regression_test_harness/docker-compose.yml b/moloch/moloch_regression_test_harness/docker-compose.yml
index f4837f1e5..e48948bf0 100644
--- a/moloch/moloch_regression_test_harness/docker-compose.yml
+++ b/moloch/moloch_regression_test_harness/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3.7'
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.0
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.1
     restart: "no"
     environment:
       logger.level : 'INFO'
diff --git a/sensor-iso/beats/Dockerfile b/sensor-iso/beats/Dockerfile
index a2460d42c..4f6305c91 100644
--- a/sensor-iso/beats/Dockerfile
+++ b/sensor-iso/beats/Dockerfile
@@ -28,7 +28,7 @@ RUN apt-get update && apt-get install -y \
     bash -c "curl https://glide.sh/get | bash"
 
 ENV BEATS=metricbeat
-ENV BEATS_VERSION=7.6.0
+ENV BEATS_VERSION=7.6.1
 
 ADD ./build.sh /build.sh
 RUN [ "chmod", "+x", "/build.sh" ]
diff --git a/sensor-iso/beats/beat-build.sh b/sensor-iso/beats/beat-build.sh
index 1a343e932..f62f40848 100755
--- a/sensor-iso/beats/beat-build.sh
+++ b/sensor-iso/beats/beat-build.sh
@@ -2,7 +2,7 @@
 
 # Copyright (c) 2018 Battelle Energy Alliance, LLC.  All rights reserved.
 
-VERSION="7.6.0"
+VERSION="7.6.1"
 THIRD_PARTY_BRANCH="master"
 while getopts b:v:t: opts; do
    case ${opts} in
diff --git a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
index aba0d61a7..361633937 100755
--- a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -11,7 +11,7 @@ ZEEK_PATCH_URLS=(
   # nothing here for now
 )
 
-BEATS_VER="7.6.0"
+BEATS_VER="7.6.1"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json b/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
index 211da4133..362473026 100644
--- a/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
+++ b/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "072befc0-ffba-11e8-a854-ad7782ef6a55",
diff --git a/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json b/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
index 1c89ec697..7fe50ce71 100644
--- a/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
+++ b/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.0",
+  "version": "7.6.1",
   "objects": [
     {
       "id": "1ca59220-ffb0-11e8-a854-ad7782ef6a55",
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index 59909aa60..919d906b7 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -1763,7 +1763,7 @@ The Elastic Stack's [Beats](https://www.elastic.co/products/beats) platform is a
 
 set -e
 
-BEATS_VER="7.6.0"
+BEATS_VER="7.6.1"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json b/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
index 2071d4820..b9dddb182 100644
--- a/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
+++ b/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
@@ -2,7 +2,7 @@
   "index_patterns": ["protologbeat-*"],
   "mappings": {
     "_meta": {
-      "version": "7.6.0"
+      "version": "7.6.1"
     },
     "dynamic_templates": [{
       "strings_as_keyword": {

From b41fef9974c35fde4dfe11cdb5dec10b21f96048 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 9 Mar 2020 14:09:00 -0600
Subject: [PATCH 130/183] update moloch to 2.2.3

---
 Dockerfiles/moloch.Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfiles/moloch.Dockerfile b/Dockerfiles/moloch.Dockerfile
index cb05e3ce8..6c69c9b62 100644
--- a/Dockerfiles/moloch.Dockerfile
+++ b/Dockerfiles/moloch.Dockerfile
@@ -4,7 +4,7 @@ FROM debian:buster-slim AS build
 
 ENV DEBIAN_FRONTEND noninteractive
 
-ENV MOLOCH_VERSION "2.2.2"
+ENV MOLOCH_VERSION "2.2.3"
 ENV MOLOCHDIR "/data/moloch"
 
 ADD moloch/scripts/bs4_remove_div.py /data/
@@ -67,7 +67,7 @@ RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list
   cd /data && \
   # TODO: see comment above about aol/moloch vs. mmguero-dev/moloch
   # tar -xvf "moloch.tar.gz" && \
-  git clone --recursive --depth=1 --single-branch -b "topic/netdiff_2.2.2" "https://github.com/mmguero-dev/moloch.git" "./moloch-"$MOLOCH_VERSION && \
+  git clone --recursive --depth=1 --single-branch -b "topic/netdiff_2.2.3" "https://github.com/mmguero-dev/moloch.git" "./moloch-"$MOLOCH_VERSION && \
     cd "./moloch-"$MOLOCH_VERSION && \
     rm -rf ./.git && \
     bash -c 'for i in /data/patches/*; do patch -p 1 -r - --no-backup-if-mismatch < $i || true; done' && \

From bd15d5c85c97517ec4e3df66820a8199dab5d156 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 9 Mar 2020 14:28:38 -0600
Subject: [PATCH 131/183] update moloch to 2.2.3

---
 .../Dockerfiles/moloch.Dockerfile                               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile b/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile
index 08894df3f..c5bdbcdfd 100644
--- a/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile
+++ b/moloch/moloch_regression_test_harness/Dockerfiles/moloch.Dockerfile
@@ -3,7 +3,7 @@ FROM debian:buster-slim AS build
 ENV DEBIAN_FRONTEND noninteractive
 
 ENV GITHUB_URL "https://github.com/mmguero-dev/moloch/"
-ENV GITHUB_BRANCH "topic/netdiff_2.2.2"
+ENV GITHUB_BRANCH "topic/netdiff_2.2.3"
 ENV MOLOCHDIR "/data/moloch"
 ENV MOLOCHUSER "moloch"
 

From 9da4a97a9304637a040a45f56ea47d8ad946c1c2 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 10 Mar 2020 14:35:30 -0600
Subject: [PATCH 132/183] update zeek to 3.0.3

---
 Dockerfiles/zeek.Dockerfile                                  | 2 +-
 sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot | 2 +-
 sensor-iso/docs/Notes.md                                     | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile
index 27b19a0de..ea67eb5bc 100644
--- a/Dockerfiles/zeek.Dockerfile
+++ b/Dockerfiles/zeek.Dockerfile
@@ -5,7 +5,7 @@ FROM debian:buster-slim AS build
 ENV DEBIAN_FRONTEND noninteractive
 
 ENV SRC_BASE_DIR "/usr/local/src"
-ENV ZEEK_VERSION "3.0.2"
+ENV ZEEK_VERSION "3.0.3"
 ENV ZEEK_DIR "/opt/zeek"
 ENV ZEEK_SRC_DIR "${SRC_BASE_DIR}/zeek-${ZEEK_VERSION}"
 ENV ZEEK_PATCH_DIR "${SRC_BASE_DIR}/zeek-patches"
diff --git a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
index 361633937..480e66ad6 100755
--- a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -5,7 +5,7 @@
 NETSNIFF_VER="0.6.6"
 NETSNIFF_URL="https://github.com/netsniff-ng/netsniff-ng/archive/v$NETSNIFF_VER.tar.gz"
 
-ZEEK_VER="3.0.2"
+ZEEK_VER="3.0.3"
 ZEEK_URL="https://www.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
 ZEEK_PATCH_URLS=(
   # nothing here for now
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index 919d906b7..4e5f6309a 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -321,7 +321,7 @@ This may require opening a firewall port to the host running Moloch viewer to al
 
 # <a name="Zeek"></a>Zeek
 
-At the time of writing, the [current stable release](https://github.com/zeek/zeek/blob/release/NEWS) of Zeek is [v3.0.2](https://github.com/zeek/zeek/releases/tag/v3.0.2). The notes in this section apply to that version, although some may apply to others as well.
+At the time of writing, the [current stable release](https://github.com/zeek/zeek/blob/release/NEWS) of Zeek is [v3.0.3](https://github.com/zeek/zeek/releases/tag/v3.0.3). The notes in this section apply to that version, although some may apply to others as well.
 
 ## <a name="ZeekCompile"></a>Compiling Zeek from source
 
@@ -330,7 +330,7 @@ The following bash script was used to download, [build and install](https://docs
 ```bash
 #!/bin/bash
 
-ZEEK_VER="3.0.2"
+ZEEK_VER="3.0.3"
 ZEEK_URL="https://www.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
 ZEEK_PATCH_URLS=(
   # nothing here for now

From c8da7c6710acdb204cc5e52f29f37e88368f21a2 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 12 Mar 2020 11:56:13 -0600
Subject: [PATCH 133/183] update psutil to fix security alert
 https://github.com/advisories/GHSA-qfc5-mcwq-26q8

---
 sensor-iso/interface/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sensor-iso/interface/requirements.txt b/sensor-iso/interface/requirements.txt
index 8dc59f2ca..3e89139ac 100644
--- a/sensor-iso/interface/requirements.txt
+++ b/sensor-iso/interface/requirements.txt
@@ -8,7 +8,7 @@ idna==2.7
 itsdangerous==0.24
 Jinja2==2.10.1
 MarkupSafe==1.0
-psutil==5.6.0
+psutil==5.6.6
 python-dotenv==0.9.1
 requests==2.20.0
 six==1.11.0

From 9ac15f9ce425091d73cd7530c8d8c0c87169d0ef Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 18 Mar 2020 07:00:57 -0600
Subject: [PATCH 134/183] zeek updated website, fix broken link

---
 Dockerfiles/zeek.Dockerfile                                  | 2 +-
 sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot | 2 +-
 sensor-iso/docs/Notes.md                                     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile
index ea67eb5bc..d41854e11 100644
--- a/Dockerfiles/zeek.Dockerfile
+++ b/Dockerfiles/zeek.Dockerfile
@@ -11,7 +11,7 @@ ENV ZEEK_SRC_DIR "${SRC_BASE_DIR}/zeek-${ZEEK_VERSION}"
 ENV ZEEK_PATCH_DIR "${SRC_BASE_DIR}/zeek-patches"
 ENV PATH="${ZEEK_DIR}/bin:${PATH}"
 
-ADD https://www.zeek.org/downloads/zeek-$ZEEK_VERSION.tar.gz $SRC_BASE_DIR/zeek.tar.gz
+ADD https://old.zeek.org/downloads/zeek-$ZEEK_VERSION.tar.gz $SRC_BASE_DIR/zeek.tar.gz
 ADD shared/bin/zeek_install_plugins.sh /usr/local/bin/
 
 RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \
diff --git a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
index 480e66ad6..00a772f64 100755
--- a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -6,7 +6,7 @@ NETSNIFF_VER="0.6.6"
 NETSNIFF_URL="https://github.com/netsniff-ng/netsniff-ng/archive/v$NETSNIFF_VER.tar.gz"
 
 ZEEK_VER="3.0.3"
-ZEEK_URL="https://www.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
+ZEEK_URL="https://old.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
 ZEEK_PATCH_URLS=(
   # nothing here for now
 )
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index 4e5f6309a..141833662 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -331,7 +331,7 @@ The following bash script was used to download, [build and install](https://docs
 #!/bin/bash
 
 ZEEK_VER="3.0.3"
-ZEEK_URL="https://www.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
+ZEEK_URL="https://old.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
 ZEEK_PATCH_URLS=(
   # nothing here for now
 )

From c81bb358c575b02ce62b0abc5a2406ffe891680d Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 18 Mar 2020 15:43:37 -0600
Subject: [PATCH 135/183] restore stuff for generating web documentation

---
 docs/web/conf.py                   | 1337 ++++++++++++++++++++++++++++
 docs/web/github_readme_to_pages.sh |   66 ++
 docs/web/requirements.txt          |    1 +
 3 files changed, 1404 insertions(+)
 create mode 100644 docs/web/conf.py
 create mode 100755 docs/web/github_readme_to_pages.sh
 create mode 100644 docs/web/requirements.txt

diff --git a/docs/web/conf.py b/docs/web/conf.py
new file mode 100644
index 000000000..84d426832
--- /dev/null
+++ b/docs/web/conf.py
@@ -0,0 +1,1337 @@
+# -*- coding: utf-8 -*-
+
+import time
+
+# !! This is the configuration of Nikola. !! #
+# !!  You should edit it to your liking.  !! #
+
+
+# ! Some settings can be different in different languages.
+# ! A comment stating (translatable) is used to denote those.
+# ! There are two ways to specify a translatable setting:
+# ! (a) BLOG_TITLE = "My Blog"
+# ! (b) BLOG_TITLE = {"en": "My Blog", "es": "Mi Blog"}
+# ! Option (a) is used when you don't want that setting translated.
+# ! Option (b) is used for settings that are different in different languages.
+
+
+# Data about this site
+BLOG_AUTHOR = "Seth Grover"  # (translatable)
+BLOG_TITLE = "Malcolm"  # (translatable)
+# This is the main URL for your site. It will be used
+# in a prominent link. Don't forget the protocol (http/https)!
+SITE_URL = "https://malcolm.fyi/"
+# This is the URL where Nikola's output will be deployed.
+# If not set, defaults to SITE_URL
+# BASE_URL = "https://malcolm.fyi/"
+BLOG_EMAIL = "malcolm.netsec@gmail.com"
+BLOG_DESCRIPTION = "Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs."  # (translatable)
+
+# Nikola is multilingual!
+#
+# Currently supported languages are:
+#
+# en        English
+# af        Afrikaans
+# ar        Arabic
+# az        Azerbaijani
+# bg        Bulgarian
+# bs        Bosnian
+# ca        Catalan
+# cs        Czech [ALTERNATIVELY cz]
+# da        Danish
+# de        German
+# el        Greek [NOT gr]
+# eo        Esperanto
+# es        Spanish
+# et        Estonian
+# eu        Basque
+# fa        Persian
+# fi        Finnish
+# fr        French
+# fur       Friulian
+# gl        Galician
+# he        Hebrew
+# hi        Hindi
+# hr        Croatian
+# hu        Hungarian
+# ia        Interlingua
+# id        Indonesian
+# it        Italian
+# ja        Japanese [NOT jp]
+# ko        Korean
+# lt        Lithuanian
+# ml        Malayalam
+# nb        Norwegian (Bokmål)
+# nl        Dutch
+# pa        Punjabi
+# pl        Polish
+# pt        Portuguese
+# pt_br     Portuguese (Brazil)
+# ru        Russian
+# sk        Slovak
+# sl        Slovene
+# sq        Albanian
+# sr        Serbian (Cyrillic)
+# sr_latin  Serbian (Latin)
+# sv        Swedish
+# te        Telugu
+# th        Thai
+# tr        Turkish [NOT tr_TR]
+# uk        Ukrainian
+# ur        Urdu
+# vi        Vietnamese
+# zh_cn     Chinese (Simplified)
+# zh_tw     Chinese (Traditional)
+#
+# If you want to use Nikola with a non-supported language you have to provide
+# a module containing the necessary translations
+# (cf. the modules at nikola/data/themes/base/messages/).
+# If a specific post is not translated to a language, then the version
+# in the default language will be shown instead.
+
+# What is the default language?
+DEFAULT_LANG = "en"
+
+# What other languages do you have?
+# The format is {"translationcode" : "path/to/translation" }
+# the path will be used as a prefix for the generated pages location
+TRANSLATIONS = {
+    DEFAULT_LANG: "",
+    # Example for another language:
+    # "es": "./es",
+}
+
+# What will translated input files be named like?
+
+# If you have a page something.rst, then something.pl.rst will be considered
+# its Polish translation.
+#     (in the above example: path == "something", ext == "rst", lang == "pl")
+# this pattern is also used for metadata:
+#     something.meta -> something.pl.meta
+
+TRANSLATIONS_PATTERN = '{path}.{lang}.{ext}'
+
+# Links for the sidebar / navigation bar.  (translatable)
+# This is a dict.  The keys are languages, and values are tuples.
+#
+# For regular links:
+#     ('https://getnikola.com/', 'Nikola Homepage')
+#
+# For submenus:
+#     (
+#         (
+#             ('https://apple.com/', 'Apple'),
+#             ('https://orange.com/', 'Orange'),
+#         ),
+#         'Fruits'
+#     )
+#
+# WARNING: Support for submenus is theme-dependent.
+#          Only one level of submenus is supported.
+# WARNING: Some themes, including the default Bootstrap 4 theme,
+#          may present issues if the menu is too large.
+#          (in Bootstrap, the navbar can grow too large and cover contents.)
+# WARNING: If you link to directories, make sure to follow
+#          ``STRIP_INDEXES``.  If it’s set to ``True``, end your links
+#          with a ``/``, otherwise end them with ``/index.html`` — or
+#          else they won’t be highlighted when active.
+
+NAVIGATION_LINKS = {
+    DEFAULT_LANG: (
+        ("/", "Home"),
+        ("/documentation/#QuickStart", "Getting Started"),
+        ("/documentation/#Components", "Components"),
+        ("/documentation/#Protocols", "Supported Protocols"),
+        ("/documentation/", "Documentation"),
+        ("/hedgehog/", "Hedgehog Linux"),
+        ("https://github.com/idaholab/Malcolm", "↪ GitHub")
+    ),
+}
+
+# Alternative navigation links. Works the same way NAVIGATION_LINKS does,
+# although themes may not always support them. (translatable)
+# (Bootstrap 4: right-side of navbar, Bootblog 4: right side of title)
+NAVIGATION_ALT_LINKS = {
+    DEFAULT_LANG: ()
+}
+
+# Name of the theme to use.
+THEME = "hyde"
+
+# Primary color of your theme. This will be used to customize your theme.
+# Must be a HEX value.
+THEME_COLOR = '#5670d4'
+
+# POSTS and PAGES contains (wildcard, destination, template) tuples.
+# (translatable)
+#
+# The wildcard is used to generate a list of source files
+# (whatever/thing.rst, for example).
+#
+# That fragment could have an associated metadata file (whatever/thing.meta),
+# and optionally translated files (example for Spanish, with code "es"):
+#     whatever/thing.es.rst and whatever/thing.es.meta
+#
+#     This assumes you use the default TRANSLATIONS_PATTERN.
+#
+# From those files, a set of HTML fragment files will be generated:
+# cache/whatever/thing.html (and maybe cache/whatever/thing.html.es)
+#
+# These files are combined with the template to produce rendered
+# pages, which will be placed at
+# output/TRANSLATIONS[lang]/destination/pagename.html
+#
+# where "pagename" is the "slug" specified in the metadata file.
+# The page might also be placed in /destination/pagename/index.html
+# if PRETTY_URLS are enabled.
+#
+# The difference between POSTS and PAGES is that POSTS are added
+# to feeds, indexes, tag lists and archives and are considered part
+# of a blog, while PAGES are just independent HTML pages.
+#
+# Finally, note that destination can be translated, i.e. you can
+# specify a different translation folder per language. Example:
+#     PAGES = (
+#         ("pages/*.rst", {"en": "pages", "de": "seiten"}, "page.tmpl"),
+#         ("pages/*.md", {"en": "pages", "de": "seiten"}, "page.tmpl"),
+#     )
+
+POSTS = (
+    ("posts/*.rst", "blog", "post.tmpl"),
+    ("posts/*.md", "blog", "post.tmpl"),
+    ("posts/*.txt", "blog", "post.tmpl"),
+    ("posts/*.html", "blog", "post.tmpl"),
+)
+PAGES = (
+    ("pages/*.rst", "", "page.tmpl"),
+    ("pages/*.md", "", "page.tmpl"),
+    ("pages/*.txt", "", "page.tmpl"),
+    ("pages/*.html", "", "page.tmpl"),
+)
+
+
+# Below this point, everything is optional
+
+# Post's dates are considered in UTC by default, if you want to use
+# another time zone, please set TIMEZONE to match. Check the available
+# list from Wikipedia:
+# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+# (e.g. 'Europe/Zurich')
+# Also, if you want to use a different time zone in some of your posts,
+# you can use the ISO 8601/RFC 3339 format (ex. 2012-03-30T23:00:00+02:00)
+TIMEZONE = "America/Denver"
+
+# If you want to use ISO 8601 (also valid RFC 3339) throughout Nikola
+# (especially in new_post), set this to True.
+# Note that this does not affect DATE_FORMAT.
+# FORCE_ISO8601 = False
+
+# Date format used to display post dates. (translatable)
+# Used by babel.dates, CLDR style: http://cldr.unicode.org/translation/date-time
+# You can also use 'full', 'long', 'medium', or 'short'
+# DATE_FORMAT = 'YYYY-MM-dd HH:mm'
+
+# Date format used to display post dates, if local dates are used. (translatable)
+# Used by moment.js: https://momentjs.com/docs/#/displaying/format/
+# JS_DATE_FORMAT = 'YYYY-MM-DD HH:mm'
+
+# Date fanciness.
+#
+# 0 = using DATE_FORMAT and TIMEZONE
+# 1 = using JS_DATE_FORMAT and local user time (via moment.js)
+# 2 = using a string like “2 days ago”
+#
+# Your theme must support it, Bootstrap already does.
+# DATE_FANCINESS = 0
+
+# Customize the locale/region used for a language.
+# For example, to use British instead of US English: LOCALES = {'en': 'en_GB'}
+# LOCALES = {}
+
+# One or more folders containing files to be copied as-is into the output.
+# The format is a dictionary of {source: relative destination}.
+# Default is:
+# FILES_FOLDERS = {'files': ''}
+# Which means copy 'files' into 'output'
+
+# One or more folders containing code listings to be processed and published on
+# the site. The format is a dictionary of {source: relative destination}.
+# Default is:
+# LISTINGS_FOLDERS = {'listings': 'listings'}
+# Which means process listings from 'listings' into 'output/listings'
+
+# A mapping of languages to file-extensions that represent that language.
+# Feel free to add or delete extensions to any list, but don't add any new
+# compilers unless you write the interface for it yourself.
+#
+# The default compiler for `new_post` is the first entry in the POSTS tuple.
+#
+# 'rest' is reStructuredText
+# 'markdown' is Markdown
+# 'html' assumes the file is HTML and just copies it
+COMPILERS = {
+    "rest": ('.rst', '.txt'),
+    "markdown": ('.md', '.mdown', '.markdown'),
+    "textile": ('.textile',),
+    "txt2tags": ('.t2t',),
+    "bbcode": ('.bb',),
+    "wiki": ('.wiki',),
+    "ipynb": ('.ipynb',),
+    "html": ('.html', '.htm'),
+    # PHP files are rendered the usual way (i.e. with the full templates).
+    # The resulting files have .php extensions, making it possible to run
+    # them without reconfiguring your server to recognize them.
+    "php": ('.php',),
+    # Pandoc detects the input from the source filename
+    # but is disabled by default as it would conflict
+    # with many of the others.
+    # "pandoc": ('.rst', '.md', '.txt'),
+}
+
+# Enable reST directives that insert the contents of external files such
+# as "include" and "raw." This maps directly to the docutils file_insertion_enabled
+# config. See: http://docutils.sourceforge.net/docs/user/config.html#file-insertion-enabled
+# REST_FILE_INSERTION_ENABLED = True
+
+# Create by default posts in one file format?
+# Set to False for two-file posts, with separate metadata.
+# ONE_FILE_POSTS = True
+
+# Preferred metadata format for new posts
+# "Nikola": reST comments, wrapped in a HTML comment if needed (default)
+# "YAML": YAML wrapped in "---"
+# "TOML": TOML wrapped in "+++"
+# "Pelican": Native markdown metadata or reST docinfo fields. Nikola style for other formats.
+# METADATA_FORMAT = "Nikola"
+
+# Use date-based path when creating posts?
+# Can be enabled on a per-post basis with `nikola new_post -d`.
+# The setting is ignored when creating pages.
+# NEW_POST_DATE_PATH = False
+
+# What format to use when creating posts with date paths?
+# Default is '%Y/%m/%d', other possibilities include '%Y' or '%Y/%m'.
+# NEW_POST_DATE_PATH_FORMAT = '%Y/%m/%d'
+
+# If this is set to True, the DEFAULT_LANG version will be displayed for
+# untranslated posts.
+# If this is set to False, then posts that are not translated to a language
+# LANG will not be visible at all in the pages in that language.
+# SHOW_UNTRANSLATED_POSTS = True
+
+# Nikola supports logo display.  If you have one, you can put the URL here.
+# Final output is <img src="LOGO_URL" id="logo" alt="BLOG_TITLE">.
+# The URL may be relative to the site root.
+LOGO_URL = 'https://raw.githubusercontent.com/idaholab/Malcolm/development/docs/images/logo/Malcolm_reflection_white.png'
+
+# If you want to hide the title of your website (for example, if your logo
+# already contains the text), set this to False.
+SHOW_BLOG_TITLE = False
+
+# Paths for different autogenerated bits. These are combined with the
+# translation paths.
+
+# Final locations are:
+# output / TRANSLATION[lang] / TAG_PATH / index.html (list of tags)
+# output / TRANSLATION[lang] / TAG_PATH / tag.html (list of posts for a tag)
+# output / TRANSLATION[lang] / TAG_PATH / tag RSS_EXTENSION (RSS feed for a tag)
+# (translatable)
+# TAG_PATH = "categories"
+
+# By default, the list of tags is stored in
+#     output / TRANSLATION[lang] / TAG_PATH / index.html
+# (see explanation for TAG_PATH). This location can be changed to
+#     output / TRANSLATION[lang] / TAGS_INDEX_PATH
+# with an arbitrary relative path TAGS_INDEX_PATH.
+# (translatable)
+# TAGS_INDEX_PATH = "tags.html"
+
+# If TAG_PAGES_ARE_INDEXES is set to True, each tag's page will contain
+# the posts themselves. If set to False, it will be just a list of links.
+# TAG_PAGES_ARE_INDEXES = False
+
+# Set descriptions for tag pages to make them more interesting. The
+# default is no description. The value is used in the meta description
+# and displayed underneath the tag list or index page’s title.
+# TAG_DESCRIPTIONS = {
+#    DEFAULT_LANG: {
+#        "blogging": "Meta-blog posts about blogging.",
+#        "open source": "My contributions to my many, varied, ever-changing, and eternal libre software projects."
+#    },
+# }
+
+# Set special titles for tag pages. The default is "Posts about TAG".
+# TAG_TITLES = {
+#    DEFAULT_LANG: {
+#        "blogging": "Meta-posts about blogging",
+#        "open source": "Posts about open source software"
+#    },
+# }
+
+# If you do not want to display a tag publicly, you can mark it as hidden.
+# The tag will not be displayed on the tag list page and posts.
+# Tag pages will still be generated.
+HIDDEN_TAGS = ['mathjax']
+
+# Only include tags on the tag list/overview page if there are at least
+# TAGLIST_MINIMUM_POSTS number of posts or more with every tag. Every tag
+# page is still generated, linked from posts, and included in the sitemap.
+# However, more obscure tags can be hidden from the tag index page.
+# TAGLIST_MINIMUM_POSTS = 1
+
+# A list of dictionaries specifying tags which translate to each other.
+# Format: a list of dicts {language: translation, language2: translation2, …}
+# For example:
+#   [
+#     {'en': 'private', 'de': 'Privat'},
+#     {'en': 'work', 'fr': 'travail', 'de': 'Arbeit'},
+#   ]
+# TAG_TRANSLATIONS = []
+
+# If set to True, a tag in a language will be treated as a translation
+# of the literally same tag in all other languages. Enable this if you
+# do not translate tags, for example.
+# TAG_TRANSLATIONS_ADD_DEFAULTS = True
+
+# Final locations are:
+# output / TRANSLATION[lang] / CATEGORY_PATH / index.html (list of categories)
+# output / TRANSLATION[lang] / CATEGORY_PATH / CATEGORY_PREFIX category.html (list of posts for a category)
+# output / TRANSLATION[lang] / CATEGORY_PATH / CATEGORY_PREFIX category RSS_EXTENSION (RSS feed for a category)
+# (translatable)
+# CATEGORY_PATH = "categories"
+# CATEGORY_PREFIX = "cat_"
+
+# By default, the list of categories is stored in
+#     output / TRANSLATION[lang] / CATEGORY_PATH / index.html
+# (see explanation for CATEGORY_PATH). This location can be changed to
+#     output / TRANSLATION[lang] / CATEGORIES_INDEX_PATH
+# with an arbitrary relative path CATEGORIES_INDEX_PATH.
+# (translatable)
+# CATEGORIES_INDEX_PATH = "categories.html"
+
+# If CATEGORY_ALLOW_HIERARCHIES is set to True, categories can be organized in
+# hierarchies. For a post, the whole path in the hierarchy must be specified,
+# using a forward slash ('/') to separate paths. Use a backslash ('\') to escape
+# a forward slash or a backslash (i.e. '\//\\' is a path specifying the
+# subcategory called '\' of the top-level category called '/').
+CATEGORY_ALLOW_HIERARCHIES = False
+# If CATEGORY_OUTPUT_FLAT_HIERARCHY is set to True, the output written to output
+# contains only the name of the leaf category and not the whole path.
+CATEGORY_OUTPUT_FLAT_HIERARCHY = False
+
+# If CATEGORY_PAGES_ARE_INDEXES is set to True, each category's page will contain
+# the posts themselves. If set to False, it will be just a list of links.
+# CATEGORY_PAGES_ARE_INDEXES = False
+
+# Set descriptions for category pages to make them more interesting. The
+# default is no description. The value is used in the meta description
+# and displayed underneath the category list or index page’s title.
+# CATEGORY_DESCRIPTIONS = {
+#    DEFAULT_LANG: {
+#        "blogging": "Meta-blog posts about blogging.",
+#        "open source": "My contributions to my many, varied, ever-changing, and eternal libre software projects."
+#    },
+# }
+
+# Set special titles for category pages. The default is "Posts about CATEGORY".
+# CATEGORY_TITLES = {
+#    DEFAULT_LANG: {
+#        "blogging": "Meta-posts about blogging",
+#        "open source": "Posts about open source software"
+#    },
+# }
+
+# If you do not want to display a category publicly, you can mark it as hidden.
+# The category will not be displayed on the category list page.
+# Category pages will still be generated.
+HIDDEN_CATEGORIES = []
+
+# A list of dictionaries specifying categories which translate to each other.
+# Format: a list of dicts {language: translation, language2: translation2, …}
+# See TAG_TRANSLATIONS example above.
+# CATEGORY_TRANSLATIONS = []
+
+# If set to True, a category in a language will be treated as a translation
+# of the literally same category in all other languages. Enable this if you
+# do not translate categories, for example.
+# CATEGORY_TRANSLATIONS_ADD_DEFAULTS = True
+
+# If no category is specified in a post, the destination path of the post
+# can be used in its place. This replaces the sections feature. Using
+# category hierarchies is recommended.
+# CATEGORY_DESTPATH_AS_DEFAULT = False
+
+# If True, the prefix will be trimmed from the category name, eg. if the
+# POSTS destination is "foo/bar", and the path is "foo/bar/baz/quux",
+# the category will be "baz/quux" (or "baz" if only the first directory is considered).
+# Note that prefixes coming from translations are always ignored.
+# CATEGORY_DESTPATH_TRIM_PREFIX = False
+
+# If True, only the first directory of a path will be used.
+# CATEGORY_DESTPATH_FIRST_DIRECTORY_ONLY = True
+
+# Map paths to prettier category names. (translatable)
+# CATEGORY_DESTPATH_NAMES = {
+#    DEFAULT_LANG: {
+#        'webdev': 'Web Development',
+#        'webdev/django': 'Web Development/Django',
+#        'random': 'Odds and Ends',
+#    },
+# }
+
+# By default, category indexes will appear in CATEGORY_PATH and use
+# CATEGORY_PREFIX. If this is enabled, those settings will be ignored (except
+# for the index) and instead, they will follow destination paths (eg. category
+# 'foo' might appear in 'posts/foo'). If the category does not come from a
+# destpath, first entry in POSTS followed by the category name will be used.
+# For this setting, category hierarchies are required and cannot be flattened.
+# CATEGORY_PAGES_FOLLOW_DESTPATH = False
+
+# If ENABLE_AUTHOR_PAGES is set to True and there is more than one
+# author, author pages are generated.
+# ENABLE_AUTHOR_PAGES = True
+
+# Path to author pages. Final locations are:
+# output / TRANSLATION[lang] / AUTHOR_PATH / index.html (list of authors)
+# output / TRANSLATION[lang] / AUTHOR_PATH / author.html (list of posts by an author)
+# output / TRANSLATION[lang] / AUTHOR_PATH / author RSS_EXTENSION (RSS feed for an author)
+# (translatable)
+# AUTHOR_PATH = "authors"
+
+# If AUTHOR_PAGES_ARE_INDEXES is set to True, each author's page will contain
+# the posts themselves. If set to False, it will be just a list of links.
+# AUTHOR_PAGES_ARE_INDEXES = False
+
+# Set descriptions for author pages to make them more interesting. The
+# default is no description. The value is used in the meta description
+# and displayed underneath the author list or index page’s title.
+# AUTHOR_PAGES_DESCRIPTIONS = {
+#    DEFAULT_LANG: {
+#        "Juanjo Conti": "Python coder and writer.",
+#        "Roberto Alsina": "Nikola father."
+#    },
+# }
+
+
+# If you do not want to display an author publicly, you can mark it as hidden.
+# The author will not be displayed on the author list page and posts.
+# Tag pages will still be generated.
+HIDDEN_AUTHORS = ['Guest']
+
+# Final location for the main blog page and sibling paginated pages is
+# output / TRANSLATION[lang] / INDEX_PATH / index-*.html
+# (translatable)
+INDEX_PATH = "blog"
+
+# Optional HTML that displayed on “main” blog index.html files.
+# May be used for a greeting. (translatable)
+FRONT_INDEX_HEADER = {
+    DEFAULT_LANG: ''
+}
+
+# Create per-month archives instead of per-year
+# CREATE_MONTHLY_ARCHIVE = False
+# Create one large archive instead of per-year
+# CREATE_SINGLE_ARCHIVE = False
+# Create year, month, and day archives each with a (long) list of posts
+# (overrides both CREATE_MONTHLY_ARCHIVE and CREATE_SINGLE_ARCHIVE)
+# CREATE_FULL_ARCHIVES = False
+# If monthly archives or full archives are created, adds also one archive per day
+# CREATE_DAILY_ARCHIVE = False
+# Create previous, up, next navigation links for archives
+# CREATE_ARCHIVE_NAVIGATION = False
+# Final locations for the archives are:
+# output / TRANSLATION[lang] / ARCHIVE_PATH / ARCHIVE_FILENAME
+# output / TRANSLATION[lang] / ARCHIVE_PATH / YEAR / index.html
+# output / TRANSLATION[lang] / ARCHIVE_PATH / YEAR / MONTH / index.html
+# output / TRANSLATION[lang] / ARCHIVE_PATH / YEAR / MONTH / DAY / index.html
+# (translatable)
+# ARCHIVE_PATH = ""
+# ARCHIVE_FILENAME = "archive.html"
+
+# If ARCHIVES_ARE_INDEXES is set to True, each archive page which contains a list
+# of posts will contain the posts themselves. If set to False, it will be just a
+# list of links.
+# ARCHIVES_ARE_INDEXES = False
+
+# URLs to other posts/pages can take 3 forms:
+# rel_path: a relative URL to the current page/post (default)
+# full_path: a URL with the full path from the root
+# absolute: a complete URL (that includes the SITE_URL)
+# URL_TYPE = 'rel_path'
+
+# Extension for RSS feed files
+# RSS_EXTENSION = ".xml"
+
+# RSS filename base (without extension); used for indexes and galleries.
+# (translatable)
+# RSS_FILENAME_BASE = "rss"
+
+# Final location for the blog main RSS feed is:
+# output / TRANSLATION[lang] / RSS_PATH / RSS_FILENAME_BASE RSS_EXTENSION
+# (translatable)
+# RSS_PATH = ""
+
+# Final location for the blog main Atom feed is:
+# output / TRANSLATION[lang] / ATOM_PATH / ATOM_FILENAME_BASE ATOM_EXTENSION
+# (translatable)
+# ATOM_PATH = ""
+
+# Atom filename base (without extension); used for indexes.
+# (translatable)
+ATOM_FILENAME_BASE = "feed"
+
+# Extension for Atom feed files
+# ATOM_EXTENSION = ".atom"
+
+# Slug the Tag URL. Easier for users to type, special characters are
+# often removed or replaced as well.
+# SLUG_TAG_PATH = True
+
+# Slug the Author URL. Easier for users to type, special characters are
+# often removed or replaced as well.
+# SLUG_AUTHOR_PATH = True
+
+# A list of redirection tuples, [("foo/from.html", "/bar/to.html")].
+#
+# A HTML file will be created in output/foo/from.html that redirects
+# to the "/bar/to.html" URL. notice that the "from" side MUST be a
+# relative URL.
+#
+# If you don't need any of these, just set to []
+REDIRECTIONS = []
+
+# Presets of commands to execute to deploy. Can be anything, for
+# example, you may use rsync:
+# "rsync -rav --delete output/ joe@my.site:/srv/www/site"
+# And then do a backup, or run `nikola ping` from the `ping`
+# plugin (`nikola plugin -i ping`).  Or run `nikola check -l`.
+# You may also want to use github_deploy (see below).
+# You can define multiple presets and specify them as arguments
+# to `nikola deploy`.  If no arguments are specified, a preset
+# named `default` will be executed.  You can use as many presets
+# in a `nikola deploy` command as you like.
+# DEPLOY_COMMANDS = {
+#     'default': [
+#         "rsync -rav --delete output/ joe@my.site:/srv/www/site",
+#     ]
+# }
+
+# github_deploy configuration
+# For more details, read the manual:
+# https://getnikola.com/handbook.html#deploying-to-github
+# You will need to configure the deployment branch on GitHub.
+GITHUB_SOURCE_BRANCH = 'src'
+GITHUB_DEPLOY_BRANCH = 'master'
+
+# The name of the remote where you wish to push to, using github_deploy.
+GITHUB_REMOTE_NAME = 'origin'
+
+# Whether or not github_deploy should commit to the source branch automatically
+# before deploying.
+GITHUB_COMMIT_SOURCE = True
+
+# Where the output site should be located
+# If you don't use an absolute path, it will be considered as relative
+# to the location of conf.py
+# OUTPUT_FOLDER = 'output'
+
+# where the "cache" of partial generated content should be located
+# default: 'cache'
+# CACHE_FOLDER = 'cache'
+
+# Filters to apply to the output.
+# A directory where the keys are either: a file extensions, or
+# a tuple of file extensions.
+#
+# And the value is a list of commands to be applied in order.
+#
+# Each command must be either:
+#
+# A string containing a '%s' which will
+# be replaced with a filename. The command *must* produce output
+# in place.
+#
+# Or:
+#
+# A python callable, which will be called with the filename as
+# argument.
+#
+# By default, only .php files uses filters to inject PHP into
+# Nikola’s templates. All other filters must be enabled through FILTERS.
+#
+# Many filters are shipped with Nikola. A list is available in the manual:
+# <https://getnikola.com/handbook.html#post-processing-filters>
+#
+# from nikola import filters
+# FILTERS = {
+#    ".html": [filters.typogrify],
+#    ".js": [filters.closure_compiler],
+#    ".jpg": ["jpegoptim --strip-all -m75 -v %s"],
+# }
+
+# Executable for the "yui_compressor" filter (defaults to 'yui-compressor').
+# YUI_COMPRESSOR_EXECUTABLE = 'yui-compressor'
+
+# Executable for the "closure_compiler" filter (defaults to 'closure-compiler').
+# CLOSURE_COMPILER_EXECUTABLE = 'closure-compiler'
+
+# Executable for the "optipng" filter (defaults to 'optipng').
+# OPTIPNG_EXECUTABLE = 'optipng'
+
+# Executable for the "jpegoptim" filter (defaults to 'jpegoptim').
+# JPEGOPTIM_EXECUTABLE = 'jpegoptim'
+
+# Executable for the "html_tidy_withconfig", "html_tidy_nowrap",
+# "html_tidy_wrap", "html_tidy_wrap_attr" and "html_tidy_mini" filters
+# (defaults to 'tidy5').
+# HTML_TIDY_EXECUTABLE = 'tidy5'
+
+# List of XPath expressions which should be used for finding headers
+# ({hx} is replaced by headers h1 through h6).
+# You must change this if you use a custom theme that does not use
+# "e-content entry-content" as a class for post and page contents.
+# HEADER_PERMALINKS_XPATH_LIST = ['*//div[@class="e-content entry-content"]//{hx}']
+# Include *every* header (not recommended):
+# HEADER_PERMALINKS_XPATH_LIST = ['*//{hx}']
+
+# File blacklist for header permalinks. Contains output path
+# (eg. 'output/index.html')
+# HEADER_PERMALINKS_FILE_BLACKLIST = []
+
+# Expert setting! Create a gzipped copy of each generated file. Cheap server-
+# side optimization for very high traffic sites or low memory servers.
+# GZIP_FILES = False
+# File extensions that will be compressed
+# GZIP_EXTENSIONS = ('.txt', '.htm', '.html', '.css', '.js', '.json', '.atom', '.xml')
+# Use an external gzip command? None means no.
+# Example: GZIP_COMMAND = "pigz -k {filename}"
+# GZIP_COMMAND = None
+# Make sure the server does not return a "Accept-Ranges: bytes" header for
+# files compressed by this option! OR make sure that a ranged request does not
+# return partial content of another representation for these resources. Do not
+# use this feature if you do not understand what this means.
+
+# #############################################################################
+# Image Gallery Options
+# #############################################################################
+
+# One or more folders containing galleries. The format is a dictionary of
+# {"source": "relative_destination"}, where galleries are looked for in
+# "source/" and the results will be located in
+# "OUTPUT_PATH/relative_destination/gallery_name"
+# Default is:
+# GALLERY_FOLDERS = {"galleries": "galleries"}
+# More gallery options:
+# THUMBNAIL_SIZE = 180
+# MAX_IMAGE_SIZE = 1280
+# USE_FILENAME_AS_TITLE = True
+# EXTRA_IMAGE_EXTENSIONS = []
+#
+# If set to False, it will sort by filename instead. Defaults to True
+# GALLERY_SORT_BY_DATE = True
+
+# If set to True, EXIF data will be copied when an image is thumbnailed or
+# resized. (See also EXIF_WHITELIST)
+# PRESERVE_EXIF_DATA = False
+
+# If you have enabled PRESERVE_EXIF_DATA, this option lets you choose EXIF
+# fields you want to keep in images. (See also PRESERVE_EXIF_DATA)
+#
+# For a full list of field names, please see here:
+# http://www.cipa.jp/std/documents/e/DC-008-2012_E.pdf
+#
+# This is a dictionary of lists. Each key in the dictionary is the
+# name of a IDF, and each list item is a field you want to preserve.
+# If you have a IDF with only a '*' item, *EVERY* item in it will be
+# preserved. If you don't want to preserve anything in a IDF, remove it
+# from the setting. By default, no EXIF information is kept.
+# Setting the whitelist to anything other than {} implies
+# PRESERVE_EXIF_DATA is set to True
+# To preserve ALL EXIF data, set EXIF_WHITELIST to {"*": "*"}
+
+# EXIF_WHITELIST = {}
+
+# Some examples of EXIF_WHITELIST settings:
+
+# Basic image information:
+# EXIF_WHITELIST['0th'] = [
+#    "Orientation",
+#    "XResolution",
+#    "YResolution",
+# ]
+
+# If you want to keep GPS data in the images:
+# EXIF_WHITELIST['GPS'] = ["*"]
+
+# Embedded thumbnail information:
+# EXIF_WHITELIST['1st'] = ["*"]
+
+# If set to True, any ICC profile will be copied when an image is thumbnailed or
+# resized.
+# PRESERVE_ICC_PROFILES = False
+
+# Folders containing images to be used in normal posts or pages.
+# IMAGE_FOLDERS is a dictionary of the form {"source": "destination"},
+# where "source" is the folder containing the images to be published, and
+# "destination" is the folder under OUTPUT_PATH containing the images copied
+# to the site. Thumbnail images will be created there as well.
+
+# To reference the images in your posts, include a leading slash in the path.
+# For example, if IMAGE_FOLDERS = {'images': 'images'}, write
+#
+#   .. image:: /images/tesla.jpg
+#
+# See the Nikola Handbook for details (in the “Embedding Images” and
+# “Thumbnails” sections)
+
+# Images will be scaled down according to IMAGE_THUMBNAIL_SIZE and MAX_IMAGE_SIZE
+# options, but will have to be referenced manually to be visible on the site
+# (the thumbnail has ``.thumbnail`` added before the file extension by default,
+# but a different naming template can be configured with IMAGE_THUMBNAIL_FORMAT).
+
+IMAGE_FOLDERS = {'images': 'images'}
+# IMAGE_THUMBNAIL_SIZE = 400
+# IMAGE_THUMBNAIL_FORMAT = '{name}.thumbnail{ext}'
+
+# #############################################################################
+# HTML fragments and diverse things that are used by the templates
+# #############################################################################
+
+# Data about post-per-page indexes.
+# INDEXES_PAGES defaults to ' old posts, page %d' or ' page %d' (translated),
+# depending on the value of INDEXES_PAGES_MAIN.
+#
+# (translatable) If the following is empty, defaults to BLOG_TITLE:
+# INDEXES_TITLE = ""
+#
+# (translatable) If the following is empty, defaults to ' [old posts,] page %d' (see above):
+# INDEXES_PAGES = ""
+#
+# If the following is True, INDEXES_PAGES is also displayed on the main (the
+# newest) index page (index.html):
+# INDEXES_PAGES_MAIN = False
+#
+# If the following is True, index-1.html has the oldest posts, index-2.html the
+# second-oldest posts, etc., and index.html has the newest posts. This ensures
+# that all posts on index-x.html will forever stay on that page, now matter how
+# many new posts are added.
+# If False, index-1.html has the second-newest posts, index-2.html the third-newest,
+# and index-n.html the oldest posts. When this is active, old posts can be moved
+# to other index pages when new posts are added.
+# INDEXES_STATIC = True
+#
+# (translatable) If PRETTY_URLS is set to True, this setting will be used to create
+# prettier URLs for index pages, such as page/2/index.html instead of index-2.html.
+# Valid values for this settings are:
+#   * False,
+#   * a list or tuple, specifying the path to be generated,
+#   * a dictionary mapping languages to lists or tuples.
+# Every list or tuple must consist of strings which are used to combine the path;
+# for example:
+#     ['page', '{number}', '{index_file}']
+# The replacements
+#     {number}     --> (logical) page number;
+#     {old_number} --> the page number inserted into index-n.html before (zero for
+#                      the main page);
+#     {index_file} --> value of option INDEX_FILE
+# are made.
+# Note that in case INDEXES_PAGES_MAIN is set to True, a redirection will be created
+# for the full URL with the page number of the main page to the normal (shorter) main
+# page URL.
+# INDEXES_PRETTY_PAGE_URL = False
+#
+# If the following is true, a page range navigation will be inserted to indices.
+# Please note that this will undo the effect of INDEXES_STATIC, as all index pages
+# must be recreated whenever the number of pages changes.
+# SHOW_INDEX_PAGE_NAVIGATION = False
+
+# If the following is True, a meta name="generator" tag is added to pages. The
+# generator tag is used to specify the software used to generate the page
+# (it promotes Nikola).
+# META_GENERATOR_TAG = True
+
+# Color scheme to be used for code blocks. If your theme provides
+# "assets/css/code.css" this is ignored. Set to None to disable.
+# Can be any of:
+# algol, algol_nu, autumn, borland, bw, colorful, default, emacs, friendly,
+# fruity, igor, lovelace, manni, monokai, murphy, native, paraiso-dark,
+# paraiso-light, pastie, perldoc, rrt, tango, trac, vim, vs, xcode
+# This list MAY be incomplete since pygments adds styles every now and then.
+# Check with list(pygments.styles.get_all_styles()) in an interpreter.
+#
+# CODE_COLOR_SCHEME = 'default'
+
+# FAVICONS contains (name, file, size) tuples.
+# Used to create favicon link like this:
+# <link rel="name" href="file" sizes="size"/>
+# FAVICONS = (
+#     ("icon", "/favicon.ico", "16x16"),
+#     ("icon", "/icon_128x128.png", "128x128"),
+# )
+
+# Show teasers (instead of full posts) in indexes? Defaults to False.
+# INDEX_TEASERS = False
+
+# HTML fragments with the Read more... links.
+# The following tags exist and are replaced for you:
+# {link}                        A link to the full post page.
+# {read_more}                   The string “Read more” in the current language.
+# {reading_time}                An estimate of how long it will take to read the post.
+# {remaining_reading_time}      An estimate of how long it will take to read the post, sans the teaser.
+# {min_remaining_read}          The string “{remaining_reading_time} min remaining to read” in the current language.
+# {paragraph_count}             The amount of paragraphs in the post.
+# {remaining_paragraph_count}   The amount of paragraphs in the post, sans the teaser.
+# {post_title}                  The title of the post.
+# {{                            A literal { (U+007B LEFT CURLY BRACKET)
+# }}                            A literal } (U+007D RIGHT CURLY BRACKET)
+
+# 'Read more...' for the index page, if INDEX_TEASERS is True (translatable)
+INDEX_READ_MORE_LINK = '<p class="more"><a href="{link}">{read_more}…</a></p>'
+# 'Read more...' for the feeds, if FEED_TEASERS is True (translatable)
+FEED_READ_MORE_LINK = '<p><a href="{link}">{read_more}…</a> ({min_remaining_read})</p>'
+
+# Append a URL query to the FEED_READ_MORE_LINK in Atom and RSS feeds. Advanced
+# option used for traffic source tracking.
+# Minimum example for use with Piwik: "pk_campaign=feed"
+# The following tags exist and are replaced for you:
+# {feedRelUri}                  A relative link to the feed.
+# {feedFormat}                  The name of the syndication format.
+# Example using replacement for use with Google Analytics:
+# "utm_source={feedRelUri}&utm_medium=nikola_feed&utm_campaign={feedFormat}_feed"
+FEED_LINKS_APPEND_QUERY = False
+
+# A HTML fragment describing the license, for the sidebar.
+# (translatable)
+LICENSE = LICENSE = """
+<a rel="license" href="https://raw.githubusercontent.com/idaholab/Malcolm/master/License.txt">License</a>"""
+# I recommend using the Creative Commons' wizard:
+# https://creativecommons.org/choose/
+# LICENSE = """
+# <a rel="license" href="https://creativecommons.org/licenses/by-nc-sa/4.0/">
+# <img alt="Creative Commons License BY-NC-SA"
+# style="border-width:0; margin-bottom:12px;"
+# src="https://i.creativecommons.org/l/by-nc-sa/4.0/88x31.png"></a>"""
+
+# A small copyright notice for the page footer (in HTML).
+# (translatable)
+CONTENT_FOOTER = 'This site mirrors the documentation of <a href="https://github.com/idaholab/Malcolm">Malcolm</a>, an open-source project developed at <a href="https://github.com/idaholab/">INL</a> and funded by <a href="https://www.dhs.gov/">DHS</a>. This site is not operated by INL nor DHS: its content is the sole responsibility of <a href="mailto:{email}">its maintainer</a>. See {license} for Malcolm\'s license terms.'
+
+# Things that will be passed to CONTENT_FOOTER.format().  This is done
+# for translatability, as dicts are not formattable.  Nikola will
+# intelligently format the setting properly.
+# The setting takes a dict. The keys are languages. The values are
+# tuples of tuples of positional arguments and dicts of keyword arguments
+# to format().  For example, {'en': (('Hello'), {'target': 'World'})}
+# results in CONTENT_FOOTER['en'].format('Hello', target='World').
+# If you need to use the literal braces '{' and '}' in your footer text, use
+# '{{' and '}}' to escape them (str.format is used)
+# WARNING: If you do not use multiple languages with CONTENT_FOOTER, this
+#          still needs to be a dict of this format.  (it can be empty if you
+#          do not need formatting)
+# (translatable)
+CONTENT_FOOTER_FORMATS = {
+    DEFAULT_LANG: (
+        (),
+        {
+            "email": BLOG_EMAIL,
+            "author": BLOG_AUTHOR,
+            "date": time.gmtime().tm_year,
+            "license": LICENSE,
+            "siteurl": SITE_URL
+        }
+    )
+}
+
+# A simple copyright tag for inclusion in RSS feeds that works just
+# like CONTENT_FOOTER and CONTENT_FOOTER_FORMATS
+RSS_COPYRIGHT = 'Contents © {date} <a href="mailto:{email}">{author}</a> {license}'
+RSS_COPYRIGHT_PLAIN = 'Contents © {date} {author} {license}'
+RSS_COPYRIGHT_FORMATS = CONTENT_FOOTER_FORMATS
+
+# To use comments, you can choose between different third party comment
+# systems.  The following comment systems are supported by Nikola:
+#   disqus, facebook, intensedebate, isso, muut, commento
+# You can leave this option blank to disable comments.
+COMMENT_SYSTEM = ""
+# And you also need to add your COMMENT_SYSTEM_ID which
+# depends on what comment system you use. The default is
+# "nikolademo" which is a test account for Disqus. More information
+# is in the manual.
+COMMENT_SYSTEM_ID = ""
+
+# Create index.html for page folders?
+# WARNING: if a page would conflict with the index file (usually
+#          caused by setting slug to `index`), the PAGE_INDEX
+#          will not be generated for that directory.
+# PAGE_INDEX = False
+# Enable comments on pages (i.e. not posts)?
+# COMMENTS_IN_PAGES = False
+# Enable comments on picture gallery pages?
+# COMMENTS_IN_GALLERIES = False
+
+# What file should be used for directory indexes?
+# Defaults to index.html
+# Common other alternatives: default.html for IIS, index.php
+# INDEX_FILE = "index.html"
+
+# If a link ends in /index.html,  drop the index.html part.
+# http://mysite/foo/bar/index.html => http://mysite/foo/bar/
+# (Uses the INDEX_FILE setting, so if that is, say, default.html,
+# it will instead /foo/default.html => /foo)
+STRIP_INDEXES = True
+
+# List of files relative to the server root (!) that will be asked to be excluded
+# from indexing and other robotic spidering. * is supported. Will only be effective
+# if SITE_URL points to server root. The list is used to exclude resources from
+# /robots.txt and /sitemap.xml, and to inform search engines about /sitemapindex.xml.
+# ROBOTS_EXCLUSIONS = ["/archive.html", "/category/*.html"]
+
+# Instead of putting files in <slug>.html, put them in <slug>/index.html.
+# No web server configuration is required. Also enables STRIP_INDEXES.
+# This can be disabled on a per-page/post basis by adding
+#    .. pretty_url: False
+# to the metadata.
+PRETTY_URLS = True
+
+# If True, publish future dated posts right away instead of scheduling them.
+# Defaults to False.
+# FUTURE_IS_NOW = False
+
+# If True, future dated posts are allowed in deployed output
+# Only the individual posts are published/deployed; not in indexes/sitemap
+# Generally, you want FUTURE_IS_NOW and DEPLOY_FUTURE to be the same value.
+# DEPLOY_FUTURE = False
+# If False, draft posts will not be deployed
+# DEPLOY_DRAFTS = True
+
+# Allows scheduling of posts using the rule specified here (new_post -s)
+# Specify an iCal Recurrence Rule: http://www.kanzaki.com/docs/ical/rrule.html
+# SCHEDULE_RULE = ''
+# If True, use the scheduling rule to all posts (not pages!) by default
+# SCHEDULE_ALL = False
+
+# Do you want a add a Mathjax config file?
+# MATHJAX_CONFIG = ""
+
+# If you want support for the $.$ syntax (which may conflict with running
+# text!), just use this config:
+# MATHJAX_CONFIG = """
+# <script type="text/x-mathjax-config">
+# MathJax.Hub.Config({
+#     tex2jax: {
+#         inlineMath: [ ['$','$'], ["\\\(","\\\)"] ],
+#         displayMath: [ ['$$','$$'], ["\\\[","\\\]"] ],
+#         processEscapes: true
+#     },
+#     displayAlign: 'center', // Change this to 'left' if you want left-aligned equations.
+#     "HTML-CSS": {
+#         styles: {'.MathJax_Display': {"margin": 0}}
+#     }
+# });
+# </script>
+# """
+
+# Want to use KaTeX instead of MathJax? While KaTeX may not support every
+# feature yet, it's faster and the output looks better.
+# USE_KATEX = False
+
+# KaTeX auto-render settings. If you want support for the $.$ syntax (which may
+# conflict with running text!), just use this config:
+# KATEX_AUTO_RENDER = """
+# delimiters: [
+#     {left: "$$", right: "$$", display: true},
+#     {left: "\\\\[", right: "\\\\]", display: true},
+#     {left: "\\\\begin{equation*}", right: "\\\\end{equation*}", display: true},
+#     {left: "$", right: "$", display: false},
+#     {left: "\\\\(", right: "\\\\)", display: false}
+# ]
+# """
+
+# Do you want to customize the nbconversion of your IPython notebook?
+# IPYNB_CONFIG = {}
+# With the following example configuration you can use a custom jinja template
+# called `toggle.tpl` which has to be located in your site/blog main folder:
+# IPYNB_CONFIG = {'Exporter': {'template_file': 'toggle'}}
+
+# What Markdown extensions to enable?
+# You will also get gist, nikola and podcast because those are
+# done in the code, hope you don't mind ;-)
+# Note: most Nikola-specific extensions are done via the Nikola plugin system,
+#       with the MarkdownExtension class and should not be added here.
+# Defaults are markdown.extensions.(fenced_code|codehilite|extra)
+# markdown.extensions.meta is required for Markdown metadata.
+MARKDOWN_EXTENSIONS = ['markdown.extensions.fenced_code', 'markdown.extensions.codehilite', 'markdown.extensions.extra']
+
+# Options to be passed to markdown extensions (See https://python-markdown.github.io/reference/)
+# Default is {} (no config at all)
+# MARKDOWN_EXTENSION_CONFIGS = {}
+
+
+# Extra options to pass to the pandoc command.
+# by default, it's empty, is a list of strings, for example
+# ['-F', 'pandoc-citeproc', '--bibliography=/Users/foo/references.bib']
+# Pandoc does not demote headers by default.  To enable this, you can use, for example
+# ['--base-header-level=2']
+# PANDOC_OPTIONS = []
+
+# Social buttons. This is sample code for AddThis (which was the default for a
+# long time). Insert anything you want here, or even make it empty (which is
+# the default right now)
+# (translatable)
+# SOCIAL_BUTTONS_CODE = """
+# <!-- Social buttons -->
+# <div id="addthisbox" class="addthis_toolbox addthis_peekaboo_style addthis_default_style addthis_label_style addthis_32x32_style">
+# <a class="addthis_button_more">Share</a>
+# <ul><li><a class="addthis_button_facebook"></a>
+# <li><a class="addthis_button_google_plusone_share"></a>
+# <li><a class="addthis_button_linkedin"></a>
+# <li><a class="addthis_button_twitter"></a>
+# </ul>
+# </div>
+# <script src="https://s7.addthis.com/js/300/addthis_widget.js#pubid=ra-4f7088a56bb93798"></script>
+# <!-- End of social buttons -->
+# """
+
+# Show link to source for the posts?
+# SHOW_SOURCELINK = True
+# Copy the source files for your pages?
+# Setting it to False implies SHOW_SOURCELINK = False
+# COPY_SOURCES = True
+
+# Modify the number of Post per Index Page
+# Defaults to 10
+# INDEX_DISPLAY_POST_COUNT = 10
+
+# By default, Nikola generates RSS files for the website and for tags, and
+# links to it.  Set this to False to disable everything RSS-related.
+# GENERATE_RSS = True
+
+# By default, Nikola does not generates Atom files for indexes and links to
+# them. Generate Atom for tags by setting TAG_PAGES_ARE_INDEXES to True.
+# Atom feeds are built based on INDEX_DISPLAY_POST_COUNT and not FEED_LENGTH
+# Switch between plain-text summaries and full HTML content using the
+# FEED_TEASER option. FEED_LINKS_APPEND_QUERY is also respected. Atom feeds
+# are generated even for old indexes and have pagination link relations
+# between each other. Old Atom feeds with no changes are marked as archived.
+# GENERATE_ATOM = False
+
+# Only include teasers in Atom and RSS feeds. Disabling include the full
+# content. Defaults to True.
+# FEED_TEASERS = True
+
+# Strip HTML from Atom and RSS feed summaries and content. Defaults to False.
+# FEED_PLAIN = False
+
+# Number of posts in Atom and RSS feeds.
+# FEED_LENGTH = 10
+
+# RSS_LINK is a HTML fragment to link the RSS or Atom feeds. If set to None,
+# the base.tmpl will use the feed Nikola generates. However, you may want to
+# change it for a FeedBurner feed or something else.
+# RSS_LINK = None
+
+# A search form to search this site, for the sidebar. You can use a Google
+# custom search (https://www.google.com/cse/)
+# Or a DuckDuckGo search: https://duckduckgo.com/search_box.html
+# Default is no search form.
+# (translatable)
+# SEARCH_FORM = ""
+#
+# This search form works for any site and looks good in the "site" theme where
+# it appears on the navigation bar:
+#
+# SEARCH_FORM = """
+# <!-- DuckDuckGo custom search -->
+# <form method="get" id="search" action="https://duckduckgo.com/"
+#  class="navbar-form pull-left">
+# <input type="hidden" name="sites" value="%s">
+# <input type="hidden" name="k8" value="#444444">
+# <input type="hidden" name="k9" value="#D51920">
+# <input type="hidden" name="kt" value="h">
+# <input type="text" name="q" maxlength="255"
+#  placeholder="Search&hellip;" class="span2" style="margin-top: 4px;">
+# <input type="submit" value="DuckDuckGo Search" style="visibility: hidden;">
+# </form>
+# <!-- End of custom search -->
+# """ % SITE_URL
+#
+# If you prefer a Google search form, here's an example that should just work:
+# SEARCH_FORM = """
+# <!-- Google custom search -->
+# <form method="get" action="https://www.google.com/search" class="navbar-form navbar-right" role="search">
+# <div class="form-group">
+# <input type="text" name="q" class="form-control" placeholder="Search">
+# </div>
+# <button type="submit" class="btn btn-primary">
+# 	<span class="glyphicon glyphicon-search"></span>
+# </button>
+# <input type="hidden" name="sitesearch" value="%s">
+# </form>
+# <!-- End of custom search -->
+# """ % SITE_URL
+
+# Use content distribution networks for jQuery, twitter-bootstrap css and js,
+# and html5shiv (for older versions of Internet Explorer)
+# If this is True, jQuery and html5shiv are served from the Google CDN and
+# Bootstrap is served from BootstrapCDN (provided by MaxCDN)
+# Set this to False if you want to host your site without requiring access to
+# external resources.
+# USE_CDN = False
+
+# Check for USE_CDN compatibility.
+# If you are using custom themes, have configured the CSS properly and are
+# receiving warnings about incompatibility but believe they are incorrect, you
+# can set this to False.
+# USE_CDN_WARNING = True
+
+# Extra things you want in the pages HEAD tag. This will be added right
+# before </head>
+# (translatable)
+# EXTRA_HEAD_DATA = ""
+# Google Analytics or whatever else you use. Added to the bottom of <body>
+# in the default template (base.tmpl).
+# (translatable)
+# BODY_END = ""
+
+# The possibility to extract metadata from the filename by using a
+# regular expression.
+# To make it work you need to name parts of your regular expression.
+# The following names will be used to extract metadata:
+# - title
+# - slug
+# - date
+# - tags
+# - link
+# - description
+#
+# An example re is the following:
+# '.*\/(?P<date>\d{4}-\d{2}-\d{2})-(?P<slug>.*)-(?P<title>.*)\.rst'
+# (Note the '.*\/' in the beginning -- matches source paths relative to conf.py)
+# FILE_METADATA_REGEXP = None
+
+# Should titles fetched from file metadata be unslugified (made prettier?)
+# FILE_METADATA_UNSLUGIFY_TITLES = True
+
+# If enabled, extract metadata from docinfo fields in reST documents.
+# If your text files start with a level 1 heading, it will be treated as the
+# document title and will be removed from the text.
+# USE_REST_DOCINFO_METADATA = False
+
+# If enabled, hide docinfo fields in reST document output
+# HIDE_REST_DOCINFO = False
+
+# Map metadata from other formats to Nikola names.
+# Supported formats: yaml, toml, rest_docinfo, markdown_metadata
+# METADATA_MAPPING = {}
+#
+# Example for Pelican compatibility:
+# METADATA_MAPPING = {
+#     "rest_docinfo": {"summary": "description", "modified": "updated"},
+#     "markdown_metadata": {"summary": "description", "modified": "updated"}
+# }
+# Other examples: https://getnikola.com/handbook.html#mapping-metadata-from-other-formats
+
+# Map metadata between types/values. (Runs after METADATA_MAPPING.)
+# Supported formats: nikola, yaml, toml, rest_docinfo, markdown_metadata
+# The value on the right should be a dict of callables.
+# METADATA_VALUE_MAPPING = {}
+# Examples:
+# METADATA_VALUE_MAPPING = {
+#     "yaml": {"keywords": lambda value: ', '.join(value)},  # yaml: 'keywords' list -> str
+#     "nikola": {
+#         "widgets": lambda value: value.split(', '),  # nikola: 'widgets' comma-separated string -> list
+#         "tags": str.lower  # nikola: force lowercase 'tags' (input would be string)
+#      }
+# }
+
+# Additional metadata that is added to a post when creating a new_post
+# ADDITIONAL_METADATA = {}
+
+# Nikola supports Twitter Card summaries, but they are disabled by default.
+# They make it possible for you to attach media to Tweets that link
+# to your content.
+#
+# Uncomment and modify to following lines to match your accounts.
+# Images displayed come from the `previewimage` meta tag.
+# You can specify the card type by using the `card` parameter in TWITTER_CARD.
+# TWITTER_CARD = {
+#     # 'use_twitter_cards': True,  # enable Twitter Cards
+#     # 'card': 'summary',          # Card type, you can also use 'summary_large_image',
+#                                   # see https://dev.twitter.com/cards/types
+#     # 'site': '@website',         # twitter nick for the website
+#     # 'creator': '@username',     # Username for the content creator / author.
+# }
+
+# Bundle JS and CSS into single files to make site loading faster in a HTTP/1.1
+# environment but is not recommended for HTTP/2.0 when caching is used.
+# Defaults to True.
+# USE_BUNDLES = True
+
+# Plugins you don't want to use. Be careful :-)
+# DISABLED_PLUGINS = ["render_galleries"]
+
+# Special settings to disable only parts of the indexes plugin.
+# Use with care.
+# DISABLE_INDEXES = False
+# DISABLE_MAIN_ATOM_FEED = False
+# DISABLE_MAIN_RSS_FEED = False
+
+# Add the absolute paths to directories containing plugins to use them.
+# For example, the `plugins` directory of your clone of the Nikola plugins
+# repository.
+# EXTRA_PLUGINS_DIRS = []
+
+# Add the absolute paths to directories containing themes to use them.
+# For example, the `v7` directory of your clone of the Nikola themes
+# repository.
+# EXTRA_THEMES_DIRS = []
+
+# List of regular expressions, links matching them will always be considered
+# valid by "nikola check -l"
+# LINK_CHECK_WHITELIST = []
+
+# If set to True, enable optional hyphenation in your posts (requires pyphen)
+# Enabling hyphenation has been shown to break math support in some cases,
+# use with caution.
+# HYPHENATE = False
+
+# The <hN> tags in HTML generated by certain compilers (reST/Markdown)
+# will be demoted by that much (1 → h1 will become h2 and so on)
+# This was a hidden feature of the Markdown and reST compilers in the
+# past.  Useful especially if your post titles are in <h1> tags too, for
+# example.
+# (defaults to 1.)
+# DEMOTE_HEADERS = 1
+
+# If you don’t like slugified file names ([a-z0-9] and a literal dash),
+# and would prefer to use all the characters your file system allows.
+# USE WITH CARE!  This is also not guaranteed to be perfect, and may
+# sometimes crash Nikola, your web server, or eat your cat.
+# USE_SLUGIFY = True
+
+# If set to True, the tags 'draft', 'mathjax' and 'private' have special
+# meaning. If set to False, these tags are handled like regular tags.
+USE_TAG_METADATA = False
+
+# If set to True, a warning is issued if one of the 'draft', 'mathjax'
+# and 'private' tags are found in a post. Useful for checking that
+# migration was successful.
+WARN_ABOUT_TAG_METADATA = False
+
+# Templates will use those filters, along with the defaults.
+# Consult your engine's documentation on filters if you need help defining
+# those.
+# TEMPLATE_FILTERS = {}
+
+# Put in global_context things you want available on all your templates.
+# It can be anything, data, functions, modules, etc.
+GLOBAL_CONTEXT = {
+}
+
+
+# Add functions here and they will be called with template
+# GLOBAL_CONTEXT as parameter when the template is about to be
+# rendered
+GLOBAL_CONTEXT_FILLER = []
diff --git a/docs/web/github_readme_to_pages.sh b/docs/web/github_readme_to_pages.sh
new file mode 100755
index 000000000..467a96578
--- /dev/null
+++ b/docs/web/github_readme_to_pages.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+function GenerateMarkdownHeader() {
+  TITLE="$1"
+  SLUG="$2"
+  DATE="$(date +'%Y-%m-%d %H:%M:%S UTC%:z')"
+  cat <<EOF
+<!--
+.. title: $TITLE
+.. slug: $SLUG
+.. date: $DATE
+.. tags:
+.. category:
+.. link:
+.. description:
+.. type: text
+-->
+EOF
+}
+
+if [[ -n "$1" ]]; then
+  BRANCH="$1"
+else
+  BRANCH="master"
+fi
+
+OUTPUT_DIR=./pages
+
+# main page
+OUTPUT_FILE="$OUTPUT_DIR"/index.md
+> $OUTPUT_FILE
+GenerateMarkdownHeader " " "index" >> $OUTPUT_FILE
+curl -sSL --silent https://raw.githubusercontent.com/idaholab/Malcolm/$BRANCH/README.md \
+  | sed '/name="TableOfContents"/,$d' \
+  | sed 's/^# Malcolm$//' \
+  | sed "s@\](https://github.com/idaholab/[Mm]alcolm/*)@\](https://malcolm.fyi/)@g" \
+  | sed "s@/[Mm]alcolm/blob/master/@/Malcolm/blob/$BRANCH/@g" \
+  | sed "s@\](\./@\](https://raw.githubusercontent.com/idaholab/Malcolm/$BRANCH/@g" \
+  >> $OUTPUT_FILE
+
+# documentation page
+OUTPUT_FILE="$OUTPUT_DIR"/documentation.md
+> $OUTPUT_FILE
+GenerateMarkdownHeader "Documentation" "documentation" >> $OUTPUT_FILE
+curl -sSL --silent https://raw.githubusercontent.com/idaholab/Malcolm/$BRANCH/README.md \
+  | sed '0,/name="TableOfContents"/d' \
+  | sed '/## Other Software/,$d' \
+  | sed "s@\](https://github.com/idaholab/[Mm]alcolm/*)@\](https://malcolm.fyi/)@g" \
+  | sed "s@/[Mm]alcolm/blob/master/@/Malcolm/blob/$BRANCH/@g" \
+  | sed "s@\](\./@\](https://raw.githubusercontent.com/idaholab/Malcolm/$BRANCH/@g" \
+  >> $OUTPUT_FILE
+
+# hedgehog Linux page
+OUTPUT_FILE="$OUTPUT_DIR"/hedgehog.md
+> $OUTPUT_FILE
+GenerateMarkdownHeader " " "hedgehog" >> $OUTPUT_FILE
+curl -sSL --silent https://raw.githubusercontent.com/idaholab/Malcolm/$BRANCH/sensor-iso/README.md \
+  | sed "s@\](https://github.com/idaholab/[Mm]alcolm/*)@\](https://malcolm.fyi/)@g" \
+  | sed "s@/[Mm]alcolm/blob/master/@/Malcolm/blob/$BRANCH/@g" \
+  | sed "s@\](\./docs/Notes.md@\](https://github.com/idaholab/Malcolm/blob/$BRANCH/sensor-iso/docs/Notes.md)@g" \
+  | sed "s@\](\./@\](https://raw.githubusercontent.com/idaholab/Malcolm/$BRANCH/sensor-iso/@g" \
+  >> $OUTPUT_FILE
+
+# build site
+nikola clean -a
+nikola build
\ No newline at end of file
diff --git a/docs/web/requirements.txt b/docs/web/requirements.txt
new file mode 100644
index 000000000..5b3e05575
--- /dev/null
+++ b/docs/web/requirements.txt
@@ -0,0 +1 @@
+Nikola[extras]

From 6d3d9760c0baaffd2520f0d249be930181d9c35e Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 19 Mar 2020 07:58:31 -0600
Subject: [PATCH 136/183] fix URL for relocated MITRE ATTACK BZAR plugin

---
 shared/bin/zeek_install_plugins.sh | 19 ++-----------------
 1 file changed, 2 insertions(+), 17 deletions(-)

diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh
index cd3919715..0c653d001 100755
--- a/shared/bin/zeek_install_plugins.sh
+++ b/shared/bin/zeek_install_plugins.sh
@@ -67,6 +67,7 @@ function clone_github_repo() {
 
 # install Zeek packages that insatll nicely using zkg
 ZKG_GITHUB_URLS=(
+  https://github.com/0xxon/cve-2020-0601
   https://github.com/amzn/zeek-plugin-bacnet
   https://github.com/amzn/zeek-plugin-enip
   https://github.com/amzn/zeek-plugin-profinet
@@ -75,31 +76,15 @@ ZKG_GITHUB_URLS=(
   https://github.com/corelight/bro-community-id
   https://github.com/corelight/bro-xor-exe-plugin
   https://github.com/lexibrent/zeek-EternalSafety
+  https://github.com/mitre-attack/bzar
   https://github.com/salesforce/hassh
   https://github.com/salesforce/ja3
-  https://github.com/0xxon/cve-2020-0601
 )
 for i in ${ZKG_GITHUB_URLS[@]}; do
   SRC_DIR="$(clone_github_repo "$i")"
   [[ -d "$SRC_DIR" ]] && zkg install --force --skiptests "$SRC_DIR"
 done
 
-# install Zeek packages that need to be copied manually
-MANUAL_COPY_GITHUB_URLS_AND_SCRIPT_PATHS=(
-  "https://github.com/mitre-attack/car|implementations/bzar/scripts|bzar"
-)
-for i in ${MANUAL_COPY_GITHUB_URLS_AND_SCRIPT_PATHS[@]}; do
-  URL="$(echo "$i" | cut -d'|' -f1)"
-  SCRIPT_SRC_SUBDIR="$(echo "$i" | cut -d'|' -f2)"
-  SCRIPT_DST_SUBDIR="$(echo "$i" | cut -d'|' -f3)"
-  SRC_DIR="$(clone_github_repo "$URL")"
-  if [[ -d "$SRC_DIR" ]] && [[ -d "$SRC_DIR"/"$SCRIPT_SRC_SUBDIR" ]]; then
-    PLUGIN_DIR="$ZEEK_SCRIPTS_DIR"/"$SCRIPT_DST_SUBDIR"
-    mkdir -p "$PLUGIN_DIR"
-    cp -v "$SRC_DIR"/"$SCRIPT_SRC_SUBDIR"/* "$PLUGIN_DIR"/
-  fi
-done
-
 # manual build processes that don't fit the other patterns
 
 SRC_DIR="$(clone_github_repo "https://github.com/salesforce/GQUIC_Protocol_Analyzer")"

From c68c4d75c723e92bca4c134dc60330980e788b63 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 19 Mar 2020 08:02:03 -0600
Subject: [PATCH 137/183] fix broken links for build of Zeek, MITRE ATT&CK BZAR
 plugin

---
 Dockerfiles/zeek.Dockerfile                    |  2 +-
 .../hooks/normal/0910-sensor-build.hook.chroot |  2 +-
 sensor-iso/docs/Notes.md                       |  2 +-
 sensor-iso/interface/requirements.txt          |  2 +-
 shared/bin/zeek_install_plugins.sh             | 18 ++----------------
 5 files changed, 6 insertions(+), 20 deletions(-)

diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile
index bb1c1b5ee..115341bf9 100644
--- a/Dockerfiles/zeek.Dockerfile
+++ b/Dockerfiles/zeek.Dockerfile
@@ -11,7 +11,7 @@ ENV ZEEK_SRC_DIR "${SRC_BASE_DIR}/zeek-${ZEEK_VERSION}"
 ENV ZEEK_PATCH_DIR "${SRC_BASE_DIR}/zeek-patches"
 ENV PATH="${ZEEK_DIR}/bin:${PATH}"
 
-ADD https://www.zeek.org/downloads/zeek-$ZEEK_VERSION.tar.gz $SRC_BASE_DIR/zeek.tar.gz
+ADD https://old.zeek.org/downloads/zeek-$ZEEK_VERSION.tar.gz $SRC_BASE_DIR/zeek.tar.gz
 ADD shared/bin/zeek_install_plugins.sh /usr/local/bin/
 
 RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \
diff --git a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
index 4d6ce1bb9..3c4608206 100755
--- a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -6,7 +6,7 @@ NETSNIFF_VER="0.6.6"
 NETSNIFF_URL="https://github.com/netsniff-ng/netsniff-ng/archive/v$NETSNIFF_VER.tar.gz"
 
 ZEEK_VER="3.0.1"
-ZEEK_URL="https://www.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
+ZEEK_URL="https://old.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
 ZEEK_PATCH_URLS=(
   # nothing here for now
 )
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index 0f543f3f8..15cb0cba9 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -337,7 +337,7 @@ The following bash script was used to download, [build and install](https://docs
 #!/bin/bash
 
 ZEEK_VER="3.0.1"
-ZEEK_URL="https://www.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
+ZEEK_URL="https://old.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
 ZEEK_PATCH_URLS=(
   # nothing here for now
 )
diff --git a/sensor-iso/interface/requirements.txt b/sensor-iso/interface/requirements.txt
index 8dc59f2ca..3e89139ac 100644
--- a/sensor-iso/interface/requirements.txt
+++ b/sensor-iso/interface/requirements.txt
@@ -8,7 +8,7 @@ idna==2.7
 itsdangerous==0.24
 Jinja2==2.10.1
 MarkupSafe==1.0
-psutil==5.6.0
+psutil==5.6.6
 python-dotenv==0.9.1
 requests==2.20.0
 six==1.11.0
diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh
index 55713f125..d2aed6f57 100755
--- a/shared/bin/zeek_install_plugins.sh
+++ b/shared/bin/zeek_install_plugins.sh
@@ -67,6 +67,7 @@ function clone_github_repo() {
 
 # install Zeek packages that insatll nicely using zkg
 ZKG_GITHUB_URLS=(
+  https://github.com/0xxon/cve-2020-0601
   https://github.com/amzn/zeek-plugin-bacnet
   https://github.com/amzn/zeek-plugin-enip
   https://github.com/amzn/zeek-plugin-profinet
@@ -75,6 +76,7 @@ ZKG_GITHUB_URLS=(
   https://github.com/corelight/bro-community-id
   https://github.com/corelight/bro-xor-exe-plugin
   https://github.com/lexibrent/zeek-EternalSafety
+  https://github.com/mitre-attack/bzar
   https://github.com/salesforce/hassh
   https://github.com/salesforce/ja3
 )
@@ -83,22 +85,6 @@ for i in ${ZKG_GITHUB_URLS[@]}; do
   [[ -d "$SRC_DIR" ]] && zkg install --force --skiptests "$SRC_DIR"
 done
 
-# install Zeek packages that need to be copied manually
-MANUAL_COPY_GITHUB_URLS_AND_SCRIPT_PATHS=(
-  "https://github.com/mitre-attack/car|implementations/bzar/scripts|bzar"
-)
-for i in ${MANUAL_COPY_GITHUB_URLS_AND_SCRIPT_PATHS[@]}; do
-  URL="$(echo "$i" | cut -d'|' -f1)"
-  SCRIPT_SRC_SUBDIR="$(echo "$i" | cut -d'|' -f2)"
-  SCRIPT_DST_SUBDIR="$(echo "$i" | cut -d'|' -f3)"
-  SRC_DIR="$(clone_github_repo "$URL")"
-  if [[ -d "$SRC_DIR" ]] && [[ -d "$SRC_DIR"/"$SCRIPT_SRC_SUBDIR" ]]; then
-    PLUGIN_DIR="$ZEEK_SCRIPTS_DIR"/"$SCRIPT_DST_SUBDIR"
-    mkdir -p "$PLUGIN_DIR"
-    cp -v "$SRC_DIR"/"$SCRIPT_SRC_SUBDIR"/* "$PLUGIN_DIR"/
-  fi
-done
-
 # manual build processes that don't fit the other patterns
 
 SRC_DIR="$(clone_github_repo "https://github.com/salesforce/GQUIC_Protocol_Analyzer")"

From bdd113e212f3aab05339547ad2ca94a585654627 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 19 Mar 2020 11:34:23 -0600
Subject: [PATCH 138/183] fixed duplicate plugin URL in script

---
 shared/bin/zeek_install_plugins.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh
index 4620d7ecf..0c653d001 100755
--- a/shared/bin/zeek_install_plugins.sh
+++ b/shared/bin/zeek_install_plugins.sh
@@ -79,7 +79,6 @@ ZKG_GITHUB_URLS=(
   https://github.com/mitre-attack/bzar
   https://github.com/salesforce/hassh
   https://github.com/salesforce/ja3
-  https://github.com/0xxon/cve-2020-0601
 )
 for i in ${ZKG_GITHUB_URLS[@]}; do
   SRC_DIR="$(clone_github_repo "$i")"

From 2d5181889426111e86591a74da3f2544959c0a86 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 19 Mar 2020 12:49:23 -0600
Subject: [PATCH 139/183] update moloch version in docs to 2.2.3

---
 docker-compose-standalone-zeek-live.yml | 2 +-
 docker-compose-standalone.yml           | 2 +-
 docker-compose.yml                      | 2 +-
 sensor-iso/docs/Notes.md                | 4 ++--
 sensor-iso/moloch/Dockerfile            | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 81620f417..67db3c8b4 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -252,7 +252,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.2.2'
+      MOLOCH_VERSION : '2.2.3'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 8a63900f6..084d7a31f 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -252,7 +252,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.2.2'
+      MOLOCH_VERSION : '2.2.3'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
diff --git a/docker-compose.yml b/docker-compose.yml
index 64983c4d9..996680ecd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -275,7 +275,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.2.2'
+      MOLOCH_VERSION : '2.2.3'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index 141833662..dbdc3a653 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -113,12 +113,12 @@ $ /usr/sbin/tcpdump \
 
 ### <a name="molochCompile"></a>Compiling Moloch from source
 
-At the time of writing, the [current stable release](https://github.com/aol/moloch/blob/master/CHANGELOG) of Moloch is [v2.2.2](https://github.com/aol/moloch/releases/tag/v2.2.2). The following bash script was used to install Moloch's build dependencies, download Moloch, build a Debian .deb package using [fpm](https://github.com/jordansissel/fpm) and install it. In building Hedgehog Linux, the building of this .deb is done inside a Docker container dedicated to that purpose.
+At the time of writing, the [current stable release](https://github.com/aol/moloch/blob/master/CHANGELOG) of Moloch is [v2.2.3](https://github.com/aol/moloch/releases/tag/v2.2.3). The following bash script was used to install Moloch's build dependencies, download Moloch, build a Debian .deb package using [fpm](https://github.com/jordansissel/fpm) and install it. In building Hedgehog Linux, the building of this .deb is done inside a Docker container dedicated to that purpose.
 
 ```bash
 #!/bin/bash
 
-MOLOCH_VERSION="2.2.2"
+MOLOCH_VERSION="2.2.3"
 MOLOCHDIR="/opt/moloch"
 
 OUTPUT_DIR="/tmp"
diff --git a/sensor-iso/moloch/Dockerfile b/sensor-iso/moloch/Dockerfile
index 2540a68d4..2cdbccbb8 100644
--- a/sensor-iso/moloch/Dockerfile
+++ b/sensor-iso/moloch/Dockerfile
@@ -6,7 +6,7 @@ LABEL maintainer="malcolm.netsec@gmail.com"
 
 ENV DEBIAN_FRONTEND noninteractive
 
-ENV MOLOCH_VERSION "2.2.2"
+ENV MOLOCH_VERSION "2.2.3"
 ENV MOLOCHDIR "/opt/moloch"
 
 RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \

From f58adf999747e992cd1df35ce4dfb5e70ae77976 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 19 Mar 2020 13:01:24 -0600
Subject: [PATCH 140/183] remove files no longer needed for testing

---
 .../network_diff/gquic_simple_two_days.pcap   |  Bin 2840 -> 0 bytes
 moloch/network_diff/url.txt                   |    2 -
 moloch/network_diff/viewer.js                 | 9167 -----------------
 3 files changed, 9169 deletions(-)
 delete mode 100644 moloch/network_diff/gquic_simple_two_days.pcap
 delete mode 100644 moloch/network_diff/url.txt
 delete mode 100644 moloch/network_diff/viewer.js

diff --git a/moloch/network_diff/gquic_simple_two_days.pcap b/moloch/network_diff/gquic_simple_two_days.pcap
deleted file mode 100644
index a6ddfa7b7900ac6b80cc920231336b2cd954d20f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2840
zcmeH{eKeF=7{Kp{r7#sa6T5BGm+XdynPK!fyfYXx=EM6=W*4QHe9ahzOsh6jNO2IV
zvng!RtWB**(N<Q2v^rWWr8tS=j6SyHbJO12+Ouc>>(BkebIv`#_j%5H?>+aP=l<I2
z$_w>?KKM8E0SP7pzQkr!i!%6o1V`zmuXj;rpPYLx!w7JJ!L~&yY`~tc5#BsUQg*Is
zlRq9L)ffmF#ir%m0e^_3T%CmG$RMqaJd`}P?oCy3X@CK#fCTh0Pl0G5Tv+VN0V!}N
zT*w1?hy)+BKyKptfHp`B!$BXUP$b0k^#Jh3#h4MKE7z4{0x5Onah5~k7>~n%Bp_Lk
zVvaXw9jg1dxw9d87%t$Ty3`F1Ms-YpheGnXGF$<PiNwSQVm`zHlzZSrDkRT`AdaA%
zOKhUef^^4x8IU+63({^T{tq{x+#05^4^gQ?6mt6@m2&-t8zmPLZ>h?}+G9ynqXMPf
ziuSsn`?5!VBS$<u{%k~G?ojQg`*fqDr9%Ma_#K9aPTSI%yJ1bO40Wr^>2aJrI(0kV
zdhl7F|Bm-k?@Qv!%vC!suyfyHjkXVF>r4yPt!4KdI!>JE(x`iaVIRA4agS~Cn5|SS
zbf-!wU(KM~)9fATOlNxrGdsaAjsN=#uWswl9%}o!*U*EKF=;LUKDf`}cjeM*6SMxf
z>fFs!JvpUhme|Sen8_QHcT_9gb(hlf4zT?J=E!80HwByBKl7%}%;TN6TUNgj+c-W`
zQ?^?tapPgEKoVH-bbnG_{&{o5lKiKODpD)i9gOZ4$^JFpMK35$&GlbBTz1&G=12^g
zUc1TDP?mUmw>6dC9cpy%RY5~4x7W5op7vGqG7H^L?<OW<if7r*8f`T>R3`RHtqUAp
zd315#+2-qCdm3M*O*RxoCTN}$`Q)8I60yr~_t|L0kq%MIi_5=MG~YicBqldH>}yY-
zQ=PYXWRR7u>9-m-F65Ut7Hf+ps{ts0r$J*TKH>&KHPZk1w{z;rnO3#ULNzBm_HX}E
zx3NLO{8OXIzjxd;=I@J<e<@X_iR1Bp7bX_+Bs2z{wD+~!$s)_3pnV5k(+WuX0O{8X
z?vM2Q1?(@RUp^w#Zz3ep??FhU-&{zf-%3cN-K&sDy91C&yJL_@yMIC=?E<Jv+}l&2
zkMs$(i*ya=i)|p0emx<*c^q5-i8L&RL>eX_Wde-whs5w{LM?})9BNq&iFCXN<xt1e
zX&o=0*0Ifujz3<-J6Z7G=t#S;D3v<aE;f=GF|E&CVZm}0a;RiMV%GL~rBdY;a6Q9+
zIH$hDt7yr^#@hndynTgw<-_w<_1R!I7O#_gH}JgnPNi+{)l#NBK6KkaVqkW*)xfvU
z6OxN8lCu07%>}gSnB9~YO4iwgf0;cl-?D{t`EAl>J><@5Z93DSHt9?{%ihVE>Khgr
ztcr`K3JIzMtgl4{C&pT;+KG{Ix8qUI5cx2}@?}d?xR!#R5>hH`!4FE+TpY5D^~Ju4
zv6$qfjNUR~MSdT!Co(;$EberAMVS8!Gfcs+=(^I}C}m!G&^4D*RVB;mo$%754dqqZ
zC@W=1>1ZvaUFi?~rsJ3V#+W{Y$Q9#rgg7Dorxr4HUYlU?<o(hO0QeUUZcMgX@x<D6
zc-}5scdw@Uq*GBuO$dGd%8r|#_?nJ{gC#@!Ov9uaI~lKsQY^`+ajqApWEm-MdaOS>
z+I@G4X$yxfYQJ`?#o*VPl&<Y3ErSkb-tTSCv8s(YU|H2~JXHEp?@p^CpPHu0T6(oU
zN@7S*auil2#{vc(x%&h}pYVzATUKAojq5CFpjs=O=d>+2n&8y@W7nJz^5e;o<TNq>
Pui&Wy;h2e!xq-g`!;z^#

diff --git a/moloch/network_diff/url.txt b/moloch/network_diff/url.txt
deleted file mode 100644
index 7a966ecc9..000000000
--- a/moloch/network_diff/url.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-https://localhost/connections.json?date=0&startTime=1582614000&stopTime=1582700399&expression=zeek.logType==EXISTS!&baseline=0
-
diff --git a/moloch/network_diff/viewer.js b/moloch/network_diff/viewer.js
deleted file mode 100644
index b7e12eb3b..000000000
--- a/moloch/network_diff/viewer.js
+++ /dev/null
@@ -1,9167 +0,0 @@
-/******************************************************************************/
-/* viewer.js  -- The main moloch app
- *
- * Copyright 2012-2016 AOL Inc. All rights reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this Software except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-'use strict';
-
-const MIN_DB_VERSION = 62;
-
-//// Modules
-//////////////////////////////////////////////////////////////////////////////////
-try {
-var Config         = require('./config.js'),
-    express        = require('express'),
-    stylus         = require('stylus'),
-    util           = require('util'),
-    fs             = require('fs-ext'),
-    async          = require('async'),
-    url            = require('url'),
-    dns            = require('dns'),
-    Pcap           = require('./pcap.js'),
-    Db             = require('./db.js'),
-    molochparser   = require('./molochparser.js'),
-    passport       = require('passport'),
-    DigestStrategy = require('passport-http').DigestStrategy,
-    molochversion  = require('./version'),
-    http           = require('http'),
-    pug            = require('pug'),
-    https          = require('https'),
-    EventEmitter   = require('events').EventEmitter,
-    PNG            = require('pngjs').PNG,
-    decode         = require('./decode.js'),
-    onHeaders      = require('on-headers'),
-    glob           = require('glob'),
-    unzip          = require('unzip'),
-    helmet         = require('helmet'),
-    uuid           = require('uuidv4').default,
-    RE2            = require('re2');
-} catch (e) {
-  console.log ("ERROR - Couldn't load some dependancies, maybe need to 'npm update' inside viewer directory", e);
-  process.exit(1);
-  throw new Error("Exiting");
-}
-
-if (typeof express !== "function") {
-  console.log("ERROR - Need to run 'npm update' in viewer directory");
-  process.exit(1);
-  throw new Error("Exiting");
-}
-var app = express();
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Config
-//////////////////////////////////////////////////////////////////////////////////
-var internals = {
-  CYBERCHEFVERSION: '9.11.7',
-  elasticBase: Config.getArray('elasticsearch', ',', 'http://localhost:9200'),
-  esQueryTimeout: Config.get("elasticsearchTimeout", 300) + 's',
-  userNameHeader: Config.get("userNameHeader"),
-  requiredAuthHeader: Config.get("requiredAuthHeader"),
-  requiredAuthHeaderVal: Config.get("requiredAuthHeaderVal"),
-  userAutoCreateTmpl: Config.get("userAutoCreateTmpl"),
-  esAdminUsers: Config.get('multiES', false)?[]:Config.getArray('esAdminUsers', ',', ''),
-  httpAgent:   new http.Agent({keepAlive: true, keepAliveMsecs:5000, maxSockets: 40}),
-  httpsAgent:  new https.Agent({keepAlive: true, keepAliveMsecs:5000, maxSockets: 40, rejectUnauthorized: !Config.insecure}),
-  previousNodesStats: [],
-  caTrustCerts: {},
-  cronRunning: false,
-  rightClicks: {},
-  pluginEmitter: new EventEmitter(),
-  writers: {},
-  oldDBFields: {},
-  isLocalViewRegExp: Config.get("isLocalViewRegExp")?new RE2(Config.get("isLocalViewRegExp")):undefined,
-  uploadLimits: {
-  },
-
-  cronTimeout: +Config.get("dbFlushTimeout", 5) + // How long capture holds items
-               60 +                               // How long before ES reindexs
-               20,                                // Transmit and extra time
-
-//http://garethrees.org/2007/11/14/pngcrush/
-  emptyPNG: Buffer.from("iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQABDQottAAAAABJRU5ErkJggg==", 'base64'),
-  PNG_LINE_WIDTH: 256,
-  runningHuntJob: undefined,
-  proccessHuntJobsInitialized: false,
-  notifiers: undefined,
-  prefix: Config.get('prefix', ''),
-  lookupTypeMap: {
-    ip: 'ip',
-    integer: 'number',
-    termfield: 'string',
-    uptermfield: 'string',
-    lotermfield: 'string'
-  },
-  anonymousUser: {
-    userId: 'anonymous',
-    enabled: true,
-    createEnabled: false,
-    webEnabled: true,
-    headerAuthEnabled: false,
-    emailSearch: true,
-    removeEnabled: true,
-    packetSearch: true,
-    settings: {},
-    welcomeMsgNum: 1,
-    found: true
-  },
-  scriptAggs: {}
-};
-
-internals.scriptAggs['ip.dst:port'] = {
-  script: 'if (doc.dstIp.value.indexOf(".") > 0) {return doc.dstIp.value + ":" + doc.dstPort.value} else {return doc.dstIp.value + "." + doc.dstPort.value}',
-  dbField: 'dstIp'
-};
-
-// make sure there's an _ after the prefix
-if (internals.prefix && !internals.prefix.endsWith('_')) {
-  internals.prefix = `${internals.prefix}_`;
-}
-
-if (Config.get("uploadFileSizeLimit")) {
-  internals.uploadLimits.fileSize = parseInt(Config.get("uploadFileSizeLimit"));
-}
-
-if (internals.elasticBase[0].lastIndexOf('http', 0) !== 0) {
-  internals.elasticBase[0] = "http://" + internals.elasticBase[0];
-}
-
-function isProduction() {
-  return app.get('env') === 'production';
-}
-
-function userCleanup(suser) {
-  suser.settings = suser.settings || {};
-  if (suser.emailSearch === undefined) { suser.emailSearch = false; }
-  if (suser.removeEnabled === undefined) { suser.removeEnabled = false; }
-  // if multies and not users elasticsearch, disable admin privelages
-  if (Config.get('multiES', false) && !Config.get('usersElasticsearch')) {
-    suser.createEnabled = false;
-  }
-  let now = Date.now();
-  let timespan = Config.get('regressionTests', false) ? 1 : 60000;
-  // update user lastUsed time if not mutiES and it hasn't been udpated in more than a minute
-  if (!Config.get('multiES', false) && (!suser.lastUsed || (now - suser.lastUsed) > timespan)) {
-    suser.lastUsed = now;
-    Db.setLastUsed(suser.userId, now, function (err, info) {
-      if (Config.debug && err) {
-        console.log('DEBUG - user lastUsed update error', err, info);
-      }
-    });
-  }
-}
-
-passport.use(new DigestStrategy({qop: 'auth', realm: Config.get("httpRealm", "Moloch")},
-  function(userid, done) {
-    Db.getUserCache(userid, function(err, suser) {
-      if (err && !suser) {return done(err);}
-      if (!suser || !suser.found) {console.log("User", userid, "doesn't exist"); return done(null, false);}
-      if (!suser._source.enabled) {console.log("User", userid, "not enabled"); return done("Not enabled");}
-
-      userCleanup(suser._source);
-
-      return done(null, suser._source, {ha1: Config.store2ha1(suser._source.passStore)});
-    });
-  },
-  function (options, done) {
-      //TODO:  Should check nonce here
-      return done(null, true);
-  }
-));
-
-// app.configure
-var logger = require("morgan");
-var favicon = require("serve-favicon");
-var bodyParser = require('body-parser');
-var multer = require('multer');
-var methodOverride = require('method-override');
-var compression = require('compression');
-
-app.enable("jsonp callback");
-app.set('views', __dirname + '/views');
-app.set('view engine', 'pug');
-app.locals.molochversion =  molochversion.version;
-app.locals.isIndex = false;
-app.locals.basePath = Config.basePath();
-app.locals.elasticBase = internals.elasticBase[0];
-app.locals.allowUploads = Config.get("uploadCommand") !== undefined;
-app.locals.molochClusters = Config.configMap("moloch-clusters");
-
-app.use(favicon(__dirname + '/public/favicon.ico'));
-app.use(passport.initialize());
-
-const iframeOption = Config.get('iframe', 'deny');
-if (iframeOption === 'sameorigin' || iframeOption === 'deny') {
-  app.use(helmet.frameguard({ action: iframeOption }));
-} else {
-  app.use(helmet.frameguard({
-    action: 'allow-from',
-    domain: iframeOption
-  }));
-}
-
-app.use(helmet.hidePoweredBy());
-app.use(helmet.xssFilter());
-if (Config.get('hstsHeader', false) && Config.isHTTPS()) {
-  app.use(helmet.hsts({
-    maxAge: 31536000,
-    includeSubDomains: true
-  }));
-}
-// calculate nonce
-app.use((req, res, next) => {
-  res.locals.nonce = Buffer.from(uuid()).toString('base64');
-  next();
-});
-// define csp headers
-const cspHeader = helmet.contentSecurityPolicy({
-  directives: {
-    defaultSrc: ["'self'"],
-    /* can remove unsafe-inline for css when this is fixed
-    https://github.com/vuejs/vue-style-loader/issues/33 */
-    styleSrc: ["'self'", "'unsafe-inline'"],
-    scriptSrc: ["'self'", "'unsafe-eval'", (req, res) => `'nonce-${res.locals.nonce}'`],
-    objectSrc: ["'none'"],
-    imgSrc: ["'self'", 'data:']
-  }
-});
-const unsafeInlineCspHeader = helmet.contentSecurityPolicy({
-  directives: {
-    defaultSrc: ["'self'"],
-    styleSrc: ["'self'", "'unsafe-inline'"],
-    scriptSrc: ["'self'", "'unsafe-eval'", "'unsafe-inline'"],
-    objectSrc: ["'self'", 'data:'],
-    workerSrc: ["'self'", 'data:', 'blob:'],
-    imgSrc: ["'self'", 'data:'],
-    fontSrc: ["'self'", 'data:']
-  }
-});
-
-function molochError (status, text) {
-  /* jshint validthis: true */
-  this.status(status || 403);
-  return this.send(JSON.stringify({ success: false, text: text }));
-}
-
-app.use(function(req, res, next) {
-  res.molochError = molochError;
-
-  if (res.setTimeout) {
-    res.setTimeout(10 * 60 * 1000); // Increase default from 2 min to 10 min
-  }
-
-  req.url = req.url.replace(Config.basePath(), "/");
-  return next();
-});
-app.use(bodyParser.json());
-app.use(bodyParser.urlencoded({ limit: "5mb", extended: true }));
-//app.use(multer({dest: Config.get("pcapDir")}));
-
-// send req to access log file or stdout
-var _stream = process.stdout;
-var _accesslogfile = Config.get("accessLogFile");
-if (_accesslogfile) {
-  _stream = fs.createWriteStream(_accesslogfile, {flags: 'a'});
-}
-
-var _logger_format = decodeURIComponent(Config.get("accessLogFormat",
-       ':date :username %1b[1m:method%1b[0m %1b[33m:url%1b[0m :status :res[content-length] bytes :response-time ms'));
-var _suppressPaths = Config.getArray("accessLogSuppressPaths", ";", "");
-
-app.use(logger(_logger_format, {stream: _stream,
-  skip: (req, res) => { return _suppressPaths.includes(req.path); }}));
-app.use(compression());
-app.use(methodOverride());
-
-
-app.use('/font-awesome', express.static(__dirname + '/../node_modules/font-awesome', { maxAge: 600 * 1000}));
-app.use('/bootstrap', express.static(__dirname + '/node_modules/bootstrap', { maxAge: 600 * 1000}));
-
-app.use("/", express.static(__dirname + '/public', { maxAge: 600 * 1000}));
-
-if (Config.get("passwordSecret")) {
-  app.locals.alwaysShowESStatus = false;
-  app.use(function(req, res, next) {
-    // 200 for NS
-    if (req.url === "/_ns_/nstest.html") {
-      return res.end();
-    }
-
-    // No auth for eshealth.json or parliament.json
-    if (req.url.match(/^\/(parliament|eshealth).json/)) {
-      return next();
-    }
-
-    // S2S Auth
-    if (req.headers['x-moloch-auth']) {
-      var obj = Config.auth2obj(req.headers['x-moloch-auth'], false);
-      obj.path = obj.path.replace(Config.basePath(), "/");
-      if (obj.path !== req.url) {
-        console.log("ERROR - mismatch url", obj.path, req.url);
-        return res.send("Unauthorized based on bad url, check logs on ", Config.hostName());
-      }
-      if (Math.abs(Date.now() - obj.date) > 120000) { // Request has to be +- 2 minutes
-        console.log("ERROR - Denying server to server based on timestamp, are clocks out of sync?", Date.now(), obj.date);
-        return res.send("Unauthorized based on timestamp - check that all moloch viewer machines have accurate clocks");
-      }
-
-      // Don't look up user for receiveSession
-      if (req.url.match(/^\/receiveSession/)) {
-        return next();
-      }
-
-      Db.getUserCache(obj.user, function(err, suser) {
-        if (err) {return res.send("ERROR - x-moloch getUser - user: " + obj.user + " err:" + err);}
-        if (!suser || !suser.found) {return res.send(obj.user + " doesn't exist");}
-        if (!suser._source.enabled) {return res.send(obj.user + " not enabled");}
-        userCleanup(suser._source);
-        req.user = suser._source;
-        return next();
-      });
-      return;
-    }
-
-    if (req.url.match(/^\/receiveSession/)) {
-      return res.send('receiveSession only allowed s2s');
-    }
-
-    function ucb (err, suser, userName) {
-      if (err) { return res.send(`ERROR - getUser - user: ${userName} err: ${err}`); }
-      if (!suser || !suser.found) { return res.send(`${userName} doesn't exist`); }
-      if (!suser._source.enabled) { return res.send(`${userName} not enabled`); }
-      if (!suser._source.headerAuthEnabled) { return res.send(`${userName} header auth not enabled`); }
-
-      userCleanup(suser._source);
-      req.user = suser._source;
-      return next();
-    }
-
-    // Header auth
-    if (internals.userNameHeader !== undefined) {
-      if (req.headers[internals.userNameHeader] !== undefined) {
-        // Check if we require a certain header+value to be present
-        // as in the case of an apache plugin that sends AD groups
-        if (internals.requiredAuthHeader !== undefined && internals.requiredAuthHeaderVal !== undefined) {
-          let authHeader = req.headers[internals.requiredAuthHeader];
-          if (authHeader === undefined) {
-             return res.send('Missing authorization header');
-          }
-          let authorized = false;
-          authHeader.split(',').forEach(headerVal => {
-             if (headerVal.trim() === internals.requiredAuthHeaderVal) {
-                authorized = true;
-             }
-          });
-          if (!authorized) {
-              return res.send('Not authorized');
-          }
-        }
-
-        const userName = req.headers[internals.userNameHeader];
-
-        Db.getUserCache(userName, (err, suser) => {
-          if (internals.userAutoCreateTmpl === undefined) {
-             return ucb(err, suser, userName);
-          } else if ((err && err.toString().includes('Not Found')) ||
-             (!suser || !suser.found)) { // Try dynamic creation
-             /* jslint evil: true */
-             let nuser = JSON.parse(new Function('return `' +
-                   internals.userAutoCreateTmpl + '`;').call(req.headers));
-             Db.setUser(userName, nuser, (err, info) => {
-               if (err) {
-                 console.log('Elastic search error adding user: (' +  userName + '):(' + JSON.stringify(nuser) + '):' + err);
-               } else {
-                 console.log('Added user:' + userName + ':' + JSON.stringify(nuser));
-               }
-               return Db.getUserCache(userName, ucb);
-             });
-          } else {
-             return ucb(err, suser, userName);
-          }
-        });
-        return;
-      } else if (Config.debug) {
-        console.log('DEBUG - Couldn\'t find userNameHeader of', internals.userNameHeader, 'in', req.headers, 'for', req.url);
-      }
-    }
-
-
-    // Browser auth
-    req.url = req.url.replace("/", Config.basePath());
-    passport.authenticate('digest', {session: false})(req, res, function (err) {
-      req.url = req.url.replace(Config.basePath(), "/");
-      if (err) { return res.molochError(200, err); }
-      else { return next(); }
-    });
-  });
-} else if (Config.get("regressionTests", false)) {
-  console.log('WARNING - The setting "regressionTests" is set to true, do NOT use in production, for testing only');
-  app.locals.alwaysShowESStatus = true;
-  app.locals.noPasswordSecret   = true;
-  app.use(function(req, res, next) {
-    var username = req.query.molochRegressionUser || "anonymous";
-    req.user = {userId: username, enabled: true, createEnabled: username === "anonymous", webEnabled: true, headerAuthEnabled: false, emailSearch: true, removeEnabled: true, packetSearch: true, settings: {}, welcomeMsgNum: 1};
-    Db.getUserCache(username, function(err, suser) {
-      if (!err && suser && suser.found) {
-        userCleanup(suser._source);
-        req.user = suser._source;
-      }
-      next();
-    });
-  });
-} else {
-  /* Shared password isn't set, who cares about auth, db is only used for settings */
-  console.log('WARNING - The setting "passwordSecret" is not set, all access is anonymous');
-  app.locals.alwaysShowESStatus = true;
-  app.locals.noPasswordSecret   = true;
-  app.use(function(req, res, next) {
-    req.user = internals.anonymousUser;
-    Db.getUserCache('anonymous', (err, suser) => {
-      if (!err && suser && suser.found) {
-        req.user.settings = suser._source.settings || {};
-        req.user.views = suser._source.views;
-      }
-      next();
-    });
-  });
-}
-
-// check for anonymous mode before fetching user cache and return anonymous
-// user or the user requested by the userId
-function getUserCacheIncAnon (userId, cb) {
-  if (app.locals.noPasswordSecret) { // user is anonymous
-    Db.getUserCache('anonymous', (err, anonUser) => {
-      let anon = internals.anonymousUser;
-
-      if (!err && anonUser && anonUser.found) {
-        anon.settings = anonUser._source.settings || {};
-        anon.views = anonUser._source.views;
-      }
-
-      return cb(null, anon);
-    });
-  } else {
-    Db.getUserCache(userId, (err, user) => {
-      let found = user.found;
-      user = user._source;
-      if (user) { user.found = found; }
-      return cb(err, user);
-    });
-  }
-}
-
-// add lookups for queries
-app.use(function (req, res, next) {
-  if (!req.user) { return next(); }
-  Db.getLookupsCache(req.user.userId, (err, lookupsMap) => {
-    req.lookups = lookupsMap || {};
-    return next();
-  });
-});
-
-app.use(function(req, res, next) {
-  if (!req.user || !req.user.userId) {
-    return next();
-  }
-
-  var mrc = {};
-
-  mrc.httpAuthorizationDecode = {fields: "http.authorization", func: `{
-    if (value.substring(0,5) === "Basic")
-      return {name: "Decoded:", value: atob(value.substring(6))};
-    return undefined;
-  }`};
-  mrc.bodyHashMd5 = {category: "md5", url: "/%NODE%/%ID%/bodyHash/%TEXT%", name: "Download File"};
-  mrc.bodyHashSha256 = {category: "sha256", url: "/%NODE%/%ID%/bodyHash/%TEXT%", name: "Download File"};
-
-  for (var key in internals.rightClicks) {
-    var rc = internals.rightClicks[key];
-    if (!rc.users || rc.users[req.user.userId]) {
-      mrc[key] = rc;
-    }
-  }
-  app.locals.molochRightClick = mrc;
-  next();
-});
-
-logger.token('username', function(req, res){ return req.user?req.user.userId:"-"; });
-
-// Explicit sigint handler for running under docker
-// See https://github.com/nodejs/node/issues/4182
-process.on('SIGINT', function() {
-    process.exit();
-});
-
-function loadFields() {
-  Db.loadFields(function (err, data) {
-    if (err) {data = [];}
-    else {data = data.hits.hits;}
-
-    // Everything will use dbField2 as dbField
-    for (let i = 0, ilen = data.length; i < ilen; i++) {
-      internals.oldDBFields[data[i]._source.dbField] = data[i]._source;
-      data[i]._source.dbField = data[i]._source.dbField2;
-      if (data[i]._source.portField2) {
-        data[i]._source.portField = data[i]._source.portField2;
-      } else {
-        delete data[i]._source.portField;
-      }
-      delete data[i]._source.rawField;
-    }
-    Config.loadFields(data);
-    app.locals.fieldsMap = JSON.stringify(Config.getFieldsMap());
-    app.locals.fieldsArr = Config.getFields().sort(function(a,b) {return (a.exp > b.exp?1:-1);});
-    createSessionDetail();
-  });
-}
-
-function loadPlugins() {
-  var api = {
-    registerWriter: function(str, info) {
-      internals.writers[str] = info;
-    },
-    getDb: function() { return Db; },
-    getPcap: function() { return Pcap; },
-  };
-  var plugins = Config.getArray('viewerPlugins', ';', '');
-  var dirs = Config.getArray('pluginsDir', ';', '/data/moloch/plugins');
-  plugins.forEach(function (plugin) {
-    plugin = plugin.trim();
-    if (plugin === "") {
-      return;
-    }
-    var found = false;
-    dirs.forEach(function (dir) {
-      dir = dir.trim();
-      if (found || dir === "") {
-        return;
-      }
-      if (fs.existsSync(dir + "/" + plugin)) {
-        found = true;
-        var p = require(dir + "/" + plugin);
-        p.init(Config, internals.pluginEmitter, api);
-      }
-    });
-    if (!found) {
-      console.log("WARNING - Couldn't find plugin", plugin, "in", dirs);
-    }
-  });
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Utility
-//////////////////////////////////////////////////////////////////////////////////
-function safeStr(str) {
-  return str.replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/\"/g,'&quot;').replace(/\'/g, '&#39;').replace(/\//g, '&#47;');
-}
-
-// https://medium.com/dailyjs/rewriting-javascript-converting-an-array-of-objects-to-an-object-ec579cafbfc7
-function arrayToObject(array, key)
-{
-  return array.reduce((obj, item) => {
-    obj[item[key]] = item;
-      return obj;
-  }, {});
-}
-
-function queryValueToArray(val) {
-  if (val === undefined || val === null) {
-    return [];
-  }
-  if (!Array.isArray(val)) {
-    val = [val];
-  }
-  return val.join(",").split(",");
-}
-
-function errorString(err, result) {
-  var str;
-  if (err && typeof err === "string") {
-    str = err;
-  } else if (err && typeof err.message === "string") {
-    str = err.message;
-  } else if (result && result.error) {
-    str = result.error;
-  } else {
-    str = "Unknown issue, check logs";
-    console.log(err, result);
-  }
-
-  if (str.match("IndexMissingException")) {
-    return "Moloch's Elasticsearch database has no matching session indices for timeframe selected";
-  } else {
-    return "Elasticsearch error: " + str;
-  }
-}
-
-function parseCustomView(key, input) {
-  var fieldsMap = Config.getFieldsMap();
-
-  var match = input.match(/require:([^;]+)/);
-  if (!match) {
-    console.log(`custom-view ${key} missing require section`);
-    process.exit(1);
-  }
-  var require = match[1];
-
-  match = input.match(/title:([^;]+)/);
-  var title = match[1] || key;
-
-  match = input.match(/fields:([^;]+)/);
-  if (!match) {
-    console.log(`custom-view ${key} missing fields section`);
-    process.exit(1);
-  }
-  var fields = match[1];
-
-  var output = `  if (session.${require})\n    div.sessionDetailMeta.bold ${title}\n    dl.sessionDetailMeta\n`;
-
-  for (let field of fields.split(",")) {
-    let info = fieldsMap[field];
-    if (!info) {
-      continue;
-    }
-    var parts = splitRemain(info.dbField, '.', 1);
-    if (parts.length === 1) {
-      output += `      +arrayList(session, '${parts[0]}', '${info.friendlyName}', '${field}')\n`;
-    } else {
-      output += `      +arrayList(session.${parts[0]}, '${parts[1]}', '${info.friendlyName}', '${field}')\n`;
-    }
-  }
-
-  return output;
-}
-
-function createSessionDetail() {
-  var found = {};
-  var dirs = [];
-
-  dirs = dirs.concat(Config.getArray('pluginsDir', ';', '/data/moloch/plugins'));
-  dirs = dirs.concat(Config.getArray('parsersDir', ';', '/data/moloch/parsers'));
-
-  dirs.forEach(function(dir) {
-    try {
-      var files = fs.readdirSync(dir);
-      // sort().reverse() so in this dir pug is processed before jade
-      files.sort().reverse().forEach(function(file) {
-        var sfile = file.replace(/\.(pug|jade)/, "");
-        if (found[sfile]) {
-          return;
-        }
-        if (file.match(/\.detail\.jade$/i)) {
-          found[sfile] = fs.readFileSync(dir + "/" + file, 'utf8').replace(/^/mg, "  ") + "\n";
-        } else if (file.match(/\.detail\.pug$/i)) {
-          found[sfile] = "  include " + dir + "/" + file + "\n";
-        }
-      });
-    } catch (e) {}
-  });
-
-  var customViews = Config.keys("custom-views") || [];
-
-  for (let key of customViews) {
-    let view = Config.sectionGet("custom-views", key);
-    found[key] = parseCustomView(key, view);
-  }
-
-  var makers = internals.pluginEmitter.listeners("makeSessionDetail");
-  async.each(makers, function(cb, nextCb) {
-    cb(function (err, items) {
-      for (var k in items) {
-        found[k] = items[k].replace(/^/mg, "  ") + "\n";
-      }
-      return nextCb();
-    });
-  }, function () {
-    internals.sessionDetailNew = "include views/mixins.pug\n" +
-                                 "div.session-detail(sessionid=session.id,hidePackets=hidePackets)\n" +
-                                 "  include views/sessionDetail\n";
-    Object.keys(found).sort().forEach(function(k) {
-      internals.sessionDetailNew += found[k];
-    });
-
-    internals.sessionDetailNew = internals.sessionDetailNew.replace(/div.sessionDetailMeta.bold/g, "h4.sessionDetailMeta")
-                                                           .replace(/dl.sessionDetailMeta/g, "dl")
-                                                           .replace(/a.moloch-right-click.*molochexpr='([^']+)'.*#{(.*)}/g, "+clickableValue('$1', $2)")
-                                                           ;
-  });
-}
-
-function createRightClicks() {
-
-  var mrc = Config.configMap("right-click");
-  for (var key in mrc) {
-    if (mrc[key].fields) {
-      mrc[key].fields = mrc[key].fields.split(",");
-    }
-    if (mrc[key].users) {
-      var users = {};
-      for (const item of mrc[key].users.split(",")) {
-        users[item] = 1;
-      }
-      mrc[key].users = users;
-    }
-  }
-  var makers = internals.pluginEmitter.listeners("makeRightClick");
-  async.each(makers, function(cb, nextCb) {
-    cb(function (err, items) {
-      for (var k in items) {
-        mrc[k] = items[k];
-        if (mrc[k].fields && !Array.isArray(mrc[k].fields)) {
-          mrc[k].fields = mrc[k].fields.split(",");
-        }
-      }
-      return nextCb();
-    });
-  }, function () {
-    internals.rightClicks = mrc;
-  });
-}
-
-//https://coderwall.com/p/pq0usg/javascript-string-split-that-ll-return-the-remainder
-function splitRemain(str, separator, limit) {
-    str = str.split(separator);
-    if(str.length <= limit) {return str;}
-
-    var ret = str.splice(0, limit);
-    ret.push(str.join(separator));
-
-    return ret;
-}
-
-function arrayZeroFill(n) {
-  var a = [];
-  while (n > 0) {
-    a.push(0);
-    n--;
-  }
-  return a;
-}
-
-// https://stackoverflow.com/a/48569020
-class Mutex {
-  constructor () {
-    this.queue = [];
-    this.locked = false;
-  }
-
-  lock () {
-    return new Promise((resolve, reject) => {
-      if (this.locked) {
-        this.queue.push(resolve);
-      } else {
-        this.locked = true;
-        resolve();
-      }
-    });
-  }
-
-  unlock () {
-    if (this.queue.length > 0) {
-      const resolve = this.queue.shift();
-      resolve();
-    } else {
-      this.locked = false;
-    }
-  }
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Requests
-//////////////////////////////////////////////////////////////////////////////////
-
-function addAuth(info, user, node, secret) {
-    if (!info.headers) {
-        info.headers = {};
-    }
-    info.headers['x-moloch-auth'] = Config.obj2auth({date: Date.now(),
-                                                     user: user.userId,
-                                                     node: node,
-                                                     path: info.path
-                                                    }, false, secret);
-}
-
-function loadCaTrust(node) {
-  var caTrustFile = Config.getFull(node, "caTrustFile");
-
-  if (caTrustFile && caTrustFile.length > 0) {
-    let certs = [];
-
-    var caTrustFileLines = fs.readFileSync(caTrustFile, 'utf8');
-    caTrustFileLines = caTrustFileLines.split("\n");
-
-    var foundCert = [];
-
-    for (let i = 0, ilen = caTrustFileLines.length; i < ilen; i++) {
-      let line = caTrustFileLines[i];
-      if (line.length === 0) {
-        continue;
-      }
-      foundCert.push(line);
-      if (line.match(/-END CERTIFICATE-/)) {
-        certs.push(foundCert.join("\n"));
-        foundCert = [];
-      }
-    }
-
-    if (certs.length > 0) {
-      return certs;
-    }
-  }
-
-  return undefined;
-}
-
-
-function addCaTrust(info, node) {
-  if (!Config.isHTTPS(node)) {
-    return;
-  }
-
-  if ((internals.caTrustCerts[node] !== undefined) && (internals.caTrustCerts[node].length > 0)) {
-    info.ca = internals.caTrustCerts[node];
-    info.agent.options.ca = internals.caTrustCerts[node];
-    return;
-  }
-
-  internals.caTrustCerts[node] = loadCaTrust(node);
-
-  if (internals.caTrustCerts[node] !== undefined && internals.caTrustCerts[node].length > 0) {
-    info.ca = internals.caTrustCerts[node];
-    info.agent.options.ca = internals.caTrustCerts[node];
-    return;
-  }
-}
-
-function noCache(req, res, ct) {
-  res.header('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
-  if (ct) {
-    res.setHeader("Content-Type", ct);
-    res.header('X-Content-Type-Options', 'nosniff');
-  }
-}
-
-function getViewUrl(node, cb) {
-  if (Array.isArray(node)) {
-    node = node[0];
-  }
-
-  var url = Config.getFull(node, "viewUrl");
-  if (url) {
-    if (Config.debug > 1) {
-      console.log(`DEBUG: node:${node} is using ${url} because viewUrl was set for ${node} in config file`);
-    }
-    cb(null, url, url.slice(0, 5) === "https"?https:http);
-    return;
-  }
-
-  Db.molochNodeStatsCache(node, function(err, stat) {
-    if (err) {
-      return cb(err);
-    }
-
-    if (Config.debug > 1) {
-      console.log(`DEBUG: node:${node} is using ${stat.hostname} from elasticsearch stats index`);
-    }
-
-    if (Config.isHTTPS(node)) {
-      cb(null, "https://" + stat.hostname + ":" + Config.getFull(node, "viewPort", "8005"), https);
-    } else {
-      cb(null, "http://" + stat.hostname + ":" + Config.getFull(node, "viewPort", "8005"), http);
-    }
-  });
-}
-
-function proxyRequest (req, res, errCb) {
-  noCache(req, res);
-
-  getViewUrl(req.params.nodeName, function(err, viewUrl, client) {
-    if (err) {
-      if (errCb) {
-        return errCb(err);
-      }
-      console.log("ERROR - getViewUrl - node:", req.params.nodeName, "err:", err);
-      return res.send(`Can't find view url for '${safeStr(req.params.nodeName)}' check viewer logs on '${Config.hostName()}'`);
-    }
-    var info = url.parse(viewUrl);
-    info.path = req.url;
-    info.agent = (client === http?internals.httpAgent:internals.httpsAgent);
-    addAuth(info, req.user, req.params.nodeName);
-    addCaTrust(info, req.params.nodeName);
-
-    var preq = client.request(info, function(pres) {
-      if (pres.headers['content-type']) {
-        res.setHeader('content-type', pres.headers['content-type']);
-      }
-      if (pres.headers['content-disposition']) {
-        res.setHeader('content-disposition', pres.headers['content-disposition']);
-      }
-      pres.on('data', function (chunk) {
-        res.write(chunk);
-      });
-      pres.on('end', function () {
-        res.end();
-      });
-    });
-
-    preq.on('error', function (e) {
-      if (errCb) {
-        return errCb(e);
-      }
-      console.log("ERROR - Couldn't proxy request=", info, "\nerror=", e, "You might want to run viewer with two --debug for more info");
-      res.send(`Error talking to node '${safeStr(req.params.nodeName)}' using host '${info.host}' check viewer logs on '${Config.hostName()}'`);
-    });
-    preq.end();
-  });
-}
-
-function makeRequest (node, path, user, cb) {
-  getViewUrl(node, function (err, viewUrl, client) {
-    let info = url.parse(viewUrl);
-    info.path = encodeURI(`${Config.basePath(node)}${path}`);
-    info.agent = (client === http ? internals.httpAgent : internals.httpsAgent);
-    addAuth(info, user, node);
-    addCaTrust(info, node);
-    let preq = client.request(info, function (pres) {
-      let response = '';
-      pres.on('data', function (chunk) {
-        response += chunk;
-      });
-      pres.on('end', function () {
-        cb(null, response);
-      });
-    });
-    preq.on('error', function (err) {
-      console.log(`Error with ${info.path} on remote viewer: ${err}`);
-      cb(err);
-    });
-    preq.end();
-  });
-}
-
-function isLocalView (node, yesCb, noCb) {
-  if (internals.isLocalViewRegExp && node.match(internals.isLocalViewRegExp)) {
-    if (Config.debug > 1) {
-      console.log(`DEBUG: node:${node} is local view because matches ${internals.isLocalViewRegExp}`);
-    }
-    return yesCb();
-  }
-
-  var pcapWriteMethod = Config.getFull(node, "pcapWriteMethod");
-  var writer = internals.writers[pcapWriteMethod];
-  if (writer && writer.localNode === false) {
-    if (Config.debug > 1) {
-      console.log(`DEBUG: node:${node} is local view because of writer`);
-    }
-    return yesCb();
-  }
-  return Db.isLocalView(node, yesCb, noCb);
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Middleware
-//////////////////////////////////////////////////////////////////////////////////
-function checkProxyRequest(req, res, next) {
-  isLocalView(req.params.nodeName, function () {
-    return next();
-  },
-  function () {
-    return proxyRequest(req, res);
-  });
-}
-
-function setCookie (req, res, next) {
-  let cookieOptions = {
-    path: app.locals.basePath,
-    sameSite: 'Strict',
-    overwrite: true
-  };
-
-  if (Config.isHTTPS()) { cookieOptions.secure = true; }
-
-  res.cookie( // send cookie for basic, non admin functions
-     'MOLOCH-COOKIE',
-     Config.obj2auth({
-       date: Date.now(),
-       pid: process.pid,
-       userId: req.user.userId
-     }, true),
-     cookieOptions
-  );
-
-  return next();
-}
-
-function checkCookieToken(req, res, next) {
-  if (!req.headers['x-moloch-cookie']) {
-    return res.molochError(500, 'Missing token');
-  }
-
-  req.token = Config.auth2obj(req.headers['x-moloch-cookie'], true);
-  var diff = Math.abs(Date.now() - req.token.date);
-  if (diff > 2400000 || /* req.token.pid !== process.pid || */
-      req.token.userId !== req.user.userId) {
-
-    console.trace('bad token', req.token);
-    return res.molochError(500, 'Timeout - Please try reloading page and repeating the action');
-  }
-
-  return next();
-}
-
-// use for APIs that can be used from places other than just the UI
-function checkHeaderToken (req, res, next) {
-  if (req.headers.cookie) { // if there's a cookie, check header
-    return checkCookieToken(req, res, next);
-  } else { // if there's no cookie, just continue so the API still works
-    return next();
-  }
-}
-
-function checkPermissions (permissions) {
-  const inversePermissions = {
-    hidePcap: true,
-    hideFiles: true,
-    hideStats: true,
-    disablePcapDownload: true
-  };
-
-  return (req, res, next) => {
-    for (let permission of permissions) {
-      if ((!req.user[permission] && !inversePermissions[permission]) ||
-        (req.user[permission] && inversePermissions[permission])) {
-        console.log(`Permission denied to ${req.user.userId} while requesting resource: ${req._parsedUrl.pathname}, using permission ${permission}`);
-        return res.molochError(403, 'You do not have permission to access this resource');
-      }
-    }
-    next();
-  };
-}
-
-function checkHuntAccess (req, res, next) {
-  if (req.user.createEnabled) {
-    // an admin can do anything to any hunt
-    return next();
-  } else {
-    Db.get('hunts', 'hunt', req.params.id, (err, huntHit) => {
-      if (err) {
-        console.log('error', err);
-        return res.molochError(500, err);
-      }
-      if (!huntHit || !huntHit.found) { throw 'Hunt not found'; }
-
-      if (huntHit._source.userId === req.user.userId) {
-        return next();
-      }
-      return res.molochError(403, `You cannot change another user's hunt unless you have admin privileges`);
-    });
-  }
-}
-
-function checkCronAccess (req, res, next) {
-  if (req.user.createEnabled) {
-    // an admin can do anything to any query
-    return next();
-  } else {
-    Db.get('queries', 'query', req.body.key, (err, query) => {
-      if (err || !query.found) {
-        return res.molochError(403, 'Unknown cron query');
-      }
-      if (query._source.creator === req.user.userId) {
-        return next();
-      }
-      return res.molochError(403, `You cannot change another user's cron query unless you have admin privileges`);
-    });
-  }
-}
-
-function noCacheJson(req, res, next) {
-  res.header('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
-  res.setHeader("Content-Type", 'application/json');
-  return next();
-}
-
-function logAction(uiPage) {
-  return function(req, res, next) {
-    var log = {
-      timestamp : Math.floor(Date.now()/1000),
-      method    : req.method,
-      userId    : req.user.userId,
-      api       : req._parsedUrl.pathname,
-      query     : req._parsedUrl.query,
-      expression: req.query.expression
-    };
-
-    if (req.user.expression) {
-      log.forcedExpression = req.user.expression;
-    }
-
-    if (uiPage) { log.uiPage = uiPage; }
-
-    if (req.query.date && parseInt(req.query.date) === -1) {
-      log.range = log.timestamp;
-    } else if(req.query.startTime && req.query.stopTime) {
-      log.range = req.query.stopTime - req.query.startTime;
-    }
-
-    if (req.query.view && req.user.views) {
-      var view = req.user.views[req.query.view];
-      if (view) {
-        log.view = {
-          name: req.query.view,
-          expression: view.expression
-        };
-      }
-    }
-
-    // save the request body
-    var avoidProps  = { password:true, newPassword:true, currentPassword:true };
-    var bodyClone   = {};
-
-    for (var key in req.body) {
-      if (req.body.hasOwnProperty(key) && !avoidProps[key]) {
-        bodyClone[key] = req.body[key];
-      }
-    }
-
-    if (Object.keys(bodyClone).length > 0) {
-      log.body = bodyClone;
-    }
-
-    res.logCounts = function(recordsReturned, recordsFiltered, recordsTotal) {
-      log.recordsReturned = recordsReturned;
-      log.recordsFiltered = recordsFiltered;
-      log.recordsTotal    = recordsTotal;
-    };
-
-    req._molochStartTime = new Date();
-    function finish () {
-      log.queryTime = new Date() - req._molochStartTime;
-      res.removeListener('finish', finish);
-      Db.historyIt(log, function(err, info) {
-        if (err) { console.log('log history error', err, info); }
-      });
-    }
-
-    res.on('finish', finish);
-
-    return next();
-  };
-}
-
-function fieldToExp (req, res, next) {
-  if (req.query.exp && !req.query.field) {
-    var field = Config.getFieldsMap()[req.query.exp];
-    if (field) { req.query.field = field.dbField; }
-    else { req.query.field = req.query.exp; }
-  }
-
-  return next();
-}
-
-// record the time it took from the request to start
-// until the headers are set to send the response
-function recordResponseTime (req, res, next) {
-  onHeaders(res, () => {
-    let now = process.hrtime();
-    let ms = ((now[0] - req._startAt[0]) * 1000) + ((now[1] - req._startAt[1]) / 1000000);
-    ms = Math.ceil(ms);
-    res.setHeader('X-Moloch-Response-Time', ms);
-  });
-
-  next();
-}
-
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Pages
-//////////////////////////////////////////////////////////////////////////////////
-// APIs disabled in demoMode, needs to be before real callbacks
-if (Config.get('demoMode', false)) {
-  console.log("WARNING - Starting in demo mode, some APIs disabled");
-  app.all(['/settings', '/users', '/history/list'], function(req, res) {
-    return res.send('Disabled in demo mode.');
-  });
-
-  app.get(['/user/cron', '/history/list'], function(req, res) {
-    return res.molochError(403, "Disabled in demo mode.");
-  });
-
-  app.post(['/user/password/change', '/changePassword', '/tableState/:tablename'], function(req, res) {
-    return res.molochError(403, "Disabled in demo mode.");
-  });
-}
-
-app.get(['/', '/app'], function(req, res) {
-  var question = req.url.indexOf("?");
-  if (question === -1) {
-    res.redirect("sessions");
-  } else {
-    res.redirect("sessions" + req.url.substring(question));
-  }
-});
-
-app.get('/about', checkPermissions(['webEnabled']), (req, res) => {
-  res.redirect('help');
-});
-
-app.get('/molochclusters', function(req, res) {
-  function cloneClusters(clusters) {
-    var clone = {};
-
-    for (var key in app.locals.molochClusters) {
-      if (app.locals.molochClusters.hasOwnProperty(key)) {
-        var cluster = app.locals.molochClusters[key];
-        clone[key] = {
-          name: cluster.name,
-          url : cluster.url
-        };
-      }
-    }
-
-    return clone;
-  }
-
-  if(!app.locals.molochClusters) {
-    var molochClusters = Config.configMap("moloch-clusters");
-
-    if (!molochClusters) {
-      res.status(404);
-      return res.send('Cannot locate right clicks');
-    }
-
-    return res.send(cloneClusters(molochClusters));
-  }
-
-  var clustersClone = cloneClusters(app.locals.molochClusters);
-
-  return res.send(clustersClone);
-});
-
-// custom user css
-app.get('/user.css', checkPermissions(['webEnabled']), (req, res) => {
-  fs.readFile("./views/user.styl", 'utf8', function(err, str) {
-    function error(msg) {
-      console.log('ERROR - user.css -', msg);
-      return res.status(404).end();
-    }
-
-    var date = new Date().toUTCString();
-    res.setHeader('Content-Type', 'text/css');
-    res.setHeader('Date', date);
-    res.setHeader('Cache-Control', 'public, max-age=0');
-    res.setHeader('Last-Modified', date);
-
-    if (err) { return error(err); }
-    if (!req.user.settings.theme) { return error('no custom theme defined'); }
-
-    var theme = req.user.settings.theme.split(':');
-
-    if (!theme[1]) { return error('custom theme corrupted'); }
-
-    var style = stylus(str);
-
-    var colors = theme[1].split(',');
-
-    if (!colors) { return error('custom theme corrupted'); }
-
-    style.define('colorBackground', new stylus.nodes.Literal(colors[0]));
-    style.define('colorForeground', new stylus.nodes.Literal(colors[1]));
-    style.define('colorForegroundAccent', new stylus.nodes.Literal(colors[2]));
-
-    style.define('colorWhite', new stylus.nodes.Literal('#FFFFFF'));
-    style.define('colorBlack', new stylus.nodes.Literal('#333333'));
-    style.define('colorGray', new stylus.nodes.Literal('#CCCCCC'));
-    style.define('colorGrayDark', new stylus.nodes.Literal('#777777'));
-    style.define('colorGrayDarker', new stylus.nodes.Literal('#555555'));
-    style.define('colorGrayLight', new stylus.nodes.Literal('#EEEEEE'));
-    style.define('colorGrayLighter', new stylus.nodes.Literal('#F6F6F6'));
-
-    style.define('colorPrimary', new stylus.nodes.Literal(colors[3]));
-    style.define('colorPrimaryLightest', new stylus.nodes.Literal(colors[4]));
-    style.define('colorSecondary', new stylus.nodes.Literal(colors[5]));
-    style.define('colorSecondaryLightest', new stylus.nodes.Literal(colors[6]));
-    style.define('colorTertiary', new stylus.nodes.Literal(colors[7]));
-    style.define('colorTertiaryLightest', new stylus.nodes.Literal(colors[8]));
-    style.define('colorQuaternary', new stylus.nodes.Literal(colors[9]));
-    style.define('colorQuaternaryLightest', new stylus.nodes.Literal(colors[10]));
-
-    style.define('colorWater', new stylus.nodes.Literal(colors[11]));
-    style.define('colorLand', new stylus.nodes.Literal(colors[12]));
-    style.define('colorSrc', new stylus.nodes.Literal(colors[13]));
-    style.define('colorDst', new stylus.nodes.Literal(colors[14]));
-
-    style.render(function(err, css){
-      if (err) { return error(err); }
-      return res.send(css);
-    });
-  });
-});
-
-
-/* User Endpoints ---------------------------------------------------------- */
-// default settings for users with no settings
-let settingDefaults = {
-  timezone      : 'local',
-  detailFormat  : 'last',
-  showTimestamps: 'last',
-  sortColumn    : 'firstPacket',
-  sortDirection : 'desc',
-  spiGraph      : 'node',
-  connSrcField  : 'srcIp',
-  connDstField  : 'ip.dst:port',
-  numPackets    : 'last',
-  theme         : 'default-theme'
-};
-
-// gets the current user
-app.get('/user/current', checkPermissions(['webEnabled']), (req, res) => {
-  let userProps = [ 'createEnabled', 'emailSearch', 'enabled', 'removeEnabled',
-    'headerAuthEnabled', 'settings', 'userId', 'userName', 'webEnabled', 'packetSearch',
-    'hideStats', 'hideFiles', 'hidePcap', 'disablePcapDownload', 'welcomeMsgNum',
-    'lastUsed', 'timeLimit' ];
-
-  let clone = {};
-
-  for (let i = 0, ilen = userProps.length; i < ilen; ++i) {
-    let prop = userProps[i];
-    if (req.user.hasOwnProperty(prop)) {
-      clone[prop] = req.user[prop];
-    }
-  }
-
-  clone.canUpload = app.locals.allowUploads;
-  clone.esAdminUser = internals.esAdminUsers.includes(req.user.userId);
-
-
-  // If no settings, use defaults
-  if (clone.settings === undefined) { clone.settings = settingDefaults; }
-
-  // Use settingsDefaults for any settings that are missing
-  for (let item in settingDefaults) {
-    if (clone.settings[item] === undefined) {
-      clone.settings[item] = settingDefaults[item];
-    }
-  }
-
-  return res.send(clone);
-});
-
-// express middleware to set req.settingUser to who to work on, depending if admin or not
-// This returns the cached user
-function getSettingUserCache (req, res, next) {
-  // If no userId parameter, or userId is ourself then req.user already has our info
-  if (req.query.userId === undefined || req.query.userId === req.user.userId) {
-    req.settingUser = req.user;
-    return next();
-  }
-
-  // user is trying to get another user's settings without admin privilege
-  if (!req.user.createEnabled) { return res.molochError(403, "Need admin privileges"); }
-
-  Db.getUserCache(req.query.userId, function(err, user) {
-    if (err || !user || !user.found) {
-      if (app.locals.noPasswordSecret) {
-        // TODO: send anonymous user's settings
-        req.settingUser = {};
-      } else {
-        req.settingUser = null;
-      }
-      return next();
-    }
-    req.settingUser = user._source;
-    return next();
-  });
-}
-
-// express middleware to set req.settingUser to who to work on, depending if admin or not
-// This returns fresh from db
-function getSettingUserDb (req, res, next) {
-  let userId;
-
-  if (req.query.userId === undefined || req.query.userId === req.user.userId) {
-    if (Config.get('regressionTests', false)) {
-      req.settingUser = req.user;
-      return next();
-    }
-
-    userId = req.user.userId;
-  } else if (!req.user.createEnabled) {
-    // user is trying to get another user's settings without admin privilege
-    return res.molochError(403, "Need admin privileges");
-  } else {
-    userId = req.query.userId;
-  }
-
-  Db.getUser(userId, function(err, user) {
-    if (err || !user || !user.found) {
-      if (app.locals.noPasswordSecret) {
-        // TODO: send anonymous user's settings
-        req.settingUser = {};
-      } else {
-        return res.molochError(403, 'Unknown user');
-      }
-      return next();
-    }
-    req.settingUser = user._source;
-    return next();
-  });
-}
-
-function buildNotifiers () {
-  internals.notifiers = {};
-
-  let api = {
-    register: function (str, info) {
-      internals.notifiers[str] = info;
-    }
-  };
-
-  // look for all notifier providers and initialize them
-  let files = glob.sync(`${__dirname}/../notifiers/provider.*.js`);
-  files.forEach((file) => {
-    let plugin = require(file);
-    plugin.init(api);
-  });
-}
-
-function issueAlert (notifierName, alertMessage, continueProcess) {
-  if (!internals.notifiers) { buildNotifiers(); }
-
-  // find notifier
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      console.log('Cannot find notifier, no alert can be issued');
-      return continueProcess();
-    }
-
-    sharedUser = sharedUser._source;
-
-    sharedUser.notifiers = sharedUser.notifiers || {};
-
-    let notifier = sharedUser.notifiers[notifierName];
-
-    if (!notifier) {
-      console.log('Cannot find notifier, no alert can be issued');
-      return continueProcess();
-    }
-
-    let notifierDefinition;
-    for (let n in internals.notifiers) {
-      if (internals.notifiers[n].type === notifier.type) {
-        notifierDefinition = internals.notifiers[n];
-      }
-    }
-    if (!notifierDefinition) {
-      console.log('Cannot find notifier definition, no alert can be issued');
-      return continueProcess();
-    }
-
-    let config = {};
-    for (let field of notifierDefinition.fields) {
-      for (let configuredField of notifier.fields) {
-        if (configuredField.name === field.name && configuredField.value !== undefined) {
-          console.log('setting', field.name, 'to', configuredField.value);
-          config[field.name] = configuredField.value;
-        }
-      }
-
-      // If a field is required and nothing was set, then we have an error
-      if (field.required && config[field.name] === undefined) {
-        console.log(`Cannot find notifier field value: ${field.name}, no alert can be issued`);
-        continueProcess();
-      }
-    }
-
-    notifierDefinition.sendAlert(config, alertMessage);
-
-    return continueProcess();
-  });
-}
-
-app.get('/notifierTypes', checkCookieToken, function (req, res) {
-  if (!internals.notifiers) {
-    buildNotifiers();
-  }
-
-  return res.send(internals.notifiers);
-});
-
-// get created notifiers
-app.get('/notifiers', checkCookieToken, function (req, res) {
-  function cloneNotifiers(notifiers) {
-    var clone = {};
-
-    for (var key in notifiers) {
-      if (notifiers.hasOwnProperty(key)) {
-        var notifier = notifiers[key];
-        clone[key] = {
-          name: notifier.name,
-          type : notifier.type
-        };
-      }
-    }
-
-    return clone;
-  }
-
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      return res.send({});
-    } else {
-      sharedUser = sharedUser._source;
-    }
-
-    if (req.user.createEnabled) {
-      return res.send(sharedUser.notifiers);
-    }
-
-    return res.send(cloneNotifiers(sharedUser.notifiers));
-  });
-});
-
-// create a new notifier
-app.post('/notifiers', [noCacheJson, getSettingUserDb, checkCookieToken], function (req, res) {
-  let user = req.settingUser;
-  if (!user.createEnabled) {
-    return res.molochError(401, 'Need admin privelages to create a notifier');
-  }
-
-  if (!req.body.notifier) {
-    return res.molochError(403, 'Missing notifier');
-  }
-
-  if (!req.body.notifier.name) {
-    return res.molochError(403, 'Missing a unique notifier name');
-  }
-
-  if (!req.body.notifier.type) {
-    return res.molochError(403, 'Missing notifier type');
-  }
-
-  if (!req.body.notifier.fields) {
-    return res.molochError(403, 'Missing notifier fields');
-  }
-
-  if (!Array.isArray(req.body.notifier.fields)) {
-    return res.molochError(403, 'Notifier fields must be an array');
-  }
-
-  req.body.notifier.name = req.body.notifier.name.replace(/[^-a-zA-Z0-9_: ]/g, '');
-
-  if (!internals.notifiers) { buildNotifiers(); }
-
-  let foundNotifier;
-  for (let n in internals.notifiers) {
-    let notifier = internals.notifiers[n];
-    if (notifier.type === req.body.notifier.type) {
-      foundNotifier = notifier;
-    }
-  }
-
-  if (!foundNotifier) { return res.molochError(403, 'Unknown notifier type'); }
-
-  // check that required notifier fields exist
-  for (let field of foundNotifier.fields) {
-    if (field.required) {
-      for (let sentField of req.body.notifier.fields) {
-        if (sentField.name === field.name && !sentField.value) {
-          return res.molochError(403, `Missing a value for ${field.name}`);
-        }
-      }
-    }
-  }
-
-  // save the notifier on the shared user
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      // sharing for the first time
-      sharedUser = {
-        userId: '_moloch_shared',
-        userName: '_moloch_shared',
-        enabled: false,
-        webEnabled: false,
-        emailSearch: false,
-        headerAuthEnabled: false,
-        createEnabled: false,
-        removeEnabled: false,
-        packetSearch: false,
-        views: {},
-        notifiers: {}
-      };
-    } else {
-      sharedUser = sharedUser._source;
-    }
-
-    sharedUser.notifiers = sharedUser.notifiers || {};
-
-    if (sharedUser.notifiers[req.body.notifier.name]) {
-      console.log('Trying to add duplicate notifier', sharedUser);
-      return res.molochError(403, 'Notifier already exists');
-    }
-
-    sharedUser.notifiers[req.body.notifier.name] = req.body.notifier;
-
-    Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-      if (err) {
-        console.log('/notifiers failed', err, info);
-        return res.molochError(500, 'Creating notifier failed');
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Successfully created notifier',
-        name    : req.body.notifier.name
-      }));
-    });
-  });
-});
-
-// update a notifier
-app.put('/notifiers/:name', [noCacheJson, getSettingUserDb, checkCookieToken], function (req, res) {
-  let user = req.settingUser;
-  if (!user.createEnabled) {
-    return res.molochError(401, 'Need admin privelages to update a notifier');
-  }
-
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      return res.molochError(404, 'Cannot find notifer to udpate');
-    } else {
-      sharedUser = sharedUser._source;
-    }
-
-    sharedUser.notifiers = sharedUser.notifiers || {};
-
-    if (!sharedUser.notifiers[req.params.name]) {
-      return res.molochError(404, 'Cannot find notifer to udpate');
-    }
-
-    if (!req.body.notifier) {
-      return res.molochError(403, 'Missing notifier');
-    }
-
-    if (!req.body.notifier.name) {
-      return res.molochError(403, 'Missing a unique notifier name');
-    }
-
-    if (!req.body.notifier.type) {
-      return res.molochError(403, 'Missing notifier type');
-    }
-
-    if (!req.body.notifier.fields) {
-      return res.molochError(403, 'Missing notifier fields');
-    }
-
-    if (!Array.isArray(req.body.notifier.fields)) {
-      return res.molochError(403, 'Notifier fields must be an array');
-    }
-
-    req.body.notifier.name = req.body.notifier.name.replace(/[^-a-zA-Z0-9_: ]/g, '');
-
-    if (req.body.notifier.name !== req.body.key &&
-      sharedUser.notifiers[req.body.notifier.name]) {
-      return res.molochError(403, `${req.body.notifier.name} already exists`);
-    }
-
-
-    if (!internals.notifiers) { buildNotifiers(); }
-
-    let foundNotifier;
-    for (let n in internals.notifiers) {
-      let notifier = internals.notifiers[n];
-      if (notifier.type === req.body.notifier.type) {
-        foundNotifier = notifier;
-      }
-    }
-
-    if (!foundNotifier) { return res.molochError(403, 'Unknown notifier type'); }
-
-    // check that required notifier fields exist
-    for (let field of foundNotifier.fields) {
-      if (field.required) {
-        for (let sentField of req.body.notifier.fields) {
-          if (sentField.name === field.name && !sentField.value) {
-            return res.molochError(403, `Missing a value for ${field.name}`);
-          }
-        }
-      }
-    }
-
-    sharedUser.notifiers[req.body.notifier.name] = req.body.notifier;
-    // delete the old notifier if the name has changed
-    if (sharedUser.notifiers[req.params.name] && req.body.notifier.name !== req.params.name) {
-      sharedUser.notifiers[req.params.name] = null;
-      delete sharedUser.notifiers[req.params.name];
-    }
-
-    Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-      if (err) {
-        console.log('/notifiers update failed', err, info);
-        return res.molochError(500, 'Updating notifier failed');
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Successfully updated notifier',
-        name    : req.body.notifier.name
-      }));
-    });
-  });
-});
-
-// delete a notifier
-app.delete('/notifiers/:name', [noCacheJson, getSettingUserDb, checkCookieToken], function (req, res) {
-  let user = req.settingUser;
-  if (!user.createEnabled) {
-    return res.molochError(401, 'Need admin privelages to delete a notifier');
-  }
-
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      return res.molochError(404, 'Cannot find notifer to remove');
-    } else {
-      sharedUser = sharedUser._source;
-    }
-
-    sharedUser.notifiers = sharedUser.notifiers || {};
-
-    if (!sharedUser.notifiers[req.params.name]) {
-      return res.molochError(404, 'Cannot find notifer to remove');
-    }
-
-    sharedUser.notifiers[req.params.name] = undefined;
-
-    Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-      if (err) {
-        console.log('/notifiers delete failed', err, info);
-        return res.molochError(500, 'Deleting notifier failed');
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Successfully deleted notifier',
-        name    : req.params.name
-      }));
-    });
-  });
-});
-
-// test a notifier
-app.post('/notifiers/:name/test', [noCacheJson, getSettingUserCache, checkCookieToken], function (req, res) {
-  let user = req.settingUser;
-  if (!user.createEnabled) {
-    return res.molochError(401, 'Need admin privelages to test a notifier');
-  }
-
-  function continueProcess () {
-    return res.send(JSON.stringify({
-      success : true,
-      text    : `Successfully issued alert using the ${req.params.name} notifier.`
-    }));
-  }
-
-  issueAlert(req.params.name, 'Test alert', continueProcess);
-});
-
-// gets a user's settings
-app.get('/user/settings', [noCacheJson, recordResponseTime, getSettingUserDb, checkPermissions(['webEnabled']), setCookie], (req, res) => {
-  let settings = req.settingUser.settings || settingDefaults;
-
-  let cookieOptions = { path: app.locals.basePath, sameSite: 'Strict' };
-  if (Config.isHTTPS()) { cookieOptions.secure = true; }
-
-  res.cookie(
-     'MOLOCH-COOKIE',
-     Config.obj2auth({date: Date.now(), pid: process.pid, userId: req.user.userId}, true),
-     cookieOptions
-  );
-
-  return res.send(settings);
-});
-
-// updates a user's settings
-app.post('/user/settings/update', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  req.settingUser.settings = req.body;
-  delete req.settingUser.settings.token;
-
-  Db.setUser(req.settingUser.userId, req.settingUser, function(err, info) {
-    if (err) {
-      console.log('/user/settings/update error', err, info);
-      return res.molochError(500, 'Settings update failed');
-    }
-    return res.send(JSON.stringify({
-      success : true,
-      text    : 'Updated settings successfully'
-    }));
-  });
-});
-
-function saveSharedView (req, res, user, view, endpoint, successMessage, errorMessage) {
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      // sharing for the first time
-      sharedUser = {
-        userId: '_moloch_shared',
-        userName: '_moloch_shared',
-        enabled: false,
-        webEnabled: false,
-        emailSearch: false,
-        headerAuthEnabled: false,
-        createEnabled: false,
-        removeEnabled: false,
-        packetSearch: false,
-        views: {}
-      };
-    } else {
-      sharedUser = sharedUser._source;
-    }
-
-    sharedUser.views = sharedUser.views || {};
-
-    if (sharedUser.views[req.body.name]) {
-      console.log('Trying to add duplicate shared view', sharedUser);
-      return res.molochError(403, 'Shared view already exists');
-    }
-
-    sharedUser.views[req.body.name] = view;
-
-    Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-      if (err) {
-        console.log(endpoint, 'failed', err, info);
-        return res.molochError(500, errorMessage);
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : successMessage,
-        viewName: req.body.name,
-        view    : view
-      }));
-    });
-  });
-}
-
-// remove the string, 'shared:', that is added to shared views with the same
-// name as a user's personal view in the endpoint '/user/views'
-// also remove any special characters except ('-', '_', ':', and ' ')
-function sanitizeViewName (req, res, next) {
-  if (req.body.name) {
-    req.body.name = req.body.name.replace(/(^(shared:)+)|[^-a-zA-Z0-9_: ]/g, '');
-  }
-  next();
-}
-
-// removes a view from the user that created the view and adds it to the shared user
-function shareView (req, res, user, endpoint, successMessage, errorMessage) {
-  let view = user.views[req.body.name];
-  view.shared = true;
-
-  delete user.views[req.body.name]; // remove the view from the
-
-  Db.setUser(user.userId, user, (err, info) => {
-    if (err) {
-      console.log(endpoint, 'failed', err, info);
-      return res.molochError(500, errorMessage);
-    }
-    // save the view on the shared user
-    return saveSharedView(req, res, user, view, endpoint, successMessage, errorMessage);
-  });
-}
-
-// removes a view from the shared user and adds it to the user that created the view
-function unshareView (req, res, user, sharedUser, endpoint, successMessage, errorMessage) {
-  Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-    if (err) {
-      console.log(endpoint, 'failed', err, info);
-      return res.molochError(500, errorMessage);
-    }
-
-    if (user.views[req.body.name]) { // the user already has a view with this name
-      return res.molochError(403, 'A view already exists with this name.');
-    }
-
-    user.views[req.body.name] = {
-      expression: req.body.expression,
-      user: req.body.user, // keep the user so we know who created it
-      shared: false,
-      sessionsColConfig: req.body.sessionsColConfig
-    };
-
-    Db.setUser(user.userId, user, (err, info) => {
-      if (err) {
-        console.log(endpoint, 'failed', err, info);
-        return res.molochError(500, errorMessage);
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : successMessage
-      }));
-    });
-  });
-}
-
-// gets a user's views
-app.get('/user/views', [noCacheJson, getSettingUserCache], function(req, res) {
-  if (!req.settingUser) { return res.send({}); }
-
-  // Clone the views so we don't modify that cached user
-  let views = JSON.parse(JSON.stringify(req.settingUser.views || {}));
-
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (sharedUser && sharedUser.found) {
-      sharedUser = sharedUser._source;
-      for (let viewName in sharedUser.views) {
-        // check for views with the same name as a shared view so user specific views don't get overwritten
-        let sharedViewName = viewName;
-        if (views[sharedViewName] && !views[sharedViewName].shared) {
-          sharedViewName = `shared:${sharedViewName}`;
-        }
-        views[sharedViewName] = sharedUser.views[viewName];
-      }
-    }
-
-    return res.send(views);
-  });
-});
-
-// creates a new view for a user
-app.post('/user/views/create', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, sanitizeViewName], function (req, res) {
-  if (!req.body.name)   { return res.molochError(403, 'Missing view name'); }
-  if (!req.body.expression) { return res.molochError(403, 'Missing view expression'); }
-
-  let user = req.settingUser;
-  user.views = user.views || {};
-
-  let newView = {
-    expression: req.body.expression,
-    user: user.userId
-  };
-
-  if (req.body.shared) {
-    // save the view on the shared user
-    newView.shared = true;
-    saveSharedView(req, res, user, newView, '/user/views/create', 'Created shared view successfully', 'Create shared view failed');
-  } else {
-    newView.shared = false;
-    if (user.views[req.body.name]) {
-      return res.molochError(403, 'A view already exists with this name.');
-    } else {
-      user.views[req.body.name] = newView;
-    }
-
-    if (req.body.sessionsColConfig) {
-      user.views[req.body.name].sessionsColConfig = req.body.sessionsColConfig;
-    } else if (user.views[req.body.name].sessionsColConfig && !req.body.sessionsColConfig) {
-      user.views[req.body.name].sessionsColConfig = undefined;
-    }
-
-    Db.setUser(user.userId, user, (err, info) => {
-      if (err) {
-        console.log('/user/views/create error', err, info);
-        return res.molochError(500, 'Create view failed');
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Created view successfully',
-        viewName: req.body.name,
-        view    : newView
-      }));
-    });
-  }
-});
-
-// deletes a user's specified view
-app.post('/user/views/delete', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, sanitizeViewName], function(req, res) {
-  if (!req.body.name) { return res.molochError(403, 'Missing view name'); }
-
-  let user = req.settingUser;
-  user.views = user.views || {};
-
-  if (req.body.shared) {
-    Db.getUser('_moloch_shared', (err, sharedUser) => {
-      if (sharedUser && sharedUser.found) {
-        sharedUser = sharedUser._source;
-        sharedUser.views = sharedUser.views || {};
-        if (sharedUser.views[req.body.name] === undefined) { return res.molochError(404, 'View not found'); }
-        // only admins or the user that created the view can delete the shared view
-        if (!user.createEnabled && sharedUser.views[req.body.name].user !== user.userId) {
-          return res.molochError(401, `Need admin privelages to delete another user's shared view`);
-        }
-        delete sharedUser.views[req.body.name];
-      }
-
-      Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-        if (err) {
-          console.log('/user/views/delete failed', err, info);
-          return res.molochError(500, 'Delete shared view failed');
-        }
-        return res.send(JSON.stringify({
-          success : true,
-          text    : 'Deleted shared view successfully'
-        }));
-      });
-    });
-  } else {
-    if (user.views[req.body.name] === undefined) { return res.molochError(404, 'View not found'); }
-    delete user.views[req.body.name];
-
-    Db.setUser(user.userId, user, (err, info) => {
-      if (err) {
-        console.log('/user/views/delete failed', err, info);
-        return res.molochError(500, 'Delete view failed');
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Deleted view successfully'
-      }));
-    });
-  }
-});
-
-// shares/unshares a view
-app.post('/user/views/toggleShare', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, sanitizeViewName], function (req, res) {
-  if (!req.body.name)       { return res.molochError(403, 'Missing view name'); }
-  if (!req.body.expression) { return res.molochError(403, 'Missing view expression'); }
-
-  let view;
-  let share = req.body.shared;
-  let user = req.settingUser;
-  user.views = user.views || {};
-
-  if (share && user.views[req.body.name] === undefined) { return res.molochError(404, 'View not found'); }
-
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      // the shared user has not been created yet so there is no chance of duplicate views
-      if (share) { // add the view to the shared user
-        return shareView(req, res, user, '/user/views/toggleShare', 'Shared view successfully', 'Sharing view failed');
-      }
-      // if it not already a shared view and it's trying to be unshared, something went wrong, can't do it
-      return res.molochError(404, 'Shared user not found. Cannot unshare a view without a shared user.');
-    }
-
-    sharedUser = sharedUser._source;
-    sharedUser.views = sharedUser.views || {};
-
-    if (share) { // if sharing, make sure the view doesn't already exist
-      if (sharedUser.views[req.body.name]) { // duplicate detected
-        return res.molochError(403, 'A shared view already exists with this name.');
-      }
-      return shareView(req, res, user, '/user/views/toggleShare', 'Shared view successfully', 'Sharing view failed');
-    } else {
-      // if unsharing, remove it from shared user and add it to current user
-      if (sharedUser.views[req.body.name] === undefined) { return res.molochError(404, 'View not found'); }
-      // only admins or the user that created the view can update the shared view
-      if (!user.createEnabled && sharedUser.views[req.body.name].user !== user.userId) {
-        return res.molochError(401, `Need admin privelages to unshare another user's shared view`);
-      }
-      // save the view for later to determine who the view belongs to
-      view = sharedUser.views[req.body.name];
-      // delete the shared view
-      delete sharedUser.views[req.body.name];
-      return unshareView(req, res, user, sharedUser, '/user/views/toggleShare', 'Unshared view successfully', 'Unsharing view failed');
-    }
-  });
-});
-
-// updates a user's specified view
-app.post('/user/views/update', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, sanitizeViewName], function (req, res) {
-  if (!req.body.name)       { return res.molochError(403, 'Missing view name'); }
-  if (!req.body.expression) { return res.molochError(403, 'Missing view expression'); }
-  if (!req.body.key)        { return res.molochError(403, 'Missing view key'); }
-
-  let user = req.settingUser;
-  user.views = user.views || {};
-
-  if (req.body.shared) {
-    Db.getUser('_moloch_shared', (err, sharedUser) => {
-      if (sharedUser && sharedUser.found) {
-        sharedUser = sharedUser._source;
-        sharedUser.views = sharedUser.views || {};
-        if (sharedUser.views[req.body.key] === undefined) { return res.molochError(404, 'View not found'); }
-        // only admins or the user that created the view can update the shared view
-        if (!user.createEnabled && sharedUser.views[req.body.name].user !== user.userId) {
-          return res.molochError(401, `Need admin privelages to update another user's shared view`);
-        }
-        sharedUser.views[req.body.name] = {
-          expression: req.body.expression,
-          user: user.userId,
-          shared: true,
-          sessionsColConfig: req.body.sessionsColConfig
-        };
-        // delete the old one if the key (view name) has changed
-        if (sharedUser.views[req.body.key] && req.body.name !== req.body.key) {
-          sharedUser.views[req.body.key] = null;
-          delete sharedUser.views[req.body.key];
-        }
-      }
-
-      Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-        if (err) {
-          console.log('/user/views/delete failed', err, info);
-          return res.molochError(500, 'Update shared view failed');
-        }
-        return res.send(JSON.stringify({
-          success : true,
-          text    : 'Updated shared view successfully'
-        }));
-      });
-    });
-  } else {
-    if (user.views[req.body.name]) {
-      user.views[req.body.name].expression = req.body.expression;
-    } else { // the name has changed, so create a new entry
-      user.views[req.body.name] = {
-        expression: req.body.expression,
-        user: user.userId,
-        shared: false,
-        sessionsColConfig: req.body.sessionsColConfig
-      };
-    }
-
-    // delete the old one if the key (view name) has changed
-    if (user.views[req.body.key] && req.body.name !== req.body.key) {
-      user.views[req.body.key] = null;
-      delete user.views[req.body.key];
-    }
-
-    Db.setUser(user.userId, user, function(err, info) {
-      if (err) {
-        console.log('/user/views/update error', err, info);
-        return res.molochError(500, 'Updating view failed');
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Updated view successfully'
-      }));
-    });
-  }
-});
-
-// gets a user's cron queries
-app.get('/user/cron', [noCacheJson, getSettingUserCache], function(req, res) {
-  if (!req.settingUser) {return res.molochError(403, 'Unknown user');}
-
-  var user = req.settingUser;
-  if (user.settings === undefined) {user.settings = {};}
-  Db.search('queries', 'query', {size:1000, query: {term: {creator: user.userId}}}, function (err, data) {
-    if (err || data.error) {
-      console.log('/user/cron error', err || data.error);
-    }
-
-    let queries = {};
-
-    if (data && data.hits && data.hits.hits) {
-      user.queries = {};
-      data.hits.hits.forEach(function(item) {
-        queries[item._id] = item._source;
-      });
-    }
-
-    res.send(queries);
-  });
-});
-
-// creates a new cron query for a user
-app.post('/user/cron/create', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name)   { return res.molochError(403, 'Missing cron query name'); }
-  if (!req.body.query)  { return res.molochError(403, 'Missing cron query expression'); }
-  if (!req.body.action) { return res.molochError(403, 'Missing cron query action'); }
-  if (!req.body.tags)   { return res.molochError(403, 'Missing cron query tag(s)'); }
-
-  var document = {
-    doc: {
-      enabled : true,
-      name    : req.body.name,
-      query   : req.body.query,
-      tags    : req.body.tags,
-      action  : req.body.action,
-    }
-  };
-
-  if (req.body.notifier) {
-    document.doc.notifier = req.body.notifier;
-  }
-
-  var userId = req.settingUser.userId;
-
-  Db.getMinValue("sessions2-*", "timestamp", (err, minTimestamp) => {
-    if (err || minTimestamp === 0 || minTimestamp === null) {
-      minTimestamp = Math.floor(Date.now()/1000);
-    } else {
-      minTimestamp = Math.floor(minTimestamp/1000);
-    }
-
-    if (+req.body.since === -1) {
-      document.doc.lpValue =  document.doc.lastRun = minTimestamp;
-    } else {
-      document.doc.lpValue =  document.doc.lastRun =
-         Math.max(minTimestamp, Math.floor(Date.now()/1000) - 60*60*parseInt(req.body.since || '0', 10));
-    }
-    document.doc.count = 0;
-    document.doc.creator = userId || 'anonymous';
-
-    Db.indexNow('queries', 'query', null, document.doc, function(err, info) {
-      if (err) {
-        console.log('/user/cron/create error', err, info);
-        return res.molochError(500, 'Create cron query failed');
-      }
-      if (Config.get('cronQueries', false)) {
-        processCronQueries();
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Created cron query successfully',
-        key     : info._id
-      }));
-    });
-  });
-});
-
-// deletes a user's specified cron query
-app.post('/user/cron/delete', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, checkCronAccess], function(req, res) {
-  if (!req.body.key) { return res.molochError(403, 'Missing cron query key'); }
-
-  Db.deleteDocument('queries', 'query', req.body.key, {refresh: true}, function(err, sq) {
-    if (err) {
-      console.log('/user/cron/delete error', err, sq);
-      return res.molochError(500, 'Delete cron query failed');
-    }
-    res.send(JSON.stringify({
-      success : true,
-      text    : 'Deleted cron query successfully'
-    }));
-  });
-});
-
-// updates a user's specified cron query
-app.post('/user/cron/update', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, checkCronAccess], function(req, res) {
-  if (!req.body.key)    { return res.molochError(403, 'Missing cron query key'); }
-  if (!req.body.name)   { return res.molochError(403, 'Missing cron query name'); }
-  if (!req.body.query)  { return res.molochError(403, 'Missing cron query expression'); }
-  if (!req.body.action) { return res.molochError(403, 'Missing cron query action'); }
-  if (!req.body.tags)   { return res.molochError(403, 'Missing cron query tag(s)'); }
-
-  var document = {
-    doc: {
-      enabled : req.body.enabled,
-      name    : req.body.name,
-      query   : req.body.query,
-      tags    : req.body.tags,
-      action  : req.body.action,
-      notifier: undefined
-    }
-  };
-
-  if (req.body.notifier) {
-    document.doc.notifier = req.body.notifier;
-  }
-
-  Db.get('queries', 'query', req.body.key, function(err, sq) {
-    if (err || !sq.found) {
-      console.log('/user/cron/update failed', err, sq);
-      return res.molochError(403, 'Unknown query');
-    }
-
-    Db.update('queries', 'query', req.body.key, document, {refresh: true}, function(err, data) {
-      if (err) {
-        console.log('/user/cron/update error', err, document, data);
-        return res.molochError(500, 'Cron query update failed');
-      }
-      if (Config.get('cronQueries', false)) {
-        processCronQueries();
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Updated cron query successfully'
-      }));
-    });
-  });
-});
-
-// changes a user's password
-app.post('/user/password/change', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.newPassword || req.body.newPassword.length < 3) {
-    return res.molochError(403, 'New password needs to be at least 3 characters');
-  }
-
-  if (!req.user.createEnabled && (req.user.passStore !==
-     Config.pass2store(req.token.userId, req.body.currentPassword) ||
-     req.token.userId !== req.user.userId)) {
-    return res.molochError(403, 'Current password mismatch');
-  }
-
-  var user = req.settingUser;
-  user.passStore = Config.pass2store(user.userId, req.body.newPassword);
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/password/change error', err, info);
-      return res.molochError(500, 'Update failed');
-    }
-    return res.send(JSON.stringify({
-      success : true,
-      text    : 'Changed password successfully'
-    }));
-  });
-});
-
-function oldDB2newDB(x) {
-  if (!internals.oldDBFields[x]) {return x;}
-  return internals.oldDBFields[x].dbField2;
-}
-
-// gets custom column configurations for a user
-app.get('/user/columns', [noCacheJson, getSettingUserCache, checkPermissions(['webEnabled'])], (req, res) => {
-  if (!req.settingUser) {return res.send([]);}
-
-  // Fix for new names
-  if (req.settingUser.columnConfigs) {
-    for (var key in req.settingUser.columnConfigs) {
-      let item = req.settingUser.columnConfigs[key];
-      item.columns = item.columns.map(oldDB2newDB);
-      if (item.order && item.order.length > 0) {
-        item.order[0][0] = oldDB2newDB(item.order[0][0]);
-      }
-    }
-  }
-
-  return res.send(req.settingUser.columnConfigs || []);
-});
-
-// udpates custom column configurations for a user
-app.put('/user/columns/:name', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name)     { return res.molochError(403, 'Missing custom column configuration name'); }
-  if (!req.body.columns)  { return res.molochError(403, 'Missing columns'); }
-  if (!req.body.order)    { return res.molochError(403, 'Missing sort order'); }
-
-  let user = req.settingUser;
-  user.columnConfigs = user.columnConfigs || [];
-
-  // find the custom column configuration to update
-  let found = false;
-  for (let i = 0, ilen = user.columnConfigs.length; i < ilen; ++i) {
-    if (req.body.name === user.columnConfigs[i].name) {
-      found = true;
-      user.columnConfigs[i] = req.body;
-    }
-  }
-
-  if (!found) { return res.molochError(200, 'Custom column configuration not found'); }
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/columns udpate error', err, info);
-      return res.molochError(500, 'Update custom column configuration failed');
-    }
-    return res.send(JSON.stringify({
-      success   : true,
-      text      : 'Updated column configuration',
-      colConfig : req.body
-    }));
-  });
-});
-
-// creates a new custom column configuration for a user
-app.post('/user/columns/create', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name)     { return res.molochError(403, 'Missing custom column configuration name'); }
-  if (!req.body.columns)  { return res.molochError(403, 'Missing columns'); }
-  if (!req.body.order)    { return res.molochError(403, 'Missing sort order'); }
-
-  req.body.name = req.body.name.replace(/[^-a-zA-Z0-9\s_:]/g, '');
-  if (req.body.name.length < 1) {
-    return res.molochError(403, 'Invalid custom column configuration name');
-  }
-
-  var user = req.settingUser;
-  user.columnConfigs = user.columnConfigs || [];
-
-  // don't let user use duplicate names
-  for (let i = 0, ilen = user.columnConfigs.length; i < ilen; ++i) {
-    if (req.body.name === user.columnConfigs[i].name) {
-      return res.molochError(403, 'There is already a custom column with that name');
-    }
-  }
-
-  user.columnConfigs.push({
-    name    : req.body.name,
-    columns : req.body.columns,
-    order   : req.body.order
-  });
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/columns/create error', err, info);
-      return res.molochError(500, 'Create custom column configuration failed');
-    }
-    return res.send(JSON.stringify({
-      success : true,
-      text    : 'Created custom column configuration successfully',
-      name    : req.body.name
-    }));
-  });
-});
-
-// deletes a user's specified custom column configuration
-app.post('/user/columns/delete', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name) { return res.molochError(403, 'Missing custom column configuration name'); }
-
-  var user = req.settingUser;
-  user.columnConfigs = user.columnConfigs || [];
-
-  var found = false;
-  for (let i = 0, ilen = user.columnConfigs.length; i < ilen; ++i) {
-    if (req.body.name === user.columnConfigs[i].name) {
-      user.columnConfigs.splice(i, 1);
-      found = true;
-      break;
-    }
-  }
-
-  if (!found) { return res.molochError(200, "Column not found"); }
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/columns/delete failed', err, info);
-      return res.molochError(500, 'Delete custom column configuration failed');
-    }
-    return res.send(JSON.stringify({
-      success : true,
-      text    : 'Deleted custom column configuration successfully'
-    }));
-  });
-});
-
-// gets custom spiview fields configurations for a user
-app.get('/user/spiview/fields', [noCacheJson, getSettingUserCache, checkPermissions(['webEnabled'])], (req, res) => {
-  if (!req.settingUser) {return res.send([]);}
-
-  return res.send(req.settingUser.spiviewFieldConfigs || []);
-});
-
-// udpates custom spiview field configuration for a user
-app.put('/user/spiview/fields/:name', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name)   { return res.molochError(403, 'Missing custom spiview field configuration name'); }
-  if (!req.body.fields) { return res.molochError(403, 'Missing fields'); }
-
-  let user = req.settingUser;
-  user.spiviewFieldConfigs = user.spiviewFieldConfigs || [];
-
-  // find the custom spiview field configuration to update
-  let found = false;
-  for (let i = 0, ilen = user.spiviewFieldConfigs.length; i < ilen; ++i) {
-    if (req.body.name === user.spiviewFieldConfigs[i].name) {
-      found = true;
-      user.spiviewFieldConfigs[i] = req.body;
-    }
-  }
-
-  if (!found) { return res.molochError(200, 'Custom spiview field configuration not found'); }
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/spiview/fields udpate error', err, info);
-      return res.molochError(500, 'Update spiview field configuration failed');
-    }
-    return res.send(JSON.stringify({
-      success   : true,
-      text      : 'Updated spiview field configuration',
-      colConfig : req.body
-    }));
-  });
-});
-
-// creates a new custom spiview fields configuration for a user
-app.post('/user/spiview/fields/create', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name)   { return res.molochError(403, 'Missing custom spiview field configuration name'); }
-  if (!req.body.fields) { return res.molochError(403, 'Missing fields'); }
-
-  req.body.name = req.body.name.replace(/[^-a-zA-Z0-9\s_:]/g, '');
-
-  if (req.body.name.length < 1) {
-    return res.molochError(403, 'Invalid custom spiview fields configuration name');
-  }
-
-  var user = req.settingUser;
-  user.spiviewFieldConfigs = user.spiviewFieldConfigs || [];
-
-  // don't let user use duplicate names
-  for (let i = 0, ilen = user.spiviewFieldConfigs.length; i < ilen; ++i) {
-    if (req.body.name === user.spiviewFieldConfigs[i].name) {
-      return res.molochError(403, 'There is already a custom spiview fields configuration with that name');
-    }
-  }
-
-  user.spiviewFieldConfigs.push({
-    name  : req.body.name,
-    fields: req.body.fields
-  });
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/spiview/fields/create error', err, info);
-      return res.molochError(500, 'Create custom spiview fields configuration failed');
-    }
-    return res.send(JSON.stringify({
-      success : true,
-      text    : 'Created custom spiview fields configuration successfully',
-      name    : req.body.name
-    }));
-  });
-});
-
-// deletes a user's specified custom spiview fields configuration
-app.post('/user/spiview/fields/delete', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name) { return res.molochError(403, 'Missing custom spiview fields configuration name'); }
-
-  var user = req.settingUser;
-  user.spiviewFieldConfigs = user.spiviewFieldConfigs || [];
-
-  var found = false;
-  for (let i = 0, ilen = user.spiviewFieldConfigs.length; i < ilen; ++i) {
-    if (req.body.name === user.spiviewFieldConfigs[i].name) {
-      user.spiviewFieldConfigs.splice(i, 1);
-      found = true;
-      break;
-    }
-  }
-
-  if (!found) { return res.molochError(200, "Spiview fields not found"); }
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/spiview/fields/delete failed', err, info);
-      return res.molochError(500, 'Delete custom spiview fields configuration failed');
-    }
-    return res.send(JSON.stringify({
-      success : true,
-      text    : 'Deleted custom spiview fields configuration successfully'
-    }));
-  });
-});
-
-
-app.get('/decodings', [noCacheJson], function(req, res) {
-  var decodeItems = decode.settings();
-  res.send(JSON.stringify(decodeItems));
-});
-
-
-//////////////////////////////////////////////////////////////////////////////////
-//// EXPIRING
-//////////////////////////////////////////////////////////////////////////////////
-// Search for all files on a set of nodes in a set of directories.
-// If less then size items are returned we don't delete anything.
-// Doesn't support mounting sub directories in main directory, don't do it.
-function expireDevice (nodes, dirs, minFreeSpaceG, nextCb) {
-  var query = { _source: [ 'num', 'name', 'first', 'size', 'node' ],
-                  from: '0',
-                  size: 200,
-                 query: { bool: {
-                    must: [
-                          {terms: {node: nodes}},
-                          { bool: {should: []}}
-                        ],
-                    must_not: { term: {locked: 1}}
-                }},
-                sort: { first: { order: 'asc' } } };
-
-  Object.keys(dirs).forEach( function (pcapDir) {
-    var obj = {wildcard: {}};
-    if (pcapDir[pcapDir.length - 1] === "/") {
-      obj.wildcard.name = pcapDir + "*";
-    } else {
-      obj.wildcard.name = pcapDir + "/*";
-    }
-    query.query.bool.must[1].bool.should.push(obj);
-  });
-
-  // Keep at least 10 files
-  Db.search('files', 'file', query, function(err, data) {
-      if (err || data.error || !data.hits || data.hits.total <= 10) {
-        return nextCb();
-      }
-      async.forEachSeries(data.hits.hits, function(item, forNextCb) {
-        if (data.hits.total <= 10) {
-          return forNextCb("DONE");
-        }
-
-        var fields = item._source || item.fields;
-
-        var freeG;
-        try {
-          var stat = fs.statVFS(fields.name);
-          freeG = stat.f_frsize/1024.0*stat.f_bavail/(1024.0*1024.0);
-        } catch (e) {
-          console.log("ERROR", e);
-          // File doesn't exist, delete it
-          freeG = minFreeSpaceG - 1;
-        }
-        if (freeG < minFreeSpaceG) {
-          data.hits.total--;
-          console.log("Deleting", item);
-          return Db.deleteFile(fields.node, item._id, fields.name, forNextCb);
-        } else {
-          return forNextCb("DONE");
-        }
-      }, function () {
-        return nextCb();
-      });
-  });
-}
-
-function expireCheckDevice (nodes, stat, nextCb) {
-  var doit = false;
-  var minFreeSpaceG = 0;
-  async.forEach(nodes, function(node, cb) {
-    var freeSpaceG = Config.getFull(node, "freeSpaceG", "5%");
-    if (freeSpaceG[freeSpaceG.length-1] === "%") {
-      freeSpaceG = (+freeSpaceG.substr(0,freeSpaceG.length-1)) * 0.01 * stat.f_frsize/1024.0*stat.f_blocks/(1024.0*1024.0);
-    }
-    var freeG = stat.f_frsize/1024.0*stat.f_bavail/(1024.0*1024.0);
-    if (freeG < freeSpaceG) {
-      doit = true;
-    }
-
-    if (freeSpaceG > minFreeSpaceG) {
-      minFreeSpaceG = freeSpaceG;
-    }
-
-    cb();
-  }, function () {
-    if (doit) {
-      expireDevice(nodes, stat.dirs, minFreeSpaceG, nextCb);
-    } else {
-      return nextCb();
-    }
-  });
-}
-
-function expireCheckAll () {
-  var devToStat = {};
-  // Find all the nodes running on this host
-  Db.hostnameToNodeids(Config.hostName(), function(nodes) {
-    // Current node name should always be checked too
-    if (!nodes.includes(Config.nodeName())) {
-      nodes.push(Config.nodeName());
-    }
-
-    // Find all the pcap dirs for local nodes
-    async.map(nodes, function (node, cb) {
-      var pcapDirs = Config.getFull(node, "pcapDir");
-      if (typeof pcapDirs !== "string") {
-        return cb("ERROR - couldn't find pcapDir setting for node: " + node + "\nIf you have it set try running:\nnpm remove iniparser; npm cache clean; npm update iniparser");
-      }
-      // Create a mapping from device id to stat information and all directories on that device
-      pcapDirs.split(";").forEach(function (pcapDir) {
-        if (!pcapDir) {
-          return; // Skip empty elements.  Prevents errors when pcapDir has a trailing or double ;
-        }
-        pcapDir = pcapDir.trim();
-        var fileStat = fs.statSync(pcapDir);
-        var vfsStat = fs.statVFS(pcapDir);
-        if (!devToStat[fileStat.dev]) {
-          vfsStat.dirs = {};
-          vfsStat.dirs[pcapDir] = {};
-          devToStat[fileStat.dev] = vfsStat;
-        } else {
-          devToStat[fileStat.dev].dirs[pcapDir] = {};
-        }
-      });
-      cb(null);
-    },
-    function (err) {
-      // Now gow through all the local devices and check them
-      var keys = Object.keys(devToStat);
-      async.forEachSeries(keys, function (key, cb) {
-        expireCheckDevice(nodes, devToStat[key], cb);
-      }, function (err) {
-      });
-    });
-  });
-}
-//////////////////////////////////////////////////////////////////////////////////
-//// Sessions Query
-//////////////////////////////////////////////////////////////////////////////////
-function addSortToQuery(query, info, d) {
-
-  function addSortDefault() {
-    if (d) {
-      if (!query.sort) {
-        query.sort = [];
-      }
-      var obj = {};
-      obj[d] = {order: "asc"};
-      obj[d].missing = '_last';
-      query.sort.push(obj);
-    }
-  }
-
-  if (!info) {
-    addSortDefault();
-    return;
-  }
-
-  // New Method
-  if (info.order) {
-    if (info.order.length === 0) {
-      addSortDefault();
-      return;
-    }
-
-    if (!query.sort) {
-      query.sort = [];
-    }
-
-    info.order.split(",").forEach(function(item) {
-      var parts = item.split(":");
-      var field = parts[0];
-
-      var obj = {};
-      if (field === "firstPacket") {
-        obj.firstPacket = {order: parts[1]};
-      } else if (field === "lastPacket") {
-        obj.lastPacket = {order: parts[1]};
-      } else {
-        obj[field] = {order: parts[1]};
-      }
-
-      obj[field].unmapped_type = "string";
-      var fieldInfo  = Config.getDBFieldsMap()[field];
-      if (fieldInfo) {
-        if (fieldInfo.type === "ip") {
-          obj[field].unmapped_type = "ip";
-        } else if (fieldInfo.type === "integer") {
-          obj[field].unmapped_type = "long";
-        }
-      }
-      obj[field].missing = (parts[1] === 'asc'?'_last':'_first');
-      query.sort.push(obj);
-    });
-    return;
-  }
-
-  // Old Method
-  if (!info.iSortingCols || parseInt(info.iSortingCols, 10) === 0) {
-    addSortDefault();
-    return;
-  }
-
-  if (!query.sort) {
-    query.sort = [];
-  }
-
-  for (let i = 0, ilen = parseInt(info.iSortingCols, 10); i < ilen; i++) {
-    if (!info["iSortCol_" + i] || !info["sSortDir_" + i] || !info["mDataProp_" + info["iSortCol_" + i]]) {
-      continue;
-    }
-
-    var obj = {};
-    var field = info["mDataProp_" + info["iSortCol_" + i]];
-    obj[field] = {order: info["sSortDir_" + i]};
-    query.sort.push(obj);
-
-    if (field === "firstPacket") {
-      query.sort.push({firstPacket: {order: info["sSortDir_" + i]}});
-    } else if (field === "lastPacket") {
-      query.sort.push({lastPacket: {order: info["sSortDir_" + i]}});
-    }
-  }
-}
-
-/* This method fixes up parts of the query that jison builds to what ES actually
- * understands.  This includes mapping all the tag fields from strings to numbers
- * and any of the filename stuff
- */
-function lookupQueryItems(query, doneCb) {
-  if (Config.get("multiES", false)) {
-    return doneCb(null);
-  }
-
-  var outstanding = 0;
-  var finished = 0;
-  var err = null;
-
-  //jshint latedef: nofunc
-  function process(parent, obj, item) {
-    // console.log("\nprocess:\n", item, obj, typeof obj[item], "\n");
-    if (item === "fileand" && typeof obj[item] === "string") {
-      var name = obj.fileand;
-      delete obj.fileand;
-      outstanding++;
-      Db.fileNameToFiles(name, function (files) {
-        outstanding--;
-        if (files === null || files.length === 0) {
-          err = "File '" + name + "' not found";
-        } else if (files.length > 1) {
-          obj.bool = {should: []};
-          files.forEach(function(file) {
-            obj.bool.should.push({bool: {must: [{term: {node: file.node}}, {term: {fileId: file.num}}]}});
-          });
-        } else {
-          obj.bool = {must: [{term: {node: files[0].node}}, {term: {fileId: files[0].num}}]};
-        }
-        if (finished && outstanding === 0) {
-          doneCb(err);
-        }
-      });
-    } else if (item === 'field' && obj.field === 'fileand') {
-      obj.field = 'fileId';
-    } else if (typeof obj[item] === "object") {
-      convert(obj, obj[item]);
-    }
-  }
-
-  function convert(parent, obj) {
-    for (var item in obj) {
-      process(parent, obj, item);
-    }
-  }
-
-  convert(null, query);
-  if (outstanding === 0) {
-    return doneCb(err);
-  }
-
-  finished = 1;
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-//// determineQueryTimes(req)
-////
-//// Returns [startTimeSec, stopTimeSec, interval] using values from req.query.date,
-////   req.query.startTime, req.query.stopTime, req.query.interval, and
-////   req.query.segments.
-////
-//// This code was factored out from buildSessionQuery.
-//////////////////////////////////////////////////////////////////////////////////
-function determineQueryTimes (req) {
-  let startTimeSec = undefined;
-  let stopTimeSec = undefined;
-  let interval = 60*60;
-
-  if (Config.debug) {
-    console.log("determineQueryTimes", "req.query.date", req.query.date,
-                "req.query.segments", req.query.segments,
-                "req.query.startTime", req.query.startTime,
-                "req.query.stopTime", req.query.stopTime)
-  }
-
-  if ((req.query.date && req.query.date === '-1') ||
-      (req.query.segments && req.query.segments === "all")) {
-    interval = 60*60; // Hour to be safe
-
-  } else if ((req.query.startTime !== undefined) && (req.query.stopTime !== undefined)) {
-    if (! /^[0-9]+$/.test(req.query.startTime)) {
-      startTimeSec = Date.parse(req.query.startTime.replace('+', ' ')) / 1000;
-    } else {
-      startTimeSec = parseInt(req.query.startTime, 10);
-    }
-
-    if (! /^[0-9]+$/.test(req.query.stopTime)) {
-      stopTimeSec = Date.parse(req.query.stopTime.replace('+', ' ')) / 1000;
-    } else {
-      stopTimeSec = parseInt(req.query.stopTime, 10);
-    }
-
-    var diff = req.query.stopTime - req.query.startTime;
-    if (diff < 30*60) {
-      interval = 1; // second
-    } else if (diff <= 5*24*60*60) {
-      interval = 60; // minute
-    } else {
-      interval = 60*60; // hour
-    }
-
-  } else {
-    let queryDate = req.query.date || 1;
-    startTimeSec = (Math.floor(Date.now() / 1000) - 60*60*parseInt(queryDate, 10));
-    stopTimeSec = Date.now()/1000;
-
-    if (queryDate <= 5*24) {
-      interval = 60; // minute
-    } else {
-      interval = 60 * 60; // hour
-    }
-  }
-
-  switch (req.query.interval) {
-    case 'second':
-      interval = 1;
-      break;
-    case 'minute':
-      interval = 60;
-      break;
-    case 'hour':
-      interval = 60 * 60;
-      break;
-    case 'day':
-      interval = 60 * 60 * 24;
-      break;
-    case 'week':
-      interval = 60 * 60 * 24 * 7;
-      break;
-  }
-
-  if (Config.debug) {
-    console.log("determineQueryTimes", "startTimeSec", startTimeSec, "stopTimeSec", stopTimeSec, "interval", interval)
-  }
-
-  return [startTimeSec, stopTimeSec, interval];
-}
-
-function buildSessionQuery (req, buildCb) {
-  // validate time limit is not exceeded
-  let timeLimitExceeded = false;
-  var interval;
-
-  // determineQueryTimes calculates startTime, stopTime, and interval from req.query
-  let startAndStopParams = determineQueryTimes(req);
-  if (startAndStopParams[0] !== undefined) req.query.startTime = startAndStopParams[0];
-  if (startAndStopParams[1] !== undefined) req.query.stopTime = startAndStopParams[1];
-  interval = startAndStopParams[2];
-
-  if (parseInt(req.query.date) > parseInt(req.user.timeLimit) ||
-    (req.query.date === '-1') && req.user.timeLimit) {
-    timeLimitExceeded = true;
-
-  } else if ((req.query.startTime) && (req.query.stopTime) && (req.user.timeLimit) &&
-             ((req.query.stopTime - req.query.startTime) / 3600 > req.user.timeLimit)) {
-      timeLimitExceeded = true;
-  }
-
-  if (timeLimitExceeded) {
-    console.log(`${req.user.userName} trying to exceed time limit: ${req.user.timeLimit} hours`);
-    return buildCb(`User time limit (${req.user.timeLimit} hours) exceeded`, {});
-  }
-
-  var limit = Math.min(2000000, +req.query.length || +req.query.iDisplayLength || 100);
-
-  var query = {from: req.query.start || req.query.iDisplayStart || 0,
-               size: limit,
-               timeout: internals.esQueryTimeout,
-               query: {bool: {filter: []}}
-              };
-
-  if (query.from === 0) {
-    delete query.from;
-  }
-
-  if (req.query.strictly === "true") {
-    req.query.bounding = "both";
-  }
-
-  if ((req.query.date && req.query.date === '-1') ||
-      (req.query.segments && req.query.segments === "all")) {
-    // interval is already assigned above from result of determineQueryTimes
-
-  } else if (req.query.startTime !== undefined && req.query.stopTime) {
-    switch (req.query.bounding) {
-    case "first":
-      query.query.bool.filter.push({range: {firstPacket: {gte: req.query.startTime*1000, lte: req.query.stopTime*1000}}});
-      break;
-    default:
-    case "last":
-      query.query.bool.filter.push({range: {lastPacket: {gte: req.query.startTime*1000, lte: req.query.stopTime*1000}}});
-      break;
-    case "both":
-      query.query.bool.filter.push({range: {firstPacket: {gte: req.query.startTime*1000}}});
-      query.query.bool.filter.push({range: {lastPacket: {lte: req.query.stopTime*1000}}});
-      break;
-    case "either":
-      query.query.bool.filter.push({range: {firstPacket: {lte: req.query.stopTime*1000}}});
-      query.query.bool.filter.push({range: {lastPacket: {gte: req.query.startTime*1000}}});
-      break;
-    case "database":
-      query.query.bool.filter.push({range: {timestamp: {gte: req.query.startTime*1000, lte: req.query.stopTime*1000}}});
-      break;
-    }
-
-  } else {
-    switch (req.query.bounding) {
-    case "first":
-      query.query.bool.filter.push({range: {firstPacket: {gte: req.query.startTime*1000}}});
-      break;
-    default:
-    case "both":
-    case "last":
-      query.query.bool.filter.push({range: {lastPacket: {gte: req.query.startTime*1000}}});
-      break;
-    case "either":
-      query.query.bool.filter.push({range: {firstPacket: {lte: req.query.stopTime*1000}}});
-      query.query.bool.filter.push({range: {lastPacket: {gte: req.query.startTime*1000}}});
-      break;
-    case "database":
-      query.query.bool.filter.push({range: {timestamp: {gte: req.query.startTime*1000}}});
-      break;
-    }
-  }
-
-  if (req.query.facets) {
-    query.aggregations = {};
-    // only add map aggregations if requested
-    if (req.query.map === 'true') {
-      query.aggregations = {
-        mapG1: { terms: { field: 'srcGEO', size: 1000, min_doc_count: 1} },
-        mapG2: { terms: { field: 'dstGEO', size: 1000, min_doc_count: 1} },
-        mapG3: { terms: { field: 'http.xffGEO', size: 1000, min_doc_count: 1} }
-      };
-    }
-    query.aggregations.dbHisto = {
-      aggregations: {
-        srcDataBytes: { sum: { field: 'srcDataBytes' } },
-        dstDataBytes: { sum: { field: 'dstDataBytes' } },
-        srcBytes: { sum: { field: 'srcBytes' } },
-        dstBytes: { sum: { field: 'dstBytes' } },
-        srcPackets: { sum: { field: 'srcPackets' } },
-        dstPackets: { sum: { field: 'dstPackets' } }
-      }
-    };
-
-    switch (req.query.bounding) {
-    case 'first':
-       query.aggregations.dbHisto.histogram = { field:'firstPacket', interval:interval*1000, min_doc_count:1 };
-      break;
-    case 'database':
-      query.aggregations.dbHisto.histogram = { field:'timestamp', interval:interval*1000, min_doc_count:1 };
-      break;
-    default:
-      query.aggregations.dbHisto.histogram = { field:'lastPacket', interval:interval*1000, min_doc_count:1 };
-      break;
-    }
-  }
-
-  addSortToQuery(query, req.query, 'firstPacket');
-
-  let err = null;
-
-  molochparser.parser.yy = {
-    views: req.user.views,
-    fieldsMap: Config.getFieldsMap(),
-    prefix: internals.prefix,
-    emailSearch: req.user.emailSearch === true,
-    lookups: req.lookups,
-    lookupTypeMap: internals.lookupTypeMap
-  };
-
-  if (req.query.expression) {
-    //req.query.expression = req.query.expression.replace(/\\/g, "\\\\");
-    try {
-      query.query.bool.filter.push(molochparser.parse(req.query.expression));
-    } catch (e) {
-      err = e;
-    }
-  }
-
-  if (!err && req.query.view) {
-    addViewToQuery(req, query, continueBuildQuery, buildCb);
-  } else {
-    continueBuildQuery(req, query, err, buildCb);
-  }
-}
-
-function addViewToQuery(req, query, continueBuildQueryCb, finalCb) {
-  let err;
-  let viewExpression;
-  if (req.user.views && req.user.views[req.query.view]) { // it's a user's view
-    try {
-      viewExpression = molochparser.parse(req.user.views[req.query.view].expression);
-      query.query.bool.filter.push(viewExpression);
-    } catch (e) {
-      console.log(`ERROR - User expression (${req.query.view}) doesn't compile -`, e);
-      err = e;
-    }
-    continueBuildQueryCb(req, query, err, finalCb);
-  } else { // it's a shared view
-    Db.getUser('_moloch_shared', (err, sharedUser) => {
-      if (sharedUser && sharedUser.found) {
-        sharedUser = sharedUser._source;
-        sharedUser.views = sharedUser.views || {};
-        for (let viewName in sharedUser.views) {
-          if (viewName === req.query.view) {
-            viewExpression = sharedUser.views[viewName].expression;
-            break;
-          }
-        }
-        if (sharedUser.views[req.query.view]) {
-          try {
-            viewExpression = molochparser.parse(sharedUser.views[req.query.view].expression);
-            query.query.bool.filter.push(viewExpression);
-          } catch (e) {
-            console.log(`ERROR - Shared user expression (${req.query.view}) doesn't compile -`, e);
-            err = e;
-          }
-        }
-        continueBuildQueryCb(req, query, err, finalCb);
-      }
-    });
-  }
-}
-
-function continueBuildQuery(req, query, err, finalCb) {
-  if (!err && req.user.expression && req.user.expression.length > 0) {
-    try {
-      // Expression was set by admin, so assume email search ok
-      molochparser.parser.yy.emailSearch = true;
-      var userExpression = molochparser.parse(req.user.expression);
-      query.query.bool.filter.push(userExpression);
-    } catch (e) {
-      console.log(`ERROR - Forced expression (${req.user.expression}) doesn't compile -`, e);
-      err = e;
-    }
-  }
-
-  lookupQueryItems(query.query.bool.filter, function (lerr) {
-    if (req.query.date === '-1' ||                                      // An all query
-        Config.get("queryAllIndices", Config.get("multiES", false))) {  // queryAllIndices (default: multiES)
-      return finalCb(err || lerr, query, "sessions2-*"); // Then we just go against all indices for a slight overhead
-    }
-
-    Db.getIndices(req.query.startTime, req.query.stopTime, req.query.bounding, Config.get("rotateIndex", "daily"), function(indices) {
-      if (indices.length > 3000) { // Will url be too long
-        return finalCb(err || lerr, query, "sessions2-*");
-      } else {
-        return finalCb(err || lerr, query, indices);
-      }
-    });
-  });
-}
-//////////////////////////////////////////////////////////////////////////////////
-//// Sessions List
-//////////////////////////////////////////////////////////////////////////////////
-function sessionsListAddSegments(req, indices, query, list, cb) {
-  var processedRo = {};
-
-  // Index all the ids we have, so we don't include them again
-  var haveIds = {};
-  list.forEach(function(item) {
-    haveIds[item._id] = true;
-  });
-
-  delete query.aggregations;
-
-  // Do a ro search on each item
-  var writes = 0;
-  async.eachLimit(list, 10, function(item, nextCb) {
-    var fields = item._source || item.fields;
-    if (!fields.rootId || processedRo[fields.rootId]) {
-      if (writes++ > 100) {
-        writes = 0;
-        setImmediate(nextCb);
-      } else {
-        nextCb();
-      }
-      return;
-    }
-    processedRo[fields.rootId] = true;
-
-    query.query.bool.filter.push({term: {rootId: fields.rootId}});
-    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
-      if (err || result === undefined || result.hits === undefined || result.hits.hits === undefined) {
-        console.log("ERROR fetching matching sessions", err, result);
-        return nextCb(null);
-      }
-      result.hits.hits.forEach(function(item) {
-        if (!haveIds[item._id]) {
-          haveIds[item._id] = true;
-          list.push(item);
-        }
-      });
-      return nextCb(null);
-    });
-    query.query.bool.filter.pop();
-
-  }, function (err) {
-    cb(err, list);
-  });
-}
-
-function sessionsListFromQuery(req, res, fields, cb) {
-  if (req.query.segments && req.query.segments.match(/^(time|all)$/) && fields.indexOf("rootId") === -1) {
-    fields.push("rootId");
-  }
-
-  buildSessionQuery(req, function(err, query, indices) {
-    if (err) {
-      return res.send("Could not build query.  Err: " + err);
-    }
-    query._source = fields;
-    if (Config.debug) {
-      console.log("sessionsListFromQuery query", JSON.stringify(query, null, 1));
-    }
-    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
-      if (err || result.error) {
-          console.log("ERROR - Could not fetch list of sessions.  Err: ", err,  " Result: ", result, "query:", query);
-          return res.send("Could not fetch list of sessions.  Err: " + err + " Result: " + result);
-      }
-      var list = result.hits.hits;
-      if (req.query.segments && req.query.segments.match(/^(time|all)$/)) {
-        sessionsListAddSegments(req, indices, query, list, function(err, list) {
-          cb(err, list);
-        });
-      } else {
-        cb(err, list);
-      }
-    });
-  });
-}
-
-function sessionsListFromIds(req, ids, fields, cb) {
-  var processSegments = false;
-  if (req && ((req.query.segments && req.query.segments.match(/^(time|all)$/)) || (req.body.segments && req.body.segments.match(/^(time|all)$/)))) {
-    if (fields.indexOf("rootId") === -1) { fields.push("rootId"); }
-    processSegments = true;
-  }
-
-  let list = [];
-  let nonArrayFields = ["ipProtocol", "firstPacket", "lastPacket", "srcIp", "srcPort", "srcGEO", "dstIp", "dstPort", "dstGEO", "totBytes", "totDataBytes", "totPackets", "node", "rootId", "http.xffGEO"];
-  let fixFields = nonArrayFields.filter(function(x) {return fields.indexOf(x) !== -1;});
-
-  async.eachLimit(ids, 10, function(id, nextCb) {
-    Db.getWithOptions(Db.sid2Index(id), 'session', Db.sid2Id(id), {_source: fields.join(",")}, function(err, session) {
-      if (err) {
-        return nextCb(null);
-      }
-
-      for (let i = 0; i < fixFields.length; i++) {
-        var field = fixFields[i];
-        if (session._source[field] && Array.isArray(session._source[field])) {
-          session._source[field] = session._source[field][0];
-        }
-      }
-
-      list.push(session);
-      nextCb(null);
-    });
-  }, function(err) {
-    if (processSegments) {
-      buildSessionQuery(req, function(err, query, indices) {
-        query._source = fields;
-        sessionsListAddSegments(req, indices, query, list, function(err, list) {
-          cb(err, list);
-        });
-      });
-    } else {
-      cb(err, list);
-    }
-  });
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-//// APIs
-//////////////////////////////////////////////////////////////////////////////////
-app.get('/history/list', [noCacheJson, recordResponseTime, setCookie], (req, res) => {
-  let userId;
-  if (req.user.createEnabled) { // user is an admin, they can view all logs
-    // if the admin has requested a specific user
-    if (req.query.userId) { userId = req.query.userId; }
-  } else { // user isn't an admin, so they can only view their own logs
-    if (req.query.userId && req.query.userId !== req.user.userId) { return res.molochError(403, 'Need admin privileges'); }
-    userId = req.user.userId;
-  }
-
-  let query = {
-    sort: {},
-    from: +req.query.start  || 0,
-    size: +req.query.length || 1000
-  };
-
-  query.sort[req.query.sortField || 'timestamp'] = { order: req.query.desc === 'true' ? 'desc': 'asc'};
-
-  if (req.query.searchTerm || userId) {
-    query.query = { bool: { must: [] } };
-
-    if (req.query.searchTerm) { // apply search term
-      query.query.bool.must.push({
-        query_string: {
-          query : req.query.searchTerm,
-          fields: ['expression','userId','api','view.name','view.expression']
-        }
-      });
-    }
-
-    if (userId) { // filter on userId
-      query.query.bool.must.push({
-        wildcard: { userId: '*' + userId + '*' }
-      });
-    }
-  }
-
-  if (req.query.api) { // filter on api endpoint
-    if (!query.query) { query.query = { bool: { must: [] } }; }
-    query.query.bool.must.push({
-      wildcard: { api: '*' + req.query.api + '*' }
-    });
-  }
-
-  if (req.query.exists) {
-    if (!query.query) { query.query = { bool: { must: [] } }; }
-    let existsArr = req.query.exists.split(',');
-    for (let i = 0, len = existsArr.length; i < len; ++i) {
-      query.query.bool.must.push({
-        exists: { field:existsArr[i] }
-      });
-    }
-  }
-
-  // filter history table by a time range
-  if (req.query.startTime && req.query.stopTime) {
-    if (! /^[0-9]+$/.test(req.query.startTime)) {
-      req.query.startTime = Date.parse(req.query.startTime.replace("+", " "))/1000;
-    } else {
-      req.query.startTime = parseInt(req.query.startTime, 10);
-    }
-
-    if (! /^[0-9]+$/.test(req.query.stopTime)) {
-      req.query.stopTime = Date.parse(req.query.stopTime.replace("+", " "))/1000;
-    } else {
-      req.query.stopTime = parseInt(req.query.stopTime, 10);
-    }
-
-    if (!query.query) { query.query = { bool: {} }; }
-    query.query.bool.filter = [{
-      range: { timestamp: {
-        gte: req.query.startTime,
-        lte: req.query.stopTime
-      } }
-    }];
-  }
-
-  Promise.all([Db.searchHistory(query),
-               Db.numberOfLogs()
-              ])
-  .then(([logs, total]) => {
-    if (logs.error) { throw logs.error; }
-
-    let results = { total:logs.hits.total, results:[] };
-    for (let i = 0, ilen = logs.hits.hits.length; i < ilen; i++) {
-      let hit = logs.hits.hits[i];
-      let log = hit._source;
-      log.id = hit._id;
-      log.index = hit._index;
-      if (!req.user.createEnabled) {
-        // remove forced expression for reqs made by nonadmin users
-        log.forcedExpression = undefined;
-      }
-      results.results.push(log);
-    }
-    let r = {
-      recordsTotal: total.count,
-      recordsFiltered: results.total,
-      data: results.results
-    };
-    res.send(r);
-  }).catch(err => {
-    console.log('ERROR - /history/logs', err);
-    return res.molochError(500, 'Error retrieving log history - ' + err);
-  });
-});
-
-app.delete('/history/list/:id', [noCacheJson, checkCookieToken, checkPermissions(['createEnabled', 'removeEnabled'])], (req, res) => {
-  if (!req.query.index) { return res.molochError(403, 'Missing history index'); }
-
-  Db.deleteHistoryItem(req.params.id, req.query.index, function(err, result) {
-    if (err || result.error) {
-      console.log('ERROR - deleting history item', err || result.error);
-      return res.molochError(500, 'Error deleting history item');
-    } else {
-      res.send(JSON.stringify({success: true, text: 'Deleted history item successfully'}));
-    }
-  });
-});
-
-
-app.get('/fields', function(req, res) {
-  if (!app.locals.fieldsMap) {
-    res.status(404);
-    res.send('Cannot locate fields');
-  }
-
-  if (req.query && req.query.array) {
-    res.send(app.locals.fieldsArr);
-  } else {
-    res.send(app.locals.fieldsMap);
-  }
-});
-
-app.get('/file/list', [noCacheJson, recordResponseTime, logAction('files'), checkPermissions(['hideFiles']), setCookie], (req, res) => {
-  var columns = ["num", "node", "name", "locked", "first", "filesize"];
-
-  var query = {_source: columns,
-               from: +req.query.start || 0,
-               size: +req.query.length || 10,
-               sort: {}
-              };
-
-  query.sort[req.query.sortField || "num"] = { order: req.query.desc === "true" ? "desc": "asc"};
-
-  if (req.query.filter) {
-    query.query = {wildcard: {name: "*" + req.query.filter + "*"}};
-  }
-
-  Promise.all([Db.search('files', 'file', query),
-               Db.numberOfDocuments('files')
-              ])
-  .then(([files, total]) => {
-    if (files.error) {throw files.error;}
-
-    var results = {total: files.hits.total, results: []};
-    for (let i = 0, ilen = files.hits.hits.length; i < ilen; i++) {
-      var fields = files.hits.hits[i]._source || files.hits.hits[i].fields;
-      if (fields.locked === undefined) {
-        fields.locked = 0;
-      }
-      fields.id = files.hits.hits[i]._id;
-      results.results.push(fields);
-    }
-
-    var r = {recordsTotal: total.count,
-             recordsFiltered: results.total,
-             data: results.results};
-    res.logCounts(r.data.length, r.recordsFiltered, r.total);
-    res.send(r);
-
-  }).catch((err) => {
-    console.log("ERROR - /file/list", err);
-    return res.send({recordsTotal: 0, recordsFiltered: 0, data: []});
-  });
-});
-
-app.get('/titleconfig', checkPermissions(['webEnabled']), (req, res) => {
-  var titleConfig = Config.get('titleTemplate', '_cluster_ - _page_ _-view_ _-expression_');
-
-  titleConfig = titleConfig.replace(/_cluster_/g, internals.clusterName)
-    .replace(/_userId_/g, req.user?req.user.userId:"-")
-    .replace(/_userName_/g, req.user?req.user.userName:"-");
-
-  res.send(titleConfig);
-});
-
-app.get('/molochRightClick', [noCacheJson, checkPermissions(['webEnabled'])], (req, res) => {
-  if(!app.locals.molochRightClick) {
-    res.status(404);
-    res.send('Cannot locate right clicks');
-  }
-  res.send(app.locals.molochRightClick);
-});
-
-// No auth necessary for eshealth.json
-app.get('/eshealth.json', [noCacheJson], (req, res) => {
-  Db.healthCache(function(err, health) {
-    res.send(health);
-  });
-});
-
-app.get('/esindices/list', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
-  async.parallel({
-    indices: Db.indicesCache,
-    indicesSettings: Db.indicesSettingsCache
-  }, function (err, results) {
-    if (err) {
-      console.log ('ERROR -  /esindices/list', err);
-      return res.send({
-        recordsTotal: 0,
-        recordsFiltered: 0,
-        data: []
-      });
-    }
-
-    const indices = results.indices;
-    const indicesSettings = results.indicesSettings;
-
-    let findices = [];
-
-    // filtering
-    if (req.query.filter !== undefined) {
-      try {
-        const regex = new RE2(req.query.filter);
-        for (const index of indices) {
-          if (!index.index.match(regex)) { continue; }
-          findices.push(index);
-        }
-      } catch (e) {
-        return res.molochError(500, `Regex Error: ${e}`);
-      }
-    } else {
-      findices = indices;
-    }
-
-    // Add more fields from indicesSettings
-    for (const index of findices) {
-      if (!indicesSettings[index.index]) { continue; }
-
-      if (indicesSettings[index.index].settings['index.routing.allocation.require.molochtype']) {
-        index.molochtype = indicesSettings[index.index].settings['index.routing.allocation.require.molochtype'];
-      }
-
-      if (indicesSettings[index.index].settings['index.routing.allocation.total_shards_per_node']) {
-        index.shardsPerNode = indicesSettings[index.index].settings['index.routing.allocation.total_shards_per_node'];
-      }
-
-      index.creationDate = parseInt(indicesSettings[index.index].settings['index.creation_date']);
-      index.versionCreated = parseInt(indicesSettings[index.index].settings['index.version.created']);
-    }
-
-    // sorting
-    const sortField = req.query.sortField || 'index';
-    if (sortField === 'index' || sortField === 'status' || sortField === 'health') {
-      if (req.query.desc === 'true') {
-        findices = findices.sort(function (a, b) { return b[sortField].localeCompare(a[sortField]); });
-      } else {
-        findices = findices.sort(function (a, b) { return a[sortField].localeCompare(b[sortField]); });
-      }
-    } else {
-      if (req.query.desc === 'true') {
-        findices = findices.sort(function (a,b) { return b[sortField] - a[sortField]; });
-      } else {
-        findices = findices.sort(function (a,b) { return a[sortField] - b[sortField]; });
-      }
-    }
-
-    // send result
-    return res.send({
-      recordsTotal: indices.length,
-      recordsFiltered: findices.length,
-      data: findices
-    });
-  });
-});
-
-app.delete('/esindices/:index', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.params.index) {
-    return res.molochError(403, 'Missing index to delete');
-  }
-
-  Db.deleteIndex([req.params.index], {}, (err, result) => {
-    if (err) {
-      res.status(404);
-      return res.send(JSON.stringify({ success:false, text:'Error deleting index' }));
-    }
-    return res.send(JSON.stringify({ success: true, text: result }));
-  });
-});
-
-app.post('/esindices/:index/optimize', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.params.index) {
-    return res.molochError(403, 'Missing index to optimize');
-  }
-
-  Db.optimizeIndex([req.params.index], {}, (err, result) => {
-    if (err) {
-      console.log ("ERROR -", req.params.index, "optimize failed", err);
-    }
-  });
-
-  // Always return right away, optimizeIndex might block
-  return res.send(JSON.stringify({ success: true, text: {} }));
-});
-
-app.post('/esindices/:index/close', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.params.index) {
-    return res.molochError(403, 'Missing index to close');
-  }
-
-  Db.closeIndex([req.params.index], {}, (err, result) => {
-    if (err) {
-      res.status(404);
-      return res.send(JSON.stringify({ success:false, text:'Error closing index' }));
-    }
-    return res.send(JSON.stringify({ success: true, text: result }));
-  });
-});
-
-app.post('/esindices/:index/open', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.params.index) {
-    return res.molochError(403, 'Missing index to open');
-  }
-
-  Db.openIndex([req.params.index], {}, (err, result) => {
-    if (err) {
-      console.log ("ERROR -", req.params.index, "open failed", err);
-    }
-  });
-
-  // Always return right away, openIndex might block
-  return res.send(JSON.stringify({ success: true, text: {} }));
-});
-
-app.post('/esindices/:index/shrink', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.body || !req.body.target) {
-    return res.molochError(403, 'Missing target');
-  }
-
-  let settingsParams = {
-    body: {
-      'index.routing.allocation.total_shards_per_node': null,
-      'index.routing.allocation.require._name': req.body.target,
-      'index.blocks.write': true
-    }
-  };
-
-  Db.setIndexSettings(req.params.index, settingsParams, (err, results) => {
-    if (err) {
-      return res.send(JSON.stringify({
-        success: false,
-        text: err.message || 'Error shrinking index'
-      }));
-    }
-
-    let shrinkParams = {
-      body: {
-        settings: {
-          'index.routing.allocation.require._name': null,
-          'index.blocks.write': null,
-          'index.codec': 'best_compression',
-          'index.number_of_shards': req.body.numShards || 1
-        }
-      }
-    };
-
-    // wait for no more reloacting shards
-    let shrinkCheckInterval = setInterval(() => {
-      Db.healthCachePromise()
-        .then((result) => {
-          if (result.relocating_shards === 0) {
-            clearInterval(shrinkCheckInterval);
-            Db.shrinkIndex(req.params.index, shrinkParams, (err, results) => {
-              if (err) {
-                console.log(`ERROR - ${req.params.index} shrink failed`, err);
-              }
-              Db.indices((err, indexResult) => {
-                if (err) {
-                  console.log(`Error fetching ${req.params.index} and ${req.params.index}-shrink indices after shrinking`);
-                } else if (indexResult[0] && indexResult[1] &&
-                  indexResult[0]['docs.count'] === indexResult[1]['docs.count']) {
-                  Db.deleteIndex([req.params.index], {}, (err, result) => {
-                    if (err) {
-                      console.log(`Error deleting ${req.params.index} index after shrinking`);
-                    }
-                  });
-                }
-              }, `${req.params.index}-shrink,${req.params.index}`);
-            });
-          }
-        });
-    }, 10000);
-
-    // always return right away, shrinking might take a while
-    return res.send(JSON.stringify({ success: true }));
-  });
-});
-
-app.get('/estask/list', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
-  Db.tasks(function (err, tasks) {
-    if (err) {
-      console.log ('ERROR -  /estask/list', err);
-      return res.send({
-        recordsTotal: 0,
-        recordsFiltered: 0,
-        data: []
-      });
-    }
-
-    tasks = tasks.tasks;
-
-    let regex;
-    if (req.query.filter !== undefined) {
-      try {
-        regex = new RE2(req.query.filter);
-      } catch (e) {
-        return res.molochError(500, `Regex Error: ${e}`);
-      }
-    }
-
-    let rtasks = [];
-    for (const key in tasks) {
-      let task = tasks[key];
-
-      task.taskId = key;
-      if (task.children) {
-        task.childrenCount = task.children.length;
-      } else {
-        task.childrenCount = 0;
-      }
-      delete task.children;
-
-      if (req.query.cancellable && req.query.cancellable === 'true') {
-        if (!task.cancellable) { continue; }
-      }
-
-      if (task.headers['X-Opaque-Id']) {
-        let parts = splitRemain(task.headers['X-Opaque-Id'], '::', 1);
-        task.user = (parts.length === 1?'':parts[0]);
-      } else {
-        task.user = '';
-      }
-
-      if (regex && (!task.action.match(regex) && !task.user.match(regex))) { continue; }
-
-      rtasks.push(task);
-    }
-
-    const sortField = req.query.sortField || 'action';
-    if (sortField === 'action' || sortField === 'user') {
-      if (req.query.desc === 'true') {
-        rtasks = rtasks.sort(function (a, b) { return b.action.localeCompare(a.index); });
-      } else {
-        rtasks = rtasks.sort(function (a, b) { return a.action.localeCompare(b.index); });
-      }
-    } else {
-      if (req.query.desc === 'true') {
-        rtasks = rtasks.sort(function (a, b) { return b[sortField] - a[sortField]; });
-      } else {
-        rtasks = rtasks.sort(function (a, b) { return a[sortField] - b[sortField]; });
-      }
-    }
-
-    let size = parseInt(req.query.size) || 1000;
-    if (rtasks.length > size) {
-      rtasks = rtasks.slice(0, size);
-    }
-
-    return res.send({
-      recordsTotal: Object.keys(tasks).length,
-      recordsFiltered: rtasks.length,
-      data: rtasks
-    });
-  });
-});
-
-app.post('/estask/cancel', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.body || !req.body.taskId) {
-    return res.molochError(403, 'Missing/Empty required fields');
-  }
-
-  Db.taskCancel(req.body.taskId, (err, result) => {
-    return res.send(JSON.stringify({ success: true, text: result }));
-  });
-});
-
-app.post('/estask/cancelById', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.body || !req.body.cancelId) {
-    return res.molochError(403, 'Missing cancel ID');
-  }
-
-  Db.cancelByOpaqueId(`${req.user.userId}::${req.body.cancelId}`, (err, result) => {
-    return res.send(JSON.stringify({ success: true, text: result }));
-  });
-});
-
-app.post('/estask/cancelAll', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  Db.taskCancel(undefined, (err, result) => {
-    return res.send(JSON.stringify({ success: true, text: result }));
-  });
-});
-
-//////////////////////////////////////////////////////////////////////////////////
-function checkEsAdminUser (req, res, next) {
-  if (internals.esAdminUsers.includes(req.user.userId)) {
-    return next();
-  }
-  return res.molochError(403, 'You do not have permission to access this resource');
-}
-
-app.get('/esadmin/list', [noCacheJson, recordResponseTime, checkEsAdminUser, setCookie], (req, res) => {
-  Promise.all([Db.getClusterSettings({flatSettings: true, include_defaults: true})
-              ]).then(([settings]) => {
-    let rsettings = [];
-
-    function addSetting(key, type, name, url, regex) {
-      let current = settings.transient[key];
-      if (current === undefined) { current = settings.persistent[key]; }
-      if (current === undefined) { current = settings.defaults[key]; }
-      if (current === undefined) { return; }
-      rsettings.push({key: key, current: current, name: name, type: type, url: url, regex: regex});
-    }
-
-    addSetting('search.max_buckets', 'Integer',
-               'Max Aggregation Size',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket.html',
-               '^(|null|\\d+)$');
-
-    addSetting('cluster.routing.allocation.disk.watermark.flood_stage', 'Percent or Byte Value',
-               'Disk Watermark Flood',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html',
-               '^(|null|\\d+(%|b|kb|mb|gb|tb|pb))$');
-
-    addSetting('cluster.routing.allocation.disk.watermark.high', 'Percent or Byte Value',
-               'Disk Watermark High',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html',
-               '^(|null|\\d+(%|b|kb|mb|gb|tb|pb))$');
-
-    addSetting('cluster.routing.allocation.disk.watermark.low', 'Percent or Byte Value',
-               'Disk Watermark Low',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html',
-               '^(|null|\\d+(%|b|kb|mb|gb|tb|pb))$');
-
-    addSetting('cluster.routing.allocation.enable', 'Mode',
-               'Allocation Mode',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/shards-allocation.html',
-               '^(all|primaries|new_primaries|none)$');
-
-    addSetting('cluster.routing.allocation.cluster_concurrent_rebalance', 'Integer',
-               'Concurrent Rebalances',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/shards-allocation.html',
-               '^(|null|\\d+)$');
-
-    addSetting('cluster.routing.allocation.node_concurrent_recoveries', 'Integer',
-               'Concurrent Recoveries',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/shards-allocation.html',
-               '^(|null|\\d+)$');
-
-    addSetting('cluster.routing.allocation.node_initial_primaries_recoveries', 'Integer',
-               'Initial Primaries Recoveries',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/shards-allocation.html',
-               '^(|null|\\d+)$');
-
-    addSetting('cluster.max_shards_per_node', 'Integer',
-               'Max Shards per Node',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/master/misc-cluster.html',
-               '^(|null|\\d+)$');
-
-    addSetting('indices.recovery.max_bytes_per_sec', 'Byte Value',
-               'Recovery Max Bytes per Second',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/recovery.html',
-               '^(|null|\\d+(b|kb|mb|gb|tb|pb))$');
-
-    addSetting('cluster.routing.allocation.awareness.attributes', 'List of Attributes',
-               'Shard Allocation Awareness',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/allocation-awareness.html',
-               '^(|null|[a-z0-9_,-]+)$');
-
-    addSetting('indices.breaker.total.limit', 'Percent',
-               'Breaker - Total Limit',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/circuit-breaker.html',
-               '^(|null|\\d+%)$');
-
-    addSetting('indices.breaker.fielddata.limit', 'Percent',
-               'Breaker - Field data',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/circuit-breaker.html',
-               '^(|null|\\d+%)$');
-
-
-    return res.send(rsettings);
-  });
-});
-
-app.post('/esadmin/set', [noCacheJson, recordResponseTime, checkEsAdminUser, checkCookieToken], (req, res) => {
-
-  if (req.body.key === undefined) { return res.molochError(500, 'Missing key'); }
-  if (req.body.value === undefined) { return res.molochError(500, 'Missing value'); }
-
-  // Convert null string to null
-  if (req.body.value === 'null') { req.body.value = null; }
-
-  let query = {body: {persistent: {}}};
-  query.body.persistent[req.body.key] = req.body.value || null;
-
-  Db.putClusterSettings(query, function(err, result) {
-    if (err) {
-      console.log("putSettings failed", result);
-      return res.molochError(500, 'Set failed');
-    }
-    return res.send(JSON.stringify({ success: true, text: 'Set'}));
-  });
-});
-
-app.post('/esadmin/reroute', [noCacheJson, recordResponseTime, checkEsAdminUser, checkCookieToken], (req, res) => {
-  Db.reroute((err) => {
-    if (err) {
-      return res.send(JSON.stringify({ success: true, text: 'Reroute failed'}));
-    } else {
-      return res.send(JSON.stringify({ success: true, text: 'Reroute successful'}));
-    }
-  });
-});
-
-app.post('/esadmin/flush', [noCacheJson, recordResponseTime, checkEsAdminUser, checkCookieToken], (req, res) => {
-  Db.refresh('*');
-  Db.flush('*');
-  return res.send(JSON.stringify({ success: true, text: 'Flushed'}));
-});
-
-app.post('/esadmin/unflood', [noCacheJson, recordResponseTime, checkEsAdminUser, checkCookieToken], (req, res) => {
-  Db.setIndexSettings('*', {'index.blocks.read_only_allow_delete': null});
-  return res.send(JSON.stringify({ success: true, text: 'Unflood'}));
-});
-
-app.get('/esshard/list', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
-  Promise.all([
-    Db.shards(),
-    Db.getClusterSettings({flatSettings: true})
-  ]).then(([shards, settings]) => {
-    let ipExcludes = [];
-    if (settings.persistent['cluster.routing.allocation.exclude._ip']) {
-      ipExcludes = settings.persistent['cluster.routing.allocation.exclude._ip'].split(',');
-    }
-
-    let nodeExcludes = [];
-    if (settings.persistent['cluster.routing.allocation.exclude._name']) {
-      nodeExcludes = settings.persistent['cluster.routing.allocation.exclude._name'].split(',');
-    }
-
-    var regex;
-    if (req.query.filter !== undefined) {
-      try {
-        regex = new RE2(req.query.filter.toLowerCase());
-      } catch (e) {
-        return res.molochError(500, `Regex Error: ${e}`);
-      }
-    }
-
-    let result = {};
-    let nodes = {};
-
-    for (var shard of shards) {
-      if (shard.node === null || shard.node === "null") { shard.node = "Unassigned"; }
-
-      if (! (req.query.show === 'all' ||
-            shard.state === req.query.show ||    //  Show only matching stage
-            (shard.state !== 'STARTED' && req.query.show === 'notstarted'))) {
-        continue;
-      }
-
-      if (regex && !shard.index.toLowerCase().match(regex) && !shard.node.toLowerCase().match(regex)) { continue; }
-
-      if (result[shard.index] === undefined) {
-        result[shard.index] = {name: shard.index, nodes: {}};
-      }
-      if (result[shard.index].nodes[shard.node] === undefined) {
-        result[shard.index].nodes[shard.node] = [];
-      }
-      result[shard.index].nodes[shard.node].push(shard);
-      nodes[shard.node] = {ip: shard.ip, ipExcluded: ipExcludes.includes(shard.ip), nodeExcluded: nodeExcludes.includes(shard.node)};
-
-      result[shard.index].nodes[shard.node]
-        .sort((a, b) => {
-          return a.shard - b.shard;
-        });
-
-      delete shard.node;
-      delete shard.index;
-    }
-
-    let indices = Object.keys(result).map((k) => result[k]);
-    if (req.query.desc === 'true') {
-      indices = indices.sort(function (a, b) {
-        return b.name.localeCompare(a.name);
-      });
-    } else {
-      indices = indices.sort(function (a, b) {
-        return a.name.localeCompare(b.name);
-      });
-    }
-    res.send({nodes: nodes, indices: indices, nodeExcludes: nodeExcludes, ipExcludes: ipExcludes});
-  });
-});
-
-app.post('/esshard/exclude/:type/:value', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (Config.get("multiES", false)) { return res.molochError(401, "Not supported in multies"); }
-
-  Db.getClusterSettings({flatSettings: true}, function(err, settings) {
-    let exclude = [];
-    let settingName;
-
-    if (req.params.type === 'ip') {
-      settingName = 'cluster.routing.allocation.exclude._ip';
-    } else if (req.params.type === 'name') {
-      settingName = 'cluster.routing.allocation.exclude._name';
-    } else {
-      return res.molochError(403, 'Unknown exclude type');
-    }
-
-    if (settings.persistent[settingName]) {
-      exclude = settings.persistent[settingName].split(',');
-    }
-
-    if (!exclude.includes(req.params.value)) {
-      exclude.push(req.params.value);
-    }
-    var query = {body: {persistent: {}}};
-    query.body.persistent[settingName] = exclude.join(',');
-
-    Db.putClusterSettings(query, function(err, settings) {
-      if (err) {console.log("putSettings", err);}
-      return res.send(JSON.stringify({ success: true, text: 'Excluded'}));
-    });
-  });
-});
-
-app.post('/esshard/include/:type/:value', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (Config.get("multiES", false)) { return res.molochError(401, "Not supported in multies"); }
-
-  Db.getClusterSettings({flatSettings: true}, function(err, settings) {
-    let exclude = [];
-    let settingName;
-
-    if (req.params.type === 'ip') {
-      settingName = 'cluster.routing.allocation.exclude._ip';
-    } else if (req.params.type === 'name') {
-      settingName = 'cluster.routing.allocation.exclude._name';
-    } else {
-      return res.molochError(403, 'Unknown include type');
-    }
-
-    if (settings.persistent[settingName]) {
-      exclude = settings.persistent[settingName].split(',');
-    }
-
-    let pos = exclude.indexOf(req.params.value);
-    if (pos > -1) {
-      exclude.splice(pos, 1);
-    }
-    var query = {body: {persistent: {}}};
-    query.body.persistent[settingName] = exclude.join(',');
-
-    Db.putClusterSettings(query, function(err, settings) {
-      if (err) {console.log("putSettings", err);}
-      return res.send(JSON.stringify({ success: true, text: 'Included'}));
-    });
-  });
-});
-
-app.get('/esrecovery/list', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
-  const sortField = (req.query.sortField || 'index') + (req.query.desc === 'true' ? ':desc' : '');
-
-  Promise.all([Db.recovery(sortField)]).then(([recoveries]) => {
-    let regex;
-    if (req.query.filter !== undefined) {
-      try {
-        regex = new RE2(req.query.filter);
-      } catch (e) {
-        return res.molochError(500, `Regex Error: ${e}`);
-      }
-    }
-
-    let result = [];
-
-    for (const recovery of recoveries) {
-      if (! (req.query.show === 'all' ||
-        recovery.stage === req.query.show || // Show only matching stage
-        (recovery.stage !== 'done' && req.query.show === 'notdone'))) {
-        continue;
-      }
-
-      // filtering
-      if (regex && !recovery.index.match(regex) &&
-        !recovery.target_node.match(regex) &&
-        !recovery.source_node.match(regex)) {
-        continue;
-      }
-
-      result.push(recovery);
-    }
-
-    res.send({
-      recordsTotal: recoveries.length,
-      recordsFiltered: result.length,
-      data: result
-    });
-  }).catch((err) => {
-    console.log ('ERROR -  /esrecovery/list', err);
-    return res.send({
-      recordsTotal: 0,
-      recordsFiltered: 0,
-      data: []
-    });
-  });
-});
-
-app.get('/esstats.json', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
-  let stats = [];
-  let r;
-
-  Promise.all([Db.nodesStatsCache(),
-               Db.nodesInfoCache(),
-               Db.masterCache(),
-               Db.healthCachePromise(),
-               Db.getClusterSettings({flatSettings: true})
-             ])
-  .then(([nodesStats, nodesInfo, master, health, settings]) => {
-
-    let ipExcludes = [];
-    if (settings.persistent['cluster.routing.allocation.exclude._ip']) {
-      ipExcludes = settings.persistent['cluster.routing.allocation.exclude._ip'].split(',');
-    }
-
-    let nodeExcludes = [];
-    if (settings.persistent['cluster.routing.allocation.exclude._name']) {
-      nodeExcludes = settings.persistent['cluster.routing.allocation.exclude._name'].split(',');
-    }
-
-    const now = new Date().getTime();
-    while (internals.previousNodesStats.length > 1 && internals.previousNodesStats[1].timestamp + 10000 < now) {
-      internals.previousNodesStats.shift();
-    }
-
-    let regex;
-    if (req.query.filter !== undefined) {
-      try {
-        regex = new RE2(req.query.filter);
-      } catch (e) {
-        return res.molochError(500, `Regex Error: ${e}`);
-      }
-    }
-
-    const nodeKeys = Object.keys(nodesStats.nodes);
-    for (let n = 0, nlen = nodeKeys.length; n < nlen; n++) {
-      let node = nodesStats.nodes[nodeKeys[n]];
-
-      if (nodeKeys[n] === 'timestamp' || (regex && !node.name.match(regex))) { continue; }
-
-      let read = 0;
-      let write = 0;
-      let rejected = 0;
-      let completed = 0;
-
-      let writeInfo = node.thread_pool.bulk || node.thread_pool.write;
-
-      const oldnode = internals.previousNodesStats[0][nodeKeys[n]];
-      if (oldnode !== undefined && node.fs.io_stats !== undefined && oldnode.fs.io_stats !== undefined && 'total' in node.fs.io_stats) {
-        const timediffsec = (node.timestamp - oldnode.timestamp)/1000.0;
-        read = Math.max(0, Math.ceil((node.fs.io_stats.total.read_kilobytes - oldnode.fs.io_stats.total.read_kilobytes)/timediffsec*1024));
-        write = Math.max(0, Math.ceil((node.fs.io_stats.total.write_kilobytes - oldnode.fs.io_stats.total.write_kilobytes)/timediffsec*1024));
-
-        let writeInfoOld = oldnode.thread_pool.bulk || oldnode.thread_pool.write;
-
-        completed = Math.max(0, Math.ceil((writeInfo.completed - writeInfoOld.completed)/timediffsec));
-        rejected = Math.max(0, Math.ceil((writeInfo.rejected - writeInfoOld.rejected)/timediffsec));
-      }
-
-      const ip = (node.ip ? node.ip.split(':')[0] : node.host);
-
-      let threadpoolInfo;
-      let version = "";
-      let molochtype;
-      if (nodesInfo.nodes[nodeKeys[n]]) {
-        threadpoolInfo = nodesInfo.nodes[nodeKeys[n]].thread_pool.bulk || nodesInfo.nodes[nodeKeys[n]].thread_pool.write;
-        version = nodesInfo.nodes[nodeKeys[n]].version;
-        if (nodesInfo.nodes[nodeKeys[n]].attributes) {
-          molochtype = nodesInfo.nodes[nodeKeys[n]].attributes.molochtype;
-        }
-      } else {
-        threadpoolInfo = { queue_size: 0 };
-      }
-
-      stats.push({
-        name: node.name,
-        ip: ip,
-        ipExcluded: ipExcludes.includes(ip),
-        nodeExcluded: nodeExcludes.includes(node.name),
-        storeSize: node.indices.store.size_in_bytes,
-        freeSize: node.roles.includes("data")?node.fs.total.available_in_bytes:0,
-        docs: node.indices.docs.count,
-        searches: node.indices.search.query_current,
-        searchesTime: node.indices.search.query_time_in_millis,
-        heapSize: node.jvm.mem.heap_used_in_bytes,
-        nonHeapSize: node.jvm.mem.non_heap_used_in_bytes,
-        cpu: node.process.cpu.percent,
-        read: read,
-        write: write,
-        writesRejected: writeInfo.rejected,
-        writesCompleted: writeInfo.completed,
-        writesRejectedDelta: rejected,
-        writesCompletedDelta: completed,
-        writesQueueSize: threadpoolInfo.queue_size,
-        load: node.os.load_average !== undefined ? /* ES 2*/ node.os.load_average : /*ES 5*/ node.os.cpu.load_average["5m"],
-        version: version,
-        molochtype: molochtype,
-        roles: node.roles,
-        isMaster: (master.length > 0 && node.name === master[0].node)
-      });
-    }
-
-    if (req.query.sortField && stats.length > 1) {
-      let field = req.query.sortField === 'nodeName'?'name':req.query.sortField;
-      if (typeof(stats[0][field]) === 'string') {
-        if (req.query.desc === 'true') {
-          stats = stats.sort(function(a,b){ return b[field].localeCompare(a[field]); });
-        } else {
-          stats = stats.sort(function(a,b){ return a[field].localeCompare(b[field]); });
-        }
-      } else {
-        if (req.query.desc === 'true') {
-          stats = stats.sort(function(a,b){ return b[field] - a[field]; });
-        } else {
-          stats = stats.sort(function(a,b){ return a[field] - b[field]; });
-        }
-      }
-    }
-
-    nodesStats.nodes.timestamp = new Date().getTime();
-    internals.previousNodesStats.push(nodesStats.nodes);
-
-    r = {
-      health: health,
-      recordsTotal: nodeKeys.length,
-      recordsFiltered: stats.length,
-      data: stats
-    };
-
-    res.send(r);
-  }).catch((err) => {
-    console.log ('ERROR -  /esstats.json', err);
-    r = {
-      health: Db.healthCache(),
-      recordsTotal: 0,
-      recordsFiltered: 0,
-      data: []
-    };
-    return res.send(r);
-  });
-});
-
-function mergeUnarray(to, from) {
-  for (var key in from) {
-    if (Array.isArray(from[key])) {
-      to[key] = from[key][0];
-    } else {
-      to[key] = from[key];
-    }
-  }
-}
-
-// No auth necessary for parliament.json
-app.get('/parliament.json', [noCacheJson], (req, res) => {
-  let query = {
-    size: 500,
-    _source: [
-      'ver', 'nodeName', 'currentTime', 'monitoring', 'deltaBytes', 'deltaPackets', 'deltaMS',
-      'deltaESDropped', 'deltaDropped', 'deltaOverloadDropped'
-    ]
-  };
-
-  Promise.all([Db.search('stats', 'stat', query), Db.numberOfDocuments('stats')])
-    .then(([stats, total]) => {
-      if (stats.error) { throw stats.error; }
-
-      let results = { total: stats.hits.total, results: [] };
-
-      for (let i = 0, ilen = stats.hits.hits.length; i < ilen; i++) {
-        let fields = stats.hits.hits[i]._source || stats.hits.hits[i].fields;
-
-        if (stats.hits.hits[i]._source) {
-          mergeUnarray(fields, stats.hits.hits[i].fields);
-        }
-        fields.id = stats.hits.hits[i]._id;
-
-        // make sure necessary fields are not undefined
-        let keys = [ 'deltaOverloadDropped', 'monitoring', 'deltaESDropped' ];
-        for (const key of keys) {
-          fields[key] = fields[key] || 0;
-        }
-
-        fields.deltaBytesPerSec         = Math.floor(fields.deltaBytes * 1000.0/fields.deltaMS);
-        fields.deltaPacketsPerSec       = Math.floor(fields.deltaPackets * 1000.0/fields.deltaMS);
-        fields.deltaESDroppedPerSec     = Math.floor(fields.deltaESDropped * 1000.0/fields.deltaMS);
-        fields.deltaTotalDroppedPerSec  = Math.floor((fields.deltaDropped + fields.deltaOverloadDropped) * 1000.0/fields.deltaMS);
-
-        results.results.push(fields);
-      }
-
-      res.send({
-        data: results.results,
-        recordsTotal: total.count,
-        recordsFiltered: results.total
-      });
-    }).catch((err) => {
-      console.log('ERROR - /parliament.json', err);
-      res.send({ recordsTotal: 0, recordsFiltered: 0, data: [] });
-    });
-});
-
-app.get('/stats.json', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
-  let query = {
-    from: 0,
-    size: 10000,
-    query: {
-      bool: {
-        must: [],
-        should: [],
-        must_not: [
-          { term: { hide: true } }
-        ]
-      }
-    }
-  };
-
-  if (req.query.filter !== undefined && req.query.filter !== '') {
-    const names = req.query.filter.split(',');
-    for (let name of names) {
-      name = name.trim();
-      if (name !== '') {
-        query.query.bool.should.push({
-          wildcard: { nodeName: '*' + name + '*' }
-        });
-      }
-    }
-  }
-
-  let rquery = {
-    query: {term: {locked: 0}},
-    size: 0,
-    aggregations: {
-      buckets: {
-        terms: {field: "node", size: 1000},
-        aggregations: {
-          first: {min: {field: "first"}}
-        }
-      }
-    }
-  };
-
-  if (req.query.hide !== undefined && req.query.hide !== 'none') {
-    if (req.query.hide === 'old' || req.query.hide === 'both') {
-      query.query.bool.must.push({ range: { currentTime: { gte: 'now-5m'} } });
-    }
-    if (req.query.hide === 'nosession' || req.query.hide === 'both') {
-      query.query.bool.must.push({ range: { monitoring: { gte: '1'} } });
-    }
-  }
-
-  let now = Math.floor(Date.now() / 1000);
-
-  Promise.all([Db.search('stats', 'stat', query),
-               Db.numberOfDocuments('stats'),
-               Db.search('files', 'file', rquery)
-  ]).then(([stats, total, retention]) => {
-    if (stats.error) { throw stats.error; }
-
-    if (retention.aggregations.buckets && retention.aggregations.buckets.buckets) {
-      retention = arrayToObject(retention.aggregations.buckets.buckets, "key");
-    } else {
-      retention = {};
-    }
-
-    let results = { total: stats.hits.total, results: [] };
-
-    for (let i = 0, ilen = stats.hits.hits.length; i < ilen; i++) {
-      let fields = stats.hits.hits[i]._source || stats.hits.hits[i].fields;
-      if (stats.hits.hits[i]._source) {
-        mergeUnarray(fields, stats.hits.hits[i].fields);
-      }
-      fields.id = stats.hits.hits[i]._id;
-
-      if (retention[fields.id]) {
-        fields.retention                  = now - retention[fields.id].first.value;
-      } else {
-        fields.retention                  = 0;
-      }
-
-      fields.deltaBytesPerSec           = Math.floor(fields.deltaBytes * 1000.0/fields.deltaMS);
-      fields.deltaWrittenBytesPerSec    = Math.floor(fields.deltaWrittenBytes * 1000.0/fields.deltaMS);
-      fields.deltaUnwrittenBytesPerSec  = Math.floor(fields.deltaUnwrittenBytes * 1000.0/fields.deltaMS);
-      fields.deltaBitsPerSec            = Math.floor(fields.deltaBytes * 1000.0/fields.deltaMS * 8);
-      fields.deltaPacketsPerSec         = Math.floor(fields.deltaPackets * 1000.0/fields.deltaMS);
-      fields.deltaSessionsPerSec        = Math.floor(fields.deltaSessions * 1000.0/fields.deltaMS);
-      fields.deltaSessionBytesPerSec    = Math.floor(fields.deltaSessionBytes * 1000.0/fields.deltaMS);
-      fields.sessionSizePerSec          = Math.floor(fields.deltaSessionBytes/fields.deltaSessions);
-      fields.deltaDroppedPerSec         = Math.floor(fields.deltaDropped * 1000.0/fields.deltaMS);
-      fields.deltaFragsDroppedPerSec    = Math.floor(fields.deltaFragsDropped * 1000.0/fields.deltaMS);
-      fields.deltaOverloadDroppedPerSec = Math.floor(fields.deltaOverloadDropped * 1000.0/fields.deltaMS);
-      fields.deltaESDroppedPerSec       = Math.floor(fields.deltaESDropped * 1000.0/fields.deltaMS);
-      fields.deltaTotalDroppedPerSec    = Math.floor((fields.deltaDropped + fields.deltaOverloadDropped) * 1000.0/fields.deltaMS);
-      results.results.push(fields);
-    }
-
-    // sort after all the results are aggregated
-    req.query.sortField = req.query.sortField || 'nodeName';
-    if (results.results[0] && results.results[0][req.query.sortField] !== undefined) { // make sure the field exists to sort on
-      results.results = results.results.sort((a, b) => {
-        if (req.query.desc === 'true') {
-          if (!isNaN(a[req.query.sortField])) {
-            return b[req.query.sortField] - a[req.query.sortField];
-          } else {
-            return b[req.query.sortField].localeCompare(a[req.query.sortField]);
-          }
-        } else {
-          if (!isNaN(a[req.query.sortField])) {
-            return a[req.query.sortField] - b[req.query.sortField];
-          } else {
-            return a[req.query.sortField].localeCompare(b[req.query.sortField]);
-          }
-        }
-      });
-    }
-
-    let from = +req.query.start || 0;
-    let stop = from + (+req.query.length || 500);
-
-    let r = {
-      recordsTotal: total.count,
-      recordsFiltered: results.results.length,
-      data: results.results.slice(from, stop)
-    };
-
-    res.send(r);
-  }).catch((err) => {
-    console.log('ERROR - /stats.json', query, err);
-    res.send({ recordsTotal: 0, recordsFiltered: 0, data: [] });
-  });
-});
-
-app.get('/dstats.json', [noCacheJson, checkPermissions(['hideStats'])], (req, res) => {
-  var nodeName = req.query.nodeName;
-
-  var query = {
-    query: {
-      bool: {
-        filter: [
-          {
-            range: { currentTime: { from: req.query.start, to: req.query.stop } }
-          },
-          {
-            term: { interval: req.query.interval || 60}
-          }
-        ]
-      }
-    }
-  };
-
-  if (nodeName !== undefined && nodeName !== 'Total' && nodeName !== 'Average') {
-    query.sort = {currentTime: {order: 'desc' }};
-    query.size = req.query.size || 1440;
-    query.query.bool.filter.push({term: { nodeName: nodeName}});
-  } else {
-    query.size = 100000;
-  }
-
-  var mapping = {
-    deltaBits: {_source: ["deltaBytes"], func: function (item) {return Math.floor(item.deltaBytes * 8.0);}},
-    deltaTotalDropped: {_source: ["deltaDropped", "deltaOverloadDropped"], func: function (item) {return Math.floor(item.deltaDropped + item.deltaOverloadDropped);}},
-    deltaBytesPerSec: {_source: ["deltaBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaBytes * 1000.0/item.deltaMS);}},
-    deltaBitsPerSec: {_source: ["deltaBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaBytes * 1000.0/item.deltaMS * 8);}},
-    deltaWrittenBytesPerSec: {_source: ["deltaWrittenBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaWrittenBytes * 1000.0/item.deltaMS);}},
-    deltaUnwrittenBytesPerSec: {_source: ["deltaUnwrittenBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaUnwrittenBytes * 1000.0/item.deltaMS);}},
-    deltaPacketsPerSec: {_source: ["deltaPackets", "deltaMS"], func: function(item) {return Math.floor(item.deltaPackets * 1000.0/item.deltaMS);}},
-    deltaSessionsPerSec: {_source: ["deltaSessions", "deltaMS"], func: function(item) {return Math.floor(item.deltaSessions * 1000.0/item.deltaMS);}},
-    deltaSessionBytesPerSec: {_source: ["deltaSessionBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaSessionBytes * 1000.0/item.deltaMS);}},
-    sessionSizePerSec: {_source: ["deltaSessionBytes", "deltaSessions"], func: function(item) {return Math.floor(item.deltaSessionBytes/item.deltaSessions);}},
-    deltaDroppedPerSec: {_source: ["deltaDropped", "deltaMS"], func: function(item) {return Math.floor(item.deltaDropped * 1000.0/item.deltaMS);}},
-    deltaFragsDroppedPerSec: {_source: ["deltaFragsDropped", "deltaMS"], func: function(item) {return Math.floor(item.deltaFragsDropped * 1000.0/item.deltaMS);}},
-    deltaOverloadDroppedPerSec: {_source: ["deltaOverloadDropped", "deltaMS"], func: function(item) {return Math.floor(item.deltaOverloadDropped * 1000.0/item.deltaMS);}},
-    deltaESDroppedPerSec: {_source: ["deltaESDropped", "deltaMS"], func: function(item) {return Math.floor(item.deltaESDropped * 1000.0/item.deltaMS);}},
-    deltaTotalDroppedPerSec: {_source: ["deltaDropped", "deltaOverloadDropped", "deltaMS"], func: function(item) {return Math.floor((item.deltaDropped + item.deltaOverloadDropped) * 1000.0/item.deltaMS);}},
-    cpu: {_source: ["cpu"], func: function (item) {return item.cpu * 0.01;}}
-  };
-
-  query._source = mapping[req.query.name]?mapping[req.query.name]._source:[req.query.name];
-  query._source.push("nodeName", "currentTime");
-
-  var func = mapping[req.query.name]?mapping[req.query.name].func:function(item) {return item[req.query.name];};
-
-  Db.searchScroll('dstats', 'dstat', query, {filter_path: "_scroll_id,hits.total,hits.hits._source"}, function(err, result) {
-    if (err || result.error) {
-      console.log("ERROR - dstats", query, err || result.error);
-    }
-    var i, ilen;
-    var data = {};
-    var num = (req.query.stop - req.query.start)/req.query.step;
-
-    var mult = 1;
-    if (req.query.name === "freeSpaceM" || req.query.name === "usedSpaceM") {
-      mult = 1000000;
-    }
-
-    //console.log("dstats.json result", util.inspect(result, false, 50));
-
-    if (result && result.hits && result.hits.hits) {
-      for (i = 0, ilen = result.hits.hits.length; i < ilen; i++) {
-        var fields = result.hits.hits[i]._source;
-        var pos = Math.floor((fields.currentTime - req.query.start)/req.query.step);
-
-        if (data[fields.nodeName] === undefined) {
-          data[fields.nodeName] = arrayZeroFill(num);
-        }
-        data[fields.nodeName][pos] = mult * func(fields);
-      }
-    }
-    if (nodeName === undefined) {
-      res.send(data);
-    } else {
-      if (data[nodeName] === undefined) {
-        data[nodeName] = arrayZeroFill(num);
-      }
-      if (nodeName === 'Total' || nodeName === 'Average') {
-        delete data[nodeName];
-        var data2 = arrayZeroFill(num);
-        var cnt = 0;
-        for (var key in data) {
-          for (i = 0; i < num; i++) {
-            data2[i] += data[key][i];
-          }
-          cnt++;
-        }
-        if (nodeName === 'Average') {
-          for (i = 0; i < num; i++) {
-            data2[i] /= cnt;
-          }
-        }
-        res.send(data2);
-      } else {
-        res.send(data[req.query.nodeName]);
-      }
-    }
-  });
-});
-
-app.get('/:nodeName/:fileNum/filesize.json', [noCacheJson, checkPermissions(['hideFiles'])], (req, res) => {
-  Db.fileIdToFile(req.params.nodeName, req.params.fileNum, (file) => {
-    if (!file) {
-      return res.send({filesize: -1});
-    }
-
-    fs.stat(file.name, (err, stats) => {
-      if (err || !stats) {
-        return res.send({filesize: -1});
-      } else {
-        return res.send({filesize: stats.size});
-      }
-    });
-  });
-});
-
-function mapMerge (aggregations) {
-  let map = { src: {}, dst: {}, xffGeo: {} };
-
-  if (!aggregations || !aggregations.mapG1) {
-    return {};
-  }
-
-  aggregations.mapG1.buckets.forEach(function (item) {
-    map.src[item.key] = item.doc_count;
-  });
-
-  aggregations.mapG2.buckets.forEach(function (item) {
-    map.dst[item.key] = item.doc_count;
-  });
-
-  aggregations.mapG3.buckets.forEach(function (item) {
-    map.xffGeo[item.key] = item.doc_count;
-  });
-
-  return map;
-}
-
-function graphMerge(req, query, aggregations) {
-  let graph = {
-    lpHisto: [],
-    db1Histo: [],
-    db2Histo: [],
-    pa1Histo: [],
-    pa2Histo: [],
-    by1Histo: [],
-    by2Histo: [],
-    xmin: req.query.startTime * 1000|| null,
-    xmax: req.query.stopTime * 1000 || null,
-    interval: query.aggregations?query.aggregations.dbHisto.histogram.interval / 1000 || 60 : 60
-  };
-
-  if (!aggregations || !aggregations.dbHisto) {
-    return graph;
-  }
-
-  graph.interval = query.aggregations?(query.aggregations.dbHisto.histogram.interval / 1000) || 60 : 60;
-
-  aggregations.dbHisto.buckets.forEach(function (item) {
-    let key = item.key;
-    graph.lpHisto.push([key, item.doc_count]);
-    graph.pa1Histo.push([key, item.srcPackets.value]);
-    graph.pa2Histo.push([key, item.dstPackets.value]);
-    graph.db1Histo.push([key, item.srcDataBytes.value]);
-    graph.db2Histo.push([key, item.dstDataBytes.value]);
-    graph.by1Histo.push([key, item.srcBytes.value]);
-    graph.by2Histo.push([key, item.dstBytes.value]);
-  });
-
-  return graph;
-}
-
-function fixFields(fields, fixCb) {
-  if (!fields.fileId) {
-    fields.fileId = [];
-    return fixCb(null, fields);
-  }
-
-  var files = [];
-  async.forEachSeries(fields.fileId, function (item, cb) {
-    Db.fileIdToFile(fields.node, item, function (file) {
-      if (file && file.locked === 1) {
-        files.push(file.name);
-      }
-      cb(null);
-    });
-  },
-  function(err) {
-    fields.fileId = files;
-    fixCb(err, fields);
-  });
-}
-
-/**
- * Flattens fields that are objects (only goes 1 level deep)
- *
- * @example
- * { http: { statuscode: [200, 302] } } => { "http.statuscode": [200, 302] }
- * @example
- * { cert: [ { alt: ["test.com"] } ] } => { "cert.alt": ["test.com"] }
- *
- * @param {object} fields The object containing fields to be flattened
- * @returns {object} fields The object with fields flattened
- */
-function flattenFields(fields) {
-  let newFields = {};
-
-  for (let key in fields) {
-    if (fields.hasOwnProperty(key)) {
-      let field = fields[key];
-      let baseKey = key + '.';
-      if (typeof field === 'object' && !field.length) {
-        // flatten out object
-        for (let nestedKey in field) {
-          if (field.hasOwnProperty(nestedKey)) {
-            let nestedField = field[nestedKey];
-            let newKey = baseKey + nestedKey;
-            newFields[newKey] = nestedField;
-          }
-        }
-        fields[key] = null;
-        delete fields[key];
-      } else if (Array.isArray(field)) {
-        // flatten out list
-        for (let nestedField of field) {
-          if (typeof nestedField === 'object') {
-            for (let nestedKey in nestedField) {
-              let newKey = baseKey + nestedKey;
-              if (newFields[newKey] === undefined) {
-                newFields[newKey] = nestedField[nestedKey];
-              } else if (Array.isArray(newFields[newKey])) {
-                newFields[newKey].push(nestedField[nestedKey]);
-              } else {
-                newFields[newKey] = [newFields[newKey], nestedField[nestedKey]];
-              }
-            }
-            fields[key] = null;
-            delete fields[key];
-          }
-        }
-      }
-    }
-  }
-
-  for (let key in newFields) {
-    if (newFields.hasOwnProperty(key)) {
-      fields[key] = newFields[key];
-    }
-  }
-
-  return fields;
-}
-
-app.use('/buildQuery.json', [noCacheJson, logAction('query')], function(req, res, next) {
-
-  if (req.method === "POST") {
-    req.query = req.body;
-  } else if (req.method !== "GET") {
-    next();
-  }
-
-  buildSessionQuery(req, function(bsqErr, query, indices) {
-    if (bsqErr) {
-      res.send({ recordsTotal: 0,
-                 recordsFiltered: 0,
-                 bsqErr: bsqErr.toString()
-               });
-      return;
-    }
-
-    if (req.query.fields) {
-      query._source = queryValueToArray(req.query.fields);
-    }
-
-    res.send({"esquery": query, "indices": indices});
-  });
-});
-
-app.get('/sessions.json', [noCacheJson, recordResponseTime, logAction('sessions'), setCookie], (req, res) => {
-  var graph = {};
-  var map = {};
-
-  let options;
-  if (req.query.cancelId) { options = { cancelId: `${req.user.userId}::${req.query.cancelId}` }; }
-
-  buildSessionQuery(req, function (bsqErr, query, indices) {
-    if (bsqErr) {
-      const r = {
-        recordsTotal: 0,
-        recordsFiltered: 0,
-        graph: {},
-        map: {},
-        bsqErr: bsqErr.toString(),
-        health: Db.healthCache(),
-        data:[]
-      };
-      return res.send(r);
-    }
-
-    let addMissing = false;
-    if (req.query.fields) {
-      query._source = queryValueToArray(req.query.fields);
-      ['node', 'srcIp', 'srcPort', 'dstIp', 'dstPort'].forEach((item) => {
-        if (query._source.indexOf(item) === -1) {
-          query._source.push(item);
-        }
-      });
-    } else {
-      addMissing = true;
-      query._source = [
-        'ipProtocol', 'rootId', 'totDataBytes', 'srcDataBytes',
-        'dstDataBytes', 'firstPacket', 'lastPacket', 'srcIp', 'srcPort',
-        'dstIp', 'dstPort', 'totPackets', 'srcPackets', 'dstPackets',
-        'totBytes', 'srcBytes', 'dstBytes', 'node', 'http.uri', 'srcGEO',
-        'dstGEO', 'email.subject', 'email.src', 'email.dst', 'email.filename',
-        'dns.host', 'cert', 'irc.channel', 'http.xffGEO'
-      ];
-    }
-
-    if (query.aggregations && query.aggregations.dbHisto) {
-      graph.interval = query.aggregations.dbHisto.histogram.interval;
-    }
-
-    if (Config.debug) {
-      console.log(`sessions.json ${indices} query`, JSON.stringify(query, null, 1));
-    }
-
-    Promise.all([Db.searchPrimary(indices, 'session', query, options),
-                 Db.numberOfDocuments('sessions2-*'),
-                 Db.healthCachePromise()
-    ]).then(([sessions, total, health]) => {
-      if (Config.debug) {
-        console.log('sessions.json result', util.inspect(sessions, false, 50));
-      }
-
-      if (sessions.error) { throw sessions.err; }
-
-      graph = graphMerge(req, query, sessions.aggregations);
-      map = mapMerge(sessions.aggregations);
-
-      var results = {total: sessions.hits.total, results: []};
-      async.each(sessions.hits.hits, function (hit, hitCb) {
-        var fields = hit._source || hit.fields;
-        if (fields === undefined) {
-          return hitCb(null);
-        }
-        //fields.index = hit._index;
-        fields.id = Db.session2Sid(hit);
-
-        if (req.query.flatten === '1') {
-          fields = flattenFields(fields);
-        }
-
-        if (addMissing) {
-          ['srcPackets', 'dstPackets', 'srcBytes', 'dstBytes', 'srcDataBytes', 'dstDataBytes'].forEach(function(item) {
-            if (fields[item] === undefined) {
-              fields[item] = -1;
-            }
-          });
-          results.results.push(fields);
-          return hitCb();
-        } else {
-          fixFields(fields, function() {
-            results.results.push(fields);
-            return hitCb();
-          });
-        }
-      }, function () {
-        var r = {recordsTotal: total.count,
-                 recordsFiltered: (results?results.total:0),
-                 graph: graph,
-                 health: health,
-                 map: map,
-                 data: (results?results.results:[])};
-        res.logCounts(r.data.length, r.recordsFiltered, r.recordsTotal);
-        try {
-          res.send(r);
-        } catch (c) {
-        }
-      });
-    }).catch ((err) => {
-      console.log('ERROR - /sessions.json error', err);
-      var r = {recordsTotal: 0,
-               recordsFiltered: 0,
-               graph: {},
-               map: {},
-               health: Db.healthCache(),
-               data:[]};
-      res.send(r);
-    });
-  });
-});
-
-app.get('/spigraph.json', [noCacheJson, recordResponseTime, logAction('spigraph'), fieldToExp, setCookie], (req, res) => {
-  req.query.facets = 1;
-
-  buildSessionQuery(req, function(bsqErr, query, indices) {
-    var results = {items: [], graph: {}, map: {}};
-    if (bsqErr) {
-      return res.molochError(403, bsqErr.toString());
-    }
-
-    let options;
-    if (req.query.cancelId) { options = { cancelId: `${req.user.userId}::${req.query.cancelId}` }; }
-
-    delete query.sort;
-    query.size = 0;
-    var size = +req.query.size || 20;
-
-    var field = req.query.field || 'node';
-
-    if (req.query.exp === 'ip.dst:port') { field = 'ip.dst:port'; }
-
-    if (field === 'ip.dst:port') {
-      query.aggregations.field = { terms: { field: 'dstIp', size: size }, aggregations: { sub: { terms: { field: 'dstPort', size: size } } } };
-    } else if (field === 'fileand') {
-      query.aggregations.field = { terms: { field: 'node', size: 1000 }, aggregations: { sub: { terms: { field: 'fileId', size: size } } } };
-    } else {
-      query.aggregations.field = { terms: { field: field, size: size * 2 } };
-    }
-
-    Promise.all([
-      Db.healthCachePromise(),
-      Db.numberOfDocuments('sessions2-*'),
-      Db.searchPrimary(indices, 'session', query, options)
-    ]).then(([health, total, result]) => {
-      if (result.error) { throw result.error; }
-
-      results.health = health;
-      results.recordsTotal = total.count;
-      results.recordsFiltered = result.hits.total;
-
-      results.graph = graphMerge(req, query, result.aggregations);
-      results.map = mapMerge(result.aggregations);
-
-      if (!result.aggregations) {
-        result.aggregations = {field: {buckets: []}};
-      }
-
-      let aggs = result.aggregations.field.buckets;
-      let filter = { term: {} };
-      let sfilter = { term: {} };
-      query.query.bool.filter.push(filter);
-
-      if (field === 'ip.dst:port') {
-        query.query.bool.filter.push(sfilter);
-      }
-
-      delete query.aggregations.field;
-
-      let queriesInfo = [];
-      function endCb () {
-        queriesInfo = queriesInfo.sort((a, b) => {return b.doc_count - a.doc_count;}).slice(0, size * 2);
-        let queries = queriesInfo.map((item) => {return item.query;});
-
-        Db.msearch(indices, 'session', queries, options, function(err, result) {
-          if (!result.responses) {
-            return res.send(results);
-          }
-
-          result.responses.forEach(function(item, i) {
-            var r = {name: queriesInfo[i].key, count: queriesInfo[i].doc_count};
-
-            r.graph = graphMerge(req, query, result.responses[i].aggregations);
-            if (r.graph.xmin === null) {
-              r.graph.xmin = results.graph.xmin || results.graph.pa1Histo[0][0];
-            }
-
-            if (r.graph.xmax === null) {
-              r.graph.xmax = results.graph.xmax || results.graph.pa1Histo[results.graph.pa1Histo.length - 1][0];
-            }
-
-            r.map = mapMerge(result.responses[i].aggregations);
-            results.items.push(r);
-            r.lpHisto = 0.0;
-            r.dbHisto = 0.0;
-            r.byHisto = 0.0;
-            r.paHisto = 0.0;
-            var graph = r.graph;
-            for (let i = 0; i < graph.lpHisto.length; i++) {
-              r.lpHisto += graph.lpHisto[i][1];
-              r.dbHisto += graph.db1Histo[i][1] + graph.db2Histo[i][1];
-              r.byHisto += graph.by1Histo[i][1] + graph.by2Histo[i][1];
-              r.paHisto += graph.pa1Histo[i][1] + graph.pa2Histo[i][1];
-            }
-            if (results.items.length === result.responses.length) {
-              var s = req.query.sort || 'lpHisto';
-              results.items = results.items.sort(function (a, b) {
-                var result;
-                if (s === 'name') { result = a.name.localeCompare(b.name); }
-                else { result = b[s] - a[s]; }
-                return result;
-              }).slice(0, size);
-              return res.send(results);
-            }
-          });
-        });
-      }
-
-      let intermediateResults = [];
-      function findFileNames () {
-        async.each(intermediateResults, function (fsitem, cb) {
-          let split = fsitem.key.split(':');
-          let node = split[0];
-          let fileId = split[1];
-          Db.fileIdToFile(node, fileId, function (file) {
-            if (file && file.name) {
-              queriesInfo.push({ key: file.name, doc_count: fsitem.doc_count, query: fsitem.query });
-            }
-            cb();
-          });
-        }, function () {
-          endCb();
-        });
-      }
-
-      aggs.forEach((item) => {
-        if (field === 'ip.dst:port') {
-          filter.term.dstIp = item.key;
-          let sep = (item.key.indexOf(":") === -1)? ':' : '.';
-          item.sub.buckets.forEach((sitem) => {
-            sfilter.term.dstPort = sitem.key;
-            queriesInfo.push({key: item.key + sep + sitem.key, doc_count: sitem.doc_count, query: JSON.stringify(query)});
-          });
-        } else if (field === 'fileand') {
-          filter.term.node = item.key;
-          item.sub.buckets.forEach((sitem) => {
-            sfilter.term.fileand = sitem.key;
-            intermediateResults.push({key: filter.term.node + ':' + sitem.key, doc_count: sitem.doc_count, query: JSON.stringify(query)});
-          });
-        } else {
-          filter.term[field] = item.key;
-          queriesInfo.push({key: item.key, doc_count: item.doc_count, query: JSON.stringify(query)});
-        }
-      });
-
-      if (field === 'fileand') { return findFileNames(); }
-
-      return endCb();
-    }).catch((err) => {
-      console.log('spigraph.json error', err);
-      return res.molochError(403, errorString(err));
-    });
-  });
-});
-
-app.get('/spiview.json', [noCacheJson, recordResponseTime, logAction('spiview'), setCookie], (req, res) => {
-
-  if (req.query.spi === undefined) {
-    return res.send({spi:{}, recordsTotal: 0, recordsFiltered: 0});
-  }
-
-  var spiDataMaxIndices = +Config.get("spiDataMaxIndices", 4);
-
-  if (req.query.date === '-1' && spiDataMaxIndices !== -1) {
-    return res.send({spi: {}, bsqErr: "'All' date range not allowed for spiview query"});
-  }
-
-  buildSessionQuery(req, function(bsqErr, query, indices) {
-    if (bsqErr) {
-      var r = {spi: {},
-               bsqErr: bsqErr.toString(),
-               health: Db.healthCache()
-              };
-      return res.send(r);
-    }
-
-    delete query.sort;
-
-    if (!query.aggregations) {
-      query.aggregations = {};
-    }
-
-    if (req.query.facets) {
-      query.aggregations.protocols = {terms: {field: "protocol", size:1000}};
-    }
-
-    queryValueToArray(req.query.spi).forEach(function (item) {
-      var parts = item.split(":");
-      if (parts[0] === "fileand") {
-        query.aggregations[parts[0]] = {terms: {field: "node", size: 1000}, aggregations: {fileId: {terms: {field: "fileId", size: parts.length>1?parseInt(parts[1],10):10}}}};
-      } else {
-        query.aggregations[parts[0]] = {terms: {field: parts[0]}};
-
-        if (parts.length > 1) {
-          query.aggregations[parts[0]].terms.size = parseInt(parts[1], 10);
-        }
-      }
-    });
-    query.size = 0;
-
-    // console.log("spiview.json query", JSON.stringify(query), "indices", indices);
-
-    var graph;
-    var map;
-
-    var indicesa = indices.split(",");
-    if (spiDataMaxIndices !== -1 && indicesa.length > spiDataMaxIndices) {
-      bsqErr = "To save ES from blowing up, reducing number of spi data indices searched from " + indicesa.length + " to " + spiDataMaxIndices + ".  This can be increased by setting spiDataMaxIndices in the config file.  Indices being searched: ";
-      indices = indicesa.slice(-spiDataMaxIndices).join(",");
-      bsqErr += indices;
-    }
-
-    var recordsFiltered = 0;
-    var protocols;
-
-    Promise.all([Db.searchPrimary(indices, 'session', query, null),
-                 Db.numberOfDocuments('sessions2-*'),
-                 Db.healthCachePromise()
-    ]).then(([sessions, total, health]) => {
-      if (Config.debug) {
-        console.log("spiview.json result", util.inspect(sessions, false, 50));
-      }
-
-      if (sessions.error) {
-        bsqErr = errorString(null, sessions);
-        console.log("spiview.json ERROR", (sessions?sessions.error:null));
-        sendResult();
-        return;
-      }
-
-      recordsFiltered = sessions.hits.total;
-
-      if (!sessions.aggregations) {
-        sessions.aggregations = {};
-        for (var spi in query.aggregations) {
-          sessions.aggregations[spi] = {sum_other_doc_count: 0, buckets: []};
-        }
-      }
-
-      if (sessions.aggregations.ipProtocol) {
-        sessions.aggregations.ipProtocol.buckets.forEach(function (item) {
-          item.key = Pcap.protocol2Name(item.key);
-        });
-      }
-
-      if (req.query.facets) {
-        graph = graphMerge(req, query, sessions.aggregations);
-        map = mapMerge(sessions.aggregations);
-        protocols = {};
-        sessions.aggregations.protocols.buckets.forEach(function (item) {
-          protocols[item.key] = item.doc_count;
-        });
-
-        delete sessions.aggregations.dbHisto;
-        delete sessions.aggregations.byHisto;
-        delete sessions.aggregations.mapG1;
-        delete sessions.aggregations.mapG2;
-        delete sessions.aggregations.mapG3;
-        delete sessions.aggregations.protocols;
-      }
-
-      function sendResult() {
-        r = {health: health,
-             recordsTotal: total.count,
-             spi: sessions.aggregations,
-             recordsFiltered: recordsFiltered,
-             graph: graph,
-             map: map,
-             protocols: protocols,
-             bsqErr: bsqErr
-        };
-        res.logCounts(r.spi.count, r.recordsFiltered, r.total);
-        try {
-          res.send(r);
-        } catch (c) {
-        }
-      }
-
-      if (!sessions.aggregations.fileand) {
-        return sendResult();
-      }
-
-      var nresults = [];
-      var sodc = 0;
-      async.each(sessions.aggregations.fileand.buckets, function(nobucket, cb) {
-        sodc += nobucket.fileId.sum_other_doc_count;
-        async.each(nobucket.fileId.buckets, function (fsitem, cb) {
-          Db.fileIdToFile(nobucket.key, fsitem.key, function(file) {
-            if (file && file.name) {
-              nresults.push({key: file.name, doc_count: fsitem.doc_count});
-            }
-            cb();
-          });
-        }, function () {
-          cb();
-        });
-      }, function () {
-        nresults = nresults.sort(function(a, b) {
-          if (a.doc_count === b.doc_count) {
-            return a.key.localeCompare(b.key);
-          }
-          return b.doc_count - a.doc_count;
-        });
-        sessions.aggregations.fileand = {doc_count_error_upper_bound: 0, sum_other_doc_count: sodc, buckets: nresults};
-        return sendResult();
-      });
-    });
-  });
-});
-
-app.get('/dns.json', [noCacheJson, logAction()], function(req, res) {
-  console.log("dns.json", req.query);
-  dns.reverse(req.query.ip, function (err, data) {
-    if (err) {
-      return res.send({hosts: []});
-    }
-    return res.send({hosts: data});
-  });
-});
-
-function buildConnections(req, res, cb) {
-
-  let dstipport;
-  if (req.query.dstField === 'ip.dst:port') {
-    dstipport = true;
-    req.query.dstField = 'dstIp';
-  }
-
-  req.query.srcField       = req.query.srcField || 'srcIp';
-  req.query.dstField       = req.query.dstField || 'dstIp';
-  req.query.iDisplayLength = req.query.iDisplayLength || '5000';
-  let fsrc                 = req.query.srcField;
-  let fdst                 = req.query.dstField;
-  let minConn              = req.query.minConn || 1;
-
-  // If network graph baseline is enabled (enabled: req.query.baseline=1, disabled:req.query.baseline=0 or undefined)
-  //   then two queries will be run (ie., run buildSessionQuery->searchPrimary->process twice): first for the
-  //   original specified time frame and second for the same time frame immediately preceding it.
-  // Nodes have an .inresult attribute where:
-  //   0 = 00 = not in either result set (although you'll never see these, obviously)
-  //   1 = 01 = seen during the "current" time frame but not in the "baseline" time frame (ie., "new")
-  //   2 = 10 = seen during the "baseline" time frame but not in the "current" time frame (ie., "old")
-  //   3 = 11 = seen during both the "current" time frame and the "baseline" time frame
-  // This is only performed where startTime/startTime are defined, and never for "all" time range (date=-1).
-  let doBaseline = 0;
-  if ((req.query.date !== '-1') && (req.query.startTime !== undefined) && (req.query.stopTime !== undefined)) {
-    doBaseline = req.query.baseline || 0;
-  }
-
-  let dstIsIp = fdst.match(/(\.ip|Ip)$/);
-
-  let nodesHash = {};
-  let connects = {};
-  let nodes = [];
-  let links = [];
-  let totalHits = 0;
-
-  let dbFieldsMap = Config.getDBFieldsMap();
-  function updateValues (data, property, fields) {
-    for (let i in fields) {
-      let dbField = fields[i];
-      let field = dbFieldsMap[dbField];
-      if (data.hasOwnProperty(dbField)) {
-        // sum integers
-        if (field.type === 'integer' && field.category !== 'port') {
-          property[dbField] = (property[dbField] || 0) + data[dbField];
-        } else { // make a list of values
-          if (!property[dbField]) { property[dbField] = []; }
-          // make all values an array (because sometimes they are by default)
-          let values = [ data[dbField] ];
-          if (Array.isArray(data[dbField])) {
-            values = data[dbField];
-          }
-          for (let value of values) {
-            property[dbField].push(value);
-          }
-          if (property[dbField] && Array.isArray(property[dbField])) {
-            property[dbField] = [ ...new Set(property[dbField]) ]; // unique only
-          }
-        }
-      }
-    }
-  }
-
-  function process (vsrc, vdst, f, fields, resultId) {
-    // ES 6 is returning formatted timestamps instead of ms like pre 6 did
-    // https://github.com/elastic/elasticsearch/issues/27740
-    if (vsrc.length === 24 && vsrc[23] === 'Z' && vsrc.match(/^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d.\d\d\dZ$/)) {
-      vsrc = new Date(vsrc).getTime();
-    }
-    if (vdst.length === 24 && vdst[23] === 'Z' && vdst.match(/^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d.\d\d\dZ$/)) {
-      vdst = new Date(vdst).getTime();
-    }
-
-    if (nodesHash[vsrc] === undefined) {
-      nodesHash[vsrc] = { id: `${vsrc}`, cnt: 0, sessions: 0, inresult: 0 };
-    }
-
-    nodesHash[vsrc].sessions++;
-    nodesHash[vsrc].type |= 1;
-    nodesHash[vsrc].inresult |= resultId;
-    updateValues(f, nodesHash[vsrc], fields);
-
-    if (nodesHash[vdst] === undefined) {
-      nodesHash[vdst] = { id: `${vdst}`, cnt: 0, sessions: 0, inresult: 0 };
-    }
-
-    nodesHash[vdst].sessions++;
-    nodesHash[vdst].type |= 2;
-    nodesHash[vdst].inresult |= resultId;
-    updateValues(f, nodesHash[vdst], fields);
-
-    let linkId = `${vsrc}->${vdst}`;
-    if (connects[linkId] === undefined) {
-      connects[linkId] = { value: 0, source: vsrc, target: vdst };
-      nodesHash[vsrc].cnt++;
-      nodesHash[vdst].cnt++;
-    }
-
-    connects[linkId].value++;
-    updateValues(f, connects[linkId], fields);
-  }
-
-  // This loop (which handles buildSessionQuery->searchPrimary->process) will be run
-  //   once or twice, depending on if baseline is enabled:
-  //   1. for the "current" time frame, the one specified originally in req.query
-  //   2. for the "baseline" time frame immediately prior to the time frame of "1."
-  //      (only if baseline is enabled)
-  // The call to process() will ensure the resultId value is OR'ed into the .inresult
-  //   attribute of each node.
-  let maxResultId = 1 + ((doBaseline == 0) ? 0 : 1);
-
-  for (let resultId = 1; resultId <= maxResultId; resultId++) {
-
-    if (resultId > 1) {
-      // replace current time frame start/stop values with baseline time frame start/stop values
-      let currentQueryTimes = determineQueryTimes(req);
-      console.log("buildConnections baseline.0", "startTime", currentQueryTimes[0], "stopTime", currentQueryTimes[1])
-      if ((currentQueryTimes[0] !== undefined) && (currentQueryTimes[1] !== undefined)) {
-        let diff = currentQueryTimes[1] - currentQueryTimes[0];
-        req.query.stopTime = currentQueryTimes[0]-1;
-        req.query.startTime = req.query.stopTime-diff;
-        console.log("buildConnections baseline.1", "startTime", req.query.startTime, "stopTime", req.query.stopTime, "diff", diff)
-      }
-    }
-
-    buildSessionQuery(req, function(bsqErr, query, indices) {
-      if (bsqErr) {
-        return cb(bsqErr, 0, 0, 0);
-      }
-      query.query.bool.filter.push({exists: {field: req.query.srcField}});
-      query.query.bool.filter.push({exists: {field: req.query.dstField}});
-
-      // get the requested fields
-      let fields = ['totBytes', 'totDataBytes', 'totPackets', 'node'];
-      if (req.query.fields) { fields = req.query.fields.split(','); }
-      query._source = fields;
-      query.docvalue_fields = [fsrc, fdst];
-
-      if (dstipport) {
-        query._source.push('dstPort');
-      }
-
-      let options;
-      if (req.query.cancelId) { options = { cancelId: `${req.user.userId}::${req.query.cancelId}` }; }
-
-      if (Config.debug) {
-        console.log('buildConnections query', JSON.stringify(query, null, 2));
-      }
-
-      Db.searchPrimary(indices, 'session', query, options, function (err, graph) {
-        if (Config.debug) {
-          console.log('buildConnections result', JSON.stringify(graph, null, 2));
-        }
-
-        if (err || graph.error) {
-          console.log('Build Connections ERROR', err, graph.error);
-          return cb(err || graph.error);
-        }
-
-        async.eachLimit(graph.hits.hits, 10, function (hit, hitCb) {
-          let f = hit._source;
-          f = flattenFields(f);
-
-          let asrc = hit.fields[fsrc];
-          let adst = hit.fields[fdst];
-
-          if (asrc === undefined || adst === undefined) {
-            return setImmediate(hitCb);
-          }
-
-          if (!Array.isArray(asrc)) {
-            asrc = [asrc];
-          }
-
-          if (!Array.isArray(adst)) {
-            adst = [adst];
-          }
-
-          for (let vsrc of asrc) {
-            for (let vdst of adst) {
-              if (dstIsIp && dstipport) {
-                if (vdst.includes(':')) {
-                  vdst += '.' + f.dstPort;
-                } else {
-                  vdst += ':' + f.dstPort;
-                }
-              }
-              process(vsrc, vdst, f, fields, resultId);
-            }
-          }
-          setImmediate(hitCb);
-
-        }, function (err) {
-
-          // accumulate graph.hits.total into totalHits so that recordsFiltered
-          // represents both current and baseline queries if baseline is enabled
-          totalHits += graph.hits.total;
-
-          // only calculate final return values if we are in the last loop iteration
-          if (resultId >= maxResultId) {
-            let nodeKeys = Object.keys(nodesHash);
-            if (Config.get('regressionTests', false)) {
-              nodeKeys = nodeKeys.sort(function (a,b) { return nodesHash[a].id.localeCompare(nodesHash[b].id); });
-            }
-            for (let node of nodeKeys) {
-              if (nodesHash[node].cnt < minConn) {
-                nodesHash[node].pos = -1;
-              } else {
-                nodesHash[node].pos = nodes.length;
-                nodes.push(nodesHash[node]);
-              }
-            }
-
-            for (let key in connects) {
-              var c = connects[key];
-              c.source = nodesHash[c.source].pos;
-              c.target = nodesHash[c.target].pos;
-              if (c.source >= 0 && c.target >= 0) {
-                links.push(connects[key]);
-              }
-            }
-
-            if (Config.debug) {
-              console.log('nodesHash', nodesHash);
-              console.log('connects', connects);
-              console.log('nodes', nodes.length, nodes);
-              console.log('links', links.length, links);
-            }
-
-            return cb(null, nodes, links, totalHits);
-          }
-        });
-      });
-    });
-  }
-}
-
-app.get('/connections.json', [noCacheJson, recordResponseTime, logAction('connections'), setCookie], (req, res) => {
-  let health;
-  Db.healthCache(function (err, h) { health = h; });
-  buildConnections(req, res, function (err, nodes, links, total) {
-    if (err) { return res.molochError(403, err.toString()); }
-    res.send({ health: health, nodes: nodes, links: links, recordsFiltered: total });
-  });
-});
-
-app.get('/connections.csv', logAction(), function(req, res) {
-  noCache(req, res, "text/csv");
-
-  var seperator = req.query.seperator || ",";
-  buildConnections(req, res, function (err, nodes, links, total) {
-    if (err) {
-      return res.send(err);
-    }
-
-    // write out the fields requested
-    let fields = ['totBytes', 'totDataBytes', 'totPackets', 'node'];
-    if (req.query.fields) { fields = req.query.fields.split(','); }
-
-    res.write("Source, Destination, Sessions");
-    let displayFields = {};
-    for (let field of fields) {
-      let fieldsMap = JSON.parse(app.locals.fieldsMap);
-      for (let f in fieldsMap) {
-        if (fieldsMap[f].dbField === field) {
-          let friendlyName = fieldsMap[f].friendlyName;
-          displayFields[field] = fieldsMap[f];
-          res.write(`, ${friendlyName}`);
-        }
-      }
-    }
-    res.write('\r\n');
-
-    for (let i = 0, ilen = links.length; i < ilen; i++) {
-      res.write("\"" + nodes[links[i].source].id.replace('"', '""') + "\"" + seperator +
-                "\"" + nodes[links[i].target].id.replace('"', '""') + "\"" + seperator +
-                     links[i].value + seperator);
-      for (let f = 0, flen = fields.length; f < flen; f++) {
-        res.write(links[i][displayFields[fields[f]].dbField].toString());
-        if (f !== flen - 1) { res.write(seperator); }
-      }
-      res.write('\r\n');
-    }
-
-    res.end();
-  });
-});
-
-function csvListWriter(req, res, list, fields, pcapWriter, extension) {
-  if (list.length > 0 && list[0].fields) {
-    list = list.sort(function(a,b){return a.fields.lastPacket - b.fields.lastPacket;});
-  } else if (list.length > 0 && list[0]._source) {
-    list = list.sort(function(a,b){return a._source.lastPacket - b._source.lastPacket;});
-  }
-
-  var fieldObjects  = Config.getDBFieldsMap();
-
-  if (fields) {
-    var columnHeaders = [];
-    for (let i = 0, ilen = fields.length; i < ilen; ++i) {
-      if (fieldObjects[fields[i]] !== undefined) {
-        columnHeaders.push(fieldObjects[fields[i]].friendlyName);
-      }
-    }
-    res.write(columnHeaders.join(', '));
-    res.write('\r\n');
-  }
-
-  for (var j = 0, jlen = list.length; j < jlen; j++) {
-    var sessionData = flattenFields(list[j]._source || list[j].fields);
-    sessionData._id = list[j]._id;
-
-    if (!fields) { continue; }
-
-    var values = [];
-    for (let k = 0, klen = fields.length; k < klen; ++k) {
-      let value = sessionData[fields[k]];
-      if (fields[k] === 'ipProtocol' && value) {
-        value = Pcap.protocol2Name(value);
-      }
-
-      if (Array.isArray(value)) {
-        let singleValue = '"' + value.join(', ') +  '"';
-        values.push(singleValue);
-      } else {
-        if (value === undefined) {
-          value = '';
-        } else if (typeof(value) === 'string' && value.includes(',')) {
-          if (value.includes('"')) {
-            value = value.replace(/"/g, '""');
-          }
-          value = '"' + value + '"';
-        }
-        values.push(value);
-      }
-    }
-
-    res.write(values.join(','));
-    res.write('\r\n');
-  }
-
-  res.end();
-}
-
-app.get(/\/sessions.csv.*/, logAction(), function(req, res) {
-  noCache(req, res, "text/csv");
-
-  // default fields to display in csv
-  var fields = ["ipProtocol", "firstPacket", "lastPacket", "srcIp", "srcPort", "srcGEO", "dstIp", "dstPort", "dstGEO", "totBytes", "totDataBytes", "totPackets", "node"];
-  // save requested fields because sessionsListFromQuery returns fields with
-  // "rootId" appended onto the end
-  var reqFields = fields;
-
-  if (req.query.fields) {
-    fields = reqFields = queryValueToArray(req.query.fields);
-  }
-
-  if (req.query.ids) {
-    var ids = queryValueToArray(req.query.ids);
-    sessionsListFromIds(req, ids, fields, function(err, list) {
-      csvListWriter(req, res, list, reqFields);
-    });
-  } else {
-    sessionsListFromQuery(req, res, fields, function(err, list) {
-      csvListWriter(req, res, list, reqFields);
-    });
-  }
-});
-
-app.get('/spigraphpie', noCacheJson, logAction(), (req, res) => {
-
-  if (req.query.exp === undefined) {
-    return res.molochError(403, 'Missing exp parameter');
-  }
-
-  let fields = [];
-  let parts = req.query.exp.split(',');
-  for (let i = 0; i < parts.length; i++) {
-    if (internals.scriptAggs[parts[i]] !== undefined) {
-      fields.push(internals.scriptAggs[parts[i]]);
-      continue;
-    }
-    let field = Config.getFieldsMap()[parts[i]];
-    if (!field) {
-      return res.molochError(403, `Unknown expression ${parts[i]}\n`);
-    }
-    fields.push(field);
-  }
-
-  buildSessionQuery(req, function(err, query, indices) {
-    query.size = 0; // Don't need any real results, just aggregations
-    delete query.sort;
-    delete query.aggregations;
-    const size = +req.query.size || 20;
-
-    if (!query.query.bool.must) {
-      query.query.bool.must = [];
-    }
-
-    let lastQ = query;
-    for (let i = 0; i < fields.length; i++) {
-      // Require that each field exists
-      query.query.bool.must.push({ exists: { field: fields[i].dbField } });
-
-      if (fields[i].script) {
-        lastQ.aggregations = {field: {terms: {script: {lang: "painless", source: fields[i].script}, size: size}}};
-      } else {
-        lastQ.aggregations = {field: {terms: {field: fields[i].dbField, size: size}}};
-      }
-      lastQ = lastQ.aggregations.field;
-    }
-
-    if (Config.debug > 2) {
-      console.log('spigraph pie aggregations', indices, JSON.stringify(query, false, 2));
-    }
-
-    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
-      if (err) {
-        console.log('spigraphpie ERROR', err);
-        res.status(400);
-        return res.end(err);
-      }
-
-      if (Config.debug > 2) {
-        console.log('result', JSON.stringify(result, false, 2));
-      }
-
-      // format the data for the pie graph
-      let pieResults = { name: 'Top Talkers', children: [] };
-      function addDataToPie (buckets, addTo) {
-        for (let i = 0; i < buckets.length; i++) {
-          let bucket = buckets[i];
-          addTo.push({
-            name: bucket.key,
-            size: bucket.doc_count
-          });
-          if (bucket.field) {
-            addTo[i].children = [];
-            addTo[i].size = undefined; // size is interpreted from children
-            addTo[i].sizeValue = bucket.doc_count; // keep sizeValue for display
-            addDataToPie(bucket.field.buckets, addTo[i].children);
-          }
-        }
-      }
-
-      let grandparent;
-      let tableResults = [];
-      // assumes only 3 levels deep
-      function addDataToTable (buckets, parent) {
-        for (let i = 0; i < buckets.length; i++) {
-          let bucket = buckets[i];
-          if (bucket.field) {
-            if (parent) { grandparent = parent; }
-            addDataToTable(bucket.field.buckets, {
-              name: bucket.key,
-              size: bucket.doc_count
-            });
-          } else {
-            tableResults.push({
-              parent: parent,
-              grandparent: grandparent,
-              name: bucket.key,
-              size: bucket.doc_count
-            });
-          }
-        }
-      }
-
-      addDataToPie(result.aggregations.field.buckets, pieResults.children);
-      addDataToTable(result.aggregations.field.buckets);
-
-      return res.send({success:true, pieResults: pieResults, tableResults: tableResults});
-    });
-  });
-});
-
-app.get('/multiunique.txt', logAction(), function(req, res) {
-  noCache(req, res, 'text/plain; charset=utf-8');
-
-  if (req.query.exp === undefined) {
-    return res.send("Missing exp parameter");
-  }
-
-  let fields = [];
-  let parts = req.query.exp.split(',');
-  for (let i = 0; i < parts.length; i++) {
-    let field = Config.getFieldsMap()[parts[i]];
-    if (!field) {
-      return res.send(`Unknown expression ${parts[i]}\n`);
-    }
-    fields.push(field);
-  }
-
-  let separator = req.query.separator || ', ';
-  let doCounts = parseInt(req.query.counts, 10) || 0;
-
-  let results = [];
-  function printUnique(buckets, line) {
-    for (let i = 0; i < buckets.length; i++) {
-      if (buckets[i].field) {
-        printUnique(buckets[i].field.buckets, line + buckets[i].key + separator);
-      } else {
-        results.push({line: line + buckets[i].key, count: buckets[i].doc_count});
-      }
-    }
-  }
-
-  buildSessionQuery(req, function(err, query, indices) {
-    delete query.sort;
-    delete query.aggregations;
-    query.size = 0;
-
-    if (!query.query.bool.must) {
-      query.query.bool.must = [];
-    }
-
-    let lastQ = query;
-    for (let i = 0; i < fields.length; i++) {
-      query.query.bool.must.push({ exists: { field: fields[i].dbField } });
-      lastQ.aggregations = {field: { terms : {field : fields[i].dbField, size: +Config.get('maxAggSize', 10000)}}};
-      lastQ = lastQ.aggregations.field;
-    }
-
-    if (Config.debug > 2) {
-      console.log("multiunique aggregations", indices, JSON.stringify(query, false, 2));
-    }
-    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
-      if (err) {
-        console.log('multiunique ERROR', err);
-        res.status(400);
-        return res.end(err);
-      }
-
-      if (Config.debug > 2) {
-        console.log('result', JSON.stringify(result, false, 2));
-      }
-      printUnique(result.aggregations.field.buckets, "");
-
-      if (req.query.sort !== 'field') {
-        results = results.sort(function(a, b) {return b.count - a.count;});
-      }
-
-      if (doCounts) {
-        for (let i = 0; i < results.length; i++) {
-          res.write(results[i].line + separator + results[i].count + '\n');
-        }
-      } else {
-        for (let i = 0; i < results.length; i++) {
-          res.write(results[i].line + '\n');
-        }
-      }
-      return res.end();
-    });
-  });
-});
-
-app.get('/unique.txt', [logAction(), fieldToExp], function(req, res) {
-  noCache(req, res, 'text/plain; charset=utf-8');
-
-  if (req.query.field === undefined && req.query.exp === undefined) {
-    return res.send('Missing field or exp parameter');
-  }
-
-  /* How should the results be written.  Use setImmediate to not blow stack frame */
-  let writeCb;
-  let doneCb;
-  let items = [];
-  let aggSize = +Config.get('maxAggSize', 10000);
-
-  if (req.query.autocomplete !== undefined) {
-    if (!Config.get('valueAutoComplete', !Config.get('multiES', false))) {
-      res.send([]);
-      return;
-    }
-
-    let spiDataMaxIndices = +Config.get('spiDataMaxIndices', 4);
-    if (spiDataMaxIndices !== -1) {
-      if (req.query.date === '-1' ||
-          (req.query.date !== undefined && +req.query.date > spiDataMaxIndices)) {
-        console.log(`INFO For autocomplete replacing date=${safeStr(req.query.date)} with ${spiDataMaxIndices}`);
-        req.query.date = spiDataMaxIndices;
-      }
-    }
-
-    aggSize = 1000; // lower agg size for autocomplete
-    doneCb = function() {
-      res.send(items);
-    };
-    writeCb = function (item) {
-      items.push(item.key);
-    };
-  } else if (parseInt(req.query.counts, 10) || 0) {
-    writeCb = function (item) {
-      res.write(`${item.key}, ${item.doc_count}\n`);
-    };
-  } else {
-    writeCb = function (item) {
-      res.write(`${item.key}\n`);
-    };
-  }
-
-  /* How should each item be processed. */
-  let eachCb = writeCb;
-
-  if (req.query.field.match(/(ip.src:port.src|a1:p1|srcIp:srtPort|ip.src:srcPort|ip.dst:port.dst|a2:p2|dstIp:dstPort|ip.dst:dstPort)/)) {
-    eachCb = function(item) {
-      let sep = (item.key.indexOf(':') === -1)? ':' : '.';
-      item.field2.buckets.forEach((item2) => {
-        item2.key = item.key + sep + item2.key;
-        writeCb(item2);
-      });
-    };
-  }
-
-  buildSessionQuery(req, function(err, query, indices) {
-    delete query.sort;
-    delete query.aggregations;
-
-    if (req.query.field.match(/(ip.src:port.src|a1:p1|srcIp:srcPort|ip.src:srcPort)/)) {
-      query.aggregations = {field: { terms : {field : 'srcIp', size: aggSize}, aggregations: {field2: {terms: {field: 'srcPort', size: 100}}}}};
-    } else if (req.query.field.match(/(ip.dst:port.dst|a2:p2|dstIp:dstPort|ip.dst:dstPort)/)) {
-      query.aggregations = {field: { terms : {field : 'dstIp', size: aggSize}, aggregations: {field2: {terms: {field: 'dstPort', size: 100}}}}};
-    } else if (req.query.field === 'fileand') {
-      query.aggregations = { field: { terms : { field : 'node', size: aggSize }, aggregations: { field2: { terms: { field: 'fileId', size: 100 } } } } };
-    } else {
-      query.aggregations = {field: { terms : {field : req.query.field, size: aggSize}}};
-    }
-
-    query.size = 0;
-    console.log('unique aggregations', indices, JSON.stringify(query));
-
-    function findFileNames (result) {
-      let intermediateResults = [];
-      let aggs = result.aggregations.field.buckets;
-      aggs.forEach((item) => {
-        item.field2.buckets.forEach((sitem) => {
-          intermediateResults.push({ key: item.key + ':' + sitem.key, doc_count: sitem.doc_count });
-        });
-      });
-
-      async.each(intermediateResults, (fsitem, cb) => {
-        let split = fsitem.key.split(':');
-        let node = split[0];
-        let fileId = split[1];
-        Db.fileIdToFile(node, fileId, function (file) {
-          if (file && file.name) {
-            eachCb({key: file.name, doc_count: fsitem.doc_count });
-          }
-          cb();
-        });
-      }, function () {
-        return res.end();
-      });
-    }
-
-    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
-      if (err) {
-        console.log('Error', query, err);
-        return doneCb?doneCb():res.end();
-      }
-      if (Config.debug) {
-        console.log('unique.txt result', util.inspect(result, false, 50));
-      }
-      if (!result.aggregations || !result.aggregations.field) {
-        return doneCb ? doneCb() : res.end();
-      }
-
-
-      if (req.query.field === 'fileand') {
-        return findFileNames(result);
-      }
-
-      for (let i = 0, ilen = result.aggregations.field.buckets.length; i < ilen; i++) {
-        eachCb(result.aggregations.field.buckets[i]);
-      }
-
-      return doneCb ? doneCb() : res.end();
-    });
-  });
-});
-
-function processSessionIdDisk(session, headerCb, packetCb, endCb, limit) {
-  let fields;
-
-  function processFile(pcap, pos, i, nextCb) {
-    pcap.ref();
-    pcap.readPacket(pos, function(packet) {
-      switch(packet) {
-      case null:
-        let msg = util.format(session._id, "in file", pcap.filename, "couldn't read packet at", pos, "packet #", i, "of", fields.packetPos.length);
-        console.log("ERROR - processSessionIdDisk -", msg);
-        endCb(msg, null);
-        break;
-      case undefined:
-        break;
-      default:
-        packetCb(pcap, packet, nextCb, i);
-        break;
-      }
-      pcap.unref();
-    });
-  }
-
-  fields = session._source || session.fields;
-
-  var fileNum;
-  var itemPos = 0;
-  async.eachLimit(fields.packetPos, limit || 1, function(pos, nextCb) {
-    if (pos < 0) {
-      fileNum = pos * -1;
-      return nextCb(null);
-    }
-
-    // Get the pcap file for this node a filenum, if it isn't opened then do the filename lookup and open it
-    var opcap = Pcap.get(fields.node + ":" + fileNum);
-    if (!opcap.isOpen()) {
-      Db.fileIdToFile(fields.node, fileNum, function(file) {
-        if (!file) {
-          console.log("WARNING - Only have SPI data, PCAP file no longer available.  Couldn't look up in file table", fields.node + '-' + fileNum);
-          return nextCb("Only have SPI data, PCAP file no longer available for " + fields.node + '-' + fileNum);
-        }
-        if (file.kekId) {
-          file.kek = Config.sectionGet("keks", file.kekId, undefined);
-          if (file.kek === undefined) {
-            console.log("ERROR - Couldn't find kek", file.kekId, "in keks section");
-            return nextCb("Couldn't find kek " + file.kekId + " in keks section");
-          }
-        }
-
-        var ipcap = Pcap.get(fields.node + ":" + file.num);
-
-        try {
-          ipcap.open(file.name, file);
-        } catch (err) {
-          console.log("ERROR - Couldn't open file ", err);
-          return nextCb("Couldn't open file " + err);
-        }
-
-        if (headerCb) {
-          headerCb(ipcap, ipcap.readHeader());
-          headerCb = null;
-        }
-        processFile(ipcap, pos, itemPos++, nextCb);
-      });
-    } else {
-      if (headerCb) {
-        headerCb(opcap, opcap.readHeader());
-        headerCb = null;
-      }
-      processFile(opcap, pos, itemPos++, nextCb);
-    }
-  },
-  function (pcapErr, results) {
-    endCb(pcapErr, fields);
-  });
-}
-
-function processSessionId(id, fullSession, headerCb, packetCb, endCb, maxPackets, limit) {
-  var options;
-  if (!fullSession) {
-    options  = { _source: 'node,totPackets,packetLen,packetPos,srcIp,srcPort,ipProtocol' };
-  }
-
-  Db.getWithOptions(Db.sid2Index(id), 'session', Db.sid2Id(id), options, function(err, session) {
-    if (err || !session.found) {
-      console.log("session get error", err, session);
-      return endCb("Session not found", null);
-    }
-
-    var fields = session._source || session.fields;
-
-    if (maxPackets && fields.packetPos.length > maxPackets) {
-      fields.packetPos.length = maxPackets;
-    }
-
-    /* Go through the list of prefetch the id to file name if we are running in parallel to
-     * reduce the number of elasticsearch queries and problems
-     */
-    let outstanding = 0, i, ilen;
-
-    function fileReadyCb (fileInfo) {
-      outstanding--;
-      if (i === ilen && outstanding === 0) {
-        readyToProcess();
-      }
-    }
-
-    for (i = 0, ilen = fields.packetPos.length; i < ilen; i++) {
-      if (fields.packetPos[i] < 0) {
-        outstanding++;
-        Db.fileIdToFile(fields.node, -1 * fields.packetPos[i], fileReadyCb);
-      }
-    }
-
-    function readyToProcess() {
-      var pcapWriteMethod = Config.getFull(fields.node, "pcapWriteMethod");
-      var psid = processSessionIdDisk;
-      var writer = internals.writers[pcapWriteMethod];
-      if (writer && writer.processSessionId) {
-        psid = writer.processSessionId;
-      }
-
-      psid(session, headerCb, packetCb, function (err, fields) {
-        if (!fields) {
-          return endCb(err, fields);
-        }
-
-        if (!fields.tags) {
-          fields.tags = [];
-        }
-
-        fixFields(fields, endCb);
-      }, limit);
-    }
-  });
-}
-
-function processSessionIdAndDecode(id, numPackets, doneCb) {
-  var packets = [];
-  processSessionId(id, true, null, function (pcap, buffer, cb, i) {
-    var obj = {};
-    if (buffer.length > 16) {
-      pcap.decode(buffer, obj);
-    } else {
-      obj = {ip: {p: ""}};
-    }
-    packets[i] = obj;
-    cb(null);
-  },
-  function(err, session) {
-    if (err) {
-      console.log("ERROR - processSessionIdAndDecode", err);
-      return doneCb(err);
-    }
-    packets = packets.filter(Boolean);
-    if (packets.length === 0) {
-      return doneCb(null, session, []);
-    } else if (packets[0].ip === undefined) {
-      return doneCb(null, session, []);
-    } else if (packets[0].ip.p === 1) {
-      Pcap.reassemble_icmp(packets, numPackets, function(err, results) {
-        return doneCb(err, session, results);
-      });
-    } else if (packets[0].ip.p === 6) {
-      var key = session.srcIp;
-      Pcap.reassemble_tcp(packets, numPackets, key + ':' + session.srcPort, function(err, results) {
-        return doneCb(err, session, results);
-      });
-    } else if (packets[0].ip.p === 17) {
-      Pcap.reassemble_udp(packets, numPackets, function(err, results) {
-        return doneCb(err, session, results);
-      });
-    } else if (packets[0].ip.p === 132) {
-      Pcap.reassemble_sctp(packets, numPackets, function(err, results) {
-        return doneCb(err, session, results);
-      });
-    } else {
-      return doneCb(null, session, []);
-    }
-  },
-  numPackets, 10);
-}
-
-function localSessionDetailReturnFull(req, res, session, incoming) {
-  if (req.packetsOnly) { // only return packets
-    res.render('sessionPackets.pug', {
-      filename: 'sessionPackets',
-      cache: isProduction(),
-      compileDebug: !isProduction(),
-      user: req.user,
-      session: session,
-      data: incoming,
-      reqPackets: req.query.packets,
-      query: req.query,
-      basedir: "/",
-      reqFields: Config.headers("headers-http-request"),
-      resFields: Config.headers("headers-http-response"),
-      emailFields: Config.headers("headers-email"),
-      showFrames: req.query.showFrames
-    }, function(err, data) {
-      if (err) {
-        console.trace("ERROR - localSession - ", err);
-        return req.next(err);
-      }
-      res.send(data);
-    });
-  } else { // return SPI data and packets
-    res.send("HOW DID I GET HERE?");
-    console.trace("HOW DID I GET HERE");
-  }
-}
-
-function localSessionDetailReturn(req, res, session, incoming) {
-  //console.log("ALW", JSON.stringify(incoming));
-  var numPackets = req.query.packets || 200;
-  if (incoming.length > numPackets) {
-    incoming.length = numPackets;
-  }
-
-  if (incoming.length === 0) {
-    return localSessionDetailReturnFull(req, res, session, []);
-  }
-
-  var options = {
-    id: session.id,
-    nodeName: req.params.nodeName,
-    order: [],
-    "ITEM-HTTP": {
-      order: []
-    },
-    "ITEM-SMTP": {
-      order: []
-    },
-    "ITEM-CB": {
-    }
-  };
-
-  if (req.query.needgzip) {
-    options["ITEM-HTTP"].order.push("BODY-UNCOMPRESS");
-    options["ITEM-SMTP"].order.push("BODY-UNBASE64");
-    options["ITEM-SMTP"].order.push("BODY-UNCOMPRESS");
-  }
-
-  options.order.push("ITEM-HTTP");
-  options.order.push("ITEM-SMTP");
-
-  var decodeOptions = JSON.parse(req.query.decode || "{}");
-  for (var key in decodeOptions) {
-    if (key.match(/^ITEM/)) {
-      options.order.push(key);
-    } else {
-      options["ITEM-HTTP"].order.push(key);
-      options["ITEM-SMTP"].order.push(key);
-    }
-    options[key] = decodeOptions[key];
-  }
-
-  if (req.query.needgzip) {
-    options["ITEM-HTTP"].order.push("BODY-UNCOMPRESS");
-    options["ITEM-SMTP"].order.push("BODY-UNCOMPRESS");
-  }
-
-  options.order.push("ITEM-BYTES");
-  options.order.push("ITEM-SORTER");
-  if (req.query.needimage) {
-    options.order.push("ITEM-LINKBODY");
-  }
-  if (req.query.base === "hex") {
-    options.order.push("ITEM-HEX");
-    options["ITEM-HEX"]= {showOffsets: req.query.line === "true"};
-  } else if (req.query.base === "ascii") {
-    options.order.push("ITEM-ASCII");
-  } else if (req.query.base === "utf8") {
-    options.order.push("ITEM-UTF8");
-  } else {
-    options.order.push("ITEM-NATURAL");
-  }
-  options.order.push("ITEM-CB");
-  options["ITEM-CB"].cb = function(err, outgoing) {
-    localSessionDetailReturnFull(req, res, session, outgoing);
-  };
-
-  if (Config.debug) {
-    console.log("Pipeline options", options);
-  }
-
-  decode.createPipeline(options, options.order, new decode.Pcap2ItemStream(options, incoming));
-}
-
-function sortFields(session) {
-  if (session.tags) {
-    session.tags = session.tags.sort();
-  }
-  if (session.http) {
-    if (session.http.requestHeader) {
-      session.http.requestHeader = session.http.requestHeader.sort();
-    }
-    if (session.http.responseHeader) {
-      session.http.responseHeader = session.http.responseHeader.sort();
-    }
-  }
-  if (session.email && session.email.headers) {
-    session.email.headers = session.email.headers.sort();
-  }
-  if (session.ipProtocol) {
-    session.ipProtocol = Pcap.protocol2Name(session.ipProtocol);
-  }
-}
-
-
-function localSessionDetail(req, res) {
-  if (!req.query) {
-    req.query = { gzip: false, line: false, base: "natural", packets: 200 };
-  }
-
-  req.query.needgzip = req.query.gzip === "true" || false;
-  req.query.needimage = req.query.image === "true" || false;
-  req.query.line = req.query.line  || false;
-  req.query.base = req.query.base  || "ascii";
-  req.query.showFrames = req.query.showFrames === 'true' || false;
-
-  var packets = [];
-  processSessionId(req.params.id, !req.packetsOnly, null, function (pcap, buffer, cb, i) {
-    var obj = {};
-    if (buffer.length > 16) {
-      try {
-        pcap.decode(buffer, obj);
-      } catch (e) {
-        obj = {ip: {p: "Error decoding" + e}};
-        console.trace("loadSessionDetail error", e.stack);
-      }
-    } else {
-      obj = {ip: {p: "Empty"}};
-    }
-    packets[i] = obj;
-    cb(null);
-  },
-  function(err, session) {
-    if (err) {
-      return res.end("Problem loading packets for " + safeStr(req.params.id) + " Error: " + err);
-    }
-    session.id = req.params.id;
-    sortFields(session);
-
-    if (req.query.showFrames && packets.length !== 0) {
-      Pcap.packetFlow(session, packets, +req.query.packets || 200, function (err, results, sourceKey, destinationKey) {
-        session._err = err;
-        session.sourceKey = sourceKey;
-        session.destinationKey = destinationKey;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else if (packets.length === 0) {
-      session._err = "No pcap data found";
-      localSessionDetailReturn(req, res, session, []);
-    } else if (packets[0].ip === undefined) {
-      session._err = "Couldn't decode pcap file, check viewer log";
-      localSessionDetailReturn(req, res, session, []);
-    } else if (packets[0].ip.p === 1) {
-      Pcap.reassemble_icmp(packets, +req.query.packets || 200, function(err, results) {
-        session._err = err;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else if (packets[0].ip.p === 6) {
-      var key = session.srcIp;
-      Pcap.reassemble_tcp(packets, +req.query.packets || 200, key + ':' + session.srcPort, function(err, results) {
-        session._err = err;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else if (packets[0].ip.p === 17) {
-      Pcap.reassemble_udp(packets, +req.query.packets || 200, function(err, results) {
-        session._err = err;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else if (packets[0].ip.p === 132) {
-      Pcap.reassemble_sctp(packets, +req.query.packets || 200, function(err, results) {
-        session._err = err;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else if (packets[0].ip.p === 50) {
-      Pcap.reassemble_esp(packets, +req.query.packets || 200, function(err, results) {
-        session._err = err;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else if (packets[0].ip.p === 58) {
-      Pcap.reassemble_icmp(packets, +req.query.packets || 200, function(err, results) {
-        session._err = err;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else {
-      session._err = "Unknown ip.p=" + packets[0].ip.p;
-      localSessionDetailReturn(req, res, session, []);
-    }
-  },
-  req.query.needimage?10000:400, 10);
-}
-
-/**
- * Get SPI data for a session
- */
-app.get('/:nodeName/session/:id/detail', cspHeader, logAction(), (req, res) => {
-  Db.getWithOptions(Db.sid2Index(req.params.id), 'session', Db.sid2Id(req.params.id), {}, function(err, session) {
-    if (err || !session.found) {
-      return res.end("Couldn't look up SPI data, error for session " + safeStr(req.params.id) + " Error: " +  err);
-    }
-
-    session = session._source;
-
-    session.id = req.params.id;
-
-    sortFields(session);
-
-    let hidePackets = (session.fileId === undefined || session.fileId.length === 0)?"true":"false";
-    fixFields(session, () => {
-      pug.render(internals.sessionDetailNew, {
-        filename    : "sessionDetail",
-        cache       : isProduction(),
-        compileDebug: !isProduction(),
-        user        : req.user,
-        session     : session,
-        Db          : Db,
-        query       : req.query,
-        basedir     : "/",
-        hidePackets : hidePackets,
-        reqFields   : Config.headers("headers-http-request"),
-        resFields   : Config.headers("headers-http-response"),
-        emailFields : Config.headers("headers-email")
-      }, function(err, data) {
-        if (err) {
-          console.trace("ERROR - fixFields - ", err);
-          return req.next(err);
-        }
-        if (Config.debug > 1) {
-          console.log("Detail Rendering", data.replace(/>/g, ">\n"));
-        }
-        res.send(data);
-      });
-    });
-  });
-});
-
-/**
- * Get Session Packets
- */
-app.get('/:nodeName/session/:id/packets', [logAction(), checkPermissions(['hidePcap'])], (req, res) => {
-  isLocalView(req.params.nodeName, function () {
-    noCache(req, res);
-    req.packetsOnly = true;
-    localSessionDetail(req, res);
-  },
-  function () {
-    return proxyRequest(req, res);
-  });
-});
-
-function reqGetRawBody(req, cb) {
-  processSessionIdAndDecode(req.params.id, 10000, function(err, session, incoming) {
-    if (err) {
-      return cb(err);
-    }
-
-
-    if (incoming.length === 0) {
-      return cb(null, null);
-    }
-
-    var options = {
-      id: session.id,
-      nodeName: req.params.nodeName,
-      order: [],
-      "ITEM-HTTP": {
-        order: []
-      },
-      "ITEM-SMTP": {
-        order: ["BODY-UNBASE64"]
-      },
-      "ITEM-CB": {
-      },
-      "ITEM-RAWBODY": {
-        bodyNumber: +req.params.bodyNum
-      }
-    };
-
-    if (req.query.needgzip) {
-      options["ITEM-HTTP"].order.push("BODY-UNCOMPRESS");
-      options["ITEM-SMTP"].order.push("BODY-UNCOMPRESS");
-    }
-
-    options.order.push("ITEM-HTTP");
-    options.order.push("ITEM-SMTP");
-
-    options.order.push("ITEM-RAWBODY");
-    options.order.push("ITEM-CB");
-    options["ITEM-CB"].cb = function(err, items) {
-      if (err) {
-        return cb(err);
-      }
-      if (items === undefined || items.length === 0) {
-        return cb("No match");
-      }
-      cb(err, items[0].data);
-    };
-
-    decode.createPipeline(options, options.order, new decode.Pcap2ItemStream(options, incoming));
-  });
-}
-
-app.get('/:nodeName/:id/body/:bodyType/:bodyNum/:bodyName', checkProxyRequest, function(req, res) {
-  reqGetRawBody(req, function (err, data) {
-    if (err) {
-      console.trace(err);
-      return res.end("Error");
-    }
-    res.setHeader("Content-Type", "application/force-download");
-    res.setHeader("Content-Disposition", "attachment; filename="+req.params.bodyName);
-    return res.end(data);
-  });
-});
-
-app.get('/:nodeName/:id/bodypng/:bodyType/:bodyNum/:bodyName', checkProxyRequest, function(req, res) {
-  reqGetRawBody(req, function (err, data) {
-    if (err || data === null || data.length === 0) {
-      return res.send (internals.emptyPNG);
-    }
-    res.setHeader("Content-Type", "image/png");
-
-    var png = new PNG({width: internals.PNG_LINE_WIDTH, height: Math.ceil(data.length/internals.PNG_LINE_WIDTH)});
-    png.data = data;
-    res.send(PNG.sync.write(png, {inputColorType:0, colorType: 0, bitDepth:8, inputHasAlpha:false}));
-  });
-});
-
-/**
- * Get a file given a hash of that file
- */
-
-app.get('/bodyHash/:hash', logAction('bodyhash'), function(req, res) {
-  var hash = null;
-  var nodeName = null;
-  var sessionID = null;
-
-  buildSessionQuery(req, function(bsqErr, query, indices) {
-    if (bsqErr) {
-      res.status(400);
-      return res.end(bsqErr);
-    }
-
-    query.size = 1;
-    query.sort = { lastPacket: { order: 'desc' } };
-    query._source = ["node"];
-
-    if (Config.debug) {
-      console.log(`sessions.json ${indices} query`, JSON.stringify(query, null, 1));
-    }
-    Db.searchPrimary(indices, 'session', query, null, function (err, sessions) {
-      if (err ) {
-        console.log ("Error -> Db Search ", err);
-        res.status(400);
-        res.end(err);
-      } else if (sessions.error) {
-        console.log ("Error -> Db Search ", sessions.error);
-        res.status(400);
-        res.end(sessions.error);
-      } else {
-          if (Config.debug) {
-            console.log("bodyHash result", util.inspect(sessions, false, 50));
-          }
-          if (sessions.hits.hits.length > 0) {
-
-            nodeName = sessions.hits.hits[0]._source.node;
-            sessionID = Db.session2Sid(sessions.hits.hits[0]);
-            hash = req.params.hash;
-
-            isLocalView(nodeName, function () { // get file from the local disk
-              localGetItemByHash (nodeName, sessionID, hash, (err, item) => {
-                if (err) {
-                  res.status(400);
-                  return res.end(err);
-                } else if (item) {
-                  noCache(req, res, 'application/force-download');
-                  res.setHeader("content-disposition", "attachment; filename="+ item.bodyName+".pellet");
-                  return res.end(item.data);
-                } else {
-                  res.status(400);
-                  return res.end("No Match");
-                }
-              });
-            },
-            function () { // get file from the remote disk
-              var preq = util._extend({},req);
-              preq.params.nodeName = nodeName;
-              preq.params.id = sessionID;
-              preq.params.hash = hash;
-              preq.url = Config.basePath(nodeName) + nodeName + '/' + sessionID + '/bodyHash/' + hash;
-              return proxyRequest(preq, res);
-            });
-          }
-          else {
-            res.status(400);
-            res.end ("No Match Found");
-          }
-      }
-    });
-  });
-});
-
-app.get('/:nodeName/:id/bodyHash/:hash', checkProxyRequest, function(req, res) {
-  localGetItemByHash (req.params.nodeName, req.params.id, req.params.hash, (err, item) => {
-    if (err) {
-       res.status(400);
-       return res.end(err);
-    } else if (item) {
-      noCache(req, res, 'application/force-download');
-      res.setHeader("content-disposition", "attachment; filename="+ item.bodyName+".pellet");
-      return res.end(item.data);
-    } else {
-      res.status(400);
-      return res.end("No Match");
-    }
-  });
-});
-
-function localGetItemByHash(nodeName, sessionID, hash, cb) {
-  processSessionIdAndDecode(sessionID, 10000, function(err, session, incoming) {
-    if (err) {
-      return cb(err);
-    }
-    if (incoming.length === 0) {
-      return cb(null, null);
-    }
-    var options = {
-      id: sessionID,
-      nodeName: nodeName,
-      order: [],
-      "ITEM-HTTP": {
-        order: []
-      },
-      "ITEM-SMTP": {
-        order: ["BODY-UNBASE64"]
-      },
-      "ITEM-HASH": {
-        hash: hash
-      },
-      "ITEM-CB": {
-      }
-    };
-
-    options.order.push("ITEM-HTTP");
-    options.order.push("ITEM-SMTP");
-    options.order.push("ITEM-HASH");
-    options.order.push("ITEM-CB");
-    options["ITEM-CB"].cb = function(err, items) {
-      if (err) {
-        return cb(err, null);
-      }
-      if (items === undefined || items.length === 0) {
-        return cb("No match", null);
-      }
-      return cb(err, items[0]);
-    };
-    decode.createPipeline(options, options.order, new decode.Pcap2ItemStream(options, incoming));
-  });
-}
-
-function writePcap(res, id, options, doneCb) {
-  var b = Buffer.alloc(0xfffe);
-  var nextPacket = 0;
-  var boffset = 0;
-  var packets = {};
-
-  processSessionId(id, false, function (pcap, buffer) {
-    if (options.writeHeader) {
-      res.write(buffer);
-      options.writeHeader = false;
-    }
-  },
-  function (pcap, buffer, cb, i) {
-    // Save this packet in its spot
-    packets[i] = buffer;
-
-    // Send any packets we have in order
-    while (packets[nextPacket]) {
-      buffer = packets[nextPacket];
-      delete packets[nextPacket];
-      nextPacket++;
-
-      if (boffset + buffer.length > b.length) {
-        res.write(b.slice(0, boffset));
-        boffset = 0;
-        b = Buffer.alloc(0xfffe);
-      }
-      buffer.copy(b, boffset, 0, buffer.length);
-      boffset += buffer.length;
-    }
-    cb(null);
-  },
-  function(err, session) {
-    if (err) {
-      console.trace("writePcap", err);
-      return doneCb(err);
-    }
-    res.write(b.slice(0, boffset));
-    doneCb(err);
-  }, undefined, 10);
-}
-
-function writePcapNg(res, id, options, doneCb) {
-  var b = Buffer.alloc(0xfffe);
-  var boffset = 0;
-
-  processSessionId(id, true, function (pcap, buffer) {
-    if (options.writeHeader) {
-      res.write(pcap.getHeaderNg());
-      options.writeHeader = false;
-    }
-  },
-  function (pcap, buffer, cb) {
-    if (boffset + buffer.length + 20 > b.length) {
-      res.write(b.slice(0, boffset));
-      boffset = 0;
-      b = Buffer.alloc(0xfffe);
-    }
-
-    /* Need to write the ng block, and conver the old timestamp */
-
-    b.writeUInt32LE(0x00000006, boffset);               // Block Type
-    var len = ((buffer.length + 20 + 3) >> 2) << 2;
-    b.writeUInt32LE(len, boffset + 4);                  // Block Len 1
-    b.writeUInt32LE(0, boffset + 8);                    // Interface Id
-
-    // js has 53 bit numbers, this will over flow on Jun 05 2255
-    var time = buffer.readUInt32LE(0)*1000000 + buffer.readUInt32LE(4);
-    b.writeUInt32LE(Math.floor(time / 0x100000000), boffset + 12);         // Block Len 1
-    b.writeUInt32LE(time % 0x100000000, boffset + 16);   // Interface Id
-
-    buffer.copy(b, boffset + 20, 8, buffer.length - 8);     // cap_len, packet_len
-    b.fill(0, boffset + 12 + buffer.length, boffset + 12 + buffer.length + (4 - (buffer.length%4)) % 4);   // padding
-    boffset += len - 8;
-
-    b.writeUInt32LE(0, boffset);                        // Options
-    b.writeUInt32LE(len, boffset+4);                    // Block Len 2
-    boffset += 8;
-
-    cb(null);
-  },
-  function(err, session) {
-    if (err) {
-      console.log("writePcapNg", err);
-      return;
-    }
-    res.write(b.slice(0, boffset));
-
-    session.version = molochversion.version;
-    delete session.packetPos;
-    var json = JSON.stringify(session);
-
-    var len = ((json.length + 20 + 3) >> 2) << 2;
-    b = Buffer.alloc(len);
-
-    b.writeUInt32LE(0x80808080, 0);               // Block Type
-    b.writeUInt32LE(len, 4);                      // Block Len 1
-    b.write("MOWL", 8);                           // Magic
-    b.writeUInt32LE(json.length, 12);             // Block Len 1
-    b.write(json, 16);                            // Magic
-    b.fill(0, 16 + json.length, 16 + json.length + (4 - (json.length%4)) % 4);   // padding
-    b.writeUInt32LE(len, len-4);                  // Block Len 2
-    res.write(b);
-
-    doneCb(err);
-  });
-}
-
-app.get('/:nodeName/pcapng/:id.pcapng', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], (req, res) => {
-  noCache(req, res, "application/vnd.tcpdump.pcap");
-  writePcapNg(res, req.params.id, {writeHeader: !req.query || !req.query.noHeader || req.query.noHeader !== "true"}, function () {
-    res.end();
-  });
-});
-
-app.get('/:nodeName/pcap/:id.pcap', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], (req, res) => {
-  noCache(req, res, "application/vnd.tcpdump.pcap");
-
-  writePcap(res, req.params.id, {writeHeader: !req.query || !req.query.noHeader || req.query.noHeader !== "true"}, function () {
-    res.end();
-  });
-});
-
-app.get('/:nodeName/raw/:id.png', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], function(req, res) {
-  noCache(req, res, "image/png");
-
-  processSessionIdAndDecode(req.params.id, 1000, function(err, session, results) {
-    if (err) {
-      return res.send (internals.emptyPNG);
-    }
-    var size = 0;
-    var i, ilen;
-    for (i = (req.query.type !== 'dst'?0:1), ilen = results.length; i < ilen; i+=2) {
-      size += results[i].data.length + 2*internals.PNG_LINE_WIDTH - (results[i].data.length % internals.PNG_LINE_WIDTH);
-    }
-    var buffer = Buffer.alloc(size, 0);
-    var pos = 0;
-    if (size === 0) {
-      return res.send (internals.emptyPNG);
-    }
-    for (i = (req.query.type !== 'dst'?0:1), ilen = results.length; i < ilen; i+=2) {
-      results[i].data.copy(buffer, pos);
-      pos += results[i].data.length;
-      var fillpos = pos;
-      pos += 2*internals.PNG_LINE_WIDTH - (results[i].data.length % internals.PNG_LINE_WIDTH);
-      buffer.fill(0xff, fillpos, pos);
-    }
-
-    var png = new PNG({width: internals.PNG_LINE_WIDTH, height: (size/internals.PNG_LINE_WIDTH)-1});
-    png.data = buffer;
-    res.send(PNG.sync.write(png, {inputColorType:0, colorType: 0, bitDepth:8, inputHasAlpha:false}));
-  });
-});
-
-app.get('/:nodeName/raw/:id', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], function(req, res) {
-  noCache(req, res, "application/vnd.tcpdump.pcap");
-
-  processSessionIdAndDecode(req.params.id, 10000, function(err, session, results) {
-    if (err) {
-      return res.send("Error");
-    }
-    for (let i = (req.query.type !== 'dst'?0:1), ilen = results.length; i < ilen; i+=2) {
-      res.write(results[i].data);
-    }
-    res.end();
-  });
-});
-
-app.get('/:nodeName/entirePcap/:id.pcap', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], (req, res) => {
-  noCache(req, res, "application/vnd.tcpdump.pcap");
-
-  var options = {writeHeader: true};
-
-  var query = { _source: ["rootId"],
-                size: 1000,
-                query: {term: {rootId: req.params.id}},
-                sort: { lastPacket: { order: 'asc' } }
-              };
-
-  console.log("entirePcap query", JSON.stringify(query));
-
-  Db.searchPrimary('sessions2-*', 'session', query, null, function (err, data) {
-    async.forEachSeries(data.hits.hits, function(item, nextCb) {
-      writePcap(res, Db.session2Sid(item), options, nextCb);
-    }, function (err) {
-      res.end();
-    });
-  });
-});
-
-function sessionsPcapList(req, res, list, pcapWriter, extension) {
-
-  if (list.length > 0 && list[0].fields) {
-    list = list.sort(function(a,b){return a.fields.lastPacket - b.fields.lastPacket;});
-  } else if (list.length > 0 && list[0]._source) {
-    list = list.sort(function(a,b){return a._source.lastPacket - b._source.lastPacket;});
-  }
-
-  var options = {writeHeader: true};
-
-  async.eachLimit(list, 10, function(item, nextCb) {
-    var fields = item._source || item.fields;
-    isLocalView(fields.node, function () {
-      // Get from our DISK
-      pcapWriter(res, Db.session2Sid(item), options, nextCb);
-    },
-    function () {
-      // Get from remote DISK
-      getViewUrl(fields.node, function(err, viewUrl, client) {
-        var buffer = Buffer.alloc(fields.pa*20 + fields.by);
-        var bufpos = 0;
-        var info = url.parse(viewUrl);
-        info.path = Config.basePath(fields.node) + fields.node + "/" + extension + "/" + Db.session2Sid(item) + "." + extension;
-        info.agent = (client === http?internals.httpAgent:internals.httpsAgent);
-
-        addAuth(info, req.user, fields.node);
-        addCaTrust(info, fields.node);
-        var preq = client.request(info, function(pres) {
-          pres.on('data', function (chunk) {
-            if (bufpos + chunk.length > buffer.length) {
-              var tmp = Buffer.alloc(buffer.length + chunk.length*10);
-              buffer.copy(tmp, 0, 0, bufpos);
-              buffer = tmp;
-            }
-            chunk.copy(buffer, bufpos);
-            bufpos += chunk.length;
-          });
-          pres.on('end', function () {
-            if (bufpos < 24) {
-            } else if (options.writeHeader) {
-              options.writeHeader = false;
-              res.write(buffer.slice(0, bufpos));
-            } else {
-              res.write(buffer.slice(24, bufpos));
-            }
-            setImmediate(nextCb);
-          });
-        });
-        preq.on('error', function (e) {
-          console.log("ERROR - Couldn't proxy pcap request=", info, "\nerror=", e);
-          nextCb(null);
-        });
-        preq.end();
-      });
-    });
-  }, function(err) {
-    res.end();
-  });
-}
-
-function sessionsPcap(req, res, pcapWriter, extension) {
-  noCache(req, res, "application/vnd.tcpdump.pcap");
-
-  if (req.query.ids) {
-    var ids = queryValueToArray(req.query.ids);
-
-    sessionsListFromIds(req, ids, ["lastPacket", "node", "totBytes", "totPackets", "rootId"], function(err, list) {
-      sessionsPcapList(req, res, list, pcapWriter, extension);
-    });
-  } else {
-    sessionsListFromQuery(req, res, ["lastPacket", "node", "totBytes", "totPackets", "rootId"], function(err, list) {
-      sessionsPcapList(req, res, list, pcapWriter, extension);
-    });
-  }
-}
-
-app.get(/\/sessions.pcapng.*/, [logAction(), checkPermissions(['disablePcapDownload'])], (req, res) => {
-  return sessionsPcap(req, res, writePcapNg, "pcapng");
-});
-
-app.get(/\/sessions.pcap.*/, [logAction(), checkPermissions(['disablePcapDownload'])], (req, res) => {
-  return sessionsPcap(req, res, writePcap, "pcap");
-});
-
-internals.usersMissing = {
-  userId: '',
-  userName: '',
-  expression: '',
-  enabled: 0,
-  createEnabled: 0,
-  webEnabled: 0,
-  headerAuthEnabled: 0,
-  emailSearch: 0,
-  removeEnabled: 0,
-  lastUsed: 0
-};
-
-app.post('/user/list', [noCacheJson, recordResponseTime, logAction('users'), checkPermissions(['createEnabled'])], (req, res) => {
-  let columns = [ 'userId', 'userName', 'expression', 'enabled', 'createEnabled',
-    'webEnabled', 'headerAuthEnabled', 'emailSearch', 'removeEnabled', 'packetSearch',
-    'hideStats', 'hideFiles', 'hidePcap', 'disablePcapDownload', 'welcomeMsgNum',
-    'lastUsed', 'timeLimit' ];
-
-  let query = {
-    _source: columns,
-    sort: {},
-    from: +req.body.start || 0,
-    size: +req.body.length || 10000,
-    query: { // exclude the shared user from results
-      bool: { must_not: { term: { userId: '_moloch_shared' } } }
-    }
-  };
-
-  if (req.body.filter) {
-    query.query.bool.should = [
-      { wildcard: { userName: '*' + req.body.filter + '*' } },
-      { wildcard: { userId: '*' + req.body.filter + '*' } }
-    ];
-  }
-
-  req.body.sortField = req.body.sortField || 'userId';
-  query.sort[req.body.sortField] = { order: req.body.desc === true ? 'desc': 'asc' };
-  query.sort[req.body.sortField].missing = internals.usersMissing[req.body.sortField];
-
-  Promise.all([Db.searchUsers(query),
-               Db.numberOfUsers()
-              ])
-  .then(([users, total]) => {
-    if (users.error) { throw users.error; }
-    let results = { total: users.hits.total, results: [] };
-    for (let i = 0, ilen = users.hits.hits.length; i < ilen; i++) {
-      let fields = users.hits.hits[i]._source || users.hits.hits[i].fields;
-      fields.id = users.hits.hits[i]._id;
-      fields.expression = fields.expression || '';
-      fields.headerAuthEnabled = fields.headerAuthEnabled || false;
-      fields.emailSearch = fields.emailSearch || false;
-      fields.removeEnabled = fields.removeEnabled || false;
-      fields.userName = safeStr(fields.userName || '');
-      fields.packetSearch = fields.packetSearch || false;
-      fields.timeLimit = fields.timeLimit || undefined;
-      results.results.push(fields);
-    }
-
-    let r = {
-      recordsTotal: total.count,
-      recordsFiltered: results.total,
-      data: results.results
-    };
-
-    res.send(r);
-  }).catch((err) => {
-    console.log('ERROR - /user/list', err);
-    return res.send({recordsTotal: 0, recordsFiltered: 0, data: []});
-  });
-});
-
-app.post('/user/create', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.body || !req.body.userId || !req.body.userName || !req.body.password) {
-    return res.molochError(403, 'Missing/Empty required fields');
-  }
-
-  if (req.body.userId.match(/[^@\w.-]/)) {
-    return res.molochError(403, 'User ID must be word characters');
-  }
-
-  if (req.body.userId === '_moloch_shared') {
-    return res.molochError(403, 'User ID cannot be the same as the shared moloch user');
-  }
-
-  Db.getUser(req.body.userId, function(err, user) {
-    if (!user || user.found) {
-      console.log('Trying to add duplicate user', err, user);
-      return res.molochError(403, 'User already exists');
-    }
-
-    let nuser = {
-      userId: req.body.userId,
-      userName: req.body.userName,
-      expression: req.body.expression,
-      passStore: Config.pass2store(req.body.userId, req.body.password),
-      enabled: req.body.enabled === true,
-      webEnabled: req.body.webEnabled === true,
-      emailSearch: req.body.emailSearch === true,
-      headerAuthEnabled: req.body.headerAuthEnabled === true,
-      createEnabled: req.body.createEnabled === true,
-      removeEnabled: req.body.removeEnabled === true,
-      packetSearch: req.body.packetSearch === true,
-      timeLimit: req.body.timeLimit,
-      hideStats: req.body.hideStats === true,
-      hideFiles: req.body.hideFiles === true,
-      hidePcap: req.body.hidePcap === true,
-      disablePcapDownload: req.body.disablePcapDownload === true,
-      welcomeMsgNum: 0
-    };
-
-    // console.log('Creating new user', nuser);
-    Db.setUser(req.body.userId, nuser, function(err, info) {
-      if (!err) {
-        return res.send(JSON.stringify({success: true, text:'User created succesfully'}));
-      } else {
-        console.log('ERROR - add user', err, info);
-        return res.molochError(403, err);
-      }
-    });
-  });
-});
-
-app.put('/user/:userId/acknowledgeMsg', [noCacheJson, logAction(), checkCookieToken], function (req, res) {
-  if (!req.body.msgNum) {
-    return res.molochError(403, 'Message number required');
-  }
-
-  if (req.params.userId !== req.user.userId) {
-    return res.molochError(403, 'Can not change other users msg');
-  }
-
-  Db.getUser(req.params.userId, function (err, user) {
-    if (err || !user.found) {
-      console.log('update user failed', err, user);
-      return res.molochError(403, 'User not found');
-    }
-    user = user._source;
-
-    user.welcomeMsgNum = parseInt(req.body.msgNum);
-
-    Db.setUser(req.params.userId, user, function (err, info) {
-      if (Config.debug) {
-        console.log('setUser', user, err, info);
-      }
-      return res.send(JSON.stringify({
-        success: true,
-        text: `User, ${req.params.userId}, dismissed message ${req.body.msgNum}`
-      }));
-    });
-  });
-});
-
-app.post('/user/delete', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (req.body.userId === req.user.userId) {
-    return res.molochError(403, 'Can not delete yourself');
-  }
-
-  Db.deleteUser(req.body.userId, function(err, data) {
-    setTimeout(function () {
-      res.send(JSON.stringify({success: true, text: 'User deleted successfully'}));
-    }, 200);
-  });
-});
-
-app.post('/user/update', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (req.body.userId === undefined) {
-    return res.molochError(403, 'Missing userId');
-  }
-
-  if (req.body.userId === "_moloch_shared") {
-    return res.molochError(403, '_moloch_shared is a shared user. This users settings cannot be updated');
-  }
-
-  /*if (req.params.userId === req.user.userId && req.query.createEnabled !== undefined && req.query.createEnabled !== "true") {
-    return res.send(JSON.stringify({success: false, text: "Can not turn off your own admin privileges"}));
-  }*/
-
-  Db.getUser(req.body.userId, function(err, user) {
-    if (err || !user.found) {
-      console.log('update user failed', err, user);
-      return res.molochError(403, 'User not found');
-    }
-    user = user._source;
-
-    user.enabled = req.body.enabled === true;
-
-    if (req.body.expression !== undefined) {
-      if (req.body.expression.match(/^\s*$/)) {
-        delete user.expression;
-      } else {
-        user.expression = req.body.expression;
-      }
-    }
-
-    if (req.body.userName !== undefined) {
-      if (req.body.userName.match(/^\s*$/)) {
-        console.log("ERROR - empty username", req.body);
-        return res.molochError(403, 'Username can not be empty');
-      } else {
-        user.userName = req.body.userName;
-      }
-    }
-
-    user.webEnabled = req.body.webEnabled === true;
-    user.emailSearch = req.body.emailSearch === true;
-    user.headerAuthEnabled = req.body.headerAuthEnabled === true;
-    user.removeEnabled = req.body.removeEnabled === true;
-    user.packetSearch = req.body.packetSearch === true;
-    user.hideStats = req.body.hideStats === true;
-    user.hideFiles = req.body.hideFiles === true;
-    user.hidePcap = req.body.hidePcap === true;
-    user.disablePcapDownload = req.body.disablePcapDownload === true;
-    user.timeLimit = req.body.timeLimit ? parseInt(req.body.timeLimit) : undefined;
-
-    // Can only change createEnabled if it is currently turned on
-    if (req.body.createEnabled !== undefined && req.user.createEnabled) {
-      user.createEnabled = req.body.createEnabled === true;
-    }
-
-    Db.setUser(req.body.userId, user, function(err, info) {
-      if (Config.debug) {
-        console.log("setUser", user, err, info);
-      }
-      return res.send(JSON.stringify({success: true, text:'User "' + req.body.userId + '" updated successfully'}));
-    });
-  });
-});
-
-app.post('/state/:name', [noCacheJson, checkCookieToken, logAction()], (req, res) => {
-  Db.getUser(req.user.userId, function(err, user) {
-    if (err || !user.found) {
-      console.log("save state failed", err, user);
-      return res.molochError(403, "Unknown user");
-    }
-    user = user._source;
-
-    if (!user.tableStates) {
-      user.tableStates = {};
-    }
-    user.tableStates[req.params.name] = req.body;
-    Db.setUser(user.userId, user, function(err, info) {
-      if (err) {
-        console.log("state error", err, info);
-        return res.molochError(403, "state update failed");
-      }
-      return res.send(JSON.stringify({success: true, text: "updated state successfully"}));
-    });
-  });
-});
-
-app.get('/state/:name', [noCacheJson], function(req, res) {
-  if (!req.user.tableStates || !req.user.tableStates[req.params.name]) {
-    return res.send("{}");
-  }
-
-  // Fix for new names
-  if (req.params.name === "sessionsNew" && req.user.tableStates && req.user.tableStates.sessionsNew) {
-    let item = req.user.tableStates.sessionsNew;
-    if (item.visibleHeaders) {
-      item.visibleHeaders = item.visibleHeaders.map(oldDB2newDB);
-    }
-    if (item.order && item.order.length > 0) {
-      item.order[0][0] = oldDB2newDB(item.order[0][0]);
-    }
-  }
-
-  return res.send(req.user.tableStates[req.params.name]);
-});
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Session Add/Remove Tags
-//////////////////////////////////////////////////////////////////////////////////
-function addTagsList (allTagNames, sessionList, doneCb) {
-  if (!sessionList.length) {
-    console.log('No sessions to add tags to');
-    return doneCb(null);
-  }
-
-  async.eachLimit(sessionList, 10, function (session, nextCb) {
-    if (!session._source && !session.fields) {
-      console.log('No Fields', session);
-      return nextCb(null);
-    }
-
-    let node = (Config.get('multiES', false) && session._node) ? session._node : undefined;
-
-    Db.addTagsToSession(session._index, session._id, allTagNames, node, function (err, data) {
-      if (err) { console.log('addTagsList error', session, err, data); }
-      nextCb(null);
-    });
-  }, doneCb);
-}
-
-function removeTagsList(res, allTagNames, sessionList) {
-  if (!sessionList.length) {
-    return res.molochError(200, 'No sessions to remove tags from');
-  }
-
-  async.eachLimit(sessionList, 10, function(session, nextCb) {
-    if (!session._source && !session.fields) {
-      console.log('No Fields', session);
-      return nextCb(null);
-    }
-
-    let node = (Config.get('multiES', false) && session._node) ? session._node : undefined;
-
-    Db.removeTagsFromSession(session._index, session._id, allTagNames, node, function (err, data) {
-      if (err) { console.log('removeTagsList error', session, err, data); }
-      nextCb(null);
-    });
-  }, function (err) {
-    return res.send(JSON.stringify({success: true, text: 'Tags removed successfully'}));
-  });
-}
-
-app.post('/addTags', [noCacheJson, checkHeaderToken, logAction()], function(req, res) {
-  var tags = [];
-  if (req.body.tags) {
-    tags = req.body.tags.replace(/[^-a-zA-Z0-9_:,]/g, "").split(",");
-  }
-
-  if (tags.length === 0) { return res.molochError(200, "No tags specified"); }
-
-  if (req.body.ids) {
-    var ids = queryValueToArray(req.body.ids);
-
-    sessionsListFromIds(req, ids, ["tags", "node"], function(err, list) {
-      if (!list.length) {
-        return res.molochError(200, 'No sessions to add tags to');
-      }
-      addTagsList(tags, list, function () {
-        return res.send(JSON.stringify({success: true, text: "Tags added successfully"}));
-      });
-    });
-  } else {
-    sessionsListFromQuery(req, res, ["tags", "node"], function(err, list) {
-      if (!list.length) {
-        return res.molochError(200, 'No sessions to add tags to');
-      }
-      addTagsList(tags, list, function () {
-        return res.send(JSON.stringify({success: true, text: "Tags added successfully"}));
-      });
-    });
-  }
-});
-
-app.post('/removeTags', [noCacheJson, checkHeaderToken, logAction(), checkPermissions(['removeEnabled'])], (req, res) => {
-  var tags = [];
-  if (req.body.tags) {
-    tags = req.body.tags.replace(/[^-a-zA-Z0-9_:,]/g, "").split(",");
-  }
-
-  if (tags.length === 0) { return res.molochError(200, "No tags specified"); }
-
-  if (req.body.ids) {
-    var ids = queryValueToArray(req.body.ids);
-
-    sessionsListFromIds(req, ids, ["tags"], function(err, list) {
-      removeTagsList(res, tags, list);
-    });
-  } else {
-    sessionsListFromQuery(req, res, ["tags"], function(err, list) {
-      removeTagsList(res, tags, list);
-    });
-  }
-});
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Packet Search
-//////////////////////////////////////////////////////////////////////////////////
-function packetSearch (packet, options) {
-  let found = false;
-
-  switch (options.searchType) {
-    case 'asciicase':
-      if (packet.toString().includes(options.search)) {
-        found = true;
-      }
-      break;
-    case 'ascii':
-      if (packet.toString().toLowerCase().includes(options.search.toLowerCase())) {
-        found = true;
-      }
-      break;
-    case 'regex':
-      if (options.regex && packet.toString().match(options.regex)) {
-        found = true;
-      }
-      break;
-    case 'hex':
-      if (packet.toString('hex').includes(options.search)) {
-        found = true;
-      }
-      break;
-    case 'hexregex':
-      if (options.regex && packet.toString('hex').match(options.regex)) {
-        found = true;
-      }
-      break;
-    default:
-      console.log('Invalid hunt search type');
-  }
-
-  return found;
-}
-
-function sessionHunt (sessionId, options, cb) {
-  if (options.type === 'reassembled') {
-    processSessionIdAndDecode(sessionId, options.size || 10000, function (err, session, packets) {
-      if (err) {
-        return cb(null, false);
-      }
-
-      let i = 0;
-      let increment = 1;
-      let len = packets.length;
-
-      if (options.src && !options.dst) {
-        increment = 2;
-      } else if (options.dst && !options.src) {
-        i = 1;
-        increment = 2;
-      }
-
-      for (i; i < len; i+=increment) {
-        if (packetSearch(packets[i].data, options)) { return cb(null, true); }
-      }
-
-      return cb(null, false);
-    });
-  } else if (options.type === 'raw') {
-    let packets = [];
-    processSessionId(sessionId, true, null, function (pcap, buffer, cb, i) {
-      if (options.src === options.dst) {
-        packets.push(buffer);
-      } else {
-          let packet = {};
-          pcap.decode(buffer, packet);
-          packet.data = buffer.slice(16);
-          packets.push(packet);
-      }
-      cb(null);
-    }, function(err, session) {
-      if (err) {
-        return cb(null, false);
-      }
-
-      let len = packets.length;
-      if (options.src === options.dst) {
-        // If search both src/dst don't need to check key
-        for (let i = 0; i < len; i++) {
-          if (packetSearch(packets[i], options)) { return cb(null, true); }
-        }
-      } else {
-        // If searching src NOR dst need to check key
-        let skey = Pcap.keyFromSession(session);
-        for (let i = 0; i < len; i++) {
-          let key = Pcap.key(packets[i]);
-          let isSrc = key === skey;
-          if (options.src && isSrc) {
-            if (packetSearch(packets[i].data, options)) { return cb(null, true); }
-          } else if (options.dst && !isSrc) {
-            if (packetSearch(packets[i].data, options)) { return cb(null, true); }
-          }
-        }
-      }
-      return cb(null, false);
-    },
-    options.size || 10000, 10);
-  }
-}
-
-function pauseHuntJobWithError (huntId, hunt, error, node) {
-  let errorMsg = `${hunt.name} (${huntId}) hunt ERROR: ${error.value}.`;
-  if (node) {
-    errorMsg += ` On ${node} node`;
-    error.node = node;
-  }
-
-  console.log(errorMsg);
-
-  error.time = Math.floor(Date.now() / 1000);
-
-  hunt.status = 'paused';
-
-  if (!hunt.errors) {
-    hunt.errors = [ error ];
-  } else {
-    hunt.errors.push(error);
-  }
-
-  function continueProcess () {
-    Db.setHunt(huntId, hunt, (err, info) => {
-      internals.runningHuntJob = undefined;
-      if (err) {
-        console.log('Error adding errors and pausing hunt job', err, info);
-        return;
-      }
-      processHuntJobs();
-    });
-  }
-
-  let message = `*${hunt.name}* hunt job paused with error: *${error.value}*\n*${hunt.matchedSessions}* matched sessions out of *${hunt.searchedSessions}* searched sessions`;
-  issueAlert(hunt.notifier, message, continueProcess);
-}
-
-function updateHuntStats (hunt, huntId, session, searchedSessions, cb) {
-  // update the hunt with number of matchedSessions and searchedSessions
-  // and the date of the first packet of the last searched session
-  let lastPacketTime = session.lastPacket;
-  let now = Math.floor(Date.now() / 1000);
-
-  if ((now - hunt.lastUpdated) >= 2) { // only update every 2 seconds
-    Db.get('hunts', 'hunt', huntId, (err, huntHit) => {
-      if (!huntHit || !huntHit.found) { // hunt hit not found, likely deleted
-        return cb('undefined');
-      }
-
-      if (err) {
-        let errorText = `Error finding hunt: ${hunt.name} (${huntId}): ${err}`;
-        pauseHuntJobWithError(huntId, hunt, { value: errorText });
-        return cb({ success: false, text: errorText });
-      }
-
-      hunt.status = huntHit._source.status;
-      hunt.lastUpdated = now;
-      hunt.searchedSessions = searchedSessions;
-      hunt.lastPacketTime = lastPacketTime;
-
-      Db.setHunt(huntId, hunt, () => {});
-
-      if (hunt.status === 'paused') {
-        return cb('paused');
-      } else {
-        return cb(null);
-      }
-    });
-  } else {
-    return cb(null);
-  }
-}
-
-function updateSessionWithHunt (session, sessionId, hunt, huntId) {
-  Db.addHuntToSession(Db.sid2Index(sessionId), Db.sid2Id(sessionId), huntId, hunt.name, (err, data) => {
-    if (err) { console.log('add hunt info error', session, err, data); }
-  });
-}
-
-function buildHuntOptions (hunt) {
-  let options = {
-    src: hunt.src,
-    dst: hunt.dst,
-    size: hunt.size,
-    type: hunt.type,
-    search: hunt.search,
-    searchType: hunt.searchType
-  };
-
-  if (hunt.searchType === 'regex' || hunt.searchType === 'hexregex') {
-    try {
-      options.regex = new RE2(hunt.search);
-    } catch (e) {
-      pauseHuntJobWithError(hunt.huntId, hunt, { value: `Hunt error with regex: ${e}` });
-    }
-  }
-
-  return options;
-}
-
-// Actually do the search against ES and process the results.
-function runHuntJob (huntId, hunt, query, user) {
-  let options = buildHuntOptions(hunt);
-  let searchedSessions;
-
-  Db.search('sessions2-*', 'session', query, {scroll: '600s'}, function getMoreUntilDone (err, result) {
-    if (err || result.error) {
-      pauseHuntJobWithError(huntId, hunt, { value: `Hunt error searching sessions: ${err}` });
-      return;
-    }
-
-    let hits = result.hits.hits;
-
-    if (searchedSessions === undefined) {
-      searchedSessions = hunt.searchedSessions || 0;
-      // if the session query results length is not equal to the total sessions that the hunt
-      // job is searching, update the hunt total sessions so that the percent works correctly
-      if (hunt.totalSessions !== (result.hits.total + searchedSessions)) {
-        hunt.totalSessions = result.hits.total + searchedSessions;
-      }
-    }
-
-    async.forEachLimit(hits, 3, function (hit, cb) {
-      searchedSessions++;
-      let session = hit._source;
-      let sessionId = Db.session2Sid(hit);
-      let node = session.node;
-
-      // There is no files, this is a fake session, don't hunt it
-      if (session.fileId === undefined || session.fileId.length === 0) {
-          return updateHuntStats(hunt, huntId, session, searchedSessions, cb);
-      }
-
-      isLocalView(node, function () {
-        sessionHunt(sessionId, options, function (err, matched) {
-          if (err) {
-            return pauseHuntJobWithError(huntId, hunt, { value: `Hunt error searching session (${sessionId}): ${err}` }, node);
-          }
-
-          if (matched) {
-            hunt.matchedSessions++;
-            updateSessionWithHunt(session, sessionId, hunt, huntId);
-          }
-
-          updateHuntStats(hunt, huntId, session, searchedSessions, cb);
-        });
-      },
-      function () { // Check Remotely
-        let path = `${node}/hunt/${huntId}/remote/${sessionId}`;
-
-        makeRequest (node, path, user, (err, response) => {
-          if (err) {
-            return pauseHuntJobWithError(huntId, hunt, { value: `Error hunting on remote viewer: ${err}` }, node);
-          }
-          let json = JSON.parse(response);
-          if (json.error) {
-            console.log(`Error hunting on remote viewer: ${json.error} - ${path}`);
-            return pauseHuntJobWithError(huntId, hunt, { value: `Error hunting on remote viewer: ${json.error}` }, node);
-          }
-          if (json.matched) { hunt.matchedSessions++; }
-          return updateHuntStats(hunt, huntId, session, searchedSessions, cb);
-        });
-      });
-    }, function (err) { // done running this section of hunt job
-
-      // Some kind of error, stop now
-      if (err === 'paused' || err === 'undefined') {
-        internals.runningHuntJob = undefined;
-        return;
-      }
-
-      // There might be more, issue another scroll
-      if (result.hits.hits.length !== 0) {
-        return Db.scroll({ body: { scroll_id: result._scroll_id }, scroll: '600s' }, getMoreUntilDone);
-      }
-
-      Db.clearScroll({ body: { scroll_id: result._scroll_id } });
-
-      // We are totally done with this hunt
-      hunt.status = 'finished';
-      hunt.searchedSessions = hunt.totalSessions;
-
-      function continueProcess () {
-        Db.setHunt(huntId, hunt, (err, info) => {
-          internals.runningHuntJob = undefined;
-          processHuntJobs(); // Start new hunt
-        });
-      }
-
-      if (hunt.notifier) {
-        let message = `*${hunt.name}* hunt job finished:\n*${hunt.matchedSessions}* matched sessions out of *${hunt.searchedSessions}* searched sessions`;
-        issueAlert(hunt.notifier, message, continueProcess);
-      } else {
-        return continueProcess();
-      }
-    });
-  });
-}
-
-
-// Do the house keeping before actually running the hunt job
-function processHuntJob (huntId, hunt) {
-  let now = Math.floor(Date.now() / 1000);
-
-  hunt.lastUpdated = now;
-  if (!hunt.started) { hunt.started = now; }
-
-  Db.setHunt(huntId, hunt, (err, info) => {
-    if (err) {
-      pauseHuntJobWithError(huntId, hunt, { value: `Error starting hunt job: ${err} ${info}` });
-      return;
-    }
-  });
-
-  getUserCacheIncAnon(hunt.userId, (err, user) => {
-    if (err && !user) {
-      pauseHuntJobWithError(huntId, hunt, { value: err });
-      return;
-    }
-    if (!user || !user.found) {
-      pauseHuntJobWithError(huntId, hunt, { value: `User ${hunt.userId} doesn't exist` });
-      return;
-    }
-    if (!user.enabled) {
-      pauseHuntJobWithError(huntId, hunt, { value: `User ${hunt.userId} is not enabled` });
-      return;
-    }
-
-    Db.getLookupsCache(hunt.userId, (err, lookups) => {
-      let fakeReq = {
-        user: user,
-        query: {
-          from: 0,
-          size: 100, // only fetch 100 items at a time
-          _source: ['_id', 'node'],
-          sort: 'lastPacket:asc'
-        }
-      };
-
-      if (hunt.query.expression) {
-        fakeReq.query.expression = hunt.query.expression;
-      }
-
-      if (hunt.query.view) {
-        fakeReq.query.view = hunt.query.view;
-      }
-
-      buildSessionQuery(fakeReq, (err, query, indices) => {
-        if (err) {
-          pauseHuntJobWithError(huntId, hunt, {
-            value: 'Fatal Error: Session query expression parse error. Fix your search expression and create a new hunt.'
-          });
-          return;
-        }
-
-        // get the size of the query if it is being restarted
-        if (hunt.lastPacketTime) {
-          query.size = hunt.totalSessions - hunt.searchedSessions;
-        }
-
-        lookupQueryItems(query.query.bool.filter, (lerr) => {
-          query.query.bool.filter[0] = {
-            range: {
-              lastPacket: {
-                gte: hunt.lastPacketTime || hunt.query.startTime * 1000,
-                lt: hunt.query.stopTime * 1000
-              }
-            }
-          };
-
-          query._source = ['lastPacket', 'node', 'huntId', 'huntName', 'fileId'];
-
-          if (Config.debug > 2) {
-            console.log('HUNT', hunt.name, hunt.userId, '- start:', new Date(hunt.lastPacketTime || hunt.query.startTime * 1000), 'stop:', new Date(hunt.query.stopTime * 1000));
-          }
-
-          // do sessions query
-          runHuntJob(huntId, hunt, query, user);
-        });
-      });
-    });
-  });
-}
-
-// Kick off the process of running a hunt job
-// cb is optional and is called either when a job has been started or end of function
-function processHuntJobs (cb) {
-  if (Config.debug) {
-    console.log('HUNT - processing hunt jobs');
-  }
-
-  if (internals.runningHuntJob) { return (cb ? cb() : null); }
-  internals.runningHuntJob = true;
-
-  let query = {
-    size: 10000,
-    sort: { created: { order: 'asc' } },
-    query: { terms: { status: ['queued', 'paused', 'running'] } }
-  };
-
-  Db.searchHunt(query)
-    .then((hunts) => {
-      if (hunts.error) { throw hunts.error; }
-
-      for (let i = 0, ilen = hunts.hits.hits.length; i < ilen; i++) {
-        var hit = hunts.hits.hits[i];
-        var hunt = hit._source;
-        let id = hit._id;
-
-        if (hunt.status === 'running') { // there is a job already running
-          internals.runningHuntJob = hunt;
-          if (!internals.proccessHuntJobsInitialized) {
-            internals.proccessHuntJobsInitialized = true;
-            // restart the abandoned hunt
-            processHuntJob(id, hunt);
-          }
-          return (cb ? cb() : null);
-        } else if (hunt.status === 'queued') { // get the first queued hunt
-          internals.runningHuntJob = hunt;
-          hunt.status = 'running'; // update the hunt job
-          processHuntJob(id, hunt);
-          return (cb ? cb() : null);
-        }
-      }
-
-      // Made to the end without starting a job
-      internals.proccessHuntJobsInitialized = true;
-      internals.runningHuntJob = undefined;
-      return (cb?cb():null);
-    }).catch(err => {
-      console.log('Error fetching hunt jobs', err);
-      return (cb?cb():null);
-    });
-}
-
-function updateHuntStatus (req, res, status, successText, errorText) {
-  Db.get('hunts', 'hunt', req.params.id, (err, hit) => {
-    if (err) {
-      console.log(errorText, err, hit);
-      return res.molochError(500, errorText);
-    }
-
-    // don't let a user play a hunt job if one is already running
-    if (status === 'running' && internals.runningHuntJob) {
-      return res.molochError(403, 'You cannot start a new hunt until the running job completes or is paused.');
-    }
-
-    let hunt = hit._source;
-
-    // if hunt is finished, don't allow pause
-    if (hunt.status === 'finished' && status === 'paused') {
-      return res.molochError(403, 'You cannot pause a completed hunt.');
-    }
-
-    // clear the running hunt job if this is it
-    if (hunt.status === 'running') { internals.runningHuntJob = undefined; }
-    hunt.status = status; // update the hunt job
-
-    Db.setHunt(req.params.id, hunt, (err, info) => {
-      if (err) {
-        console.log(errorText, err, info);
-        return res.molochError(500, errorText);
-      }
-      res.send(JSON.stringify({success: true, text: successText}));
-      processHuntJobs();
-    });
-  });
-}
-
-app.post('/hunt', [noCacheJson, logAction('hunt'), checkCookieToken, checkPermissions(['packetSearch'])], (req, res) => {
-  // make sure viewer is not multi
-  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
-  // make sure all the necessary data is included in the post body
-  if (!req.body.hunt) { return res.molochError(403, 'You must provide a hunt object'); }
-  if (!req.body.hunt.totalSessions) { return res.molochError(403, 'This hunt does not apply to any sessions'); }
-  if (!req.body.hunt.name) { return res.molochError(403, 'Missing hunt name'); }
-  if (!req.body.hunt.size) { return res.molochError(403, 'Missing max mumber of packets to examine per session'); }
-  if (!req.body.hunt.search) { return res.molochError(403, 'Missing packet search text'); }
-  if (!req.body.hunt.src && !req.body.hunt.dst) {
-    return res.molochError(403, 'The hunt must search source or destination packets (or both)');
-  }
-  if (!req.body.hunt.query) { return res.molochError(403, 'Missing query'); }
-  if (req.body.hunt.query.startTime === undefined || req.body.hunt.query.stopTime === undefined) {
-    return res.molochError(403, 'Missing fully formed query (must include start time and stop time)');
-  }
-
-  let searchTypes = [ 'ascii', 'asciicase', 'hex', 'wildcard', 'regex', 'hexregex' ];
-  if (!req.body.hunt.searchType) { return res.molochError(403, 'Missing packet search text type'); }
-  else if (searchTypes.indexOf(req.body.hunt.searchType) === -1) {
-    return res.molochError(403, 'Improper packet search text type. Must be "ascii", "asciicase", "hex", "wildcard", "hexregex", or "regex"');
-  }
-
-  if (!req.body.hunt.type) { return res.molochError(403, 'Missing packet search type (raw or reassembled packets)'); }
-  else if (req.body.hunt.type !== 'raw' && req.body.hunt.type !== 'reassembled') {
-    return res.molochError(403, 'Improper packet search type. Must be "raw" or "reassembled"');
-  }
-
-  let limit = req.user.createEnabled ? Config.get('huntAdminLimit', 10000000) : Config.get('huntLimit', 1000000);
-  if (parseInt(req.body.hunt.totalSessions) > limit) {
-    return res.molochError(403, `This hunt applies to too many sessions. Narrow down your session search to less than ${limit} first.`);
-  }
-
-  let now = Math.floor(Date.now() / 1000);
-
-  req.body.hunt.name = req.body.hunt.name.replace(/[^-a-zA-Z0-9_: ]/g, '');
-
-  let hunt = req.body.hunt;
-  hunt.created = now;
-  hunt.status = 'queued'; // always starts as queued
-  hunt.userId = req.user.userId;
-  hunt.matchedSessions = 0; // start with no matches
-  hunt.searchedSessions = 0; // start with no sessions searched
-  hunt.query = { // only use the necessary query items
-    expression: req.body.hunt.query.expression,
-    startTime: req.body.hunt.query.startTime,
-    stopTime: req.body.hunt.query.stopTime,
-    view: req.body.hunt.query.view
-  };
-
-  Db.createHunt(hunt, function (err, result) {
-    if (err) { console.log('create hunt error', err, result); }
-    hunt.id = result._id;
-    processHuntJobs( () => {
-      return res.send(JSON.stringify({ success: true, hunt: hunt }));
-    });
-  });
-});
-
-app.get('/hunt/list', [noCacheJson, recordResponseTime, checkPermissions(['packetSearch']), setCookie], (req, res) => {
-  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
-
-  let query = {
-    sort: {},
-    from: parseInt(req.query.start) || 0,
-    size: parseInt(req.query.length) || 10000,
-    query: { bool: { must: [] } }
-  };
-
-  query.sort[req.query.sortField || 'created'] = { order: req.query.desc === 'true' ? 'desc': 'asc'};
-
-  if (req.query.history) { // only get finished jobs
-    query.query.bool.must.push({ term: { status: 'finished' } });
-    if (req.query.searchTerm) { // apply search term
-      query.query.bool.must.push({
-        query_string: {
-          query : req.query.searchTerm,
-          fields: ['name', 'userId']
-        }
-      });
-    }
-  } else { // get queued, paused, and running jobs
-    query.from = 0;
-    query.size = 1000;
-    query.query.bool.must.push({ terms: { status: ['queued', 'paused', 'running'] } });
-  }
-
-  if (Config.debug) {
-    console.log('hunt query:', JSON.stringify(query, null, 2));
-  }
-
-  Promise.all([Db.searchHunt(query),
-               Db.numberOfHunts()])
-    .then(([hunts, total]) => {
-      if (hunts.error) { throw hunts.error; }
-
-      let runningJob;
-
-      let results = { total: hunts.hits.total, results: [] };
-      for (let i = 0, ilen = hunts.hits.hits.length; i < ilen; i++) {
-        const hit = hunts.hits.hits[i];
-        let hunt = hit._source;
-        hunt.id = hit._id;
-        hunt.index = hit._index;
-        // don't add the running job to the queue
-        if (internals.runningHuntJob && hunt.status === 'running') {
-          runningJob = hunt;
-          continue;
-        }
-
-        // Since hunt isn't cached we can just modify
-        if (!req.user.createEnabled && req.user.userId !== hunt.userId) {
-          hunt.search = '';
-          hunt.searchType = '';
-          hunt.id = '';
-          hunt.userId = '';
-          delete hunt.query;
-        }
-        results.results.push(hunt);
-      }
-
-      const r = {
-        recordsTotal: total.count,
-        recordsFiltered: results.total,
-        data: results.results,
-        runningJob: runningJob
-      };
-
-      res.send(r);
-    }).catch(err => {
-      console.log('ERROR - /hunt/list', err);
-      return res.molochError(500, 'Error retrieving hunts - ' + err);
-    });
-});
-
-app.delete('/hunt/:id', [noCacheJson, logAction('hunt/:id'), checkCookieToken, checkPermissions(['packetSearch']), checkHuntAccess], (req, res) => {
-  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
-
-  Db.deleteHuntItem(req.params.id, function (err, result) {
-    if (err || result.error) {
-      console.log('ERROR - deleting hunt item', err || result.error);
-      return res.molochError(500, 'Error deleting hunt item');
-    } else {
-      res.send(JSON.stringify({success: true, text: 'Deleted hunt item successfully'}));
-    }
-  });
-});
-
-app.put('/hunt/:id/pause', [noCacheJson, logAction('hunt/:id/pause'), checkCookieToken, checkPermissions(['packetSearch']), checkHuntAccess], (req, res) => {
-  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
-  updateHuntStatus(req, res, 'paused', 'Paused hunt item successfully', 'Error pausing hunt job');
-});
-
-app.put('/hunt/:id/play', [noCacheJson, logAction('hunt/:id/play'), checkCookieToken, checkPermissions(['packetSearch']), checkHuntAccess], (req, res) => {
-  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
-  updateHuntStatus(req, res, 'queued', 'Queued hunt item successfully', 'Error starting hunt job');
-});
-
-app.get('/:nodeName/hunt/:huntId/remote/:sessionId', [noCacheJson], function (req, res) {
-  let huntId = req.params.huntId;
-  let sessionId = req.params.sessionId;
-
-  // fetch hunt and session
-  Promise.all([Db.get('hunts', 'hunt', huntId),
-               Db.get(Db.sid2Index(sessionId), 'session', Db.sid2Id(sessionId))])
-    .then(([hunt, session]) => {
-      if (hunt.error || session.error) { res.send({ matched: false }); }
-
-      hunt = hunt._source;
-      session = session._source;
-
-      let options = buildHuntOptions(hunt);
-
-      sessionHunt(sessionId, options, function (err, matched) {
-        if (err) {
-          return res.send({ matched: false, error: err });
-        }
-
-        if (matched) {
-          updateSessionWithHunt(session, sessionId, hunt, huntId);
-        }
-
-        return res.send({ matched: matched });
-      });
-    }).catch((err) => {
-      console.log('ERROR - hunt/remote', err);
-      res.send({ matched: false, error: err });
-    });
-});
-
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Lookups
-//////////////////////////////////////////////////////////////////////////////////
-let lookupMutex = new Mutex();
-
-app.get('/lookups', [noCacheJson, getSettingUserCache, recordResponseTime], function (req, res) {
-  // return nothing if we can't find the user
-  const user = req.settingUser;
-  if (!user) { return res.send({}); }
-
-  const map = req.query.map && req.query.map === 'true';
-
-  // only get lookups for setting user or shared
-  let query = {
-    query: {
-      bool: {
-        must: [
-          {
-            bool: {
-              should: [
-                { term: { shared: true } },
-                { term: { userId: req.settingUser.userId } }
-              ]
-            }
-          }
-        ]
-
-      }
-    },
-    sort: {},
-    size: req.query.length || 50,
-    from: req.query.start || 0
-  };
-
-  query.sort[req.query.sort || 'name'] = {
-    order: req.query.desc === 'true' ? 'desc' : 'asc'
-  };
-
-  if (req.query.searchTerm) {
-    query.query.bool.must.push({
-      wildcard: { name: '*' + req.query.searchTerm + '*' }
-    });
-  }
-
-  // if fieldType exists, filter it
-  if (req.query.fieldType) {
-    const fieldType = internals.lookupTypeMap[req.query.fieldType];
-
-    if (fieldType) {
-      query.query.bool.must.push({
-        exists: { field: fieldType }
-      });
-    }
-  }
-
-  Promise.all([
-    Db.searchLookups(query),
-    Db.numberOfDocuments('lookups')
-  ]).then(([lookups, total]) => {
-    if (lookups.error) { throw lookups.error; }
-
-    let results = { list: [], map: {} };
-    for (const hit of lookups.hits.hits) {
-      let lookup = hit._source;
-      lookup.id = hit._id;
-
-      if (lookup.number) {
-        lookup.type = 'number';
-      } else if (lookup.ip) {
-        lookup.type = 'ip';
-      } else {
-        lookup.type = 'string';
-      }
-
-      const values = lookup[lookup.type];
-
-      if (req.query.fieldFormat && req.query.fieldFormat === 'true') {
-        const name = `$${lookup.name}`;
-        lookup.exp = name;
-        lookup.dbField = name;
-        lookup.help = lookup.description ?
-          `${lookup.description}: ${values.join(', ')}` :
-          `${values.join(',')}`;
-      }
-
-      lookup.value = values.join('\n');
-      delete lookup[lookup.type];
-
-      if (map) {
-        results.map[lookup.id] = lookup;
-      } else {
-        results.list.push(lookup);
-      }
-    }
-
-    const sendResults = map ? results.map : {
-      recordsTotal: total.count,
-      recordsFiltered: lookups.hits.total,
-      data: results.list
-    };
-
-    res.send(sendResults);
-  }).catch((err) => {
-    console.log('ERROR - /lookups', err);
-    return res.molochError(500, 'Error retrieving lookups - ' + err);
-  });
-});
-
-function createLookupsArray (lookupsString) {
-  // split string on commas and newlines
-  let values = lookupsString.split(/[,\n]+/g);
-
-  // remove any empty values
-  values = values.filter(function (val) {
-    return val !== '';
-  });
-
-  return values;
-}
-
-app.post('/lookups', [noCacheJson, getSettingUserDb, logAction('lookups'), checkCookieToken], function (req, res) {
-  // make sure all the necessary data is included in the post body
-  if (!req.body.var) { return res.molochError(403, 'Missing shortcut'); }
-  if (!req.body.var.name) { return res.molochError(403, 'Missing shortcut name'); }
-  if (!req.body.var.type) { return res.molochError(403, 'Missing shortcut type'); }
-  if (!req.body.var.value) { return res.molochError(403, 'Missing shortcut value'); }
-
-  req.body.var.name = req.body.var.name.replace(/[^-a-zA-Z0-9_]/g, '');
-
-  // return nothing if we can't find the user
-  const user = req.settingUser;
-  if (!user) { return res.send({}); }
-
-  const query = {
-    query: {
-      bool: {
-        must: [
-          { term: { name: req.body.var.name } }
-        ]
-      }
-    }
-  };
-
-  lookupMutex.lock().then(() => {
-    Db.searchLookups(query)
-      .then((lookups) => {
-        // search for lookup name collision
-        for (const hit of lookups.hits.hits) {
-          let lookup = hit._source;
-          if (lookup.name === req.body.var.name) {
-            lookupMutex.unlock();
-            return res.molochError(403, `A shortcut with the name, ${req.body.var.name}, already exists`);
-          }
-        }
-
-        let variable = req.body.var;
-        variable.userId = user.userId;
-
-        // comma/newline separated value -> array of values
-        const values = createLookupsArray(variable.value);
-        variable[variable.type] = values;
-
-        const type = variable.type;
-        delete variable.type;
-        delete variable.value;
-
-        Db.createLookup(variable, user.userId, function (err, result) {
-          if (err) {
-            console.log('shortcut create failed', err, result);
-            lookupMutex.unlock();
-            return res.molochError(500, 'Creating shortcut failed');
-          }
-          variable.id = result._id;
-          variable.type = type;
-          variable.value = values.join('\n');
-          delete variable.ip;
-          delete variable.string;
-          delete variable.number;
-          lookupMutex.unlock();
-          return res.send(JSON.stringify({ success: true, var: variable }));
-        });
-      }).catch((err) => {
-        console.log('ERROR - /lookups', err);
-        lookupMutex.unlock();
-        return res.molochError(500, 'Error creating lookup - ' + err);
-      });
-  });
-});
-
-app.put('/lookups/:id', [noCacheJson, getSettingUserDb, logAction('lookups/:id'), checkCookieToken], function (req, res) {
-  // make sure all the necessary data is included in the post body
-  if (!req.body.var) { return res.molochError(403, 'Missing shortcut'); }
-  if (!req.body.var.name) { return res.molochError(403, 'Missing shortcut name'); }
-  if (!req.body.var.type) { return res.molochError(403, 'Missing shortcut type'); }
-  if (!req.body.var.value) { return res.molochError(403, 'Missing shortcut value'); }
-
-  let sentVar = req.body.var;
-
-  Db.getLookup(req.params.id, (err, fetchedVar) => { // fetch variable
-    if (err) {
-      console.log('fetching shortcut to update failed', err, fetchedVar);
-      return res.molochError(500, 'Fetching shortcut to update failed');
-    }
-
-    if (fetchedVar._source.locked) {
-      return res.molochError(403, 'Locked Shortcut. Use db.pl script to update this shortcut.');
-    }
-
-    // only allow admins or lookup creator to update lookup item
-    if (!req.user.createEnabled && req.settingUser.userId !== fetchedVar._source.userId) {
-      return res.molochError(403, 'Permission denied');
-    }
-
-    // comma/newline separated value -> array of values
-    const values = createLookupsArray(sentVar.value);
-    sentVar[sentVar.type] = values;
-    sentVar.userId = fetchedVar._source.userId;
-
-    delete sentVar.type;
-    delete sentVar.value;
-
-    Db.setLookup(req.params.id, fetchedVar.userId, sentVar, (err, info) => {
-      if (err) {
-        console.log('shortcut update failed', err, info);
-        return res.molochError(500, 'Updating shortcut failed');
-      }
-
-      sentVar.value = values.join('\n');
-
-      return res.send(JSON.stringify({
-        success : true,
-        var     : sentVar,
-        text    : 'Successfully updated shortcut'
-      }));
-    });
-  });
-});
-
-app.delete('/lookups/:id', [noCacheJson, getSettingUserDb, logAction('lookups/:id'), checkCookieToken], function (req, res) {
-  Db.getLookup(req.params.id, (err, variable) => { // fetch variable
-    if (err) {
-      console.log('fetching shortcut to delete failed', err, variable);
-      return res.molochError(500, 'Fetching shortcut to delete failed');
-    }
-
-    // only allow admins or lookup creator to delete lookup item
-    if (!req.user.createEnabled && req.settingUser.userId !== variable._source.userId) {
-      return res.molochError(403, 'Permission denied');
-    }
-
-    Db.deleteLookup(req.params.id, variable.userId, function (err, result) {
-      if (err || result.error) {
-        console.log('ERROR - deleting shortcut', err || result.error);
-        return res.molochError(500, 'Error deleting shortcut');
-      } else {
-        res.send(JSON.stringify({success: true, text: 'Deleted shortcut successfully'}));
-      }
-    });
-  });
-});
-
-//////////////////////////////////////////////////////////////////////////////////
-//// SPI/PCAP Delete/Scrub
-//////////////////////////////////////////////////////////////////////////////////
-function pcapScrub(req, res, sid, whatToRemove, endCb) {
-  if (pcapScrub.scrubbingBuffers === undefined) {
-    pcapScrub.scrubbingBuffers = [Buffer.alloc(5000), Buffer.alloc(5000), Buffer.alloc(5000)];
-    pcapScrub.scrubbingBuffers[0].fill(0);
-    pcapScrub.scrubbingBuffers[1].fill(1);
-    const str = 'Scrubbed! Hoot! ';
-    for (let i = 0; i < 5000;) {
-      i += pcapScrub.scrubbingBuffers[2].write(str, i);
-    }
-  }
-
-  function processFile (pcap, pos, i, nextCb) {
-    pcap.ref();
-    pcap.readPacket(pos, function (packet) {
-      pcap.unref();
-      if (packet) {
-        if (packet.length > 16) {
-          try {
-            let obj = {};
-            pcap.decode(packet, obj);
-            pcap.scrubPacket(obj, pos, pcapScrub.scrubbingBuffers[0], whatToRemove === 'all');
-            pcap.scrubPacket(obj, pos, pcapScrub.scrubbingBuffers[1], whatToRemove === 'all');
-            pcap.scrubPacket(obj, pos, pcapScrub.scrubbingBuffers[2], whatToRemove === 'all');
-          } catch (e) {
-            console.log(`Couldn't scrub packet at ${pos} -`, e);
-          }
-          return nextCb(null);
-        } else {
-          console.log(`Couldn't scrub packet at ${pos}`);
-          return nextCb(null);
-        }
-      }
-    });
-  }
-
-  Db.getWithOptions(Db.sid2Index(sid), 'session', Db.sid2Id(sid), {_source: 'node,ipProtocol,packetPos'}, function (err, session) {
-    let fileNum;
-    let itemPos = 0;
-    const fields = session._source || session.fields;
-
-    if (whatToRemove === 'spi') { // just removing es data for session
-      Db.deleteDocument(session._index, 'session', session._id, function (err, data) {
-        return endCb(err, fields);
-      });
-    } else { // scrub the pcap
-      async.eachLimit(fields.packetPos, 10, function (pos, nextCb) {
-        if (pos < 0) {
-          fileNum = pos * -1;
-          return nextCb(null);
-        }
-
-        // Get the pcap file for this node a filenum, if it isn't opened then do the filename lookup and open it
-        let opcap = Pcap.get(`write${fields.node}:${fileNum}`);
-        if (!opcap.isOpen()) {
-          Db.fileIdToFile(fields.node, fileNum, function (file) {
-            if (!file) {
-              console.log(`WARNING - Only have SPI data, PCAP file no longer available.  Couldn't look up in file table ${fields.node}-${fileNum}`);
-              return nextCb(`Only have SPI data, PCAP file no longer available for ${fields.node}-${fileNum}`);
-            }
-
-            let ipcap = Pcap.get(`write${fields.node}:${file.num}`);
-
-            try {
-              ipcap.openReadWrite(file.name, file);
-            } catch (err) {
-              const errorMsg = `Couldn't open file for writing: ${err}`;
-              console.log(`Error - ${errorMsg}`);
-              return nextCb(errorMsg);
-            }
-
-            processFile(ipcap, pos, itemPos++, nextCb);
-          });
-        } else {
-          processFile(opcap, pos, itemPos++, nextCb);
-        }
-      },
-      function (pcapErr, results) {
-        if (whatToRemove === 'all') { // also remove the session data
-          Db.deleteDocument(session._index, 'session', session._id, function (err, data) {
-            return endCb(pcapErr, fields);
-          });
-        } else { // just set who/when scrubbed the pcap
-          // Do the ES update
-          const document = {
-            doc: {
-              scrubby: req.user.userId || '-',
-              scrubat: new Date().getTime()
-            }
-          };
-          Db.update(session._index, 'session', session._id, document, function (err, data) {
-            return endCb(pcapErr, fields);
-          });
-        }
-      });
-    }
-  });
-}
-
-app.get('/:nodeName/delete/:whatToRemove/:sid', [checkProxyRequest, checkPermissions(['removeEnabled'])], (req, res) => {
-  noCache(req, res);
-
-  res.statusCode = 200;
-
-  pcapScrub(req, res, req.params.sid, req.params.whatToRemove, (err) => {
-    res.end();
-  });
-});
-
-function scrubList(req, res, whatToRemove, list) {
-  if (!list) { return res.molochError(200, 'Missing list of sessions'); }
-
-  async.eachLimit(list, 10, function (item, nextCb) {
-    const fields = item._source || item.fields;
-
-    isLocalView(fields.node, function () {
-      // Get from our DISK
-      pcapScrub(req, res, Db.session2Sid(item), whatToRemove, nextCb);
-    },
-    function () {
-      // Get from remote DISK
-      let path = `${fields.node}/delete/${whatToRemove}/${Db.session2Sid(item)}`;
-      makeRequest(fields.node, path, req.user, function (err, response) {
-        setImmediate(nextCb);
-      });
-    });
-  }, function (err) {
-    let text;
-    if (whatToRemove === 'all') {
-      text = `Deletion PCAP and SPI of ${list.length} sessions complete. Give Elasticsearch 60 seconds to complete SPI deletion.`;
-    } else if (whatToRemove === 'spi') {
-      text = `Deletion SPI of ${list.length} sessions complete. Give Elasticsearch 60 seconds to complete SPI deletion.`;
-    } else {
-      text = `Scrubbing PCAP of ${list.length} sessions complete`;
-    }
-    return res.end(JSON.stringify({ success: true, text: text }));
-  });
-}
-
-app.post('/delete', [noCacheJson, checkCookieToken, logAction(), checkPermissions(['removeEnabled'])], (req, res) => {
-  if (req.query.removeSpi !== 'true' && req.query.removePcap !== 'true') {
-    return res.molochError(403, `You can't delete nothing`);
-  }
-
-  let whatToRemove;
-  if (req.query.removeSpi === 'true' && req.query.removePcap === 'true') {
-    whatToRemove = 'all';
-  } else if (req.query.removeSpi === 'true') {
-    whatToRemove = 'spi';
-  } else {
-    whatToRemove = 'pcap';
-  }
-
-  if (req.body.ids) {
-    const ids = queryValueToArray(req.body.ids);
-    sessionsListFromIds(req, ids, ['node'], function (err, list) {
-      scrubList(req, res, whatToRemove, list);
-    });
-  } else if (req.query.expression) {
-    sessionsListFromQuery(req, res, ['node'], function (err, list) {
-      scrubList(req, res, whatToRemove, list);
-    });
-  } else {
-    return res.molochError(403, `Error: Missing expression. An expression is required so you don't delete everything.`);
-  }
-});
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Sending/Receive sessions
-//////////////////////////////////////////////////////////////////////////////////
-function sendSessionWorker(options, cb) {
-  var packetslen = 0;
-  var packets = [];
-  var packetshdr;
-  var ps = [-1];
-  var tags = [];
-
-  if (!options.saveId) {
-    return cb({success: false, text: "Missing saveId"});
-  }
-
-  if (!options.cluster) {
-    return cb({success: false, text: "Missing cluster"});
-  }
-
-  processSessionId(options.id, true, function(pcap, header) {
-    packetshdr = header;
-  }, function (pcap, packet, pcb, i) {
-    packetslen += packet.length;
-    packets[i] = packet;
-    pcb(null);
-  }, function (err, session) {
-    var buffer;
-    if (err || !packetshdr) {
-      console.log("WARNING - No PCAP only sending SPI data err:", err);
-      buffer = Buffer.alloc(0);
-      ps = [];
-    } else {
-      buffer = Buffer.alloc(packetshdr.length + packetslen);
-      var pos = 0;
-      packetshdr.copy(buffer);
-      pos += packetshdr.length;
-      for(let i = 0, ilen = packets.length; i < ilen; i++) {
-        ps.push(pos);
-        packets[i].copy(buffer, pos);
-        pos += packets[i].length;
-      }
-    }
-    if (!session) {
-      console.log("no session" , session, "err", err, "id", options.id);
-      return;
-    }
-    session.id = options.id;
-    session.packetPos = ps;
-    delete session.fileId;
-
-    if (options.tags) {
-      tags = options.tags.replace(/[^-a-zA-Z0-9_:,]/g, "").split(",");
-      if (!session.tags) {
-        session.tags = [];
-      }
-      session.tags = session.tags.concat(tags);
-    }
-
-    var molochClusters = Config.configMap("moloch-clusters");
-    if (!molochClusters) {
-      console.log("ERROR - sendSession is not configured");
-      return cb();
-    }
-
-    var sobj = molochClusters[options.cluster];
-    if (!sobj) {
-      console.log("ERROR - moloch-clusters is not configured for " + options.cluster);
-      return cb();
-    }
-
-    var info = url.parse(sobj.url + "/receiveSession?saveId=" + options.saveId);
-    addAuth(info, options.user, options.nodeName, sobj.serverSecret || sobj.passwordSecret);
-    info.method = "POST";
-
-    var result = "";
-    var client = info.protocol === "https:"?https:http;
-    info.agent = (client === http?internals.httpAgent:internals.httpsAgent);
-    addCaTrust(info, options.nodeName);
-    var preq = client.request(info, function(pres) {
-      pres.on('data', function (chunk) {
-        result += chunk;
-      });
-      pres.on('end', function () {
-        result = JSON.parse(result);
-        if (!result.success) {
-          console.log("ERROR sending session ", result);
-        }
-        cb();
-      });
-    });
-
-    preq.on('error', function (e) {
-      console.log("ERROR - Couldn't connect to ", info, "\nerror=", e);
-      cb();
-    });
-
-    var sessionStr = JSON.stringify(session);
-    var b = Buffer.alloc(12);
-    b.writeUInt32BE(Buffer.byteLength(sessionStr), 0);
-    b.writeUInt32BE(buffer.length, 8);
-    preq.write(b);
-    preq.write(sessionStr);
-    preq.write(buffer);
-    preq.end();
-  }, undefined, 10);
-}
-
-internals.sendSessionQueue = async.queue(sendSessionWorker, 10);
-
-app.get('/:nodeName/sendSession/:id', checkProxyRequest, function(req, res) {
-  noCache(req, res);
-  res.statusCode = 200;
-
-  var options = {
-    user: req.user,
-    cluster: req.query.cluster,
-    id: req.params.id,
-    saveId: req.query.saveId,
-    tags: req.body.tags,
-    nodeName: req.params.nodeName
-  };
-
-  internals.sendSessionQueue.push(options, function () {
-    res.end();
-  });
-});
-
-app.post('/:nodeName/sendSessions', checkProxyRequest, function(req, res) {
-  noCache(req, res);
-  res.statusCode = 200;
-
-  if (req.body.ids === undefined ||
-      req.query.cluster === undefined ||
-      req.query.saveId === undefined ||
-      req.body.tags === undefined) {
-    return res.end();
-  }
-
-  var count = 0;
-  var ids = queryValueToArray(req.body.ids);
-  ids.forEach(function(id) {
-    var options = {
-      user: req.user,
-      cluster: req.query.cluster,
-      id: id,
-      saveId: req.query.saveId,
-      tags: req.body.tags,
-      nodeName: req.params.nodeName
-    };
-
-    count++;
-    internals.sendSessionQueue.push(options, function () {
-      count--;
-      if (count === 0) {
-        return res.end();
-      }
-    });
-  });
-});
-
-
-function sendSessionsList(req, res, list) {
-  if (!list) { return res.molochError(200, "Missing list of sessions"); }
-
-  var saveId = Config.nodeName() + "-" + new Date().getTime().toString(36);
-
-  async.eachLimit(list, 10, function(item, nextCb) {
-    var fields = item._source || item.fields;
-    let sid = Db.session2Sid(item);
-    isLocalView(fields.node, function () {
-      var options = {
-        user: req.user,
-        cluster: req.body.cluster,
-        id: sid,
-        saveId: saveId,
-        tags: req.body.tags,
-        nodeName: fields.node
-      };
-      // Get from our DISK
-      internals.sendSessionQueue.push(options, nextCb);
-    },
-    function () {
-      let path = `${fields.node}/sendSession/${sid}?saveId=${saveId}&cluster=${req.body.cluster}`;
-      if (req.body.tags) {
-        path += `&tags=${req.body.tags}`;
-      }
-
-      makeRequest(fields.node, path, req.user, (err, response) => {
-        setImmediate(nextCb);
-      });
-    });
-  }, function(err) {
-    return res.end(JSON.stringify({success: true, text: "Sending of " + list.length + " sessions complete"}));
-  });
-}
-
-var qlworking = {};
-function sendSessionsListQL(pOptions, list, nextQLCb) {
-  if (!list) {
-    return;
-  }
-
-  var nodes = {};
-
-  list.forEach(function (item) {
-    if (!nodes[item.node]) {
-      nodes[item.node] = [];
-    }
-    nodes[item.node].push(item.id);
-  });
-
-  var keys = Object.keys(nodes);
-
-  var count = 0;
-  async.eachLimit(keys, 15, function(node, nextCb) {
-    isLocalView(node, function () {
-      var sent = 0;
-      nodes[node].forEach(function(item) {
-        var options = {
-          id: item,
-          nodeName: node
-        };
-        Db.merge(options, pOptions);
-
-        // Get from our DISK
-        internals.sendSessionQueue.push(options, function () {
-          sent++;
-          if (sent === nodes[node].length) {
-            nextCb();
-          }
-        });
-      });
-    },
-    function () {
-      // Get from remote DISK
-      getViewUrl(node, function(err, viewUrl, client) {
-        var info = url.parse(viewUrl);
-        info.method = "POST";
-        info.path = Config.basePath(node) + node + "/sendSessions?saveId=" + pOptions.saveId + "&cluster=" + pOptions.cluster;
-        info.agent = (client === http?internals.httpAgent:internals.httpsAgent);
-        if (pOptions.tags) {
-          info.path += "&tags=" + pOptions.tags;
-        }
-        addAuth(info, pOptions.user, node);
-        addCaTrust(info, node);
-        var preq = client.request(info, function(pres) {
-          pres.on('data', function (chunk) {
-            qlworking[info.path] = "data";
-          });
-          pres.on('end', function () {
-            delete qlworking[info.path];
-            count++;
-            setImmediate(nextCb);
-          });
-        });
-        preq.on('error', function (e) {
-          delete qlworking[info.path];
-          console.log("ERROR - Couldn't proxy sendSession request=", info, "\nerror=", e);
-          setImmediate(nextCb);
-        });
-        preq.setHeader('content-type', "application/x-www-form-urlencoded");
-        preq.write("ids=");
-        preq.write(nodes[node].join(","));
-        preq.end();
-        qlworking[info.path] = "sent";
-      });
-    });
-  }, function(err) {
-    nextQLCb();
-  });
-}
-
-app.post('/receiveSession', [noCacheJson], function receiveSession(req, res) {
-  if (!req.query.saveId) { return res.molochError(200, "Missing saveId"); }
-
-  req.query.saveId = req.query.saveId.replace(/[^-a-zA-Z0-9_]/g, '');
-
-  // JS Static Variable :)
-  receiveSession.saveIds = receiveSession.saveIds || {};
-
-  var saveId = receiveSession.saveIds[req.query.saveId];
-  if (!saveId) {
-    saveId = receiveSession.saveIds[req.query.saveId] = {start: 0};
-  }
-
-  var sessionlen = -1;
-  var filelen = -1;
-  var written = 0;
-  var session = null;
-  var buffer;
-  var file;
-  var writeHeader;
-
-  function makeFilename(cb) {
-    if (saveId.filename) {
-      return cb(saveId.filename);
-    }
-
-    // Just keep calling ourselves every 100 ms until we have a filename
-    if (saveId.inProgress) {
-      return setTimeout(makeFilename, 100, cb);
-    }
-
-    saveId.inProgress = 1;
-    Db.getSequenceNumber("fn-" + Config.nodeName(), function (err, seq) {
-      var filename = Config.get("pcapDir") + "/" + Config.nodeName() + "-" + seq + "-" + req.query.saveId + ".pcap";
-      saveId.seq      = seq;
-      Db.indexNow("files", "file", Config.nodeName() + "-" + saveId.seq, {num: saveId.seq, name: filename, first: session.firstPacket, node: Config.nodeName(), filesize: -1, locked: 1}, function() {
-        cb(filename);
-        saveId.filename = filename; // Don't set the saveId.filename until after the first request completes its callback.
-      });
-    });
-  }
-
-  function saveSession() {
-    var id = session.id;
-    delete session.id;
-    Db.indexNow(Db.sid2Index(id), "session", Db.sid2Id(id), session, function(err, info) {
-    });
-  }
-
-  function chunkWrite(chunk) {
-    // Write full chunk if first packet and writeHeader or not first packet
-    if (writeHeader || written !== 0) {
-      writeHeader = false;
-      file.write(chunk);
-    } else {
-      file.write(chunk.slice(24));
-    }
-    written += chunk.length; // Pretend we wrote it all
-  }
-
-  req.on('data', function(chunk) {
-    // If the file is open, just write the current chunk
-    if (file) {
-      return chunkWrite(chunk);
-    }
-
-    // If no file is open, then save the current chunk to the end of the buffer.
-    if (!buffer) {
-      buffer = chunk;
-    } else {
-      buffer = Buffer.concat([buffer, chunk]);
-    }
-
-    // Found the lengths
-    if (sessionlen === -1 && (buffer.length >= 12)) {
-      sessionlen = buffer.readUInt32BE(0);
-      filelen    = buffer.readUInt32BE(8);
-      buffer = buffer.slice(12);
-    }
-
-    // If we know the session len and haven't read the session
-    if (sessionlen !== -1 && !session && buffer.length >= sessionlen) {
-      session = JSON.parse(buffer.toString("utf8", 0, sessionlen));
-      session.node = Config.nodeName();
-      buffer = buffer.slice(sessionlen);
-
-      if (filelen > 0) {
-        req.pause();
-
-        makeFilename(function (filename) {
-          req.resume();
-          session.packetPos[0] = - saveId.seq;
-          session.fileId       = [saveId.seq];
-
-          if (saveId.start === 0) {
-            file = fs.createWriteStream(filename, {flags: "w"});
-          } else {
-            file = fs.createWriteStream(filename, {start: saveId.start, flags: "r+"});
-          }
-          writeHeader = saveId.start === 0;
-
-          // Adjust packet location based on where we start writing
-          if (saveId.start > 0) {
-            for (var p = 1, plen = session.packetPos.length; p < plen; p++) {
-              session.packetPos[p] += (saveId.start - 24);
-            }
-          }
-
-          // Filelen always includes header, if we don't write header subtract it
-          saveId.start += filelen;
-          if (!writeHeader) {
-            saveId.start -= 24;
-          }
-
-          // Still more data in buffer, start of pcap
-          if (buffer.length > 0) {
-            chunkWrite(buffer);
-          }
-
-          saveSession();
-        });
-      } else {
-        saveSession();
-      }
-    }
-  });
-
-  req.on('end', function(chunk) {
-    if (file) {
-      file.end();
-    }
-    return res.send({success: true});
-  });
-});
-
-app.post('/sendSessions', function(req, res) {
-  if (req.body.ids) {
-    var ids = queryValueToArray(req.body.ids);
-
-    sessionsListFromIds(req, ids, ["node"], function(err, list) {
-      sendSessionsList(req, res, list);
-    });
-  } else {
-    sessionsListFromQuery(req, res, ["node"], function(err, list) {
-      sendSessionsList(req, res, list);
-    });
-  }
-});
-
-app.post('/upload', [checkCookieToken, multer({dest:'/tmp', limits: internals.uploadLimits}).single('file')], function (req, res) {
-  var exec = require('child_process').exec;
-
-  var tags = '';
-  if (req.body.tags) {
-    var t = req.body.tags.replace(/[^-a-zA-Z0-9_:,]/g, '').split(',');
-    t.forEach(function(tag) {
-      if (tag.length > 0) {
-        tags += ' --tag ' + tag;
-      }
-    });
-  }
-
-  var cmd = Config.get('uploadCommand')
-     .replace('{TAGS}', tags)
-     .replace('{NODE}', Config.nodeName())
-     .replace('{TMPFILE}', req.file.path)
-     .replace('{CONFIG}', Config.getConfigFile());
-
-  console.log('upload command: ', cmd);
-  exec(cmd, function (error, stdout, stderr) {
-    if (error !== null) {
-      console.log('<b>exec error: ' + error);
-      res.status(500);
-      res.write('<b>Upload command failed:</b><br>');
-    }
-    res.write(cmd);
-    res.write('<br>');
-    res.write('<pre>');
-    res.write(stdout);
-    res.end('</pre>');
-    fs.unlinkSync(req.file.path);
-  });
-});
-
-if (Config.get("regressionTests")) {
-  app.post('/shutdown', function(req, res) {
-    Db.close();
-    process.exit(0);
-    throw new Error("Exiting");
-  });
-  app.post('/flushCache', function(req, res) {
-    Db.flushCache();
-    res.send("{}");
-  });
-  app.get('/processCronQueries', function(req, res) {
-    processCronQueries();
-    res.send("{}");
-  });
-
-  // Make sure all jobs have run and return
-  app.get('/processHuntJobs', function (req, res) {
-    processHuntJobs();
-
-    setTimeout(function checkHuntFinished() {
-      if (internals.runningHuntJob) {
-        setTimeout(checkHuntFinished, 1000);
-      } else {
-        Db.search("hunts", "hunt", {query: {term: {status: "queued"}}}, function(err, result) {
-          if (result.hits.total > 0) {
-            processHuntJobs();
-            setTimeout(checkHuntFinished, 1000);
-          } else {
-            res.send('{}');
-          }
-        });
-      }
-    }, 1000);
-  });
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-// Cyberchef
-//////////////////////////////////////////////////////////////////////////////////
-/* cyberchef endpoint - loads the src or dst packets for a session and
- * sends them to cyberchef */
-app.get('/cyberchef/:nodeName/session/:id', checkPermissions(['webEnabled']), checkProxyRequest, unsafeInlineCspHeader, (req, res) => {
-  processSessionIdAndDecode(req.params.id, 10000, function(err, session, results) {
-    if (err) {
-      console.log(`ERROR - /${req.params.nodeName}/session/${req.params.id}/cyberchef`, err);
-      return res.end("Error - " + err);
-    }
-
-    let data = '';
-    for (let i = (req.query.type !== 'dst'?0:1), ilen = results.length; i < ilen; i+=2) {
-      data += results[i].data.toString('hex');
-    }
-
-    res.send({ data: data });
-  });
-});
-
-app.use(['/cyberchef/', '/modules/'], unsafeInlineCspHeader, (req, res) => {
-  let found = false;
-  let path = req.path.substring(1);
-  if (req.baseUrl === '/modules') {
-    res.setHeader('Content-Type', 'application/javascript; charset=UTF-8');
-    path = 'modules/' + path;
-  }
-  if (path === '') {
-    path = `CyberChef_v${internals.CYBERCHEFVERSION}.html`;
-  }
-
-  fs.createReadStream(`public/CyberChef_v${internals.CYBERCHEFVERSION}.zip`)
-    .pipe(unzip.Parse())
-    .on('entry', function (entry) {
-      if (entry.path === path) {
-        entry.pipe(res);
-        found = true;
-      } else {
-        entry.autodrain();
-      }
-    })
-    .on('finish', function () {
-      if (!found) {
-        res.status(404).end('Page not found');
-      }
-    });
-});
-
-//////////////////////////////////////////////////////////////////////////////////
-// Vue app
-//////////////////////////////////////////////////////////////////////////////////
-const Vue = require('vue');
-const vueServerRenderer = require('vue-server-renderer');
-
-// Factory function to create fresh Vue apps
-function createApp () {
-  return new Vue({
-    template: `<div id="app"></div>`
-  });
-}
-
-// expose vue bundles (prod)
-app.use('/static', express.static(`${__dirname}/vueapp/dist/static`));
-// expose vue bundle (dev)
-app.use(['/app.js', '/vueapp/app.js'], express.static(`${__dirname}/vueapp/dist/app.js`));
-
-app.use(cspHeader, setCookie, (req, res) => {
-  if (!req.user.webEnabled) {
-    return res.status(403).send('Permission denied');
-  }
-
-  if (req.path === '/users' && !req.user.createEnabled) {
-    return res.status(403).send('Permission denied');
-  }
-
-  if (req.path === '/settings' && Config.get('demoMode', false)) {
-    return res.status(403).send('Permission denied');
-  }
-
-  const renderer = vueServerRenderer.createRenderer({
-    template: fs.readFileSync('./vueapp/dist/index.html', 'utf-8')
-  });
-
-  let theme = req.user.settings.theme || 'default-theme';
-  if (theme.startsWith('custom1')) { theme  = 'custom-theme'; }
-
-  let titleConfig = Config.get('titleTemplate', '_cluster_ - _page_ _-view_ _-expression_')
-    .replace(/_cluster_/g, internals.clusterName)
-    .replace(/_userId_/g, req.user?req.user.userId:'-')
-    .replace(/_userName_/g, req.user?req.user.userName:'-');
-
-  let limit = req.user.createEnabled ? Config.get('huntAdminLimit', 10000000) : Config.get('huntLimit', 1000000);
-
-  const appContext = {
-    theme: theme,
-    titleConfig: titleConfig,
-    path: app.locals.basePath,
-    version: app.locals.molochversion,
-    devMode: Config.get('devMode', false),
-    demoMode: Config.get('demoMode', false),
-    multiViewer: Config.get('multiES', false),
-    themeUrl: theme === 'custom-theme' ? 'user.css' : '',
-    huntWarn: Config.get('huntWarn', 100000),
-    huntLimit: limit,
-    serverNonce: res.locals.nonce
-  };
-
-  // Create a fresh Vue app instance
-  const vueApp = createApp();
-
-  // Render the Vue instance to HTML
-  renderer.renderToString(vueApp, appContext, (err, html) => {
-    if (err) {
-      console.log(err);
-      if (err.code === 404) {
-        res.status(404).end('Page not found');
-      } else {
-        res.status(500).end('Internal Server Error');
-      }
-      return;
-    }
-
-    res.send(html);
-  });
-});
-
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Cron Queries
-//////////////////////////////////////////////////////////////////////////////////
-
-/* Process a single cron query.  At max it will process 24 hours worth of data
- * to give other queries a chance to run.  Because its timestamp based and not
- * lastPacket based since 1.0 it now search all indices each time.
- */
-function processCronQuery(cq, options, query, endTime, cb) {
-  if (Config.debug > 2) {
-    console.log("CRON", cq.name, cq.creator, "- processCronQuery(", cq, options, query, endTime, ")");
-  }
-
-  var singleEndTime;
-  var count = 0;
-  async.doWhilst(function(whilstCb) {
-    // Process at most 24 hours
-    singleEndTime = Math.min(endTime, cq.lpValue + 24*60*60);
-    query.query.bool.filter[0] = {range: {timestamp: {gte: cq.lpValue*1000, lt: singleEndTime*1000}}};
-
-    if (Config.debug > 2) {
-      console.log("CRON", cq.name, cq.creator, "- start:", new Date(cq.lpValue*1000), "stop:", new Date(singleEndTime*1000), "end:", new Date(endTime*1000), "remaining runs:", ((endTime-singleEndTime)/(24*60*60.0)));
-    }
-
-    Db.search('sessions2-*', 'session', query, {scroll: '600s'}, function getMoreUntilDone(err, result) {
-      function doNext() {
-        count += result.hits.hits.length;
-
-        // No more data, all done
-        if (result.hits.hits.length === 0) {
-          Db.clearScroll({ body: { scroll_id: result._scroll_id } });
-          return setImmediate(whilstCb, "DONE");
-        } else {
-          var document = { doc: { count: (query.count || 0) + count} };
-          Db.update("queries", "query", options.qid, document, {refresh: true}, function () {});
-        }
-
-        query = {
-          body: {
-            scroll_id: result._scroll_id,
-          },
-          scroll: '600s'
-        };
-
-        Db.scroll(query, getMoreUntilDone);
-      }
-
-      if (err || result.error) {
-        console.log("cronQuery error", err, (result?result.error:null), "for", cq);
-        return setImmediate(whilstCb, "ERR");
-      }
-
-      var ids = [];
-      var hits = result.hits.hits;
-      var i, ilen;
-      if (cq.action.indexOf("forward:") === 0) {
-        for (i = 0, ilen = hits.length; i < ilen; i++) {
-          ids.push({id: hits[i]._id, node: hits[i]._source.node});
-        }
-
-        sendSessionsListQL(options, ids, doNext);
-      } else if (cq.action.indexOf("tag") === 0) {
-        for (i = 0, ilen = hits.length; i < ilen; i++) {
-          ids.push(hits[i]._id);
-        }
-
-        if (Config.debug > 1) {
-          console.log("CRON", cq.name, cq.creator, "- Updating tags:", ids.length);
-        }
-
-        var tags = options.tags.split(",");
-        sessionsListFromIds(null, ids, ["tags", "node"], function(err, list) {
-          addTagsList(tags, list, doNext);
-        });
-      } else {
-        console.log("Unknown action", cq);
-        doNext();
-      }
-    });
-  }, function () {
-    if (Config.debug > 1) {
-      console.log("CRON", cq.name, cq.creator, "- Continue process", singleEndTime, endTime);
-    }
-    return singleEndTime !== endTime;
-  }, function (err) {
-    cb(count, singleEndTime);
-  });
-}
-
-function processCronQueries() {
-  if (internals.cronRunning) {
-    console.log("processQueries already running", qlworking);
-    return;
-  }
-  internals.cronRunning = true;
-  if (Config.debug) {
-    console.log("CRON - cronRunning set to true");
-  }
-
-  var repeat;
-  async.doWhilst(function(whilstCb) {
-    repeat = false;
-    Db.search("queries", "query", {size: 1000}, function(err, data) {
-      if (err) {
-        internals.cronRunning = false;
-        console.log("processCronQueries", err);
-        return setImmediate(whilstCb, err);
-      }
-      var queries = {};
-      data.hits.hits.forEach(function(item) {
-        queries[item._id] = item._source;
-      });
-
-      // Delayed by the max Timeout
-      var endTime = Math.floor(Date.now()/1000) - internals.cronTimeout;
-
-      // Go thru the queries, fetch the user, make the query
-      async.eachSeries(Object.keys(queries), function (qid, forQueriesCb) {
-        var cq = queries[qid];
-        var cluster = null;
-
-        if (Config.debug > 1) {
-          console.log("CRON - Running", qid, cq);
-        }
-
-        if (!cq.enabled || endTime < cq.lpValue) {
-          return forQueriesCb();
-        }
-
-        if (cq.action.indexOf("forward:") === 0) {
-          cluster = cq.action.substring(8);
-        }
-
-        getUserCacheIncAnon(cq.creator, (err, user) => {
-          if (err && !user) {
-            return forQueriesCb();
-          }
-          if (!user || !user.found) {
-            console.log(`User ${cq.creator} doesn't exist`);
-            return forQueriesCb(null);
-          }
-          if (!user.enabled) {
-            console.log(`User ${cq.creator} not enabled`);
-            return forQueriesCb();
-          }
-
-          let options = {
-            user: user,
-            cluster: cluster,
-            saveId: Config.nodeName() + "-" + new Date().getTime().toString(36),
-            tags: cq.tags.replace(/[^-a-zA-Z0-9_:,]/g, ""),
-            qid: qid
-          };
-
-          Db.getLookupsCache(cq.creator, (err, lookups) => {
-            molochparser.parser.yy = {
-              emailSearch: user.emailSearch === true,
-              fieldsMap: Config.getFieldsMap(),
-              prefix: internals.prefix,
-              lookups: lookups,
-              lookupTypeMap: internals.lookupTypeMap
-            };
-
-            let query = {
-              from: 0,
-              size: 1000,
-              query: {bool: {filter: [{}]}},
-              _source: ["_id", "node"]
-            };
-
-            try {
-              query.query.bool.filter.push(molochparser.parse(cq.query));
-            } catch (e) {
-              console.log("Couldn't compile cron query expression", cq, e);
-              return forQueriesCb();
-            }
-
-            if (user.expression && user.expression.length > 0) {
-              try {
-                // Expression was set by admin, so assume email search ok
-                molochparser.parser.yy.emailSearch = true;
-                var userExpression = molochparser.parse(user.expression);
-                query.query.bool.filter.push(userExpression);
-              } catch (e) {
-                console.log("Couldn't compile user forced expression", user.expression, e);
-                return forQueriesCb();
-              }
-            }
-
-            lookupQueryItems(query.query.bool.filter, function (lerr) {
-              processCronQuery(cq, options, query, endTime, function (count, lpValue) {
-                if (Config.debug > 1) {
-                  console.log("CRON - setting lpValue", new Date(lpValue*1000));
-                }
-                // Do the ES update
-                let document = {
-                  doc: {
-                    lpValue: lpValue,
-                    lastRun: Math.floor(Date.now()/1000),
-                    count: (queries[qid].count || 0) + count
-                  }
-                };
-
-                function continueProcess () {
-                  Db.update('queries', 'query', qid, document, { refresh: true }, function () {
-                    // If there is more time to catch up on, repeat the loop, although other queries
-                    // will get processed first to be fair
-                    if (lpValue !== endTime) { repeat = true; }
-                    return forQueriesCb();
-                  });
-                }
-
-                // issue alert via notifier if the count has changed and it has been at least 10 minutes
-                if (cq.notifier && count && queries[qid].count !== document.doc.count &&
-                  (!cq.lastNotified || (Math.floor(Date.now()/1000) - cq.lastNotified >= 600))) {
-                  let newMatchCount = document.doc.lastNotifiedCount ? (document.doc.count - document.doc.lastNotifiedCount) : document.doc.count;
-                  let message = `*${cq.name}* cron query match alert:\n*${newMatchCount} new* matches\n*${document.doc.count} total* matches`;
-                  issueAlert(cq.notifier, message, continueProcess);
-                } else {
-                  return continueProcess();
-                }
-              });
-            });
-          });
-        });
-      }, function(err) {
-        if (Config.debug > 1) {
-          console.log("CRON - Finished one pass of all crons");
-        }
-        return setImmediate(whilstCb, err);
-      });
-    });
-  }, function () {
-    if (Config.debug > 1) {
-       console.log("CRON - Process again: ", repeat);
-    }
-    return repeat;
-  }, function (err) {
-    if (Config.debug) {
-      console.log("CRON - Should be up to date");
-    }
-    internals.cronRunning = false;
-  });
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Main
-//////////////////////////////////////////////////////////////////////////////////
-function main () {
-  Db.checkVersion(MIN_DB_VERSION, Config.get("passwordSecret") !== undefined);
-  Db.healthCache(function(err, health) {
-    internals.clusterName = health.cluster_name;
-  });
-
-  Db.nodesStats({metric: 'jvm,process,fs,os,indices,thread_pool'}, function (err, info) {
-    info.nodes.timestamp = new Date().getTime();
-    internals.previousNodesStats.push(info.nodes);
-  });
-
-  loadFields();
-  setInterval(loadFields, 2*60*1000);
-
-  loadPlugins();
-
-  var pcapWriteMethod = Config.get("pcapWriteMethod");
-  var writer = internals.writers[pcapWriteMethod];
-  if (!writer || writer.localNode === true) {
-    expireCheckAll();
-    setInterval(expireCheckAll, 60*1000);
-  }
-
-  createRightClicks();
-  setInterval(createRightClicks, 5*60*1000);
-
-  if (Config.get("cronQueries", false)) { // this viewer will process the cron queries
-    console.log("This node will process Cron Queries, delayed by", internals.cronTimeout, "seconds");
-    setInterval(processCronQueries, 60*1000);
-    setTimeout(processCronQueries, 1000);
-    setInterval(processHuntJobs, 10000);
-  }
-
-  var server;
-  if (Config.isHTTPS()) {
-    server = https.createServer({key: Config.keyFileData, cert: Config.certFileData, secureOptions: require('constants').SSL_OP_NO_TLSv1}, app);
-  } else {
-    server = http.createServer(app);
-  }
-
-  var viewHost = Config.get("viewHost", undefined);
-  if (internals.userNameHeader !== undefined && viewHost !== "localhost" && viewHost !== "127.0.0.1") {
-    console.log("SECURITY WARNING - when userNameHeader is set, viewHost should be localhost or use iptables");
-  }
-
-  server
-    .on('error', function (e) {
-      console.log("ERROR - couldn't listen on port", Config.get("viewPort", "8005"), "is viewer already running?");
-      process.exit(1);
-      throw new Error("Exiting");
-    })
-    .on('listening', function (e) {
-      console.log("Express server listening on port %d in %s mode", server.address().port, app.settings.env);
-    })
-    .listen(Config.get("viewPort", "8005"), viewHost);
-}
-//////////////////////////////////////////////////////////////////////////////////
-//// Command Line Parsing
-//////////////////////////////////////////////////////////////////////////////////
-function processArgs(argv) {
-  for (var i = 0, ilen = argv.length; i < ilen; i++) {
-    if (argv[i] === "--help") {
-      console.log("node.js [<options>]");
-      console.log("");
-      console.log("Options:");
-      console.log("  -c <config file>      Config file to use");
-      console.log("  -host <host name>     Host name to use, default os hostname");
-      console.log("  -n <node name>        Node name section to use in config file, default first part of hostname");
-      console.log("  --debug               Increase debug level, multiple are supported");
-      console.log("  --esprofile           Turn on profiling to es search queries");
-      console.log("  --insecure            Disable cert verification");
-
-      process.exit(0);
-    }
-  }
-}
-processArgs(process.argv);
-//////////////////////////////////////////////////////////////////////////////////
-//// DB
-//////////////////////////////////////////////////////////////////////////////////
-Db.initialize({host: internals.elasticBase,
-               prefix: Config.get("prefix", ""),
-               usersHost: Config.get('usersElasticsearch')?Config.getArray('usersElasticsearch', ',', ''):undefined,
-               usersPrefix: Config.get("usersPrefix"),
-               nodeName: Config.nodeName(),
-               esClientKey: Config.get("esClientKey", null),
-               esClientCert: Config.get("esClientCert", null),
-               esClientKeyPass: Config.get("esClientKeyPass", null),
-               multiES: Config.get('multiES', false),
-               insecure: Config.insecure,
-               ca: loadCaTrust(internals.nodeName),
-               requestTimeout: Config.get("elasticsearchTimeout", 300),
-               esProfile: Config.esProfile,
-               debug: Config.debug
-              }, main);

From 8acc4c1279a938ec025d717d784aa0a9887d45e6 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 19 Mar 2020 13:05:06 -0600
Subject: [PATCH 141/183] remove files no longer needed for testing and update
 moloch version in documentation

---
 docker-compose-standalone-zeek-live.yml       |    2 +-
 docker-compose-standalone.yml                 |    2 +-
 docker-compose.yml                            |    2 +-
 .../network_diff/gquic_simple_two_days.pcap   |  Bin 2840 -> 0 bytes
 moloch/network_diff/url.txt                   |    2 -
 moloch/network_diff/viewer.js                 | 9167 -----------------
 sensor-iso/docs/Notes.md                      |    4 +-
 sensor-iso/moloch/Dockerfile                  |    2 +-
 8 files changed, 6 insertions(+), 9175 deletions(-)
 delete mode 100644 moloch/network_diff/gquic_simple_two_days.pcap
 delete mode 100644 moloch/network_diff/url.txt
 delete mode 100644 moloch/network_diff/viewer.js

diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 81620f417..67db3c8b4 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -252,7 +252,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.2.2'
+      MOLOCH_VERSION : '2.2.3'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 8a63900f6..084d7a31f 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -252,7 +252,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.2.2'
+      MOLOCH_VERSION : '2.2.3'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
diff --git a/docker-compose.yml b/docker-compose.yml
index 64983c4d9..996680ecd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -275,7 +275,7 @@ services:
     environment:
       << : *common-upload-variables
       << : *moloch-variables
-      MOLOCH_VERSION : '2.2.2'
+      MOLOCH_VERSION : '2.2.3'
       VIRTUAL_HOST : 'moloch.malcolm.local'
       ES_HOST : 'elasticsearch'
       ES_PORT : 9200
diff --git a/moloch/network_diff/gquic_simple_two_days.pcap b/moloch/network_diff/gquic_simple_two_days.pcap
deleted file mode 100644
index a6ddfa7b7900ac6b80cc920231336b2cd954d20f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2840
zcmeH{eKeF=7{Kp{r7#sa6T5BGm+XdynPK!fyfYXx=EM6=W*4QHe9ahzOsh6jNO2IV
zvng!RtWB**(N<Q2v^rWWr8tS=j6SyHbJO12+Ouc>>(BkebIv`#_j%5H?>+aP=l<I2
z$_w>?KKM8E0SP7pzQkr!i!%6o1V`zmuXj;rpPYLx!w7JJ!L~&yY`~tc5#BsUQg*Is
zlRq9L)ffmF#ir%m0e^_3T%CmG$RMqaJd`}P?oCy3X@CK#fCTh0Pl0G5Tv+VN0V!}N
zT*w1?hy)+BKyKptfHp`B!$BXUP$b0k^#Jh3#h4MKE7z4{0x5Onah5~k7>~n%Bp_Lk
zVvaXw9jg1dxw9d87%t$Ty3`F1Ms-YpheGnXGF$<PiNwSQVm`zHlzZSrDkRT`AdaA%
zOKhUef^^4x8IU+63({^T{tq{x+#05^4^gQ?6mt6@m2&-t8zmPLZ>h?}+G9ynqXMPf
ziuSsn`?5!VBS$<u{%k~G?ojQg`*fqDr9%Ma_#K9aPTSI%yJ1bO40Wr^>2aJrI(0kV
zdhl7F|Bm-k?@Qv!%vC!suyfyHjkXVF>r4yPt!4KdI!>JE(x`iaVIRA4agS~Cn5|SS
zbf-!wU(KM~)9fATOlNxrGdsaAjsN=#uWswl9%}o!*U*EKF=;LUKDf`}cjeM*6SMxf
z>fFs!JvpUhme|Sen8_QHcT_9gb(hlf4zT?J=E!80HwByBKl7%}%;TN6TUNgj+c-W`
zQ?^?tapPgEKoVH-bbnG_{&{o5lKiKODpD)i9gOZ4$^JFpMK35$&GlbBTz1&G=12^g
zUc1TDP?mUmw>6dC9cpy%RY5~4x7W5op7vGqG7H^L?<OW<if7r*8f`T>R3`RHtqUAp
zd315#+2-qCdm3M*O*RxoCTN}$`Q)8I60yr~_t|L0kq%MIi_5=MG~YicBqldH>}yY-
zQ=PYXWRR7u>9-m-F65Ut7Hf+ps{ts0r$J*TKH>&KHPZk1w{z;rnO3#ULNzBm_HX}E
zx3NLO{8OXIzjxd;=I@J<e<@X_iR1Bp7bX_+Bs2z{wD+~!$s)_3pnV5k(+WuX0O{8X
z?vM2Q1?(@RUp^w#Zz3ep??FhU-&{zf-%3cN-K&sDy91C&yJL_@yMIC=?E<Jv+}l&2
zkMs$(i*ya=i)|p0emx<*c^q5-i8L&RL>eX_Wde-whs5w{LM?})9BNq&iFCXN<xt1e
zX&o=0*0Ifujz3<-J6Z7G=t#S;D3v<aE;f=GF|E&CVZm}0a;RiMV%GL~rBdY;a6Q9+
zIH$hDt7yr^#@hndynTgw<-_w<_1R!I7O#_gH}JgnPNi+{)l#NBK6KkaVqkW*)xfvU
z6OxN8lCu07%>}gSnB9~YO4iwgf0;cl-?D{t`EAl>J><@5Z93DSHt9?{%ihVE>Khgr
ztcr`K3JIzMtgl4{C&pT;+KG{Ix8qUI5cx2}@?}d?xR!#R5>hH`!4FE+TpY5D^~Ju4
zv6$qfjNUR~MSdT!Co(;$EberAMVS8!Gfcs+=(^I}C}m!G&^4D*RVB;mo$%754dqqZ
zC@W=1>1ZvaUFi?~rsJ3V#+W{Y$Q9#rgg7Dorxr4HUYlU?<o(hO0QeUUZcMgX@x<D6
zc-}5scdw@Uq*GBuO$dGd%8r|#_?nJ{gC#@!Ov9uaI~lKsQY^`+ajqApWEm-MdaOS>
z+I@G4X$yxfYQJ`?#o*VPl&<Y3ErSkb-tTSCv8s(YU|H2~JXHEp?@p^CpPHu0T6(oU
zN@7S*auil2#{vc(x%&h}pYVzATUKAojq5CFpjs=O=d>+2n&8y@W7nJz^5e;o<TNq>
Pui&Wy;h2e!xq-g`!;z^#

diff --git a/moloch/network_diff/url.txt b/moloch/network_diff/url.txt
deleted file mode 100644
index 7a966ecc9..000000000
--- a/moloch/network_diff/url.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-https://localhost/connections.json?date=0&startTime=1582614000&stopTime=1582700399&expression=zeek.logType==EXISTS!&baseline=0
-
diff --git a/moloch/network_diff/viewer.js b/moloch/network_diff/viewer.js
deleted file mode 100644
index b7e12eb3b..000000000
--- a/moloch/network_diff/viewer.js
+++ /dev/null
@@ -1,9167 +0,0 @@
-/******************************************************************************/
-/* viewer.js  -- The main moloch app
- *
- * Copyright 2012-2016 AOL Inc. All rights reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this Software except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-'use strict';
-
-const MIN_DB_VERSION = 62;
-
-//// Modules
-//////////////////////////////////////////////////////////////////////////////////
-try {
-var Config         = require('./config.js'),
-    express        = require('express'),
-    stylus         = require('stylus'),
-    util           = require('util'),
-    fs             = require('fs-ext'),
-    async          = require('async'),
-    url            = require('url'),
-    dns            = require('dns'),
-    Pcap           = require('./pcap.js'),
-    Db             = require('./db.js'),
-    molochparser   = require('./molochparser.js'),
-    passport       = require('passport'),
-    DigestStrategy = require('passport-http').DigestStrategy,
-    molochversion  = require('./version'),
-    http           = require('http'),
-    pug            = require('pug'),
-    https          = require('https'),
-    EventEmitter   = require('events').EventEmitter,
-    PNG            = require('pngjs').PNG,
-    decode         = require('./decode.js'),
-    onHeaders      = require('on-headers'),
-    glob           = require('glob'),
-    unzip          = require('unzip'),
-    helmet         = require('helmet'),
-    uuid           = require('uuidv4').default,
-    RE2            = require('re2');
-} catch (e) {
-  console.log ("ERROR - Couldn't load some dependancies, maybe need to 'npm update' inside viewer directory", e);
-  process.exit(1);
-  throw new Error("Exiting");
-}
-
-if (typeof express !== "function") {
-  console.log("ERROR - Need to run 'npm update' in viewer directory");
-  process.exit(1);
-  throw new Error("Exiting");
-}
-var app = express();
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Config
-//////////////////////////////////////////////////////////////////////////////////
-var internals = {
-  CYBERCHEFVERSION: '9.11.7',
-  elasticBase: Config.getArray('elasticsearch', ',', 'http://localhost:9200'),
-  esQueryTimeout: Config.get("elasticsearchTimeout", 300) + 's',
-  userNameHeader: Config.get("userNameHeader"),
-  requiredAuthHeader: Config.get("requiredAuthHeader"),
-  requiredAuthHeaderVal: Config.get("requiredAuthHeaderVal"),
-  userAutoCreateTmpl: Config.get("userAutoCreateTmpl"),
-  esAdminUsers: Config.get('multiES', false)?[]:Config.getArray('esAdminUsers', ',', ''),
-  httpAgent:   new http.Agent({keepAlive: true, keepAliveMsecs:5000, maxSockets: 40}),
-  httpsAgent:  new https.Agent({keepAlive: true, keepAliveMsecs:5000, maxSockets: 40, rejectUnauthorized: !Config.insecure}),
-  previousNodesStats: [],
-  caTrustCerts: {},
-  cronRunning: false,
-  rightClicks: {},
-  pluginEmitter: new EventEmitter(),
-  writers: {},
-  oldDBFields: {},
-  isLocalViewRegExp: Config.get("isLocalViewRegExp")?new RE2(Config.get("isLocalViewRegExp")):undefined,
-  uploadLimits: {
-  },
-
-  cronTimeout: +Config.get("dbFlushTimeout", 5) + // How long capture holds items
-               60 +                               // How long before ES reindexs
-               20,                                // Transmit and extra time
-
-//http://garethrees.org/2007/11/14/pngcrush/
-  emptyPNG: Buffer.from("iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQABDQottAAAAABJRU5ErkJggg==", 'base64'),
-  PNG_LINE_WIDTH: 256,
-  runningHuntJob: undefined,
-  proccessHuntJobsInitialized: false,
-  notifiers: undefined,
-  prefix: Config.get('prefix', ''),
-  lookupTypeMap: {
-    ip: 'ip',
-    integer: 'number',
-    termfield: 'string',
-    uptermfield: 'string',
-    lotermfield: 'string'
-  },
-  anonymousUser: {
-    userId: 'anonymous',
-    enabled: true,
-    createEnabled: false,
-    webEnabled: true,
-    headerAuthEnabled: false,
-    emailSearch: true,
-    removeEnabled: true,
-    packetSearch: true,
-    settings: {},
-    welcomeMsgNum: 1,
-    found: true
-  },
-  scriptAggs: {}
-};
-
-internals.scriptAggs['ip.dst:port'] = {
-  script: 'if (doc.dstIp.value.indexOf(".") > 0) {return doc.dstIp.value + ":" + doc.dstPort.value} else {return doc.dstIp.value + "." + doc.dstPort.value}',
-  dbField: 'dstIp'
-};
-
-// make sure there's an _ after the prefix
-if (internals.prefix && !internals.prefix.endsWith('_')) {
-  internals.prefix = `${internals.prefix}_`;
-}
-
-if (Config.get("uploadFileSizeLimit")) {
-  internals.uploadLimits.fileSize = parseInt(Config.get("uploadFileSizeLimit"));
-}
-
-if (internals.elasticBase[0].lastIndexOf('http', 0) !== 0) {
-  internals.elasticBase[0] = "http://" + internals.elasticBase[0];
-}
-
-function isProduction() {
-  return app.get('env') === 'production';
-}
-
-function userCleanup(suser) {
-  suser.settings = suser.settings || {};
-  if (suser.emailSearch === undefined) { suser.emailSearch = false; }
-  if (suser.removeEnabled === undefined) { suser.removeEnabled = false; }
-  // if multies and not users elasticsearch, disable admin privelages
-  if (Config.get('multiES', false) && !Config.get('usersElasticsearch')) {
-    suser.createEnabled = false;
-  }
-  let now = Date.now();
-  let timespan = Config.get('regressionTests', false) ? 1 : 60000;
-  // update user lastUsed time if not mutiES and it hasn't been udpated in more than a minute
-  if (!Config.get('multiES', false) && (!suser.lastUsed || (now - suser.lastUsed) > timespan)) {
-    suser.lastUsed = now;
-    Db.setLastUsed(suser.userId, now, function (err, info) {
-      if (Config.debug && err) {
-        console.log('DEBUG - user lastUsed update error', err, info);
-      }
-    });
-  }
-}
-
-passport.use(new DigestStrategy({qop: 'auth', realm: Config.get("httpRealm", "Moloch")},
-  function(userid, done) {
-    Db.getUserCache(userid, function(err, suser) {
-      if (err && !suser) {return done(err);}
-      if (!suser || !suser.found) {console.log("User", userid, "doesn't exist"); return done(null, false);}
-      if (!suser._source.enabled) {console.log("User", userid, "not enabled"); return done("Not enabled");}
-
-      userCleanup(suser._source);
-
-      return done(null, suser._source, {ha1: Config.store2ha1(suser._source.passStore)});
-    });
-  },
-  function (options, done) {
-      //TODO:  Should check nonce here
-      return done(null, true);
-  }
-));
-
-// app.configure
-var logger = require("morgan");
-var favicon = require("serve-favicon");
-var bodyParser = require('body-parser');
-var multer = require('multer');
-var methodOverride = require('method-override');
-var compression = require('compression');
-
-app.enable("jsonp callback");
-app.set('views', __dirname + '/views');
-app.set('view engine', 'pug');
-app.locals.molochversion =  molochversion.version;
-app.locals.isIndex = false;
-app.locals.basePath = Config.basePath();
-app.locals.elasticBase = internals.elasticBase[0];
-app.locals.allowUploads = Config.get("uploadCommand") !== undefined;
-app.locals.molochClusters = Config.configMap("moloch-clusters");
-
-app.use(favicon(__dirname + '/public/favicon.ico'));
-app.use(passport.initialize());
-
-const iframeOption = Config.get('iframe', 'deny');
-if (iframeOption === 'sameorigin' || iframeOption === 'deny') {
-  app.use(helmet.frameguard({ action: iframeOption }));
-} else {
-  app.use(helmet.frameguard({
-    action: 'allow-from',
-    domain: iframeOption
-  }));
-}
-
-app.use(helmet.hidePoweredBy());
-app.use(helmet.xssFilter());
-if (Config.get('hstsHeader', false) && Config.isHTTPS()) {
-  app.use(helmet.hsts({
-    maxAge: 31536000,
-    includeSubDomains: true
-  }));
-}
-// calculate nonce
-app.use((req, res, next) => {
-  res.locals.nonce = Buffer.from(uuid()).toString('base64');
-  next();
-});
-// define csp headers
-const cspHeader = helmet.contentSecurityPolicy({
-  directives: {
-    defaultSrc: ["'self'"],
-    /* can remove unsafe-inline for css when this is fixed
-    https://github.com/vuejs/vue-style-loader/issues/33 */
-    styleSrc: ["'self'", "'unsafe-inline'"],
-    scriptSrc: ["'self'", "'unsafe-eval'", (req, res) => `'nonce-${res.locals.nonce}'`],
-    objectSrc: ["'none'"],
-    imgSrc: ["'self'", 'data:']
-  }
-});
-const unsafeInlineCspHeader = helmet.contentSecurityPolicy({
-  directives: {
-    defaultSrc: ["'self'"],
-    styleSrc: ["'self'", "'unsafe-inline'"],
-    scriptSrc: ["'self'", "'unsafe-eval'", "'unsafe-inline'"],
-    objectSrc: ["'self'", 'data:'],
-    workerSrc: ["'self'", 'data:', 'blob:'],
-    imgSrc: ["'self'", 'data:'],
-    fontSrc: ["'self'", 'data:']
-  }
-});
-
-function molochError (status, text) {
-  /* jshint validthis: true */
-  this.status(status || 403);
-  return this.send(JSON.stringify({ success: false, text: text }));
-}
-
-app.use(function(req, res, next) {
-  res.molochError = molochError;
-
-  if (res.setTimeout) {
-    res.setTimeout(10 * 60 * 1000); // Increase default from 2 min to 10 min
-  }
-
-  req.url = req.url.replace(Config.basePath(), "/");
-  return next();
-});
-app.use(bodyParser.json());
-app.use(bodyParser.urlencoded({ limit: "5mb", extended: true }));
-//app.use(multer({dest: Config.get("pcapDir")}));
-
-// send req to access log file or stdout
-var _stream = process.stdout;
-var _accesslogfile = Config.get("accessLogFile");
-if (_accesslogfile) {
-  _stream = fs.createWriteStream(_accesslogfile, {flags: 'a'});
-}
-
-var _logger_format = decodeURIComponent(Config.get("accessLogFormat",
-       ':date :username %1b[1m:method%1b[0m %1b[33m:url%1b[0m :status :res[content-length] bytes :response-time ms'));
-var _suppressPaths = Config.getArray("accessLogSuppressPaths", ";", "");
-
-app.use(logger(_logger_format, {stream: _stream,
-  skip: (req, res) => { return _suppressPaths.includes(req.path); }}));
-app.use(compression());
-app.use(methodOverride());
-
-
-app.use('/font-awesome', express.static(__dirname + '/../node_modules/font-awesome', { maxAge: 600 * 1000}));
-app.use('/bootstrap', express.static(__dirname + '/node_modules/bootstrap', { maxAge: 600 * 1000}));
-
-app.use("/", express.static(__dirname + '/public', { maxAge: 600 * 1000}));
-
-if (Config.get("passwordSecret")) {
-  app.locals.alwaysShowESStatus = false;
-  app.use(function(req, res, next) {
-    // 200 for NS
-    if (req.url === "/_ns_/nstest.html") {
-      return res.end();
-    }
-
-    // No auth for eshealth.json or parliament.json
-    if (req.url.match(/^\/(parliament|eshealth).json/)) {
-      return next();
-    }
-
-    // S2S Auth
-    if (req.headers['x-moloch-auth']) {
-      var obj = Config.auth2obj(req.headers['x-moloch-auth'], false);
-      obj.path = obj.path.replace(Config.basePath(), "/");
-      if (obj.path !== req.url) {
-        console.log("ERROR - mismatch url", obj.path, req.url);
-        return res.send("Unauthorized based on bad url, check logs on ", Config.hostName());
-      }
-      if (Math.abs(Date.now() - obj.date) > 120000) { // Request has to be +- 2 minutes
-        console.log("ERROR - Denying server to server based on timestamp, are clocks out of sync?", Date.now(), obj.date);
-        return res.send("Unauthorized based on timestamp - check that all moloch viewer machines have accurate clocks");
-      }
-
-      // Don't look up user for receiveSession
-      if (req.url.match(/^\/receiveSession/)) {
-        return next();
-      }
-
-      Db.getUserCache(obj.user, function(err, suser) {
-        if (err) {return res.send("ERROR - x-moloch getUser - user: " + obj.user + " err:" + err);}
-        if (!suser || !suser.found) {return res.send(obj.user + " doesn't exist");}
-        if (!suser._source.enabled) {return res.send(obj.user + " not enabled");}
-        userCleanup(suser._source);
-        req.user = suser._source;
-        return next();
-      });
-      return;
-    }
-
-    if (req.url.match(/^\/receiveSession/)) {
-      return res.send('receiveSession only allowed s2s');
-    }
-
-    function ucb (err, suser, userName) {
-      if (err) { return res.send(`ERROR - getUser - user: ${userName} err: ${err}`); }
-      if (!suser || !suser.found) { return res.send(`${userName} doesn't exist`); }
-      if (!suser._source.enabled) { return res.send(`${userName} not enabled`); }
-      if (!suser._source.headerAuthEnabled) { return res.send(`${userName} header auth not enabled`); }
-
-      userCleanup(suser._source);
-      req.user = suser._source;
-      return next();
-    }
-
-    // Header auth
-    if (internals.userNameHeader !== undefined) {
-      if (req.headers[internals.userNameHeader] !== undefined) {
-        // Check if we require a certain header+value to be present
-        // as in the case of an apache plugin that sends AD groups
-        if (internals.requiredAuthHeader !== undefined && internals.requiredAuthHeaderVal !== undefined) {
-          let authHeader = req.headers[internals.requiredAuthHeader];
-          if (authHeader === undefined) {
-             return res.send('Missing authorization header');
-          }
-          let authorized = false;
-          authHeader.split(',').forEach(headerVal => {
-             if (headerVal.trim() === internals.requiredAuthHeaderVal) {
-                authorized = true;
-             }
-          });
-          if (!authorized) {
-              return res.send('Not authorized');
-          }
-        }
-
-        const userName = req.headers[internals.userNameHeader];
-
-        Db.getUserCache(userName, (err, suser) => {
-          if (internals.userAutoCreateTmpl === undefined) {
-             return ucb(err, suser, userName);
-          } else if ((err && err.toString().includes('Not Found')) ||
-             (!suser || !suser.found)) { // Try dynamic creation
-             /* jslint evil: true */
-             let nuser = JSON.parse(new Function('return `' +
-                   internals.userAutoCreateTmpl + '`;').call(req.headers));
-             Db.setUser(userName, nuser, (err, info) => {
-               if (err) {
-                 console.log('Elastic search error adding user: (' +  userName + '):(' + JSON.stringify(nuser) + '):' + err);
-               } else {
-                 console.log('Added user:' + userName + ':' + JSON.stringify(nuser));
-               }
-               return Db.getUserCache(userName, ucb);
-             });
-          } else {
-             return ucb(err, suser, userName);
-          }
-        });
-        return;
-      } else if (Config.debug) {
-        console.log('DEBUG - Couldn\'t find userNameHeader of', internals.userNameHeader, 'in', req.headers, 'for', req.url);
-      }
-    }
-
-
-    // Browser auth
-    req.url = req.url.replace("/", Config.basePath());
-    passport.authenticate('digest', {session: false})(req, res, function (err) {
-      req.url = req.url.replace(Config.basePath(), "/");
-      if (err) { return res.molochError(200, err); }
-      else { return next(); }
-    });
-  });
-} else if (Config.get("regressionTests", false)) {
-  console.log('WARNING - The setting "regressionTests" is set to true, do NOT use in production, for testing only');
-  app.locals.alwaysShowESStatus = true;
-  app.locals.noPasswordSecret   = true;
-  app.use(function(req, res, next) {
-    var username = req.query.molochRegressionUser || "anonymous";
-    req.user = {userId: username, enabled: true, createEnabled: username === "anonymous", webEnabled: true, headerAuthEnabled: false, emailSearch: true, removeEnabled: true, packetSearch: true, settings: {}, welcomeMsgNum: 1};
-    Db.getUserCache(username, function(err, suser) {
-      if (!err && suser && suser.found) {
-        userCleanup(suser._source);
-        req.user = suser._source;
-      }
-      next();
-    });
-  });
-} else {
-  /* Shared password isn't set, who cares about auth, db is only used for settings */
-  console.log('WARNING - The setting "passwordSecret" is not set, all access is anonymous');
-  app.locals.alwaysShowESStatus = true;
-  app.locals.noPasswordSecret   = true;
-  app.use(function(req, res, next) {
-    req.user = internals.anonymousUser;
-    Db.getUserCache('anonymous', (err, suser) => {
-      if (!err && suser && suser.found) {
-        req.user.settings = suser._source.settings || {};
-        req.user.views = suser._source.views;
-      }
-      next();
-    });
-  });
-}
-
-// check for anonymous mode before fetching user cache and return anonymous
-// user or the user requested by the userId
-function getUserCacheIncAnon (userId, cb) {
-  if (app.locals.noPasswordSecret) { // user is anonymous
-    Db.getUserCache('anonymous', (err, anonUser) => {
-      let anon = internals.anonymousUser;
-
-      if (!err && anonUser && anonUser.found) {
-        anon.settings = anonUser._source.settings || {};
-        anon.views = anonUser._source.views;
-      }
-
-      return cb(null, anon);
-    });
-  } else {
-    Db.getUserCache(userId, (err, user) => {
-      let found = user.found;
-      user = user._source;
-      if (user) { user.found = found; }
-      return cb(err, user);
-    });
-  }
-}
-
-// add lookups for queries
-app.use(function (req, res, next) {
-  if (!req.user) { return next(); }
-  Db.getLookupsCache(req.user.userId, (err, lookupsMap) => {
-    req.lookups = lookupsMap || {};
-    return next();
-  });
-});
-
-app.use(function(req, res, next) {
-  if (!req.user || !req.user.userId) {
-    return next();
-  }
-
-  var mrc = {};
-
-  mrc.httpAuthorizationDecode = {fields: "http.authorization", func: `{
-    if (value.substring(0,5) === "Basic")
-      return {name: "Decoded:", value: atob(value.substring(6))};
-    return undefined;
-  }`};
-  mrc.bodyHashMd5 = {category: "md5", url: "/%NODE%/%ID%/bodyHash/%TEXT%", name: "Download File"};
-  mrc.bodyHashSha256 = {category: "sha256", url: "/%NODE%/%ID%/bodyHash/%TEXT%", name: "Download File"};
-
-  for (var key in internals.rightClicks) {
-    var rc = internals.rightClicks[key];
-    if (!rc.users || rc.users[req.user.userId]) {
-      mrc[key] = rc;
-    }
-  }
-  app.locals.molochRightClick = mrc;
-  next();
-});
-
-logger.token('username', function(req, res){ return req.user?req.user.userId:"-"; });
-
-// Explicit sigint handler for running under docker
-// See https://github.com/nodejs/node/issues/4182
-process.on('SIGINT', function() {
-    process.exit();
-});
-
-function loadFields() {
-  Db.loadFields(function (err, data) {
-    if (err) {data = [];}
-    else {data = data.hits.hits;}
-
-    // Everything will use dbField2 as dbField
-    for (let i = 0, ilen = data.length; i < ilen; i++) {
-      internals.oldDBFields[data[i]._source.dbField] = data[i]._source;
-      data[i]._source.dbField = data[i]._source.dbField2;
-      if (data[i]._source.portField2) {
-        data[i]._source.portField = data[i]._source.portField2;
-      } else {
-        delete data[i]._source.portField;
-      }
-      delete data[i]._source.rawField;
-    }
-    Config.loadFields(data);
-    app.locals.fieldsMap = JSON.stringify(Config.getFieldsMap());
-    app.locals.fieldsArr = Config.getFields().sort(function(a,b) {return (a.exp > b.exp?1:-1);});
-    createSessionDetail();
-  });
-}
-
-function loadPlugins() {
-  var api = {
-    registerWriter: function(str, info) {
-      internals.writers[str] = info;
-    },
-    getDb: function() { return Db; },
-    getPcap: function() { return Pcap; },
-  };
-  var plugins = Config.getArray('viewerPlugins', ';', '');
-  var dirs = Config.getArray('pluginsDir', ';', '/data/moloch/plugins');
-  plugins.forEach(function (plugin) {
-    plugin = plugin.trim();
-    if (plugin === "") {
-      return;
-    }
-    var found = false;
-    dirs.forEach(function (dir) {
-      dir = dir.trim();
-      if (found || dir === "") {
-        return;
-      }
-      if (fs.existsSync(dir + "/" + plugin)) {
-        found = true;
-        var p = require(dir + "/" + plugin);
-        p.init(Config, internals.pluginEmitter, api);
-      }
-    });
-    if (!found) {
-      console.log("WARNING - Couldn't find plugin", plugin, "in", dirs);
-    }
-  });
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Utility
-//////////////////////////////////////////////////////////////////////////////////
-function safeStr(str) {
-  return str.replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/\"/g,'&quot;').replace(/\'/g, '&#39;').replace(/\//g, '&#47;');
-}
-
-// https://medium.com/dailyjs/rewriting-javascript-converting-an-array-of-objects-to-an-object-ec579cafbfc7
-function arrayToObject(array, key)
-{
-  return array.reduce((obj, item) => {
-    obj[item[key]] = item;
-      return obj;
-  }, {});
-}
-
-function queryValueToArray(val) {
-  if (val === undefined || val === null) {
-    return [];
-  }
-  if (!Array.isArray(val)) {
-    val = [val];
-  }
-  return val.join(",").split(",");
-}
-
-function errorString(err, result) {
-  var str;
-  if (err && typeof err === "string") {
-    str = err;
-  } else if (err && typeof err.message === "string") {
-    str = err.message;
-  } else if (result && result.error) {
-    str = result.error;
-  } else {
-    str = "Unknown issue, check logs";
-    console.log(err, result);
-  }
-
-  if (str.match("IndexMissingException")) {
-    return "Moloch's Elasticsearch database has no matching session indices for timeframe selected";
-  } else {
-    return "Elasticsearch error: " + str;
-  }
-}
-
-function parseCustomView(key, input) {
-  var fieldsMap = Config.getFieldsMap();
-
-  var match = input.match(/require:([^;]+)/);
-  if (!match) {
-    console.log(`custom-view ${key} missing require section`);
-    process.exit(1);
-  }
-  var require = match[1];
-
-  match = input.match(/title:([^;]+)/);
-  var title = match[1] || key;
-
-  match = input.match(/fields:([^;]+)/);
-  if (!match) {
-    console.log(`custom-view ${key} missing fields section`);
-    process.exit(1);
-  }
-  var fields = match[1];
-
-  var output = `  if (session.${require})\n    div.sessionDetailMeta.bold ${title}\n    dl.sessionDetailMeta\n`;
-
-  for (let field of fields.split(",")) {
-    let info = fieldsMap[field];
-    if (!info) {
-      continue;
-    }
-    var parts = splitRemain(info.dbField, '.', 1);
-    if (parts.length === 1) {
-      output += `      +arrayList(session, '${parts[0]}', '${info.friendlyName}', '${field}')\n`;
-    } else {
-      output += `      +arrayList(session.${parts[0]}, '${parts[1]}', '${info.friendlyName}', '${field}')\n`;
-    }
-  }
-
-  return output;
-}
-
-function createSessionDetail() {
-  var found = {};
-  var dirs = [];
-
-  dirs = dirs.concat(Config.getArray('pluginsDir', ';', '/data/moloch/plugins'));
-  dirs = dirs.concat(Config.getArray('parsersDir', ';', '/data/moloch/parsers'));
-
-  dirs.forEach(function(dir) {
-    try {
-      var files = fs.readdirSync(dir);
-      // sort().reverse() so in this dir pug is processed before jade
-      files.sort().reverse().forEach(function(file) {
-        var sfile = file.replace(/\.(pug|jade)/, "");
-        if (found[sfile]) {
-          return;
-        }
-        if (file.match(/\.detail\.jade$/i)) {
-          found[sfile] = fs.readFileSync(dir + "/" + file, 'utf8').replace(/^/mg, "  ") + "\n";
-        } else if (file.match(/\.detail\.pug$/i)) {
-          found[sfile] = "  include " + dir + "/" + file + "\n";
-        }
-      });
-    } catch (e) {}
-  });
-
-  var customViews = Config.keys("custom-views") || [];
-
-  for (let key of customViews) {
-    let view = Config.sectionGet("custom-views", key);
-    found[key] = parseCustomView(key, view);
-  }
-
-  var makers = internals.pluginEmitter.listeners("makeSessionDetail");
-  async.each(makers, function(cb, nextCb) {
-    cb(function (err, items) {
-      for (var k in items) {
-        found[k] = items[k].replace(/^/mg, "  ") + "\n";
-      }
-      return nextCb();
-    });
-  }, function () {
-    internals.sessionDetailNew = "include views/mixins.pug\n" +
-                                 "div.session-detail(sessionid=session.id,hidePackets=hidePackets)\n" +
-                                 "  include views/sessionDetail\n";
-    Object.keys(found).sort().forEach(function(k) {
-      internals.sessionDetailNew += found[k];
-    });
-
-    internals.sessionDetailNew = internals.sessionDetailNew.replace(/div.sessionDetailMeta.bold/g, "h4.sessionDetailMeta")
-                                                           .replace(/dl.sessionDetailMeta/g, "dl")
-                                                           .replace(/a.moloch-right-click.*molochexpr='([^']+)'.*#{(.*)}/g, "+clickableValue('$1', $2)")
-                                                           ;
-  });
-}
-
-function createRightClicks() {
-
-  var mrc = Config.configMap("right-click");
-  for (var key in mrc) {
-    if (mrc[key].fields) {
-      mrc[key].fields = mrc[key].fields.split(",");
-    }
-    if (mrc[key].users) {
-      var users = {};
-      for (const item of mrc[key].users.split(",")) {
-        users[item] = 1;
-      }
-      mrc[key].users = users;
-    }
-  }
-  var makers = internals.pluginEmitter.listeners("makeRightClick");
-  async.each(makers, function(cb, nextCb) {
-    cb(function (err, items) {
-      for (var k in items) {
-        mrc[k] = items[k];
-        if (mrc[k].fields && !Array.isArray(mrc[k].fields)) {
-          mrc[k].fields = mrc[k].fields.split(",");
-        }
-      }
-      return nextCb();
-    });
-  }, function () {
-    internals.rightClicks = mrc;
-  });
-}
-
-//https://coderwall.com/p/pq0usg/javascript-string-split-that-ll-return-the-remainder
-function splitRemain(str, separator, limit) {
-    str = str.split(separator);
-    if(str.length <= limit) {return str;}
-
-    var ret = str.splice(0, limit);
-    ret.push(str.join(separator));
-
-    return ret;
-}
-
-function arrayZeroFill(n) {
-  var a = [];
-  while (n > 0) {
-    a.push(0);
-    n--;
-  }
-  return a;
-}
-
-// https://stackoverflow.com/a/48569020
-class Mutex {
-  constructor () {
-    this.queue = [];
-    this.locked = false;
-  }
-
-  lock () {
-    return new Promise((resolve, reject) => {
-      if (this.locked) {
-        this.queue.push(resolve);
-      } else {
-        this.locked = true;
-        resolve();
-      }
-    });
-  }
-
-  unlock () {
-    if (this.queue.length > 0) {
-      const resolve = this.queue.shift();
-      resolve();
-    } else {
-      this.locked = false;
-    }
-  }
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Requests
-//////////////////////////////////////////////////////////////////////////////////
-
-function addAuth(info, user, node, secret) {
-    if (!info.headers) {
-        info.headers = {};
-    }
-    info.headers['x-moloch-auth'] = Config.obj2auth({date: Date.now(),
-                                                     user: user.userId,
-                                                     node: node,
-                                                     path: info.path
-                                                    }, false, secret);
-}
-
-function loadCaTrust(node) {
-  var caTrustFile = Config.getFull(node, "caTrustFile");
-
-  if (caTrustFile && caTrustFile.length > 0) {
-    let certs = [];
-
-    var caTrustFileLines = fs.readFileSync(caTrustFile, 'utf8');
-    caTrustFileLines = caTrustFileLines.split("\n");
-
-    var foundCert = [];
-
-    for (let i = 0, ilen = caTrustFileLines.length; i < ilen; i++) {
-      let line = caTrustFileLines[i];
-      if (line.length === 0) {
-        continue;
-      }
-      foundCert.push(line);
-      if (line.match(/-END CERTIFICATE-/)) {
-        certs.push(foundCert.join("\n"));
-        foundCert = [];
-      }
-    }
-
-    if (certs.length > 0) {
-      return certs;
-    }
-  }
-
-  return undefined;
-}
-
-
-function addCaTrust(info, node) {
-  if (!Config.isHTTPS(node)) {
-    return;
-  }
-
-  if ((internals.caTrustCerts[node] !== undefined) && (internals.caTrustCerts[node].length > 0)) {
-    info.ca = internals.caTrustCerts[node];
-    info.agent.options.ca = internals.caTrustCerts[node];
-    return;
-  }
-
-  internals.caTrustCerts[node] = loadCaTrust(node);
-
-  if (internals.caTrustCerts[node] !== undefined && internals.caTrustCerts[node].length > 0) {
-    info.ca = internals.caTrustCerts[node];
-    info.agent.options.ca = internals.caTrustCerts[node];
-    return;
-  }
-}
-
-function noCache(req, res, ct) {
-  res.header('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
-  if (ct) {
-    res.setHeader("Content-Type", ct);
-    res.header('X-Content-Type-Options', 'nosniff');
-  }
-}
-
-function getViewUrl(node, cb) {
-  if (Array.isArray(node)) {
-    node = node[0];
-  }
-
-  var url = Config.getFull(node, "viewUrl");
-  if (url) {
-    if (Config.debug > 1) {
-      console.log(`DEBUG: node:${node} is using ${url} because viewUrl was set for ${node} in config file`);
-    }
-    cb(null, url, url.slice(0, 5) === "https"?https:http);
-    return;
-  }
-
-  Db.molochNodeStatsCache(node, function(err, stat) {
-    if (err) {
-      return cb(err);
-    }
-
-    if (Config.debug > 1) {
-      console.log(`DEBUG: node:${node} is using ${stat.hostname} from elasticsearch stats index`);
-    }
-
-    if (Config.isHTTPS(node)) {
-      cb(null, "https://" + stat.hostname + ":" + Config.getFull(node, "viewPort", "8005"), https);
-    } else {
-      cb(null, "http://" + stat.hostname + ":" + Config.getFull(node, "viewPort", "8005"), http);
-    }
-  });
-}
-
-function proxyRequest (req, res, errCb) {
-  noCache(req, res);
-
-  getViewUrl(req.params.nodeName, function(err, viewUrl, client) {
-    if (err) {
-      if (errCb) {
-        return errCb(err);
-      }
-      console.log("ERROR - getViewUrl - node:", req.params.nodeName, "err:", err);
-      return res.send(`Can't find view url for '${safeStr(req.params.nodeName)}' check viewer logs on '${Config.hostName()}'`);
-    }
-    var info = url.parse(viewUrl);
-    info.path = req.url;
-    info.agent = (client === http?internals.httpAgent:internals.httpsAgent);
-    addAuth(info, req.user, req.params.nodeName);
-    addCaTrust(info, req.params.nodeName);
-
-    var preq = client.request(info, function(pres) {
-      if (pres.headers['content-type']) {
-        res.setHeader('content-type', pres.headers['content-type']);
-      }
-      if (pres.headers['content-disposition']) {
-        res.setHeader('content-disposition', pres.headers['content-disposition']);
-      }
-      pres.on('data', function (chunk) {
-        res.write(chunk);
-      });
-      pres.on('end', function () {
-        res.end();
-      });
-    });
-
-    preq.on('error', function (e) {
-      if (errCb) {
-        return errCb(e);
-      }
-      console.log("ERROR - Couldn't proxy request=", info, "\nerror=", e, "You might want to run viewer with two --debug for more info");
-      res.send(`Error talking to node '${safeStr(req.params.nodeName)}' using host '${info.host}' check viewer logs on '${Config.hostName()}'`);
-    });
-    preq.end();
-  });
-}
-
-function makeRequest (node, path, user, cb) {
-  getViewUrl(node, function (err, viewUrl, client) {
-    let info = url.parse(viewUrl);
-    info.path = encodeURI(`${Config.basePath(node)}${path}`);
-    info.agent = (client === http ? internals.httpAgent : internals.httpsAgent);
-    addAuth(info, user, node);
-    addCaTrust(info, node);
-    let preq = client.request(info, function (pres) {
-      let response = '';
-      pres.on('data', function (chunk) {
-        response += chunk;
-      });
-      pres.on('end', function () {
-        cb(null, response);
-      });
-    });
-    preq.on('error', function (err) {
-      console.log(`Error with ${info.path} on remote viewer: ${err}`);
-      cb(err);
-    });
-    preq.end();
-  });
-}
-
-function isLocalView (node, yesCb, noCb) {
-  if (internals.isLocalViewRegExp && node.match(internals.isLocalViewRegExp)) {
-    if (Config.debug > 1) {
-      console.log(`DEBUG: node:${node} is local view because matches ${internals.isLocalViewRegExp}`);
-    }
-    return yesCb();
-  }
-
-  var pcapWriteMethod = Config.getFull(node, "pcapWriteMethod");
-  var writer = internals.writers[pcapWriteMethod];
-  if (writer && writer.localNode === false) {
-    if (Config.debug > 1) {
-      console.log(`DEBUG: node:${node} is local view because of writer`);
-    }
-    return yesCb();
-  }
-  return Db.isLocalView(node, yesCb, noCb);
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Middleware
-//////////////////////////////////////////////////////////////////////////////////
-function checkProxyRequest(req, res, next) {
-  isLocalView(req.params.nodeName, function () {
-    return next();
-  },
-  function () {
-    return proxyRequest(req, res);
-  });
-}
-
-function setCookie (req, res, next) {
-  let cookieOptions = {
-    path: app.locals.basePath,
-    sameSite: 'Strict',
-    overwrite: true
-  };
-
-  if (Config.isHTTPS()) { cookieOptions.secure = true; }
-
-  res.cookie( // send cookie for basic, non admin functions
-     'MOLOCH-COOKIE',
-     Config.obj2auth({
-       date: Date.now(),
-       pid: process.pid,
-       userId: req.user.userId
-     }, true),
-     cookieOptions
-  );
-
-  return next();
-}
-
-function checkCookieToken(req, res, next) {
-  if (!req.headers['x-moloch-cookie']) {
-    return res.molochError(500, 'Missing token');
-  }
-
-  req.token = Config.auth2obj(req.headers['x-moloch-cookie'], true);
-  var diff = Math.abs(Date.now() - req.token.date);
-  if (diff > 2400000 || /* req.token.pid !== process.pid || */
-      req.token.userId !== req.user.userId) {
-
-    console.trace('bad token', req.token);
-    return res.molochError(500, 'Timeout - Please try reloading page and repeating the action');
-  }
-
-  return next();
-}
-
-// use for APIs that can be used from places other than just the UI
-function checkHeaderToken (req, res, next) {
-  if (req.headers.cookie) { // if there's a cookie, check header
-    return checkCookieToken(req, res, next);
-  } else { // if there's no cookie, just continue so the API still works
-    return next();
-  }
-}
-
-function checkPermissions (permissions) {
-  const inversePermissions = {
-    hidePcap: true,
-    hideFiles: true,
-    hideStats: true,
-    disablePcapDownload: true
-  };
-
-  return (req, res, next) => {
-    for (let permission of permissions) {
-      if ((!req.user[permission] && !inversePermissions[permission]) ||
-        (req.user[permission] && inversePermissions[permission])) {
-        console.log(`Permission denied to ${req.user.userId} while requesting resource: ${req._parsedUrl.pathname}, using permission ${permission}`);
-        return res.molochError(403, 'You do not have permission to access this resource');
-      }
-    }
-    next();
-  };
-}
-
-function checkHuntAccess (req, res, next) {
-  if (req.user.createEnabled) {
-    // an admin can do anything to any hunt
-    return next();
-  } else {
-    Db.get('hunts', 'hunt', req.params.id, (err, huntHit) => {
-      if (err) {
-        console.log('error', err);
-        return res.molochError(500, err);
-      }
-      if (!huntHit || !huntHit.found) { throw 'Hunt not found'; }
-
-      if (huntHit._source.userId === req.user.userId) {
-        return next();
-      }
-      return res.molochError(403, `You cannot change another user's hunt unless you have admin privileges`);
-    });
-  }
-}
-
-function checkCronAccess (req, res, next) {
-  if (req.user.createEnabled) {
-    // an admin can do anything to any query
-    return next();
-  } else {
-    Db.get('queries', 'query', req.body.key, (err, query) => {
-      if (err || !query.found) {
-        return res.molochError(403, 'Unknown cron query');
-      }
-      if (query._source.creator === req.user.userId) {
-        return next();
-      }
-      return res.molochError(403, `You cannot change another user's cron query unless you have admin privileges`);
-    });
-  }
-}
-
-function noCacheJson(req, res, next) {
-  res.header('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
-  res.setHeader("Content-Type", 'application/json');
-  return next();
-}
-
-function logAction(uiPage) {
-  return function(req, res, next) {
-    var log = {
-      timestamp : Math.floor(Date.now()/1000),
-      method    : req.method,
-      userId    : req.user.userId,
-      api       : req._parsedUrl.pathname,
-      query     : req._parsedUrl.query,
-      expression: req.query.expression
-    };
-
-    if (req.user.expression) {
-      log.forcedExpression = req.user.expression;
-    }
-
-    if (uiPage) { log.uiPage = uiPage; }
-
-    if (req.query.date && parseInt(req.query.date) === -1) {
-      log.range = log.timestamp;
-    } else if(req.query.startTime && req.query.stopTime) {
-      log.range = req.query.stopTime - req.query.startTime;
-    }
-
-    if (req.query.view && req.user.views) {
-      var view = req.user.views[req.query.view];
-      if (view) {
-        log.view = {
-          name: req.query.view,
-          expression: view.expression
-        };
-      }
-    }
-
-    // save the request body
-    var avoidProps  = { password:true, newPassword:true, currentPassword:true };
-    var bodyClone   = {};
-
-    for (var key in req.body) {
-      if (req.body.hasOwnProperty(key) && !avoidProps[key]) {
-        bodyClone[key] = req.body[key];
-      }
-    }
-
-    if (Object.keys(bodyClone).length > 0) {
-      log.body = bodyClone;
-    }
-
-    res.logCounts = function(recordsReturned, recordsFiltered, recordsTotal) {
-      log.recordsReturned = recordsReturned;
-      log.recordsFiltered = recordsFiltered;
-      log.recordsTotal    = recordsTotal;
-    };
-
-    req._molochStartTime = new Date();
-    function finish () {
-      log.queryTime = new Date() - req._molochStartTime;
-      res.removeListener('finish', finish);
-      Db.historyIt(log, function(err, info) {
-        if (err) { console.log('log history error', err, info); }
-      });
-    }
-
-    res.on('finish', finish);
-
-    return next();
-  };
-}
-
-function fieldToExp (req, res, next) {
-  if (req.query.exp && !req.query.field) {
-    var field = Config.getFieldsMap()[req.query.exp];
-    if (field) { req.query.field = field.dbField; }
-    else { req.query.field = req.query.exp; }
-  }
-
-  return next();
-}
-
-// record the time it took from the request to start
-// until the headers are set to send the response
-function recordResponseTime (req, res, next) {
-  onHeaders(res, () => {
-    let now = process.hrtime();
-    let ms = ((now[0] - req._startAt[0]) * 1000) + ((now[1] - req._startAt[1]) / 1000000);
-    ms = Math.ceil(ms);
-    res.setHeader('X-Moloch-Response-Time', ms);
-  });
-
-  next();
-}
-
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Pages
-//////////////////////////////////////////////////////////////////////////////////
-// APIs disabled in demoMode, needs to be before real callbacks
-if (Config.get('demoMode', false)) {
-  console.log("WARNING - Starting in demo mode, some APIs disabled");
-  app.all(['/settings', '/users', '/history/list'], function(req, res) {
-    return res.send('Disabled in demo mode.');
-  });
-
-  app.get(['/user/cron', '/history/list'], function(req, res) {
-    return res.molochError(403, "Disabled in demo mode.");
-  });
-
-  app.post(['/user/password/change', '/changePassword', '/tableState/:tablename'], function(req, res) {
-    return res.molochError(403, "Disabled in demo mode.");
-  });
-}
-
-app.get(['/', '/app'], function(req, res) {
-  var question = req.url.indexOf("?");
-  if (question === -1) {
-    res.redirect("sessions");
-  } else {
-    res.redirect("sessions" + req.url.substring(question));
-  }
-});
-
-app.get('/about', checkPermissions(['webEnabled']), (req, res) => {
-  res.redirect('help');
-});
-
-app.get('/molochclusters', function(req, res) {
-  function cloneClusters(clusters) {
-    var clone = {};
-
-    for (var key in app.locals.molochClusters) {
-      if (app.locals.molochClusters.hasOwnProperty(key)) {
-        var cluster = app.locals.molochClusters[key];
-        clone[key] = {
-          name: cluster.name,
-          url : cluster.url
-        };
-      }
-    }
-
-    return clone;
-  }
-
-  if(!app.locals.molochClusters) {
-    var molochClusters = Config.configMap("moloch-clusters");
-
-    if (!molochClusters) {
-      res.status(404);
-      return res.send('Cannot locate right clicks');
-    }
-
-    return res.send(cloneClusters(molochClusters));
-  }
-
-  var clustersClone = cloneClusters(app.locals.molochClusters);
-
-  return res.send(clustersClone);
-});
-
-// custom user css
-app.get('/user.css', checkPermissions(['webEnabled']), (req, res) => {
-  fs.readFile("./views/user.styl", 'utf8', function(err, str) {
-    function error(msg) {
-      console.log('ERROR - user.css -', msg);
-      return res.status(404).end();
-    }
-
-    var date = new Date().toUTCString();
-    res.setHeader('Content-Type', 'text/css');
-    res.setHeader('Date', date);
-    res.setHeader('Cache-Control', 'public, max-age=0');
-    res.setHeader('Last-Modified', date);
-
-    if (err) { return error(err); }
-    if (!req.user.settings.theme) { return error('no custom theme defined'); }
-
-    var theme = req.user.settings.theme.split(':');
-
-    if (!theme[1]) { return error('custom theme corrupted'); }
-
-    var style = stylus(str);
-
-    var colors = theme[1].split(',');
-
-    if (!colors) { return error('custom theme corrupted'); }
-
-    style.define('colorBackground', new stylus.nodes.Literal(colors[0]));
-    style.define('colorForeground', new stylus.nodes.Literal(colors[1]));
-    style.define('colorForegroundAccent', new stylus.nodes.Literal(colors[2]));
-
-    style.define('colorWhite', new stylus.nodes.Literal('#FFFFFF'));
-    style.define('colorBlack', new stylus.nodes.Literal('#333333'));
-    style.define('colorGray', new stylus.nodes.Literal('#CCCCCC'));
-    style.define('colorGrayDark', new stylus.nodes.Literal('#777777'));
-    style.define('colorGrayDarker', new stylus.nodes.Literal('#555555'));
-    style.define('colorGrayLight', new stylus.nodes.Literal('#EEEEEE'));
-    style.define('colorGrayLighter', new stylus.nodes.Literal('#F6F6F6'));
-
-    style.define('colorPrimary', new stylus.nodes.Literal(colors[3]));
-    style.define('colorPrimaryLightest', new stylus.nodes.Literal(colors[4]));
-    style.define('colorSecondary', new stylus.nodes.Literal(colors[5]));
-    style.define('colorSecondaryLightest', new stylus.nodes.Literal(colors[6]));
-    style.define('colorTertiary', new stylus.nodes.Literal(colors[7]));
-    style.define('colorTertiaryLightest', new stylus.nodes.Literal(colors[8]));
-    style.define('colorQuaternary', new stylus.nodes.Literal(colors[9]));
-    style.define('colorQuaternaryLightest', new stylus.nodes.Literal(colors[10]));
-
-    style.define('colorWater', new stylus.nodes.Literal(colors[11]));
-    style.define('colorLand', new stylus.nodes.Literal(colors[12]));
-    style.define('colorSrc', new stylus.nodes.Literal(colors[13]));
-    style.define('colorDst', new stylus.nodes.Literal(colors[14]));
-
-    style.render(function(err, css){
-      if (err) { return error(err); }
-      return res.send(css);
-    });
-  });
-});
-
-
-/* User Endpoints ---------------------------------------------------------- */
-// default settings for users with no settings
-let settingDefaults = {
-  timezone      : 'local',
-  detailFormat  : 'last',
-  showTimestamps: 'last',
-  sortColumn    : 'firstPacket',
-  sortDirection : 'desc',
-  spiGraph      : 'node',
-  connSrcField  : 'srcIp',
-  connDstField  : 'ip.dst:port',
-  numPackets    : 'last',
-  theme         : 'default-theme'
-};
-
-// gets the current user
-app.get('/user/current', checkPermissions(['webEnabled']), (req, res) => {
-  let userProps = [ 'createEnabled', 'emailSearch', 'enabled', 'removeEnabled',
-    'headerAuthEnabled', 'settings', 'userId', 'userName', 'webEnabled', 'packetSearch',
-    'hideStats', 'hideFiles', 'hidePcap', 'disablePcapDownload', 'welcomeMsgNum',
-    'lastUsed', 'timeLimit' ];
-
-  let clone = {};
-
-  for (let i = 0, ilen = userProps.length; i < ilen; ++i) {
-    let prop = userProps[i];
-    if (req.user.hasOwnProperty(prop)) {
-      clone[prop] = req.user[prop];
-    }
-  }
-
-  clone.canUpload = app.locals.allowUploads;
-  clone.esAdminUser = internals.esAdminUsers.includes(req.user.userId);
-
-
-  // If no settings, use defaults
-  if (clone.settings === undefined) { clone.settings = settingDefaults; }
-
-  // Use settingsDefaults for any settings that are missing
-  for (let item in settingDefaults) {
-    if (clone.settings[item] === undefined) {
-      clone.settings[item] = settingDefaults[item];
-    }
-  }
-
-  return res.send(clone);
-});
-
-// express middleware to set req.settingUser to who to work on, depending if admin or not
-// This returns the cached user
-function getSettingUserCache (req, res, next) {
-  // If no userId parameter, or userId is ourself then req.user already has our info
-  if (req.query.userId === undefined || req.query.userId === req.user.userId) {
-    req.settingUser = req.user;
-    return next();
-  }
-
-  // user is trying to get another user's settings without admin privilege
-  if (!req.user.createEnabled) { return res.molochError(403, "Need admin privileges"); }
-
-  Db.getUserCache(req.query.userId, function(err, user) {
-    if (err || !user || !user.found) {
-      if (app.locals.noPasswordSecret) {
-        // TODO: send anonymous user's settings
-        req.settingUser = {};
-      } else {
-        req.settingUser = null;
-      }
-      return next();
-    }
-    req.settingUser = user._source;
-    return next();
-  });
-}
-
-// express middleware to set req.settingUser to who to work on, depending if admin or not
-// This returns fresh from db
-function getSettingUserDb (req, res, next) {
-  let userId;
-
-  if (req.query.userId === undefined || req.query.userId === req.user.userId) {
-    if (Config.get('regressionTests', false)) {
-      req.settingUser = req.user;
-      return next();
-    }
-
-    userId = req.user.userId;
-  } else if (!req.user.createEnabled) {
-    // user is trying to get another user's settings without admin privilege
-    return res.molochError(403, "Need admin privileges");
-  } else {
-    userId = req.query.userId;
-  }
-
-  Db.getUser(userId, function(err, user) {
-    if (err || !user || !user.found) {
-      if (app.locals.noPasswordSecret) {
-        // TODO: send anonymous user's settings
-        req.settingUser = {};
-      } else {
-        return res.molochError(403, 'Unknown user');
-      }
-      return next();
-    }
-    req.settingUser = user._source;
-    return next();
-  });
-}
-
-function buildNotifiers () {
-  internals.notifiers = {};
-
-  let api = {
-    register: function (str, info) {
-      internals.notifiers[str] = info;
-    }
-  };
-
-  // look for all notifier providers and initialize them
-  let files = glob.sync(`${__dirname}/../notifiers/provider.*.js`);
-  files.forEach((file) => {
-    let plugin = require(file);
-    plugin.init(api);
-  });
-}
-
-function issueAlert (notifierName, alertMessage, continueProcess) {
-  if (!internals.notifiers) { buildNotifiers(); }
-
-  // find notifier
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      console.log('Cannot find notifier, no alert can be issued');
-      return continueProcess();
-    }
-
-    sharedUser = sharedUser._source;
-
-    sharedUser.notifiers = sharedUser.notifiers || {};
-
-    let notifier = sharedUser.notifiers[notifierName];
-
-    if (!notifier) {
-      console.log('Cannot find notifier, no alert can be issued');
-      return continueProcess();
-    }
-
-    let notifierDefinition;
-    for (let n in internals.notifiers) {
-      if (internals.notifiers[n].type === notifier.type) {
-        notifierDefinition = internals.notifiers[n];
-      }
-    }
-    if (!notifierDefinition) {
-      console.log('Cannot find notifier definition, no alert can be issued');
-      return continueProcess();
-    }
-
-    let config = {};
-    for (let field of notifierDefinition.fields) {
-      for (let configuredField of notifier.fields) {
-        if (configuredField.name === field.name && configuredField.value !== undefined) {
-          console.log('setting', field.name, 'to', configuredField.value);
-          config[field.name] = configuredField.value;
-        }
-      }
-
-      // If a field is required and nothing was set, then we have an error
-      if (field.required && config[field.name] === undefined) {
-        console.log(`Cannot find notifier field value: ${field.name}, no alert can be issued`);
-        continueProcess();
-      }
-    }
-
-    notifierDefinition.sendAlert(config, alertMessage);
-
-    return continueProcess();
-  });
-}
-
-app.get('/notifierTypes', checkCookieToken, function (req, res) {
-  if (!internals.notifiers) {
-    buildNotifiers();
-  }
-
-  return res.send(internals.notifiers);
-});
-
-// get created notifiers
-app.get('/notifiers', checkCookieToken, function (req, res) {
-  function cloneNotifiers(notifiers) {
-    var clone = {};
-
-    for (var key in notifiers) {
-      if (notifiers.hasOwnProperty(key)) {
-        var notifier = notifiers[key];
-        clone[key] = {
-          name: notifier.name,
-          type : notifier.type
-        };
-      }
-    }
-
-    return clone;
-  }
-
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      return res.send({});
-    } else {
-      sharedUser = sharedUser._source;
-    }
-
-    if (req.user.createEnabled) {
-      return res.send(sharedUser.notifiers);
-    }
-
-    return res.send(cloneNotifiers(sharedUser.notifiers));
-  });
-});
-
-// create a new notifier
-app.post('/notifiers', [noCacheJson, getSettingUserDb, checkCookieToken], function (req, res) {
-  let user = req.settingUser;
-  if (!user.createEnabled) {
-    return res.molochError(401, 'Need admin privelages to create a notifier');
-  }
-
-  if (!req.body.notifier) {
-    return res.molochError(403, 'Missing notifier');
-  }
-
-  if (!req.body.notifier.name) {
-    return res.molochError(403, 'Missing a unique notifier name');
-  }
-
-  if (!req.body.notifier.type) {
-    return res.molochError(403, 'Missing notifier type');
-  }
-
-  if (!req.body.notifier.fields) {
-    return res.molochError(403, 'Missing notifier fields');
-  }
-
-  if (!Array.isArray(req.body.notifier.fields)) {
-    return res.molochError(403, 'Notifier fields must be an array');
-  }
-
-  req.body.notifier.name = req.body.notifier.name.replace(/[^-a-zA-Z0-9_: ]/g, '');
-
-  if (!internals.notifiers) { buildNotifiers(); }
-
-  let foundNotifier;
-  for (let n in internals.notifiers) {
-    let notifier = internals.notifiers[n];
-    if (notifier.type === req.body.notifier.type) {
-      foundNotifier = notifier;
-    }
-  }
-
-  if (!foundNotifier) { return res.molochError(403, 'Unknown notifier type'); }
-
-  // check that required notifier fields exist
-  for (let field of foundNotifier.fields) {
-    if (field.required) {
-      for (let sentField of req.body.notifier.fields) {
-        if (sentField.name === field.name && !sentField.value) {
-          return res.molochError(403, `Missing a value for ${field.name}`);
-        }
-      }
-    }
-  }
-
-  // save the notifier on the shared user
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      // sharing for the first time
-      sharedUser = {
-        userId: '_moloch_shared',
-        userName: '_moloch_shared',
-        enabled: false,
-        webEnabled: false,
-        emailSearch: false,
-        headerAuthEnabled: false,
-        createEnabled: false,
-        removeEnabled: false,
-        packetSearch: false,
-        views: {},
-        notifiers: {}
-      };
-    } else {
-      sharedUser = sharedUser._source;
-    }
-
-    sharedUser.notifiers = sharedUser.notifiers || {};
-
-    if (sharedUser.notifiers[req.body.notifier.name]) {
-      console.log('Trying to add duplicate notifier', sharedUser);
-      return res.molochError(403, 'Notifier already exists');
-    }
-
-    sharedUser.notifiers[req.body.notifier.name] = req.body.notifier;
-
-    Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-      if (err) {
-        console.log('/notifiers failed', err, info);
-        return res.molochError(500, 'Creating notifier failed');
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Successfully created notifier',
-        name    : req.body.notifier.name
-      }));
-    });
-  });
-});
-
-// update a notifier
-app.put('/notifiers/:name', [noCacheJson, getSettingUserDb, checkCookieToken], function (req, res) {
-  let user = req.settingUser;
-  if (!user.createEnabled) {
-    return res.molochError(401, 'Need admin privelages to update a notifier');
-  }
-
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      return res.molochError(404, 'Cannot find notifer to udpate');
-    } else {
-      sharedUser = sharedUser._source;
-    }
-
-    sharedUser.notifiers = sharedUser.notifiers || {};
-
-    if (!sharedUser.notifiers[req.params.name]) {
-      return res.molochError(404, 'Cannot find notifer to udpate');
-    }
-
-    if (!req.body.notifier) {
-      return res.molochError(403, 'Missing notifier');
-    }
-
-    if (!req.body.notifier.name) {
-      return res.molochError(403, 'Missing a unique notifier name');
-    }
-
-    if (!req.body.notifier.type) {
-      return res.molochError(403, 'Missing notifier type');
-    }
-
-    if (!req.body.notifier.fields) {
-      return res.molochError(403, 'Missing notifier fields');
-    }
-
-    if (!Array.isArray(req.body.notifier.fields)) {
-      return res.molochError(403, 'Notifier fields must be an array');
-    }
-
-    req.body.notifier.name = req.body.notifier.name.replace(/[^-a-zA-Z0-9_: ]/g, '');
-
-    if (req.body.notifier.name !== req.body.key &&
-      sharedUser.notifiers[req.body.notifier.name]) {
-      return res.molochError(403, `${req.body.notifier.name} already exists`);
-    }
-
-
-    if (!internals.notifiers) { buildNotifiers(); }
-
-    let foundNotifier;
-    for (let n in internals.notifiers) {
-      let notifier = internals.notifiers[n];
-      if (notifier.type === req.body.notifier.type) {
-        foundNotifier = notifier;
-      }
-    }
-
-    if (!foundNotifier) { return res.molochError(403, 'Unknown notifier type'); }
-
-    // check that required notifier fields exist
-    for (let field of foundNotifier.fields) {
-      if (field.required) {
-        for (let sentField of req.body.notifier.fields) {
-          if (sentField.name === field.name && !sentField.value) {
-            return res.molochError(403, `Missing a value for ${field.name}`);
-          }
-        }
-      }
-    }
-
-    sharedUser.notifiers[req.body.notifier.name] = req.body.notifier;
-    // delete the old notifier if the name has changed
-    if (sharedUser.notifiers[req.params.name] && req.body.notifier.name !== req.params.name) {
-      sharedUser.notifiers[req.params.name] = null;
-      delete sharedUser.notifiers[req.params.name];
-    }
-
-    Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-      if (err) {
-        console.log('/notifiers update failed', err, info);
-        return res.molochError(500, 'Updating notifier failed');
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Successfully updated notifier',
-        name    : req.body.notifier.name
-      }));
-    });
-  });
-});
-
-// delete a notifier
-app.delete('/notifiers/:name', [noCacheJson, getSettingUserDb, checkCookieToken], function (req, res) {
-  let user = req.settingUser;
-  if (!user.createEnabled) {
-    return res.molochError(401, 'Need admin privelages to delete a notifier');
-  }
-
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      return res.molochError(404, 'Cannot find notifer to remove');
-    } else {
-      sharedUser = sharedUser._source;
-    }
-
-    sharedUser.notifiers = sharedUser.notifiers || {};
-
-    if (!sharedUser.notifiers[req.params.name]) {
-      return res.molochError(404, 'Cannot find notifer to remove');
-    }
-
-    sharedUser.notifiers[req.params.name] = undefined;
-
-    Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-      if (err) {
-        console.log('/notifiers delete failed', err, info);
-        return res.molochError(500, 'Deleting notifier failed');
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Successfully deleted notifier',
-        name    : req.params.name
-      }));
-    });
-  });
-});
-
-// test a notifier
-app.post('/notifiers/:name/test', [noCacheJson, getSettingUserCache, checkCookieToken], function (req, res) {
-  let user = req.settingUser;
-  if (!user.createEnabled) {
-    return res.molochError(401, 'Need admin privelages to test a notifier');
-  }
-
-  function continueProcess () {
-    return res.send(JSON.stringify({
-      success : true,
-      text    : `Successfully issued alert using the ${req.params.name} notifier.`
-    }));
-  }
-
-  issueAlert(req.params.name, 'Test alert', continueProcess);
-});
-
-// gets a user's settings
-app.get('/user/settings', [noCacheJson, recordResponseTime, getSettingUserDb, checkPermissions(['webEnabled']), setCookie], (req, res) => {
-  let settings = req.settingUser.settings || settingDefaults;
-
-  let cookieOptions = { path: app.locals.basePath, sameSite: 'Strict' };
-  if (Config.isHTTPS()) { cookieOptions.secure = true; }
-
-  res.cookie(
-     'MOLOCH-COOKIE',
-     Config.obj2auth({date: Date.now(), pid: process.pid, userId: req.user.userId}, true),
-     cookieOptions
-  );
-
-  return res.send(settings);
-});
-
-// updates a user's settings
-app.post('/user/settings/update', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  req.settingUser.settings = req.body;
-  delete req.settingUser.settings.token;
-
-  Db.setUser(req.settingUser.userId, req.settingUser, function(err, info) {
-    if (err) {
-      console.log('/user/settings/update error', err, info);
-      return res.molochError(500, 'Settings update failed');
-    }
-    return res.send(JSON.stringify({
-      success : true,
-      text    : 'Updated settings successfully'
-    }));
-  });
-});
-
-function saveSharedView (req, res, user, view, endpoint, successMessage, errorMessage) {
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      // sharing for the first time
-      sharedUser = {
-        userId: '_moloch_shared',
-        userName: '_moloch_shared',
-        enabled: false,
-        webEnabled: false,
-        emailSearch: false,
-        headerAuthEnabled: false,
-        createEnabled: false,
-        removeEnabled: false,
-        packetSearch: false,
-        views: {}
-      };
-    } else {
-      sharedUser = sharedUser._source;
-    }
-
-    sharedUser.views = sharedUser.views || {};
-
-    if (sharedUser.views[req.body.name]) {
-      console.log('Trying to add duplicate shared view', sharedUser);
-      return res.molochError(403, 'Shared view already exists');
-    }
-
-    sharedUser.views[req.body.name] = view;
-
-    Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-      if (err) {
-        console.log(endpoint, 'failed', err, info);
-        return res.molochError(500, errorMessage);
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : successMessage,
-        viewName: req.body.name,
-        view    : view
-      }));
-    });
-  });
-}
-
-// remove the string, 'shared:', that is added to shared views with the same
-// name as a user's personal view in the endpoint '/user/views'
-// also remove any special characters except ('-', '_', ':', and ' ')
-function sanitizeViewName (req, res, next) {
-  if (req.body.name) {
-    req.body.name = req.body.name.replace(/(^(shared:)+)|[^-a-zA-Z0-9_: ]/g, '');
-  }
-  next();
-}
-
-// removes a view from the user that created the view and adds it to the shared user
-function shareView (req, res, user, endpoint, successMessage, errorMessage) {
-  let view = user.views[req.body.name];
-  view.shared = true;
-
-  delete user.views[req.body.name]; // remove the view from the
-
-  Db.setUser(user.userId, user, (err, info) => {
-    if (err) {
-      console.log(endpoint, 'failed', err, info);
-      return res.molochError(500, errorMessage);
-    }
-    // save the view on the shared user
-    return saveSharedView(req, res, user, view, endpoint, successMessage, errorMessage);
-  });
-}
-
-// removes a view from the shared user and adds it to the user that created the view
-function unshareView (req, res, user, sharedUser, endpoint, successMessage, errorMessage) {
-  Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-    if (err) {
-      console.log(endpoint, 'failed', err, info);
-      return res.molochError(500, errorMessage);
-    }
-
-    if (user.views[req.body.name]) { // the user already has a view with this name
-      return res.molochError(403, 'A view already exists with this name.');
-    }
-
-    user.views[req.body.name] = {
-      expression: req.body.expression,
-      user: req.body.user, // keep the user so we know who created it
-      shared: false,
-      sessionsColConfig: req.body.sessionsColConfig
-    };
-
-    Db.setUser(user.userId, user, (err, info) => {
-      if (err) {
-        console.log(endpoint, 'failed', err, info);
-        return res.molochError(500, errorMessage);
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : successMessage
-      }));
-    });
-  });
-}
-
-// gets a user's views
-app.get('/user/views', [noCacheJson, getSettingUserCache], function(req, res) {
-  if (!req.settingUser) { return res.send({}); }
-
-  // Clone the views so we don't modify that cached user
-  let views = JSON.parse(JSON.stringify(req.settingUser.views || {}));
-
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (sharedUser && sharedUser.found) {
-      sharedUser = sharedUser._source;
-      for (let viewName in sharedUser.views) {
-        // check for views with the same name as a shared view so user specific views don't get overwritten
-        let sharedViewName = viewName;
-        if (views[sharedViewName] && !views[sharedViewName].shared) {
-          sharedViewName = `shared:${sharedViewName}`;
-        }
-        views[sharedViewName] = sharedUser.views[viewName];
-      }
-    }
-
-    return res.send(views);
-  });
-});
-
-// creates a new view for a user
-app.post('/user/views/create', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, sanitizeViewName], function (req, res) {
-  if (!req.body.name)   { return res.molochError(403, 'Missing view name'); }
-  if (!req.body.expression) { return res.molochError(403, 'Missing view expression'); }
-
-  let user = req.settingUser;
-  user.views = user.views || {};
-
-  let newView = {
-    expression: req.body.expression,
-    user: user.userId
-  };
-
-  if (req.body.shared) {
-    // save the view on the shared user
-    newView.shared = true;
-    saveSharedView(req, res, user, newView, '/user/views/create', 'Created shared view successfully', 'Create shared view failed');
-  } else {
-    newView.shared = false;
-    if (user.views[req.body.name]) {
-      return res.molochError(403, 'A view already exists with this name.');
-    } else {
-      user.views[req.body.name] = newView;
-    }
-
-    if (req.body.sessionsColConfig) {
-      user.views[req.body.name].sessionsColConfig = req.body.sessionsColConfig;
-    } else if (user.views[req.body.name].sessionsColConfig && !req.body.sessionsColConfig) {
-      user.views[req.body.name].sessionsColConfig = undefined;
-    }
-
-    Db.setUser(user.userId, user, (err, info) => {
-      if (err) {
-        console.log('/user/views/create error', err, info);
-        return res.molochError(500, 'Create view failed');
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Created view successfully',
-        viewName: req.body.name,
-        view    : newView
-      }));
-    });
-  }
-});
-
-// deletes a user's specified view
-app.post('/user/views/delete', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, sanitizeViewName], function(req, res) {
-  if (!req.body.name) { return res.molochError(403, 'Missing view name'); }
-
-  let user = req.settingUser;
-  user.views = user.views || {};
-
-  if (req.body.shared) {
-    Db.getUser('_moloch_shared', (err, sharedUser) => {
-      if (sharedUser && sharedUser.found) {
-        sharedUser = sharedUser._source;
-        sharedUser.views = sharedUser.views || {};
-        if (sharedUser.views[req.body.name] === undefined) { return res.molochError(404, 'View not found'); }
-        // only admins or the user that created the view can delete the shared view
-        if (!user.createEnabled && sharedUser.views[req.body.name].user !== user.userId) {
-          return res.molochError(401, `Need admin privelages to delete another user's shared view`);
-        }
-        delete sharedUser.views[req.body.name];
-      }
-
-      Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-        if (err) {
-          console.log('/user/views/delete failed', err, info);
-          return res.molochError(500, 'Delete shared view failed');
-        }
-        return res.send(JSON.stringify({
-          success : true,
-          text    : 'Deleted shared view successfully'
-        }));
-      });
-    });
-  } else {
-    if (user.views[req.body.name] === undefined) { return res.molochError(404, 'View not found'); }
-    delete user.views[req.body.name];
-
-    Db.setUser(user.userId, user, (err, info) => {
-      if (err) {
-        console.log('/user/views/delete failed', err, info);
-        return res.molochError(500, 'Delete view failed');
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Deleted view successfully'
-      }));
-    });
-  }
-});
-
-// shares/unshares a view
-app.post('/user/views/toggleShare', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, sanitizeViewName], function (req, res) {
-  if (!req.body.name)       { return res.molochError(403, 'Missing view name'); }
-  if (!req.body.expression) { return res.molochError(403, 'Missing view expression'); }
-
-  let view;
-  let share = req.body.shared;
-  let user = req.settingUser;
-  user.views = user.views || {};
-
-  if (share && user.views[req.body.name] === undefined) { return res.molochError(404, 'View not found'); }
-
-  Db.getUser('_moloch_shared', (err, sharedUser) => {
-    if (!sharedUser || !sharedUser.found) {
-      // the shared user has not been created yet so there is no chance of duplicate views
-      if (share) { // add the view to the shared user
-        return shareView(req, res, user, '/user/views/toggleShare', 'Shared view successfully', 'Sharing view failed');
-      }
-      // if it not already a shared view and it's trying to be unshared, something went wrong, can't do it
-      return res.molochError(404, 'Shared user not found. Cannot unshare a view without a shared user.');
-    }
-
-    sharedUser = sharedUser._source;
-    sharedUser.views = sharedUser.views || {};
-
-    if (share) { // if sharing, make sure the view doesn't already exist
-      if (sharedUser.views[req.body.name]) { // duplicate detected
-        return res.molochError(403, 'A shared view already exists with this name.');
-      }
-      return shareView(req, res, user, '/user/views/toggleShare', 'Shared view successfully', 'Sharing view failed');
-    } else {
-      // if unsharing, remove it from shared user and add it to current user
-      if (sharedUser.views[req.body.name] === undefined) { return res.molochError(404, 'View not found'); }
-      // only admins or the user that created the view can update the shared view
-      if (!user.createEnabled && sharedUser.views[req.body.name].user !== user.userId) {
-        return res.molochError(401, `Need admin privelages to unshare another user's shared view`);
-      }
-      // save the view for later to determine who the view belongs to
-      view = sharedUser.views[req.body.name];
-      // delete the shared view
-      delete sharedUser.views[req.body.name];
-      return unshareView(req, res, user, sharedUser, '/user/views/toggleShare', 'Unshared view successfully', 'Unsharing view failed');
-    }
-  });
-});
-
-// updates a user's specified view
-app.post('/user/views/update', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, sanitizeViewName], function (req, res) {
-  if (!req.body.name)       { return res.molochError(403, 'Missing view name'); }
-  if (!req.body.expression) { return res.molochError(403, 'Missing view expression'); }
-  if (!req.body.key)        { return res.molochError(403, 'Missing view key'); }
-
-  let user = req.settingUser;
-  user.views = user.views || {};
-
-  if (req.body.shared) {
-    Db.getUser('_moloch_shared', (err, sharedUser) => {
-      if (sharedUser && sharedUser.found) {
-        sharedUser = sharedUser._source;
-        sharedUser.views = sharedUser.views || {};
-        if (sharedUser.views[req.body.key] === undefined) { return res.molochError(404, 'View not found'); }
-        // only admins or the user that created the view can update the shared view
-        if (!user.createEnabled && sharedUser.views[req.body.name].user !== user.userId) {
-          return res.molochError(401, `Need admin privelages to update another user's shared view`);
-        }
-        sharedUser.views[req.body.name] = {
-          expression: req.body.expression,
-          user: user.userId,
-          shared: true,
-          sessionsColConfig: req.body.sessionsColConfig
-        };
-        // delete the old one if the key (view name) has changed
-        if (sharedUser.views[req.body.key] && req.body.name !== req.body.key) {
-          sharedUser.views[req.body.key] = null;
-          delete sharedUser.views[req.body.key];
-        }
-      }
-
-      Db.setUser('_moloch_shared', sharedUser, (err, info) => {
-        if (err) {
-          console.log('/user/views/delete failed', err, info);
-          return res.molochError(500, 'Update shared view failed');
-        }
-        return res.send(JSON.stringify({
-          success : true,
-          text    : 'Updated shared view successfully'
-        }));
-      });
-    });
-  } else {
-    if (user.views[req.body.name]) {
-      user.views[req.body.name].expression = req.body.expression;
-    } else { // the name has changed, so create a new entry
-      user.views[req.body.name] = {
-        expression: req.body.expression,
-        user: user.userId,
-        shared: false,
-        sessionsColConfig: req.body.sessionsColConfig
-      };
-    }
-
-    // delete the old one if the key (view name) has changed
-    if (user.views[req.body.key] && req.body.name !== req.body.key) {
-      user.views[req.body.key] = null;
-      delete user.views[req.body.key];
-    }
-
-    Db.setUser(user.userId, user, function(err, info) {
-      if (err) {
-        console.log('/user/views/update error', err, info);
-        return res.molochError(500, 'Updating view failed');
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Updated view successfully'
-      }));
-    });
-  }
-});
-
-// gets a user's cron queries
-app.get('/user/cron', [noCacheJson, getSettingUserCache], function(req, res) {
-  if (!req.settingUser) {return res.molochError(403, 'Unknown user');}
-
-  var user = req.settingUser;
-  if (user.settings === undefined) {user.settings = {};}
-  Db.search('queries', 'query', {size:1000, query: {term: {creator: user.userId}}}, function (err, data) {
-    if (err || data.error) {
-      console.log('/user/cron error', err || data.error);
-    }
-
-    let queries = {};
-
-    if (data && data.hits && data.hits.hits) {
-      user.queries = {};
-      data.hits.hits.forEach(function(item) {
-        queries[item._id] = item._source;
-      });
-    }
-
-    res.send(queries);
-  });
-});
-
-// creates a new cron query for a user
-app.post('/user/cron/create', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name)   { return res.molochError(403, 'Missing cron query name'); }
-  if (!req.body.query)  { return res.molochError(403, 'Missing cron query expression'); }
-  if (!req.body.action) { return res.molochError(403, 'Missing cron query action'); }
-  if (!req.body.tags)   { return res.molochError(403, 'Missing cron query tag(s)'); }
-
-  var document = {
-    doc: {
-      enabled : true,
-      name    : req.body.name,
-      query   : req.body.query,
-      tags    : req.body.tags,
-      action  : req.body.action,
-    }
-  };
-
-  if (req.body.notifier) {
-    document.doc.notifier = req.body.notifier;
-  }
-
-  var userId = req.settingUser.userId;
-
-  Db.getMinValue("sessions2-*", "timestamp", (err, minTimestamp) => {
-    if (err || minTimestamp === 0 || minTimestamp === null) {
-      minTimestamp = Math.floor(Date.now()/1000);
-    } else {
-      minTimestamp = Math.floor(minTimestamp/1000);
-    }
-
-    if (+req.body.since === -1) {
-      document.doc.lpValue =  document.doc.lastRun = minTimestamp;
-    } else {
-      document.doc.lpValue =  document.doc.lastRun =
-         Math.max(minTimestamp, Math.floor(Date.now()/1000) - 60*60*parseInt(req.body.since || '0', 10));
-    }
-    document.doc.count = 0;
-    document.doc.creator = userId || 'anonymous';
-
-    Db.indexNow('queries', 'query', null, document.doc, function(err, info) {
-      if (err) {
-        console.log('/user/cron/create error', err, info);
-        return res.molochError(500, 'Create cron query failed');
-      }
-      if (Config.get('cronQueries', false)) {
-        processCronQueries();
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Created cron query successfully',
-        key     : info._id
-      }));
-    });
-  });
-});
-
-// deletes a user's specified cron query
-app.post('/user/cron/delete', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, checkCronAccess], function(req, res) {
-  if (!req.body.key) { return res.molochError(403, 'Missing cron query key'); }
-
-  Db.deleteDocument('queries', 'query', req.body.key, {refresh: true}, function(err, sq) {
-    if (err) {
-      console.log('/user/cron/delete error', err, sq);
-      return res.molochError(500, 'Delete cron query failed');
-    }
-    res.send(JSON.stringify({
-      success : true,
-      text    : 'Deleted cron query successfully'
-    }));
-  });
-});
-
-// updates a user's specified cron query
-app.post('/user/cron/update', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb, checkCronAccess], function(req, res) {
-  if (!req.body.key)    { return res.molochError(403, 'Missing cron query key'); }
-  if (!req.body.name)   { return res.molochError(403, 'Missing cron query name'); }
-  if (!req.body.query)  { return res.molochError(403, 'Missing cron query expression'); }
-  if (!req.body.action) { return res.molochError(403, 'Missing cron query action'); }
-  if (!req.body.tags)   { return res.molochError(403, 'Missing cron query tag(s)'); }
-
-  var document = {
-    doc: {
-      enabled : req.body.enabled,
-      name    : req.body.name,
-      query   : req.body.query,
-      tags    : req.body.tags,
-      action  : req.body.action,
-      notifier: undefined
-    }
-  };
-
-  if (req.body.notifier) {
-    document.doc.notifier = req.body.notifier;
-  }
-
-  Db.get('queries', 'query', req.body.key, function(err, sq) {
-    if (err || !sq.found) {
-      console.log('/user/cron/update failed', err, sq);
-      return res.molochError(403, 'Unknown query');
-    }
-
-    Db.update('queries', 'query', req.body.key, document, {refresh: true}, function(err, data) {
-      if (err) {
-        console.log('/user/cron/update error', err, document, data);
-        return res.molochError(500, 'Cron query update failed');
-      }
-      if (Config.get('cronQueries', false)) {
-        processCronQueries();
-      }
-      return res.send(JSON.stringify({
-        success : true,
-        text    : 'Updated cron query successfully'
-      }));
-    });
-  });
-});
-
-// changes a user's password
-app.post('/user/password/change', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.newPassword || req.body.newPassword.length < 3) {
-    return res.molochError(403, 'New password needs to be at least 3 characters');
-  }
-
-  if (!req.user.createEnabled && (req.user.passStore !==
-     Config.pass2store(req.token.userId, req.body.currentPassword) ||
-     req.token.userId !== req.user.userId)) {
-    return res.molochError(403, 'Current password mismatch');
-  }
-
-  var user = req.settingUser;
-  user.passStore = Config.pass2store(user.userId, req.body.newPassword);
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/password/change error', err, info);
-      return res.molochError(500, 'Update failed');
-    }
-    return res.send(JSON.stringify({
-      success : true,
-      text    : 'Changed password successfully'
-    }));
-  });
-});
-
-function oldDB2newDB(x) {
-  if (!internals.oldDBFields[x]) {return x;}
-  return internals.oldDBFields[x].dbField2;
-}
-
-// gets custom column configurations for a user
-app.get('/user/columns', [noCacheJson, getSettingUserCache, checkPermissions(['webEnabled'])], (req, res) => {
-  if (!req.settingUser) {return res.send([]);}
-
-  // Fix for new names
-  if (req.settingUser.columnConfigs) {
-    for (var key in req.settingUser.columnConfigs) {
-      let item = req.settingUser.columnConfigs[key];
-      item.columns = item.columns.map(oldDB2newDB);
-      if (item.order && item.order.length > 0) {
-        item.order[0][0] = oldDB2newDB(item.order[0][0]);
-      }
-    }
-  }
-
-  return res.send(req.settingUser.columnConfigs || []);
-});
-
-// udpates custom column configurations for a user
-app.put('/user/columns/:name', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name)     { return res.molochError(403, 'Missing custom column configuration name'); }
-  if (!req.body.columns)  { return res.molochError(403, 'Missing columns'); }
-  if (!req.body.order)    { return res.molochError(403, 'Missing sort order'); }
-
-  let user = req.settingUser;
-  user.columnConfigs = user.columnConfigs || [];
-
-  // find the custom column configuration to update
-  let found = false;
-  for (let i = 0, ilen = user.columnConfigs.length; i < ilen; ++i) {
-    if (req.body.name === user.columnConfigs[i].name) {
-      found = true;
-      user.columnConfigs[i] = req.body;
-    }
-  }
-
-  if (!found) { return res.molochError(200, 'Custom column configuration not found'); }
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/columns udpate error', err, info);
-      return res.molochError(500, 'Update custom column configuration failed');
-    }
-    return res.send(JSON.stringify({
-      success   : true,
-      text      : 'Updated column configuration',
-      colConfig : req.body
-    }));
-  });
-});
-
-// creates a new custom column configuration for a user
-app.post('/user/columns/create', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name)     { return res.molochError(403, 'Missing custom column configuration name'); }
-  if (!req.body.columns)  { return res.molochError(403, 'Missing columns'); }
-  if (!req.body.order)    { return res.molochError(403, 'Missing sort order'); }
-
-  req.body.name = req.body.name.replace(/[^-a-zA-Z0-9\s_:]/g, '');
-  if (req.body.name.length < 1) {
-    return res.molochError(403, 'Invalid custom column configuration name');
-  }
-
-  var user = req.settingUser;
-  user.columnConfigs = user.columnConfigs || [];
-
-  // don't let user use duplicate names
-  for (let i = 0, ilen = user.columnConfigs.length; i < ilen; ++i) {
-    if (req.body.name === user.columnConfigs[i].name) {
-      return res.molochError(403, 'There is already a custom column with that name');
-    }
-  }
-
-  user.columnConfigs.push({
-    name    : req.body.name,
-    columns : req.body.columns,
-    order   : req.body.order
-  });
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/columns/create error', err, info);
-      return res.molochError(500, 'Create custom column configuration failed');
-    }
-    return res.send(JSON.stringify({
-      success : true,
-      text    : 'Created custom column configuration successfully',
-      name    : req.body.name
-    }));
-  });
-});
-
-// deletes a user's specified custom column configuration
-app.post('/user/columns/delete', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name) { return res.molochError(403, 'Missing custom column configuration name'); }
-
-  var user = req.settingUser;
-  user.columnConfigs = user.columnConfigs || [];
-
-  var found = false;
-  for (let i = 0, ilen = user.columnConfigs.length; i < ilen; ++i) {
-    if (req.body.name === user.columnConfigs[i].name) {
-      user.columnConfigs.splice(i, 1);
-      found = true;
-      break;
-    }
-  }
-
-  if (!found) { return res.molochError(200, "Column not found"); }
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/columns/delete failed', err, info);
-      return res.molochError(500, 'Delete custom column configuration failed');
-    }
-    return res.send(JSON.stringify({
-      success : true,
-      text    : 'Deleted custom column configuration successfully'
-    }));
-  });
-});
-
-// gets custom spiview fields configurations for a user
-app.get('/user/spiview/fields', [noCacheJson, getSettingUserCache, checkPermissions(['webEnabled'])], (req, res) => {
-  if (!req.settingUser) {return res.send([]);}
-
-  return res.send(req.settingUser.spiviewFieldConfigs || []);
-});
-
-// udpates custom spiview field configuration for a user
-app.put('/user/spiview/fields/:name', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name)   { return res.molochError(403, 'Missing custom spiview field configuration name'); }
-  if (!req.body.fields) { return res.molochError(403, 'Missing fields'); }
-
-  let user = req.settingUser;
-  user.spiviewFieldConfigs = user.spiviewFieldConfigs || [];
-
-  // find the custom spiview field configuration to update
-  let found = false;
-  for (let i = 0, ilen = user.spiviewFieldConfigs.length; i < ilen; ++i) {
-    if (req.body.name === user.spiviewFieldConfigs[i].name) {
-      found = true;
-      user.spiviewFieldConfigs[i] = req.body;
-    }
-  }
-
-  if (!found) { return res.molochError(200, 'Custom spiview field configuration not found'); }
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/spiview/fields udpate error', err, info);
-      return res.molochError(500, 'Update spiview field configuration failed');
-    }
-    return res.send(JSON.stringify({
-      success   : true,
-      text      : 'Updated spiview field configuration',
-      colConfig : req.body
-    }));
-  });
-});
-
-// creates a new custom spiview fields configuration for a user
-app.post('/user/spiview/fields/create', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name)   { return res.molochError(403, 'Missing custom spiview field configuration name'); }
-  if (!req.body.fields) { return res.molochError(403, 'Missing fields'); }
-
-  req.body.name = req.body.name.replace(/[^-a-zA-Z0-9\s_:]/g, '');
-
-  if (req.body.name.length < 1) {
-    return res.molochError(403, 'Invalid custom spiview fields configuration name');
-  }
-
-  var user = req.settingUser;
-  user.spiviewFieldConfigs = user.spiviewFieldConfigs || [];
-
-  // don't let user use duplicate names
-  for (let i = 0, ilen = user.spiviewFieldConfigs.length; i < ilen; ++i) {
-    if (req.body.name === user.spiviewFieldConfigs[i].name) {
-      return res.molochError(403, 'There is already a custom spiview fields configuration with that name');
-    }
-  }
-
-  user.spiviewFieldConfigs.push({
-    name  : req.body.name,
-    fields: req.body.fields
-  });
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/spiview/fields/create error', err, info);
-      return res.molochError(500, 'Create custom spiview fields configuration failed');
-    }
-    return res.send(JSON.stringify({
-      success : true,
-      text    : 'Created custom spiview fields configuration successfully',
-      name    : req.body.name
-    }));
-  });
-});
-
-// deletes a user's specified custom spiview fields configuration
-app.post('/user/spiview/fields/delete', [noCacheJson, checkCookieToken, logAction(), getSettingUserDb], function(req, res) {
-  if (!req.body.name) { return res.molochError(403, 'Missing custom spiview fields configuration name'); }
-
-  var user = req.settingUser;
-  user.spiviewFieldConfigs = user.spiviewFieldConfigs || [];
-
-  var found = false;
-  for (let i = 0, ilen = user.spiviewFieldConfigs.length; i < ilen; ++i) {
-    if (req.body.name === user.spiviewFieldConfigs[i].name) {
-      user.spiviewFieldConfigs.splice(i, 1);
-      found = true;
-      break;
-    }
-  }
-
-  if (!found) { return res.molochError(200, "Spiview fields not found"); }
-
-  Db.setUser(user.userId, user, function(err, info) {
-    if (err) {
-      console.log('/user/spiview/fields/delete failed', err, info);
-      return res.molochError(500, 'Delete custom spiview fields configuration failed');
-    }
-    return res.send(JSON.stringify({
-      success : true,
-      text    : 'Deleted custom spiview fields configuration successfully'
-    }));
-  });
-});
-
-
-app.get('/decodings', [noCacheJson], function(req, res) {
-  var decodeItems = decode.settings();
-  res.send(JSON.stringify(decodeItems));
-});
-
-
-//////////////////////////////////////////////////////////////////////////////////
-//// EXPIRING
-//////////////////////////////////////////////////////////////////////////////////
-// Search for all files on a set of nodes in a set of directories.
-// If less then size items are returned we don't delete anything.
-// Doesn't support mounting sub directories in main directory, don't do it.
-function expireDevice (nodes, dirs, minFreeSpaceG, nextCb) {
-  var query = { _source: [ 'num', 'name', 'first', 'size', 'node' ],
-                  from: '0',
-                  size: 200,
-                 query: { bool: {
-                    must: [
-                          {terms: {node: nodes}},
-                          { bool: {should: []}}
-                        ],
-                    must_not: { term: {locked: 1}}
-                }},
-                sort: { first: { order: 'asc' } } };
-
-  Object.keys(dirs).forEach( function (pcapDir) {
-    var obj = {wildcard: {}};
-    if (pcapDir[pcapDir.length - 1] === "/") {
-      obj.wildcard.name = pcapDir + "*";
-    } else {
-      obj.wildcard.name = pcapDir + "/*";
-    }
-    query.query.bool.must[1].bool.should.push(obj);
-  });
-
-  // Keep at least 10 files
-  Db.search('files', 'file', query, function(err, data) {
-      if (err || data.error || !data.hits || data.hits.total <= 10) {
-        return nextCb();
-      }
-      async.forEachSeries(data.hits.hits, function(item, forNextCb) {
-        if (data.hits.total <= 10) {
-          return forNextCb("DONE");
-        }
-
-        var fields = item._source || item.fields;
-
-        var freeG;
-        try {
-          var stat = fs.statVFS(fields.name);
-          freeG = stat.f_frsize/1024.0*stat.f_bavail/(1024.0*1024.0);
-        } catch (e) {
-          console.log("ERROR", e);
-          // File doesn't exist, delete it
-          freeG = minFreeSpaceG - 1;
-        }
-        if (freeG < minFreeSpaceG) {
-          data.hits.total--;
-          console.log("Deleting", item);
-          return Db.deleteFile(fields.node, item._id, fields.name, forNextCb);
-        } else {
-          return forNextCb("DONE");
-        }
-      }, function () {
-        return nextCb();
-      });
-  });
-}
-
-function expireCheckDevice (nodes, stat, nextCb) {
-  var doit = false;
-  var minFreeSpaceG = 0;
-  async.forEach(nodes, function(node, cb) {
-    var freeSpaceG = Config.getFull(node, "freeSpaceG", "5%");
-    if (freeSpaceG[freeSpaceG.length-1] === "%") {
-      freeSpaceG = (+freeSpaceG.substr(0,freeSpaceG.length-1)) * 0.01 * stat.f_frsize/1024.0*stat.f_blocks/(1024.0*1024.0);
-    }
-    var freeG = stat.f_frsize/1024.0*stat.f_bavail/(1024.0*1024.0);
-    if (freeG < freeSpaceG) {
-      doit = true;
-    }
-
-    if (freeSpaceG > minFreeSpaceG) {
-      minFreeSpaceG = freeSpaceG;
-    }
-
-    cb();
-  }, function () {
-    if (doit) {
-      expireDevice(nodes, stat.dirs, minFreeSpaceG, nextCb);
-    } else {
-      return nextCb();
-    }
-  });
-}
-
-function expireCheckAll () {
-  var devToStat = {};
-  // Find all the nodes running on this host
-  Db.hostnameToNodeids(Config.hostName(), function(nodes) {
-    // Current node name should always be checked too
-    if (!nodes.includes(Config.nodeName())) {
-      nodes.push(Config.nodeName());
-    }
-
-    // Find all the pcap dirs for local nodes
-    async.map(nodes, function (node, cb) {
-      var pcapDirs = Config.getFull(node, "pcapDir");
-      if (typeof pcapDirs !== "string") {
-        return cb("ERROR - couldn't find pcapDir setting for node: " + node + "\nIf you have it set try running:\nnpm remove iniparser; npm cache clean; npm update iniparser");
-      }
-      // Create a mapping from device id to stat information and all directories on that device
-      pcapDirs.split(";").forEach(function (pcapDir) {
-        if (!pcapDir) {
-          return; // Skip empty elements.  Prevents errors when pcapDir has a trailing or double ;
-        }
-        pcapDir = pcapDir.trim();
-        var fileStat = fs.statSync(pcapDir);
-        var vfsStat = fs.statVFS(pcapDir);
-        if (!devToStat[fileStat.dev]) {
-          vfsStat.dirs = {};
-          vfsStat.dirs[pcapDir] = {};
-          devToStat[fileStat.dev] = vfsStat;
-        } else {
-          devToStat[fileStat.dev].dirs[pcapDir] = {};
-        }
-      });
-      cb(null);
-    },
-    function (err) {
-      // Now gow through all the local devices and check them
-      var keys = Object.keys(devToStat);
-      async.forEachSeries(keys, function (key, cb) {
-        expireCheckDevice(nodes, devToStat[key], cb);
-      }, function (err) {
-      });
-    });
-  });
-}
-//////////////////////////////////////////////////////////////////////////////////
-//// Sessions Query
-//////////////////////////////////////////////////////////////////////////////////
-function addSortToQuery(query, info, d) {
-
-  function addSortDefault() {
-    if (d) {
-      if (!query.sort) {
-        query.sort = [];
-      }
-      var obj = {};
-      obj[d] = {order: "asc"};
-      obj[d].missing = '_last';
-      query.sort.push(obj);
-    }
-  }
-
-  if (!info) {
-    addSortDefault();
-    return;
-  }
-
-  // New Method
-  if (info.order) {
-    if (info.order.length === 0) {
-      addSortDefault();
-      return;
-    }
-
-    if (!query.sort) {
-      query.sort = [];
-    }
-
-    info.order.split(",").forEach(function(item) {
-      var parts = item.split(":");
-      var field = parts[0];
-
-      var obj = {};
-      if (field === "firstPacket") {
-        obj.firstPacket = {order: parts[1]};
-      } else if (field === "lastPacket") {
-        obj.lastPacket = {order: parts[1]};
-      } else {
-        obj[field] = {order: parts[1]};
-      }
-
-      obj[field].unmapped_type = "string";
-      var fieldInfo  = Config.getDBFieldsMap()[field];
-      if (fieldInfo) {
-        if (fieldInfo.type === "ip") {
-          obj[field].unmapped_type = "ip";
-        } else if (fieldInfo.type === "integer") {
-          obj[field].unmapped_type = "long";
-        }
-      }
-      obj[field].missing = (parts[1] === 'asc'?'_last':'_first');
-      query.sort.push(obj);
-    });
-    return;
-  }
-
-  // Old Method
-  if (!info.iSortingCols || parseInt(info.iSortingCols, 10) === 0) {
-    addSortDefault();
-    return;
-  }
-
-  if (!query.sort) {
-    query.sort = [];
-  }
-
-  for (let i = 0, ilen = parseInt(info.iSortingCols, 10); i < ilen; i++) {
-    if (!info["iSortCol_" + i] || !info["sSortDir_" + i] || !info["mDataProp_" + info["iSortCol_" + i]]) {
-      continue;
-    }
-
-    var obj = {};
-    var field = info["mDataProp_" + info["iSortCol_" + i]];
-    obj[field] = {order: info["sSortDir_" + i]};
-    query.sort.push(obj);
-
-    if (field === "firstPacket") {
-      query.sort.push({firstPacket: {order: info["sSortDir_" + i]}});
-    } else if (field === "lastPacket") {
-      query.sort.push({lastPacket: {order: info["sSortDir_" + i]}});
-    }
-  }
-}
-
-/* This method fixes up parts of the query that jison builds to what ES actually
- * understands.  This includes mapping all the tag fields from strings to numbers
- * and any of the filename stuff
- */
-function lookupQueryItems(query, doneCb) {
-  if (Config.get("multiES", false)) {
-    return doneCb(null);
-  }
-
-  var outstanding = 0;
-  var finished = 0;
-  var err = null;
-
-  //jshint latedef: nofunc
-  function process(parent, obj, item) {
-    // console.log("\nprocess:\n", item, obj, typeof obj[item], "\n");
-    if (item === "fileand" && typeof obj[item] === "string") {
-      var name = obj.fileand;
-      delete obj.fileand;
-      outstanding++;
-      Db.fileNameToFiles(name, function (files) {
-        outstanding--;
-        if (files === null || files.length === 0) {
-          err = "File '" + name + "' not found";
-        } else if (files.length > 1) {
-          obj.bool = {should: []};
-          files.forEach(function(file) {
-            obj.bool.should.push({bool: {must: [{term: {node: file.node}}, {term: {fileId: file.num}}]}});
-          });
-        } else {
-          obj.bool = {must: [{term: {node: files[0].node}}, {term: {fileId: files[0].num}}]};
-        }
-        if (finished && outstanding === 0) {
-          doneCb(err);
-        }
-      });
-    } else if (item === 'field' && obj.field === 'fileand') {
-      obj.field = 'fileId';
-    } else if (typeof obj[item] === "object") {
-      convert(obj, obj[item]);
-    }
-  }
-
-  function convert(parent, obj) {
-    for (var item in obj) {
-      process(parent, obj, item);
-    }
-  }
-
-  convert(null, query);
-  if (outstanding === 0) {
-    return doneCb(err);
-  }
-
-  finished = 1;
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-//// determineQueryTimes(req)
-////
-//// Returns [startTimeSec, stopTimeSec, interval] using values from req.query.date,
-////   req.query.startTime, req.query.stopTime, req.query.interval, and
-////   req.query.segments.
-////
-//// This code was factored out from buildSessionQuery.
-//////////////////////////////////////////////////////////////////////////////////
-function determineQueryTimes (req) {
-  let startTimeSec = undefined;
-  let stopTimeSec = undefined;
-  let interval = 60*60;
-
-  if (Config.debug) {
-    console.log("determineQueryTimes", "req.query.date", req.query.date,
-                "req.query.segments", req.query.segments,
-                "req.query.startTime", req.query.startTime,
-                "req.query.stopTime", req.query.stopTime)
-  }
-
-  if ((req.query.date && req.query.date === '-1') ||
-      (req.query.segments && req.query.segments === "all")) {
-    interval = 60*60; // Hour to be safe
-
-  } else if ((req.query.startTime !== undefined) && (req.query.stopTime !== undefined)) {
-    if (! /^[0-9]+$/.test(req.query.startTime)) {
-      startTimeSec = Date.parse(req.query.startTime.replace('+', ' ')) / 1000;
-    } else {
-      startTimeSec = parseInt(req.query.startTime, 10);
-    }
-
-    if (! /^[0-9]+$/.test(req.query.stopTime)) {
-      stopTimeSec = Date.parse(req.query.stopTime.replace('+', ' ')) / 1000;
-    } else {
-      stopTimeSec = parseInt(req.query.stopTime, 10);
-    }
-
-    var diff = req.query.stopTime - req.query.startTime;
-    if (diff < 30*60) {
-      interval = 1; // second
-    } else if (diff <= 5*24*60*60) {
-      interval = 60; // minute
-    } else {
-      interval = 60*60; // hour
-    }
-
-  } else {
-    let queryDate = req.query.date || 1;
-    startTimeSec = (Math.floor(Date.now() / 1000) - 60*60*parseInt(queryDate, 10));
-    stopTimeSec = Date.now()/1000;
-
-    if (queryDate <= 5*24) {
-      interval = 60; // minute
-    } else {
-      interval = 60 * 60; // hour
-    }
-  }
-
-  switch (req.query.interval) {
-    case 'second':
-      interval = 1;
-      break;
-    case 'minute':
-      interval = 60;
-      break;
-    case 'hour':
-      interval = 60 * 60;
-      break;
-    case 'day':
-      interval = 60 * 60 * 24;
-      break;
-    case 'week':
-      interval = 60 * 60 * 24 * 7;
-      break;
-  }
-
-  if (Config.debug) {
-    console.log("determineQueryTimes", "startTimeSec", startTimeSec, "stopTimeSec", stopTimeSec, "interval", interval)
-  }
-
-  return [startTimeSec, stopTimeSec, interval];
-}
-
-function buildSessionQuery (req, buildCb) {
-  // validate time limit is not exceeded
-  let timeLimitExceeded = false;
-  var interval;
-
-  // determineQueryTimes calculates startTime, stopTime, and interval from req.query
-  let startAndStopParams = determineQueryTimes(req);
-  if (startAndStopParams[0] !== undefined) req.query.startTime = startAndStopParams[0];
-  if (startAndStopParams[1] !== undefined) req.query.stopTime = startAndStopParams[1];
-  interval = startAndStopParams[2];
-
-  if (parseInt(req.query.date) > parseInt(req.user.timeLimit) ||
-    (req.query.date === '-1') && req.user.timeLimit) {
-    timeLimitExceeded = true;
-
-  } else if ((req.query.startTime) && (req.query.stopTime) && (req.user.timeLimit) &&
-             ((req.query.stopTime - req.query.startTime) / 3600 > req.user.timeLimit)) {
-      timeLimitExceeded = true;
-  }
-
-  if (timeLimitExceeded) {
-    console.log(`${req.user.userName} trying to exceed time limit: ${req.user.timeLimit} hours`);
-    return buildCb(`User time limit (${req.user.timeLimit} hours) exceeded`, {});
-  }
-
-  var limit = Math.min(2000000, +req.query.length || +req.query.iDisplayLength || 100);
-
-  var query = {from: req.query.start || req.query.iDisplayStart || 0,
-               size: limit,
-               timeout: internals.esQueryTimeout,
-               query: {bool: {filter: []}}
-              };
-
-  if (query.from === 0) {
-    delete query.from;
-  }
-
-  if (req.query.strictly === "true") {
-    req.query.bounding = "both";
-  }
-
-  if ((req.query.date && req.query.date === '-1') ||
-      (req.query.segments && req.query.segments === "all")) {
-    // interval is already assigned above from result of determineQueryTimes
-
-  } else if (req.query.startTime !== undefined && req.query.stopTime) {
-    switch (req.query.bounding) {
-    case "first":
-      query.query.bool.filter.push({range: {firstPacket: {gte: req.query.startTime*1000, lte: req.query.stopTime*1000}}});
-      break;
-    default:
-    case "last":
-      query.query.bool.filter.push({range: {lastPacket: {gte: req.query.startTime*1000, lte: req.query.stopTime*1000}}});
-      break;
-    case "both":
-      query.query.bool.filter.push({range: {firstPacket: {gte: req.query.startTime*1000}}});
-      query.query.bool.filter.push({range: {lastPacket: {lte: req.query.stopTime*1000}}});
-      break;
-    case "either":
-      query.query.bool.filter.push({range: {firstPacket: {lte: req.query.stopTime*1000}}});
-      query.query.bool.filter.push({range: {lastPacket: {gte: req.query.startTime*1000}}});
-      break;
-    case "database":
-      query.query.bool.filter.push({range: {timestamp: {gte: req.query.startTime*1000, lte: req.query.stopTime*1000}}});
-      break;
-    }
-
-  } else {
-    switch (req.query.bounding) {
-    case "first":
-      query.query.bool.filter.push({range: {firstPacket: {gte: req.query.startTime*1000}}});
-      break;
-    default:
-    case "both":
-    case "last":
-      query.query.bool.filter.push({range: {lastPacket: {gte: req.query.startTime*1000}}});
-      break;
-    case "either":
-      query.query.bool.filter.push({range: {firstPacket: {lte: req.query.stopTime*1000}}});
-      query.query.bool.filter.push({range: {lastPacket: {gte: req.query.startTime*1000}}});
-      break;
-    case "database":
-      query.query.bool.filter.push({range: {timestamp: {gte: req.query.startTime*1000}}});
-      break;
-    }
-  }
-
-  if (req.query.facets) {
-    query.aggregations = {};
-    // only add map aggregations if requested
-    if (req.query.map === 'true') {
-      query.aggregations = {
-        mapG1: { terms: { field: 'srcGEO', size: 1000, min_doc_count: 1} },
-        mapG2: { terms: { field: 'dstGEO', size: 1000, min_doc_count: 1} },
-        mapG3: { terms: { field: 'http.xffGEO', size: 1000, min_doc_count: 1} }
-      };
-    }
-    query.aggregations.dbHisto = {
-      aggregations: {
-        srcDataBytes: { sum: { field: 'srcDataBytes' } },
-        dstDataBytes: { sum: { field: 'dstDataBytes' } },
-        srcBytes: { sum: { field: 'srcBytes' } },
-        dstBytes: { sum: { field: 'dstBytes' } },
-        srcPackets: { sum: { field: 'srcPackets' } },
-        dstPackets: { sum: { field: 'dstPackets' } }
-      }
-    };
-
-    switch (req.query.bounding) {
-    case 'first':
-       query.aggregations.dbHisto.histogram = { field:'firstPacket', interval:interval*1000, min_doc_count:1 };
-      break;
-    case 'database':
-      query.aggregations.dbHisto.histogram = { field:'timestamp', interval:interval*1000, min_doc_count:1 };
-      break;
-    default:
-      query.aggregations.dbHisto.histogram = { field:'lastPacket', interval:interval*1000, min_doc_count:1 };
-      break;
-    }
-  }
-
-  addSortToQuery(query, req.query, 'firstPacket');
-
-  let err = null;
-
-  molochparser.parser.yy = {
-    views: req.user.views,
-    fieldsMap: Config.getFieldsMap(),
-    prefix: internals.prefix,
-    emailSearch: req.user.emailSearch === true,
-    lookups: req.lookups,
-    lookupTypeMap: internals.lookupTypeMap
-  };
-
-  if (req.query.expression) {
-    //req.query.expression = req.query.expression.replace(/\\/g, "\\\\");
-    try {
-      query.query.bool.filter.push(molochparser.parse(req.query.expression));
-    } catch (e) {
-      err = e;
-    }
-  }
-
-  if (!err && req.query.view) {
-    addViewToQuery(req, query, continueBuildQuery, buildCb);
-  } else {
-    continueBuildQuery(req, query, err, buildCb);
-  }
-}
-
-function addViewToQuery(req, query, continueBuildQueryCb, finalCb) {
-  let err;
-  let viewExpression;
-  if (req.user.views && req.user.views[req.query.view]) { // it's a user's view
-    try {
-      viewExpression = molochparser.parse(req.user.views[req.query.view].expression);
-      query.query.bool.filter.push(viewExpression);
-    } catch (e) {
-      console.log(`ERROR - User expression (${req.query.view}) doesn't compile -`, e);
-      err = e;
-    }
-    continueBuildQueryCb(req, query, err, finalCb);
-  } else { // it's a shared view
-    Db.getUser('_moloch_shared', (err, sharedUser) => {
-      if (sharedUser && sharedUser.found) {
-        sharedUser = sharedUser._source;
-        sharedUser.views = sharedUser.views || {};
-        for (let viewName in sharedUser.views) {
-          if (viewName === req.query.view) {
-            viewExpression = sharedUser.views[viewName].expression;
-            break;
-          }
-        }
-        if (sharedUser.views[req.query.view]) {
-          try {
-            viewExpression = molochparser.parse(sharedUser.views[req.query.view].expression);
-            query.query.bool.filter.push(viewExpression);
-          } catch (e) {
-            console.log(`ERROR - Shared user expression (${req.query.view}) doesn't compile -`, e);
-            err = e;
-          }
-        }
-        continueBuildQueryCb(req, query, err, finalCb);
-      }
-    });
-  }
-}
-
-function continueBuildQuery(req, query, err, finalCb) {
-  if (!err && req.user.expression && req.user.expression.length > 0) {
-    try {
-      // Expression was set by admin, so assume email search ok
-      molochparser.parser.yy.emailSearch = true;
-      var userExpression = molochparser.parse(req.user.expression);
-      query.query.bool.filter.push(userExpression);
-    } catch (e) {
-      console.log(`ERROR - Forced expression (${req.user.expression}) doesn't compile -`, e);
-      err = e;
-    }
-  }
-
-  lookupQueryItems(query.query.bool.filter, function (lerr) {
-    if (req.query.date === '-1' ||                                      // An all query
-        Config.get("queryAllIndices", Config.get("multiES", false))) {  // queryAllIndices (default: multiES)
-      return finalCb(err || lerr, query, "sessions2-*"); // Then we just go against all indices for a slight overhead
-    }
-
-    Db.getIndices(req.query.startTime, req.query.stopTime, req.query.bounding, Config.get("rotateIndex", "daily"), function(indices) {
-      if (indices.length > 3000) { // Will url be too long
-        return finalCb(err || lerr, query, "sessions2-*");
-      } else {
-        return finalCb(err || lerr, query, indices);
-      }
-    });
-  });
-}
-//////////////////////////////////////////////////////////////////////////////////
-//// Sessions List
-//////////////////////////////////////////////////////////////////////////////////
-function sessionsListAddSegments(req, indices, query, list, cb) {
-  var processedRo = {};
-
-  // Index all the ids we have, so we don't include them again
-  var haveIds = {};
-  list.forEach(function(item) {
-    haveIds[item._id] = true;
-  });
-
-  delete query.aggregations;
-
-  // Do a ro search on each item
-  var writes = 0;
-  async.eachLimit(list, 10, function(item, nextCb) {
-    var fields = item._source || item.fields;
-    if (!fields.rootId || processedRo[fields.rootId]) {
-      if (writes++ > 100) {
-        writes = 0;
-        setImmediate(nextCb);
-      } else {
-        nextCb();
-      }
-      return;
-    }
-    processedRo[fields.rootId] = true;
-
-    query.query.bool.filter.push({term: {rootId: fields.rootId}});
-    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
-      if (err || result === undefined || result.hits === undefined || result.hits.hits === undefined) {
-        console.log("ERROR fetching matching sessions", err, result);
-        return nextCb(null);
-      }
-      result.hits.hits.forEach(function(item) {
-        if (!haveIds[item._id]) {
-          haveIds[item._id] = true;
-          list.push(item);
-        }
-      });
-      return nextCb(null);
-    });
-    query.query.bool.filter.pop();
-
-  }, function (err) {
-    cb(err, list);
-  });
-}
-
-function sessionsListFromQuery(req, res, fields, cb) {
-  if (req.query.segments && req.query.segments.match(/^(time|all)$/) && fields.indexOf("rootId") === -1) {
-    fields.push("rootId");
-  }
-
-  buildSessionQuery(req, function(err, query, indices) {
-    if (err) {
-      return res.send("Could not build query.  Err: " + err);
-    }
-    query._source = fields;
-    if (Config.debug) {
-      console.log("sessionsListFromQuery query", JSON.stringify(query, null, 1));
-    }
-    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
-      if (err || result.error) {
-          console.log("ERROR - Could not fetch list of sessions.  Err: ", err,  " Result: ", result, "query:", query);
-          return res.send("Could not fetch list of sessions.  Err: " + err + " Result: " + result);
-      }
-      var list = result.hits.hits;
-      if (req.query.segments && req.query.segments.match(/^(time|all)$/)) {
-        sessionsListAddSegments(req, indices, query, list, function(err, list) {
-          cb(err, list);
-        });
-      } else {
-        cb(err, list);
-      }
-    });
-  });
-}
-
-function sessionsListFromIds(req, ids, fields, cb) {
-  var processSegments = false;
-  if (req && ((req.query.segments && req.query.segments.match(/^(time|all)$/)) || (req.body.segments && req.body.segments.match(/^(time|all)$/)))) {
-    if (fields.indexOf("rootId") === -1) { fields.push("rootId"); }
-    processSegments = true;
-  }
-
-  let list = [];
-  let nonArrayFields = ["ipProtocol", "firstPacket", "lastPacket", "srcIp", "srcPort", "srcGEO", "dstIp", "dstPort", "dstGEO", "totBytes", "totDataBytes", "totPackets", "node", "rootId", "http.xffGEO"];
-  let fixFields = nonArrayFields.filter(function(x) {return fields.indexOf(x) !== -1;});
-
-  async.eachLimit(ids, 10, function(id, nextCb) {
-    Db.getWithOptions(Db.sid2Index(id), 'session', Db.sid2Id(id), {_source: fields.join(",")}, function(err, session) {
-      if (err) {
-        return nextCb(null);
-      }
-
-      for (let i = 0; i < fixFields.length; i++) {
-        var field = fixFields[i];
-        if (session._source[field] && Array.isArray(session._source[field])) {
-          session._source[field] = session._source[field][0];
-        }
-      }
-
-      list.push(session);
-      nextCb(null);
-    });
-  }, function(err) {
-    if (processSegments) {
-      buildSessionQuery(req, function(err, query, indices) {
-        query._source = fields;
-        sessionsListAddSegments(req, indices, query, list, function(err, list) {
-          cb(err, list);
-        });
-      });
-    } else {
-      cb(err, list);
-    }
-  });
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-//// APIs
-//////////////////////////////////////////////////////////////////////////////////
-app.get('/history/list', [noCacheJson, recordResponseTime, setCookie], (req, res) => {
-  let userId;
-  if (req.user.createEnabled) { // user is an admin, they can view all logs
-    // if the admin has requested a specific user
-    if (req.query.userId) { userId = req.query.userId; }
-  } else { // user isn't an admin, so they can only view their own logs
-    if (req.query.userId && req.query.userId !== req.user.userId) { return res.molochError(403, 'Need admin privileges'); }
-    userId = req.user.userId;
-  }
-
-  let query = {
-    sort: {},
-    from: +req.query.start  || 0,
-    size: +req.query.length || 1000
-  };
-
-  query.sort[req.query.sortField || 'timestamp'] = { order: req.query.desc === 'true' ? 'desc': 'asc'};
-
-  if (req.query.searchTerm || userId) {
-    query.query = { bool: { must: [] } };
-
-    if (req.query.searchTerm) { // apply search term
-      query.query.bool.must.push({
-        query_string: {
-          query : req.query.searchTerm,
-          fields: ['expression','userId','api','view.name','view.expression']
-        }
-      });
-    }
-
-    if (userId) { // filter on userId
-      query.query.bool.must.push({
-        wildcard: { userId: '*' + userId + '*' }
-      });
-    }
-  }
-
-  if (req.query.api) { // filter on api endpoint
-    if (!query.query) { query.query = { bool: { must: [] } }; }
-    query.query.bool.must.push({
-      wildcard: { api: '*' + req.query.api + '*' }
-    });
-  }
-
-  if (req.query.exists) {
-    if (!query.query) { query.query = { bool: { must: [] } }; }
-    let existsArr = req.query.exists.split(',');
-    for (let i = 0, len = existsArr.length; i < len; ++i) {
-      query.query.bool.must.push({
-        exists: { field:existsArr[i] }
-      });
-    }
-  }
-
-  // filter history table by a time range
-  if (req.query.startTime && req.query.stopTime) {
-    if (! /^[0-9]+$/.test(req.query.startTime)) {
-      req.query.startTime = Date.parse(req.query.startTime.replace("+", " "))/1000;
-    } else {
-      req.query.startTime = parseInt(req.query.startTime, 10);
-    }
-
-    if (! /^[0-9]+$/.test(req.query.stopTime)) {
-      req.query.stopTime = Date.parse(req.query.stopTime.replace("+", " "))/1000;
-    } else {
-      req.query.stopTime = parseInt(req.query.stopTime, 10);
-    }
-
-    if (!query.query) { query.query = { bool: {} }; }
-    query.query.bool.filter = [{
-      range: { timestamp: {
-        gte: req.query.startTime,
-        lte: req.query.stopTime
-      } }
-    }];
-  }
-
-  Promise.all([Db.searchHistory(query),
-               Db.numberOfLogs()
-              ])
-  .then(([logs, total]) => {
-    if (logs.error) { throw logs.error; }
-
-    let results = { total:logs.hits.total, results:[] };
-    for (let i = 0, ilen = logs.hits.hits.length; i < ilen; i++) {
-      let hit = logs.hits.hits[i];
-      let log = hit._source;
-      log.id = hit._id;
-      log.index = hit._index;
-      if (!req.user.createEnabled) {
-        // remove forced expression for reqs made by nonadmin users
-        log.forcedExpression = undefined;
-      }
-      results.results.push(log);
-    }
-    let r = {
-      recordsTotal: total.count,
-      recordsFiltered: results.total,
-      data: results.results
-    };
-    res.send(r);
-  }).catch(err => {
-    console.log('ERROR - /history/logs', err);
-    return res.molochError(500, 'Error retrieving log history - ' + err);
-  });
-});
-
-app.delete('/history/list/:id', [noCacheJson, checkCookieToken, checkPermissions(['createEnabled', 'removeEnabled'])], (req, res) => {
-  if (!req.query.index) { return res.molochError(403, 'Missing history index'); }
-
-  Db.deleteHistoryItem(req.params.id, req.query.index, function(err, result) {
-    if (err || result.error) {
-      console.log('ERROR - deleting history item', err || result.error);
-      return res.molochError(500, 'Error deleting history item');
-    } else {
-      res.send(JSON.stringify({success: true, text: 'Deleted history item successfully'}));
-    }
-  });
-});
-
-
-app.get('/fields', function(req, res) {
-  if (!app.locals.fieldsMap) {
-    res.status(404);
-    res.send('Cannot locate fields');
-  }
-
-  if (req.query && req.query.array) {
-    res.send(app.locals.fieldsArr);
-  } else {
-    res.send(app.locals.fieldsMap);
-  }
-});
-
-app.get('/file/list', [noCacheJson, recordResponseTime, logAction('files'), checkPermissions(['hideFiles']), setCookie], (req, res) => {
-  var columns = ["num", "node", "name", "locked", "first", "filesize"];
-
-  var query = {_source: columns,
-               from: +req.query.start || 0,
-               size: +req.query.length || 10,
-               sort: {}
-              };
-
-  query.sort[req.query.sortField || "num"] = { order: req.query.desc === "true" ? "desc": "asc"};
-
-  if (req.query.filter) {
-    query.query = {wildcard: {name: "*" + req.query.filter + "*"}};
-  }
-
-  Promise.all([Db.search('files', 'file', query),
-               Db.numberOfDocuments('files')
-              ])
-  .then(([files, total]) => {
-    if (files.error) {throw files.error;}
-
-    var results = {total: files.hits.total, results: []};
-    for (let i = 0, ilen = files.hits.hits.length; i < ilen; i++) {
-      var fields = files.hits.hits[i]._source || files.hits.hits[i].fields;
-      if (fields.locked === undefined) {
-        fields.locked = 0;
-      }
-      fields.id = files.hits.hits[i]._id;
-      results.results.push(fields);
-    }
-
-    var r = {recordsTotal: total.count,
-             recordsFiltered: results.total,
-             data: results.results};
-    res.logCounts(r.data.length, r.recordsFiltered, r.total);
-    res.send(r);
-
-  }).catch((err) => {
-    console.log("ERROR - /file/list", err);
-    return res.send({recordsTotal: 0, recordsFiltered: 0, data: []});
-  });
-});
-
-app.get('/titleconfig', checkPermissions(['webEnabled']), (req, res) => {
-  var titleConfig = Config.get('titleTemplate', '_cluster_ - _page_ _-view_ _-expression_');
-
-  titleConfig = titleConfig.replace(/_cluster_/g, internals.clusterName)
-    .replace(/_userId_/g, req.user?req.user.userId:"-")
-    .replace(/_userName_/g, req.user?req.user.userName:"-");
-
-  res.send(titleConfig);
-});
-
-app.get('/molochRightClick', [noCacheJson, checkPermissions(['webEnabled'])], (req, res) => {
-  if(!app.locals.molochRightClick) {
-    res.status(404);
-    res.send('Cannot locate right clicks');
-  }
-  res.send(app.locals.molochRightClick);
-});
-
-// No auth necessary for eshealth.json
-app.get('/eshealth.json', [noCacheJson], (req, res) => {
-  Db.healthCache(function(err, health) {
-    res.send(health);
-  });
-});
-
-app.get('/esindices/list', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
-  async.parallel({
-    indices: Db.indicesCache,
-    indicesSettings: Db.indicesSettingsCache
-  }, function (err, results) {
-    if (err) {
-      console.log ('ERROR -  /esindices/list', err);
-      return res.send({
-        recordsTotal: 0,
-        recordsFiltered: 0,
-        data: []
-      });
-    }
-
-    const indices = results.indices;
-    const indicesSettings = results.indicesSettings;
-
-    let findices = [];
-
-    // filtering
-    if (req.query.filter !== undefined) {
-      try {
-        const regex = new RE2(req.query.filter);
-        for (const index of indices) {
-          if (!index.index.match(regex)) { continue; }
-          findices.push(index);
-        }
-      } catch (e) {
-        return res.molochError(500, `Regex Error: ${e}`);
-      }
-    } else {
-      findices = indices;
-    }
-
-    // Add more fields from indicesSettings
-    for (const index of findices) {
-      if (!indicesSettings[index.index]) { continue; }
-
-      if (indicesSettings[index.index].settings['index.routing.allocation.require.molochtype']) {
-        index.molochtype = indicesSettings[index.index].settings['index.routing.allocation.require.molochtype'];
-      }
-
-      if (indicesSettings[index.index].settings['index.routing.allocation.total_shards_per_node']) {
-        index.shardsPerNode = indicesSettings[index.index].settings['index.routing.allocation.total_shards_per_node'];
-      }
-
-      index.creationDate = parseInt(indicesSettings[index.index].settings['index.creation_date']);
-      index.versionCreated = parseInt(indicesSettings[index.index].settings['index.version.created']);
-    }
-
-    // sorting
-    const sortField = req.query.sortField || 'index';
-    if (sortField === 'index' || sortField === 'status' || sortField === 'health') {
-      if (req.query.desc === 'true') {
-        findices = findices.sort(function (a, b) { return b[sortField].localeCompare(a[sortField]); });
-      } else {
-        findices = findices.sort(function (a, b) { return a[sortField].localeCompare(b[sortField]); });
-      }
-    } else {
-      if (req.query.desc === 'true') {
-        findices = findices.sort(function (a,b) { return b[sortField] - a[sortField]; });
-      } else {
-        findices = findices.sort(function (a,b) { return a[sortField] - b[sortField]; });
-      }
-    }
-
-    // send result
-    return res.send({
-      recordsTotal: indices.length,
-      recordsFiltered: findices.length,
-      data: findices
-    });
-  });
-});
-
-app.delete('/esindices/:index', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.params.index) {
-    return res.molochError(403, 'Missing index to delete');
-  }
-
-  Db.deleteIndex([req.params.index], {}, (err, result) => {
-    if (err) {
-      res.status(404);
-      return res.send(JSON.stringify({ success:false, text:'Error deleting index' }));
-    }
-    return res.send(JSON.stringify({ success: true, text: result }));
-  });
-});
-
-app.post('/esindices/:index/optimize', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.params.index) {
-    return res.molochError(403, 'Missing index to optimize');
-  }
-
-  Db.optimizeIndex([req.params.index], {}, (err, result) => {
-    if (err) {
-      console.log ("ERROR -", req.params.index, "optimize failed", err);
-    }
-  });
-
-  // Always return right away, optimizeIndex might block
-  return res.send(JSON.stringify({ success: true, text: {} }));
-});
-
-app.post('/esindices/:index/close', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.params.index) {
-    return res.molochError(403, 'Missing index to close');
-  }
-
-  Db.closeIndex([req.params.index], {}, (err, result) => {
-    if (err) {
-      res.status(404);
-      return res.send(JSON.stringify({ success:false, text:'Error closing index' }));
-    }
-    return res.send(JSON.stringify({ success: true, text: result }));
-  });
-});
-
-app.post('/esindices/:index/open', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.params.index) {
-    return res.molochError(403, 'Missing index to open');
-  }
-
-  Db.openIndex([req.params.index], {}, (err, result) => {
-    if (err) {
-      console.log ("ERROR -", req.params.index, "open failed", err);
-    }
-  });
-
-  // Always return right away, openIndex might block
-  return res.send(JSON.stringify({ success: true, text: {} }));
-});
-
-app.post('/esindices/:index/shrink', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.body || !req.body.target) {
-    return res.molochError(403, 'Missing target');
-  }
-
-  let settingsParams = {
-    body: {
-      'index.routing.allocation.total_shards_per_node': null,
-      'index.routing.allocation.require._name': req.body.target,
-      'index.blocks.write': true
-    }
-  };
-
-  Db.setIndexSettings(req.params.index, settingsParams, (err, results) => {
-    if (err) {
-      return res.send(JSON.stringify({
-        success: false,
-        text: err.message || 'Error shrinking index'
-      }));
-    }
-
-    let shrinkParams = {
-      body: {
-        settings: {
-          'index.routing.allocation.require._name': null,
-          'index.blocks.write': null,
-          'index.codec': 'best_compression',
-          'index.number_of_shards': req.body.numShards || 1
-        }
-      }
-    };
-
-    // wait for no more reloacting shards
-    let shrinkCheckInterval = setInterval(() => {
-      Db.healthCachePromise()
-        .then((result) => {
-          if (result.relocating_shards === 0) {
-            clearInterval(shrinkCheckInterval);
-            Db.shrinkIndex(req.params.index, shrinkParams, (err, results) => {
-              if (err) {
-                console.log(`ERROR - ${req.params.index} shrink failed`, err);
-              }
-              Db.indices((err, indexResult) => {
-                if (err) {
-                  console.log(`Error fetching ${req.params.index} and ${req.params.index}-shrink indices after shrinking`);
-                } else if (indexResult[0] && indexResult[1] &&
-                  indexResult[0]['docs.count'] === indexResult[1]['docs.count']) {
-                  Db.deleteIndex([req.params.index], {}, (err, result) => {
-                    if (err) {
-                      console.log(`Error deleting ${req.params.index} index after shrinking`);
-                    }
-                  });
-                }
-              }, `${req.params.index}-shrink,${req.params.index}`);
-            });
-          }
-        });
-    }, 10000);
-
-    // always return right away, shrinking might take a while
-    return res.send(JSON.stringify({ success: true }));
-  });
-});
-
-app.get('/estask/list', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
-  Db.tasks(function (err, tasks) {
-    if (err) {
-      console.log ('ERROR -  /estask/list', err);
-      return res.send({
-        recordsTotal: 0,
-        recordsFiltered: 0,
-        data: []
-      });
-    }
-
-    tasks = tasks.tasks;
-
-    let regex;
-    if (req.query.filter !== undefined) {
-      try {
-        regex = new RE2(req.query.filter);
-      } catch (e) {
-        return res.molochError(500, `Regex Error: ${e}`);
-      }
-    }
-
-    let rtasks = [];
-    for (const key in tasks) {
-      let task = tasks[key];
-
-      task.taskId = key;
-      if (task.children) {
-        task.childrenCount = task.children.length;
-      } else {
-        task.childrenCount = 0;
-      }
-      delete task.children;
-
-      if (req.query.cancellable && req.query.cancellable === 'true') {
-        if (!task.cancellable) { continue; }
-      }
-
-      if (task.headers['X-Opaque-Id']) {
-        let parts = splitRemain(task.headers['X-Opaque-Id'], '::', 1);
-        task.user = (parts.length === 1?'':parts[0]);
-      } else {
-        task.user = '';
-      }
-
-      if (regex && (!task.action.match(regex) && !task.user.match(regex))) { continue; }
-
-      rtasks.push(task);
-    }
-
-    const sortField = req.query.sortField || 'action';
-    if (sortField === 'action' || sortField === 'user') {
-      if (req.query.desc === 'true') {
-        rtasks = rtasks.sort(function (a, b) { return b.action.localeCompare(a.index); });
-      } else {
-        rtasks = rtasks.sort(function (a, b) { return a.action.localeCompare(b.index); });
-      }
-    } else {
-      if (req.query.desc === 'true') {
-        rtasks = rtasks.sort(function (a, b) { return b[sortField] - a[sortField]; });
-      } else {
-        rtasks = rtasks.sort(function (a, b) { return a[sortField] - b[sortField]; });
-      }
-    }
-
-    let size = parseInt(req.query.size) || 1000;
-    if (rtasks.length > size) {
-      rtasks = rtasks.slice(0, size);
-    }
-
-    return res.send({
-      recordsTotal: Object.keys(tasks).length,
-      recordsFiltered: rtasks.length,
-      data: rtasks
-    });
-  });
-});
-
-app.post('/estask/cancel', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.body || !req.body.taskId) {
-    return res.molochError(403, 'Missing/Empty required fields');
-  }
-
-  Db.taskCancel(req.body.taskId, (err, result) => {
-    return res.send(JSON.stringify({ success: true, text: result }));
-  });
-});
-
-app.post('/estask/cancelById', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.body || !req.body.cancelId) {
-    return res.molochError(403, 'Missing cancel ID');
-  }
-
-  Db.cancelByOpaqueId(`${req.user.userId}::${req.body.cancelId}`, (err, result) => {
-    return res.send(JSON.stringify({ success: true, text: result }));
-  });
-});
-
-app.post('/estask/cancelAll', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  Db.taskCancel(undefined, (err, result) => {
-    return res.send(JSON.stringify({ success: true, text: result }));
-  });
-});
-
-//////////////////////////////////////////////////////////////////////////////////
-function checkEsAdminUser (req, res, next) {
-  if (internals.esAdminUsers.includes(req.user.userId)) {
-    return next();
-  }
-  return res.molochError(403, 'You do not have permission to access this resource');
-}
-
-app.get('/esadmin/list', [noCacheJson, recordResponseTime, checkEsAdminUser, setCookie], (req, res) => {
-  Promise.all([Db.getClusterSettings({flatSettings: true, include_defaults: true})
-              ]).then(([settings]) => {
-    let rsettings = [];
-
-    function addSetting(key, type, name, url, regex) {
-      let current = settings.transient[key];
-      if (current === undefined) { current = settings.persistent[key]; }
-      if (current === undefined) { current = settings.defaults[key]; }
-      if (current === undefined) { return; }
-      rsettings.push({key: key, current: current, name: name, type: type, url: url, regex: regex});
-    }
-
-    addSetting('search.max_buckets', 'Integer',
-               'Max Aggregation Size',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket.html',
-               '^(|null|\\d+)$');
-
-    addSetting('cluster.routing.allocation.disk.watermark.flood_stage', 'Percent or Byte Value',
-               'Disk Watermark Flood',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html',
-               '^(|null|\\d+(%|b|kb|mb|gb|tb|pb))$');
-
-    addSetting('cluster.routing.allocation.disk.watermark.high', 'Percent or Byte Value',
-               'Disk Watermark High',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html',
-               '^(|null|\\d+(%|b|kb|mb|gb|tb|pb))$');
-
-    addSetting('cluster.routing.allocation.disk.watermark.low', 'Percent or Byte Value',
-               'Disk Watermark Low',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html',
-               '^(|null|\\d+(%|b|kb|mb|gb|tb|pb))$');
-
-    addSetting('cluster.routing.allocation.enable', 'Mode',
-               'Allocation Mode',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/shards-allocation.html',
-               '^(all|primaries|new_primaries|none)$');
-
-    addSetting('cluster.routing.allocation.cluster_concurrent_rebalance', 'Integer',
-               'Concurrent Rebalances',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/shards-allocation.html',
-               '^(|null|\\d+)$');
-
-    addSetting('cluster.routing.allocation.node_concurrent_recoveries', 'Integer',
-               'Concurrent Recoveries',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/shards-allocation.html',
-               '^(|null|\\d+)$');
-
-    addSetting('cluster.routing.allocation.node_initial_primaries_recoveries', 'Integer',
-               'Initial Primaries Recoveries',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/shards-allocation.html',
-               '^(|null|\\d+)$');
-
-    addSetting('cluster.max_shards_per_node', 'Integer',
-               'Max Shards per Node',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/master/misc-cluster.html',
-               '^(|null|\\d+)$');
-
-    addSetting('indices.recovery.max_bytes_per_sec', 'Byte Value',
-               'Recovery Max Bytes per Second',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/recovery.html',
-               '^(|null|\\d+(b|kb|mb|gb|tb|pb))$');
-
-    addSetting('cluster.routing.allocation.awareness.attributes', 'List of Attributes',
-               'Shard Allocation Awareness',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/allocation-awareness.html',
-               '^(|null|[a-z0-9_,-]+)$');
-
-    addSetting('indices.breaker.total.limit', 'Percent',
-               'Breaker - Total Limit',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/circuit-breaker.html',
-               '^(|null|\\d+%)$');
-
-    addSetting('indices.breaker.fielddata.limit', 'Percent',
-               'Breaker - Field data',
-               'https://www.elastic.co/guide/en/elasticsearch/reference/current/circuit-breaker.html',
-               '^(|null|\\d+%)$');
-
-
-    return res.send(rsettings);
-  });
-});
-
-app.post('/esadmin/set', [noCacheJson, recordResponseTime, checkEsAdminUser, checkCookieToken], (req, res) => {
-
-  if (req.body.key === undefined) { return res.molochError(500, 'Missing key'); }
-  if (req.body.value === undefined) { return res.molochError(500, 'Missing value'); }
-
-  // Convert null string to null
-  if (req.body.value === 'null') { req.body.value = null; }
-
-  let query = {body: {persistent: {}}};
-  query.body.persistent[req.body.key] = req.body.value || null;
-
-  Db.putClusterSettings(query, function(err, result) {
-    if (err) {
-      console.log("putSettings failed", result);
-      return res.molochError(500, 'Set failed');
-    }
-    return res.send(JSON.stringify({ success: true, text: 'Set'}));
-  });
-});
-
-app.post('/esadmin/reroute', [noCacheJson, recordResponseTime, checkEsAdminUser, checkCookieToken], (req, res) => {
-  Db.reroute((err) => {
-    if (err) {
-      return res.send(JSON.stringify({ success: true, text: 'Reroute failed'}));
-    } else {
-      return res.send(JSON.stringify({ success: true, text: 'Reroute successful'}));
-    }
-  });
-});
-
-app.post('/esadmin/flush', [noCacheJson, recordResponseTime, checkEsAdminUser, checkCookieToken], (req, res) => {
-  Db.refresh('*');
-  Db.flush('*');
-  return res.send(JSON.stringify({ success: true, text: 'Flushed'}));
-});
-
-app.post('/esadmin/unflood', [noCacheJson, recordResponseTime, checkEsAdminUser, checkCookieToken], (req, res) => {
-  Db.setIndexSettings('*', {'index.blocks.read_only_allow_delete': null});
-  return res.send(JSON.stringify({ success: true, text: 'Unflood'}));
-});
-
-app.get('/esshard/list', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
-  Promise.all([
-    Db.shards(),
-    Db.getClusterSettings({flatSettings: true})
-  ]).then(([shards, settings]) => {
-    let ipExcludes = [];
-    if (settings.persistent['cluster.routing.allocation.exclude._ip']) {
-      ipExcludes = settings.persistent['cluster.routing.allocation.exclude._ip'].split(',');
-    }
-
-    let nodeExcludes = [];
-    if (settings.persistent['cluster.routing.allocation.exclude._name']) {
-      nodeExcludes = settings.persistent['cluster.routing.allocation.exclude._name'].split(',');
-    }
-
-    var regex;
-    if (req.query.filter !== undefined) {
-      try {
-        regex = new RE2(req.query.filter.toLowerCase());
-      } catch (e) {
-        return res.molochError(500, `Regex Error: ${e}`);
-      }
-    }
-
-    let result = {};
-    let nodes = {};
-
-    for (var shard of shards) {
-      if (shard.node === null || shard.node === "null") { shard.node = "Unassigned"; }
-
-      if (! (req.query.show === 'all' ||
-            shard.state === req.query.show ||    //  Show only matching stage
-            (shard.state !== 'STARTED' && req.query.show === 'notstarted'))) {
-        continue;
-      }
-
-      if (regex && !shard.index.toLowerCase().match(regex) && !shard.node.toLowerCase().match(regex)) { continue; }
-
-      if (result[shard.index] === undefined) {
-        result[shard.index] = {name: shard.index, nodes: {}};
-      }
-      if (result[shard.index].nodes[shard.node] === undefined) {
-        result[shard.index].nodes[shard.node] = [];
-      }
-      result[shard.index].nodes[shard.node].push(shard);
-      nodes[shard.node] = {ip: shard.ip, ipExcluded: ipExcludes.includes(shard.ip), nodeExcluded: nodeExcludes.includes(shard.node)};
-
-      result[shard.index].nodes[shard.node]
-        .sort((a, b) => {
-          return a.shard - b.shard;
-        });
-
-      delete shard.node;
-      delete shard.index;
-    }
-
-    let indices = Object.keys(result).map((k) => result[k]);
-    if (req.query.desc === 'true') {
-      indices = indices.sort(function (a, b) {
-        return b.name.localeCompare(a.name);
-      });
-    } else {
-      indices = indices.sort(function (a, b) {
-        return a.name.localeCompare(b.name);
-      });
-    }
-    res.send({nodes: nodes, indices: indices, nodeExcludes: nodeExcludes, ipExcludes: ipExcludes});
-  });
-});
-
-app.post('/esshard/exclude/:type/:value', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (Config.get("multiES", false)) { return res.molochError(401, "Not supported in multies"); }
-
-  Db.getClusterSettings({flatSettings: true}, function(err, settings) {
-    let exclude = [];
-    let settingName;
-
-    if (req.params.type === 'ip') {
-      settingName = 'cluster.routing.allocation.exclude._ip';
-    } else if (req.params.type === 'name') {
-      settingName = 'cluster.routing.allocation.exclude._name';
-    } else {
-      return res.molochError(403, 'Unknown exclude type');
-    }
-
-    if (settings.persistent[settingName]) {
-      exclude = settings.persistent[settingName].split(',');
-    }
-
-    if (!exclude.includes(req.params.value)) {
-      exclude.push(req.params.value);
-    }
-    var query = {body: {persistent: {}}};
-    query.body.persistent[settingName] = exclude.join(',');
-
-    Db.putClusterSettings(query, function(err, settings) {
-      if (err) {console.log("putSettings", err);}
-      return res.send(JSON.stringify({ success: true, text: 'Excluded'}));
-    });
-  });
-});
-
-app.post('/esshard/include/:type/:value', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (Config.get("multiES", false)) { return res.molochError(401, "Not supported in multies"); }
-
-  Db.getClusterSettings({flatSettings: true}, function(err, settings) {
-    let exclude = [];
-    let settingName;
-
-    if (req.params.type === 'ip') {
-      settingName = 'cluster.routing.allocation.exclude._ip';
-    } else if (req.params.type === 'name') {
-      settingName = 'cluster.routing.allocation.exclude._name';
-    } else {
-      return res.molochError(403, 'Unknown include type');
-    }
-
-    if (settings.persistent[settingName]) {
-      exclude = settings.persistent[settingName].split(',');
-    }
-
-    let pos = exclude.indexOf(req.params.value);
-    if (pos > -1) {
-      exclude.splice(pos, 1);
-    }
-    var query = {body: {persistent: {}}};
-    query.body.persistent[settingName] = exclude.join(',');
-
-    Db.putClusterSettings(query, function(err, settings) {
-      if (err) {console.log("putSettings", err);}
-      return res.send(JSON.stringify({ success: true, text: 'Included'}));
-    });
-  });
-});
-
-app.get('/esrecovery/list', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
-  const sortField = (req.query.sortField || 'index') + (req.query.desc === 'true' ? ':desc' : '');
-
-  Promise.all([Db.recovery(sortField)]).then(([recoveries]) => {
-    let regex;
-    if (req.query.filter !== undefined) {
-      try {
-        regex = new RE2(req.query.filter);
-      } catch (e) {
-        return res.molochError(500, `Regex Error: ${e}`);
-      }
-    }
-
-    let result = [];
-
-    for (const recovery of recoveries) {
-      if (! (req.query.show === 'all' ||
-        recovery.stage === req.query.show || // Show only matching stage
-        (recovery.stage !== 'done' && req.query.show === 'notdone'))) {
-        continue;
-      }
-
-      // filtering
-      if (regex && !recovery.index.match(regex) &&
-        !recovery.target_node.match(regex) &&
-        !recovery.source_node.match(regex)) {
-        continue;
-      }
-
-      result.push(recovery);
-    }
-
-    res.send({
-      recordsTotal: recoveries.length,
-      recordsFiltered: result.length,
-      data: result
-    });
-  }).catch((err) => {
-    console.log ('ERROR -  /esrecovery/list', err);
-    return res.send({
-      recordsTotal: 0,
-      recordsFiltered: 0,
-      data: []
-    });
-  });
-});
-
-app.get('/esstats.json', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
-  let stats = [];
-  let r;
-
-  Promise.all([Db.nodesStatsCache(),
-               Db.nodesInfoCache(),
-               Db.masterCache(),
-               Db.healthCachePromise(),
-               Db.getClusterSettings({flatSettings: true})
-             ])
-  .then(([nodesStats, nodesInfo, master, health, settings]) => {
-
-    let ipExcludes = [];
-    if (settings.persistent['cluster.routing.allocation.exclude._ip']) {
-      ipExcludes = settings.persistent['cluster.routing.allocation.exclude._ip'].split(',');
-    }
-
-    let nodeExcludes = [];
-    if (settings.persistent['cluster.routing.allocation.exclude._name']) {
-      nodeExcludes = settings.persistent['cluster.routing.allocation.exclude._name'].split(',');
-    }
-
-    const now = new Date().getTime();
-    while (internals.previousNodesStats.length > 1 && internals.previousNodesStats[1].timestamp + 10000 < now) {
-      internals.previousNodesStats.shift();
-    }
-
-    let regex;
-    if (req.query.filter !== undefined) {
-      try {
-        regex = new RE2(req.query.filter);
-      } catch (e) {
-        return res.molochError(500, `Regex Error: ${e}`);
-      }
-    }
-
-    const nodeKeys = Object.keys(nodesStats.nodes);
-    for (let n = 0, nlen = nodeKeys.length; n < nlen; n++) {
-      let node = nodesStats.nodes[nodeKeys[n]];
-
-      if (nodeKeys[n] === 'timestamp' || (regex && !node.name.match(regex))) { continue; }
-
-      let read = 0;
-      let write = 0;
-      let rejected = 0;
-      let completed = 0;
-
-      let writeInfo = node.thread_pool.bulk || node.thread_pool.write;
-
-      const oldnode = internals.previousNodesStats[0][nodeKeys[n]];
-      if (oldnode !== undefined && node.fs.io_stats !== undefined && oldnode.fs.io_stats !== undefined && 'total' in node.fs.io_stats) {
-        const timediffsec = (node.timestamp - oldnode.timestamp)/1000.0;
-        read = Math.max(0, Math.ceil((node.fs.io_stats.total.read_kilobytes - oldnode.fs.io_stats.total.read_kilobytes)/timediffsec*1024));
-        write = Math.max(0, Math.ceil((node.fs.io_stats.total.write_kilobytes - oldnode.fs.io_stats.total.write_kilobytes)/timediffsec*1024));
-
-        let writeInfoOld = oldnode.thread_pool.bulk || oldnode.thread_pool.write;
-
-        completed = Math.max(0, Math.ceil((writeInfo.completed - writeInfoOld.completed)/timediffsec));
-        rejected = Math.max(0, Math.ceil((writeInfo.rejected - writeInfoOld.rejected)/timediffsec));
-      }
-
-      const ip = (node.ip ? node.ip.split(':')[0] : node.host);
-
-      let threadpoolInfo;
-      let version = "";
-      let molochtype;
-      if (nodesInfo.nodes[nodeKeys[n]]) {
-        threadpoolInfo = nodesInfo.nodes[nodeKeys[n]].thread_pool.bulk || nodesInfo.nodes[nodeKeys[n]].thread_pool.write;
-        version = nodesInfo.nodes[nodeKeys[n]].version;
-        if (nodesInfo.nodes[nodeKeys[n]].attributes) {
-          molochtype = nodesInfo.nodes[nodeKeys[n]].attributes.molochtype;
-        }
-      } else {
-        threadpoolInfo = { queue_size: 0 };
-      }
-
-      stats.push({
-        name: node.name,
-        ip: ip,
-        ipExcluded: ipExcludes.includes(ip),
-        nodeExcluded: nodeExcludes.includes(node.name),
-        storeSize: node.indices.store.size_in_bytes,
-        freeSize: node.roles.includes("data")?node.fs.total.available_in_bytes:0,
-        docs: node.indices.docs.count,
-        searches: node.indices.search.query_current,
-        searchesTime: node.indices.search.query_time_in_millis,
-        heapSize: node.jvm.mem.heap_used_in_bytes,
-        nonHeapSize: node.jvm.mem.non_heap_used_in_bytes,
-        cpu: node.process.cpu.percent,
-        read: read,
-        write: write,
-        writesRejected: writeInfo.rejected,
-        writesCompleted: writeInfo.completed,
-        writesRejectedDelta: rejected,
-        writesCompletedDelta: completed,
-        writesQueueSize: threadpoolInfo.queue_size,
-        load: node.os.load_average !== undefined ? /* ES 2*/ node.os.load_average : /*ES 5*/ node.os.cpu.load_average["5m"],
-        version: version,
-        molochtype: molochtype,
-        roles: node.roles,
-        isMaster: (master.length > 0 && node.name === master[0].node)
-      });
-    }
-
-    if (req.query.sortField && stats.length > 1) {
-      let field = req.query.sortField === 'nodeName'?'name':req.query.sortField;
-      if (typeof(stats[0][field]) === 'string') {
-        if (req.query.desc === 'true') {
-          stats = stats.sort(function(a,b){ return b[field].localeCompare(a[field]); });
-        } else {
-          stats = stats.sort(function(a,b){ return a[field].localeCompare(b[field]); });
-        }
-      } else {
-        if (req.query.desc === 'true') {
-          stats = stats.sort(function(a,b){ return b[field] - a[field]; });
-        } else {
-          stats = stats.sort(function(a,b){ return a[field] - b[field]; });
-        }
-      }
-    }
-
-    nodesStats.nodes.timestamp = new Date().getTime();
-    internals.previousNodesStats.push(nodesStats.nodes);
-
-    r = {
-      health: health,
-      recordsTotal: nodeKeys.length,
-      recordsFiltered: stats.length,
-      data: stats
-    };
-
-    res.send(r);
-  }).catch((err) => {
-    console.log ('ERROR -  /esstats.json', err);
-    r = {
-      health: Db.healthCache(),
-      recordsTotal: 0,
-      recordsFiltered: 0,
-      data: []
-    };
-    return res.send(r);
-  });
-});
-
-function mergeUnarray(to, from) {
-  for (var key in from) {
-    if (Array.isArray(from[key])) {
-      to[key] = from[key][0];
-    } else {
-      to[key] = from[key];
-    }
-  }
-}
-
-// No auth necessary for parliament.json
-app.get('/parliament.json', [noCacheJson], (req, res) => {
-  let query = {
-    size: 500,
-    _source: [
-      'ver', 'nodeName', 'currentTime', 'monitoring', 'deltaBytes', 'deltaPackets', 'deltaMS',
-      'deltaESDropped', 'deltaDropped', 'deltaOverloadDropped'
-    ]
-  };
-
-  Promise.all([Db.search('stats', 'stat', query), Db.numberOfDocuments('stats')])
-    .then(([stats, total]) => {
-      if (stats.error) { throw stats.error; }
-
-      let results = { total: stats.hits.total, results: [] };
-
-      for (let i = 0, ilen = stats.hits.hits.length; i < ilen; i++) {
-        let fields = stats.hits.hits[i]._source || stats.hits.hits[i].fields;
-
-        if (stats.hits.hits[i]._source) {
-          mergeUnarray(fields, stats.hits.hits[i].fields);
-        }
-        fields.id = stats.hits.hits[i]._id;
-
-        // make sure necessary fields are not undefined
-        let keys = [ 'deltaOverloadDropped', 'monitoring', 'deltaESDropped' ];
-        for (const key of keys) {
-          fields[key] = fields[key] || 0;
-        }
-
-        fields.deltaBytesPerSec         = Math.floor(fields.deltaBytes * 1000.0/fields.deltaMS);
-        fields.deltaPacketsPerSec       = Math.floor(fields.deltaPackets * 1000.0/fields.deltaMS);
-        fields.deltaESDroppedPerSec     = Math.floor(fields.deltaESDropped * 1000.0/fields.deltaMS);
-        fields.deltaTotalDroppedPerSec  = Math.floor((fields.deltaDropped + fields.deltaOverloadDropped) * 1000.0/fields.deltaMS);
-
-        results.results.push(fields);
-      }
-
-      res.send({
-        data: results.results,
-        recordsTotal: total.count,
-        recordsFiltered: results.total
-      });
-    }).catch((err) => {
-      console.log('ERROR - /parliament.json', err);
-      res.send({ recordsTotal: 0, recordsFiltered: 0, data: [] });
-    });
-});
-
-app.get('/stats.json', [noCacheJson, recordResponseTime, checkPermissions(['hideStats']), setCookie], (req, res) => {
-  let query = {
-    from: 0,
-    size: 10000,
-    query: {
-      bool: {
-        must: [],
-        should: [],
-        must_not: [
-          { term: { hide: true } }
-        ]
-      }
-    }
-  };
-
-  if (req.query.filter !== undefined && req.query.filter !== '') {
-    const names = req.query.filter.split(',');
-    for (let name of names) {
-      name = name.trim();
-      if (name !== '') {
-        query.query.bool.should.push({
-          wildcard: { nodeName: '*' + name + '*' }
-        });
-      }
-    }
-  }
-
-  let rquery = {
-    query: {term: {locked: 0}},
-    size: 0,
-    aggregations: {
-      buckets: {
-        terms: {field: "node", size: 1000},
-        aggregations: {
-          first: {min: {field: "first"}}
-        }
-      }
-    }
-  };
-
-  if (req.query.hide !== undefined && req.query.hide !== 'none') {
-    if (req.query.hide === 'old' || req.query.hide === 'both') {
-      query.query.bool.must.push({ range: { currentTime: { gte: 'now-5m'} } });
-    }
-    if (req.query.hide === 'nosession' || req.query.hide === 'both') {
-      query.query.bool.must.push({ range: { monitoring: { gte: '1'} } });
-    }
-  }
-
-  let now = Math.floor(Date.now() / 1000);
-
-  Promise.all([Db.search('stats', 'stat', query),
-               Db.numberOfDocuments('stats'),
-               Db.search('files', 'file', rquery)
-  ]).then(([stats, total, retention]) => {
-    if (stats.error) { throw stats.error; }
-
-    if (retention.aggregations.buckets && retention.aggregations.buckets.buckets) {
-      retention = arrayToObject(retention.aggregations.buckets.buckets, "key");
-    } else {
-      retention = {};
-    }
-
-    let results = { total: stats.hits.total, results: [] };
-
-    for (let i = 0, ilen = stats.hits.hits.length; i < ilen; i++) {
-      let fields = stats.hits.hits[i]._source || stats.hits.hits[i].fields;
-      if (stats.hits.hits[i]._source) {
-        mergeUnarray(fields, stats.hits.hits[i].fields);
-      }
-      fields.id = stats.hits.hits[i]._id;
-
-      if (retention[fields.id]) {
-        fields.retention                  = now - retention[fields.id].first.value;
-      } else {
-        fields.retention                  = 0;
-      }
-
-      fields.deltaBytesPerSec           = Math.floor(fields.deltaBytes * 1000.0/fields.deltaMS);
-      fields.deltaWrittenBytesPerSec    = Math.floor(fields.deltaWrittenBytes * 1000.0/fields.deltaMS);
-      fields.deltaUnwrittenBytesPerSec  = Math.floor(fields.deltaUnwrittenBytes * 1000.0/fields.deltaMS);
-      fields.deltaBitsPerSec            = Math.floor(fields.deltaBytes * 1000.0/fields.deltaMS * 8);
-      fields.deltaPacketsPerSec         = Math.floor(fields.deltaPackets * 1000.0/fields.deltaMS);
-      fields.deltaSessionsPerSec        = Math.floor(fields.deltaSessions * 1000.0/fields.deltaMS);
-      fields.deltaSessionBytesPerSec    = Math.floor(fields.deltaSessionBytes * 1000.0/fields.deltaMS);
-      fields.sessionSizePerSec          = Math.floor(fields.deltaSessionBytes/fields.deltaSessions);
-      fields.deltaDroppedPerSec         = Math.floor(fields.deltaDropped * 1000.0/fields.deltaMS);
-      fields.deltaFragsDroppedPerSec    = Math.floor(fields.deltaFragsDropped * 1000.0/fields.deltaMS);
-      fields.deltaOverloadDroppedPerSec = Math.floor(fields.deltaOverloadDropped * 1000.0/fields.deltaMS);
-      fields.deltaESDroppedPerSec       = Math.floor(fields.deltaESDropped * 1000.0/fields.deltaMS);
-      fields.deltaTotalDroppedPerSec    = Math.floor((fields.deltaDropped + fields.deltaOverloadDropped) * 1000.0/fields.deltaMS);
-      results.results.push(fields);
-    }
-
-    // sort after all the results are aggregated
-    req.query.sortField = req.query.sortField || 'nodeName';
-    if (results.results[0] && results.results[0][req.query.sortField] !== undefined) { // make sure the field exists to sort on
-      results.results = results.results.sort((a, b) => {
-        if (req.query.desc === 'true') {
-          if (!isNaN(a[req.query.sortField])) {
-            return b[req.query.sortField] - a[req.query.sortField];
-          } else {
-            return b[req.query.sortField].localeCompare(a[req.query.sortField]);
-          }
-        } else {
-          if (!isNaN(a[req.query.sortField])) {
-            return a[req.query.sortField] - b[req.query.sortField];
-          } else {
-            return a[req.query.sortField].localeCompare(b[req.query.sortField]);
-          }
-        }
-      });
-    }
-
-    let from = +req.query.start || 0;
-    let stop = from + (+req.query.length || 500);
-
-    let r = {
-      recordsTotal: total.count,
-      recordsFiltered: results.results.length,
-      data: results.results.slice(from, stop)
-    };
-
-    res.send(r);
-  }).catch((err) => {
-    console.log('ERROR - /stats.json', query, err);
-    res.send({ recordsTotal: 0, recordsFiltered: 0, data: [] });
-  });
-});
-
-app.get('/dstats.json', [noCacheJson, checkPermissions(['hideStats'])], (req, res) => {
-  var nodeName = req.query.nodeName;
-
-  var query = {
-    query: {
-      bool: {
-        filter: [
-          {
-            range: { currentTime: { from: req.query.start, to: req.query.stop } }
-          },
-          {
-            term: { interval: req.query.interval || 60}
-          }
-        ]
-      }
-    }
-  };
-
-  if (nodeName !== undefined && nodeName !== 'Total' && nodeName !== 'Average') {
-    query.sort = {currentTime: {order: 'desc' }};
-    query.size = req.query.size || 1440;
-    query.query.bool.filter.push({term: { nodeName: nodeName}});
-  } else {
-    query.size = 100000;
-  }
-
-  var mapping = {
-    deltaBits: {_source: ["deltaBytes"], func: function (item) {return Math.floor(item.deltaBytes * 8.0);}},
-    deltaTotalDropped: {_source: ["deltaDropped", "deltaOverloadDropped"], func: function (item) {return Math.floor(item.deltaDropped + item.deltaOverloadDropped);}},
-    deltaBytesPerSec: {_source: ["deltaBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaBytes * 1000.0/item.deltaMS);}},
-    deltaBitsPerSec: {_source: ["deltaBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaBytes * 1000.0/item.deltaMS * 8);}},
-    deltaWrittenBytesPerSec: {_source: ["deltaWrittenBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaWrittenBytes * 1000.0/item.deltaMS);}},
-    deltaUnwrittenBytesPerSec: {_source: ["deltaUnwrittenBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaUnwrittenBytes * 1000.0/item.deltaMS);}},
-    deltaPacketsPerSec: {_source: ["deltaPackets", "deltaMS"], func: function(item) {return Math.floor(item.deltaPackets * 1000.0/item.deltaMS);}},
-    deltaSessionsPerSec: {_source: ["deltaSessions", "deltaMS"], func: function(item) {return Math.floor(item.deltaSessions * 1000.0/item.deltaMS);}},
-    deltaSessionBytesPerSec: {_source: ["deltaSessionBytes", "deltaMS"], func: function(item) {return Math.floor(item.deltaSessionBytes * 1000.0/item.deltaMS);}},
-    sessionSizePerSec: {_source: ["deltaSessionBytes", "deltaSessions"], func: function(item) {return Math.floor(item.deltaSessionBytes/item.deltaSessions);}},
-    deltaDroppedPerSec: {_source: ["deltaDropped", "deltaMS"], func: function(item) {return Math.floor(item.deltaDropped * 1000.0/item.deltaMS);}},
-    deltaFragsDroppedPerSec: {_source: ["deltaFragsDropped", "deltaMS"], func: function(item) {return Math.floor(item.deltaFragsDropped * 1000.0/item.deltaMS);}},
-    deltaOverloadDroppedPerSec: {_source: ["deltaOverloadDropped", "deltaMS"], func: function(item) {return Math.floor(item.deltaOverloadDropped * 1000.0/item.deltaMS);}},
-    deltaESDroppedPerSec: {_source: ["deltaESDropped", "deltaMS"], func: function(item) {return Math.floor(item.deltaESDropped * 1000.0/item.deltaMS);}},
-    deltaTotalDroppedPerSec: {_source: ["deltaDropped", "deltaOverloadDropped", "deltaMS"], func: function(item) {return Math.floor((item.deltaDropped + item.deltaOverloadDropped) * 1000.0/item.deltaMS);}},
-    cpu: {_source: ["cpu"], func: function (item) {return item.cpu * 0.01;}}
-  };
-
-  query._source = mapping[req.query.name]?mapping[req.query.name]._source:[req.query.name];
-  query._source.push("nodeName", "currentTime");
-
-  var func = mapping[req.query.name]?mapping[req.query.name].func:function(item) {return item[req.query.name];};
-
-  Db.searchScroll('dstats', 'dstat', query, {filter_path: "_scroll_id,hits.total,hits.hits._source"}, function(err, result) {
-    if (err || result.error) {
-      console.log("ERROR - dstats", query, err || result.error);
-    }
-    var i, ilen;
-    var data = {};
-    var num = (req.query.stop - req.query.start)/req.query.step;
-
-    var mult = 1;
-    if (req.query.name === "freeSpaceM" || req.query.name === "usedSpaceM") {
-      mult = 1000000;
-    }
-
-    //console.log("dstats.json result", util.inspect(result, false, 50));
-
-    if (result && result.hits && result.hits.hits) {
-      for (i = 0, ilen = result.hits.hits.length; i < ilen; i++) {
-        var fields = result.hits.hits[i]._source;
-        var pos = Math.floor((fields.currentTime - req.query.start)/req.query.step);
-
-        if (data[fields.nodeName] === undefined) {
-          data[fields.nodeName] = arrayZeroFill(num);
-        }
-        data[fields.nodeName][pos] = mult * func(fields);
-      }
-    }
-    if (nodeName === undefined) {
-      res.send(data);
-    } else {
-      if (data[nodeName] === undefined) {
-        data[nodeName] = arrayZeroFill(num);
-      }
-      if (nodeName === 'Total' || nodeName === 'Average') {
-        delete data[nodeName];
-        var data2 = arrayZeroFill(num);
-        var cnt = 0;
-        for (var key in data) {
-          for (i = 0; i < num; i++) {
-            data2[i] += data[key][i];
-          }
-          cnt++;
-        }
-        if (nodeName === 'Average') {
-          for (i = 0; i < num; i++) {
-            data2[i] /= cnt;
-          }
-        }
-        res.send(data2);
-      } else {
-        res.send(data[req.query.nodeName]);
-      }
-    }
-  });
-});
-
-app.get('/:nodeName/:fileNum/filesize.json', [noCacheJson, checkPermissions(['hideFiles'])], (req, res) => {
-  Db.fileIdToFile(req.params.nodeName, req.params.fileNum, (file) => {
-    if (!file) {
-      return res.send({filesize: -1});
-    }
-
-    fs.stat(file.name, (err, stats) => {
-      if (err || !stats) {
-        return res.send({filesize: -1});
-      } else {
-        return res.send({filesize: stats.size});
-      }
-    });
-  });
-});
-
-function mapMerge (aggregations) {
-  let map = { src: {}, dst: {}, xffGeo: {} };
-
-  if (!aggregations || !aggregations.mapG1) {
-    return {};
-  }
-
-  aggregations.mapG1.buckets.forEach(function (item) {
-    map.src[item.key] = item.doc_count;
-  });
-
-  aggregations.mapG2.buckets.forEach(function (item) {
-    map.dst[item.key] = item.doc_count;
-  });
-
-  aggregations.mapG3.buckets.forEach(function (item) {
-    map.xffGeo[item.key] = item.doc_count;
-  });
-
-  return map;
-}
-
-function graphMerge(req, query, aggregations) {
-  let graph = {
-    lpHisto: [],
-    db1Histo: [],
-    db2Histo: [],
-    pa1Histo: [],
-    pa2Histo: [],
-    by1Histo: [],
-    by2Histo: [],
-    xmin: req.query.startTime * 1000|| null,
-    xmax: req.query.stopTime * 1000 || null,
-    interval: query.aggregations?query.aggregations.dbHisto.histogram.interval / 1000 || 60 : 60
-  };
-
-  if (!aggregations || !aggregations.dbHisto) {
-    return graph;
-  }
-
-  graph.interval = query.aggregations?(query.aggregations.dbHisto.histogram.interval / 1000) || 60 : 60;
-
-  aggregations.dbHisto.buckets.forEach(function (item) {
-    let key = item.key;
-    graph.lpHisto.push([key, item.doc_count]);
-    graph.pa1Histo.push([key, item.srcPackets.value]);
-    graph.pa2Histo.push([key, item.dstPackets.value]);
-    graph.db1Histo.push([key, item.srcDataBytes.value]);
-    graph.db2Histo.push([key, item.dstDataBytes.value]);
-    graph.by1Histo.push([key, item.srcBytes.value]);
-    graph.by2Histo.push([key, item.dstBytes.value]);
-  });
-
-  return graph;
-}
-
-function fixFields(fields, fixCb) {
-  if (!fields.fileId) {
-    fields.fileId = [];
-    return fixCb(null, fields);
-  }
-
-  var files = [];
-  async.forEachSeries(fields.fileId, function (item, cb) {
-    Db.fileIdToFile(fields.node, item, function (file) {
-      if (file && file.locked === 1) {
-        files.push(file.name);
-      }
-      cb(null);
-    });
-  },
-  function(err) {
-    fields.fileId = files;
-    fixCb(err, fields);
-  });
-}
-
-/**
- * Flattens fields that are objects (only goes 1 level deep)
- *
- * @example
- * { http: { statuscode: [200, 302] } } => { "http.statuscode": [200, 302] }
- * @example
- * { cert: [ { alt: ["test.com"] } ] } => { "cert.alt": ["test.com"] }
- *
- * @param {object} fields The object containing fields to be flattened
- * @returns {object} fields The object with fields flattened
- */
-function flattenFields(fields) {
-  let newFields = {};
-
-  for (let key in fields) {
-    if (fields.hasOwnProperty(key)) {
-      let field = fields[key];
-      let baseKey = key + '.';
-      if (typeof field === 'object' && !field.length) {
-        // flatten out object
-        for (let nestedKey in field) {
-          if (field.hasOwnProperty(nestedKey)) {
-            let nestedField = field[nestedKey];
-            let newKey = baseKey + nestedKey;
-            newFields[newKey] = nestedField;
-          }
-        }
-        fields[key] = null;
-        delete fields[key];
-      } else if (Array.isArray(field)) {
-        // flatten out list
-        for (let nestedField of field) {
-          if (typeof nestedField === 'object') {
-            for (let nestedKey in nestedField) {
-              let newKey = baseKey + nestedKey;
-              if (newFields[newKey] === undefined) {
-                newFields[newKey] = nestedField[nestedKey];
-              } else if (Array.isArray(newFields[newKey])) {
-                newFields[newKey].push(nestedField[nestedKey]);
-              } else {
-                newFields[newKey] = [newFields[newKey], nestedField[nestedKey]];
-              }
-            }
-            fields[key] = null;
-            delete fields[key];
-          }
-        }
-      }
-    }
-  }
-
-  for (let key in newFields) {
-    if (newFields.hasOwnProperty(key)) {
-      fields[key] = newFields[key];
-    }
-  }
-
-  return fields;
-}
-
-app.use('/buildQuery.json', [noCacheJson, logAction('query')], function(req, res, next) {
-
-  if (req.method === "POST") {
-    req.query = req.body;
-  } else if (req.method !== "GET") {
-    next();
-  }
-
-  buildSessionQuery(req, function(bsqErr, query, indices) {
-    if (bsqErr) {
-      res.send({ recordsTotal: 0,
-                 recordsFiltered: 0,
-                 bsqErr: bsqErr.toString()
-               });
-      return;
-    }
-
-    if (req.query.fields) {
-      query._source = queryValueToArray(req.query.fields);
-    }
-
-    res.send({"esquery": query, "indices": indices});
-  });
-});
-
-app.get('/sessions.json', [noCacheJson, recordResponseTime, logAction('sessions'), setCookie], (req, res) => {
-  var graph = {};
-  var map = {};
-
-  let options;
-  if (req.query.cancelId) { options = { cancelId: `${req.user.userId}::${req.query.cancelId}` }; }
-
-  buildSessionQuery(req, function (bsqErr, query, indices) {
-    if (bsqErr) {
-      const r = {
-        recordsTotal: 0,
-        recordsFiltered: 0,
-        graph: {},
-        map: {},
-        bsqErr: bsqErr.toString(),
-        health: Db.healthCache(),
-        data:[]
-      };
-      return res.send(r);
-    }
-
-    let addMissing = false;
-    if (req.query.fields) {
-      query._source = queryValueToArray(req.query.fields);
-      ['node', 'srcIp', 'srcPort', 'dstIp', 'dstPort'].forEach((item) => {
-        if (query._source.indexOf(item) === -1) {
-          query._source.push(item);
-        }
-      });
-    } else {
-      addMissing = true;
-      query._source = [
-        'ipProtocol', 'rootId', 'totDataBytes', 'srcDataBytes',
-        'dstDataBytes', 'firstPacket', 'lastPacket', 'srcIp', 'srcPort',
-        'dstIp', 'dstPort', 'totPackets', 'srcPackets', 'dstPackets',
-        'totBytes', 'srcBytes', 'dstBytes', 'node', 'http.uri', 'srcGEO',
-        'dstGEO', 'email.subject', 'email.src', 'email.dst', 'email.filename',
-        'dns.host', 'cert', 'irc.channel', 'http.xffGEO'
-      ];
-    }
-
-    if (query.aggregations && query.aggregations.dbHisto) {
-      graph.interval = query.aggregations.dbHisto.histogram.interval;
-    }
-
-    if (Config.debug) {
-      console.log(`sessions.json ${indices} query`, JSON.stringify(query, null, 1));
-    }
-
-    Promise.all([Db.searchPrimary(indices, 'session', query, options),
-                 Db.numberOfDocuments('sessions2-*'),
-                 Db.healthCachePromise()
-    ]).then(([sessions, total, health]) => {
-      if (Config.debug) {
-        console.log('sessions.json result', util.inspect(sessions, false, 50));
-      }
-
-      if (sessions.error) { throw sessions.err; }
-
-      graph = graphMerge(req, query, sessions.aggregations);
-      map = mapMerge(sessions.aggregations);
-
-      var results = {total: sessions.hits.total, results: []};
-      async.each(sessions.hits.hits, function (hit, hitCb) {
-        var fields = hit._source || hit.fields;
-        if (fields === undefined) {
-          return hitCb(null);
-        }
-        //fields.index = hit._index;
-        fields.id = Db.session2Sid(hit);
-
-        if (req.query.flatten === '1') {
-          fields = flattenFields(fields);
-        }
-
-        if (addMissing) {
-          ['srcPackets', 'dstPackets', 'srcBytes', 'dstBytes', 'srcDataBytes', 'dstDataBytes'].forEach(function(item) {
-            if (fields[item] === undefined) {
-              fields[item] = -1;
-            }
-          });
-          results.results.push(fields);
-          return hitCb();
-        } else {
-          fixFields(fields, function() {
-            results.results.push(fields);
-            return hitCb();
-          });
-        }
-      }, function () {
-        var r = {recordsTotal: total.count,
-                 recordsFiltered: (results?results.total:0),
-                 graph: graph,
-                 health: health,
-                 map: map,
-                 data: (results?results.results:[])};
-        res.logCounts(r.data.length, r.recordsFiltered, r.recordsTotal);
-        try {
-          res.send(r);
-        } catch (c) {
-        }
-      });
-    }).catch ((err) => {
-      console.log('ERROR - /sessions.json error', err);
-      var r = {recordsTotal: 0,
-               recordsFiltered: 0,
-               graph: {},
-               map: {},
-               health: Db.healthCache(),
-               data:[]};
-      res.send(r);
-    });
-  });
-});
-
-app.get('/spigraph.json', [noCacheJson, recordResponseTime, logAction('spigraph'), fieldToExp, setCookie], (req, res) => {
-  req.query.facets = 1;
-
-  buildSessionQuery(req, function(bsqErr, query, indices) {
-    var results = {items: [], graph: {}, map: {}};
-    if (bsqErr) {
-      return res.molochError(403, bsqErr.toString());
-    }
-
-    let options;
-    if (req.query.cancelId) { options = { cancelId: `${req.user.userId}::${req.query.cancelId}` }; }
-
-    delete query.sort;
-    query.size = 0;
-    var size = +req.query.size || 20;
-
-    var field = req.query.field || 'node';
-
-    if (req.query.exp === 'ip.dst:port') { field = 'ip.dst:port'; }
-
-    if (field === 'ip.dst:port') {
-      query.aggregations.field = { terms: { field: 'dstIp', size: size }, aggregations: { sub: { terms: { field: 'dstPort', size: size } } } };
-    } else if (field === 'fileand') {
-      query.aggregations.field = { terms: { field: 'node', size: 1000 }, aggregations: { sub: { terms: { field: 'fileId', size: size } } } };
-    } else {
-      query.aggregations.field = { terms: { field: field, size: size * 2 } };
-    }
-
-    Promise.all([
-      Db.healthCachePromise(),
-      Db.numberOfDocuments('sessions2-*'),
-      Db.searchPrimary(indices, 'session', query, options)
-    ]).then(([health, total, result]) => {
-      if (result.error) { throw result.error; }
-
-      results.health = health;
-      results.recordsTotal = total.count;
-      results.recordsFiltered = result.hits.total;
-
-      results.graph = graphMerge(req, query, result.aggregations);
-      results.map = mapMerge(result.aggregations);
-
-      if (!result.aggregations) {
-        result.aggregations = {field: {buckets: []}};
-      }
-
-      let aggs = result.aggregations.field.buckets;
-      let filter = { term: {} };
-      let sfilter = { term: {} };
-      query.query.bool.filter.push(filter);
-
-      if (field === 'ip.dst:port') {
-        query.query.bool.filter.push(sfilter);
-      }
-
-      delete query.aggregations.field;
-
-      let queriesInfo = [];
-      function endCb () {
-        queriesInfo = queriesInfo.sort((a, b) => {return b.doc_count - a.doc_count;}).slice(0, size * 2);
-        let queries = queriesInfo.map((item) => {return item.query;});
-
-        Db.msearch(indices, 'session', queries, options, function(err, result) {
-          if (!result.responses) {
-            return res.send(results);
-          }
-
-          result.responses.forEach(function(item, i) {
-            var r = {name: queriesInfo[i].key, count: queriesInfo[i].doc_count};
-
-            r.graph = graphMerge(req, query, result.responses[i].aggregations);
-            if (r.graph.xmin === null) {
-              r.graph.xmin = results.graph.xmin || results.graph.pa1Histo[0][0];
-            }
-
-            if (r.graph.xmax === null) {
-              r.graph.xmax = results.graph.xmax || results.graph.pa1Histo[results.graph.pa1Histo.length - 1][0];
-            }
-
-            r.map = mapMerge(result.responses[i].aggregations);
-            results.items.push(r);
-            r.lpHisto = 0.0;
-            r.dbHisto = 0.0;
-            r.byHisto = 0.0;
-            r.paHisto = 0.0;
-            var graph = r.graph;
-            for (let i = 0; i < graph.lpHisto.length; i++) {
-              r.lpHisto += graph.lpHisto[i][1];
-              r.dbHisto += graph.db1Histo[i][1] + graph.db2Histo[i][1];
-              r.byHisto += graph.by1Histo[i][1] + graph.by2Histo[i][1];
-              r.paHisto += graph.pa1Histo[i][1] + graph.pa2Histo[i][1];
-            }
-            if (results.items.length === result.responses.length) {
-              var s = req.query.sort || 'lpHisto';
-              results.items = results.items.sort(function (a, b) {
-                var result;
-                if (s === 'name') { result = a.name.localeCompare(b.name); }
-                else { result = b[s] - a[s]; }
-                return result;
-              }).slice(0, size);
-              return res.send(results);
-            }
-          });
-        });
-      }
-
-      let intermediateResults = [];
-      function findFileNames () {
-        async.each(intermediateResults, function (fsitem, cb) {
-          let split = fsitem.key.split(':');
-          let node = split[0];
-          let fileId = split[1];
-          Db.fileIdToFile(node, fileId, function (file) {
-            if (file && file.name) {
-              queriesInfo.push({ key: file.name, doc_count: fsitem.doc_count, query: fsitem.query });
-            }
-            cb();
-          });
-        }, function () {
-          endCb();
-        });
-      }
-
-      aggs.forEach((item) => {
-        if (field === 'ip.dst:port') {
-          filter.term.dstIp = item.key;
-          let sep = (item.key.indexOf(":") === -1)? ':' : '.';
-          item.sub.buckets.forEach((sitem) => {
-            sfilter.term.dstPort = sitem.key;
-            queriesInfo.push({key: item.key + sep + sitem.key, doc_count: sitem.doc_count, query: JSON.stringify(query)});
-          });
-        } else if (field === 'fileand') {
-          filter.term.node = item.key;
-          item.sub.buckets.forEach((sitem) => {
-            sfilter.term.fileand = sitem.key;
-            intermediateResults.push({key: filter.term.node + ':' + sitem.key, doc_count: sitem.doc_count, query: JSON.stringify(query)});
-          });
-        } else {
-          filter.term[field] = item.key;
-          queriesInfo.push({key: item.key, doc_count: item.doc_count, query: JSON.stringify(query)});
-        }
-      });
-
-      if (field === 'fileand') { return findFileNames(); }
-
-      return endCb();
-    }).catch((err) => {
-      console.log('spigraph.json error', err);
-      return res.molochError(403, errorString(err));
-    });
-  });
-});
-
-app.get('/spiview.json', [noCacheJson, recordResponseTime, logAction('spiview'), setCookie], (req, res) => {
-
-  if (req.query.spi === undefined) {
-    return res.send({spi:{}, recordsTotal: 0, recordsFiltered: 0});
-  }
-
-  var spiDataMaxIndices = +Config.get("spiDataMaxIndices", 4);
-
-  if (req.query.date === '-1' && spiDataMaxIndices !== -1) {
-    return res.send({spi: {}, bsqErr: "'All' date range not allowed for spiview query"});
-  }
-
-  buildSessionQuery(req, function(bsqErr, query, indices) {
-    if (bsqErr) {
-      var r = {spi: {},
-               bsqErr: bsqErr.toString(),
-               health: Db.healthCache()
-              };
-      return res.send(r);
-    }
-
-    delete query.sort;
-
-    if (!query.aggregations) {
-      query.aggregations = {};
-    }
-
-    if (req.query.facets) {
-      query.aggregations.protocols = {terms: {field: "protocol", size:1000}};
-    }
-
-    queryValueToArray(req.query.spi).forEach(function (item) {
-      var parts = item.split(":");
-      if (parts[0] === "fileand") {
-        query.aggregations[parts[0]] = {terms: {field: "node", size: 1000}, aggregations: {fileId: {terms: {field: "fileId", size: parts.length>1?parseInt(parts[1],10):10}}}};
-      } else {
-        query.aggregations[parts[0]] = {terms: {field: parts[0]}};
-
-        if (parts.length > 1) {
-          query.aggregations[parts[0]].terms.size = parseInt(parts[1], 10);
-        }
-      }
-    });
-    query.size = 0;
-
-    // console.log("spiview.json query", JSON.stringify(query), "indices", indices);
-
-    var graph;
-    var map;
-
-    var indicesa = indices.split(",");
-    if (spiDataMaxIndices !== -1 && indicesa.length > spiDataMaxIndices) {
-      bsqErr = "To save ES from blowing up, reducing number of spi data indices searched from " + indicesa.length + " to " + spiDataMaxIndices + ".  This can be increased by setting spiDataMaxIndices in the config file.  Indices being searched: ";
-      indices = indicesa.slice(-spiDataMaxIndices).join(",");
-      bsqErr += indices;
-    }
-
-    var recordsFiltered = 0;
-    var protocols;
-
-    Promise.all([Db.searchPrimary(indices, 'session', query, null),
-                 Db.numberOfDocuments('sessions2-*'),
-                 Db.healthCachePromise()
-    ]).then(([sessions, total, health]) => {
-      if (Config.debug) {
-        console.log("spiview.json result", util.inspect(sessions, false, 50));
-      }
-
-      if (sessions.error) {
-        bsqErr = errorString(null, sessions);
-        console.log("spiview.json ERROR", (sessions?sessions.error:null));
-        sendResult();
-        return;
-      }
-
-      recordsFiltered = sessions.hits.total;
-
-      if (!sessions.aggregations) {
-        sessions.aggregations = {};
-        for (var spi in query.aggregations) {
-          sessions.aggregations[spi] = {sum_other_doc_count: 0, buckets: []};
-        }
-      }
-
-      if (sessions.aggregations.ipProtocol) {
-        sessions.aggregations.ipProtocol.buckets.forEach(function (item) {
-          item.key = Pcap.protocol2Name(item.key);
-        });
-      }
-
-      if (req.query.facets) {
-        graph = graphMerge(req, query, sessions.aggregations);
-        map = mapMerge(sessions.aggregations);
-        protocols = {};
-        sessions.aggregations.protocols.buckets.forEach(function (item) {
-          protocols[item.key] = item.doc_count;
-        });
-
-        delete sessions.aggregations.dbHisto;
-        delete sessions.aggregations.byHisto;
-        delete sessions.aggregations.mapG1;
-        delete sessions.aggregations.mapG2;
-        delete sessions.aggregations.mapG3;
-        delete sessions.aggregations.protocols;
-      }
-
-      function sendResult() {
-        r = {health: health,
-             recordsTotal: total.count,
-             spi: sessions.aggregations,
-             recordsFiltered: recordsFiltered,
-             graph: graph,
-             map: map,
-             protocols: protocols,
-             bsqErr: bsqErr
-        };
-        res.logCounts(r.spi.count, r.recordsFiltered, r.total);
-        try {
-          res.send(r);
-        } catch (c) {
-        }
-      }
-
-      if (!sessions.aggregations.fileand) {
-        return sendResult();
-      }
-
-      var nresults = [];
-      var sodc = 0;
-      async.each(sessions.aggregations.fileand.buckets, function(nobucket, cb) {
-        sodc += nobucket.fileId.sum_other_doc_count;
-        async.each(nobucket.fileId.buckets, function (fsitem, cb) {
-          Db.fileIdToFile(nobucket.key, fsitem.key, function(file) {
-            if (file && file.name) {
-              nresults.push({key: file.name, doc_count: fsitem.doc_count});
-            }
-            cb();
-          });
-        }, function () {
-          cb();
-        });
-      }, function () {
-        nresults = nresults.sort(function(a, b) {
-          if (a.doc_count === b.doc_count) {
-            return a.key.localeCompare(b.key);
-          }
-          return b.doc_count - a.doc_count;
-        });
-        sessions.aggregations.fileand = {doc_count_error_upper_bound: 0, sum_other_doc_count: sodc, buckets: nresults};
-        return sendResult();
-      });
-    });
-  });
-});
-
-app.get('/dns.json', [noCacheJson, logAction()], function(req, res) {
-  console.log("dns.json", req.query);
-  dns.reverse(req.query.ip, function (err, data) {
-    if (err) {
-      return res.send({hosts: []});
-    }
-    return res.send({hosts: data});
-  });
-});
-
-function buildConnections(req, res, cb) {
-
-  let dstipport;
-  if (req.query.dstField === 'ip.dst:port') {
-    dstipport = true;
-    req.query.dstField = 'dstIp';
-  }
-
-  req.query.srcField       = req.query.srcField || 'srcIp';
-  req.query.dstField       = req.query.dstField || 'dstIp';
-  req.query.iDisplayLength = req.query.iDisplayLength || '5000';
-  let fsrc                 = req.query.srcField;
-  let fdst                 = req.query.dstField;
-  let minConn              = req.query.minConn || 1;
-
-  // If network graph baseline is enabled (enabled: req.query.baseline=1, disabled:req.query.baseline=0 or undefined)
-  //   then two queries will be run (ie., run buildSessionQuery->searchPrimary->process twice): first for the
-  //   original specified time frame and second for the same time frame immediately preceding it.
-  // Nodes have an .inresult attribute where:
-  //   0 = 00 = not in either result set (although you'll never see these, obviously)
-  //   1 = 01 = seen during the "current" time frame but not in the "baseline" time frame (ie., "new")
-  //   2 = 10 = seen during the "baseline" time frame but not in the "current" time frame (ie., "old")
-  //   3 = 11 = seen during both the "current" time frame and the "baseline" time frame
-  // This is only performed where startTime/startTime are defined, and never for "all" time range (date=-1).
-  let doBaseline = 0;
-  if ((req.query.date !== '-1') && (req.query.startTime !== undefined) && (req.query.stopTime !== undefined)) {
-    doBaseline = req.query.baseline || 0;
-  }
-
-  let dstIsIp = fdst.match(/(\.ip|Ip)$/);
-
-  let nodesHash = {};
-  let connects = {};
-  let nodes = [];
-  let links = [];
-  let totalHits = 0;
-
-  let dbFieldsMap = Config.getDBFieldsMap();
-  function updateValues (data, property, fields) {
-    for (let i in fields) {
-      let dbField = fields[i];
-      let field = dbFieldsMap[dbField];
-      if (data.hasOwnProperty(dbField)) {
-        // sum integers
-        if (field.type === 'integer' && field.category !== 'port') {
-          property[dbField] = (property[dbField] || 0) + data[dbField];
-        } else { // make a list of values
-          if (!property[dbField]) { property[dbField] = []; }
-          // make all values an array (because sometimes they are by default)
-          let values = [ data[dbField] ];
-          if (Array.isArray(data[dbField])) {
-            values = data[dbField];
-          }
-          for (let value of values) {
-            property[dbField].push(value);
-          }
-          if (property[dbField] && Array.isArray(property[dbField])) {
-            property[dbField] = [ ...new Set(property[dbField]) ]; // unique only
-          }
-        }
-      }
-    }
-  }
-
-  function process (vsrc, vdst, f, fields, resultId) {
-    // ES 6 is returning formatted timestamps instead of ms like pre 6 did
-    // https://github.com/elastic/elasticsearch/issues/27740
-    if (vsrc.length === 24 && vsrc[23] === 'Z' && vsrc.match(/^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d.\d\d\dZ$/)) {
-      vsrc = new Date(vsrc).getTime();
-    }
-    if (vdst.length === 24 && vdst[23] === 'Z' && vdst.match(/^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d.\d\d\dZ$/)) {
-      vdst = new Date(vdst).getTime();
-    }
-
-    if (nodesHash[vsrc] === undefined) {
-      nodesHash[vsrc] = { id: `${vsrc}`, cnt: 0, sessions: 0, inresult: 0 };
-    }
-
-    nodesHash[vsrc].sessions++;
-    nodesHash[vsrc].type |= 1;
-    nodesHash[vsrc].inresult |= resultId;
-    updateValues(f, nodesHash[vsrc], fields);
-
-    if (nodesHash[vdst] === undefined) {
-      nodesHash[vdst] = { id: `${vdst}`, cnt: 0, sessions: 0, inresult: 0 };
-    }
-
-    nodesHash[vdst].sessions++;
-    nodesHash[vdst].type |= 2;
-    nodesHash[vdst].inresult |= resultId;
-    updateValues(f, nodesHash[vdst], fields);
-
-    let linkId = `${vsrc}->${vdst}`;
-    if (connects[linkId] === undefined) {
-      connects[linkId] = { value: 0, source: vsrc, target: vdst };
-      nodesHash[vsrc].cnt++;
-      nodesHash[vdst].cnt++;
-    }
-
-    connects[linkId].value++;
-    updateValues(f, connects[linkId], fields);
-  }
-
-  // This loop (which handles buildSessionQuery->searchPrimary->process) will be run
-  //   once or twice, depending on if baseline is enabled:
-  //   1. for the "current" time frame, the one specified originally in req.query
-  //   2. for the "baseline" time frame immediately prior to the time frame of "1."
-  //      (only if baseline is enabled)
-  // The call to process() will ensure the resultId value is OR'ed into the .inresult
-  //   attribute of each node.
-  let maxResultId = 1 + ((doBaseline == 0) ? 0 : 1);
-
-  for (let resultId = 1; resultId <= maxResultId; resultId++) {
-
-    if (resultId > 1) {
-      // replace current time frame start/stop values with baseline time frame start/stop values
-      let currentQueryTimes = determineQueryTimes(req);
-      console.log("buildConnections baseline.0", "startTime", currentQueryTimes[0], "stopTime", currentQueryTimes[1])
-      if ((currentQueryTimes[0] !== undefined) && (currentQueryTimes[1] !== undefined)) {
-        let diff = currentQueryTimes[1] - currentQueryTimes[0];
-        req.query.stopTime = currentQueryTimes[0]-1;
-        req.query.startTime = req.query.stopTime-diff;
-        console.log("buildConnections baseline.1", "startTime", req.query.startTime, "stopTime", req.query.stopTime, "diff", diff)
-      }
-    }
-
-    buildSessionQuery(req, function(bsqErr, query, indices) {
-      if (bsqErr) {
-        return cb(bsqErr, 0, 0, 0);
-      }
-      query.query.bool.filter.push({exists: {field: req.query.srcField}});
-      query.query.bool.filter.push({exists: {field: req.query.dstField}});
-
-      // get the requested fields
-      let fields = ['totBytes', 'totDataBytes', 'totPackets', 'node'];
-      if (req.query.fields) { fields = req.query.fields.split(','); }
-      query._source = fields;
-      query.docvalue_fields = [fsrc, fdst];
-
-      if (dstipport) {
-        query._source.push('dstPort');
-      }
-
-      let options;
-      if (req.query.cancelId) { options = { cancelId: `${req.user.userId}::${req.query.cancelId}` }; }
-
-      if (Config.debug) {
-        console.log('buildConnections query', JSON.stringify(query, null, 2));
-      }
-
-      Db.searchPrimary(indices, 'session', query, options, function (err, graph) {
-        if (Config.debug) {
-          console.log('buildConnections result', JSON.stringify(graph, null, 2));
-        }
-
-        if (err || graph.error) {
-          console.log('Build Connections ERROR', err, graph.error);
-          return cb(err || graph.error);
-        }
-
-        async.eachLimit(graph.hits.hits, 10, function (hit, hitCb) {
-          let f = hit._source;
-          f = flattenFields(f);
-
-          let asrc = hit.fields[fsrc];
-          let adst = hit.fields[fdst];
-
-          if (asrc === undefined || adst === undefined) {
-            return setImmediate(hitCb);
-          }
-
-          if (!Array.isArray(asrc)) {
-            asrc = [asrc];
-          }
-
-          if (!Array.isArray(adst)) {
-            adst = [adst];
-          }
-
-          for (let vsrc of asrc) {
-            for (let vdst of adst) {
-              if (dstIsIp && dstipport) {
-                if (vdst.includes(':')) {
-                  vdst += '.' + f.dstPort;
-                } else {
-                  vdst += ':' + f.dstPort;
-                }
-              }
-              process(vsrc, vdst, f, fields, resultId);
-            }
-          }
-          setImmediate(hitCb);
-
-        }, function (err) {
-
-          // accumulate graph.hits.total into totalHits so that recordsFiltered
-          // represents both current and baseline queries if baseline is enabled
-          totalHits += graph.hits.total;
-
-          // only calculate final return values if we are in the last loop iteration
-          if (resultId >= maxResultId) {
-            let nodeKeys = Object.keys(nodesHash);
-            if (Config.get('regressionTests', false)) {
-              nodeKeys = nodeKeys.sort(function (a,b) { return nodesHash[a].id.localeCompare(nodesHash[b].id); });
-            }
-            for (let node of nodeKeys) {
-              if (nodesHash[node].cnt < minConn) {
-                nodesHash[node].pos = -1;
-              } else {
-                nodesHash[node].pos = nodes.length;
-                nodes.push(nodesHash[node]);
-              }
-            }
-
-            for (let key in connects) {
-              var c = connects[key];
-              c.source = nodesHash[c.source].pos;
-              c.target = nodesHash[c.target].pos;
-              if (c.source >= 0 && c.target >= 0) {
-                links.push(connects[key]);
-              }
-            }
-
-            if (Config.debug) {
-              console.log('nodesHash', nodesHash);
-              console.log('connects', connects);
-              console.log('nodes', nodes.length, nodes);
-              console.log('links', links.length, links);
-            }
-
-            return cb(null, nodes, links, totalHits);
-          }
-        });
-      });
-    });
-  }
-}
-
-app.get('/connections.json', [noCacheJson, recordResponseTime, logAction('connections'), setCookie], (req, res) => {
-  let health;
-  Db.healthCache(function (err, h) { health = h; });
-  buildConnections(req, res, function (err, nodes, links, total) {
-    if (err) { return res.molochError(403, err.toString()); }
-    res.send({ health: health, nodes: nodes, links: links, recordsFiltered: total });
-  });
-});
-
-app.get('/connections.csv', logAction(), function(req, res) {
-  noCache(req, res, "text/csv");
-
-  var seperator = req.query.seperator || ",";
-  buildConnections(req, res, function (err, nodes, links, total) {
-    if (err) {
-      return res.send(err);
-    }
-
-    // write out the fields requested
-    let fields = ['totBytes', 'totDataBytes', 'totPackets', 'node'];
-    if (req.query.fields) { fields = req.query.fields.split(','); }
-
-    res.write("Source, Destination, Sessions");
-    let displayFields = {};
-    for (let field of fields) {
-      let fieldsMap = JSON.parse(app.locals.fieldsMap);
-      for (let f in fieldsMap) {
-        if (fieldsMap[f].dbField === field) {
-          let friendlyName = fieldsMap[f].friendlyName;
-          displayFields[field] = fieldsMap[f];
-          res.write(`, ${friendlyName}`);
-        }
-      }
-    }
-    res.write('\r\n');
-
-    for (let i = 0, ilen = links.length; i < ilen; i++) {
-      res.write("\"" + nodes[links[i].source].id.replace('"', '""') + "\"" + seperator +
-                "\"" + nodes[links[i].target].id.replace('"', '""') + "\"" + seperator +
-                     links[i].value + seperator);
-      for (let f = 0, flen = fields.length; f < flen; f++) {
-        res.write(links[i][displayFields[fields[f]].dbField].toString());
-        if (f !== flen - 1) { res.write(seperator); }
-      }
-      res.write('\r\n');
-    }
-
-    res.end();
-  });
-});
-
-function csvListWriter(req, res, list, fields, pcapWriter, extension) {
-  if (list.length > 0 && list[0].fields) {
-    list = list.sort(function(a,b){return a.fields.lastPacket - b.fields.lastPacket;});
-  } else if (list.length > 0 && list[0]._source) {
-    list = list.sort(function(a,b){return a._source.lastPacket - b._source.lastPacket;});
-  }
-
-  var fieldObjects  = Config.getDBFieldsMap();
-
-  if (fields) {
-    var columnHeaders = [];
-    for (let i = 0, ilen = fields.length; i < ilen; ++i) {
-      if (fieldObjects[fields[i]] !== undefined) {
-        columnHeaders.push(fieldObjects[fields[i]].friendlyName);
-      }
-    }
-    res.write(columnHeaders.join(', '));
-    res.write('\r\n');
-  }
-
-  for (var j = 0, jlen = list.length; j < jlen; j++) {
-    var sessionData = flattenFields(list[j]._source || list[j].fields);
-    sessionData._id = list[j]._id;
-
-    if (!fields) { continue; }
-
-    var values = [];
-    for (let k = 0, klen = fields.length; k < klen; ++k) {
-      let value = sessionData[fields[k]];
-      if (fields[k] === 'ipProtocol' && value) {
-        value = Pcap.protocol2Name(value);
-      }
-
-      if (Array.isArray(value)) {
-        let singleValue = '"' + value.join(', ') +  '"';
-        values.push(singleValue);
-      } else {
-        if (value === undefined) {
-          value = '';
-        } else if (typeof(value) === 'string' && value.includes(',')) {
-          if (value.includes('"')) {
-            value = value.replace(/"/g, '""');
-          }
-          value = '"' + value + '"';
-        }
-        values.push(value);
-      }
-    }
-
-    res.write(values.join(','));
-    res.write('\r\n');
-  }
-
-  res.end();
-}
-
-app.get(/\/sessions.csv.*/, logAction(), function(req, res) {
-  noCache(req, res, "text/csv");
-
-  // default fields to display in csv
-  var fields = ["ipProtocol", "firstPacket", "lastPacket", "srcIp", "srcPort", "srcGEO", "dstIp", "dstPort", "dstGEO", "totBytes", "totDataBytes", "totPackets", "node"];
-  // save requested fields because sessionsListFromQuery returns fields with
-  // "rootId" appended onto the end
-  var reqFields = fields;
-
-  if (req.query.fields) {
-    fields = reqFields = queryValueToArray(req.query.fields);
-  }
-
-  if (req.query.ids) {
-    var ids = queryValueToArray(req.query.ids);
-    sessionsListFromIds(req, ids, fields, function(err, list) {
-      csvListWriter(req, res, list, reqFields);
-    });
-  } else {
-    sessionsListFromQuery(req, res, fields, function(err, list) {
-      csvListWriter(req, res, list, reqFields);
-    });
-  }
-});
-
-app.get('/spigraphpie', noCacheJson, logAction(), (req, res) => {
-
-  if (req.query.exp === undefined) {
-    return res.molochError(403, 'Missing exp parameter');
-  }
-
-  let fields = [];
-  let parts = req.query.exp.split(',');
-  for (let i = 0; i < parts.length; i++) {
-    if (internals.scriptAggs[parts[i]] !== undefined) {
-      fields.push(internals.scriptAggs[parts[i]]);
-      continue;
-    }
-    let field = Config.getFieldsMap()[parts[i]];
-    if (!field) {
-      return res.molochError(403, `Unknown expression ${parts[i]}\n`);
-    }
-    fields.push(field);
-  }
-
-  buildSessionQuery(req, function(err, query, indices) {
-    query.size = 0; // Don't need any real results, just aggregations
-    delete query.sort;
-    delete query.aggregations;
-    const size = +req.query.size || 20;
-
-    if (!query.query.bool.must) {
-      query.query.bool.must = [];
-    }
-
-    let lastQ = query;
-    for (let i = 0; i < fields.length; i++) {
-      // Require that each field exists
-      query.query.bool.must.push({ exists: { field: fields[i].dbField } });
-
-      if (fields[i].script) {
-        lastQ.aggregations = {field: {terms: {script: {lang: "painless", source: fields[i].script}, size: size}}};
-      } else {
-        lastQ.aggregations = {field: {terms: {field: fields[i].dbField, size: size}}};
-      }
-      lastQ = lastQ.aggregations.field;
-    }
-
-    if (Config.debug > 2) {
-      console.log('spigraph pie aggregations', indices, JSON.stringify(query, false, 2));
-    }
-
-    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
-      if (err) {
-        console.log('spigraphpie ERROR', err);
-        res.status(400);
-        return res.end(err);
-      }
-
-      if (Config.debug > 2) {
-        console.log('result', JSON.stringify(result, false, 2));
-      }
-
-      // format the data for the pie graph
-      let pieResults = { name: 'Top Talkers', children: [] };
-      function addDataToPie (buckets, addTo) {
-        for (let i = 0; i < buckets.length; i++) {
-          let bucket = buckets[i];
-          addTo.push({
-            name: bucket.key,
-            size: bucket.doc_count
-          });
-          if (bucket.field) {
-            addTo[i].children = [];
-            addTo[i].size = undefined; // size is interpreted from children
-            addTo[i].sizeValue = bucket.doc_count; // keep sizeValue for display
-            addDataToPie(bucket.field.buckets, addTo[i].children);
-          }
-        }
-      }
-
-      let grandparent;
-      let tableResults = [];
-      // assumes only 3 levels deep
-      function addDataToTable (buckets, parent) {
-        for (let i = 0; i < buckets.length; i++) {
-          let bucket = buckets[i];
-          if (bucket.field) {
-            if (parent) { grandparent = parent; }
-            addDataToTable(bucket.field.buckets, {
-              name: bucket.key,
-              size: bucket.doc_count
-            });
-          } else {
-            tableResults.push({
-              parent: parent,
-              grandparent: grandparent,
-              name: bucket.key,
-              size: bucket.doc_count
-            });
-          }
-        }
-      }
-
-      addDataToPie(result.aggregations.field.buckets, pieResults.children);
-      addDataToTable(result.aggregations.field.buckets);
-
-      return res.send({success:true, pieResults: pieResults, tableResults: tableResults});
-    });
-  });
-});
-
-app.get('/multiunique.txt', logAction(), function(req, res) {
-  noCache(req, res, 'text/plain; charset=utf-8');
-
-  if (req.query.exp === undefined) {
-    return res.send("Missing exp parameter");
-  }
-
-  let fields = [];
-  let parts = req.query.exp.split(',');
-  for (let i = 0; i < parts.length; i++) {
-    let field = Config.getFieldsMap()[parts[i]];
-    if (!field) {
-      return res.send(`Unknown expression ${parts[i]}\n`);
-    }
-    fields.push(field);
-  }
-
-  let separator = req.query.separator || ', ';
-  let doCounts = parseInt(req.query.counts, 10) || 0;
-
-  let results = [];
-  function printUnique(buckets, line) {
-    for (let i = 0; i < buckets.length; i++) {
-      if (buckets[i].field) {
-        printUnique(buckets[i].field.buckets, line + buckets[i].key + separator);
-      } else {
-        results.push({line: line + buckets[i].key, count: buckets[i].doc_count});
-      }
-    }
-  }
-
-  buildSessionQuery(req, function(err, query, indices) {
-    delete query.sort;
-    delete query.aggregations;
-    query.size = 0;
-
-    if (!query.query.bool.must) {
-      query.query.bool.must = [];
-    }
-
-    let lastQ = query;
-    for (let i = 0; i < fields.length; i++) {
-      query.query.bool.must.push({ exists: { field: fields[i].dbField } });
-      lastQ.aggregations = {field: { terms : {field : fields[i].dbField, size: +Config.get('maxAggSize', 10000)}}};
-      lastQ = lastQ.aggregations.field;
-    }
-
-    if (Config.debug > 2) {
-      console.log("multiunique aggregations", indices, JSON.stringify(query, false, 2));
-    }
-    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
-      if (err) {
-        console.log('multiunique ERROR', err);
-        res.status(400);
-        return res.end(err);
-      }
-
-      if (Config.debug > 2) {
-        console.log('result', JSON.stringify(result, false, 2));
-      }
-      printUnique(result.aggregations.field.buckets, "");
-
-      if (req.query.sort !== 'field') {
-        results = results.sort(function(a, b) {return b.count - a.count;});
-      }
-
-      if (doCounts) {
-        for (let i = 0; i < results.length; i++) {
-          res.write(results[i].line + separator + results[i].count + '\n');
-        }
-      } else {
-        for (let i = 0; i < results.length; i++) {
-          res.write(results[i].line + '\n');
-        }
-      }
-      return res.end();
-    });
-  });
-});
-
-app.get('/unique.txt', [logAction(), fieldToExp], function(req, res) {
-  noCache(req, res, 'text/plain; charset=utf-8');
-
-  if (req.query.field === undefined && req.query.exp === undefined) {
-    return res.send('Missing field or exp parameter');
-  }
-
-  /* How should the results be written.  Use setImmediate to not blow stack frame */
-  let writeCb;
-  let doneCb;
-  let items = [];
-  let aggSize = +Config.get('maxAggSize', 10000);
-
-  if (req.query.autocomplete !== undefined) {
-    if (!Config.get('valueAutoComplete', !Config.get('multiES', false))) {
-      res.send([]);
-      return;
-    }
-
-    let spiDataMaxIndices = +Config.get('spiDataMaxIndices', 4);
-    if (spiDataMaxIndices !== -1) {
-      if (req.query.date === '-1' ||
-          (req.query.date !== undefined && +req.query.date > spiDataMaxIndices)) {
-        console.log(`INFO For autocomplete replacing date=${safeStr(req.query.date)} with ${spiDataMaxIndices}`);
-        req.query.date = spiDataMaxIndices;
-      }
-    }
-
-    aggSize = 1000; // lower agg size for autocomplete
-    doneCb = function() {
-      res.send(items);
-    };
-    writeCb = function (item) {
-      items.push(item.key);
-    };
-  } else if (parseInt(req.query.counts, 10) || 0) {
-    writeCb = function (item) {
-      res.write(`${item.key}, ${item.doc_count}\n`);
-    };
-  } else {
-    writeCb = function (item) {
-      res.write(`${item.key}\n`);
-    };
-  }
-
-  /* How should each item be processed. */
-  let eachCb = writeCb;
-
-  if (req.query.field.match(/(ip.src:port.src|a1:p1|srcIp:srtPort|ip.src:srcPort|ip.dst:port.dst|a2:p2|dstIp:dstPort|ip.dst:dstPort)/)) {
-    eachCb = function(item) {
-      let sep = (item.key.indexOf(':') === -1)? ':' : '.';
-      item.field2.buckets.forEach((item2) => {
-        item2.key = item.key + sep + item2.key;
-        writeCb(item2);
-      });
-    };
-  }
-
-  buildSessionQuery(req, function(err, query, indices) {
-    delete query.sort;
-    delete query.aggregations;
-
-    if (req.query.field.match(/(ip.src:port.src|a1:p1|srcIp:srcPort|ip.src:srcPort)/)) {
-      query.aggregations = {field: { terms : {field : 'srcIp', size: aggSize}, aggregations: {field2: {terms: {field: 'srcPort', size: 100}}}}};
-    } else if (req.query.field.match(/(ip.dst:port.dst|a2:p2|dstIp:dstPort|ip.dst:dstPort)/)) {
-      query.aggregations = {field: { terms : {field : 'dstIp', size: aggSize}, aggregations: {field2: {terms: {field: 'dstPort', size: 100}}}}};
-    } else if (req.query.field === 'fileand') {
-      query.aggregations = { field: { terms : { field : 'node', size: aggSize }, aggregations: { field2: { terms: { field: 'fileId', size: 100 } } } } };
-    } else {
-      query.aggregations = {field: { terms : {field : req.query.field, size: aggSize}}};
-    }
-
-    query.size = 0;
-    console.log('unique aggregations', indices, JSON.stringify(query));
-
-    function findFileNames (result) {
-      let intermediateResults = [];
-      let aggs = result.aggregations.field.buckets;
-      aggs.forEach((item) => {
-        item.field2.buckets.forEach((sitem) => {
-          intermediateResults.push({ key: item.key + ':' + sitem.key, doc_count: sitem.doc_count });
-        });
-      });
-
-      async.each(intermediateResults, (fsitem, cb) => {
-        let split = fsitem.key.split(':');
-        let node = split[0];
-        let fileId = split[1];
-        Db.fileIdToFile(node, fileId, function (file) {
-          if (file && file.name) {
-            eachCb({key: file.name, doc_count: fsitem.doc_count });
-          }
-          cb();
-        });
-      }, function () {
-        return res.end();
-      });
-    }
-
-    Db.searchPrimary(indices, 'session', query, null, function (err, result) {
-      if (err) {
-        console.log('Error', query, err);
-        return doneCb?doneCb():res.end();
-      }
-      if (Config.debug) {
-        console.log('unique.txt result', util.inspect(result, false, 50));
-      }
-      if (!result.aggregations || !result.aggregations.field) {
-        return doneCb ? doneCb() : res.end();
-      }
-
-
-      if (req.query.field === 'fileand') {
-        return findFileNames(result);
-      }
-
-      for (let i = 0, ilen = result.aggregations.field.buckets.length; i < ilen; i++) {
-        eachCb(result.aggregations.field.buckets[i]);
-      }
-
-      return doneCb ? doneCb() : res.end();
-    });
-  });
-});
-
-function processSessionIdDisk(session, headerCb, packetCb, endCb, limit) {
-  let fields;
-
-  function processFile(pcap, pos, i, nextCb) {
-    pcap.ref();
-    pcap.readPacket(pos, function(packet) {
-      switch(packet) {
-      case null:
-        let msg = util.format(session._id, "in file", pcap.filename, "couldn't read packet at", pos, "packet #", i, "of", fields.packetPos.length);
-        console.log("ERROR - processSessionIdDisk -", msg);
-        endCb(msg, null);
-        break;
-      case undefined:
-        break;
-      default:
-        packetCb(pcap, packet, nextCb, i);
-        break;
-      }
-      pcap.unref();
-    });
-  }
-
-  fields = session._source || session.fields;
-
-  var fileNum;
-  var itemPos = 0;
-  async.eachLimit(fields.packetPos, limit || 1, function(pos, nextCb) {
-    if (pos < 0) {
-      fileNum = pos * -1;
-      return nextCb(null);
-    }
-
-    // Get the pcap file for this node a filenum, if it isn't opened then do the filename lookup and open it
-    var opcap = Pcap.get(fields.node + ":" + fileNum);
-    if (!opcap.isOpen()) {
-      Db.fileIdToFile(fields.node, fileNum, function(file) {
-        if (!file) {
-          console.log("WARNING - Only have SPI data, PCAP file no longer available.  Couldn't look up in file table", fields.node + '-' + fileNum);
-          return nextCb("Only have SPI data, PCAP file no longer available for " + fields.node + '-' + fileNum);
-        }
-        if (file.kekId) {
-          file.kek = Config.sectionGet("keks", file.kekId, undefined);
-          if (file.kek === undefined) {
-            console.log("ERROR - Couldn't find kek", file.kekId, "in keks section");
-            return nextCb("Couldn't find kek " + file.kekId + " in keks section");
-          }
-        }
-
-        var ipcap = Pcap.get(fields.node + ":" + file.num);
-
-        try {
-          ipcap.open(file.name, file);
-        } catch (err) {
-          console.log("ERROR - Couldn't open file ", err);
-          return nextCb("Couldn't open file " + err);
-        }
-
-        if (headerCb) {
-          headerCb(ipcap, ipcap.readHeader());
-          headerCb = null;
-        }
-        processFile(ipcap, pos, itemPos++, nextCb);
-      });
-    } else {
-      if (headerCb) {
-        headerCb(opcap, opcap.readHeader());
-        headerCb = null;
-      }
-      processFile(opcap, pos, itemPos++, nextCb);
-    }
-  },
-  function (pcapErr, results) {
-    endCb(pcapErr, fields);
-  });
-}
-
-function processSessionId(id, fullSession, headerCb, packetCb, endCb, maxPackets, limit) {
-  var options;
-  if (!fullSession) {
-    options  = { _source: 'node,totPackets,packetLen,packetPos,srcIp,srcPort,ipProtocol' };
-  }
-
-  Db.getWithOptions(Db.sid2Index(id), 'session', Db.sid2Id(id), options, function(err, session) {
-    if (err || !session.found) {
-      console.log("session get error", err, session);
-      return endCb("Session not found", null);
-    }
-
-    var fields = session._source || session.fields;
-
-    if (maxPackets && fields.packetPos.length > maxPackets) {
-      fields.packetPos.length = maxPackets;
-    }
-
-    /* Go through the list of prefetch the id to file name if we are running in parallel to
-     * reduce the number of elasticsearch queries and problems
-     */
-    let outstanding = 0, i, ilen;
-
-    function fileReadyCb (fileInfo) {
-      outstanding--;
-      if (i === ilen && outstanding === 0) {
-        readyToProcess();
-      }
-    }
-
-    for (i = 0, ilen = fields.packetPos.length; i < ilen; i++) {
-      if (fields.packetPos[i] < 0) {
-        outstanding++;
-        Db.fileIdToFile(fields.node, -1 * fields.packetPos[i], fileReadyCb);
-      }
-    }
-
-    function readyToProcess() {
-      var pcapWriteMethod = Config.getFull(fields.node, "pcapWriteMethod");
-      var psid = processSessionIdDisk;
-      var writer = internals.writers[pcapWriteMethod];
-      if (writer && writer.processSessionId) {
-        psid = writer.processSessionId;
-      }
-
-      psid(session, headerCb, packetCb, function (err, fields) {
-        if (!fields) {
-          return endCb(err, fields);
-        }
-
-        if (!fields.tags) {
-          fields.tags = [];
-        }
-
-        fixFields(fields, endCb);
-      }, limit);
-    }
-  });
-}
-
-function processSessionIdAndDecode(id, numPackets, doneCb) {
-  var packets = [];
-  processSessionId(id, true, null, function (pcap, buffer, cb, i) {
-    var obj = {};
-    if (buffer.length > 16) {
-      pcap.decode(buffer, obj);
-    } else {
-      obj = {ip: {p: ""}};
-    }
-    packets[i] = obj;
-    cb(null);
-  },
-  function(err, session) {
-    if (err) {
-      console.log("ERROR - processSessionIdAndDecode", err);
-      return doneCb(err);
-    }
-    packets = packets.filter(Boolean);
-    if (packets.length === 0) {
-      return doneCb(null, session, []);
-    } else if (packets[0].ip === undefined) {
-      return doneCb(null, session, []);
-    } else if (packets[0].ip.p === 1) {
-      Pcap.reassemble_icmp(packets, numPackets, function(err, results) {
-        return doneCb(err, session, results);
-      });
-    } else if (packets[0].ip.p === 6) {
-      var key = session.srcIp;
-      Pcap.reassemble_tcp(packets, numPackets, key + ':' + session.srcPort, function(err, results) {
-        return doneCb(err, session, results);
-      });
-    } else if (packets[0].ip.p === 17) {
-      Pcap.reassemble_udp(packets, numPackets, function(err, results) {
-        return doneCb(err, session, results);
-      });
-    } else if (packets[0].ip.p === 132) {
-      Pcap.reassemble_sctp(packets, numPackets, function(err, results) {
-        return doneCb(err, session, results);
-      });
-    } else {
-      return doneCb(null, session, []);
-    }
-  },
-  numPackets, 10);
-}
-
-function localSessionDetailReturnFull(req, res, session, incoming) {
-  if (req.packetsOnly) { // only return packets
-    res.render('sessionPackets.pug', {
-      filename: 'sessionPackets',
-      cache: isProduction(),
-      compileDebug: !isProduction(),
-      user: req.user,
-      session: session,
-      data: incoming,
-      reqPackets: req.query.packets,
-      query: req.query,
-      basedir: "/",
-      reqFields: Config.headers("headers-http-request"),
-      resFields: Config.headers("headers-http-response"),
-      emailFields: Config.headers("headers-email"),
-      showFrames: req.query.showFrames
-    }, function(err, data) {
-      if (err) {
-        console.trace("ERROR - localSession - ", err);
-        return req.next(err);
-      }
-      res.send(data);
-    });
-  } else { // return SPI data and packets
-    res.send("HOW DID I GET HERE?");
-    console.trace("HOW DID I GET HERE");
-  }
-}
-
-function localSessionDetailReturn(req, res, session, incoming) {
-  //console.log("ALW", JSON.stringify(incoming));
-  var numPackets = req.query.packets || 200;
-  if (incoming.length > numPackets) {
-    incoming.length = numPackets;
-  }
-
-  if (incoming.length === 0) {
-    return localSessionDetailReturnFull(req, res, session, []);
-  }
-
-  var options = {
-    id: session.id,
-    nodeName: req.params.nodeName,
-    order: [],
-    "ITEM-HTTP": {
-      order: []
-    },
-    "ITEM-SMTP": {
-      order: []
-    },
-    "ITEM-CB": {
-    }
-  };
-
-  if (req.query.needgzip) {
-    options["ITEM-HTTP"].order.push("BODY-UNCOMPRESS");
-    options["ITEM-SMTP"].order.push("BODY-UNBASE64");
-    options["ITEM-SMTP"].order.push("BODY-UNCOMPRESS");
-  }
-
-  options.order.push("ITEM-HTTP");
-  options.order.push("ITEM-SMTP");
-
-  var decodeOptions = JSON.parse(req.query.decode || "{}");
-  for (var key in decodeOptions) {
-    if (key.match(/^ITEM/)) {
-      options.order.push(key);
-    } else {
-      options["ITEM-HTTP"].order.push(key);
-      options["ITEM-SMTP"].order.push(key);
-    }
-    options[key] = decodeOptions[key];
-  }
-
-  if (req.query.needgzip) {
-    options["ITEM-HTTP"].order.push("BODY-UNCOMPRESS");
-    options["ITEM-SMTP"].order.push("BODY-UNCOMPRESS");
-  }
-
-  options.order.push("ITEM-BYTES");
-  options.order.push("ITEM-SORTER");
-  if (req.query.needimage) {
-    options.order.push("ITEM-LINKBODY");
-  }
-  if (req.query.base === "hex") {
-    options.order.push("ITEM-HEX");
-    options["ITEM-HEX"]= {showOffsets: req.query.line === "true"};
-  } else if (req.query.base === "ascii") {
-    options.order.push("ITEM-ASCII");
-  } else if (req.query.base === "utf8") {
-    options.order.push("ITEM-UTF8");
-  } else {
-    options.order.push("ITEM-NATURAL");
-  }
-  options.order.push("ITEM-CB");
-  options["ITEM-CB"].cb = function(err, outgoing) {
-    localSessionDetailReturnFull(req, res, session, outgoing);
-  };
-
-  if (Config.debug) {
-    console.log("Pipeline options", options);
-  }
-
-  decode.createPipeline(options, options.order, new decode.Pcap2ItemStream(options, incoming));
-}
-
-function sortFields(session) {
-  if (session.tags) {
-    session.tags = session.tags.sort();
-  }
-  if (session.http) {
-    if (session.http.requestHeader) {
-      session.http.requestHeader = session.http.requestHeader.sort();
-    }
-    if (session.http.responseHeader) {
-      session.http.responseHeader = session.http.responseHeader.sort();
-    }
-  }
-  if (session.email && session.email.headers) {
-    session.email.headers = session.email.headers.sort();
-  }
-  if (session.ipProtocol) {
-    session.ipProtocol = Pcap.protocol2Name(session.ipProtocol);
-  }
-}
-
-
-function localSessionDetail(req, res) {
-  if (!req.query) {
-    req.query = { gzip: false, line: false, base: "natural", packets: 200 };
-  }
-
-  req.query.needgzip = req.query.gzip === "true" || false;
-  req.query.needimage = req.query.image === "true" || false;
-  req.query.line = req.query.line  || false;
-  req.query.base = req.query.base  || "ascii";
-  req.query.showFrames = req.query.showFrames === 'true' || false;
-
-  var packets = [];
-  processSessionId(req.params.id, !req.packetsOnly, null, function (pcap, buffer, cb, i) {
-    var obj = {};
-    if (buffer.length > 16) {
-      try {
-        pcap.decode(buffer, obj);
-      } catch (e) {
-        obj = {ip: {p: "Error decoding" + e}};
-        console.trace("loadSessionDetail error", e.stack);
-      }
-    } else {
-      obj = {ip: {p: "Empty"}};
-    }
-    packets[i] = obj;
-    cb(null);
-  },
-  function(err, session) {
-    if (err) {
-      return res.end("Problem loading packets for " + safeStr(req.params.id) + " Error: " + err);
-    }
-    session.id = req.params.id;
-    sortFields(session);
-
-    if (req.query.showFrames && packets.length !== 0) {
-      Pcap.packetFlow(session, packets, +req.query.packets || 200, function (err, results, sourceKey, destinationKey) {
-        session._err = err;
-        session.sourceKey = sourceKey;
-        session.destinationKey = destinationKey;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else if (packets.length === 0) {
-      session._err = "No pcap data found";
-      localSessionDetailReturn(req, res, session, []);
-    } else if (packets[0].ip === undefined) {
-      session._err = "Couldn't decode pcap file, check viewer log";
-      localSessionDetailReturn(req, res, session, []);
-    } else if (packets[0].ip.p === 1) {
-      Pcap.reassemble_icmp(packets, +req.query.packets || 200, function(err, results) {
-        session._err = err;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else if (packets[0].ip.p === 6) {
-      var key = session.srcIp;
-      Pcap.reassemble_tcp(packets, +req.query.packets || 200, key + ':' + session.srcPort, function(err, results) {
-        session._err = err;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else if (packets[0].ip.p === 17) {
-      Pcap.reassemble_udp(packets, +req.query.packets || 200, function(err, results) {
-        session._err = err;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else if (packets[0].ip.p === 132) {
-      Pcap.reassemble_sctp(packets, +req.query.packets || 200, function(err, results) {
-        session._err = err;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else if (packets[0].ip.p === 50) {
-      Pcap.reassemble_esp(packets, +req.query.packets || 200, function(err, results) {
-        session._err = err;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else if (packets[0].ip.p === 58) {
-      Pcap.reassemble_icmp(packets, +req.query.packets || 200, function(err, results) {
-        session._err = err;
-        localSessionDetailReturn(req, res, session, results || []);
-      });
-    } else {
-      session._err = "Unknown ip.p=" + packets[0].ip.p;
-      localSessionDetailReturn(req, res, session, []);
-    }
-  },
-  req.query.needimage?10000:400, 10);
-}
-
-/**
- * Get SPI data for a session
- */
-app.get('/:nodeName/session/:id/detail', cspHeader, logAction(), (req, res) => {
-  Db.getWithOptions(Db.sid2Index(req.params.id), 'session', Db.sid2Id(req.params.id), {}, function(err, session) {
-    if (err || !session.found) {
-      return res.end("Couldn't look up SPI data, error for session " + safeStr(req.params.id) + " Error: " +  err);
-    }
-
-    session = session._source;
-
-    session.id = req.params.id;
-
-    sortFields(session);
-
-    let hidePackets = (session.fileId === undefined || session.fileId.length === 0)?"true":"false";
-    fixFields(session, () => {
-      pug.render(internals.sessionDetailNew, {
-        filename    : "sessionDetail",
-        cache       : isProduction(),
-        compileDebug: !isProduction(),
-        user        : req.user,
-        session     : session,
-        Db          : Db,
-        query       : req.query,
-        basedir     : "/",
-        hidePackets : hidePackets,
-        reqFields   : Config.headers("headers-http-request"),
-        resFields   : Config.headers("headers-http-response"),
-        emailFields : Config.headers("headers-email")
-      }, function(err, data) {
-        if (err) {
-          console.trace("ERROR - fixFields - ", err);
-          return req.next(err);
-        }
-        if (Config.debug > 1) {
-          console.log("Detail Rendering", data.replace(/>/g, ">\n"));
-        }
-        res.send(data);
-      });
-    });
-  });
-});
-
-/**
- * Get Session Packets
- */
-app.get('/:nodeName/session/:id/packets', [logAction(), checkPermissions(['hidePcap'])], (req, res) => {
-  isLocalView(req.params.nodeName, function () {
-    noCache(req, res);
-    req.packetsOnly = true;
-    localSessionDetail(req, res);
-  },
-  function () {
-    return proxyRequest(req, res);
-  });
-});
-
-function reqGetRawBody(req, cb) {
-  processSessionIdAndDecode(req.params.id, 10000, function(err, session, incoming) {
-    if (err) {
-      return cb(err);
-    }
-
-
-    if (incoming.length === 0) {
-      return cb(null, null);
-    }
-
-    var options = {
-      id: session.id,
-      nodeName: req.params.nodeName,
-      order: [],
-      "ITEM-HTTP": {
-        order: []
-      },
-      "ITEM-SMTP": {
-        order: ["BODY-UNBASE64"]
-      },
-      "ITEM-CB": {
-      },
-      "ITEM-RAWBODY": {
-        bodyNumber: +req.params.bodyNum
-      }
-    };
-
-    if (req.query.needgzip) {
-      options["ITEM-HTTP"].order.push("BODY-UNCOMPRESS");
-      options["ITEM-SMTP"].order.push("BODY-UNCOMPRESS");
-    }
-
-    options.order.push("ITEM-HTTP");
-    options.order.push("ITEM-SMTP");
-
-    options.order.push("ITEM-RAWBODY");
-    options.order.push("ITEM-CB");
-    options["ITEM-CB"].cb = function(err, items) {
-      if (err) {
-        return cb(err);
-      }
-      if (items === undefined || items.length === 0) {
-        return cb("No match");
-      }
-      cb(err, items[0].data);
-    };
-
-    decode.createPipeline(options, options.order, new decode.Pcap2ItemStream(options, incoming));
-  });
-}
-
-app.get('/:nodeName/:id/body/:bodyType/:bodyNum/:bodyName', checkProxyRequest, function(req, res) {
-  reqGetRawBody(req, function (err, data) {
-    if (err) {
-      console.trace(err);
-      return res.end("Error");
-    }
-    res.setHeader("Content-Type", "application/force-download");
-    res.setHeader("Content-Disposition", "attachment; filename="+req.params.bodyName);
-    return res.end(data);
-  });
-});
-
-app.get('/:nodeName/:id/bodypng/:bodyType/:bodyNum/:bodyName', checkProxyRequest, function(req, res) {
-  reqGetRawBody(req, function (err, data) {
-    if (err || data === null || data.length === 0) {
-      return res.send (internals.emptyPNG);
-    }
-    res.setHeader("Content-Type", "image/png");
-
-    var png = new PNG({width: internals.PNG_LINE_WIDTH, height: Math.ceil(data.length/internals.PNG_LINE_WIDTH)});
-    png.data = data;
-    res.send(PNG.sync.write(png, {inputColorType:0, colorType: 0, bitDepth:8, inputHasAlpha:false}));
-  });
-});
-
-/**
- * Get a file given a hash of that file
- */
-
-app.get('/bodyHash/:hash', logAction('bodyhash'), function(req, res) {
-  var hash = null;
-  var nodeName = null;
-  var sessionID = null;
-
-  buildSessionQuery(req, function(bsqErr, query, indices) {
-    if (bsqErr) {
-      res.status(400);
-      return res.end(bsqErr);
-    }
-
-    query.size = 1;
-    query.sort = { lastPacket: { order: 'desc' } };
-    query._source = ["node"];
-
-    if (Config.debug) {
-      console.log(`sessions.json ${indices} query`, JSON.stringify(query, null, 1));
-    }
-    Db.searchPrimary(indices, 'session', query, null, function (err, sessions) {
-      if (err ) {
-        console.log ("Error -> Db Search ", err);
-        res.status(400);
-        res.end(err);
-      } else if (sessions.error) {
-        console.log ("Error -> Db Search ", sessions.error);
-        res.status(400);
-        res.end(sessions.error);
-      } else {
-          if (Config.debug) {
-            console.log("bodyHash result", util.inspect(sessions, false, 50));
-          }
-          if (sessions.hits.hits.length > 0) {
-
-            nodeName = sessions.hits.hits[0]._source.node;
-            sessionID = Db.session2Sid(sessions.hits.hits[0]);
-            hash = req.params.hash;
-
-            isLocalView(nodeName, function () { // get file from the local disk
-              localGetItemByHash (nodeName, sessionID, hash, (err, item) => {
-                if (err) {
-                  res.status(400);
-                  return res.end(err);
-                } else if (item) {
-                  noCache(req, res, 'application/force-download');
-                  res.setHeader("content-disposition", "attachment; filename="+ item.bodyName+".pellet");
-                  return res.end(item.data);
-                } else {
-                  res.status(400);
-                  return res.end("No Match");
-                }
-              });
-            },
-            function () { // get file from the remote disk
-              var preq = util._extend({},req);
-              preq.params.nodeName = nodeName;
-              preq.params.id = sessionID;
-              preq.params.hash = hash;
-              preq.url = Config.basePath(nodeName) + nodeName + '/' + sessionID + '/bodyHash/' + hash;
-              return proxyRequest(preq, res);
-            });
-          }
-          else {
-            res.status(400);
-            res.end ("No Match Found");
-          }
-      }
-    });
-  });
-});
-
-app.get('/:nodeName/:id/bodyHash/:hash', checkProxyRequest, function(req, res) {
-  localGetItemByHash (req.params.nodeName, req.params.id, req.params.hash, (err, item) => {
-    if (err) {
-       res.status(400);
-       return res.end(err);
-    } else if (item) {
-      noCache(req, res, 'application/force-download');
-      res.setHeader("content-disposition", "attachment; filename="+ item.bodyName+".pellet");
-      return res.end(item.data);
-    } else {
-      res.status(400);
-      return res.end("No Match");
-    }
-  });
-});
-
-function localGetItemByHash(nodeName, sessionID, hash, cb) {
-  processSessionIdAndDecode(sessionID, 10000, function(err, session, incoming) {
-    if (err) {
-      return cb(err);
-    }
-    if (incoming.length === 0) {
-      return cb(null, null);
-    }
-    var options = {
-      id: sessionID,
-      nodeName: nodeName,
-      order: [],
-      "ITEM-HTTP": {
-        order: []
-      },
-      "ITEM-SMTP": {
-        order: ["BODY-UNBASE64"]
-      },
-      "ITEM-HASH": {
-        hash: hash
-      },
-      "ITEM-CB": {
-      }
-    };
-
-    options.order.push("ITEM-HTTP");
-    options.order.push("ITEM-SMTP");
-    options.order.push("ITEM-HASH");
-    options.order.push("ITEM-CB");
-    options["ITEM-CB"].cb = function(err, items) {
-      if (err) {
-        return cb(err, null);
-      }
-      if (items === undefined || items.length === 0) {
-        return cb("No match", null);
-      }
-      return cb(err, items[0]);
-    };
-    decode.createPipeline(options, options.order, new decode.Pcap2ItemStream(options, incoming));
-  });
-}
-
-function writePcap(res, id, options, doneCb) {
-  var b = Buffer.alloc(0xfffe);
-  var nextPacket = 0;
-  var boffset = 0;
-  var packets = {};
-
-  processSessionId(id, false, function (pcap, buffer) {
-    if (options.writeHeader) {
-      res.write(buffer);
-      options.writeHeader = false;
-    }
-  },
-  function (pcap, buffer, cb, i) {
-    // Save this packet in its spot
-    packets[i] = buffer;
-
-    // Send any packets we have in order
-    while (packets[nextPacket]) {
-      buffer = packets[nextPacket];
-      delete packets[nextPacket];
-      nextPacket++;
-
-      if (boffset + buffer.length > b.length) {
-        res.write(b.slice(0, boffset));
-        boffset = 0;
-        b = Buffer.alloc(0xfffe);
-      }
-      buffer.copy(b, boffset, 0, buffer.length);
-      boffset += buffer.length;
-    }
-    cb(null);
-  },
-  function(err, session) {
-    if (err) {
-      console.trace("writePcap", err);
-      return doneCb(err);
-    }
-    res.write(b.slice(0, boffset));
-    doneCb(err);
-  }, undefined, 10);
-}
-
-function writePcapNg(res, id, options, doneCb) {
-  var b = Buffer.alloc(0xfffe);
-  var boffset = 0;
-
-  processSessionId(id, true, function (pcap, buffer) {
-    if (options.writeHeader) {
-      res.write(pcap.getHeaderNg());
-      options.writeHeader = false;
-    }
-  },
-  function (pcap, buffer, cb) {
-    if (boffset + buffer.length + 20 > b.length) {
-      res.write(b.slice(0, boffset));
-      boffset = 0;
-      b = Buffer.alloc(0xfffe);
-    }
-
-    /* Need to write the ng block, and conver the old timestamp */
-
-    b.writeUInt32LE(0x00000006, boffset);               // Block Type
-    var len = ((buffer.length + 20 + 3) >> 2) << 2;
-    b.writeUInt32LE(len, boffset + 4);                  // Block Len 1
-    b.writeUInt32LE(0, boffset + 8);                    // Interface Id
-
-    // js has 53 bit numbers, this will over flow on Jun 05 2255
-    var time = buffer.readUInt32LE(0)*1000000 + buffer.readUInt32LE(4);
-    b.writeUInt32LE(Math.floor(time / 0x100000000), boffset + 12);         // Block Len 1
-    b.writeUInt32LE(time % 0x100000000, boffset + 16);   // Interface Id
-
-    buffer.copy(b, boffset + 20, 8, buffer.length - 8);     // cap_len, packet_len
-    b.fill(0, boffset + 12 + buffer.length, boffset + 12 + buffer.length + (4 - (buffer.length%4)) % 4);   // padding
-    boffset += len - 8;
-
-    b.writeUInt32LE(0, boffset);                        // Options
-    b.writeUInt32LE(len, boffset+4);                    // Block Len 2
-    boffset += 8;
-
-    cb(null);
-  },
-  function(err, session) {
-    if (err) {
-      console.log("writePcapNg", err);
-      return;
-    }
-    res.write(b.slice(0, boffset));
-
-    session.version = molochversion.version;
-    delete session.packetPos;
-    var json = JSON.stringify(session);
-
-    var len = ((json.length + 20 + 3) >> 2) << 2;
-    b = Buffer.alloc(len);
-
-    b.writeUInt32LE(0x80808080, 0);               // Block Type
-    b.writeUInt32LE(len, 4);                      // Block Len 1
-    b.write("MOWL", 8);                           // Magic
-    b.writeUInt32LE(json.length, 12);             // Block Len 1
-    b.write(json, 16);                            // Magic
-    b.fill(0, 16 + json.length, 16 + json.length + (4 - (json.length%4)) % 4);   // padding
-    b.writeUInt32LE(len, len-4);                  // Block Len 2
-    res.write(b);
-
-    doneCb(err);
-  });
-}
-
-app.get('/:nodeName/pcapng/:id.pcapng', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], (req, res) => {
-  noCache(req, res, "application/vnd.tcpdump.pcap");
-  writePcapNg(res, req.params.id, {writeHeader: !req.query || !req.query.noHeader || req.query.noHeader !== "true"}, function () {
-    res.end();
-  });
-});
-
-app.get('/:nodeName/pcap/:id.pcap', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], (req, res) => {
-  noCache(req, res, "application/vnd.tcpdump.pcap");
-
-  writePcap(res, req.params.id, {writeHeader: !req.query || !req.query.noHeader || req.query.noHeader !== "true"}, function () {
-    res.end();
-  });
-});
-
-app.get('/:nodeName/raw/:id.png', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], function(req, res) {
-  noCache(req, res, "image/png");
-
-  processSessionIdAndDecode(req.params.id, 1000, function(err, session, results) {
-    if (err) {
-      return res.send (internals.emptyPNG);
-    }
-    var size = 0;
-    var i, ilen;
-    for (i = (req.query.type !== 'dst'?0:1), ilen = results.length; i < ilen; i+=2) {
-      size += results[i].data.length + 2*internals.PNG_LINE_WIDTH - (results[i].data.length % internals.PNG_LINE_WIDTH);
-    }
-    var buffer = Buffer.alloc(size, 0);
-    var pos = 0;
-    if (size === 0) {
-      return res.send (internals.emptyPNG);
-    }
-    for (i = (req.query.type !== 'dst'?0:1), ilen = results.length; i < ilen; i+=2) {
-      results[i].data.copy(buffer, pos);
-      pos += results[i].data.length;
-      var fillpos = pos;
-      pos += 2*internals.PNG_LINE_WIDTH - (results[i].data.length % internals.PNG_LINE_WIDTH);
-      buffer.fill(0xff, fillpos, pos);
-    }
-
-    var png = new PNG({width: internals.PNG_LINE_WIDTH, height: (size/internals.PNG_LINE_WIDTH)-1});
-    png.data = buffer;
-    res.send(PNG.sync.write(png, {inputColorType:0, colorType: 0, bitDepth:8, inputHasAlpha:false}));
-  });
-});
-
-app.get('/:nodeName/raw/:id', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], function(req, res) {
-  noCache(req, res, "application/vnd.tcpdump.pcap");
-
-  processSessionIdAndDecode(req.params.id, 10000, function(err, session, results) {
-    if (err) {
-      return res.send("Error");
-    }
-    for (let i = (req.query.type !== 'dst'?0:1), ilen = results.length; i < ilen; i+=2) {
-      res.write(results[i].data);
-    }
-    res.end();
-  });
-});
-
-app.get('/:nodeName/entirePcap/:id.pcap', [checkProxyRequest, checkPermissions(['disablePcapDownload'])], (req, res) => {
-  noCache(req, res, "application/vnd.tcpdump.pcap");
-
-  var options = {writeHeader: true};
-
-  var query = { _source: ["rootId"],
-                size: 1000,
-                query: {term: {rootId: req.params.id}},
-                sort: { lastPacket: { order: 'asc' } }
-              };
-
-  console.log("entirePcap query", JSON.stringify(query));
-
-  Db.searchPrimary('sessions2-*', 'session', query, null, function (err, data) {
-    async.forEachSeries(data.hits.hits, function(item, nextCb) {
-      writePcap(res, Db.session2Sid(item), options, nextCb);
-    }, function (err) {
-      res.end();
-    });
-  });
-});
-
-function sessionsPcapList(req, res, list, pcapWriter, extension) {
-
-  if (list.length > 0 && list[0].fields) {
-    list = list.sort(function(a,b){return a.fields.lastPacket - b.fields.lastPacket;});
-  } else if (list.length > 0 && list[0]._source) {
-    list = list.sort(function(a,b){return a._source.lastPacket - b._source.lastPacket;});
-  }
-
-  var options = {writeHeader: true};
-
-  async.eachLimit(list, 10, function(item, nextCb) {
-    var fields = item._source || item.fields;
-    isLocalView(fields.node, function () {
-      // Get from our DISK
-      pcapWriter(res, Db.session2Sid(item), options, nextCb);
-    },
-    function () {
-      // Get from remote DISK
-      getViewUrl(fields.node, function(err, viewUrl, client) {
-        var buffer = Buffer.alloc(fields.pa*20 + fields.by);
-        var bufpos = 0;
-        var info = url.parse(viewUrl);
-        info.path = Config.basePath(fields.node) + fields.node + "/" + extension + "/" + Db.session2Sid(item) + "." + extension;
-        info.agent = (client === http?internals.httpAgent:internals.httpsAgent);
-
-        addAuth(info, req.user, fields.node);
-        addCaTrust(info, fields.node);
-        var preq = client.request(info, function(pres) {
-          pres.on('data', function (chunk) {
-            if (bufpos + chunk.length > buffer.length) {
-              var tmp = Buffer.alloc(buffer.length + chunk.length*10);
-              buffer.copy(tmp, 0, 0, bufpos);
-              buffer = tmp;
-            }
-            chunk.copy(buffer, bufpos);
-            bufpos += chunk.length;
-          });
-          pres.on('end', function () {
-            if (bufpos < 24) {
-            } else if (options.writeHeader) {
-              options.writeHeader = false;
-              res.write(buffer.slice(0, bufpos));
-            } else {
-              res.write(buffer.slice(24, bufpos));
-            }
-            setImmediate(nextCb);
-          });
-        });
-        preq.on('error', function (e) {
-          console.log("ERROR - Couldn't proxy pcap request=", info, "\nerror=", e);
-          nextCb(null);
-        });
-        preq.end();
-      });
-    });
-  }, function(err) {
-    res.end();
-  });
-}
-
-function sessionsPcap(req, res, pcapWriter, extension) {
-  noCache(req, res, "application/vnd.tcpdump.pcap");
-
-  if (req.query.ids) {
-    var ids = queryValueToArray(req.query.ids);
-
-    sessionsListFromIds(req, ids, ["lastPacket", "node", "totBytes", "totPackets", "rootId"], function(err, list) {
-      sessionsPcapList(req, res, list, pcapWriter, extension);
-    });
-  } else {
-    sessionsListFromQuery(req, res, ["lastPacket", "node", "totBytes", "totPackets", "rootId"], function(err, list) {
-      sessionsPcapList(req, res, list, pcapWriter, extension);
-    });
-  }
-}
-
-app.get(/\/sessions.pcapng.*/, [logAction(), checkPermissions(['disablePcapDownload'])], (req, res) => {
-  return sessionsPcap(req, res, writePcapNg, "pcapng");
-});
-
-app.get(/\/sessions.pcap.*/, [logAction(), checkPermissions(['disablePcapDownload'])], (req, res) => {
-  return sessionsPcap(req, res, writePcap, "pcap");
-});
-
-internals.usersMissing = {
-  userId: '',
-  userName: '',
-  expression: '',
-  enabled: 0,
-  createEnabled: 0,
-  webEnabled: 0,
-  headerAuthEnabled: 0,
-  emailSearch: 0,
-  removeEnabled: 0,
-  lastUsed: 0
-};
-
-app.post('/user/list', [noCacheJson, recordResponseTime, logAction('users'), checkPermissions(['createEnabled'])], (req, res) => {
-  let columns = [ 'userId', 'userName', 'expression', 'enabled', 'createEnabled',
-    'webEnabled', 'headerAuthEnabled', 'emailSearch', 'removeEnabled', 'packetSearch',
-    'hideStats', 'hideFiles', 'hidePcap', 'disablePcapDownload', 'welcomeMsgNum',
-    'lastUsed', 'timeLimit' ];
-
-  let query = {
-    _source: columns,
-    sort: {},
-    from: +req.body.start || 0,
-    size: +req.body.length || 10000,
-    query: { // exclude the shared user from results
-      bool: { must_not: { term: { userId: '_moloch_shared' } } }
-    }
-  };
-
-  if (req.body.filter) {
-    query.query.bool.should = [
-      { wildcard: { userName: '*' + req.body.filter + '*' } },
-      { wildcard: { userId: '*' + req.body.filter + '*' } }
-    ];
-  }
-
-  req.body.sortField = req.body.sortField || 'userId';
-  query.sort[req.body.sortField] = { order: req.body.desc === true ? 'desc': 'asc' };
-  query.sort[req.body.sortField].missing = internals.usersMissing[req.body.sortField];
-
-  Promise.all([Db.searchUsers(query),
-               Db.numberOfUsers()
-              ])
-  .then(([users, total]) => {
-    if (users.error) { throw users.error; }
-    let results = { total: users.hits.total, results: [] };
-    for (let i = 0, ilen = users.hits.hits.length; i < ilen; i++) {
-      let fields = users.hits.hits[i]._source || users.hits.hits[i].fields;
-      fields.id = users.hits.hits[i]._id;
-      fields.expression = fields.expression || '';
-      fields.headerAuthEnabled = fields.headerAuthEnabled || false;
-      fields.emailSearch = fields.emailSearch || false;
-      fields.removeEnabled = fields.removeEnabled || false;
-      fields.userName = safeStr(fields.userName || '');
-      fields.packetSearch = fields.packetSearch || false;
-      fields.timeLimit = fields.timeLimit || undefined;
-      results.results.push(fields);
-    }
-
-    let r = {
-      recordsTotal: total.count,
-      recordsFiltered: results.total,
-      data: results.results
-    };
-
-    res.send(r);
-  }).catch((err) => {
-    console.log('ERROR - /user/list', err);
-    return res.send({recordsTotal: 0, recordsFiltered: 0, data: []});
-  });
-});
-
-app.post('/user/create', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (!req.body || !req.body.userId || !req.body.userName || !req.body.password) {
-    return res.molochError(403, 'Missing/Empty required fields');
-  }
-
-  if (req.body.userId.match(/[^@\w.-]/)) {
-    return res.molochError(403, 'User ID must be word characters');
-  }
-
-  if (req.body.userId === '_moloch_shared') {
-    return res.molochError(403, 'User ID cannot be the same as the shared moloch user');
-  }
-
-  Db.getUser(req.body.userId, function(err, user) {
-    if (!user || user.found) {
-      console.log('Trying to add duplicate user', err, user);
-      return res.molochError(403, 'User already exists');
-    }
-
-    let nuser = {
-      userId: req.body.userId,
-      userName: req.body.userName,
-      expression: req.body.expression,
-      passStore: Config.pass2store(req.body.userId, req.body.password),
-      enabled: req.body.enabled === true,
-      webEnabled: req.body.webEnabled === true,
-      emailSearch: req.body.emailSearch === true,
-      headerAuthEnabled: req.body.headerAuthEnabled === true,
-      createEnabled: req.body.createEnabled === true,
-      removeEnabled: req.body.removeEnabled === true,
-      packetSearch: req.body.packetSearch === true,
-      timeLimit: req.body.timeLimit,
-      hideStats: req.body.hideStats === true,
-      hideFiles: req.body.hideFiles === true,
-      hidePcap: req.body.hidePcap === true,
-      disablePcapDownload: req.body.disablePcapDownload === true,
-      welcomeMsgNum: 0
-    };
-
-    // console.log('Creating new user', nuser);
-    Db.setUser(req.body.userId, nuser, function(err, info) {
-      if (!err) {
-        return res.send(JSON.stringify({success: true, text:'User created succesfully'}));
-      } else {
-        console.log('ERROR - add user', err, info);
-        return res.molochError(403, err);
-      }
-    });
-  });
-});
-
-app.put('/user/:userId/acknowledgeMsg', [noCacheJson, logAction(), checkCookieToken], function (req, res) {
-  if (!req.body.msgNum) {
-    return res.molochError(403, 'Message number required');
-  }
-
-  if (req.params.userId !== req.user.userId) {
-    return res.molochError(403, 'Can not change other users msg');
-  }
-
-  Db.getUser(req.params.userId, function (err, user) {
-    if (err || !user.found) {
-      console.log('update user failed', err, user);
-      return res.molochError(403, 'User not found');
-    }
-    user = user._source;
-
-    user.welcomeMsgNum = parseInt(req.body.msgNum);
-
-    Db.setUser(req.params.userId, user, function (err, info) {
-      if (Config.debug) {
-        console.log('setUser', user, err, info);
-      }
-      return res.send(JSON.stringify({
-        success: true,
-        text: `User, ${req.params.userId}, dismissed message ${req.body.msgNum}`
-      }));
-    });
-  });
-});
-
-app.post('/user/delete', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (req.body.userId === req.user.userId) {
-    return res.molochError(403, 'Can not delete yourself');
-  }
-
-  Db.deleteUser(req.body.userId, function(err, data) {
-    setTimeout(function () {
-      res.send(JSON.stringify({success: true, text: 'User deleted successfully'}));
-    }, 200);
-  });
-});
-
-app.post('/user/update', [noCacheJson, logAction(), checkCookieToken, checkPermissions(['createEnabled'])], (req, res) => {
-  if (req.body.userId === undefined) {
-    return res.molochError(403, 'Missing userId');
-  }
-
-  if (req.body.userId === "_moloch_shared") {
-    return res.molochError(403, '_moloch_shared is a shared user. This users settings cannot be updated');
-  }
-
-  /*if (req.params.userId === req.user.userId && req.query.createEnabled !== undefined && req.query.createEnabled !== "true") {
-    return res.send(JSON.stringify({success: false, text: "Can not turn off your own admin privileges"}));
-  }*/
-
-  Db.getUser(req.body.userId, function(err, user) {
-    if (err || !user.found) {
-      console.log('update user failed', err, user);
-      return res.molochError(403, 'User not found');
-    }
-    user = user._source;
-
-    user.enabled = req.body.enabled === true;
-
-    if (req.body.expression !== undefined) {
-      if (req.body.expression.match(/^\s*$/)) {
-        delete user.expression;
-      } else {
-        user.expression = req.body.expression;
-      }
-    }
-
-    if (req.body.userName !== undefined) {
-      if (req.body.userName.match(/^\s*$/)) {
-        console.log("ERROR - empty username", req.body);
-        return res.molochError(403, 'Username can not be empty');
-      } else {
-        user.userName = req.body.userName;
-      }
-    }
-
-    user.webEnabled = req.body.webEnabled === true;
-    user.emailSearch = req.body.emailSearch === true;
-    user.headerAuthEnabled = req.body.headerAuthEnabled === true;
-    user.removeEnabled = req.body.removeEnabled === true;
-    user.packetSearch = req.body.packetSearch === true;
-    user.hideStats = req.body.hideStats === true;
-    user.hideFiles = req.body.hideFiles === true;
-    user.hidePcap = req.body.hidePcap === true;
-    user.disablePcapDownload = req.body.disablePcapDownload === true;
-    user.timeLimit = req.body.timeLimit ? parseInt(req.body.timeLimit) : undefined;
-
-    // Can only change createEnabled if it is currently turned on
-    if (req.body.createEnabled !== undefined && req.user.createEnabled) {
-      user.createEnabled = req.body.createEnabled === true;
-    }
-
-    Db.setUser(req.body.userId, user, function(err, info) {
-      if (Config.debug) {
-        console.log("setUser", user, err, info);
-      }
-      return res.send(JSON.stringify({success: true, text:'User "' + req.body.userId + '" updated successfully'}));
-    });
-  });
-});
-
-app.post('/state/:name', [noCacheJson, checkCookieToken, logAction()], (req, res) => {
-  Db.getUser(req.user.userId, function(err, user) {
-    if (err || !user.found) {
-      console.log("save state failed", err, user);
-      return res.molochError(403, "Unknown user");
-    }
-    user = user._source;
-
-    if (!user.tableStates) {
-      user.tableStates = {};
-    }
-    user.tableStates[req.params.name] = req.body;
-    Db.setUser(user.userId, user, function(err, info) {
-      if (err) {
-        console.log("state error", err, info);
-        return res.molochError(403, "state update failed");
-      }
-      return res.send(JSON.stringify({success: true, text: "updated state successfully"}));
-    });
-  });
-});
-
-app.get('/state/:name', [noCacheJson], function(req, res) {
-  if (!req.user.tableStates || !req.user.tableStates[req.params.name]) {
-    return res.send("{}");
-  }
-
-  // Fix for new names
-  if (req.params.name === "sessionsNew" && req.user.tableStates && req.user.tableStates.sessionsNew) {
-    let item = req.user.tableStates.sessionsNew;
-    if (item.visibleHeaders) {
-      item.visibleHeaders = item.visibleHeaders.map(oldDB2newDB);
-    }
-    if (item.order && item.order.length > 0) {
-      item.order[0][0] = oldDB2newDB(item.order[0][0]);
-    }
-  }
-
-  return res.send(req.user.tableStates[req.params.name]);
-});
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Session Add/Remove Tags
-//////////////////////////////////////////////////////////////////////////////////
-function addTagsList (allTagNames, sessionList, doneCb) {
-  if (!sessionList.length) {
-    console.log('No sessions to add tags to');
-    return doneCb(null);
-  }
-
-  async.eachLimit(sessionList, 10, function (session, nextCb) {
-    if (!session._source && !session.fields) {
-      console.log('No Fields', session);
-      return nextCb(null);
-    }
-
-    let node = (Config.get('multiES', false) && session._node) ? session._node : undefined;
-
-    Db.addTagsToSession(session._index, session._id, allTagNames, node, function (err, data) {
-      if (err) { console.log('addTagsList error', session, err, data); }
-      nextCb(null);
-    });
-  }, doneCb);
-}
-
-function removeTagsList(res, allTagNames, sessionList) {
-  if (!sessionList.length) {
-    return res.molochError(200, 'No sessions to remove tags from');
-  }
-
-  async.eachLimit(sessionList, 10, function(session, nextCb) {
-    if (!session._source && !session.fields) {
-      console.log('No Fields', session);
-      return nextCb(null);
-    }
-
-    let node = (Config.get('multiES', false) && session._node) ? session._node : undefined;
-
-    Db.removeTagsFromSession(session._index, session._id, allTagNames, node, function (err, data) {
-      if (err) { console.log('removeTagsList error', session, err, data); }
-      nextCb(null);
-    });
-  }, function (err) {
-    return res.send(JSON.stringify({success: true, text: 'Tags removed successfully'}));
-  });
-}
-
-app.post('/addTags', [noCacheJson, checkHeaderToken, logAction()], function(req, res) {
-  var tags = [];
-  if (req.body.tags) {
-    tags = req.body.tags.replace(/[^-a-zA-Z0-9_:,]/g, "").split(",");
-  }
-
-  if (tags.length === 0) { return res.molochError(200, "No tags specified"); }
-
-  if (req.body.ids) {
-    var ids = queryValueToArray(req.body.ids);
-
-    sessionsListFromIds(req, ids, ["tags", "node"], function(err, list) {
-      if (!list.length) {
-        return res.molochError(200, 'No sessions to add tags to');
-      }
-      addTagsList(tags, list, function () {
-        return res.send(JSON.stringify({success: true, text: "Tags added successfully"}));
-      });
-    });
-  } else {
-    sessionsListFromQuery(req, res, ["tags", "node"], function(err, list) {
-      if (!list.length) {
-        return res.molochError(200, 'No sessions to add tags to');
-      }
-      addTagsList(tags, list, function () {
-        return res.send(JSON.stringify({success: true, text: "Tags added successfully"}));
-      });
-    });
-  }
-});
-
-app.post('/removeTags', [noCacheJson, checkHeaderToken, logAction(), checkPermissions(['removeEnabled'])], (req, res) => {
-  var tags = [];
-  if (req.body.tags) {
-    tags = req.body.tags.replace(/[^-a-zA-Z0-9_:,]/g, "").split(",");
-  }
-
-  if (tags.length === 0) { return res.molochError(200, "No tags specified"); }
-
-  if (req.body.ids) {
-    var ids = queryValueToArray(req.body.ids);
-
-    sessionsListFromIds(req, ids, ["tags"], function(err, list) {
-      removeTagsList(res, tags, list);
-    });
-  } else {
-    sessionsListFromQuery(req, res, ["tags"], function(err, list) {
-      removeTagsList(res, tags, list);
-    });
-  }
-});
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Packet Search
-//////////////////////////////////////////////////////////////////////////////////
-function packetSearch (packet, options) {
-  let found = false;
-
-  switch (options.searchType) {
-    case 'asciicase':
-      if (packet.toString().includes(options.search)) {
-        found = true;
-      }
-      break;
-    case 'ascii':
-      if (packet.toString().toLowerCase().includes(options.search.toLowerCase())) {
-        found = true;
-      }
-      break;
-    case 'regex':
-      if (options.regex && packet.toString().match(options.regex)) {
-        found = true;
-      }
-      break;
-    case 'hex':
-      if (packet.toString('hex').includes(options.search)) {
-        found = true;
-      }
-      break;
-    case 'hexregex':
-      if (options.regex && packet.toString('hex').match(options.regex)) {
-        found = true;
-      }
-      break;
-    default:
-      console.log('Invalid hunt search type');
-  }
-
-  return found;
-}
-
-function sessionHunt (sessionId, options, cb) {
-  if (options.type === 'reassembled') {
-    processSessionIdAndDecode(sessionId, options.size || 10000, function (err, session, packets) {
-      if (err) {
-        return cb(null, false);
-      }
-
-      let i = 0;
-      let increment = 1;
-      let len = packets.length;
-
-      if (options.src && !options.dst) {
-        increment = 2;
-      } else if (options.dst && !options.src) {
-        i = 1;
-        increment = 2;
-      }
-
-      for (i; i < len; i+=increment) {
-        if (packetSearch(packets[i].data, options)) { return cb(null, true); }
-      }
-
-      return cb(null, false);
-    });
-  } else if (options.type === 'raw') {
-    let packets = [];
-    processSessionId(sessionId, true, null, function (pcap, buffer, cb, i) {
-      if (options.src === options.dst) {
-        packets.push(buffer);
-      } else {
-          let packet = {};
-          pcap.decode(buffer, packet);
-          packet.data = buffer.slice(16);
-          packets.push(packet);
-      }
-      cb(null);
-    }, function(err, session) {
-      if (err) {
-        return cb(null, false);
-      }
-
-      let len = packets.length;
-      if (options.src === options.dst) {
-        // If search both src/dst don't need to check key
-        for (let i = 0; i < len; i++) {
-          if (packetSearch(packets[i], options)) { return cb(null, true); }
-        }
-      } else {
-        // If searching src NOR dst need to check key
-        let skey = Pcap.keyFromSession(session);
-        for (let i = 0; i < len; i++) {
-          let key = Pcap.key(packets[i]);
-          let isSrc = key === skey;
-          if (options.src && isSrc) {
-            if (packetSearch(packets[i].data, options)) { return cb(null, true); }
-          } else if (options.dst && !isSrc) {
-            if (packetSearch(packets[i].data, options)) { return cb(null, true); }
-          }
-        }
-      }
-      return cb(null, false);
-    },
-    options.size || 10000, 10);
-  }
-}
-
-function pauseHuntJobWithError (huntId, hunt, error, node) {
-  let errorMsg = `${hunt.name} (${huntId}) hunt ERROR: ${error.value}.`;
-  if (node) {
-    errorMsg += ` On ${node} node`;
-    error.node = node;
-  }
-
-  console.log(errorMsg);
-
-  error.time = Math.floor(Date.now() / 1000);
-
-  hunt.status = 'paused';
-
-  if (!hunt.errors) {
-    hunt.errors = [ error ];
-  } else {
-    hunt.errors.push(error);
-  }
-
-  function continueProcess () {
-    Db.setHunt(huntId, hunt, (err, info) => {
-      internals.runningHuntJob = undefined;
-      if (err) {
-        console.log('Error adding errors and pausing hunt job', err, info);
-        return;
-      }
-      processHuntJobs();
-    });
-  }
-
-  let message = `*${hunt.name}* hunt job paused with error: *${error.value}*\n*${hunt.matchedSessions}* matched sessions out of *${hunt.searchedSessions}* searched sessions`;
-  issueAlert(hunt.notifier, message, continueProcess);
-}
-
-function updateHuntStats (hunt, huntId, session, searchedSessions, cb) {
-  // update the hunt with number of matchedSessions and searchedSessions
-  // and the date of the first packet of the last searched session
-  let lastPacketTime = session.lastPacket;
-  let now = Math.floor(Date.now() / 1000);
-
-  if ((now - hunt.lastUpdated) >= 2) { // only update every 2 seconds
-    Db.get('hunts', 'hunt', huntId, (err, huntHit) => {
-      if (!huntHit || !huntHit.found) { // hunt hit not found, likely deleted
-        return cb('undefined');
-      }
-
-      if (err) {
-        let errorText = `Error finding hunt: ${hunt.name} (${huntId}): ${err}`;
-        pauseHuntJobWithError(huntId, hunt, { value: errorText });
-        return cb({ success: false, text: errorText });
-      }
-
-      hunt.status = huntHit._source.status;
-      hunt.lastUpdated = now;
-      hunt.searchedSessions = searchedSessions;
-      hunt.lastPacketTime = lastPacketTime;
-
-      Db.setHunt(huntId, hunt, () => {});
-
-      if (hunt.status === 'paused') {
-        return cb('paused');
-      } else {
-        return cb(null);
-      }
-    });
-  } else {
-    return cb(null);
-  }
-}
-
-function updateSessionWithHunt (session, sessionId, hunt, huntId) {
-  Db.addHuntToSession(Db.sid2Index(sessionId), Db.sid2Id(sessionId), huntId, hunt.name, (err, data) => {
-    if (err) { console.log('add hunt info error', session, err, data); }
-  });
-}
-
-function buildHuntOptions (hunt) {
-  let options = {
-    src: hunt.src,
-    dst: hunt.dst,
-    size: hunt.size,
-    type: hunt.type,
-    search: hunt.search,
-    searchType: hunt.searchType
-  };
-
-  if (hunt.searchType === 'regex' || hunt.searchType === 'hexregex') {
-    try {
-      options.regex = new RE2(hunt.search);
-    } catch (e) {
-      pauseHuntJobWithError(hunt.huntId, hunt, { value: `Hunt error with regex: ${e}` });
-    }
-  }
-
-  return options;
-}
-
-// Actually do the search against ES and process the results.
-function runHuntJob (huntId, hunt, query, user) {
-  let options = buildHuntOptions(hunt);
-  let searchedSessions;
-
-  Db.search('sessions2-*', 'session', query, {scroll: '600s'}, function getMoreUntilDone (err, result) {
-    if (err || result.error) {
-      pauseHuntJobWithError(huntId, hunt, { value: `Hunt error searching sessions: ${err}` });
-      return;
-    }
-
-    let hits = result.hits.hits;
-
-    if (searchedSessions === undefined) {
-      searchedSessions = hunt.searchedSessions || 0;
-      // if the session query results length is not equal to the total sessions that the hunt
-      // job is searching, update the hunt total sessions so that the percent works correctly
-      if (hunt.totalSessions !== (result.hits.total + searchedSessions)) {
-        hunt.totalSessions = result.hits.total + searchedSessions;
-      }
-    }
-
-    async.forEachLimit(hits, 3, function (hit, cb) {
-      searchedSessions++;
-      let session = hit._source;
-      let sessionId = Db.session2Sid(hit);
-      let node = session.node;
-
-      // There is no files, this is a fake session, don't hunt it
-      if (session.fileId === undefined || session.fileId.length === 0) {
-          return updateHuntStats(hunt, huntId, session, searchedSessions, cb);
-      }
-
-      isLocalView(node, function () {
-        sessionHunt(sessionId, options, function (err, matched) {
-          if (err) {
-            return pauseHuntJobWithError(huntId, hunt, { value: `Hunt error searching session (${sessionId}): ${err}` }, node);
-          }
-
-          if (matched) {
-            hunt.matchedSessions++;
-            updateSessionWithHunt(session, sessionId, hunt, huntId);
-          }
-
-          updateHuntStats(hunt, huntId, session, searchedSessions, cb);
-        });
-      },
-      function () { // Check Remotely
-        let path = `${node}/hunt/${huntId}/remote/${sessionId}`;
-
-        makeRequest (node, path, user, (err, response) => {
-          if (err) {
-            return pauseHuntJobWithError(huntId, hunt, { value: `Error hunting on remote viewer: ${err}` }, node);
-          }
-          let json = JSON.parse(response);
-          if (json.error) {
-            console.log(`Error hunting on remote viewer: ${json.error} - ${path}`);
-            return pauseHuntJobWithError(huntId, hunt, { value: `Error hunting on remote viewer: ${json.error}` }, node);
-          }
-          if (json.matched) { hunt.matchedSessions++; }
-          return updateHuntStats(hunt, huntId, session, searchedSessions, cb);
-        });
-      });
-    }, function (err) { // done running this section of hunt job
-
-      // Some kind of error, stop now
-      if (err === 'paused' || err === 'undefined') {
-        internals.runningHuntJob = undefined;
-        return;
-      }
-
-      // There might be more, issue another scroll
-      if (result.hits.hits.length !== 0) {
-        return Db.scroll({ body: { scroll_id: result._scroll_id }, scroll: '600s' }, getMoreUntilDone);
-      }
-
-      Db.clearScroll({ body: { scroll_id: result._scroll_id } });
-
-      // We are totally done with this hunt
-      hunt.status = 'finished';
-      hunt.searchedSessions = hunt.totalSessions;
-
-      function continueProcess () {
-        Db.setHunt(huntId, hunt, (err, info) => {
-          internals.runningHuntJob = undefined;
-          processHuntJobs(); // Start new hunt
-        });
-      }
-
-      if (hunt.notifier) {
-        let message = `*${hunt.name}* hunt job finished:\n*${hunt.matchedSessions}* matched sessions out of *${hunt.searchedSessions}* searched sessions`;
-        issueAlert(hunt.notifier, message, continueProcess);
-      } else {
-        return continueProcess();
-      }
-    });
-  });
-}
-
-
-// Do the house keeping before actually running the hunt job
-function processHuntJob (huntId, hunt) {
-  let now = Math.floor(Date.now() / 1000);
-
-  hunt.lastUpdated = now;
-  if (!hunt.started) { hunt.started = now; }
-
-  Db.setHunt(huntId, hunt, (err, info) => {
-    if (err) {
-      pauseHuntJobWithError(huntId, hunt, { value: `Error starting hunt job: ${err} ${info}` });
-      return;
-    }
-  });
-
-  getUserCacheIncAnon(hunt.userId, (err, user) => {
-    if (err && !user) {
-      pauseHuntJobWithError(huntId, hunt, { value: err });
-      return;
-    }
-    if (!user || !user.found) {
-      pauseHuntJobWithError(huntId, hunt, { value: `User ${hunt.userId} doesn't exist` });
-      return;
-    }
-    if (!user.enabled) {
-      pauseHuntJobWithError(huntId, hunt, { value: `User ${hunt.userId} is not enabled` });
-      return;
-    }
-
-    Db.getLookupsCache(hunt.userId, (err, lookups) => {
-      let fakeReq = {
-        user: user,
-        query: {
-          from: 0,
-          size: 100, // only fetch 100 items at a time
-          _source: ['_id', 'node'],
-          sort: 'lastPacket:asc'
-        }
-      };
-
-      if (hunt.query.expression) {
-        fakeReq.query.expression = hunt.query.expression;
-      }
-
-      if (hunt.query.view) {
-        fakeReq.query.view = hunt.query.view;
-      }
-
-      buildSessionQuery(fakeReq, (err, query, indices) => {
-        if (err) {
-          pauseHuntJobWithError(huntId, hunt, {
-            value: 'Fatal Error: Session query expression parse error. Fix your search expression and create a new hunt.'
-          });
-          return;
-        }
-
-        // get the size of the query if it is being restarted
-        if (hunt.lastPacketTime) {
-          query.size = hunt.totalSessions - hunt.searchedSessions;
-        }
-
-        lookupQueryItems(query.query.bool.filter, (lerr) => {
-          query.query.bool.filter[0] = {
-            range: {
-              lastPacket: {
-                gte: hunt.lastPacketTime || hunt.query.startTime * 1000,
-                lt: hunt.query.stopTime * 1000
-              }
-            }
-          };
-
-          query._source = ['lastPacket', 'node', 'huntId', 'huntName', 'fileId'];
-
-          if (Config.debug > 2) {
-            console.log('HUNT', hunt.name, hunt.userId, '- start:', new Date(hunt.lastPacketTime || hunt.query.startTime * 1000), 'stop:', new Date(hunt.query.stopTime * 1000));
-          }
-
-          // do sessions query
-          runHuntJob(huntId, hunt, query, user);
-        });
-      });
-    });
-  });
-}
-
-// Kick off the process of running a hunt job
-// cb is optional and is called either when a job has been started or end of function
-function processHuntJobs (cb) {
-  if (Config.debug) {
-    console.log('HUNT - processing hunt jobs');
-  }
-
-  if (internals.runningHuntJob) { return (cb ? cb() : null); }
-  internals.runningHuntJob = true;
-
-  let query = {
-    size: 10000,
-    sort: { created: { order: 'asc' } },
-    query: { terms: { status: ['queued', 'paused', 'running'] } }
-  };
-
-  Db.searchHunt(query)
-    .then((hunts) => {
-      if (hunts.error) { throw hunts.error; }
-
-      for (let i = 0, ilen = hunts.hits.hits.length; i < ilen; i++) {
-        var hit = hunts.hits.hits[i];
-        var hunt = hit._source;
-        let id = hit._id;
-
-        if (hunt.status === 'running') { // there is a job already running
-          internals.runningHuntJob = hunt;
-          if (!internals.proccessHuntJobsInitialized) {
-            internals.proccessHuntJobsInitialized = true;
-            // restart the abandoned hunt
-            processHuntJob(id, hunt);
-          }
-          return (cb ? cb() : null);
-        } else if (hunt.status === 'queued') { // get the first queued hunt
-          internals.runningHuntJob = hunt;
-          hunt.status = 'running'; // update the hunt job
-          processHuntJob(id, hunt);
-          return (cb ? cb() : null);
-        }
-      }
-
-      // Made to the end without starting a job
-      internals.proccessHuntJobsInitialized = true;
-      internals.runningHuntJob = undefined;
-      return (cb?cb():null);
-    }).catch(err => {
-      console.log('Error fetching hunt jobs', err);
-      return (cb?cb():null);
-    });
-}
-
-function updateHuntStatus (req, res, status, successText, errorText) {
-  Db.get('hunts', 'hunt', req.params.id, (err, hit) => {
-    if (err) {
-      console.log(errorText, err, hit);
-      return res.molochError(500, errorText);
-    }
-
-    // don't let a user play a hunt job if one is already running
-    if (status === 'running' && internals.runningHuntJob) {
-      return res.molochError(403, 'You cannot start a new hunt until the running job completes or is paused.');
-    }
-
-    let hunt = hit._source;
-
-    // if hunt is finished, don't allow pause
-    if (hunt.status === 'finished' && status === 'paused') {
-      return res.molochError(403, 'You cannot pause a completed hunt.');
-    }
-
-    // clear the running hunt job if this is it
-    if (hunt.status === 'running') { internals.runningHuntJob = undefined; }
-    hunt.status = status; // update the hunt job
-
-    Db.setHunt(req.params.id, hunt, (err, info) => {
-      if (err) {
-        console.log(errorText, err, info);
-        return res.molochError(500, errorText);
-      }
-      res.send(JSON.stringify({success: true, text: successText}));
-      processHuntJobs();
-    });
-  });
-}
-
-app.post('/hunt', [noCacheJson, logAction('hunt'), checkCookieToken, checkPermissions(['packetSearch'])], (req, res) => {
-  // make sure viewer is not multi
-  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
-  // make sure all the necessary data is included in the post body
-  if (!req.body.hunt) { return res.molochError(403, 'You must provide a hunt object'); }
-  if (!req.body.hunt.totalSessions) { return res.molochError(403, 'This hunt does not apply to any sessions'); }
-  if (!req.body.hunt.name) { return res.molochError(403, 'Missing hunt name'); }
-  if (!req.body.hunt.size) { return res.molochError(403, 'Missing max mumber of packets to examine per session'); }
-  if (!req.body.hunt.search) { return res.molochError(403, 'Missing packet search text'); }
-  if (!req.body.hunt.src && !req.body.hunt.dst) {
-    return res.molochError(403, 'The hunt must search source or destination packets (or both)');
-  }
-  if (!req.body.hunt.query) { return res.molochError(403, 'Missing query'); }
-  if (req.body.hunt.query.startTime === undefined || req.body.hunt.query.stopTime === undefined) {
-    return res.molochError(403, 'Missing fully formed query (must include start time and stop time)');
-  }
-
-  let searchTypes = [ 'ascii', 'asciicase', 'hex', 'wildcard', 'regex', 'hexregex' ];
-  if (!req.body.hunt.searchType) { return res.molochError(403, 'Missing packet search text type'); }
-  else if (searchTypes.indexOf(req.body.hunt.searchType) === -1) {
-    return res.molochError(403, 'Improper packet search text type. Must be "ascii", "asciicase", "hex", "wildcard", "hexregex", or "regex"');
-  }
-
-  if (!req.body.hunt.type) { return res.molochError(403, 'Missing packet search type (raw or reassembled packets)'); }
-  else if (req.body.hunt.type !== 'raw' && req.body.hunt.type !== 'reassembled') {
-    return res.molochError(403, 'Improper packet search type. Must be "raw" or "reassembled"');
-  }
-
-  let limit = req.user.createEnabled ? Config.get('huntAdminLimit', 10000000) : Config.get('huntLimit', 1000000);
-  if (parseInt(req.body.hunt.totalSessions) > limit) {
-    return res.molochError(403, `This hunt applies to too many sessions. Narrow down your session search to less than ${limit} first.`);
-  }
-
-  let now = Math.floor(Date.now() / 1000);
-
-  req.body.hunt.name = req.body.hunt.name.replace(/[^-a-zA-Z0-9_: ]/g, '');
-
-  let hunt = req.body.hunt;
-  hunt.created = now;
-  hunt.status = 'queued'; // always starts as queued
-  hunt.userId = req.user.userId;
-  hunt.matchedSessions = 0; // start with no matches
-  hunt.searchedSessions = 0; // start with no sessions searched
-  hunt.query = { // only use the necessary query items
-    expression: req.body.hunt.query.expression,
-    startTime: req.body.hunt.query.startTime,
-    stopTime: req.body.hunt.query.stopTime,
-    view: req.body.hunt.query.view
-  };
-
-  Db.createHunt(hunt, function (err, result) {
-    if (err) { console.log('create hunt error', err, result); }
-    hunt.id = result._id;
-    processHuntJobs( () => {
-      return res.send(JSON.stringify({ success: true, hunt: hunt }));
-    });
-  });
-});
-
-app.get('/hunt/list', [noCacheJson, recordResponseTime, checkPermissions(['packetSearch']), setCookie], (req, res) => {
-  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
-
-  let query = {
-    sort: {},
-    from: parseInt(req.query.start) || 0,
-    size: parseInt(req.query.length) || 10000,
-    query: { bool: { must: [] } }
-  };
-
-  query.sort[req.query.sortField || 'created'] = { order: req.query.desc === 'true' ? 'desc': 'asc'};
-
-  if (req.query.history) { // only get finished jobs
-    query.query.bool.must.push({ term: { status: 'finished' } });
-    if (req.query.searchTerm) { // apply search term
-      query.query.bool.must.push({
-        query_string: {
-          query : req.query.searchTerm,
-          fields: ['name', 'userId']
-        }
-      });
-    }
-  } else { // get queued, paused, and running jobs
-    query.from = 0;
-    query.size = 1000;
-    query.query.bool.must.push({ terms: { status: ['queued', 'paused', 'running'] } });
-  }
-
-  if (Config.debug) {
-    console.log('hunt query:', JSON.stringify(query, null, 2));
-  }
-
-  Promise.all([Db.searchHunt(query),
-               Db.numberOfHunts()])
-    .then(([hunts, total]) => {
-      if (hunts.error) { throw hunts.error; }
-
-      let runningJob;
-
-      let results = { total: hunts.hits.total, results: [] };
-      for (let i = 0, ilen = hunts.hits.hits.length; i < ilen; i++) {
-        const hit = hunts.hits.hits[i];
-        let hunt = hit._source;
-        hunt.id = hit._id;
-        hunt.index = hit._index;
-        // don't add the running job to the queue
-        if (internals.runningHuntJob && hunt.status === 'running') {
-          runningJob = hunt;
-          continue;
-        }
-
-        // Since hunt isn't cached we can just modify
-        if (!req.user.createEnabled && req.user.userId !== hunt.userId) {
-          hunt.search = '';
-          hunt.searchType = '';
-          hunt.id = '';
-          hunt.userId = '';
-          delete hunt.query;
-        }
-        results.results.push(hunt);
-      }
-
-      const r = {
-        recordsTotal: total.count,
-        recordsFiltered: results.total,
-        data: results.results,
-        runningJob: runningJob
-      };
-
-      res.send(r);
-    }).catch(err => {
-      console.log('ERROR - /hunt/list', err);
-      return res.molochError(500, 'Error retrieving hunts - ' + err);
-    });
-});
-
-app.delete('/hunt/:id', [noCacheJson, logAction('hunt/:id'), checkCookieToken, checkPermissions(['packetSearch']), checkHuntAccess], (req, res) => {
-  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
-
-  Db.deleteHuntItem(req.params.id, function (err, result) {
-    if (err || result.error) {
-      console.log('ERROR - deleting hunt item', err || result.error);
-      return res.molochError(500, 'Error deleting hunt item');
-    } else {
-      res.send(JSON.stringify({success: true, text: 'Deleted hunt item successfully'}));
-    }
-  });
-});
-
-app.put('/hunt/:id/pause', [noCacheJson, logAction('hunt/:id/pause'), checkCookieToken, checkPermissions(['packetSearch']), checkHuntAccess], (req, res) => {
-  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
-  updateHuntStatus(req, res, 'paused', 'Paused hunt item successfully', 'Error pausing hunt job');
-});
-
-app.put('/hunt/:id/play', [noCacheJson, logAction('hunt/:id/play'), checkCookieToken, checkPermissions(['packetSearch']), checkHuntAccess], (req, res) => {
-  if (Config.get('multiES', false)) { return res.molochError(401, 'Not supported in multies'); }
-  updateHuntStatus(req, res, 'queued', 'Queued hunt item successfully', 'Error starting hunt job');
-});
-
-app.get('/:nodeName/hunt/:huntId/remote/:sessionId', [noCacheJson], function (req, res) {
-  let huntId = req.params.huntId;
-  let sessionId = req.params.sessionId;
-
-  // fetch hunt and session
-  Promise.all([Db.get('hunts', 'hunt', huntId),
-               Db.get(Db.sid2Index(sessionId), 'session', Db.sid2Id(sessionId))])
-    .then(([hunt, session]) => {
-      if (hunt.error || session.error) { res.send({ matched: false }); }
-
-      hunt = hunt._source;
-      session = session._source;
-
-      let options = buildHuntOptions(hunt);
-
-      sessionHunt(sessionId, options, function (err, matched) {
-        if (err) {
-          return res.send({ matched: false, error: err });
-        }
-
-        if (matched) {
-          updateSessionWithHunt(session, sessionId, hunt, huntId);
-        }
-
-        return res.send({ matched: matched });
-      });
-    }).catch((err) => {
-      console.log('ERROR - hunt/remote', err);
-      res.send({ matched: false, error: err });
-    });
-});
-
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Lookups
-//////////////////////////////////////////////////////////////////////////////////
-let lookupMutex = new Mutex();
-
-app.get('/lookups', [noCacheJson, getSettingUserCache, recordResponseTime], function (req, res) {
-  // return nothing if we can't find the user
-  const user = req.settingUser;
-  if (!user) { return res.send({}); }
-
-  const map = req.query.map && req.query.map === 'true';
-
-  // only get lookups for setting user or shared
-  let query = {
-    query: {
-      bool: {
-        must: [
-          {
-            bool: {
-              should: [
-                { term: { shared: true } },
-                { term: { userId: req.settingUser.userId } }
-              ]
-            }
-          }
-        ]
-
-      }
-    },
-    sort: {},
-    size: req.query.length || 50,
-    from: req.query.start || 0
-  };
-
-  query.sort[req.query.sort || 'name'] = {
-    order: req.query.desc === 'true' ? 'desc' : 'asc'
-  };
-
-  if (req.query.searchTerm) {
-    query.query.bool.must.push({
-      wildcard: { name: '*' + req.query.searchTerm + '*' }
-    });
-  }
-
-  // if fieldType exists, filter it
-  if (req.query.fieldType) {
-    const fieldType = internals.lookupTypeMap[req.query.fieldType];
-
-    if (fieldType) {
-      query.query.bool.must.push({
-        exists: { field: fieldType }
-      });
-    }
-  }
-
-  Promise.all([
-    Db.searchLookups(query),
-    Db.numberOfDocuments('lookups')
-  ]).then(([lookups, total]) => {
-    if (lookups.error) { throw lookups.error; }
-
-    let results = { list: [], map: {} };
-    for (const hit of lookups.hits.hits) {
-      let lookup = hit._source;
-      lookup.id = hit._id;
-
-      if (lookup.number) {
-        lookup.type = 'number';
-      } else if (lookup.ip) {
-        lookup.type = 'ip';
-      } else {
-        lookup.type = 'string';
-      }
-
-      const values = lookup[lookup.type];
-
-      if (req.query.fieldFormat && req.query.fieldFormat === 'true') {
-        const name = `$${lookup.name}`;
-        lookup.exp = name;
-        lookup.dbField = name;
-        lookup.help = lookup.description ?
-          `${lookup.description}: ${values.join(', ')}` :
-          `${values.join(',')}`;
-      }
-
-      lookup.value = values.join('\n');
-      delete lookup[lookup.type];
-
-      if (map) {
-        results.map[lookup.id] = lookup;
-      } else {
-        results.list.push(lookup);
-      }
-    }
-
-    const sendResults = map ? results.map : {
-      recordsTotal: total.count,
-      recordsFiltered: lookups.hits.total,
-      data: results.list
-    };
-
-    res.send(sendResults);
-  }).catch((err) => {
-    console.log('ERROR - /lookups', err);
-    return res.molochError(500, 'Error retrieving lookups - ' + err);
-  });
-});
-
-function createLookupsArray (lookupsString) {
-  // split string on commas and newlines
-  let values = lookupsString.split(/[,\n]+/g);
-
-  // remove any empty values
-  values = values.filter(function (val) {
-    return val !== '';
-  });
-
-  return values;
-}
-
-app.post('/lookups', [noCacheJson, getSettingUserDb, logAction('lookups'), checkCookieToken], function (req, res) {
-  // make sure all the necessary data is included in the post body
-  if (!req.body.var) { return res.molochError(403, 'Missing shortcut'); }
-  if (!req.body.var.name) { return res.molochError(403, 'Missing shortcut name'); }
-  if (!req.body.var.type) { return res.molochError(403, 'Missing shortcut type'); }
-  if (!req.body.var.value) { return res.molochError(403, 'Missing shortcut value'); }
-
-  req.body.var.name = req.body.var.name.replace(/[^-a-zA-Z0-9_]/g, '');
-
-  // return nothing if we can't find the user
-  const user = req.settingUser;
-  if (!user) { return res.send({}); }
-
-  const query = {
-    query: {
-      bool: {
-        must: [
-          { term: { name: req.body.var.name } }
-        ]
-      }
-    }
-  };
-
-  lookupMutex.lock().then(() => {
-    Db.searchLookups(query)
-      .then((lookups) => {
-        // search for lookup name collision
-        for (const hit of lookups.hits.hits) {
-          let lookup = hit._source;
-          if (lookup.name === req.body.var.name) {
-            lookupMutex.unlock();
-            return res.molochError(403, `A shortcut with the name, ${req.body.var.name}, already exists`);
-          }
-        }
-
-        let variable = req.body.var;
-        variable.userId = user.userId;
-
-        // comma/newline separated value -> array of values
-        const values = createLookupsArray(variable.value);
-        variable[variable.type] = values;
-
-        const type = variable.type;
-        delete variable.type;
-        delete variable.value;
-
-        Db.createLookup(variable, user.userId, function (err, result) {
-          if (err) {
-            console.log('shortcut create failed', err, result);
-            lookupMutex.unlock();
-            return res.molochError(500, 'Creating shortcut failed');
-          }
-          variable.id = result._id;
-          variable.type = type;
-          variable.value = values.join('\n');
-          delete variable.ip;
-          delete variable.string;
-          delete variable.number;
-          lookupMutex.unlock();
-          return res.send(JSON.stringify({ success: true, var: variable }));
-        });
-      }).catch((err) => {
-        console.log('ERROR - /lookups', err);
-        lookupMutex.unlock();
-        return res.molochError(500, 'Error creating lookup - ' + err);
-      });
-  });
-});
-
-app.put('/lookups/:id', [noCacheJson, getSettingUserDb, logAction('lookups/:id'), checkCookieToken], function (req, res) {
-  // make sure all the necessary data is included in the post body
-  if (!req.body.var) { return res.molochError(403, 'Missing shortcut'); }
-  if (!req.body.var.name) { return res.molochError(403, 'Missing shortcut name'); }
-  if (!req.body.var.type) { return res.molochError(403, 'Missing shortcut type'); }
-  if (!req.body.var.value) { return res.molochError(403, 'Missing shortcut value'); }
-
-  let sentVar = req.body.var;
-
-  Db.getLookup(req.params.id, (err, fetchedVar) => { // fetch variable
-    if (err) {
-      console.log('fetching shortcut to update failed', err, fetchedVar);
-      return res.molochError(500, 'Fetching shortcut to update failed');
-    }
-
-    if (fetchedVar._source.locked) {
-      return res.molochError(403, 'Locked Shortcut. Use db.pl script to update this shortcut.');
-    }
-
-    // only allow admins or lookup creator to update lookup item
-    if (!req.user.createEnabled && req.settingUser.userId !== fetchedVar._source.userId) {
-      return res.molochError(403, 'Permission denied');
-    }
-
-    // comma/newline separated value -> array of values
-    const values = createLookupsArray(sentVar.value);
-    sentVar[sentVar.type] = values;
-    sentVar.userId = fetchedVar._source.userId;
-
-    delete sentVar.type;
-    delete sentVar.value;
-
-    Db.setLookup(req.params.id, fetchedVar.userId, sentVar, (err, info) => {
-      if (err) {
-        console.log('shortcut update failed', err, info);
-        return res.molochError(500, 'Updating shortcut failed');
-      }
-
-      sentVar.value = values.join('\n');
-
-      return res.send(JSON.stringify({
-        success : true,
-        var     : sentVar,
-        text    : 'Successfully updated shortcut'
-      }));
-    });
-  });
-});
-
-app.delete('/lookups/:id', [noCacheJson, getSettingUserDb, logAction('lookups/:id'), checkCookieToken], function (req, res) {
-  Db.getLookup(req.params.id, (err, variable) => { // fetch variable
-    if (err) {
-      console.log('fetching shortcut to delete failed', err, variable);
-      return res.molochError(500, 'Fetching shortcut to delete failed');
-    }
-
-    // only allow admins or lookup creator to delete lookup item
-    if (!req.user.createEnabled && req.settingUser.userId !== variable._source.userId) {
-      return res.molochError(403, 'Permission denied');
-    }
-
-    Db.deleteLookup(req.params.id, variable.userId, function (err, result) {
-      if (err || result.error) {
-        console.log('ERROR - deleting shortcut', err || result.error);
-        return res.molochError(500, 'Error deleting shortcut');
-      } else {
-        res.send(JSON.stringify({success: true, text: 'Deleted shortcut successfully'}));
-      }
-    });
-  });
-});
-
-//////////////////////////////////////////////////////////////////////////////////
-//// SPI/PCAP Delete/Scrub
-//////////////////////////////////////////////////////////////////////////////////
-function pcapScrub(req, res, sid, whatToRemove, endCb) {
-  if (pcapScrub.scrubbingBuffers === undefined) {
-    pcapScrub.scrubbingBuffers = [Buffer.alloc(5000), Buffer.alloc(5000), Buffer.alloc(5000)];
-    pcapScrub.scrubbingBuffers[0].fill(0);
-    pcapScrub.scrubbingBuffers[1].fill(1);
-    const str = 'Scrubbed! Hoot! ';
-    for (let i = 0; i < 5000;) {
-      i += pcapScrub.scrubbingBuffers[2].write(str, i);
-    }
-  }
-
-  function processFile (pcap, pos, i, nextCb) {
-    pcap.ref();
-    pcap.readPacket(pos, function (packet) {
-      pcap.unref();
-      if (packet) {
-        if (packet.length > 16) {
-          try {
-            let obj = {};
-            pcap.decode(packet, obj);
-            pcap.scrubPacket(obj, pos, pcapScrub.scrubbingBuffers[0], whatToRemove === 'all');
-            pcap.scrubPacket(obj, pos, pcapScrub.scrubbingBuffers[1], whatToRemove === 'all');
-            pcap.scrubPacket(obj, pos, pcapScrub.scrubbingBuffers[2], whatToRemove === 'all');
-          } catch (e) {
-            console.log(`Couldn't scrub packet at ${pos} -`, e);
-          }
-          return nextCb(null);
-        } else {
-          console.log(`Couldn't scrub packet at ${pos}`);
-          return nextCb(null);
-        }
-      }
-    });
-  }
-
-  Db.getWithOptions(Db.sid2Index(sid), 'session', Db.sid2Id(sid), {_source: 'node,ipProtocol,packetPos'}, function (err, session) {
-    let fileNum;
-    let itemPos = 0;
-    const fields = session._source || session.fields;
-
-    if (whatToRemove === 'spi') { // just removing es data for session
-      Db.deleteDocument(session._index, 'session', session._id, function (err, data) {
-        return endCb(err, fields);
-      });
-    } else { // scrub the pcap
-      async.eachLimit(fields.packetPos, 10, function (pos, nextCb) {
-        if (pos < 0) {
-          fileNum = pos * -1;
-          return nextCb(null);
-        }
-
-        // Get the pcap file for this node a filenum, if it isn't opened then do the filename lookup and open it
-        let opcap = Pcap.get(`write${fields.node}:${fileNum}`);
-        if (!opcap.isOpen()) {
-          Db.fileIdToFile(fields.node, fileNum, function (file) {
-            if (!file) {
-              console.log(`WARNING - Only have SPI data, PCAP file no longer available.  Couldn't look up in file table ${fields.node}-${fileNum}`);
-              return nextCb(`Only have SPI data, PCAP file no longer available for ${fields.node}-${fileNum}`);
-            }
-
-            let ipcap = Pcap.get(`write${fields.node}:${file.num}`);
-
-            try {
-              ipcap.openReadWrite(file.name, file);
-            } catch (err) {
-              const errorMsg = `Couldn't open file for writing: ${err}`;
-              console.log(`Error - ${errorMsg}`);
-              return nextCb(errorMsg);
-            }
-
-            processFile(ipcap, pos, itemPos++, nextCb);
-          });
-        } else {
-          processFile(opcap, pos, itemPos++, nextCb);
-        }
-      },
-      function (pcapErr, results) {
-        if (whatToRemove === 'all') { // also remove the session data
-          Db.deleteDocument(session._index, 'session', session._id, function (err, data) {
-            return endCb(pcapErr, fields);
-          });
-        } else { // just set who/when scrubbed the pcap
-          // Do the ES update
-          const document = {
-            doc: {
-              scrubby: req.user.userId || '-',
-              scrubat: new Date().getTime()
-            }
-          };
-          Db.update(session._index, 'session', session._id, document, function (err, data) {
-            return endCb(pcapErr, fields);
-          });
-        }
-      });
-    }
-  });
-}
-
-app.get('/:nodeName/delete/:whatToRemove/:sid', [checkProxyRequest, checkPermissions(['removeEnabled'])], (req, res) => {
-  noCache(req, res);
-
-  res.statusCode = 200;
-
-  pcapScrub(req, res, req.params.sid, req.params.whatToRemove, (err) => {
-    res.end();
-  });
-});
-
-function scrubList(req, res, whatToRemove, list) {
-  if (!list) { return res.molochError(200, 'Missing list of sessions'); }
-
-  async.eachLimit(list, 10, function (item, nextCb) {
-    const fields = item._source || item.fields;
-
-    isLocalView(fields.node, function () {
-      // Get from our DISK
-      pcapScrub(req, res, Db.session2Sid(item), whatToRemove, nextCb);
-    },
-    function () {
-      // Get from remote DISK
-      let path = `${fields.node}/delete/${whatToRemove}/${Db.session2Sid(item)}`;
-      makeRequest(fields.node, path, req.user, function (err, response) {
-        setImmediate(nextCb);
-      });
-    });
-  }, function (err) {
-    let text;
-    if (whatToRemove === 'all') {
-      text = `Deletion PCAP and SPI of ${list.length} sessions complete. Give Elasticsearch 60 seconds to complete SPI deletion.`;
-    } else if (whatToRemove === 'spi') {
-      text = `Deletion SPI of ${list.length} sessions complete. Give Elasticsearch 60 seconds to complete SPI deletion.`;
-    } else {
-      text = `Scrubbing PCAP of ${list.length} sessions complete`;
-    }
-    return res.end(JSON.stringify({ success: true, text: text }));
-  });
-}
-
-app.post('/delete', [noCacheJson, checkCookieToken, logAction(), checkPermissions(['removeEnabled'])], (req, res) => {
-  if (req.query.removeSpi !== 'true' && req.query.removePcap !== 'true') {
-    return res.molochError(403, `You can't delete nothing`);
-  }
-
-  let whatToRemove;
-  if (req.query.removeSpi === 'true' && req.query.removePcap === 'true') {
-    whatToRemove = 'all';
-  } else if (req.query.removeSpi === 'true') {
-    whatToRemove = 'spi';
-  } else {
-    whatToRemove = 'pcap';
-  }
-
-  if (req.body.ids) {
-    const ids = queryValueToArray(req.body.ids);
-    sessionsListFromIds(req, ids, ['node'], function (err, list) {
-      scrubList(req, res, whatToRemove, list);
-    });
-  } else if (req.query.expression) {
-    sessionsListFromQuery(req, res, ['node'], function (err, list) {
-      scrubList(req, res, whatToRemove, list);
-    });
-  } else {
-    return res.molochError(403, `Error: Missing expression. An expression is required so you don't delete everything.`);
-  }
-});
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Sending/Receive sessions
-//////////////////////////////////////////////////////////////////////////////////
-function sendSessionWorker(options, cb) {
-  var packetslen = 0;
-  var packets = [];
-  var packetshdr;
-  var ps = [-1];
-  var tags = [];
-
-  if (!options.saveId) {
-    return cb({success: false, text: "Missing saveId"});
-  }
-
-  if (!options.cluster) {
-    return cb({success: false, text: "Missing cluster"});
-  }
-
-  processSessionId(options.id, true, function(pcap, header) {
-    packetshdr = header;
-  }, function (pcap, packet, pcb, i) {
-    packetslen += packet.length;
-    packets[i] = packet;
-    pcb(null);
-  }, function (err, session) {
-    var buffer;
-    if (err || !packetshdr) {
-      console.log("WARNING - No PCAP only sending SPI data err:", err);
-      buffer = Buffer.alloc(0);
-      ps = [];
-    } else {
-      buffer = Buffer.alloc(packetshdr.length + packetslen);
-      var pos = 0;
-      packetshdr.copy(buffer);
-      pos += packetshdr.length;
-      for(let i = 0, ilen = packets.length; i < ilen; i++) {
-        ps.push(pos);
-        packets[i].copy(buffer, pos);
-        pos += packets[i].length;
-      }
-    }
-    if (!session) {
-      console.log("no session" , session, "err", err, "id", options.id);
-      return;
-    }
-    session.id = options.id;
-    session.packetPos = ps;
-    delete session.fileId;
-
-    if (options.tags) {
-      tags = options.tags.replace(/[^-a-zA-Z0-9_:,]/g, "").split(",");
-      if (!session.tags) {
-        session.tags = [];
-      }
-      session.tags = session.tags.concat(tags);
-    }
-
-    var molochClusters = Config.configMap("moloch-clusters");
-    if (!molochClusters) {
-      console.log("ERROR - sendSession is not configured");
-      return cb();
-    }
-
-    var sobj = molochClusters[options.cluster];
-    if (!sobj) {
-      console.log("ERROR - moloch-clusters is not configured for " + options.cluster);
-      return cb();
-    }
-
-    var info = url.parse(sobj.url + "/receiveSession?saveId=" + options.saveId);
-    addAuth(info, options.user, options.nodeName, sobj.serverSecret || sobj.passwordSecret);
-    info.method = "POST";
-
-    var result = "";
-    var client = info.protocol === "https:"?https:http;
-    info.agent = (client === http?internals.httpAgent:internals.httpsAgent);
-    addCaTrust(info, options.nodeName);
-    var preq = client.request(info, function(pres) {
-      pres.on('data', function (chunk) {
-        result += chunk;
-      });
-      pres.on('end', function () {
-        result = JSON.parse(result);
-        if (!result.success) {
-          console.log("ERROR sending session ", result);
-        }
-        cb();
-      });
-    });
-
-    preq.on('error', function (e) {
-      console.log("ERROR - Couldn't connect to ", info, "\nerror=", e);
-      cb();
-    });
-
-    var sessionStr = JSON.stringify(session);
-    var b = Buffer.alloc(12);
-    b.writeUInt32BE(Buffer.byteLength(sessionStr), 0);
-    b.writeUInt32BE(buffer.length, 8);
-    preq.write(b);
-    preq.write(sessionStr);
-    preq.write(buffer);
-    preq.end();
-  }, undefined, 10);
-}
-
-internals.sendSessionQueue = async.queue(sendSessionWorker, 10);
-
-app.get('/:nodeName/sendSession/:id', checkProxyRequest, function(req, res) {
-  noCache(req, res);
-  res.statusCode = 200;
-
-  var options = {
-    user: req.user,
-    cluster: req.query.cluster,
-    id: req.params.id,
-    saveId: req.query.saveId,
-    tags: req.body.tags,
-    nodeName: req.params.nodeName
-  };
-
-  internals.sendSessionQueue.push(options, function () {
-    res.end();
-  });
-});
-
-app.post('/:nodeName/sendSessions', checkProxyRequest, function(req, res) {
-  noCache(req, res);
-  res.statusCode = 200;
-
-  if (req.body.ids === undefined ||
-      req.query.cluster === undefined ||
-      req.query.saveId === undefined ||
-      req.body.tags === undefined) {
-    return res.end();
-  }
-
-  var count = 0;
-  var ids = queryValueToArray(req.body.ids);
-  ids.forEach(function(id) {
-    var options = {
-      user: req.user,
-      cluster: req.query.cluster,
-      id: id,
-      saveId: req.query.saveId,
-      tags: req.body.tags,
-      nodeName: req.params.nodeName
-    };
-
-    count++;
-    internals.sendSessionQueue.push(options, function () {
-      count--;
-      if (count === 0) {
-        return res.end();
-      }
-    });
-  });
-});
-
-
-function sendSessionsList(req, res, list) {
-  if (!list) { return res.molochError(200, "Missing list of sessions"); }
-
-  var saveId = Config.nodeName() + "-" + new Date().getTime().toString(36);
-
-  async.eachLimit(list, 10, function(item, nextCb) {
-    var fields = item._source || item.fields;
-    let sid = Db.session2Sid(item);
-    isLocalView(fields.node, function () {
-      var options = {
-        user: req.user,
-        cluster: req.body.cluster,
-        id: sid,
-        saveId: saveId,
-        tags: req.body.tags,
-        nodeName: fields.node
-      };
-      // Get from our DISK
-      internals.sendSessionQueue.push(options, nextCb);
-    },
-    function () {
-      let path = `${fields.node}/sendSession/${sid}?saveId=${saveId}&cluster=${req.body.cluster}`;
-      if (req.body.tags) {
-        path += `&tags=${req.body.tags}`;
-      }
-
-      makeRequest(fields.node, path, req.user, (err, response) => {
-        setImmediate(nextCb);
-      });
-    });
-  }, function(err) {
-    return res.end(JSON.stringify({success: true, text: "Sending of " + list.length + " sessions complete"}));
-  });
-}
-
-var qlworking = {};
-function sendSessionsListQL(pOptions, list, nextQLCb) {
-  if (!list) {
-    return;
-  }
-
-  var nodes = {};
-
-  list.forEach(function (item) {
-    if (!nodes[item.node]) {
-      nodes[item.node] = [];
-    }
-    nodes[item.node].push(item.id);
-  });
-
-  var keys = Object.keys(nodes);
-
-  var count = 0;
-  async.eachLimit(keys, 15, function(node, nextCb) {
-    isLocalView(node, function () {
-      var sent = 0;
-      nodes[node].forEach(function(item) {
-        var options = {
-          id: item,
-          nodeName: node
-        };
-        Db.merge(options, pOptions);
-
-        // Get from our DISK
-        internals.sendSessionQueue.push(options, function () {
-          sent++;
-          if (sent === nodes[node].length) {
-            nextCb();
-          }
-        });
-      });
-    },
-    function () {
-      // Get from remote DISK
-      getViewUrl(node, function(err, viewUrl, client) {
-        var info = url.parse(viewUrl);
-        info.method = "POST";
-        info.path = Config.basePath(node) + node + "/sendSessions?saveId=" + pOptions.saveId + "&cluster=" + pOptions.cluster;
-        info.agent = (client === http?internals.httpAgent:internals.httpsAgent);
-        if (pOptions.tags) {
-          info.path += "&tags=" + pOptions.tags;
-        }
-        addAuth(info, pOptions.user, node);
-        addCaTrust(info, node);
-        var preq = client.request(info, function(pres) {
-          pres.on('data', function (chunk) {
-            qlworking[info.path] = "data";
-          });
-          pres.on('end', function () {
-            delete qlworking[info.path];
-            count++;
-            setImmediate(nextCb);
-          });
-        });
-        preq.on('error', function (e) {
-          delete qlworking[info.path];
-          console.log("ERROR - Couldn't proxy sendSession request=", info, "\nerror=", e);
-          setImmediate(nextCb);
-        });
-        preq.setHeader('content-type', "application/x-www-form-urlencoded");
-        preq.write("ids=");
-        preq.write(nodes[node].join(","));
-        preq.end();
-        qlworking[info.path] = "sent";
-      });
-    });
-  }, function(err) {
-    nextQLCb();
-  });
-}
-
-app.post('/receiveSession', [noCacheJson], function receiveSession(req, res) {
-  if (!req.query.saveId) { return res.molochError(200, "Missing saveId"); }
-
-  req.query.saveId = req.query.saveId.replace(/[^-a-zA-Z0-9_]/g, '');
-
-  // JS Static Variable :)
-  receiveSession.saveIds = receiveSession.saveIds || {};
-
-  var saveId = receiveSession.saveIds[req.query.saveId];
-  if (!saveId) {
-    saveId = receiveSession.saveIds[req.query.saveId] = {start: 0};
-  }
-
-  var sessionlen = -1;
-  var filelen = -1;
-  var written = 0;
-  var session = null;
-  var buffer;
-  var file;
-  var writeHeader;
-
-  function makeFilename(cb) {
-    if (saveId.filename) {
-      return cb(saveId.filename);
-    }
-
-    // Just keep calling ourselves every 100 ms until we have a filename
-    if (saveId.inProgress) {
-      return setTimeout(makeFilename, 100, cb);
-    }
-
-    saveId.inProgress = 1;
-    Db.getSequenceNumber("fn-" + Config.nodeName(), function (err, seq) {
-      var filename = Config.get("pcapDir") + "/" + Config.nodeName() + "-" + seq + "-" + req.query.saveId + ".pcap";
-      saveId.seq      = seq;
-      Db.indexNow("files", "file", Config.nodeName() + "-" + saveId.seq, {num: saveId.seq, name: filename, first: session.firstPacket, node: Config.nodeName(), filesize: -1, locked: 1}, function() {
-        cb(filename);
-        saveId.filename = filename; // Don't set the saveId.filename until after the first request completes its callback.
-      });
-    });
-  }
-
-  function saveSession() {
-    var id = session.id;
-    delete session.id;
-    Db.indexNow(Db.sid2Index(id), "session", Db.sid2Id(id), session, function(err, info) {
-    });
-  }
-
-  function chunkWrite(chunk) {
-    // Write full chunk if first packet and writeHeader or not first packet
-    if (writeHeader || written !== 0) {
-      writeHeader = false;
-      file.write(chunk);
-    } else {
-      file.write(chunk.slice(24));
-    }
-    written += chunk.length; // Pretend we wrote it all
-  }
-
-  req.on('data', function(chunk) {
-    // If the file is open, just write the current chunk
-    if (file) {
-      return chunkWrite(chunk);
-    }
-
-    // If no file is open, then save the current chunk to the end of the buffer.
-    if (!buffer) {
-      buffer = chunk;
-    } else {
-      buffer = Buffer.concat([buffer, chunk]);
-    }
-
-    // Found the lengths
-    if (sessionlen === -1 && (buffer.length >= 12)) {
-      sessionlen = buffer.readUInt32BE(0);
-      filelen    = buffer.readUInt32BE(8);
-      buffer = buffer.slice(12);
-    }
-
-    // If we know the session len and haven't read the session
-    if (sessionlen !== -1 && !session && buffer.length >= sessionlen) {
-      session = JSON.parse(buffer.toString("utf8", 0, sessionlen));
-      session.node = Config.nodeName();
-      buffer = buffer.slice(sessionlen);
-
-      if (filelen > 0) {
-        req.pause();
-
-        makeFilename(function (filename) {
-          req.resume();
-          session.packetPos[0] = - saveId.seq;
-          session.fileId       = [saveId.seq];
-
-          if (saveId.start === 0) {
-            file = fs.createWriteStream(filename, {flags: "w"});
-          } else {
-            file = fs.createWriteStream(filename, {start: saveId.start, flags: "r+"});
-          }
-          writeHeader = saveId.start === 0;
-
-          // Adjust packet location based on where we start writing
-          if (saveId.start > 0) {
-            for (var p = 1, plen = session.packetPos.length; p < plen; p++) {
-              session.packetPos[p] += (saveId.start - 24);
-            }
-          }
-
-          // Filelen always includes header, if we don't write header subtract it
-          saveId.start += filelen;
-          if (!writeHeader) {
-            saveId.start -= 24;
-          }
-
-          // Still more data in buffer, start of pcap
-          if (buffer.length > 0) {
-            chunkWrite(buffer);
-          }
-
-          saveSession();
-        });
-      } else {
-        saveSession();
-      }
-    }
-  });
-
-  req.on('end', function(chunk) {
-    if (file) {
-      file.end();
-    }
-    return res.send({success: true});
-  });
-});
-
-app.post('/sendSessions', function(req, res) {
-  if (req.body.ids) {
-    var ids = queryValueToArray(req.body.ids);
-
-    sessionsListFromIds(req, ids, ["node"], function(err, list) {
-      sendSessionsList(req, res, list);
-    });
-  } else {
-    sessionsListFromQuery(req, res, ["node"], function(err, list) {
-      sendSessionsList(req, res, list);
-    });
-  }
-});
-
-app.post('/upload', [checkCookieToken, multer({dest:'/tmp', limits: internals.uploadLimits}).single('file')], function (req, res) {
-  var exec = require('child_process').exec;
-
-  var tags = '';
-  if (req.body.tags) {
-    var t = req.body.tags.replace(/[^-a-zA-Z0-9_:,]/g, '').split(',');
-    t.forEach(function(tag) {
-      if (tag.length > 0) {
-        tags += ' --tag ' + tag;
-      }
-    });
-  }
-
-  var cmd = Config.get('uploadCommand')
-     .replace('{TAGS}', tags)
-     .replace('{NODE}', Config.nodeName())
-     .replace('{TMPFILE}', req.file.path)
-     .replace('{CONFIG}', Config.getConfigFile());
-
-  console.log('upload command: ', cmd);
-  exec(cmd, function (error, stdout, stderr) {
-    if (error !== null) {
-      console.log('<b>exec error: ' + error);
-      res.status(500);
-      res.write('<b>Upload command failed:</b><br>');
-    }
-    res.write(cmd);
-    res.write('<br>');
-    res.write('<pre>');
-    res.write(stdout);
-    res.end('</pre>');
-    fs.unlinkSync(req.file.path);
-  });
-});
-
-if (Config.get("regressionTests")) {
-  app.post('/shutdown', function(req, res) {
-    Db.close();
-    process.exit(0);
-    throw new Error("Exiting");
-  });
-  app.post('/flushCache', function(req, res) {
-    Db.flushCache();
-    res.send("{}");
-  });
-  app.get('/processCronQueries', function(req, res) {
-    processCronQueries();
-    res.send("{}");
-  });
-
-  // Make sure all jobs have run and return
-  app.get('/processHuntJobs', function (req, res) {
-    processHuntJobs();
-
-    setTimeout(function checkHuntFinished() {
-      if (internals.runningHuntJob) {
-        setTimeout(checkHuntFinished, 1000);
-      } else {
-        Db.search("hunts", "hunt", {query: {term: {status: "queued"}}}, function(err, result) {
-          if (result.hits.total > 0) {
-            processHuntJobs();
-            setTimeout(checkHuntFinished, 1000);
-          } else {
-            res.send('{}');
-          }
-        });
-      }
-    }, 1000);
-  });
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-// Cyberchef
-//////////////////////////////////////////////////////////////////////////////////
-/* cyberchef endpoint - loads the src or dst packets for a session and
- * sends them to cyberchef */
-app.get('/cyberchef/:nodeName/session/:id', checkPermissions(['webEnabled']), checkProxyRequest, unsafeInlineCspHeader, (req, res) => {
-  processSessionIdAndDecode(req.params.id, 10000, function(err, session, results) {
-    if (err) {
-      console.log(`ERROR - /${req.params.nodeName}/session/${req.params.id}/cyberchef`, err);
-      return res.end("Error - " + err);
-    }
-
-    let data = '';
-    for (let i = (req.query.type !== 'dst'?0:1), ilen = results.length; i < ilen; i+=2) {
-      data += results[i].data.toString('hex');
-    }
-
-    res.send({ data: data });
-  });
-});
-
-app.use(['/cyberchef/', '/modules/'], unsafeInlineCspHeader, (req, res) => {
-  let found = false;
-  let path = req.path.substring(1);
-  if (req.baseUrl === '/modules') {
-    res.setHeader('Content-Type', 'application/javascript; charset=UTF-8');
-    path = 'modules/' + path;
-  }
-  if (path === '') {
-    path = `CyberChef_v${internals.CYBERCHEFVERSION}.html`;
-  }
-
-  fs.createReadStream(`public/CyberChef_v${internals.CYBERCHEFVERSION}.zip`)
-    .pipe(unzip.Parse())
-    .on('entry', function (entry) {
-      if (entry.path === path) {
-        entry.pipe(res);
-        found = true;
-      } else {
-        entry.autodrain();
-      }
-    })
-    .on('finish', function () {
-      if (!found) {
-        res.status(404).end('Page not found');
-      }
-    });
-});
-
-//////////////////////////////////////////////////////////////////////////////////
-// Vue app
-//////////////////////////////////////////////////////////////////////////////////
-const Vue = require('vue');
-const vueServerRenderer = require('vue-server-renderer');
-
-// Factory function to create fresh Vue apps
-function createApp () {
-  return new Vue({
-    template: `<div id="app"></div>`
-  });
-}
-
-// expose vue bundles (prod)
-app.use('/static', express.static(`${__dirname}/vueapp/dist/static`));
-// expose vue bundle (dev)
-app.use(['/app.js', '/vueapp/app.js'], express.static(`${__dirname}/vueapp/dist/app.js`));
-
-app.use(cspHeader, setCookie, (req, res) => {
-  if (!req.user.webEnabled) {
-    return res.status(403).send('Permission denied');
-  }
-
-  if (req.path === '/users' && !req.user.createEnabled) {
-    return res.status(403).send('Permission denied');
-  }
-
-  if (req.path === '/settings' && Config.get('demoMode', false)) {
-    return res.status(403).send('Permission denied');
-  }
-
-  const renderer = vueServerRenderer.createRenderer({
-    template: fs.readFileSync('./vueapp/dist/index.html', 'utf-8')
-  });
-
-  let theme = req.user.settings.theme || 'default-theme';
-  if (theme.startsWith('custom1')) { theme  = 'custom-theme'; }
-
-  let titleConfig = Config.get('titleTemplate', '_cluster_ - _page_ _-view_ _-expression_')
-    .replace(/_cluster_/g, internals.clusterName)
-    .replace(/_userId_/g, req.user?req.user.userId:'-')
-    .replace(/_userName_/g, req.user?req.user.userName:'-');
-
-  let limit = req.user.createEnabled ? Config.get('huntAdminLimit', 10000000) : Config.get('huntLimit', 1000000);
-
-  const appContext = {
-    theme: theme,
-    titleConfig: titleConfig,
-    path: app.locals.basePath,
-    version: app.locals.molochversion,
-    devMode: Config.get('devMode', false),
-    demoMode: Config.get('demoMode', false),
-    multiViewer: Config.get('multiES', false),
-    themeUrl: theme === 'custom-theme' ? 'user.css' : '',
-    huntWarn: Config.get('huntWarn', 100000),
-    huntLimit: limit,
-    serverNonce: res.locals.nonce
-  };
-
-  // Create a fresh Vue app instance
-  const vueApp = createApp();
-
-  // Render the Vue instance to HTML
-  renderer.renderToString(vueApp, appContext, (err, html) => {
-    if (err) {
-      console.log(err);
-      if (err.code === 404) {
-        res.status(404).end('Page not found');
-      } else {
-        res.status(500).end('Internal Server Error');
-      }
-      return;
-    }
-
-    res.send(html);
-  });
-});
-
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Cron Queries
-//////////////////////////////////////////////////////////////////////////////////
-
-/* Process a single cron query.  At max it will process 24 hours worth of data
- * to give other queries a chance to run.  Because its timestamp based and not
- * lastPacket based since 1.0 it now search all indices each time.
- */
-function processCronQuery(cq, options, query, endTime, cb) {
-  if (Config.debug > 2) {
-    console.log("CRON", cq.name, cq.creator, "- processCronQuery(", cq, options, query, endTime, ")");
-  }
-
-  var singleEndTime;
-  var count = 0;
-  async.doWhilst(function(whilstCb) {
-    // Process at most 24 hours
-    singleEndTime = Math.min(endTime, cq.lpValue + 24*60*60);
-    query.query.bool.filter[0] = {range: {timestamp: {gte: cq.lpValue*1000, lt: singleEndTime*1000}}};
-
-    if (Config.debug > 2) {
-      console.log("CRON", cq.name, cq.creator, "- start:", new Date(cq.lpValue*1000), "stop:", new Date(singleEndTime*1000), "end:", new Date(endTime*1000), "remaining runs:", ((endTime-singleEndTime)/(24*60*60.0)));
-    }
-
-    Db.search('sessions2-*', 'session', query, {scroll: '600s'}, function getMoreUntilDone(err, result) {
-      function doNext() {
-        count += result.hits.hits.length;
-
-        // No more data, all done
-        if (result.hits.hits.length === 0) {
-          Db.clearScroll({ body: { scroll_id: result._scroll_id } });
-          return setImmediate(whilstCb, "DONE");
-        } else {
-          var document = { doc: { count: (query.count || 0) + count} };
-          Db.update("queries", "query", options.qid, document, {refresh: true}, function () {});
-        }
-
-        query = {
-          body: {
-            scroll_id: result._scroll_id,
-          },
-          scroll: '600s'
-        };
-
-        Db.scroll(query, getMoreUntilDone);
-      }
-
-      if (err || result.error) {
-        console.log("cronQuery error", err, (result?result.error:null), "for", cq);
-        return setImmediate(whilstCb, "ERR");
-      }
-
-      var ids = [];
-      var hits = result.hits.hits;
-      var i, ilen;
-      if (cq.action.indexOf("forward:") === 0) {
-        for (i = 0, ilen = hits.length; i < ilen; i++) {
-          ids.push({id: hits[i]._id, node: hits[i]._source.node});
-        }
-
-        sendSessionsListQL(options, ids, doNext);
-      } else if (cq.action.indexOf("tag") === 0) {
-        for (i = 0, ilen = hits.length; i < ilen; i++) {
-          ids.push(hits[i]._id);
-        }
-
-        if (Config.debug > 1) {
-          console.log("CRON", cq.name, cq.creator, "- Updating tags:", ids.length);
-        }
-
-        var tags = options.tags.split(",");
-        sessionsListFromIds(null, ids, ["tags", "node"], function(err, list) {
-          addTagsList(tags, list, doNext);
-        });
-      } else {
-        console.log("Unknown action", cq);
-        doNext();
-      }
-    });
-  }, function () {
-    if (Config.debug > 1) {
-      console.log("CRON", cq.name, cq.creator, "- Continue process", singleEndTime, endTime);
-    }
-    return singleEndTime !== endTime;
-  }, function (err) {
-    cb(count, singleEndTime);
-  });
-}
-
-function processCronQueries() {
-  if (internals.cronRunning) {
-    console.log("processQueries already running", qlworking);
-    return;
-  }
-  internals.cronRunning = true;
-  if (Config.debug) {
-    console.log("CRON - cronRunning set to true");
-  }
-
-  var repeat;
-  async.doWhilst(function(whilstCb) {
-    repeat = false;
-    Db.search("queries", "query", {size: 1000}, function(err, data) {
-      if (err) {
-        internals.cronRunning = false;
-        console.log("processCronQueries", err);
-        return setImmediate(whilstCb, err);
-      }
-      var queries = {};
-      data.hits.hits.forEach(function(item) {
-        queries[item._id] = item._source;
-      });
-
-      // Delayed by the max Timeout
-      var endTime = Math.floor(Date.now()/1000) - internals.cronTimeout;
-
-      // Go thru the queries, fetch the user, make the query
-      async.eachSeries(Object.keys(queries), function (qid, forQueriesCb) {
-        var cq = queries[qid];
-        var cluster = null;
-
-        if (Config.debug > 1) {
-          console.log("CRON - Running", qid, cq);
-        }
-
-        if (!cq.enabled || endTime < cq.lpValue) {
-          return forQueriesCb();
-        }
-
-        if (cq.action.indexOf("forward:") === 0) {
-          cluster = cq.action.substring(8);
-        }
-
-        getUserCacheIncAnon(cq.creator, (err, user) => {
-          if (err && !user) {
-            return forQueriesCb();
-          }
-          if (!user || !user.found) {
-            console.log(`User ${cq.creator} doesn't exist`);
-            return forQueriesCb(null);
-          }
-          if (!user.enabled) {
-            console.log(`User ${cq.creator} not enabled`);
-            return forQueriesCb();
-          }
-
-          let options = {
-            user: user,
-            cluster: cluster,
-            saveId: Config.nodeName() + "-" + new Date().getTime().toString(36),
-            tags: cq.tags.replace(/[^-a-zA-Z0-9_:,]/g, ""),
-            qid: qid
-          };
-
-          Db.getLookupsCache(cq.creator, (err, lookups) => {
-            molochparser.parser.yy = {
-              emailSearch: user.emailSearch === true,
-              fieldsMap: Config.getFieldsMap(),
-              prefix: internals.prefix,
-              lookups: lookups,
-              lookupTypeMap: internals.lookupTypeMap
-            };
-
-            let query = {
-              from: 0,
-              size: 1000,
-              query: {bool: {filter: [{}]}},
-              _source: ["_id", "node"]
-            };
-
-            try {
-              query.query.bool.filter.push(molochparser.parse(cq.query));
-            } catch (e) {
-              console.log("Couldn't compile cron query expression", cq, e);
-              return forQueriesCb();
-            }
-
-            if (user.expression && user.expression.length > 0) {
-              try {
-                // Expression was set by admin, so assume email search ok
-                molochparser.parser.yy.emailSearch = true;
-                var userExpression = molochparser.parse(user.expression);
-                query.query.bool.filter.push(userExpression);
-              } catch (e) {
-                console.log("Couldn't compile user forced expression", user.expression, e);
-                return forQueriesCb();
-              }
-            }
-
-            lookupQueryItems(query.query.bool.filter, function (lerr) {
-              processCronQuery(cq, options, query, endTime, function (count, lpValue) {
-                if (Config.debug > 1) {
-                  console.log("CRON - setting lpValue", new Date(lpValue*1000));
-                }
-                // Do the ES update
-                let document = {
-                  doc: {
-                    lpValue: lpValue,
-                    lastRun: Math.floor(Date.now()/1000),
-                    count: (queries[qid].count || 0) + count
-                  }
-                };
-
-                function continueProcess () {
-                  Db.update('queries', 'query', qid, document, { refresh: true }, function () {
-                    // If there is more time to catch up on, repeat the loop, although other queries
-                    // will get processed first to be fair
-                    if (lpValue !== endTime) { repeat = true; }
-                    return forQueriesCb();
-                  });
-                }
-
-                // issue alert via notifier if the count has changed and it has been at least 10 minutes
-                if (cq.notifier && count && queries[qid].count !== document.doc.count &&
-                  (!cq.lastNotified || (Math.floor(Date.now()/1000) - cq.lastNotified >= 600))) {
-                  let newMatchCount = document.doc.lastNotifiedCount ? (document.doc.count - document.doc.lastNotifiedCount) : document.doc.count;
-                  let message = `*${cq.name}* cron query match alert:\n*${newMatchCount} new* matches\n*${document.doc.count} total* matches`;
-                  issueAlert(cq.notifier, message, continueProcess);
-                } else {
-                  return continueProcess();
-                }
-              });
-            });
-          });
-        });
-      }, function(err) {
-        if (Config.debug > 1) {
-          console.log("CRON - Finished one pass of all crons");
-        }
-        return setImmediate(whilstCb, err);
-      });
-    });
-  }, function () {
-    if (Config.debug > 1) {
-       console.log("CRON - Process again: ", repeat);
-    }
-    return repeat;
-  }, function (err) {
-    if (Config.debug) {
-      console.log("CRON - Should be up to date");
-    }
-    internals.cronRunning = false;
-  });
-}
-
-//////////////////////////////////////////////////////////////////////////////////
-//// Main
-//////////////////////////////////////////////////////////////////////////////////
-function main () {
-  Db.checkVersion(MIN_DB_VERSION, Config.get("passwordSecret") !== undefined);
-  Db.healthCache(function(err, health) {
-    internals.clusterName = health.cluster_name;
-  });
-
-  Db.nodesStats({metric: 'jvm,process,fs,os,indices,thread_pool'}, function (err, info) {
-    info.nodes.timestamp = new Date().getTime();
-    internals.previousNodesStats.push(info.nodes);
-  });
-
-  loadFields();
-  setInterval(loadFields, 2*60*1000);
-
-  loadPlugins();
-
-  var pcapWriteMethod = Config.get("pcapWriteMethod");
-  var writer = internals.writers[pcapWriteMethod];
-  if (!writer || writer.localNode === true) {
-    expireCheckAll();
-    setInterval(expireCheckAll, 60*1000);
-  }
-
-  createRightClicks();
-  setInterval(createRightClicks, 5*60*1000);
-
-  if (Config.get("cronQueries", false)) { // this viewer will process the cron queries
-    console.log("This node will process Cron Queries, delayed by", internals.cronTimeout, "seconds");
-    setInterval(processCronQueries, 60*1000);
-    setTimeout(processCronQueries, 1000);
-    setInterval(processHuntJobs, 10000);
-  }
-
-  var server;
-  if (Config.isHTTPS()) {
-    server = https.createServer({key: Config.keyFileData, cert: Config.certFileData, secureOptions: require('constants').SSL_OP_NO_TLSv1}, app);
-  } else {
-    server = http.createServer(app);
-  }
-
-  var viewHost = Config.get("viewHost", undefined);
-  if (internals.userNameHeader !== undefined && viewHost !== "localhost" && viewHost !== "127.0.0.1") {
-    console.log("SECURITY WARNING - when userNameHeader is set, viewHost should be localhost or use iptables");
-  }
-
-  server
-    .on('error', function (e) {
-      console.log("ERROR - couldn't listen on port", Config.get("viewPort", "8005"), "is viewer already running?");
-      process.exit(1);
-      throw new Error("Exiting");
-    })
-    .on('listening', function (e) {
-      console.log("Express server listening on port %d in %s mode", server.address().port, app.settings.env);
-    })
-    .listen(Config.get("viewPort", "8005"), viewHost);
-}
-//////////////////////////////////////////////////////////////////////////////////
-//// Command Line Parsing
-//////////////////////////////////////////////////////////////////////////////////
-function processArgs(argv) {
-  for (var i = 0, ilen = argv.length; i < ilen; i++) {
-    if (argv[i] === "--help") {
-      console.log("node.js [<options>]");
-      console.log("");
-      console.log("Options:");
-      console.log("  -c <config file>      Config file to use");
-      console.log("  -host <host name>     Host name to use, default os hostname");
-      console.log("  -n <node name>        Node name section to use in config file, default first part of hostname");
-      console.log("  --debug               Increase debug level, multiple are supported");
-      console.log("  --esprofile           Turn on profiling to es search queries");
-      console.log("  --insecure            Disable cert verification");
-
-      process.exit(0);
-    }
-  }
-}
-processArgs(process.argv);
-//////////////////////////////////////////////////////////////////////////////////
-//// DB
-//////////////////////////////////////////////////////////////////////////////////
-Db.initialize({host: internals.elasticBase,
-               prefix: Config.get("prefix", ""),
-               usersHost: Config.get('usersElasticsearch')?Config.getArray('usersElasticsearch', ',', ''):undefined,
-               usersPrefix: Config.get("usersPrefix"),
-               nodeName: Config.nodeName(),
-               esClientKey: Config.get("esClientKey", null),
-               esClientCert: Config.get("esClientCert", null),
-               esClientKeyPass: Config.get("esClientKeyPass", null),
-               multiES: Config.get('multiES', false),
-               insecure: Config.insecure,
-               ca: loadCaTrust(internals.nodeName),
-               requestTimeout: Config.get("elasticsearchTimeout", 300),
-               esProfile: Config.esProfile,
-               debug: Config.debug
-              }, main);
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index 141833662..dbdc3a653 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -113,12 +113,12 @@ $ /usr/sbin/tcpdump \
 
 ### <a name="molochCompile"></a>Compiling Moloch from source
 
-At the time of writing, the [current stable release](https://github.com/aol/moloch/blob/master/CHANGELOG) of Moloch is [v2.2.2](https://github.com/aol/moloch/releases/tag/v2.2.2). The following bash script was used to install Moloch's build dependencies, download Moloch, build a Debian .deb package using [fpm](https://github.com/jordansissel/fpm) and install it. In building Hedgehog Linux, the building of this .deb is done inside a Docker container dedicated to that purpose.
+At the time of writing, the [current stable release](https://github.com/aol/moloch/blob/master/CHANGELOG) of Moloch is [v2.2.3](https://github.com/aol/moloch/releases/tag/v2.2.3). The following bash script was used to install Moloch's build dependencies, download Moloch, build a Debian .deb package using [fpm](https://github.com/jordansissel/fpm) and install it. In building Hedgehog Linux, the building of this .deb is done inside a Docker container dedicated to that purpose.
 
 ```bash
 #!/bin/bash
 
-MOLOCH_VERSION="2.2.2"
+MOLOCH_VERSION="2.2.3"
 MOLOCHDIR="/opt/moloch"
 
 OUTPUT_DIR="/tmp"
diff --git a/sensor-iso/moloch/Dockerfile b/sensor-iso/moloch/Dockerfile
index 2540a68d4..2cdbccbb8 100644
--- a/sensor-iso/moloch/Dockerfile
+++ b/sensor-iso/moloch/Dockerfile
@@ -6,7 +6,7 @@ LABEL maintainer="malcolm.netsec@gmail.com"
 
 ENV DEBIAN_FRONTEND noninteractive
 
-ENV MOLOCH_VERSION "2.2.2"
+ENV MOLOCH_VERSION "2.2.3"
 ENV MOLOCHDIR "/opt/moloch"
 
 RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \

From 0819bf9aa69df1e95f6c3d339ebf4e2a1b6a155c Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Fri, 20 Mar 2020 14:45:35 -0600
Subject: [PATCH 142/183] should fix issue #114. I discovered that even though
 moloch-capture isn't writing the PCAP files, the pcapDir and maxFileSizeG
 values still matter for viewer to be able to delete managed pcap files.

---
 moloch/etc/config.ini | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/moloch/etc/config.ini b/moloch/etc/config.ini
index 0daa3b34d..2f3c0c9c5 100644
--- a/moloch/etc/config.ini
+++ b/moloch/etc/config.ini
@@ -12,9 +12,9 @@ httpRealm=Moloch
 interface=eth0
 wiseHost=127.0.0.1
 wisePort=8081
-pcapDir=/data/moloch/raw
+pcapDir=/data/pcap/processed
 readTruncatedPackets=true
-maxFileSizeG=12
+maxFileSizeG=1
 tcpTimeout=600
 tcpSaveTimeout=720
 udpTimeout=30

From b4b6586982a67ffa3b473462bbc2200e5222e667 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Fri, 20 Mar 2020 14:47:29 -0600
Subject: [PATCH 143/183] should fix issue #114. I discovered that even though
 moloch-capture isn't writing the PCAP files, the pcapDir and maxFileSizeG
 values still matter for viewer to be able to delete managed pcap files.

---
 moloch/etc/config.ini | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/moloch/etc/config.ini b/moloch/etc/config.ini
index 0daa3b34d..2f3c0c9c5 100644
--- a/moloch/etc/config.ini
+++ b/moloch/etc/config.ini
@@ -12,9 +12,9 @@ httpRealm=Moloch
 interface=eth0
 wiseHost=127.0.0.1
 wisePort=8081
-pcapDir=/data/moloch/raw
+pcapDir=/data/pcap/processed
 readTruncatedPackets=true
-maxFileSizeG=12
+maxFileSizeG=1
 tcpTimeout=600
 tcpSaveTimeout=720
 udpTimeout=30

From 2452268a42e1b25079d3ffa0dbbdf5624a44e4bf Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 23 Mar 2020 15:16:56 -0600
Subject: [PATCH 144/183] proof of concept for a segment mapping form

---
 .../segment_mapping_ui/jquery.min.js          |   4 +
 .../segment_mapping_ui/list.min.js            |   2 +
 .../segment_mapping_ui/mapping.css            | 189 ++++++++++++++++++
 .../segment_mapping_ui/mapping.html           | 157 +++++++++++++++
 4 files changed, 352 insertions(+)
 create mode 100644 docs/work_in_progress/segment_mapping_ui/jquery.min.js
 create mode 100644 docs/work_in_progress/segment_mapping_ui/list.min.js
 create mode 100644 docs/work_in_progress/segment_mapping_ui/mapping.css
 create mode 100644 docs/work_in_progress/segment_mapping_ui/mapping.html

diff --git a/docs/work_in_progress/segment_mapping_ui/jquery.min.js b/docs/work_in_progress/segment_mapping_ui/jquery.min.js
new file mode 100644
index 000000000..3684c36b5
--- /dev/null
+++ b/docs/work_in_progress/segment_mapping_ui/jquery.min.js
@@ -0,0 +1,4 @@
+/*! jQuery v1.6.4 http://jquery.com/ | http://jquery.org/license */
+(function(a,b){function cu(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cr(a){if(!cg[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci||!ch.createElement)ci=(ch.contentWindow||ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"")+"<html><body>"),ci.close();d=ci.createElement(a),ci.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ch)}cg[a]=e}return cg[a]}function cq(a,b){var c={};f.each(cm.concat.apply([],cm.slice(0,b)),function(){c[this]=a});return c}function cp(){cn=b}function co(){setTimeout(cp,0);return cn=f.now()}function cf(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ce(){try{return new a.XMLHttpRequest}catch(b){}}function b$(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g++){if(g===1)for(h in a.converters)typeof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k==="*")k=l;else if(l!=="*"&&l!==k){m=l+" "+k,n=e[m]||e["* "+k];if(!n){p=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1]+" "+k];if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No conversion from "+m.replace(" "," to ")),n!==!0&&(c=n?n(c):p(o(c)))}}return c}function bZ(a,c,d){var e=a.contents,f=a.dataTypes,g=a.responseFields,h,i,j,k;for(i in g)i in d&&(c[g[i]]=d[i]);while(f[0]==="*")f.shift(),h===b&&(h=a.mimeType||c.getResponseHeader("content-type"));if(h)for(i in e)if(e[i]&&e[i].test(h)){f.unshift(i);break}if(f[0]in d)j=f[0];else{for(i in d){if(!f[0]||a.converters[i+" "+f[0]]){j=i;break}k||(k=i)}j=j||k}if(j){j!==f[0]&&f.unshift(j);return d[j]}}function bY(a,b,c,d){if(f.isArray(b))f.each(b,function(b,e){c||bA.test(a)?d(a,e):bY(a+"["+(typeof e=="object"||f.isArray(e)?b:"")+"]",e,c,d)});else if(!c&&b!=null&&typeof b=="object")for(var e in b)bY(a+"["+e+"]",b[e],c,d);else d(a,b)}function bX(a,c){var d,e,g=f.ajaxSettings.flatOptions||{};for(d in c)c[d]!==b&&((g[d]?a:e||(e={}))[d]=c[d]);e&&f.extend(!0,a,e)}function bW(a,c,d,e,f,g){f=f||c.dataTypes[0],g=g||{},g[f]=!0;var h=a[f],i=0,j=h?h.length:0,k=a===bP,l;for(;i<j&&(k||!l);i++)l=h[i](c,d,e),typeof l=="string"&&(!k||g[l]?l=b:(c.dataTypes.unshift(l),l=bW(a,c,d,e,l,g)));(k||!l)&&!g["*"]&&(l=bW(a,c,d,e,"*",g));return l}function bV(a){return function(b,c){typeof b!="string"&&(c=b,b="*");if(f.isFunction(c)){var d=b.toLowerCase().split(bL),e=0,g=d.length,h,i,j;for(;e<g;e++)h=d[e],j=/^\+/.test(h),j&&(h=h.substr(1)||"*"),i=a[h]=a[h]||[],i[j?"unshift":"push"](c)}}}function by(a,b,c){var d=b==="width"?a.offsetWidth:a.offsetHeight,e=b==="width"?bt:bu;if(d>0){c!=="border"&&f.each(e,function(){c||(d-=parseFloat(f.css(a,"padding"+this))||0),c==="margin"?d+=parseFloat(f.css(a,c+this))||0:d-=parseFloat(f.css(a,"border"+this+"Width"))||0});return d+"px"}d=bv(a,b,b);if(d<0||d==null)d=a.style[b]||0;d=parseFloat(d)||0,c&&f.each(e,function(){d+=parseFloat(f.css(a,"padding"+this))||0,c!=="padding"&&(d+=parseFloat(f.css(a,"border"+this+"Width"))||0),c==="margin"&&(d+=parseFloat(f.css(a,c+this))||0)});return d+"px"}function bl(a,b){b.src?f.ajax({url:b.src,async:!1,dataType:"script"}):f.globalEval((b.text||b.textContent||b.innerHTML||"").replace(bd,"/*$0*/")),b.parentNode&&b.parentNode.removeChild(b)}function bk(a){f.nodeName(a,"input")?bj(a):"getElementsByTagName"in a&&f.grep(a.getElementsByTagName("input"),bj)}function bj(a){if(a.type==="checkbox"||a.type==="radio")a.defaultChecked=a.checked}function bi(a){return"getElementsByTagName"in a?a.getElementsByTagName("*"):"querySelectorAll"in a?a.querySelectorAll("*"):[]}function bh(a,b){var c;if(b.nodeType===1){b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mergeAttributes(a),c=b.nodeName.toLowerCase();if(c==="object")b.outerHTML=a.outerHTML;else if(c!=="input"||a.type!=="checkbox"&&a.type!=="radio"){if(c==="option")b.selected=a.defaultSelected;else if(c==="input"||c==="textarea")b.defaultValue=a.defaultValue}else a.checked&&(b.defaultChecked=b.checked=a.checked),b.value!==a.value&&(b.value=a.value);b.removeAttribute(f.expando)}}function bg(a,b){if(b.nodeType===1&&!!f.hasData(a)){var c=f.expando,d=f.data(a),e=f.data(b,d);if(d=d[c]){var g=d.events;e=e[c]=f.extend({},d);if(g){delete e.handle,e.events={};for(var h in g)for(var i=0,j=g[h].length;i<j;i++)f.event.add(b,h+(g[h][i].namespace?".":"")+g[h][i].namespace,g[h][i],g[h][i].data)}}}}function bf(a,b){return f.nodeName(a,"table")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function V(a,b,c){b=b||0;if(f.isFunction(b))return f.grep(a,function(a,d){var e=!!b.call(a,d,a);return e===c});if(b.nodeType)return f.grep(a,function(a,d){return a===b===c});if(typeof b=="string"){var d=f.grep(a,function(a){return a.nodeType===1});if(Q.test(b))return f.filter(b,d,!c);b=f.filter(b,d)}return f.grep(a,function(a,d){return f.inArray(a,b)>=0===c})}function U(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function M(a,b){return(a&&a!=="*"?a+".":"")+b.replace(y,"`").replace(z,"&")}function L(a){var b,c,d,e,g,h,i,j,k,l,m,n,o,p=[],q=[],r=f._data(this,"events");if(!(a.liveFired===this||!r||!r.live||a.target.disabled||a.button&&a.type==="click")){a.namespace&&(n=new RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)")),a.liveFired=this;var s=r.live.slice(0);for(i=0;i<s.length;i++)g=s[i],g.origType.replace(w,"")===a.type?q.push(g.selector):s.splice(i--,1);e=f(a.target).closest(q,a.currentTarget);for(j=0,k=e.length;j<k;j++){m=e[j];for(i=0;i<s.length;i++){g=s[i];if(m.selector===g.selector&&(!n||n.test(g.namespace))&&!m.elem.disabled){h=m.elem,d=null;if(g.preType==="mouseenter"||g.preType==="mouseleave")a.type=g.preType,d=f(a.relatedTarget).closest(g.selector)[0],d&&f.contains(h,d)&&(d=h);(!d||d!==h)&&p.push({elem:h,handleObj:g,level:m.level})}}}for(j=0,k=p.length;j<k;j++){e=p[j];if(c&&e.level>c)break;a.currentTarget=e.elem,a.data=e.handleObj.data,a.handleObj=e.handleObj,o=e.handleObj.origHandler.apply(e.elem,arguments);if(o===!1||a.isPropagationStopped()){c=e.level,o===!1&&(b=!1);if(a.isImmediatePropagationStopped())break}}return b}}function J(a,c,d){var e=f.extend({},d[0]);e.type=a,e.originalEvent={},e.liveFired=b,f.event.handle.call(c,e),e.isDefaultPrevented()&&d[0].preventDefault()}function D(){return!0}function C(){return!1}function m(a,c,d){var e=c+"defer",g=c+"queue",h=c+"mark",i=f.data(a,e,b,!0);i&&(d==="queue"||!f.data(a,g,b,!0))&&(d==="mark"||!f.data(a,h,b,!0))&&setTimeout(function(){!f.data(a,g,b,!0)&&!f.data(a,h,b,!0)&&(f.removeData(a,e,!0),i.resolve())},0)}function l(a){for(var b in a)if(b!=="toJSON")return!1;return!0}function k(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(j,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNaN(d)?i.test(d)?f.parseJSON(d):d:parseFloat(d)}catch(g){}f.data(a,c,d)}else d=b}return d}var c=a.document,d=a.navigator,e=a.location,f=function(){function K(){if(!e.isReady){try{c.documentElement.doScroll("left")}catch(a){setTimeout(K,1);return}e.ready()}}var e=function(a,b){return new e.fn.init(a,b,h)},f=a.jQuery,g=a.$,h,i=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/\d/,n=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,o=/^[\],:{}\s]*$/,p=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,q=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,r=/(?:^|:|,)(?:\s*\[)+/g,s=/(webkit)[ \/]([\w.]+)/,t=/(opera)(?:.*version)?[ \/]([\w.]+)/,u=/(msie) ([\w.]+)/,v=/(mozilla)(?:.*? rv:([\w.]+))?/,w=/-([a-z]|[0-9])/ig,x=/^-ms-/,y=function(a,b){return(b+"").toUpperCase()},z=d.userAgent,A,B,C,D=Object.prototype.toString,E=Object.prototype.hasOwnProperty,F=Array.prototype.push,G=Array.prototype.slice,H=String.prototype.trim,I=Array.prototype.indexOf,J={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=n.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.6.4",length:0,size:function(){return this.length},toArray:function(){return G.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?F.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),B.done(a);return this},eq:function(a){return a===-1?this.slice(a):this.slice(a,+a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(G.apply(this,arguments),"slice",G.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:F,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j<k;j++)if((a=arguments[j])!=null)for(c in a){d=i[c],f=a[c];if(i===f)continue;l&&f&&(e.isPlainObject(f)||(g=e.isArray(f)))?(g?(g=!1,h=d&&e.isArray(d)?d:[]):h=d&&e.isPlainObject(d)?d:{},i[c]=e.extend(l,h,f)):f!==b&&(i[c]=f)}return i},e.extend({noConflict:function(b){a.$===e&&(a.$=g),b&&a.jQuery===e&&(a.jQuery=f);return e},isReady:!1,readyWait:1,holdReady:function(a){a?e.readyWait++:e.ready(!0)},ready:function(a){if(a===!0&&!--e.readyWait||a!==!0&&!e.isReady){if(!c.body)return setTimeout(e.ready,1);e.isReady=!0;if(a!==!0&&--e.readyWait>0)return;B.resolveWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").unbind("ready")}},bindReady:function(){if(!B){B=e._Deferred();if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",C,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",C),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&K()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNaN:function(a){return a==null||!m.test(a)||isNaN(a)},type:function(a){return a==null?String(a):J[D.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!E.call(a,"constructor")&&!E.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||E.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw a},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(o.test(b.replace(p,"@").replace(q,"]").replace(r,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(x,"ms-").replace(w,y)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g<h;)if(c.apply(a[g++],d)===!1)break}else if(i){for(f in a)if(c.call(a[f],f,a[f])===!1)break}else for(;g<h;)if(c.call(a[g],g,a[g++])===!1)break;return a},trim:H?function(a){return a==null?"":H.call(a)}:function(a){return a==null?"":(a+"").replace(k,"").replace(l,"")},makeArray:function(a,b){var c=b||[];if(a!=null){var d=e.type(a);a.length==null||d==="string"||d==="function"||d==="regexp"||e.isWindow(a)?F.call(c,a):e.merge(c,a)}return c},inArray:function(a,b){if(!b)return-1;if(I)return I.call(b,a);for(var c=0,d=b.length;c<d;c++)if(b[c]===a)return c;return-1},merge:function(a,c){var d=a.length,e=0;if(typeof c.length=="number")for(var f=c.length;e<f;e++)a[d++]=c[e];else while(c[e]!==b)a[d++]=c[e++];a.length=d;return a},grep:function(a,b,c){var d=[],e;c=!!c;for(var f=0,g=a.length;f<g;f++)e=!!b(a[f],f),c!==e&&d.push(a[f]);return d},map:function(a,c,d){var f,g,h=[],i=0,j=a.length,k=a instanceof e||j!==b&&typeof j=="number"&&(j>0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i<j;i++)f=c(a[i],i,d),f!=null&&(h[h.length]=f);else for(g in a)f=c(a[g],g,d),f!=null&&(h[h.length]=f);return h.concat.apply([],h)},guid:1,proxy:function(a,c){if(typeof c=="string"){var d=a[c];c=a,a=d}if(!e.isFunction(a))return b;var f=G.call(arguments,2),g=function(){return a.apply(c,f.concat(G.call(arguments)))};g.guid=a.guid=a.guid||g.guid||e.guid++;return g},access:function(a,c,d,f,g,h){var i=a.length;if(typeof c=="object"){for(var j in c)e.access(a,j,c[j],f,g,d);return a}if(d!==b){f=!h&&f&&e.isFunction(d);for(var k=0;k<i;k++)g(a[k],c,f?d.call(a[k],k,g(a[k],c)):d,h);return a}return i?g(a[0],c):b},now:function(){return(new Date).getTime()},uaMatch:function(a){a=a.toLowerCase();var b=s.exec(a)||t.exec(a)||u.exec(a)||a.indexOf("compatible")<0&&v.exec(a)||[];return{browser:b[1]||"",version:b[2]||"0"}},sub:function(){function a(b,c){return new a.fn.init(b,c)}e.extend(!0,a,this),a.superclass=this,a.fn=a.prototype=this(),a.fn.constructor=a,a.sub=this.sub,a.fn.init=function(d,f){f&&f instanceof e&&!(f instanceof a)&&(f=a(f));return e.fn.init.call(this,d,f,b)},a.fn.init.prototype=a.fn;var b=a(c);return a},browser:{}}),e.each("Boolean Number String Function Array Date RegExp Object".split(" "),function(a,b){J["[object "+b+"]"]=b.toLowerCase()}),A=e.uaMatch(z),A.browser&&(e.browser[A.browser]=!0,e.browser.version=A.version),e.browser.webkit&&(e.browser.safari=!0),j.test(" ")&&(k=/^[\s\xA0]+/,l=/[\s\xA0]+$/),h=e(c),c.addEventListener?C=function(){c.removeEventListener("DOMContentLoaded",C,!1),e.ready()}:c.attachEvent&&(C=function(){c.readyState==="complete"&&(c.detachEvent("onreadystatechange",C),e.ready())});return e}(),g="done fail isResolved isRejected promise then always pipe".split(" "),h=[].slice;f.extend({_Deferred:function(){var a=[],b,c,d,e={done:function(){if(!d){var c=arguments,g,h,i,j,k;b&&(k=b,b=0);for(g=0,h=c.length;g<h;g++)i=c[g],j=f.type(i),j==="array"?e.done.apply(e,i):j==="function"&&a.push(i);k&&e.resolveWith(k[0],k[1])}return this},resolveWith:function(e,f){if(!d&&!b&&!c){f=f||[],c=1;try{while(a[0])a.shift().apply(e,f)}finally{b=[e,f],c=0}}return this},resolve:function(){e.resolveWith(this,arguments);return this},isResolved:function(){return!!c||!!b},cancel:function(){d=1,a=[];return this}};return e},Deferred:function(a){var b=f._Deferred(),c=f._Deferred(),d;f.extend(b,{then:function(a,c){b.done(a).fail(c);return this},always:function(){return b.done.apply(b,arguments).fail.apply(this,arguments)},fail:c.done,rejectWith:c.resolveWith,reject:c.resolve,isRejected:c.isResolved,pipe:function(a,c){return f.Deferred(function(d){f.each({done:[a,"resolve"],fail:[c,"reject"]},function(a,c){var e=c[0],g=c[1],h;f.isFunction(e)?b[a](function(){h=e.apply(this,arguments),h&&f.isFunction(h.promise)?h.promise().then(d.resolve,d.reject):d[g+"With"](this===b?d:this,[h])}):b[a](d[g])})}).promise()},promise:function(a){if(a==null){if(d)return d;d=a={}}var c=g.length;while(c--)a[g[c]]=b[g[c]];return a}}),b.done(c.cancel).fail(b.cancel),delete b.cancel,a&&a.call(b,b);return b},when:function(a){function i(a){return function(c){b[a]=arguments.length>1?h.call(arguments,0):c,--e||g.resolveWith(g,h.call(b,0))}}var b=arguments,c=0,d=b.length,e=d,g=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred();if(d>1){for(;c<d;c++)b[c]&&f.isFunction(b[c].promise)?b[c].promise().then(i(c),g.reject):--e;e||g.resolveWith(g,b)}else g!==a&&g.resolveWith(g,d?[a]:[]);return g.promise()}}),f.support=function(){var a=c.createElement("div"),b=c.documentElement,d,e,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u;a.setAttribute("className","t"),a.innerHTML="   <link/><table></table><a href='/a' style='top:1px;float:left;opacity:.55;'>a</a><input type='checkbox'/>",d=a.getElementsByTagName("*"),e=a.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=a.getElementsByTagName("input")[0],k={leadingWhitespace:a.firstChild.nodeType===3,tbody:!a.getElementsByTagName("tbody").length,htmlSerialize:!!a.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55$/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:a.className!=="t",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,k.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,k.optDisabled=!h.disabled;try{delete a.test}catch(v){k.deleteExpando=!1}!a.addEventListener&&a.attachEvent&&a.fireEvent&&(a.attachEvent("onclick",function(){k.noCloneEvent=!1}),a.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),k.radioValue=i.value==="t",i.setAttribute("checked","checked"),a.appendChild(i),l=c.createDocumentFragment(),l.appendChild(a.firstChild),k.checkClone=l.cloneNode(!0).cloneNode(!0).lastChild.checked,a.innerHTML="",a.style.width=a.style.paddingLeft="1px",m=c.getElementsByTagName("body")[0],o=c.createElement(m?"div":"body"),p={visibility:"hidden",width:0,height:0,border:0,margin:0,background:"none"},m&&f.extend(p,{position:"absolute",left:"-1000px",top:"-1000px"});for(t in p)o.style[t]=p[t];o.appendChild(a),n=m||b,n.insertBefore(o,n.firstChild),k.appendChecked=i.checked,k.boxModel=a.offsetWidth===2,"zoom"in a.style&&(a.style.display="inline",a.style.zoom=1,k.inlineBlockNeedsLayout=a.offsetWidth===2,a.style.display="",a.innerHTML="<div style='width:4px;'></div>",k.shrinkWrapBlocks=a.offsetWidth!==2),a.innerHTML="<table><tr><td style='padding:0;border:0;display:none'></td><td>t</td></tr></table>",q=a.getElementsByTagName("td"),u=q[0].offsetHeight===0,q[0].style.display="",q[1].style.display="none",k.reliableHiddenOffsets=u&&q[0].offsetHeight===0,a.innerHTML="",c.defaultView&&c.defaultView.getComputedStyle&&(j=c.createElement("div"),j.style.width="0",j.style.marginRight="0",a.appendChild(j),k.reliableMarginRight=(parseInt((c.defaultView.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0),o.innerHTML="",n.removeChild(o);if(a.attachEvent)for(t in{submit:1,change:1,focusin:1})s="on"+t,u=s in a,u||(a.setAttribute(s,"return;"),u=typeof a[s]=="function"),k[t+"Bubbles"]=u;o=l=g=h=m=j=a=i=null;return k}(),f.boxModel=f.support.boxModel;var i=/^(?:\{.*\}|\[.*\])$/,j=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!l(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i=f.expando,j=typeof c=="string",k=a.nodeType,l=k?f.cache:a,m=k?a[f.expando]:a[f.expando]&&f.expando;if((!m||e&&m&&l[m]&&!l[m][i])&&j&&d===b)return;m||(k?a[f.expando]=m=++f.uuid:m=f.expando),l[m]||(l[m]={},k||(l[m].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?l[m][i]=f.extend(l[m][i],c):l[m]=f.extend(l[m],c);g=l[m],e&&(g[i]||(g[i]={}),g=g[i]),d!==b&&(g[f.camelCase(c)]=d);if(c==="events"&&!g[c])return g[i]&&g[i].events;j?(h=g[c],h==null&&(h=g[f.camelCase(c)])):h=g;return h}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e=f.expando,g=a.nodeType,h=g?f.cache:a,i=g?a[f.expando]:f.expando;if(!h[i])return;if(b){d=c?h[i][e]:h[i];if(d){d[b]||(b=f.camelCase(b)),delete d[b];if(!l(d))return}}if(c){delete h[i][e];if(!l(h[i]))return}var j=h[i][e];f.support.deleteExpando||!h.setInterval?delete h[i]:h[i]=null,j?(h[i]={},g||(h[i].toJSON=f.noop),h[i][e]=j):g&&(f.support.deleteExpando?delete a[f.expando]:a.removeAttribute?a.removeAttribute(f.expando):a[f.expando]=null)}},_data:function(a,b,c){return f.data(a,b,c,!0)},acceptData:function(a){if(a.nodeName){var b=f.noData[a.nodeName.toLowerCase()];if(b)return b!==!0&&a.getAttribute("classid")===b}return!0}}),f.fn.extend({data:function(a,c){var d=null;if(typeof a=="undefined"){if(this.length){d=f.data(this[0]);if(this[0].nodeType===1){var e=this[0].attributes,g;for(var h=0,i=e.length;h<i;h++)g=e[h].name,g.indexOf("data-")===0&&(g=f.camelCase(g.substring(5)),k(this[0],g,d[g]))}}return d}if(typeof a=="object")return this.each(function(){f.data(this,a)});var j=a.split(".");j[1]=j[1]?"."+j[1]:"";if(c===b){d=this.triggerHandler("getData"+j[1]+"!",[j[0]]),d===b&&this.length&&(d=f.data(this[0],a),d=k(this[0],a,d));return d===b&&j[1]?this.data(j[0]):d}return this.each(function(){var b=f(this),d=[j[0],c];b.triggerHandler("setData"+j[1]+"!",d),f.data(this,a,c),b.triggerHandler("changeData"+j[1]+"!",d)})},removeData:function(a){return this.each(function(){f.removeData(this,a)})}}),f.extend({_mark:function(a,c){a&&(c=(c||"fx")+"mark",f.data(a,c,(f.data(a,c,b,!0)||0)+1,!0))},_unmark:function(a,c,d){a!==!0&&(d=c,c=a,a=!1);if(c){d=d||"fx";var e=d+"mark",g=a?0:(f.data(c,e,b,!0)||1)-1;g?f.data(c,e,g,!0):(f.removeData(c,e,!0),m(c,d,"mark"))}},queue:function(a,c,d){if(a){c=(c||"fx")+"queue";var e=f.data(a,c,b,!0);d&&(!e||f.isArray(d)?e=f.data(a,c,f.makeArray(d),!0):e.push(d));return e||[]}},dequeue:function(a,b){b=b||"fx";var c=f.queue(a,b),d=c.shift(),e;d==="inprogress"&&(d=c.shift()),d&&(b==="fx"&&c.unshift("inprogress"),d.call(a,function(){f.dequeue(a,b)})),c.length||(f.removeData(a,b+"queue",!0),m(a,b,"queue"))}}),f.fn.extend({queue:function(a,c){typeof a!="string"&&(c=a,a="fx");if(c===b)return f.queue(this[0],a);return this.each(function(){var b=f.queue(this,a,c);a==="fx"&&b[0]!=="inprogress"&&f.dequeue(this,a)})},dequeue:function(a){return this.each(function(){f.dequeue(this,a)})},delay:function(a,b){a=f.fx?f.fx.speeds[a]||a:a,b=b||"fx";return this.queue(b,function(){var c=this;setTimeout(function(){f.dequeue(c,b)},a)})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,c){function m(){--h||d.resolveWith(e,[e])}typeof a!="string"&&(c=a,a=b),a=a||"fx";var d=f.Deferred(),e=this,g=e.length,h=1,i=a+"defer",j=a+"queue",k=a+"mark",l;while(g--)if(l=f.data(e[g],i,b,!0)||(f.data(e[g],j,b,!0)||f.data(e[g],k,b,!0))&&f.data(e[g],i,f._Deferred(),!0))h++,l.done(m);m();return d.promise()}});var n=/[\n\t\r]/g,o=/\s+/,p=/\r/g,q=/^(?:button|input)$/i,r=/^(?:button|input|object|select|textarea)$/i,s=/^a(?:rea)?$/i,t=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,u,v;f.fn.extend({attr:function(a,b){return f.access(this,a,b,!0,f.attr)},removeAttr:function(a){return this.each(function(){f.removeAttr(this,a)})},prop:function(a,b){return f.access(this,a,b,!0,f.prop)},removeProp:function(a){a=f.propFix[a]||a;return this.each(function(){try{this[a]=b,delete this[a]}catch(c){}})},addClass:function(a){var b,c,d,e,g,h,i;if(f.isFunction(a))return this.each(function(b){f(this).addClass(a.call(this,b,this.className))});if(a&&typeof a=="string"){b=a.split(o);for(c=0,d=this.length;c<d;c++){e=this[c];if(e.nodeType===1)if(!e.className&&b.length===1)e.className=a;else{g=" "+e.className+" ";for(h=0,i=b.length;h<i;h++)~g.indexOf(" "+b[h]+" ")||(g+=b[h]+" ");e.className=f.trim(g)}}}return this},removeClass:function(a){var c,d,e,g,h,i,j;if(f.isFunction(a))return this.each(function(b){f(this).removeClass(a.call(this,b,this.className))});if(a&&typeof a=="string"||a===b){c=(a||"").split(o);for(d=0,e=this.length;d<e;d++){g=this[d];if(g.nodeType===1&&g.className)if(a){h=(" "+g.className+" ").replace(n," ");for(i=0,j=c.length;i<j;i++)h=h.replace(" "+c[i]+" "," ");g.className=f.trim(h)}else g.className=""}}return this},toggleClass:function(a,b){var c=typeof a,d=typeof b=="boolean";if(f.isFunction(a))return this.each(function(c){f(this).toggleClass(a.call(this,c,this.className,b),b)});return this.each(function(){if(c==="string"){var e,g=0,h=f(this),i=b,j=a.split(o);while(e=j[g++])i=d?i:!h.hasClass(e),h[i?"addClass":"removeClass"](e)}else if(c==="undefined"||c==="boolean")this.className&&f._data(this,"__className__",this.className),this.className=this.className||a===!1?"":f._data(this,"__className__")||""})},hasClass:function(a){var b=" "+a+" ";for(var c=0,d=this.length;c<d;c++)if(this[c].nodeType===1&&(" "+this[c].className+" ").replace(n," ").indexOf(b)>-1)return!0;return!1},val:function(a){var c,d,e=this[0];if(!arguments.length){if(e){c=f.valHooks[e.nodeName.toLowerCase()]||f.valHooks[e.type];if(c&&"get"in c&&(d=c.get(e,"value"))!==b)return d;d=e.value;return typeof d=="string"?d.replace(p,""):d==null?"":d}return b}var g=f.isFunction(a);return this.each(function(d){var e=f(this),h;if(this.nodeType===1){g?h=a.call(this,d,e.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c=a.selectedIndex,d=[],e=a.options,g=a.type==="select-one";if(c<0)return null;for(var h=g?c:0,i=g?c+1:e.length;h<i;h++){var j=e[h];if(j.selected&&(f.support.optDisabled?!j.disabled:j.getAttribute("disabled")===null)&&(!j.parentNode.disabled||!f.nodeName(j.parentNode,"optgroup"))){b=f(j).val();if(g)return b;d.push(b)}}if(g&&!d.length&&e.length)return f(e[c]).val();return d},set:function(a,b){var c=f.makeArray(b);f(a).find("option").each(function(){this.selected=f.inArray(f(this).val(),c)>=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attrFix:{tabindex:"tabIndex"},attr:function(a,c,d,e){var g=a.nodeType;if(!a||g===3||g===8||g===2)return b;if(e&&c in f.attrFn)return f(a)[c](d);if(!("getAttribute"in a))return f.prop(a,c,d);var h,i,j=g!==1||!f.isXMLDoc(a);j&&(c=f.attrFix[c]||c,i=f.attrHooks[c],i||(t.test(c)?i=v:u&&(i=u)));if(d!==b){if(d===null){f.removeAttr(a,c);return b}if(i&&"set"in i&&j&&(h=i.set(a,d,c))!==b)return h;a.setAttribute(c,""+d);return d}if(i&&"get"in i&&j&&(h=i.get(a,c))!==null)return h;h=a.getAttribute(c);return h===null?b:h},removeAttr:function(a,b){var c;a.nodeType===1&&(b=f.attrFix[b]||b,f.attr(a,b,""),a.removeAttribute(b),t.test(b)&&(c=f.propFix[b]||b)in a&&(a[c]=!1))},attrHooks:{type:{set:function(a,b){if(q.test(a.nodeName)&&a.parentNode)f.error("type property can't be changed");else if(!f.support.radioValue&&b==="radio"&&f.nodeName(a,"input")){var c=a.value;a.setAttribute("type",b),c&&(a.value=c);return b}}},value:{get:function(a,b){if(u&&f.nodeName(a,"button"))return u.get(a,b);return b in a?a.value:null},set:function(a,b,c){if(u&&f.nodeName(a,"button"))return u.set(a,b,c);a.value=b}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(a,c,d){var e=a.nodeType;if(!a||e===3||e===8||e===2)return b;var g,h,i=e!==1||!f.isXMLDoc(a);i&&(c=f.propFix[c]||c,h=f.propHooks[c]);return d!==b?h&&"set"in h&&(g=h.set(a,d,c))!==b?g:a[c]=d:h&&"get"in h&&(g=h.get(a,c))!==null?g:a[c]},propHooks:{tabIndex:{get:function(a){var c=a.getAttributeNode("tabindex");return c&&c.specified?parseInt(c.value,10):r.test(a.nodeName)||s.test(a.nodeName)&&a.href?0:b}}}}),f.attrHooks.tabIndex=f.propHooks.tabIndex,v={get:function(a,c){var d;return f.prop(a,c)===!0||(d=a.getAttributeNode(c))&&d.nodeValue!==!1?c.toLowerCase():b},set:function(a,b,c){var d;b===!1?f.removeAttr(a,c):(d=f.propFix[c]||c,d in a&&(a[d]=!0),a.setAttribute(c,c.toLowerCase()));return c}},f.support.getSetAttribute||(u=f.valHooks.button={get:function(a,c){var d;d=a.getAttributeNode(c);return d&&d.nodeValue!==""?d.nodeValue:b},set:function(a,b,d){var e=a.getAttributeNode(d);e||(e=c.createAttribute(d),a.setAttributeNode(e));return e.nodeValue=b+""}},f.each(["width","height"],function(a,b){f.attrHooks[b]=f.extend(f.attrHooks[b],{set:function(a,c){if(c===""){a.setAttribute(b,"auto");return c}}})})),f.support.hrefNormalized||f.each(["href","src","width","height"],function(a,c){f.attrHooks[c]=f.extend(f.attrHooks[c],{get:function(a){var d=a.getAttribute(c,2);return d===null?b:d}})}),f.support.style||(f.attrHooks.style={get:function(a){return a.style.cssText.toLowerCase()||b},set:function(a,b){return a.style.cssText=""+b}}),f.support.optSelected||(f.propHooks.selected=f.extend(f.propHooks.selected,{get:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex);return null}})),f.support.checkOn||f.each(["radio","checkbox"],function(){f.valHooks[this]={get:function(a){return a.getAttribute("value")===null?"on":a.value}}}),f.each(["radio","checkbox"],function(){f.valHooks[this]=f.extend(f.valHooks[this],{set:function(a,b){if(f.isArray(b))return a.checked=f.inArray(f(a).val(),b)>=0}})});var w=/\.(.*)$/,x=/^(?:textarea|input|select)$/i,y=/\./g,z=/ /g,A=/[^\w\s.|`]/g,B=function(a){return a.replace(A,"\\$&")};f.event={add:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){if(d===!1)d=C;else if(!d)return;var g,h;d.handler&&(g=d,d=g.handler),d.guid||(d.guid=f.guid++);var i=f._data(a);if(!i)return;var j=i.events,k=i.handle;j||(i.events=j={}),k||(i.handle=k=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.handle.apply(k.elem,arguments):b}),k.elem=a,c=c.split(" ");var l,m=0,n;while(l=c[m++]){h=g?f.extend({},g):{handler:d,data:e},l.indexOf(".")>-1?(n=l.split("."),l=n.shift(),h.namespace=n.slice(0).sort().join(".")):(n=[],h.namespace=""),h.type=l,h.guid||(h.guid=d.guid);var o=j[l],p=f.event.special[l]||{};if(!o){o=j[l]=[];if(!p.setup||p.setup.call(a,e,n,k)===!1)a.addEventListener?a.addEventListener(l,k,!1):a.attachEvent&&a.attachEvent("on"+l,k)}p.add&&(p.add.call(a,h),h.handler.guid||(h.handler.guid=d.guid)),o.push(h),f.event.global[l]=!0}a=null}},global:{},remove:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){d===!1&&(d=C);var g,h,i,j,k=0,l,m,n,o,p,q,r,s=f.hasData(a)&&f._data(a),t=s&&s.events;if(!s||!t)return;c&&c.type&&(d=c.handler,c=c.type);if(!c||typeof c=="string"&&c.charAt(0)==="."){c=c||"";for(h in t)f.event.remove(a,h+c);return}c=c.split(" ");while(h=c[k++]){r=h,q=null,l=h.indexOf(".")<0,m=[],l||(m=h.split("."),h=m.shift(),n=new RegExp("(^|\\.)"+f.map(m.slice(0).sort(),B).join("\\.(?:.*\\.)?")+"(\\.|$)")),p=t[h];if(!p)continue;if(!d){for(j=0;j<p.length;j++){q=p[j];if(l||n.test(q.namespace))f.event.remove(a,r,q.handler,j),p.splice(j--,1)}continue}o=f.event.special[h]||{};for(j=e||0;j<p.length;j++){q=p[j];if(d.guid===q.guid){if(l||n.test(q.namespace))e==null&&p.splice(j--,1),o.remove&&o.remove.call(a,q);if(e!=null)break}}if(p.length===0||e!=null&&p.length===1)(!o.teardown||o.teardown.call(a,m)===!1)&&f.removeEvent(a,h,s.handle),g=null,delete 
+t[h]}if(f.isEmptyObject(t)){var u=s.handle;u&&(u.elem=null),delete s.events,delete s.handle,f.isEmptyObject(s)&&f.removeData(a,b,!0)}}},customEvent:{getData:!0,setData:!0,changeData:!0},trigger:function(c,d,e,g){var h=c.type||c,i=[],j;h.indexOf("!")>=0&&(h=h.slice(0,-1),j=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if(!!e&&!f.event.customEvent[h]||!!f.event.global[h]){c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.exclusive=j,c.namespace=i.join("."),c.namespace_re=new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)");if(g||!e)c.preventDefault(),c.stopPropagation();if(!e){f.each(f.cache,function(){var a=f.expando,b=this[a];b&&b.events&&b.events[h]&&f.event.trigger(c,d,b.handle.elem)});return}if(e.nodeType===3||e.nodeType===8)return;c.result=b,c.target=e,d=d!=null?f.makeArray(d):[],d.unshift(c);var k=e,l=h.indexOf(":")<0?"on"+h:"";do{var m=f._data(k,"handle");c.currentTarget=k,m&&m.apply(k,d),l&&f.acceptData(k)&&k[l]&&k[l].apply(k,d)===!1&&(c.result=!1,c.preventDefault()),k=k.parentNode||k.ownerDocument||k===c.target.ownerDocument&&a}while(k&&!c.isPropagationStopped());if(!c.isDefaultPrevented()){var n,o=f.event.special[h]||{};if((!o._default||o._default.call(e.ownerDocument,c)===!1)&&(h!=="click"||!f.nodeName(e,"a"))&&f.acceptData(e)){try{l&&e[h]&&(n=e[l],n&&(e[l]=null),f.event.triggered=h,e[h]())}catch(p){}n&&(e[l]=n),f.event.triggered=b}}return c.result}},handle:function(c){c=f.event.fix(c||a.event);var d=((f._data(this,"events")||{})[c.type]||[]).slice(0),e=!c.exclusive&&!c.namespace,g=Array.prototype.slice.call(arguments,0);g[0]=c,c.currentTarget=this;for(var h=0,i=d.length;h<i;h++){var j=d[h];if(e||c.namespace_re.test(j.namespace)){c.handler=j.handler,c.data=j.data,c.handleObj=j;var k=j.handler.apply(this,g);k!==b&&(c.result=k,k===!1&&(c.preventDefault(),c.stopPropagation()));if(c.isImmediatePropagationStopped())break}}return c.result},props:"altKey attrChange attrName bubbles button cancelable charCode clientX clientY ctrlKey currentTarget data detail eventPhase fromElement handler keyCode layerX layerY metaKey newValue offsetX offsetY pageX pageY prevValue relatedNode relatedTarget screenX screenY shiftKey srcElement target toElement view wheelDelta which".split(" "),fix:function(a){if(a[f.expando])return a;var d=a;a=f.Event(d);for(var e=this.props.length,g;e;)g=this.props[--e],a[g]=d[g];a.target||(a.target=a.srcElement||c),a.target.nodeType===3&&(a.target=a.target.parentNode),!a.relatedTarget&&a.fromElement&&(a.relatedTarget=a.fromElement===a.target?a.toElement:a.fromElement);if(a.pageX==null&&a.clientX!=null){var h=a.target.ownerDocument||c,i=h.documentElement,j=h.body;a.pageX=a.clientX+(i&&i.scrollLeft||j&&j.scrollLeft||0)-(i&&i.clientLeft||j&&j.clientLeft||0),a.pageY=a.clientY+(i&&i.scrollTop||j&&j.scrollTop||0)-(i&&i.clientTop||j&&j.clientTop||0)}a.which==null&&(a.charCode!=null||a.keyCode!=null)&&(a.which=a.charCode!=null?a.charCode:a.keyCode),!a.metaKey&&a.ctrlKey&&(a.metaKey=a.ctrlKey),!a.which&&a.button!==b&&(a.which=a.button&1?1:a.button&2?3:a.button&4?2:0);return a},guid:1e8,proxy:f.proxy,special:{ready:{setup:f.bindReady,teardown:f.noop},live:{add:function(a){f.event.add(this,M(a.origType,a.selector),f.extend({},a,{handler:L,guid:a.handler.guid}))},remove:function(a){f.event.remove(this,M(a.origType,a.selector),a)}},beforeunload:{setup:function(a,b,c){f.isWindow(this)&&(this.onbeforeunload=c)},teardown:function(a,b){this.onbeforeunload===b&&(this.onbeforeunload=null)}}}},f.removeEvent=c.removeEventListener?function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c,!1)}:function(a,b,c){a.detachEvent&&a.detachEvent("on"+b,c)},f.Event=function(a,b){if(!this.preventDefault)return new f.Event(a,b);a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||a.returnValue===!1||a.getPreventDefault&&a.getPreventDefault()?D:C):this.type=a,b&&f.extend(this,b),this.timeStamp=f.now(),this[f.expando]=!0},f.Event.prototype={preventDefault:function(){this.isDefaultPrevented=D;var a=this.originalEvent;!a||(a.preventDefault?a.preventDefault():a.returnValue=!1)},stopPropagation:function(){this.isPropagationStopped=D;var a=this.originalEvent;!a||(a.stopPropagation&&a.stopPropagation(),a.cancelBubble=!0)},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=D,this.stopPropagation()},isDefaultPrevented:C,isPropagationStopped:C,isImmediatePropagationStopped:C};var E=function(a){var b=a.relatedTarget,c=!1,d=a.type;a.type=a.data,b!==this&&(b&&(c=f.contains(this,b)),c||(f.event.handle.apply(this,arguments),a.type=d))},F=function(a){a.type=a.data,f.event.handle.apply(this,arguments)};f.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(a,b){f.event.special[a]={setup:function(c){f.event.add(this,b,c&&c.selector?F:E,a)},teardown:function(a){f.event.remove(this,b,a&&a.selector?F:E)}}}),f.support.submitBubbles||(f.event.special.submit={setup:function(a,b){if(!f.nodeName(this,"form"))f.event.add(this,"click.specialSubmit",function(a){var b=a.target,c=f.nodeName(b,"input")||f.nodeName(b,"button")?b.type:"";(c==="submit"||c==="image")&&f(b).closest("form").length&&J("submit",this,arguments)}),f.event.add(this,"keypress.specialSubmit",function(a){var b=a.target,c=f.nodeName(b,"input")||f.nodeName(b,"button")?b.type:"";(c==="text"||c==="password")&&f(b).closest("form").length&&a.keyCode===13&&J("submit",this,arguments)});else return!1},teardown:function(a){f.event.remove(this,".specialSubmit")}});if(!f.support.changeBubbles){var G,H=function(a){var b=f.nodeName(a,"input")?a.type:"",c=a.value;b==="radio"||b==="checkbox"?c=a.checked:b==="select-multiple"?c=a.selectedIndex>-1?f.map(a.options,function(a){return a.selected}).join("-"):"":f.nodeName(a,"select")&&(c=a.selectedIndex);return c},I=function(c){var d=c.target,e,g;if(!!x.test(d.nodeName)&&!d.readOnly){e=f._data(d,"_change_data"),g=H(d),(c.type!=="focusout"||d.type!=="radio")&&f._data(d,"_change_data",g);if(e===b||g===e)return;if(e!=null||g)c.type="change",c.liveFired=b,f.event.trigger(c,arguments[1],d)}};f.event.special.change={filters:{focusout:I,beforedeactivate:I,click:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(c==="radio"||c==="checkbox"||f.nodeName(b,"select"))&&I.call(this,a)},keydown:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(a.keyCode===13&&!f.nodeName(b,"textarea")||a.keyCode===32&&(c==="checkbox"||c==="radio")||c==="select-multiple")&&I.call(this,a)},beforeactivate:function(a){var b=a.target;f._data(b,"_change_data",H(b))}},setup:function(a,b){if(this.type==="file")return!1;for(var c in G)f.event.add(this,c+".specialChange",G[c]);return x.test(this.nodeName)},teardown:function(a){f.event.remove(this,".specialChange");return x.test(this.nodeName)}},G=f.event.special.change.filters,G.focus=G.beforeactivate}f.support.focusinBubbles||f.each({focus:"focusin",blur:"focusout"},function(a,b){function e(a){var c=f.event.fix(a);c.type=b,c.originalEvent={},f.event.trigger(c,null,c.target),c.isDefaultPrevented()&&a.preventDefault()}var d=0;f.event.special[b]={setup:function(){d++===0&&c.addEventListener(a,e,!0)},teardown:function(){--d===0&&c.removeEventListener(a,e,!0)}}}),f.each(["bind","one"],function(a,c){f.fn[c]=function(a,d,e){var g;if(typeof a=="object"){for(var h in a)this[c](h,d,a[h],e);return this}if(arguments.length===2||d===!1)e=d,d=b;c==="one"?(g=function(a){f(this).unbind(a,g);return e.apply(this,arguments)},g.guid=e.guid||f.guid++):g=e;if(a==="unload"&&c!=="one")this.one(a,d,e);else for(var i=0,j=this.length;i<j;i++)f.event.add(this[i],a,g,d);return this}}),f.fn.extend({unbind:function(a,b){if(typeof a=="object"&&!a.preventDefault)for(var c in a)this.unbind(c,a[c]);else for(var d=0,e=this.length;d<e;d++)f.event.remove(this[d],a,b);return this},delegate:function(a,b,c,d){return this.live(b,c,d,a)},undelegate:function(a,b,c){return arguments.length===0?this.unbind("live"):this.die(b,null,c,a)},trigger:function(a,b){return this.each(function(){f.event.trigger(a,b,this)})},triggerHandler:function(a,b){if(this[0])return f.event.trigger(a,b,this[0],!0)},toggle:function(a){var b=arguments,c=a.guid||f.guid++,d=0,e=function(c){var e=(f.data(this,"lastToggle"+a.guid)||0)%d;f.data(this,"lastToggle"+a.guid,e+1),c.preventDefault();return b[e].apply(this,arguments)||!1};e.guid=c;while(d<b.length)b[d++].guid=c;return this.click(e)},hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}});var K={focus:"focusin",blur:"focusout",mouseenter:"mouseover",mouseleave:"mouseout"};f.each(["live","die"],function(a,c){f.fn[c]=function(a,d,e,g){var h,i=0,j,k,l,m=g||this.selector,n=g?this:f(this.context);if(typeof a=="object"&&!a.preventDefault){for(var o in a)n[c](o,d,a[o],m);return this}if(c==="die"&&!a&&g&&g.charAt(0)==="."){n.unbind(g);return this}if(d===!1||f.isFunction(d))e=d||C,d=b;a=(a||"").split(" ");while((h=a[i++])!=null){j=w.exec(h),k="",j&&(k=j[0],h=h.replace(w,""));if(h==="hover"){a.push("mouseenter"+k,"mouseleave"+k);continue}l=h,K[h]?(a.push(K[h]+k),h=h+k):h=(K[h]||h)+k;if(c==="live")for(var p=0,q=n.length;p<q;p++)f.event.add(n[p],"live."+M(h,m),{data:d,selector:m,handler:e,origType:h,origHandler:e,preType:l});else n.unbind("live."+M(h,m),e)}return this}}),f.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error".split(" "),function(a,b){f.fn[b]=function(a,c){c==null&&(c=a,a=null);return arguments.length>0?this.bind(b,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0)}),function(){function u(a,b,c,d,e,f){for(var g=0,h=d.length;g<h;g++){var i=d[g];if(i){var j=!1;i=i[a];while(i){if(i.sizcache===c){j=d[i.sizset];break}if(i.nodeType===1){f||(i.sizcache=c,i.sizset=g);if(typeof b!="string"){if(i===b){j=!0;break}}else if(k.filter(b,[i]).length>0){j=i;break}}i=i[a]}d[g]=j}}}function t(a,b,c,d,e,f){for(var g=0,h=d.length;g<h;g++){var i=d[g];if(i){var j=!1;i=i[a];while(i){if(i.sizcache===c){j=d[i.sizset];break}i.nodeType===1&&!f&&(i.sizcache=c,i.sizset=g);if(i.nodeName.toLowerCase()===b){j=i;break}i=i[a]}d[g]=j}}}var a=/((?:\((?:\([^()]+\)|[^()]+)+\)|\[(?:\[[^\[\]]*\]|['"][^'"]*['"]|[^\[\]'"]+)+\]|\\.|[^ >+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d=0,e=Object.prototype.toString,g=!1,h=!0,i=/\\/g,j=/\W/;[0,0].sort(function(){h=!1;return 0});var k=function(b,d,f,g){f=f||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return f;var i,j,n,o,q,r,s,t,u=!0,w=k.isXML(d),x=[],y=b;do{a.exec(""),i=a.exec(y);if(i){y=i[3],x.push(i[1]);if(i[2]){o=i[3];break}}}while(i);if(x.length>1&&m.exec(b))if(x.length===2&&l.relative[x[0]])j=v(x[0]+x[1],d);else{j=l.relative[x[0]]?[d]:k(x.shift(),d);while(x.length)b=x.shift(),l.relative[b]&&(b+=x.shift()),j=v(b,j)}else{!g&&x.length>1&&d.nodeType===9&&!w&&l.match.ID.test(x[0])&&!l.match.ID.test(x[x.length-1])&&(q=k.find(x.shift(),d,w),d=q.expr?k.filter(q.expr,q.set)[0]:q.set[0]);if(d){q=g?{expr:x.pop(),set:p(g)}:k.find(x.pop(),x.length===1&&(x[0]==="~"||x[0]==="+")&&d.parentNode?d.parentNode:d,w),j=q.expr?k.filter(q.expr,q.set):q.set,x.length>0?n=p(j):u=!1;while(x.length)r=x.pop(),s=r,l.relative[r]?s=x.pop():r="",s==null&&(s=d),l.relative[r](n,s,w)}else n=x=[]}n||(n=j),n||k.error(r||b);if(e.call(n)==="[object Array]")if(!u)f.push.apply(f,n);else if(d&&d.nodeType===1)for(t=0;n[t]!=null;t++)n[t]&&(n[t]===!0||n[t].nodeType===1&&k.contains(d,n[t]))&&f.push(j[t]);else for(t=0;n[t]!=null;t++)n[t]&&n[t].nodeType===1&&f.push(j[t]);else p(n,f);o&&(k(o,h,f,g),k.uniqueSort(f));return f};k.uniqueSort=function(a){if(r){g=h,a.sort(r);if(g)for(var b=1;b<a.length;b++)a[b]===a[b-1]&&a.splice(b--,1)}return a},k.matches=function(a,b){return k(a,null,null,b)},k.matchesSelector=function(a,b){return k(b,null,null,[a]).length>0},k.find=function(a,b,c){var d;if(!a)return[];for(var e=0,f=l.order.length;e<f;e++){var g,h=l.order[e];if(g=l.leftMatch[h].exec(a)){var j=g[1];g.splice(1,1);if(j.substr(j.length-1)!=="\\"){g[1]=(g[1]||"").replace(i,""),d=l.find[h](g,b,c);if(d!=null){a=a.replace(l.match[h],"");break}}}}d||(d=typeof b.getElementsByTagName!="undefined"?b.getElementsByTagName("*"):[]);return{set:d,expr:a}},k.filter=function(a,c,d,e){var f,g,h=a,i=[],j=c,m=c&&c[0]&&k.isXML(c[0]);while(a&&c.length){for(var n in l.filter)if((f=l.leftMatch[n].exec(a))!=null&&f[2]){var o,p,q=l.filter[n],r=f[1];g=!1,f.splice(1,1);if(r.substr(r.length-1)==="\\")continue;j===i&&(i=[]);if(l.preFilter[n]){f=l.preFilter[n](f,j,d,i,e,m);if(!f)g=o=!0;else if(f===!0)continue}if(f)for(var s=0;(p=j[s])!=null;s++)if(p){o=q(p,f,s,j);var t=e^!!o;d&&o!=null?t?g=!0:j[s]=!1:t&&(i.push(p),g=!0)}if(o!==b){d||(j=i),a=a.replace(l.match[n],"");if(!g)return[];break}}if(a===h)if(g==null)k.error(a);else break;h=a}return j},k.error=function(a){throw"Syntax error, unrecognized expression: "+a};var l=k.selectors={order:["ID","NAME","TAG"],match:{ID:/#((?:[\w\u00c0-\uFFFF\-]|\\.)+)/,CLASS:/\.((?:[\w\u00c0-\uFFFF\-]|\\.)+)/,NAME:/\[name=['"]*((?:[\w\u00c0-\uFFFF\-]|\\.)+)['"]*\]/,ATTR:/\[\s*((?:[\w\u00c0-\uFFFF\-]|\\.)+)\s*(?:(\S?=)\s*(?:(['"])(.*?)\3|(#?(?:[\w\u00c0-\uFFFF\-]|\\.)*)|)|)\s*\]/,TAG:/^((?:[\w\u00c0-\uFFFF\*\-]|\\.)+)/,CHILD:/:(only|nth|last|first)-child(?:\(\s*(even|odd|(?:[+\-]?\d+|(?:[+\-]?\d*)?n\s*(?:[+\-]\s*\d+)?))\s*\))?/,POS:/:(nth|eq|gt|lt|first|last|even|odd)(?:\((\d*)\))?(?=[^\-]|$)/,PSEUDO:/:((?:[\w\u00c0-\uFFFF\-]|\\.)+)(?:\((['"]?)((?:\([^\)]+\)|[^\(\)]*)+)\2\))?/},leftMatch:{},attrMap:{"class":"className","for":"htmlFor"},attrHandle:{href:function(a){return a.getAttribute("href")},type:function(a){return a.getAttribute("type")}},relative:{"+":function(a,b){var c=typeof b=="string",d=c&&!j.test(b),e=c&&!d;d&&(b=b.toLowerCase());for(var f=0,g=a.length,h;f<g;f++)if(h=a[f]){while((h=h.previousSibling)&&h.nodeType!==1);a[f]=e||h&&h.nodeName.toLowerCase()===b?h||!1:h===b}e&&k.filter(b,a,!0)},">":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!j.test(b)){b=b.toLowerCase();for(;e<f;e++){c=a[e];if(c){var g=c.parentNode;a[e]=g.nodeName.toLowerCase()===b?g:!1}}}else{for(;e<f;e++)c=a[e],c&&(a[e]=d?c.parentNode:c.parentNode===b);d&&k.filter(b,a,!0)}},"":function(a,b,c){var e,f=d++,g=u;typeof b=="string"&&!j.test(b)&&(b=b.toLowerCase(),e=b,g=t),g("parentNode",b,f,a,e,c)},"~":function(a,b,c){var e,f=d++,g=u;typeof b=="string"&&!j.test(b)&&(b=b.toLowerCase(),e=b,g=t),g("previousSibling",b,f,a,e,c)}},find:{ID:function(a,b,c){if(typeof b.getElementById!="undefined"&&!c){var d=b.getElementById(a[1]);return d&&d.parentNode?[d]:[]}},NAME:function(a,b){if(typeof b.getElementsByName!="undefined"){var c=[],d=b.getElementsByName(a[1]);for(var e=0,f=d.length;e<f;e++)d[e].getAttribute("name")===a[1]&&c.push(d[e]);return c.length===0?null:c}},TAG:function(a,b){if(typeof b.getElementsByTagName!="undefined")return b.getElementsByTagName(a[1])}},preFilter:{CLASS:function(a,b,c,d,e,f){a=" "+a[1].replace(i,"")+" ";if(f)return a;for(var g=0,h;(h=b[g])!=null;g++)h&&(e^(h.className&&(" "+h.className+" ").replace(/[\t\n\r]/g," ").indexOf(a)>=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(i,"")},TAG:function(a,b){return a[1].replace(i,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||k.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&k.error(a[0]);a[0]=d++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(i,"");!f&&l.attrMap[g]&&(a[1]=l.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(i,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=k(b[3],null,null,c);else{var g=k.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(l.match.POS.test(b[0])||l.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!k(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return b<c[3]-0},gt:function(a,b,c){return b>c[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=l.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||k.getText([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h<i;h++)if(g[h]===a)return!1;return!0}k.error(e)},CHILD:function(a,b){var c=b[1],d=a;switch(c){case"only":case"first":while(d=d.previousSibling)if(d.nodeType===1)return!1;if(c==="first")return!0;d=a;case"last":while(d=d.nextSibling)if(d.nodeType===1)return!1;return!0;case"nth":var e=b[2],f=b[3];if(e===1&&f===0)return!0;var g=b[0],h=a.parentNode;if(h&&(h.sizcache!==g||!a.nodeIndex)){var i=0;for(d=h.firstChild;d;d=d.nextSibling)d.nodeType===1&&(d.nodeIndex=++i);h.sizcache=g}var j=a.nodeIndex-f;return e===0?j===0:j%e===0&&j/e>=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=l.attrHandle[c]?l.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=l.setFilters[e];if(f)return f(a,c,b,d)}}},m=l.match.POS,n=function(a,b){return"\\"+(b-0+1)};for(var o in l.match)l.match[o]=new RegExp(l.match[o].source+/(?![^\[]*\])(?![^\(]*\))/.source),l.leftMatch[o]=new RegExp(/(^(?:.|\r|\n)*?)/.source+l.match[o].source.replace(/\\(\d+)/g,n));var p=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(q){p=function(a,b){var c=0,d=b||[];if(e.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var f=a.length;c<f;c++)d.push(a[c]);else for(;a[c];c++)d.push(a[c]);return d}}var r,s;c.documentElement.compareDocumentPosition?r=function(a,b){if(a===b){g=!0;return 0}if(!a.compareDocumentPosition||!b.compareDocumentPosition)return a.compareDocumentPosition?-1:1;return a.compareDocumentPosition(b)&4?-1:1}:(r=function(a,b){if(a===b){g=!0;return 0}if(a.sourceIndex&&b.sourceIndex)return a.sourceIndex-b.sourceIndex;var c,d,e=[],f=[],h=a.parentNode,i=b.parentNode,j=h;if(h===i)return s(a,b);if(!h)return-1;if(!i)return 1;while(j)e.unshift(j),j=j.parentNode;j=i;while(j)f.unshift(j),j=j.parentNode;c=e.length,d=f.length;for(var k=0;k<c&&k<d;k++)if(e[k]!==f[k])return s(e[k],f[k]);return k===c?s(a,f[k],-1):s(e[k],b,1)},s=function(a,b,c){if(a===b)return c;var d=a.nextSibling;while(d){if(d===b)return-1;d=d.nextSibling}return 1}),k.getText=function(a){var b="",c;for(var d=0;a[d];d++)c=a[d],c.nodeType===3||c.nodeType===4?b+=c.nodeValue:c.nodeType!==8&&(b+=k.getText(c.childNodes));return b},function(){var a=c.createElement("div"),d="script"+(new Date).getTime(),e=c.documentElement;a.innerHTML="<a name='"+d+"'/>",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(l.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},l.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(l.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="<a href='#'></a>",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(l.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=k,b=c.createElement("div"),d="__sizzle__";b.innerHTML="<p class='TEST'></p>";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){k=function(b,e,f,g){e=e||c;if(!g&&!k.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return p(e.getElementsByTagName(b),f);if(h[2]&&l.find.CLASS&&e.getElementsByClassName)return p(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return p([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return p([],f);if(i.id===h[3])return p([i],f)}try{return p(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var m=e,n=e.getAttribute("id"),o=n||d,q=e.parentNode,r=/^\s*[+~]/.test(b);n?o=o.replace(/'/g,"\\$&"):e.setAttribute("id",o),r&&q&&(e=e.parentNode);try{if(!r||q)return p(e.querySelectorAll("[id='"+o+"'] "+b),f)}catch(s){}finally{n||m.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)k[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}k.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!k.isXML(a))try{if(e||!l.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return k(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="<div class='test e'></div><div class='test'></div>";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;l.order.splice(1,0,"CLASS"),l.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?k.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?k.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:k.contains=function(){return!1},k.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var v=function(a,b){var c,d=[],e="",f=b.nodeType?[b]:b;while(c=l.match.PSEUDO.exec(a))e+=c[0],a=a.replace(l.match.PSEUDO,"");a=l.relative[a]?a+"*":a;for(var g=0,h=f.length;g<h;g++)k(a,f[g],d);return k.filter(e,d)};f.find=k,f.expr=k.selectors,f.expr[":"]=f.expr.filters,f.unique=k.uniqueSort,f.text=k.getText,f.isXMLDoc=k.isXML,f.contains=k.contains}();var N=/Until$/,O=/^(?:parents|prevUntil|prevAll)/,P=/,/,Q=/^.[^:#\[\.,]*$/,R=Array.prototype.slice,S=f.expr.match.POS,T={children:!0,contents:!0,next:!0,prev:!0};f.fn.extend({find:function(a){var b=this,c,d;if(typeof a!="string")return f(a).filter(function(){for(c=0,d=b.length;c<d;c++)if(f.contains(b[c],this))return!0});var e=this.pushStack("","find",a),g,h,i;for(c=0,d=this.length;c<d;c++){g=e.length,f.find(a,this[c],e);if(c>0)for(h=g;h<e.length;h++)for(i=0;i<g;i++)if(e[i]===e[h]){e.splice(h--,1);break}}return e},has:function(a){var b=f(a);return this.filter(function(){for(var a=0,c=b.length;a<c;a++)if(f.contains(this,b[a]))return!0})},not:function(a){return this.pushStack(V(this,a,!1),"not",a)},filter:function(a){return this.pushStack(V(this,a,!0),"filter",a)},is:function(a){return!!a&&(typeof a=="string"?f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h,i,j={},k=1;if(g&&a.length){for(d=0,e=a.length;d<e;d++)i=a[d],j[i]||(j[i]=S.test(i)?f(i,b||this.context):i);while(g&&g.ownerDocument&&g!==b){for(i in j)h=j[i],(h.jquery?h.index(g)>-1:f(g).is(h))&&c.push({selector:i,elem:g,level:k});g=g.parentNode,k++}}return c}var l=S.test(a)||typeof a!="string"?f(a,b||this.context):0;for(d=0,e=this.length;d<e;d++){g=this[d];while(g){if(l?l.index(g)>-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(U(c[0])||U(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c),g=R.call(arguments);N.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!T[a]?f.unique(e):e,(this.length>1||P.test(d))&&O.test(a)&&(e=e.reverse());return this.pushStack(e,a,g.join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/<tbody/i,_=/<|&#?\w+;/,ba=/<(?:script|object|embed|option|style)/i,bb=/checked\s*(?:[^=]|=\s*.checked.)/i,bc=/\/(java|ecma)script/i,bd=/^\s*<!(?:\[CDATA\[|\-\-)/,be={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],area:[1,"<map>","</map>"],_default:[0,"",""]};be.optgroup=be.option,be.tbody=be.tfoot=be.colgroup=be.caption=be.thead,be.th=be.td,f.support.htmlSerialize||(be._default=[1,"div<div>","</div>"]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){return this.each(function(){f(this).wrapAll(a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f(arguments[0]);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f(arguments[0]).toArray());return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function(){for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!be[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1></$2>");try{for(var c=0,d=this.length;c<d;c++)this[c].nodeType===1&&(f.cleanData(this[c].getElementsByTagName("*")),this[c].innerHTML=a)}catch(e){this.empty().append(a)}}else f.isFunction(a)?this.each(function(b){var c=f(this);c.html(a.call(this,b,c.html()))}):this.empty().append(a);return this},replaceWith:function(a){if(this[0]&&this[0].parentNode){if(f.isFunction(a))return this.each(function(b){var c=f(this),d=c.html();c.replaceWith(a.call(this,b,d))});typeof a!="string"&&(a=f(a).detach());return this.each(function(){var b=this.nextSibling,c=this.parentNode;f(this).remove(),b?f(b).before(a):f(c).append(a)})}return this.length?this.pushStack(f(f.isFunction(a)?a():a),"replaceWith",a):this},detach:function(a){return this.remove(a,!0)},domManip:function(a,c,d){var e,g,h,i,j=a[0],k=[];if(!f.support.checkClone&&arguments.length===3&&typeof j=="string"&&bb.test(j))return this.each(function(){f(this).domManip(a,c,d,!0)});if(f.isFunction(j))return this.each(function(e){var g=f(this);a[0]=j.call(this,e,c?g.html():b),g.domManip(a,c,d)});if(this[0]){i=j&&j.parentNode,f.support.parentNode&&i&&i.nodeType===11&&i.childNodes.length===this.length?e={fragment:i}:e=f.buildFragment(a,this,k),h=e.fragment,h.childNodes.length===1?g=h=h.firstChild:g=h.firstChild;if(g){c=c&&f.nodeName(g,"tr");for(var l=0,m=this.length,n=m-1;l<m;l++)d.call(c?bf(this[l],g):this[l],e.cacheable||m>1&&l<n?f.clone(h,!0,!0):h)}k.length&&f.each(k,bl)}return this}}),f.buildFragment=function(a,b,d){var e,g,h,i;b&&b[0]&&(i=b[0].ownerDocument||b[0]),i.createDocumentFragment||(i=c),a.length===1&&typeof a[0]=="string"&&a[0].length<512&&i===c&&a[0].charAt(0)==="<"&&!ba.test(a[0])&&(f.support.checkClone||!bb.test(a[0]))&&(g=!0,h=f.fragments[a[0]],h&&h!==1&&(e=h)),e||(e=i.createDocumentFragment(),f.clean
+(a,i,e,d)),g&&(f.fragments[a[0]]=h?e:1);return{fragment:e,cacheable:g}},f.fragments={},f.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){f.fn[a]=function(c){var d=[],e=f(c),g=this.length===1&&this[0].parentNode;if(g&&g.nodeType===11&&g.childNodes.length===1&&e.length===1){e[b](this[0]);return this}for(var h=0,i=e.length;h<i;h++){var j=(h>0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d=a.cloneNode(!0),e,g,h;if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bh(a,d),e=bi(a),g=bi(d);for(h=0;e[h];++h)g[h]&&bh(e[h],g[h])}if(b){bg(a,d);if(c){e=bi(a),g=bi(d);for(h=0;e[h];++h)bg(e[h],g[h])}}e=g=null;return d},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!_.test(k))k=b.createTextNode(k);else{k=k.replace(Y,"<$1></$2>");var l=(Z.exec(k)||["",""])[1].toLowerCase(),m=be[l]||be._default,n=m[0],o=b.createElement("div");o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=$.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]==="<table>"&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&X.test(k)&&o.insertBefore(b.createTextNode(X.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i<r;i++)bk(k[i]);else bk(k);k.nodeType?h.push(k):h=f.merge(h,k)}if(d){g=function(a){return!a.type||bc.test(a.type)};for(j=0;h[j];j++)if(e&&f.nodeName(h[j],"script")&&(!h[j].type||h[j].type.toLowerCase()==="text/javascript"))e.push(h[j].parentNode?h[j].parentNode.removeChild(h[j]):h[j]);else{if(h[j].nodeType===1){var s=f.grep(h[j].getElementsByTagName("script"),g);h.splice.apply(h,[j+1,0].concat(s))}d.appendChild(h[j])}}return h},cleanData:function(a){var b,c,d=f.cache,e=f.expando,g=f.event.special,h=f.support.deleteExpando;for(var i=0,j;(j=a[i])!=null;i++){if(j.nodeName&&f.noData[j.nodeName.toLowerCase()])continue;c=j[f.expando];if(c){b=d[c]&&d[c][e];if(b&&b.events){for(var k in b.events)g[k]?f.event.remove(j,k):f.removeEvent(j,k,b.handle);b.handle&&(b.handle.elem=null)}h?delete j[f.expando]:j.removeAttribute&&j.removeAttribute(f.expando),delete d[c]}}}});var bm=/alpha\([^)]*\)/i,bn=/opacity=([^)]*)/,bo=/([A-Z]|^ms)/g,bp=/^-?\d+(?:px)?$/i,bq=/^-?\d/,br=/^([\-+])=([\-+.\de]+)/,bs={position:"absolute",visibility:"hidden",display:"block"},bt=["Left","Right"],bu=["Top","Bottom"],bv,bw,bx;f.fn.css=function(a,c){if(arguments.length===2&&c===b)return this;return f.access(this,a,c,!0,function(a,c,d){return d!==b?f.style(a,c,d):f.css(a,c)})},f.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=bv(a,"opacity","opacity");return c===""?"1":c}return a.style.opacity}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":f.support.cssFloat?"cssFloat":"styleFloat"},style:function(a,c,d,e){if(!!a&&a.nodeType!==3&&a.nodeType!==8&&!!a.style){var g,h,i=f.camelCase(c),j=a.style,k=f.cssHooks[i];c=f.cssProps[i]||i;if(d===b){if(k&&"get"in k&&(g=k.get(a,!1,e))!==b)return g;return j[c]}h=typeof d,h==="string"&&(g=br.exec(d))&&(d=+(g[1]+1)*+g[2]+parseFloat(f.css(a,c)),h="number");if(d==null||h==="number"&&isNaN(d))return;h==="number"&&!f.cssNumber[i]&&(d+="px");if(!k||!("set"in k)||(d=k.set(a,d))!==b)try{j[c]=d}catch(l){}}},css:function(a,c,d){var e,g;c=f.camelCase(c),g=f.cssHooks[c],c=f.cssProps[c]||c,c==="cssFloat"&&(c="float");if(g&&"get"in g&&(e=g.get(a,!0,d))!==b)return e;if(bv)return bv(a,c)},swap:function(a,b,c){var d={};for(var e in b)d[e]=a.style[e],a.style[e]=b[e];c.call(a);for(e in b)a.style[e]=d[e]}}),f.curCSS=f.css,f.each(["height","width"],function(a,b){f.cssHooks[b]={get:function(a,c,d){var e;if(c){if(a.offsetWidth!==0)return by(a,b,d);f.swap(a,bs,function(){e=by(a,b,d)});return e}},set:function(a,b){if(!bp.test(b))return b;b=parseFloat(b);if(b>=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return bn.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNaN(b)?"":"alpha(opacity="+b*100+")",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bm,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bm.test(g)?g.replace(bm,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bv(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(bw=function(a,c){var d,e,g;c=c.replace(bo,"-$1").toLowerCase();if(!(e=a.ownerDocument.defaultView))return b;if(g=e.getComputedStyle(a,null))d=g.getPropertyValue(c),d===""&&!f.contains(a.ownerDocument.documentElement,a)&&(d=f.style(a,c));return d}),c.documentElement.currentStyle&&(bx=function(a,b){var c,d=a.currentStyle&&a.currentStyle[b],e=a.runtimeStyle&&a.runtimeStyle[b],f=a.style;!bp.test(d)&&bq.test(d)&&(c=f.left,e&&(a.runtimeStyle.left=a.currentStyle.left),f.left=b==="fontSize"?"1em":d||0,d=f.pixelLeft+"px",f.left=c,e&&(a.runtimeStyle.left=e));return d===""?"auto":d}),bv=bw||bx,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bz=/%20/g,bA=/\[\]$/,bB=/\r?\n/g,bC=/#.*$/,bD=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bE=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bF=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bG=/^(?:GET|HEAD)$/,bH=/^\/\//,bI=/\?/,bJ=/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,bK=/^(?:select|textarea)/i,bL=/\s+/,bM=/([?&])_=[^&]*/,bN=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bO=f.fn.load,bP={},bQ={},bR,bS,bT=["*/"]+["*"];try{bR=e.href}catch(bU){bR=c.createElement("a"),bR.href="",bR=bR.href}bS=bN.exec(bR.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bO)return bO.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("<div>").append(c.replace(bJ,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bK.test(this.nodeName)||bE.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bB,"\r\n")}}):{name:b.name,value:c.replace(bB,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.bind(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?bX(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),bX(a,b);return a},ajaxSettings:{url:bR,isLocal:bF.test(bS[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bT},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bV(bP),ajaxTransport:bV(bQ),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?bZ(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=b$(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.resolveWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f._Deferred(),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bD.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.done,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bC,"").replace(bH,bS[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bL),d.crossDomain==null&&(r=bN.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bS[1]&&r[2]==bS[2]&&(r[3]||(r[1]==="http:"?80:443))==(bS[3]||(bS[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),bW(bP,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bG.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bI.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bM,"$1_="+x);d.url=y+(y===d.url?(bI.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bT+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=bW(bQ,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){s<2?w(-1,z):f.error(z)}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)bY(g,a[g],c,e);return d.join("&").replace(bz,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var b_=f.now(),ca=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+b_++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ca.test(b.url)||e&&ca.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ca,l),b.url===j&&(e&&(k=k.replace(ca,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cb=a.ActiveXObject?function(){for(var a in cd)cd[a](0,1)}:!1,cc=0,cd;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ce()||cf()}:ce,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cb&&delete cd[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cc,cb&&(cd||(cd={},f(a).unload(cb)),cd[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var cg={},ch,ci,cj=/^(?:toggle|show|hide)$/,ck=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cl,cm=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cn;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cq("show",3),a,b,c);for(var g=0,h=this.length;g<h;g++)d=this[g],d.style&&(e=d.style.display,!f._data(d,"olddisplay")&&e==="none"&&(e=d.style.display=""),e===""&&f.css(d,"display")==="none"&&f._data(d,"olddisplay",cr(d.nodeName)));for(g=0;g<h;g++){d=this[g];if(d.style){e=d.style.display;if(e===""||e==="none")d.style.display=f._data(d,"olddisplay")||""}}return this},hide:function(a,b,c){if(a||a===0)return this.animate(cq("hide",3),a,b,c);for(var d=0,e=this.length;d<e;d++)if(this[d].style){var g=f.css(this[d],"display");g!=="none"&&!f._data(this[d],"olddisplay")&&f._data(this[d],"olddisplay",g)}for(d=0;d<e;d++)this[d].style&&(this[d].style.display="none");return this},_toggle:f.fn.toggle,toggle:function(a,b,c){var d=typeof a=="boolean";f.isFunction(a)&&f.isFunction(b)?this._toggle.apply(this,arguments):a==null||d?this.each(function(){var b=d?a:f(this).is(":hidden");f(this)[b?"show":"hide"]()}):this.animate(cq("toggle",3),a,b,c);return this},fadeTo:function(a,b,c,d){return this.filter(":hidden").css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){var e=f.speed(b,c,d);if(f.isEmptyObject(a))return this.each(e.complete,[!1]);a=f.extend({},a);return this[e.queue===!1?"each":"queue"](function(){e.queue===!1&&f._mark(this);var b=f.extend({},e),c=this.nodeType===1,d=c&&f(this).is(":hidden"),g,h,i,j,k,l,m,n,o;b.animatedProperties={};for(i in a){g=f.camelCase(i),i!==g&&(a[g]=a[i],delete a[i]),h=a[g],f.isArray(h)?(b.animatedProperties[g]=h[1],h=a[g]=h[0]):b.animatedProperties[g]=b.specialEasing&&b.specialEasing[g]||b.easing||"swing";if(h==="hide"&&d||h==="show"&&!d)return b.complete.call(this);c&&(g==="height"||g==="width")&&(b.overflow=[this.style.overflow,this.style.overflowX,this.style.overflowY],f.css(this,"display")==="inline"&&f.css(this,"float")==="none"&&(f.support.inlineBlockNeedsLayout?(j=cr(this.nodeName),j==="inline"?this.style.display="inline-block":(this.style.display="inline",this.style.zoom=1)):this.style.display="inline-block"))}b.overflow!=null&&(this.style.overflow="hidden");for(i in a)k=new f.fx(this,b,i),h=a[i],cj.test(h)?k[h==="toggle"?d?"show":"hide":h]():(l=ck.exec(h),m=k.cur(),l?(n=parseFloat(l[2]),o=l[3]||(f.cssNumber[i]?"":"px"),o!=="px"&&(f.style(this,i,(n||1)+o),m=(n||1)/k.cur()*m,f.style(this,i,m+o)),l[1]&&(n=(l[1]==="-="?-1:1)*n+m),k.custom(m,n,o)):k.custom(m,h,""));return!0})},stop:function(a,b){a&&this.queue([]),this.each(function(){var a=f.timers,c=a.length;b||f._unmark(!0,this);while(c--)a[c].elem===this&&(b&&a[c](!0),a.splice(c,1))}),b||this.dequeue();return this}}),f.each({slideDown:cq("show",1),slideUp:cq("hide",1),slideToggle:cq("toggle",1),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){f.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),f.extend({speed:function(a,b,c){var d=a&&typeof a=="object"?f.extend({},a):{complete:c||!c&&b||f.isFunction(a)&&a,duration:a,easing:c&&b||b&&!f.isFunction(b)&&b};d.duration=f.fx.off?0:typeof d.duration=="number"?d.duration:d.duration in f.fx.speeds?f.fx.speeds[d.duration]:f.fx.speeds._default,d.old=d.complete,d.complete=function(a){f.isFunction(d.old)&&d.old.call(this),d.queue!==!1?f.dequeue(this):a!==!1&&f._unmark(this)};return d},easing:{linear:function(a,b,c,d){return c+d*a},swing:function(a,b,c,d){return(-Math.cos(a*Math.PI)/2+.5)*d+c}},timers:[],fx:function(a,b,c){this.options=b,this.elem=a,this.prop=c,b.orig=b.orig||{}}}),f.fx.prototype={update:function(){this.options.step&&this.options.step.call(this.elem,this.now,this),(f.fx.step[this.prop]||f.fx.step._default)(this)},cur:function(){if(this.elem[this.prop]!=null&&(!this.elem.style||this.elem.style[this.prop]==null))return this.elem[this.prop];var a,b=f.css(this.elem,this.prop);return isNaN(a=parseFloat(b))?!b||b==="auto"?0:b:a},custom:function(a,b,c){function g(a){return d.step(a)}var d=this,e=f.fx;this.startTime=cn||co(),this.start=a,this.end=b,this.unit=c||this.unit||(f.cssNumber[this.prop]?"":"px"),this.now=this.start,this.pos=this.state=0,g.elem=this.elem,g()&&f.timers.push(g)&&!cl&&(cl=setInterval(e.tick,e.interval))},show:function(){this.options.orig[this.prop]=f.style(this.elem,this.prop),this.options.show=!0,this.custom(this.prop==="width"||this.prop==="height"?1:0,this.cur()),f(this.elem).show()},hide:function(){this.options.orig[this.prop]=f.style(this.elem,this.prop),this.options.hide=!0,this.custom(this.cur(),0)},step:function(a){var b=cn||co(),c=!0,d=this.elem,e=this.options,g,h;if(a||b>=e.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),e.animatedProperties[this.prop]=!0;for(g in e.animatedProperties)e.animatedProperties[g]!==!0&&(c=!1);if(c){e.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){d.style["overflow"+b]=e.overflow[a]}),e.hide&&f(d).hide();if(e.hide||e.show)for(var i in e.animatedProperties)f.style(d,i,e.orig[i]);e.complete.call(d)}return!1}e.duration==Infinity?this.now=b:(h=b-this.startTime,this.state=h/e.duration,this.pos=f.easing[e.animatedProperties[this.prop]](this.state,h,0,1,e.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){for(var a=f.timers,b=0;b<a.length;++b)a[b]()||a.splice(b--,1);a.length||f.fx.stop()},interval:13,stop:function(){clearInterval(cl),cl=null},speeds:{slow:600,fast:200,_default:400},step:{opacity:function(a){f.style(a.elem,"opacity",a.now)},_default:function(a){a.elem.style&&a.elem.style[a.prop]!=null?a.elem.style[a.prop]=(a.prop==="width"||a.prop==="height"?Math.max(0,a.now):a.now)+a.unit:a.elem[a.prop]=a.now}}}),f.expr&&f.expr.filters&&(f.expr.filters.animated=function(a){return f.grep(f.timers,function(b){return a===b.elem}).length});var cs=/^t(?:able|d|h)$/i,ct=/^(?:body|html)$/i;"getBoundingClientRect"in c.documentElement?f.fn.offset=function(a){var b=this[0],c;if(a)return this.each(function(b){f.offset.setOffset(this,a,b)});if(!b||!b.ownerDocument)return null;if(b===b.ownerDocument.body)return f.offset.bodyOffset(b);try{c=b.getBoundingClientRect()}catch(d){}var e=b.ownerDocument,g=e.documentElement;if(!c||!f.contains(g,b))return c?{top:c.top,left:c.left}:{top:0,left:0};var h=e.body,i=cu(e),j=g.clientTop||h.clientTop||0,k=g.clientLeft||h.clientLeft||0,l=i.pageYOffset||f.support.boxModel&&g.scrollTop||h.scrollTop,m=i.pageXOffset||f.support.boxModel&&g.scrollLeft||h.scrollLeft,n=c.top+l-j,o=c.left+m-k;return{top:n,left:o}}:f.fn.offset=function(a){var b=this[0];if(a)return this.each(function(b){f.offset.setOffset(this,a,b)});if(!b||!b.ownerDocument)return null;if(b===b.ownerDocument.body)return f.offset.bodyOffset(b);f.offset.initialize();var c,d=b.offsetParent,e=b,g=b.ownerDocument,h=g.documentElement,i=g.body,j=g.defaultView,k=j?j.getComputedStyle(b,null):b.currentStyle,l=b.offsetTop,m=b.offsetLeft;while((b=b.parentNode)&&b!==i&&b!==h){if(f.offset.supportsFixedPosition&&k.position==="fixed")break;c=j?j.getComputedStyle(b,null):b.currentStyle,l-=b.scrollTop,m-=b.scrollLeft,b===d&&(l+=b.offsetTop,m+=b.offsetLeft,f.offset.doesNotAddBorder&&(!f.offset.doesAddBorderForTableAndCells||!cs.test(b.nodeName))&&(l+=parseFloat(c.borderTopWidth)||0,m+=parseFloat(c.borderLeftWidth)||0),e=d,d=b.offsetParent),f.offset.subtractsBorderForOverflowNotVisible&&c.overflow!=="visible"&&(l+=parseFloat(c.borderTopWidth)||0,m+=parseFloat(c.borderLeftWidth)||0),k=c}if(k.position==="relative"||k.position==="static")l+=i.offsetTop,m+=i.offsetLeft;f.offset.supportsFixedPosition&&k.position==="fixed"&&(l+=Math.max(h.scrollTop,i.scrollTop),m+=Math.max(h.scrollLeft,i.scrollLeft));return{top:l,left:m}},f.offset={initialize:function(){var a=c.body,b=c.createElement("div"),d,e,g,h,i=parseFloat(f.css(a,"marginTop"))||0,j="<div style='position:absolute;top:0;left:0;margin:0;border:5px solid #000;padding:0;width:1px;height:1px;'><div></div></div><table style='position:absolute;top:0;left:0;margin:0;border:5px solid #000;padding:0;width:1px;height:1px;' cellpadding='0' cellspacing='0'><tr><td></td></tr></table>";f.extend(b.style,{position:"absolute",top:0,left:0,margin:0,border:0,width:"1px",height:"1px",visibility:"hidden"}),b.innerHTML=j,a.insertBefore(b,a.firstChild),d=b.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,this.doesNotAddBorder=e.offsetTop!==5,this.doesAddBorderForTableAndCells=h.offsetTop===5,e.style.position="fixed",e.style.top="20px",this.supportsFixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",this.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,this.doesNotIncludeMarginInBodyOffset=a.offsetTop!==i,a.removeChild(b),f.offset.initialize=f.noop},bodyOffset:function(a){var b=a.offsetTop,c=a.offsetLeft;f.offset.initialize(),f.offset.doesNotIncludeMarginInBodyOffset&&(b+=parseFloat(f.css(a,"marginTop"))||0,c+=parseFloat(f.css(a,"marginLeft"))||0);return{top:b,left:c}},setOffset:function(a,b,c){var d=f.css(a,"position");d==="static"&&(a.style.position="relative");var e=f(a),g=e.offset(),h=f.css(a,"top"),i=f.css(a,"left"),j=(d==="absolute"||d==="fixed")&&f.inArray("auto",[h,i])>-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=ct.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!ct.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cu(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cu(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a&&a.style?parseFloat(f.css(a,d,"padding")):null},f.fn["outer"+c]=function(a){var b=this[0];return b&&b.style?parseFloat(f.css(b,d,a?"margin":"border")):null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c],h=e.document.body;return e.document.compatMode==="CSS1Compat"&&g||h&&h["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var i=f.css(e,d),j=parseFloat(i);return f.isNaN(j)?i:j}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f})(window);
\ No newline at end of file
diff --git a/docs/work_in_progress/segment_mapping_ui/list.min.js b/docs/work_in_progress/segment_mapping_ui/list.min.js
new file mode 100644
index 000000000..3cb273731
--- /dev/null
+++ b/docs/work_in_progress/segment_mapping_ui/list.min.js
@@ -0,0 +1,2 @@
+/*! List.js v1.5.0 (http://listjs.com) by Jonny Strömberg (http://javve.com) */
+var List=function(t){function e(n){if(r[n])return r[n].exports;var i=r[n]={i:n,l:!1,exports:{}};return t[n].call(i.exports,i,i.exports,e),i.l=!0,i.exports}var r={};return e.m=t,e.c=r,e.i=function(t){return t},e.d=function(t,r,n){e.o(t,r)||Object.defineProperty(t,r,{configurable:!1,enumerable:!0,get:n})},e.n=function(t){var r=t&&t.__esModule?function(){return t.default}:function(){return t};return e.d(r,"a",r),r},e.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},e.p="",e(e.s=11)}([function(t,e,r){function n(t){if(!t||!t.nodeType)throw new Error("A DOM element reference is required");this.el=t,this.list=t.classList}var i=r(4),s=/\s+/;Object.prototype.toString;t.exports=function(t){return new n(t)},n.prototype.add=function(t){if(this.list)return this.list.add(t),this;var e=this.array(),r=i(e,t);return~r||e.push(t),this.el.className=e.join(" "),this},n.prototype.remove=function(t){if(this.list)return this.list.remove(t),this;var e=this.array(),r=i(e,t);return~r&&e.splice(r,1),this.el.className=e.join(" "),this},n.prototype.toggle=function(t,e){return this.list?("undefined"!=typeof e?e!==this.list.toggle(t,e)&&this.list.toggle(t):this.list.toggle(t),this):("undefined"!=typeof e?e?this.add(t):this.remove(t):this.has(t)?this.remove(t):this.add(t),this)},n.prototype.array=function(){var t=this.el.getAttribute("class")||"",e=t.replace(/^\s+|\s+$/g,""),r=e.split(s);return""===r[0]&&r.shift(),r},n.prototype.has=n.prototype.contains=function(t){return this.list?this.list.contains(t):!!~i(this.array(),t)}},function(t,e,r){var n=window.addEventListener?"addEventListener":"attachEvent",i=window.removeEventListener?"removeEventListener":"detachEvent",s="addEventListener"!==n?"on":"",a=r(5);e.bind=function(t,e,r,i){t=a(t);for(var o=0;o<t.length;o++)t[o][n](s+e,r,i||!1)},e.unbind=function(t,e,r,n){t=a(t);for(var o=0;o<t.length;o++)t[o][i](s+e,r,n||!1)}},function(t,e){t.exports=function(t){return function(e,r,n){var i=this;this._values={},this.found=!1,this.filtered=!1;var s=function(e,r,n){if(void 0===r)n?i.values(e,n):i.values(e);else{i.elm=r;var s=t.templater.get(i,e);i.values(s)}};this.values=function(e,r){if(void 0===e)return i._values;for(var n in e)i._values[n]=e[n];r!==!0&&t.templater.set(i,i.values())},this.show=function(){t.templater.show(i)},this.hide=function(){t.templater.hide(i)},this.matching=function(){return t.filtered&&t.searched&&i.found&&i.filtered||t.filtered&&!t.searched&&i.filtered||!t.filtered&&t.searched&&i.found||!t.filtered&&!t.searched},this.visible=function(){return!(!i.elm||i.elm.parentNode!=t.list)},s(e,r,n)}}},function(t,e){var r=function(t,e,r){return r?t.getElementsByClassName(e)[0]:t.getElementsByClassName(e)},n=function(t,e,r){return e="."+e,r?t.querySelector(e):t.querySelectorAll(e)},i=function(t,e,r){for(var n=[],i="*",s=t.getElementsByTagName(i),a=s.length,o=new RegExp("(^|\\s)"+e+"(\\s|$)"),l=0,u=0;l<a;l++)if(o.test(s[l].className)){if(r)return s[l];n[u]=s[l],u++}return n};t.exports=function(){return function(t,e,s,a){return a=a||{},a.test&&a.getElementsByClassName||!a.test&&document.getElementsByClassName?r(t,e,s):a.test&&a.querySelector||!a.test&&document.querySelector?n(t,e,s):i(t,e,s)}}()},function(t,e){var r=[].indexOf;t.exports=function(t,e){if(r)return t.indexOf(e);for(var n=0;n<t.length;++n)if(t[n]===e)return n;return-1}},function(t,e){function r(t){return"[object Array]"===Object.prototype.toString.call(t)}t.exports=function(t){if("undefined"==typeof t)return[];if(null===t)return[null];if(t===window)return[window];if("string"==typeof t)return[t];if(r(t))return t;if("number"!=typeof t.length)return[t];if("function"==typeof t&&t instanceof Function)return[t];for(var e=[],n=0;n<t.length;n++)(Object.prototype.hasOwnProperty.call(t,n)||n in t)&&e.push(t[n]);return e.length?e:[]}},function(t,e){t.exports=function(t){return t=void 0===t?"":t,t=null===t?"":t,t=t.toString()}},function(t,e){t.exports=function(t){for(var e,r=Array.prototype.slice.call(arguments,1),n=0;e=r[n];n++)if(e)for(var i in e)t[i]=e[i];return t}},function(t,e){t.exports=function(t){var e=function(r,n,i){var s=r.splice(0,50);i=i||[],i=i.concat(t.add(s)),r.length>0?setTimeout(function(){e(r,n,i)},1):(t.update(),n(i))};return e}},function(t,e){t.exports=function(t){return t.handlers.filterStart=t.handlers.filterStart||[],t.handlers.filterComplete=t.handlers.filterComplete||[],function(e){if(t.trigger("filterStart"),t.i=1,t.reset.filter(),void 0===e)t.filtered=!1;else{t.filtered=!0;for(var r=t.items,n=0,i=r.length;n<i;n++){var s=r[n];e(s)?s.filtered=!0:s.filtered=!1}}return t.update(),t.trigger("filterComplete"),t.visibleItems}}},function(t,e,r){var n=(r(0),r(1)),i=r(7),s=r(6),a=r(3),o=r(19);t.exports=function(t,e){e=e||{},e=i({location:0,distance:100,threshold:.4,multiSearch:!0,searchClass:"fuzzy-search"},e);var r={search:function(n,i){for(var s=e.multiSearch?n.replace(/ +$/,"").split(/ +/):[n],a=0,o=t.items.length;a<o;a++)r.item(t.items[a],i,s)},item:function(t,e,n){for(var i=!0,s=0;s<n.length;s++){for(var a=!1,o=0,l=e.length;o<l;o++)r.values(t.values(),e[o],n[s])&&(a=!0);a||(i=!1)}t.found=i},values:function(t,r,n){if(t.hasOwnProperty(r)){var i=s(t[r]).toLowerCase();if(o(i,n,e))return!0}return!1}};return n.bind(a(t.listContainer,e.searchClass),"keyup",function(e){var n=e.target||e.srcElement;t.search(n.value,r.search)}),function(e,n){t.search(e,n,r.search)}}},function(t,e,r){var n=r(18),i=r(3),s=r(7),a=r(4),o=r(1),l=r(6),u=r(0),c=r(17),f=r(5);t.exports=function(t,e,h){var d,v=this,m=r(2)(v),g=r(8)(v),p=r(12)(v);d={start:function(){v.listClass="list",v.searchClass="search",v.sortClass="sort",v.page=1e4,v.i=1,v.items=[],v.visibleItems=[],v.matchingItems=[],v.searched=!1,v.filtered=!1,v.searchColumns=void 0,v.handlers={updated:[]},v.valueNames=[],v.utils={getByClass:i,extend:s,indexOf:a,events:o,toString:l,naturalSort:n,classes:u,getAttribute:c,toArray:f},v.utils.extend(v,e),v.listContainer="string"==typeof t?document.getElementById(t):t,v.listContainer&&(v.list=i(v.listContainer,v.listClass,!0),v.parse=r(13)(v),v.templater=r(16)(v),v.search=r(14)(v),v.filter=r(9)(v),v.sort=r(15)(v),v.fuzzySearch=r(10)(v,e.fuzzySearch),this.handlers(),this.items(),this.pagination(),v.update())},handlers:function(){for(var t in v.handlers)v[t]&&v.on(t,v[t])},items:function(){v.parse(v.list),void 0!==h&&v.add(h)},pagination:function(){if(void 0!==e.pagination){e.pagination===!0&&(e.pagination=[{}]),void 0===e.pagination[0]&&(e.pagination=[e.pagination]);for(var t=0,r=e.pagination.length;t<r;t++)p(e.pagination[t])}}},this.reIndex=function(){v.items=[],v.visibleItems=[],v.matchingItems=[],v.searched=!1,v.filtered=!1,v.parse(v.list)},this.toJSON=function(){for(var t=[],e=0,r=v.items.length;e<r;e++)t.push(v.items[e].values());return t},this.add=function(t,e){if(0!==t.length){if(e)return void g(t,e);var r=[],n=!1;void 0===t[0]&&(t=[t]);for(var i=0,s=t.length;i<s;i++){var a=null;n=v.items.length>v.page,a=new m(t[i],void 0,n),v.items.push(a),r.push(a)}return v.update(),r}},this.show=function(t,e){return this.i=t,this.page=e,v.update(),v},this.remove=function(t,e,r){for(var n=0,i=0,s=v.items.length;i<s;i++)v.items[i].values()[t]==e&&(v.templater.remove(v.items[i],r),v.items.splice(i,1),s--,i--,n++);return v.update(),n},this.get=function(t,e){for(var r=[],n=0,i=v.items.length;n<i;n++){var s=v.items[n];s.values()[t]==e&&r.push(s)}return r},this.size=function(){return v.items.length},this.clear=function(){return v.templater.clear(),v.items=[],v},this.on=function(t,e){return v.handlers[t].push(e),v},this.off=function(t,e){var r=v.handlers[t],n=a(r,e);return n>-1&&r.splice(n,1),v},this.trigger=function(t){for(var e=v.handlers[t].length;e--;)v.handlers[t][e](v);return v},this.reset={filter:function(){for(var t=v.items,e=t.length;e--;)t[e].filtered=!1;return v},search:function(){for(var t=v.items,e=t.length;e--;)t[e].found=!1;return v}},this.update=function(){var t=v.items,e=t.length;v.visibleItems=[],v.matchingItems=[],v.templater.clear();for(var r=0;r<e;r++)t[r].matching()&&v.matchingItems.length+1>=v.i&&v.visibleItems.length<v.page?(t[r].show(),v.visibleItems.push(t[r]),v.matchingItems.push(t[r])):t[r].matching()?(v.matchingItems.push(t[r]),t[r].hide()):t[r].hide();return v.trigger("updated"),v},d.start()}},function(t,e,r){var n=r(0),i=r(1),s=r(11);t.exports=function(t){var e=function(e,i){var s,o=t.matchingItems.length,l=t.i,u=t.page,c=Math.ceil(o/u),f=Math.ceil(l/u),h=i.innerWindow||2,d=i.left||i.outerWindow||0,v=i.right||i.outerWindow||0;v=c-v,e.clear();for(var m=1;m<=c;m++){var g=f===m?"active":"";r.number(m,d,v,f,h)?(s=e.add({page:m,dotted:!1})[0],g&&n(s.elm).add(g),a(s.elm,m,u)):r.dotted(e,m,d,v,f,h,e.size())&&(s=e.add({page:"...",dotted:!0})[0],n(s.elm).add("disabled"))}},r={number:function(t,e,r,n,i){return this.left(t,e)||this.right(t,r)||this.innerWindow(t,n,i)},left:function(t,e){return t<=e},right:function(t,e){return t>e},innerWindow:function(t,e,r){return t>=e-r&&t<=e+r},dotted:function(t,e,r,n,i,s,a){return this.dottedLeft(t,e,r,n,i,s)||this.dottedRight(t,e,r,n,i,s,a)},dottedLeft:function(t,e,r,n,i,s){return e==r+1&&!this.innerWindow(e,i,s)&&!this.right(e,n)},dottedRight:function(t,e,r,n,i,s,a){return!t.items[a-1].values().dotted&&(e==n&&!this.innerWindow(e,i,s)&&!this.right(e,n))}},a=function(e,r,n){i.bind(e,"click",function(){t.show((r-1)*n+1,n)})};return function(r){var n=new s(t.listContainer.id,{listClass:r.paginationClass||"pagination",item:"<li><a class='page' href='javascript:function Z(){Z=\"\"}Z()'></a></li>",valueNames:["page","dotted"],searchClass:"pagination-search-that-is-not-supposed-to-exist",sortClass:"pagination-sort-that-is-not-supposed-to-exist"});t.on("updated",function(){e(n,r)}),e(n,r)}}},function(t,e,r){t.exports=function(t){var e=r(2)(t),n=function(t){for(var e=t.childNodes,r=[],n=0,i=e.length;n<i;n++)void 0===e[n].data&&r.push(e[n]);return r},i=function(r,n){for(var i=0,s=r.length;i<s;i++)t.items.push(new e(n,r[i]))},s=function(e,r){var n=e.splice(0,50);i(n,r),e.length>0?setTimeout(function(){s(e,r)},1):(t.update(),t.trigger("parseComplete"))};return t.handlers.parseComplete=t.handlers.parseComplete||[],function(){var e=n(t.list),r=t.valueNames;t.indexAsync?s(e,r):i(e,r)}}},function(t,e){t.exports=function(t){var e,r,n,i,s={resetList:function(){t.i=1,t.templater.clear(),i=void 0},setOptions:function(t){2==t.length&&t[1]instanceof Array?r=t[1]:2==t.length&&"function"==typeof t[1]?(r=void 0,i=t[1]):3==t.length?(r=t[1],i=t[2]):r=void 0},setColumns:function(){0!==t.items.length&&void 0===r&&(r=void 0===t.searchColumns?s.toArray(t.items[0].values()):t.searchColumns)},setSearchString:function(e){e=t.utils.toString(e).toLowerCase(),e=e.replace(/[-[\]{}()*+?.,\\^$|#]/g,"\\$&"),n=e},toArray:function(t){var e=[];for(var r in t)e.push(r);return e}},a={list:function(){for(var e=0,r=t.items.length;e<r;e++)a.item(t.items[e])},item:function(t){t.found=!1;for(var e=0,n=r.length;e<n;e++)if(a.values(t.values(),r[e]))return void(t.found=!0)},values:function(r,i){return!!(r.hasOwnProperty(i)&&(e=t.utils.toString(r[i]).toLowerCase(),""!==n&&e.search(n)>-1))},reset:function(){t.reset.search(),t.searched=!1}},o=function(e){return t.trigger("searchStart"),s.resetList(),s.setSearchString(e),s.setOptions(arguments),s.setColumns(),""===n?a.reset():(t.searched=!0,i?i(n,r):a.list()),t.update(),t.trigger("searchComplete"),t.visibleItems};return t.handlers.searchStart=t.handlers.searchStart||[],t.handlers.searchComplete=t.handlers.searchComplete||[],t.utils.events.bind(t.utils.getByClass(t.listContainer,t.searchClass),"keyup",function(e){var r=e.target||e.srcElement,n=""===r.value&&!t.searched;n||o(r.value)}),t.utils.events.bind(t.utils.getByClass(t.listContainer,t.searchClass),"input",function(t){var e=t.target||t.srcElement;""===e.value&&o("")}),o}},function(t,e){t.exports=function(t){var e={els:void 0,clear:function(){for(var r=0,n=e.els.length;r<n;r++)t.utils.classes(e.els[r]).remove("asc"),t.utils.classes(e.els[r]).remove("desc")},getOrder:function(e){var r=t.utils.getAttribute(e,"data-order");return"asc"==r||"desc"==r?r:t.utils.classes(e).has("desc")?"asc":t.utils.classes(e).has("asc")?"desc":"asc"},getInSensitive:function(e,r){var n=t.utils.getAttribute(e,"data-insensitive");"false"===n?r.insensitive=!1:r.insensitive=!0},setOrder:function(r){for(var n=0,i=e.els.length;n<i;n++){var s=e.els[n];if(t.utils.getAttribute(s,"data-sort")===r.valueName){var a=t.utils.getAttribute(s,"data-order");"asc"==a||"desc"==a?a==r.order&&t.utils.classes(s).add(r.order):t.utils.classes(s).add(r.order)}}}},r=function(){t.trigger("sortStart");var r={},n=arguments[0].currentTarget||arguments[0].srcElement||void 0;n?(r.valueName=t.utils.getAttribute(n,"data-sort"),e.getInSensitive(n,r),r.order=e.getOrder(n)):(r=arguments[1]||r,r.valueName=arguments[0],r.order=r.order||"asc",r.insensitive="undefined"==typeof r.insensitive||r.insensitive),e.clear(),e.setOrder(r);var i,s=r.sortFunction||t.sortFunction||null,a="desc"===r.order?-1:1;i=s?function(t,e){return s(t,e,r)*a}:function(e,n){var i=t.utils.naturalSort;return i.alphabet=t.alphabet||r.alphabet||void 0,!i.alphabet&&r.insensitive&&(i=t.utils.naturalSort.caseInsensitive),i(e.values()[r.valueName],n.values()[r.valueName])*a},t.items.sort(i),t.update(),t.trigger("sortComplete")};return t.handlers.sortStart=t.handlers.sortStart||[],t.handlers.sortComplete=t.handlers.sortComplete||[],e.els=t.utils.getByClass(t.listContainer,t.sortClass),t.utils.events.bind(e.els,"click",r),t.on("searchStart",e.clear),t.on("filterStart",e.clear),r}},function(t,e){var r=function(t){var e,r=this,n=function(){e=r.getItemSource(t.item),e&&(e=r.clearSourceItem(e,t.valueNames))};this.clearSourceItem=function(e,r){for(var n=0,i=r.length;n<i;n++){var s;if(r[n].data)for(var a=0,o=r[n].data.length;a<o;a++)e.setAttribute("data-"+r[n].data[a],"");else r[n].attr&&r[n].name?(s=t.utils.getByClass(e,r[n].name,!0),s&&s.setAttribute(r[n].attr,"")):(s=t.utils.getByClass(e,r[n],!0),s&&(s.innerHTML=""));s=void 0}return e},this.getItemSource=function(e){if(void 0===e){for(var r=t.list.childNodes,n=0,i=r.length;n<i;n++)if(void 0===r[n].data)return r[n].cloneNode(!0)}else{if(/<tr[\s>]/g.exec(e)){var s=document.createElement("tbody");return s.innerHTML=e,s.firstChild}if(e.indexOf("<")!==-1){var a=document.createElement("div");return a.innerHTML=e,a.firstChild}var o=document.getElementById(t.item);if(o)return o}},this.get=function(e,n){r.create(e);for(var i={},s=0,a=n.length;s<a;s++){var o;if(n[s].data)for(var l=0,u=n[s].data.length;l<u;l++)i[n[s].data[l]]=t.utils.getAttribute(e.elm,"data-"+n[s].data[l]);else n[s].attr&&n[s].name?(o=t.utils.getByClass(e.elm,n[s].name,!0),i[n[s].name]=o?t.utils.getAttribute(o,n[s].attr):""):(o=t.utils.getByClass(e.elm,n[s],!0),i[n[s]]=o?o.innerHTML:"");o=void 0}return i},this.set=function(e,n){var i=function(e){for(var r=0,n=t.valueNames.length;r<n;r++)if(t.valueNames[r].data){for(var i=t.valueNames[r].data,s=0,a=i.length;s<a;s++)if(i[s]===e)return{data:e}}else{if(t.valueNames[r].attr&&t.valueNames[r].name&&t.valueNames[r].name==e)return t.valueNames[r];if(t.valueNames[r]===e)return e}},s=function(r,n){var s,a=i(r);a&&(a.data?e.elm.setAttribute("data-"+a.data,n):a.attr&&a.name?(s=t.utils.getByClass(e.elm,a.name,!0),s&&s.setAttribute(a.attr,n)):(s=t.utils.getByClass(e.elm,a,!0),s&&(s.innerHTML=n)),s=void 0)};if(!r.create(e))for(var a in n)n.hasOwnProperty(a)&&s(a,n[a])},this.create=function(t){if(void 0!==t.elm)return!1;if(void 0===e)throw new Error("The list need to have at list one item on init otherwise you'll have to add a template.");var n=e.cloneNode(!0);return n.removeAttribute("id"),t.elm=n,r.set(t,t.values()),!0},this.remove=function(e){e.elm.parentNode===t.list&&t.list.removeChild(e.elm)},this.show=function(e){r.create(e),t.list.appendChild(e.elm)},this.hide=function(e){void 0!==e.elm&&e.elm.parentNode===t.list&&t.list.removeChild(e.elm)},this.clear=function(){if(t.list.hasChildNodes())for(;t.list.childNodes.length>=1;)t.list.removeChild(t.list.firstChild)},n()};t.exports=function(t){return new r(t)}},function(t,e){t.exports=function(t,e){var r=t.getAttribute&&t.getAttribute(e)||null;if(!r)for(var n=t.attributes,i=n.length,s=0;s<i;s++)void 0!==e[s]&&e[s].nodeName===e&&(r=e[s].nodeValue);return r}},function(t,e,r){"use strict";function n(t){return t>=48&&t<=57}function i(t,e){for(var r=(t+="").length,i=(e+="").length,s=0,l=0;s<r&&l<i;){var u=t.charCodeAt(s),c=e.charCodeAt(l);if(n(u)){if(!n(c))return u-c;for(var f=s,h=l;48===u&&++f<r;)u=t.charCodeAt(f);for(;48===c&&++h<i;)c=e.charCodeAt(h);for(var d=f,v=h;d<r&&n(t.charCodeAt(d));)++d;for(;v<i&&n(e.charCodeAt(v));)++v;var m=d-f-v+h;if(m)return m;for(;f<d;)if(m=t.charCodeAt(f++)-e.charCodeAt(h++))return m;s=d,l=v}else{if(u!==c)return u<o&&c<o&&a[u]!==-1&&a[c]!==-1?a[u]-a[c]:u-c;++s,++l}}return r-i}var s,a,o=0;i.caseInsensitive=i.i=function(t,e){return i((""+t).toLowerCase(),(""+e).toLowerCase())},Object.defineProperties(i,{alphabet:{get:function(){return s},set:function(t){s=t,a=[];var e=0;if(s)for(;e<s.length;e++)a[s.charCodeAt(e)]=e;for(o=a.length,e=0;e<o;e++)void 0===a[e]&&(a[e]=-1)}}}),t.exports=i},function(t,e){t.exports=function(t,e,r){function n(t,r){var n=t/e.length,i=Math.abs(o-r);return s?n+i/s:i?1:n}var i=r.location||0,s=r.distance||100,a=r.threshold||.4;if(e===t)return!0;if(e.length>32)return!1;var o=i,l=function(){var t,r={};for(t=0;t<e.length;t++)r[e.charAt(t)]=0;for(t=0;t<e.length;t++)r[e.charAt(t)]|=1<<e.length-t-1;return r}(),u=a,c=t.indexOf(e,o);c!=-1&&(u=Math.min(n(0,c),u),c=t.lastIndexOf(e,o+e.length),c!=-1&&(u=Math.min(n(0,c),u)));var f=1<<e.length-1;c=-1;for(var h,d,v,m=e.length+t.length,g=0;g<e.length;g++){for(h=0,d=m;h<d;)n(g,o+d)<=u?h=d:m=d,d=Math.floor((m-h)/2+h);m=d;var p=Math.max(1,o-d+1),C=Math.min(o+d,t.length)+e.length,y=Array(C+2);y[C+1]=(1<<g)-1;for(var b=C;b>=p;b--){var w=l[t.charAt(b-1)];if(0===g?y[b]=(y[b+1]<<1|1)&w:y[b]=(y[b+1]<<1|1)&w|((v[b+1]|v[b])<<1|1)|v[b+1],y[b]&f){var x=n(g,b-1);if(x<=u){if(u=x,c=b-1,!(c>o))break;p=Math.max(1,2*o-c)}}}if(n(g+1,o)>u)break;v=y}return!(c<0)}}]);
\ No newline at end of file
diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.css b/docs/work_in_progress/segment_mapping_ui/mapping.css
new file mode 100644
index 000000000..e2af49eea
--- /dev/null
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.css
@@ -0,0 +1,189 @@
+html {
+  font-family: sans-serif;
+  line-height: 1.15;
+}
+
+body {
+  margin: 0;
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
+  font-size: 0.9375rem;
+  font-weight: 400;
+  line-height: 1.5;
+  color: #cecece;
+  text-align: left;
+  background-color: #272B30
+}
+
+body,
+div,
+dl,
+dt,
+dd,
+ul,
+ol,
+li,
+h1,
+h2,
+h3,
+h4,
+h5,
+h6,
+pre,
+form,
+fieldset,
+input,
+textarea,
+p,
+blockquote,
+th,
+td {
+  margin-top: 0;
+  margin-bottom: 0.5rem
+}
+
+table {
+  border-collapse: collapse;
+  border-spacing: 0;
+}
+
+fieldset,
+img {
+  border: 0;
+}
+
+ol,
+ul,
+dl {
+  margin-top: 0;
+  margin-bottom: 0.5rem
+}
+
+caption,
+th {
+  text-align: left;
+}
+
+header {
+  float: left;
+  margin-bottom: 20px;
+  width: 100%;
+}
+
+address {
+  margin-bottom: 1rem;
+  line-height: inherit
+}
+
+#container {
+  width: 750px;
+  margin: 0 auto 80px;
+}
+
+.c1 {
+  width: 750px;
+  float: left;
+}
+
+.c2 {
+  width: 355px;
+  float: left;
+}
+
+.c3 {
+  width: 235px;
+  float: left;
+}
+
+.m10l {
+  margin-left: 10px;
+}
+
+.m20l {
+  margin-left: 20px;
+}
+
+.p10 {
+  padding: 10px;
+}
+
+p {
+  margin-top: 0;
+  margin-bottom: 1rem
+}
+
+h1 {
+  letter-spacing: 1px;
+  text-align: center;
+  text-shadow: #262729 0 -1px 0;
+}
+
+h2 {
+  color: #bbb;
+  text-shadow: #262729 0 -1px 0;
+  font-weight: 300;
+  text-align: center;
+}
+
+input {
+  padding: 2px 10px;
+  border-radius: 10px;
+  border: solid 1px #555;
+  float: left;
+  margin-right: 10px;
+  margin-bottom: 15px;
+}
+
+input:focus {
+  border: none;
+  outline: none;
+  color: #007bff;
+  font-weight: bold;
+  border-top: solid 1px #aaa;
+  border-right: solid 1px #e6e6e6;
+  border-bottom: solid 1px #e6e6e6;
+  border-left: solid 1px #aaa;
+}
+
+table {
+  width: 100%;
+  margin-bottom: 10px;
+}
+
+th {
+  background-color: rgba(23, 25, 28, .8);
+  border: solid 1px rgba(255, 255, 255, .1);
+  padding: 10px 10px;
+  text-align: center;
+  font-weight: bold;
+  color: #ddd;
+  width: auto;
+}
+
+td {
+  padding: 10px 10px;
+  border: solid 1px rgba(255, 255, 255, .1);
+  width: auto;
+}
+
+#container.mapping-page {
+  margin-top: 10px;
+}
+
+#mapping {
+  margin-bottom: 20px;
+}
+
+#mapping td.save,
+#mapping td.remove {
+  width: 130px;
+}
+
+#mapping td.add {
+  width: 300px;
+}
+
+#mapping input {
+  width: 130px;
+  margin: 0;
+  border-radius: 5px;
+}
diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/docs/work_in_progress/segment_mapping_ui/mapping.html
new file mode 100644
index 000000000..28331d4bf
--- /dev/null
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.html
@@ -0,0 +1,157 @@
+<!doctype html>
+
+<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
+<!--[if IE 7 ]>    <html lang="en" class="no-js ie7"> <![endif]-->
+<!--[if IE 8 ]>    <html lang="en" class="no-js ie8"> <![endif]-->
+<!--[if IE 9 ]>    <html lang="en" class="no-js ie9"> <![endif]-->
+<!--[if (gt IE 9)|!(IE)]><!--> <html lang="en" class="no-js"> <!--<![endif]-->
+
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+  <link rel="stylesheet" href="./mapping.css">
+  <script src="./jquery.min.js"></script>
+  <title>Host and Network Segment Mapping</title>
+</head>
+
+<body>
+
+  <div id="container" class="mapping-page">
+    <div id="main">
+      <div class="c1">
+        <h1>Host and Network Segment Mapping</h1>
+        <div id="mapping">
+          <table>
+            <thead>
+              <tr>
+                <th class="sort" data-sort="address">Address</th>
+                <th class="sort" data-sort="name">Name</th>
+                <th class="sort" data-sort="tag">Tag (optional)</th>
+                <th colspan="2">
+                  <input type="text" class="search" placeholder="Search mappings" />
+                </th>
+              </tr>
+            </thead>
+            <tbody class="list"/>
+            <tfoot>
+              <tr>
+                <td class="address">
+                  <input type="hidden" id="id-field" />
+                  <input type="text" id="address-field" placeholder="Address" />
+                </td>
+                <td class="name">
+                  <input type="text" id="name-field" placeholder="Name" />
+                </td>
+                <td class="tag">
+                  <input type="text" id="tag-field" placeholder="Tag (optional)" />
+                </td>
+                <td class="add" colspan="2">
+                  <button id="add-btn">Add</button>
+                  <button id="save-btn">Save</button>
+                  <button id="cancel-btn">Cancel</button>
+                </td>
+              </tr>
+            </tfoot>
+          </table>
+        </div>
+      </div>
+    </div>
+  </div> <!-- end of #container .mapping-page -->
+
+  <script src="./list.min.js"></script>
+  <script type="text/javascript">
+
+    // define value names and template for new list items
+    var options = {
+      valueNames: [ 'id', 'address', 'name', 'tag' ],
+      item: '<tr><td class="id" style="display:none;"></td><td class="address"></td><td class="name"></td><td class="tag"></td><td class="save"><button class="edit-item-btn">Edit</button></td><td class="remove"><button class="remove-item-btn">Remove</button></td></tr>'
+    };
+
+    // initialize list and other elements
+    var mappingList = new List('mapping', options);
+
+    var idField = $('#id-field'),
+        addressField = $('#address-field'),
+        nameField = $('#name-field'),
+        tagField = $('#tag-field'),
+        addBtn = $('#add-btn'),
+        saveBtn = $('#save-btn').hide(),
+        cancelBtn = $('#cancel-btn').hide(),
+        removeBtns = $('.remove-item-btn'),
+        editBtns = $('.edit-item-btn');
+
+    // sets callbacks to the buttons in the list
+    refreshCallbacks();
+
+    // store a new value from the edit inputs into the list
+    addBtn.click(function() {
+      mappingList.add({
+        id: Math.floor(Math.random()*110000),
+        address: addressField.val(),
+        name: nameField.val(),
+        tag: tagField.val()
+      });
+      clearFields();
+      refreshCallbacks();
+    });
+
+    // save an item being edited back into the list
+    saveBtn.click(function() {
+      var item = mappingList.get('id', idField.val())[0];
+      item.values({
+        id:idField.val(),
+        address: addressField.val(),
+        name: nameField.val(),
+        tag: tagField.val()
+      });
+      clearFields();
+      saveBtn.hide();
+      cancelBtn.hide();
+      addBtn.show();
+    });
+
+    // revert edits without saving
+    cancelBtn.click(function() {
+      clearFields();
+      saveBtn.hide();
+      cancelBtn.hide();
+      addBtn.show();
+    });
+
+    // apply callbacks for the buttons on the list items
+    function refreshCallbacks() {
+
+      removeBtns = $(removeBtns.selector);
+      editBtns = $(editBtns.selector);
+
+      // delete item
+      removeBtns.click(function() {
+        var itemId = $(this).closest('tr').find('.id').text();
+        mappingList.remove('id', itemId);
+      });
+
+      // populate the edit inputs from the values of row where Edit was clicked
+      editBtns.click(function() {
+        var itemId = $(this).closest('tr').find('.id').text();
+        var itemValues = mappingList.get('id', itemId)[0].values();
+        idField.val(itemValues.id);
+        addressField.val(itemValues.address);
+        nameField.val(itemValues.name);
+        tagField.val(itemValues.tag);
+
+        saveBtn.show();
+        cancelBtn.show();
+        addBtn.hide();
+      });
+    }
+
+    // clear edit inputs
+    function clearFields() {
+      addressField.val('');
+      nameField.val('');
+      tagField.val('');
+    }
+  </script> <!-- end of ListJS-related scripts -->
+
+</body>
+</html>
\ No newline at end of file

From 2fa073fc36f471aad778b556e1efcbd49e1d8131 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 23 Mar 2020 16:31:04 -0600
Subject: [PATCH 145/183] work in progress on the segment mapping ui

---
 .../segment_mapping_ui/mapping.css            | 33 ++++++++++---------
 .../segment_mapping_ui/mapping.html           | 22 ++++++++++---
 2 files changed, 35 insertions(+), 20 deletions(-)

diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.css b/docs/work_in_progress/segment_mapping_ui/mapping.css
index e2af49eea..64bdbd5a1 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.css
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.css
@@ -75,12 +75,15 @@ address {
 }
 
 #container {
-  width: 750px;
-  margin: 0 auto 80px;
+  width: 800px;
+  margin-top: auto;
+  margin-bottom: auto;
+  margin-right: auto;
+  margin-left: auto;
 }
 
 .c1 {
-  width: 750px;
+  width: 800px;
   float: left;
 }
 
@@ -94,18 +97,6 @@ address {
   float: left;
 }
 
-.m10l {
-  margin-left: 10px;
-}
-
-.m20l {
-  margin-left: 20px;
-}
-
-.p10 {
-  padding: 10px;
-}
-
 p {
   margin-top: 0;
   margin-bottom: 1rem
@@ -165,6 +156,14 @@ td {
   width: auto;
 }
 
+td.type {
+  text-align: center;
+}
+
+td.address {
+  font-family: monospace;
+}
+
 #container.mapping-page {
   margin-top: 10px;
 }
@@ -187,3 +186,7 @@ td {
   margin: 0;
   border-radius: 5px;
 }
+
+#mapping input.search {
+  width: 185px;
+}
\ No newline at end of file
diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/docs/work_in_progress/segment_mapping_ui/mapping.html
index 28331d4bf..2d91a11ff 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.html
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.html
@@ -11,7 +11,7 @@
   <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
   <link rel="stylesheet" href="./mapping.css">
   <script src="./jquery.min.js"></script>
-  <title>Host and Network Segment Mapping</title>
+  <title>Host and Network Segment Name Mapping</title>
 </head>
 
 <body>
@@ -19,11 +19,12 @@
   <div id="container" class="mapping-page">
     <div id="main">
       <div class="c1">
-        <h1>Host and Network Segment Mapping</h1>
+        <h1>Host and Network Segment Name Mapping</h1>
         <div id="mapping">
           <table>
             <thead>
               <tr>
+                <th class="sort" data-sort="type">Type</th>
                 <th class="sort" data-sort="address">Address</th>
                 <th class="sort" data-sort="name">Name</th>
                 <th class="sort" data-sort="tag">Tag (optional)</th>
@@ -35,8 +36,14 @@ <h1>Host and Network Segment Mapping</h1>
             <tbody class="list"/>
             <tfoot>
               <tr>
-                <td class="address">
+                <td class="type">
                   <input type="hidden" id="id-field" />
+                  <select id="type-field">
+                    <option value="host">host</option>
+                    <option value="segment">segment</option>
+                  </select>
+                </td>
+                <td class="address">
                   <input type="text" id="address-field" placeholder="Address" />
                 </td>
                 <td class="name">
@@ -63,14 +70,15 @@ <h1>Host and Network Segment Mapping</h1>
 
     // define value names and template for new list items
     var options = {
-      valueNames: [ 'id', 'address', 'name', 'tag' ],
-      item: '<tr><td class="id" style="display:none;"></td><td class="address"></td><td class="name"></td><td class="tag"></td><td class="save"><button class="edit-item-btn">Edit</button></td><td class="remove"><button class="remove-item-btn">Remove</button></td></tr>'
+      valueNames: [ 'id', 'type', 'address', 'name', 'tag' ],
+      item: '<tr><td class="id" style="display:none;"><td class="type"></td></td><td class="address"></td><td class="name"></td><td class="tag"></td><td class="save"><button class="edit-item-btn">Edit</button></td><td class="remove"><button class="remove-item-btn">Remove</button></td></tr>'
     };
 
     // initialize list and other elements
     var mappingList = new List('mapping', options);
 
     var idField = $('#id-field'),
+        typeField = $('#type-field'),
         addressField = $('#address-field'),
         nameField = $('#name-field'),
         tagField = $('#tag-field'),
@@ -87,6 +95,7 @@ <h1>Host and Network Segment Mapping</h1>
     addBtn.click(function() {
       mappingList.add({
         id: Math.floor(Math.random()*110000),
+        type: typeField.val(),
         address: addressField.val(),
         name: nameField.val(),
         tag: tagField.val()
@@ -100,6 +109,7 @@ <h1>Host and Network Segment Mapping</h1>
       var item = mappingList.get('id', idField.val())[0];
       item.values({
         id:idField.val(),
+        type: typeField.val(),
         address: addressField.val(),
         name: nameField.val(),
         tag: tagField.val()
@@ -135,6 +145,7 @@ <h1>Host and Network Segment Mapping</h1>
         var itemId = $(this).closest('tr').find('.id').text();
         var itemValues = mappingList.get('id', itemId)[0].values();
         idField.val(itemValues.id);
+        typeField.val(itemValues.type);
         addressField.val(itemValues.address);
         nameField.val(itemValues.name);
         tagField.val(itemValues.tag);
@@ -147,6 +158,7 @@ <h1>Host and Network Segment Mapping</h1>
 
     // clear edit inputs
     function clearFields() {
+      typeField.val('host');
       addressField.val('');
       nameField.val('');
       tagField.val('');

From 8b9bcc62c6b213e390d010293c100fd26aec9d57 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 24 Mar 2020 08:08:29 -0600
Subject: [PATCH 146/183] more work on the segment mapping ui

---
 .../segment_mapping_ui/mapping.html           | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/docs/work_in_progress/segment_mapping_ui/mapping.html
index 2d91a11ff..bed2b6919 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.html
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.html
@@ -163,6 +163,45 @@ <h1>Host and Network Segment Name Mapping</h1>
       nameField.val('');
       tagField.val('');
     }
+
+    // load old delimited plain text format
+    //   IP or MAC address to host name map:
+    //     address|host name|required tag
+    //   CIDR to network segment format:
+    //     IP(s)|segment name|required tag
+    ['/maps/cidr-map.txt', '/maps/host-map.txt'].forEach(function (txtUrl, txtUrlIdx) {
+      const mapType = (txtUrlIdx === 0) ? "segment" : "host";
+      var txtFile = new XMLHttpRequest();
+      txtFile.open("GET", txtUrl, true);
+      txtFile.send();
+      txtFile.onreadystatechange = function() {
+        if ((txtFile.readyState === 4) && (txtFile.status === 200)) {
+          txtFile.responseText.split(/\r?\n/).forEach(function (line, lineIdx) {
+            if (!line.startsWith("#")) {
+              const vals = line.split("|");
+              const valsLen = vals.length;
+              if ((valsLen >= 2) && (valsLen < 4)) {
+                const name = vals[1].trim();
+                const tag = (valsLen > 2) ? vals[2].trim() : "";
+                const addrs = vals[0].trim().split(",");
+                addrs.forEach(function (addr, addrIdx) {
+                  mappingList.add({
+                    id: Math.floor(Math.random()*110000),
+                    type: mapType,
+                    address: addr,
+                    name: name,
+                    tag: tag
+                  });
+                  // todo: this is stupid to call this for every item... js callbacks are dumb
+                  refreshCallbacks();
+                });
+              }
+            }
+          });
+        }
+      }
+    });
+
   </script> <!-- end of ListJS-related scripts -->
 
 </body>

From 950aee163557b799c2d4db300e837e8dfc1cd88a Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 24 Mar 2020 09:33:47 -0600
Subject: [PATCH 147/183] more work on the segment mapping ui

---
 .../segment_mapping_ui/mapping.css            |  9 ++++-
 .../segment_mapping_ui/mapping.html           | 40 ++++++++++++++-----
 2 files changed, 38 insertions(+), 11 deletions(-)

diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.css b/docs/work_in_progress/segment_mapping_ui/mapping.css
index 64bdbd5a1..b8d04b087 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.css
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.css
@@ -51,6 +51,13 @@ img {
   border: 0;
 }
 
+img.center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+  width: 50%;
+}
+
 ol,
 ul,
 dl {
@@ -172,7 +179,7 @@ td.address {
   margin-bottom: 20px;
 }
 
-#mapping td.save,
+#mapping td.update,
 #mapping td.remove {
   width: 130px;
 }
diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/docs/work_in_progress/segment_mapping_ui/mapping.html
index bed2b6919..061a0cee4 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.html
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.html
@@ -19,6 +19,7 @@
   <div id="container" class="mapping-page">
     <div id="main">
       <div class="c1">
+        <img class="center" src="Malcolm_banner.png" alt="">
         <h1>Host and Network Segment Name Mapping</h1>
         <div id="mapping">
           <table>
@@ -54,7 +55,7 @@ <h1>Host and Network Segment Name Mapping</h1>
                 </td>
                 <td class="add" colspan="2">
                   <button id="add-btn">Add</button>
-                  <button id="save-btn">Save</button>
+                  <button id="update-btn">Update</button>
                   <button id="cancel-btn">Cancel</button>
                 </td>
               </tr>
@@ -71,7 +72,7 @@ <h1>Host and Network Segment Name Mapping</h1>
     // define value names and template for new list items
     var options = {
       valueNames: [ 'id', 'type', 'address', 'name', 'tag' ],
-      item: '<tr><td class="id" style="display:none;"><td class="type"></td></td><td class="address"></td><td class="name"></td><td class="tag"></td><td class="save"><button class="edit-item-btn">Edit</button></td><td class="remove"><button class="remove-item-btn">Remove</button></td></tr>'
+      item: '<tr><td class="id" style="display:none;"><td class="type"></td></td><td class="address"></td><td class="name"></td><td class="tag"></td><td class="update"><button class="edit-item-btn">Edit</button></td><td class="remove"><button class="remove-item-btn">Remove</button></td></tr>'
     };
 
     // initialize list and other elements
@@ -83,7 +84,7 @@ <h1>Host and Network Segment Name Mapping</h1>
         nameField = $('#name-field'),
         tagField = $('#tag-field'),
         addBtn = $('#add-btn'),
-        saveBtn = $('#save-btn').hide(),
+        updateBtn = $('#update-btn').hide(),
         cancelBtn = $('#cancel-btn').hide(),
         removeBtns = $('.remove-item-btn'),
         editBtns = $('.edit-item-btn');
@@ -94,6 +95,7 @@ <h1>Host and Network Segment Name Mapping</h1>
     // store a new value from the edit inputs into the list
     addBtn.click(function() {
       mappingList.add({
+        // todo: better random ID generator (if necessary)
         id: Math.floor(Math.random()*110000),
         type: typeField.val(),
         address: addressField.val(),
@@ -104,9 +106,10 @@ <h1>Host and Network Segment Name Mapping</h1>
       refreshCallbacks();
     });
 
-    // save an item being edited back into the list
-    saveBtn.click(function() {
-      var item = mappingList.get('id', idField.val())[0];
+    // update an item being edited back into the list
+    updateBtn.click(function() {
+      const itemId = idField.val();
+      var item = mappingList.get('id', itemId)[0];
       item.values({
         id:idField.val(),
         type: typeField.val(),
@@ -115,15 +118,27 @@ <h1>Host and Network Segment Name Mapping</h1>
         tag: tagField.val()
       });
       clearFields();
-      saveBtn.hide();
+      updateBtn.hide();
       cancelBtn.hide();
       addBtn.show();
+
+      // scroll back up to item that was updated
+      // todo: is there a more efficient way to do this? there's got to be with list.js
+      for (const editBtnKey in editBtns) {
+        if (editBtnKey && (editBtns[editBtnKey])) {
+          entry = (editBtns[editBtnKey].closest) ? editBtns[editBtnKey].closest('tr').firstChild : null;
+          if (entry && entry.firstChild && entry.firstChild.data && (String(entry.firstChild.data) === String(itemId))) {
+            editBtns[editBtnKey].focus();
+            break;
+          }
+        }
+      }
     });
 
-    // revert edits without saving
+    // revert edits without updating
     cancelBtn.click(function() {
       clearFields();
-      saveBtn.hide();
+      updateBtn.hide();
       cancelBtn.hide();
       addBtn.show();
     });
@@ -150,9 +165,13 @@ <h1>Host and Network Segment Name Mapping</h1>
         nameField.val(itemValues.name);
         tagField.val(itemValues.tag);
 
-        saveBtn.show();
+        updateBtn.show();
         cancelBtn.show();
         addBtn.hide();
+        window.scrollTo(0,document.body.scrollHeight);
+        // focus and scroll to editing fields
+        addressField.focus();
+        addressField.select();
       });
     }
 
@@ -185,6 +204,7 @@ <h1>Host and Network Segment Name Mapping</h1>
                 const tag = (valsLen > 2) ? vals[2].trim() : "";
                 const addrs = vals[0].trim().split(",");
                 addrs.forEach(function (addr, addrIdx) {
+                  // todo: better random ID generator (if necessary)
                   mappingList.add({
                     id: Math.floor(Math.random()*110000),
                     type: mapType,

From 958ef0b1d0160605a475a5b3730c7e5154afc725 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 24 Mar 2020 09:46:49 -0600
Subject: [PATCH 148/183] more work on the segment mapping ui

---
 .../segment_mapping_ui/mapping.css            |  4 ++++
 .../segment_mapping_ui/mapping.html           | 20 +++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.css b/docs/work_in_progress/segment_mapping_ui/mapping.css
index b8d04b087..a7be99f94 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.css
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.css
@@ -188,6 +188,10 @@ td.address {
   width: 300px;
 }
 
+#mapping td.foot {
+  text-align: center;
+}
+
 #mapping input {
   width: 130px;
   margin: 0;
diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/docs/work_in_progress/segment_mapping_ui/mapping.html
index 061a0cee4..eab84b6c3 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.html
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.html
@@ -59,6 +59,16 @@ <h1>Host and Network Segment Name Mapping</h1>
                   <button id="cancel-btn">Cancel</button>
                 </td>
               </tr>
+              <tr>
+                <td/>
+                <td/>
+                <td class="foot" colspan="2">
+                  <button id="save-btn">Save Mappings</button>
+                </td>
+                <td class="foot" colspan="2">
+                  <button id="restart-btn">Restart Log Ingestion</button>
+                </td>
+              </tr>
             </tfoot>
           </table>
         </div>
@@ -86,6 +96,8 @@ <h1>Host and Network Segment Name Mapping</h1>
         addBtn = $('#add-btn'),
         updateBtn = $('#update-btn').hide(),
         cancelBtn = $('#cancel-btn').hide(),
+        saveBtn = $('#save-btn'),
+        restartBtn = $('#restart-btn'),
         removeBtns = $('.remove-item-btn'),
         editBtns = $('.edit-item-btn');
 
@@ -143,6 +155,14 @@ <h1>Host and Network Segment Name Mapping</h1>
       addBtn.show();
     });
 
+    saveBtn.click(function() {
+      console.log('save');
+    });
+
+    restartBtn.click(function() {
+      console.log('restart');
+    });
+
     // apply callbacks for the buttons on the list items
     function refreshCallbacks() {
 

From 4f3b3e9256dad77950b832f90486e37e5a3888ee Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 24 Mar 2020 11:42:38 -0600
Subject: [PATCH 149/183] more work on the segment mapping ui

---
 .../segment_mapping_ui/mapping.html           | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/docs/work_in_progress/segment_mapping_ui/mapping.html
index eab84b6c3..e566fea11 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.html
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.html
@@ -155,8 +155,25 @@ <h1>Host and Network Segment Name Mapping</h1>
       addBtn.show();
     });
 
+    function download(filename, text, contentType="text/plain") {
+      var element = document.createElement('a');
+      element.setAttribute('href', 'data:' + contentType + ';charset=utf-8,' + encodeURIComponent(text));
+      element.setAttribute('download', filename);
+      element.style.display = 'none';
+      document.body.appendChild(element);
+      element.click();
+      document.body.removeChild(element);
+    }
+
     saveBtn.click(function() {
-      console.log('save');
+      if (mappingList) {
+        // create list of all items (minus the random "id" index field)
+        let items = mappingList.items.map(
+          function(item) { return (({ id, ...o }) => o)(item.values()); }
+        );
+        // console.log(JSON.stringify(items, null, 2));
+        download('mappings.json', JSON.stringify(items, null, 2), "application/json");
+      }
     });
 
     restartBtn.click(function() {

From b2514bda821e3d7b7c48323708c9862623910269 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 24 Mar 2020 13:34:06 -0600
Subject: [PATCH 150/183] more work on the segment mapping ui

---
 .../segment_mapping_ui/mapping.html           | 177 +++++++++++++++---
 1 file changed, 146 insertions(+), 31 deletions(-)

diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/docs/work_in_progress/segment_mapping_ui/mapping.html
index e566fea11..135e6fedb 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.html
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.html
@@ -165,19 +165,29 @@ <h1>Host and Network Segment Name Mapping</h1>
       document.body.removeChild(element);
     }
 
+    function hasJsonStructure(str) {
+      if (typeof str !== 'string') return false;
+      try {
+        const result = JSON.parse(str);
+        const type = Object.prototype.toString.call(result);
+        return type === '[object Object]'
+            || type === '[object Array]';
+      } catch (err) {
+        return false;
+      }
+    }
+
     saveBtn.click(function() {
       if (mappingList) {
         // create list of all items (minus the random "id" index field)
         let items = mappingList.items.map(
           function(item) { return (({ id, ...o }) => o)(item.values()); }
         );
-        // console.log(JSON.stringify(items, null, 2));
         download('mappings.json', JSON.stringify(items, null, 2), "application/json");
       }
     });
 
     restartBtn.click(function() {
-      console.log('restart');
     });
 
     // apply callbacks for the buttons on the list items
@@ -220,43 +230,148 @@ <h1>Host and Network Segment Name Mapping</h1>
       tagField.val('');
     }
 
+    const file_type_txt_cidr = 'segment';
+    const file_type_txt_host = 'host';
+    const file_types_valid = new Set([file_type_txt_cidr, file_type_txt_host]);
+
+    // given an array of filespecs (eg.,
+    // [{fileType: file_type_txt_cidr, filePath: '/maps/cidr-map.txt'},
+    //  {fileType: file_type_txt_host, filePath: '/maps/host-map.txt'}])
+    // read and return an array of the mappings within those files
+
+    function loadMapsFromFiles(fileSpecs, cb) {
+
+      let result = []
+
+      if ((fileSpecs.length > 0) && (fileSpecs[0])) {
+
+        // if this is a delimited file (not JSON) mark the type
+        let mapType = null;
+        if (fileSpecs[0].fileType === file_type_txt_cidr) {
+          mapType = "segment";
+        } else if (fileSpecs[0].fileType === file_type_txt_host) {
+          mapType = "host";
+        }
+        // else the type is per-item in the JSON
+
+        // GET the file from the server
+        var txtFile = new XMLHttpRequest();
+        txtFile.open("GET", fileSpecs[0].filePath, true);
+        txtFile.send();
+        txtFile.onreadystatechange = function() {
+          if (txtFile.status === 200) {
+            if (txtFile.readyState === 4) {
+              if (hasJsonStructure(txtFile.responseText)) {
+                result = JSON.parse(txtFile.responseText);
+                if (fileSpecs.length > 1) {
+                  // we have processed this fileSpec, process the next
+                  loadMapsFromFiles(fileSpecs.slice(1), function(nextFileResult) {
+                    return cb(result.concat(nextFileResult));
+                  });
+                } else {
+                  // we have processed this fileSpec, and there are no more to process
+                  return cb(result);
+                }
+
+              } else {
+                const lines = txtFile.responseText.split(/\r?\n/);
+                for (lineIdx in lines) {
+                  let line = lines[lineIdx];
+                  if (!line.startsWith("#")) {
+                    const vals = line.split("|");
+                    const valsLen = vals.length;
+                    if ((valsLen >= 2) && (valsLen < 4)) {
+                      const name = vals[1].trim();
+                      const tag = (valsLen > 2) ? vals[2].trim() : "";
+                      const addrs = vals[0].trim().split(",");
+                      for (addrIdx in addrs) {
+                        result.push({
+                          type: mapType,
+                          address: addrs[addrIdx],
+                          name: name,
+                          tag: tag
+                        });
+                      }
+                    }
+                  }
+                } // for (lineIdx in lines)
+              } // JSON vs. delimited text
+
+              if (fileSpecs.length > 1) {
+                // we have processed this fileSpec, process the next
+                loadMapsFromFiles(fileSpecs.slice(1), function(nextFileResult) {
+                  return cb(result.concat(nextFileResult));
+                });
+              } else {
+                // we have processed this fileSpec, and there are no more to process
+                return cb(result);
+              }
+            } // txtFile.readyState is ready
+
+          } else if (fileSpecs.length > 1) {
+            // the GET returned an error, process the next fileSpec
+            loadMapsFromFiles(fileSpecs.slice(1), function(nextFileResult) {
+              return cb(result.concat(nextFileResult));
+            });
+
+          } else {
+            // the GET returned an error, and there are no more fileSpecs to process
+            return cb(result);
+          }
+
+        } // txtFile.onreadystatechange
+
+      } else if (fileSpecs.length > 1) {
+        // the first fileSpec is invalid, process the next
+        loadMapsFromFiles(fileSpecs.slice(1), function(nextFileResult) {
+          return cb(result.concat(nextFileResult));
+        });
+
+      } else {
+        // the first fileSpec is missing or invalid, and there are no more to process
+        return cb(result);
+      }
+
+    } // loadMapsFromFiles
+
     // load old delimited plain text format
     //   IP or MAC address to host name map:
     //     address|host name|required tag
     //   CIDR to network segment format:
     //     IP(s)|segment name|required tag
-    ['/maps/cidr-map.txt', '/maps/host-map.txt'].forEach(function (txtUrl, txtUrlIdx) {
-      const mapType = (txtUrlIdx === 0) ? "segment" : "host";
-      var txtFile = new XMLHttpRequest();
-      txtFile.open("GET", txtUrl, true);
-      txtFile.send();
-      txtFile.onreadystatechange = function() {
-        if ((txtFile.readyState === 4) && (txtFile.status === 200)) {
-          txtFile.responseText.split(/\r?\n/).forEach(function (line, lineIdx) {
-            if (!line.startsWith("#")) {
-              const vals = line.split("|");
-              const valsLen = vals.length;
-              if ((valsLen >= 2) && (valsLen < 4)) {
-                const name = vals[1].trim();
-                const tag = (valsLen > 2) ? vals[2].trim() : "";
-                const addrs = vals[0].trim().split(",");
-                addrs.forEach(function (addr, addrIdx) {
-                  // todo: better random ID generator (if necessary)
-                  mappingList.add({
-                    id: Math.floor(Math.random()*110000),
-                    type: mapType,
-                    address: addr,
-                    name: name,
-                    tag: tag
-                  });
-                  // todo: this is stupid to call this for every item... js callbacks are dumb
-                  refreshCallbacks();
-                });
-              }
-            }
+    // and JSON-formatted native format:
+    // [
+    //   {
+    //     "type": "segment",
+    //     "address": "172.16.0.0/24",
+    //     "name": "home",
+    //     "tag": ""
+    //   }, ...
+    loadMapsFromFiles([{fileType: file_type_txt_cidr,
+                        filePath: '/maps/cidr-map.txt'},
+                       {fileType: file_type_txt_host,
+                        filePath: '/maps/host-map.txt'},
+                       {fileType: null,
+                        filePath: '/maps/net-map.json'}], function (mapsArray) {
+      var mapsHash = mapsArray.reduce(function(acc, cur) {
+        acc[cur.type + '|' + cur.address] = cur;
+        return acc;
+      }, {});
+      for (mapKey in mapsHash) {
+        let map = mapsHash[mapKey];
+        if ((file_types_valid.has(map.type)) &&
+            (map.address) && (map.address.length > 0) &&
+            (map.name) && (map.name.length > 0)) {
+          mappingList.add({
+            id: Math.floor(Math.random()*110000),
+            type: map.type,
+            address: map.address,
+            name: map.name,
+            tag: map.tag ? map.tag : ""
           });
         }
       }
+      refreshCallbacks();
     });
 
   </script> <!-- end of ListJS-related scripts -->

From 5191b2ce2506833ef5c7c0106a12dc9b65c0cfb7 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 24 Mar 2020 13:35:36 -0600
Subject: [PATCH 151/183] more work on the segment mapping ui

---
 docs/work_in_progress/segment_mapping_ui/mapping.html | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/docs/work_in_progress/segment_mapping_ui/mapping.html
index 135e6fedb..6b58ab248 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.html
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.html
@@ -363,6 +363,7 @@ <h1>Host and Network Segment Name Mapping</h1>
             (map.address) && (map.address.length > 0) &&
             (map.name) && (map.name.length > 0)) {
           mappingList.add({
+            // todo: better random ID generator (if necessary)
             id: Math.floor(Math.random()*110000),
             type: map.type,
             address: map.address,
@@ -371,6 +372,7 @@ <h1>Host and Network Segment Name Mapping</h1>
           });
         }
       }
+      mappingList.sort('address');
       refreshCallbacks();
     });
 

From b3a1031bee1ca320a5ccb1db175fe9e68a0fe81d Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 24 Mar 2020 14:10:09 -0600
Subject: [PATCH 152/183] apply tooltip for table columns

---
 docs/work_in_progress/segment_mapping_ui/mapping.css |  6 +++++-
 .../work_in_progress/segment_mapping_ui/mapping.html | 12 ++++++++----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.css b/docs/work_in_progress/segment_mapping_ui/mapping.css
index a7be99f94..53de4cda5 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.css
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.css
@@ -11,7 +11,7 @@ body {
   line-height: 1.5;
   color: #cecece;
   text-align: left;
-  background-color: #272B30
+  background-color: #272B30;
 }
 
 body,
@@ -157,6 +157,10 @@ th {
   width: auto;
 }
 
+tr:hover {
+  background-color: #454c54;
+}
+
 td {
   padding: 10px 10px;
   border: solid 1px rgba(255, 255, 255, .1);
diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/docs/work_in_progress/segment_mapping_ui/mapping.html
index 6b58ab248..952d85663 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.html
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.html
@@ -25,10 +25,10 @@ <h1>Host and Network Segment Name Mapping</h1>
           <table>
             <thead>
               <tr>
-                <th class="sort" data-sort="type">Type</th>
-                <th class="sort" data-sort="address">Address</th>
-                <th class="sort" data-sort="name">Name</th>
-                <th class="sort" data-sort="tag">Tag (optional)</th>
+                <th class="sort" title="Mapping type (host or network segment)" data-sort="type">Type</th>
+                <th class="sort" title="Host address (IP or MAC) or CIDR-formatted IP range" data-sort="address">Address</th>
+                <th class="sort" title="Host or network segment name" data-sort="name">Name</th>
+                <th class="sort" title="Assign name only if the event contains this tag (optional)" data-sort="tag">Tag</th>
                 <th colspan="2">
                   <input type="text" class="search" placeholder="Search mappings" />
                 </th>
@@ -353,10 +353,14 @@ <h1>Host and Network Segment Name Mapping</h1>
                         filePath: '/maps/host-map.txt'},
                        {fileType: null,
                         filePath: '/maps/net-map.json'}], function (mapsArray) {
+
+      // convert to a hash to resolve any duplicates
       var mapsHash = mapsArray.reduce(function(acc, cur) {
         acc[cur.type + '|' + cur.address] = cur;
         return acc;
       }, {});
+
+      // populate the list.js List object
       for (mapKey in mapsHash) {
         let map = mapsHash[mapKey];
         if ((file_types_valid.has(map.type)) &&

From 2a6731829f504deca6d98679feb3ba2bc475685b Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 24 Mar 2020 16:45:02 -0600
Subject: [PATCH 153/183] scroll back and forth to selected item

---
 .../segment_mapping_ui/mapping.html           | 31 +++++++++++--------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/docs/work_in_progress/segment_mapping_ui/mapping.html
index 952d85663..41f5250ed 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.html
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.html
@@ -104,6 +104,20 @@ <h1>Host and Network Segment Name Mapping</h1>
     // sets callbacks to the buttons in the list
     refreshCallbacks();
 
+    function focusItem(itemId) {
+      // scroll back up to item that was updated
+      // todo: is there a more efficient way to do this? there's got to be with list.js
+      for (const editBtnKey in editBtns) {
+        if (editBtnKey && (editBtns[editBtnKey])) {
+          entry = (editBtns[editBtnKey].closest) ? editBtns[editBtnKey].closest('tr').firstChild : null;
+          if (entry && entry.firstChild && entry.firstChild.data && (String(entry.firstChild.data) === String(itemId))) {
+            editBtns[editBtnKey].focus();
+            break;
+          }
+        }
+      }
+    } // focusItem
+
     // store a new value from the edit inputs into the list
     addBtn.click(function() {
       mappingList.add({
@@ -123,7 +137,7 @@ <h1>Host and Network Segment Name Mapping</h1>
       const itemId = idField.val();
       var item = mappingList.get('id', itemId)[0];
       item.values({
-        id:idField.val(),
+        id: itemId,
         type: typeField.val(),
         address: addressField.val(),
         name: nameField.val(),
@@ -133,26 +147,17 @@ <h1>Host and Network Segment Name Mapping</h1>
       updateBtn.hide();
       cancelBtn.hide();
       addBtn.show();
-
-      // scroll back up to item that was updated
-      // todo: is there a more efficient way to do this? there's got to be with list.js
-      for (const editBtnKey in editBtns) {
-        if (editBtnKey && (editBtns[editBtnKey])) {
-          entry = (editBtns[editBtnKey].closest) ? editBtns[editBtnKey].closest('tr').firstChild : null;
-          if (entry && entry.firstChild && entry.firstChild.data && (String(entry.firstChild.data) === String(itemId))) {
-            editBtns[editBtnKey].focus();
-            break;
-          }
-        }
-      }
+      focusItem(itemId);
     });
 
     // revert edits without updating
     cancelBtn.click(function() {
+      const itemId = idField.val();
       clearFields();
       updateBtn.hide();
       cancelBtn.hide();
       addBtn.show();
+      focusItem(itemId);
     });
 
     function download(filename, text, contentType="text/plain") {

From 7be1f7df53a2c53c24585f6c6ffe7bd6c6be82de Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 24 Mar 2020 17:24:04 -0600
Subject: [PATCH 154/183] beautify with icons

---
 .../segment_mapping_ui/mapping.css             | 18 ++++++++++++++++++
 .../segment_mapping_ui/mapping.html            | 18 +++++++++---------
 2 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.css b/docs/work_in_progress/segment_mapping_ui/mapping.css
index 53de4cda5..114b3fe02 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.css
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.css
@@ -167,6 +167,8 @@ td {
   width: auto;
 }
 
+td.update,
+td.remove,
 td.type {
   text-align: center;
 }
@@ -175,6 +177,21 @@ td.address {
   font-family: monospace;
 }
 
+button.add-btn,
+button.update-btn,
+button.cancel-btn,
+button.edit-item-btn,
+button.remove-item-btn {
+  font-size: 1.33rem;
+  border: 2px #ddd;
+  border-radius: 4px;
+}
+
+button.save-btn,
+button.restart-btn {
+  font-size: 1.0rem;
+}
+
 #container.mapping-page {
   margin-top: 10px;
 }
@@ -190,6 +207,7 @@ td.address {
 
 #mapping td.add {
   width: 300px;
+  text-align: center;
 }
 
 #mapping td.foot {
diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/docs/work_in_progress/segment_mapping_ui/mapping.html
index 41f5250ed..b216ed202 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.html
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.html
@@ -30,7 +30,7 @@ <h1>Host and Network Segment Name Mapping</h1>
                 <th class="sort" title="Host or network segment name" data-sort="name">Name</th>
                 <th class="sort" title="Assign name only if the event contains this tag (optional)" data-sort="tag">Tag</th>
                 <th colspan="2">
-                  <input type="text" class="search" placeholder="Search mappings" />
+                  <input type="text" class="search" placeholder="🔎 Search mappings" />
                 </th>
               </tr>
             </thead>
@@ -40,8 +40,8 @@ <h1>Host and Network Segment Name Mapping</h1>
                 <td class="type">
                   <input type="hidden" id="id-field" />
                   <select id="type-field">
-                    <option value="host">host</option>
-                    <option value="segment">segment</option>
+                    <option value="host">🖳 host</option>
+                    <option value="segment">🖧 segment</option>
                   </select>
                 </td>
                 <td class="address">
@@ -54,19 +54,19 @@ <h1>Host and Network Segment Name Mapping</h1>
                   <input type="text" id="tag-field" placeholder="Tag (optional)" />
                 </td>
                 <td class="add" colspan="2">
-                  <button id="add-btn">Add</button>
-                  <button id="update-btn">Update</button>
-                  <button id="cancel-btn">Cancel</button>
+                  <button title="Create new mapping" class="add-btn" id="add-btn">💾</button>
+                  <button title="Modify mapping" class="update-btn" id="update-btn">💾</button>
+                  <button title="Cancel changes" class="cancel-btn" id="cancel-btn">❌</button>
                 </td>
               </tr>
               <tr>
                 <td/>
                 <td/>
                 <td class="foot" colspan="2">
-                  <button id="save-btn">Save Mappings</button>
+                  <button class="save-btn" id="save-btn">💾 Save Mappings</button>
                 </td>
                 <td class="foot" colspan="2">
-                  <button id="restart-btn">Restart Log Ingestion</button>
+                  <button class="restart-btn" id="restart-btn">🔁 Restart Parser</button>
                 </td>
               </tr>
             </tfoot>
@@ -82,7 +82,7 @@ <h1>Host and Network Segment Name Mapping</h1>
     // define value names and template for new list items
     var options = {
       valueNames: [ 'id', 'type', 'address', 'name', 'tag' ],
-      item: '<tr><td class="id" style="display:none;"><td class="type"></td></td><td class="address"></td><td class="name"></td><td class="tag"></td><td class="update"><button class="edit-item-btn">Edit</button></td><td class="remove"><button class="remove-item-btn">Remove</button></td></tr>'
+      item: '<tr><td class="id" style="display:none;"><td class="type"></td></td><td class="address"></td><td class="name"></td><td class="tag"></td><td class="update"><button title="Modify this mapping" class="edit-item-btn">📝</button></td><td class="remove"><button title="Remove this entry" class="remove-item-btn">🚫</button></td></tr>'
     };
 
     // initialize list and other elements

From c4a2477e9e504b9dbd0f486dfc44814a231ecbca Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 24 Mar 2020 17:35:11 -0600
Subject: [PATCH 155/183] basic validation client-side

---
 .../segment_mapping_ui/mapping.html           | 62 ++++++++++++-------
 1 file changed, 39 insertions(+), 23 deletions(-)

diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/docs/work_in_progress/segment_mapping_ui/mapping.html
index b216ed202..daeb124fe 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.html
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.html
@@ -120,34 +120,50 @@ <h1>Host and Network Segment Name Mapping</h1>
 
     // store a new value from the edit inputs into the list
     addBtn.click(function() {
-      mappingList.add({
-        // todo: better random ID generator (if necessary)
-        id: Math.floor(Math.random()*110000),
-        type: typeField.val(),
-        address: addressField.val(),
-        name: nameField.val(),
-        tag: tagField.val()
-      });
-      clearFields();
-      refreshCallbacks();
+      const type = typeField.val();
+      const address = addressField.val().trim();
+      const name = nameField.val().trim();
+      const tag = tagField.val().trim();
+      if ((file_types_valid.has(type)) &&
+          (address) && (address.length > 0) &&
+          (name) && (name.length > 0)) {
+        mappingList.add({
+          // todo: better random ID generator (if necessary)
+          id: Math.floor(Math.random()*110000),
+          type: type,
+          address: address,
+          name: name,
+          tag: tag
+        });
+        clearFields();
+        refreshCallbacks();
+      }
     });
 
     // update an item being edited back into the list
     updateBtn.click(function() {
       const itemId = idField.val();
-      var item = mappingList.get('id', itemId)[0];
-      item.values({
-        id: itemId,
-        type: typeField.val(),
-        address: addressField.val(),
-        name: nameField.val(),
-        tag: tagField.val()
-      });
-      clearFields();
-      updateBtn.hide();
-      cancelBtn.hide();
-      addBtn.show();
-      focusItem(itemId);
+      const type = typeField.val();
+      const address = addressField.val().trim();
+      const name = nameField.val().trim();
+      const tag = tagField.val().trim();
+      if ((file_types_valid.has(type)) &&
+          (address) && (address.length > 0) &&
+          (name) && (name.length > 0)) {
+        var item = mappingList.get('id', itemId)[0];
+        item.values({
+          id: itemId,
+          type: type,
+          address: addressField.val(),
+          name: nameField.val(),
+          tag: tagField.val()
+        });
+        clearFields();
+        updateBtn.hide();
+        cancelBtn.hide();
+        addBtn.show();
+        focusItem(itemId);
+      }
     });
 
     // revert edits without updating

From dd975430388c26b23f57fef6254906a685def3b5 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 25 Mar 2020 09:20:19 -0600
Subject: [PATCH 156/183] more work on the segment mapping ui (integration with
 malcolm scripts on logstash startup)

---
 docker-compose-standalone-zeek-live.yml       |  1 +
 docker-compose-standalone.yml                 |  1 +
 docker-compose.yml                            |  1 +
 .../segment_mapping_ui/mapping.html           |  3 +-
 logstash/scripts/ip-to-segment-logstash.py    | 84 ++++++++++++++++++-
 logstash/scripts/logstash-start.sh            |  5 +-
 malcolm-iso/build.sh                          |  1 +
 net-map.json                                  |  1 +
 scripts/malcolm_appliance_packager.sh         |  1 +
 9 files changed, 91 insertions(+), 7 deletions(-)
 create mode 100644 net-map.json

diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 67db3c8b4..5a1d1206b 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -215,6 +215,7 @@ services:
       - ./logstash/certs/server.key:/certs/server.key:ro
       - ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
+      - ./net-map.json:/usr/share/logstash/config/net-map.json:ro
   filebeat:
     image: malcolmnetsec/filebeat-oss:2.0.0
     restart: "no"
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 084d7a31f..6a1c412a6 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -215,6 +215,7 @@ services:
       - ./logstash/certs/server.key:/certs/server.key:ro
       - ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
+      - ./net-map.json:/usr/share/logstash/config/net-map.json:ro
   filebeat:
     image: malcolmnetsec/filebeat-oss:2.0.0
     restart: "no"
diff --git a/docker-compose.yml b/docker-compose.yml
index 996680ecd..68f1c9dca 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -231,6 +231,7 @@ services:
       - ./logstash/certs/server.key:/certs/server.key:ro
       - ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
+      - ./net-map.json:/usr/share/logstash/config/net-map.json:ro
   filebeat:
     build:
       context: .
diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/docs/work_in_progress/segment_mapping_ui/mapping.html
index daeb124fe..d95e6c9e1 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.html
+++ b/docs/work_in_progress/segment_mapping_ui/mapping.html
@@ -257,7 +257,8 @@ <h1>Host and Network Segment Name Mapping</h1>
 
     // given an array of filespecs (eg.,
     // [{fileType: file_type_txt_cidr, filePath: '/maps/cidr-map.txt'},
-    //  {fileType: file_type_txt_host, filePath: '/maps/host-map.txt'}])
+    //  {fileType: file_type_txt_host, filePath: '/maps/host-map.txt'},
+    //  {fileType: null, filePath: '/maps/net-map.json'}]
     // read and return an array of the mappings within those files
 
     function loadMapsFromFiles(fileSpecs, cb) {
diff --git a/logstash/scripts/ip-to-segment-logstash.py b/logstash/scripts/ip-to-segment-logstash.py
index 2d96f4141..3fe5c9010 100755
--- a/logstash/scripts/ip-to-segment-logstash.py
+++ b/logstash/scripts/ip-to-segment-logstash.py
@@ -12,6 +12,7 @@
 import struct
 import ipaddress
 import itertools
+import json
 import pprint
 import uuid
 from collections import defaultdict
@@ -20,11 +21,31 @@
 HOST_LIST_IDX = 0
 SEGMENT_LIST_IDX = 1
 
+JSON_MAP_TYPE_SEGMENT = 'segment'
+JSON_MAP_TYPE_HOST = 'host'
+JSON_MAP_KEY_ADDR = 'address'
+JSON_MAP_KEY_NAME = 'name'
+JSON_MAP_KEY_TAG = 'tag'
+JSON_MAP_KEY_TYPE = 'type'
+
 ###################################################################################################
 # print to stderr
 def eprint(*args, **kwargs):
   print(*args, file=sys.stderr, **kwargs)
 
+###################################################################################################
+# recursively convert unicode strings to utf-8 strings
+def byteify(input):
+  if isinstance(input, dict):
+    return {byteify(key): byteify(value)
+      for key, value in input.iteritems()}
+  elif isinstance(input, list):
+    return [byteify(element) for element in input]
+  elif isinstance(input, unicode):
+    return input.encode('utf-8')
+  else:
+    return input
+
 ###################################################################################################
 # main
 def main():
@@ -32,6 +53,7 @@ def main():
   # extract arguments from the command line
   # print (sys.argv[1:]);
   parser = argparse.ArgumentParser(description='Logstash IP address to Segment Filter Creator', add_help=False, usage='ip-to-segment-logstash.py <arguments>')
+  parser.add_argument('-m', '--mixed', dest='mixedInput', metavar='<STR>', type=str, nargs='*', default='', help='Input mixed JSON mapping file(s)')
   parser.add_argument('-s', '--segment', dest='segmentInput', metavar='<STR>', type=str, nargs='*', default='', help='Input segment mapping file(s)')
   parser.add_argument('-h', '--host', dest='hostInput', metavar='<STR>', type=str, nargs='*', default='', help='Input host mapping file(s)')
   parser.add_argument('-o', '--output', dest='output', metavar='<STR>', type=str, default='-', help='Output file')
@@ -42,9 +64,10 @@ def main():
     parser.print_help()
     exit(2)
 
-  # read segment input files into a single list, and host input files into another
+  # read each input file into its own list
   segmentLines = []
   hostLines = []
+  mixedEntries = []
 
   for inFile in args.segmentInput:
     if os.path.isfile(inFile):
@@ -54,11 +77,19 @@ def main():
     if os.path.isfile(inFile):
       hostLines.extend([line.strip() for line in open(inFile)])
 
+  for inFile in args.mixedInput:
+    try:
+      tmpMixedEntries = json.load(open(inFile, 'r'))
+      if isinstance(tmpMixedEntries, list):
+        mixedEntries.extend(byteify(tmpMixedEntries));
+    except:
+      pass
+
   # remove comments
   segmentLines = list(filter(lambda x: (len(x) > 0) and (not x.startswith('#')), segmentLines))
   hostLines = list(filter(lambda x: (len(x) > 0) and (not x.startswith('#')), hostLines))
 
-  if (len(segmentLines) > 0) or (len(hostLines) > 0):
+  if (len(segmentLines) > 0) or (len(hostLines) > 0) or (len(mixedEntries) > 0):
 
     filterId = 0
     addedFields = set()
@@ -142,6 +173,50 @@ def main():
         else:
           eprint('"{}" is not formatted correctly, ignoring'.format(line))
 
+      # handle mixed entries from the JSON-formatted file
+      for entry in mixedEntries:
+
+        # the entry must at least contain type, address, name; may optionally contain tag
+        if (isinstance(entry, dict) and
+            all(key in entry for key in (JSON_MAP_KEY_TYPE, JSON_MAP_KEY_NAME, JSON_MAP_KEY_ADDR)) and
+            entry[JSON_MAP_KEY_TYPE] in (JSON_MAP_TYPE_SEGMENT, JSON_MAP_TYPE_HOST) and
+            (len(entry[JSON_MAP_KEY_NAME]) > 0) and
+            (len(entry[JSON_MAP_KEY_ADDR]) > 0)):
+
+          addressList = []
+          networkList = []
+
+          tagReq = entry[JSON_MAP_KEY_TAG] if (JSON_MAP_KEY_TAG in entry) and (len(entry[JSON_MAP_KEY_TAG]) > 0) else UNSPECIFIED_TAG
+
+          # account for comma-separated multiple addresses per 'address' value
+          for addr in ''.join(entry[JSON_MAP_KEY_ADDR].split()).split(','):
+
+            if (entry[JSON_MAP_KEY_TYPE] == JSON_MAP_TYPE_SEGMENT):
+              # potentially interpret address as a CIDR-formatted subnet
+              try:
+                networkList.append(str(ipaddress.ip_network(unicode(addr))).lower() if ('/' in addr) else str(ipaddress.ip_address(unicode(addr))).lower())
+              except ValueError:
+                eprint('"{}" is not a valid IP address, ignoring'.format(addr))
+
+            else:
+              # should be an IP or MAC address
+              try:
+                # see if it's an IP address
+                addressList.append(str(ipaddress.ip_address(unicode(addr))).lower())
+              except ValueError:
+                # see if it's a MAC address
+                if re.match(macAddrRegex, addr):
+                  # prepend _ temporarily to distinguish a mac address
+                  addressList.append("_{}".format(addr.replace('-', ':').lower()))
+                else:
+                  eprint('"{}" is not a valid IP or MAC address, ignoring'.format(ip))
+
+          if (len(networkList) > 0):
+            tagListMap[tagReq][SEGMENT_LIST_IDX][entry[JSON_MAP_KEY_NAME]].extend(networkList)
+
+          if (len(addressList) > 0):
+            tagListMap[tagReq][HOST_LIST_IDX][entry[JSON_MAP_KEY_NAME]].extend(addressList)
+
       # go through the lists of segments/hosts, which will now be organized by required tag first, then
       # segment/host name, then the list of addresses
       for tag, nameMaps in tagListMap.iteritems():
@@ -156,7 +231,7 @@ def main():
           for hostName, addrList in nameMaps[HOST_LIST_IDX].iteritems():
 
             # ip addresses mapped to hostname
-            ipList = [a for a in addrList if not a.startswith('_')]
+            ipList = list(set([a for a in addrList if not a.startswith('_')]))
             if (len(ipList) >= 1):
               for source in ['orig', 'resp']:
                 filterId += 1
@@ -171,7 +246,7 @@ def main():
                 addedFields.add("[zeek][{}]".format(newFieldName))
 
             # mac addresses mapped to hostname
-            macList = [a for a in addrList if a.startswith('_')]
+            macList = list(set([a for a in addrList if a.startswith('_')]))
             if (len(macList) >= 1):
               for source in ['orig', 'resp']:
                 filterId += 1
@@ -187,6 +262,7 @@ def main():
 
           # for the segment(s) to be checked, create two cidr filters, one for source IP and one for dest IP
           for segmentName, ipList in nameMaps[SEGMENT_LIST_IDX].iteritems():
+            ipList = list(set(ipList))
             for source in ['orig', 'resp']:
               filterId += 1
               # ip addresses/ranges mapped to network segment names
diff --git a/logstash/scripts/logstash-start.sh b/logstash/scripts/logstash-start.sh
index 477b78ee1..0fb815245 100755
--- a/logstash/scripts/logstash-start.sh
+++ b/logstash/scripts/logstash-start.sh
@@ -20,6 +20,7 @@ export PIPELINE_EXTRA_CONF_FILE="00_config.conf"
 # files defining IP->host and MAC->host mapping
 INPUT_CIDR_MAP="/usr/share/logstash/config/cidr-map.txt"
 INPUT_HOST_MAP="/usr/share/logstash/config/host-map.txt"
+INPUT_MIXED_MAP="/usr/share/logstash/config/net-map.json"
 
 # the name of the enrichment pipeline subdirectory under $PIPELINES_DIR
 ENRICHMENT_PIPELINE=${LOGSTASH_ENRICHMENT_PIPELINE:-"enrichment"}
@@ -32,7 +33,7 @@ export ELASTICSEARCH_PIPELINE_ADDRESS_INTERNAL=${LOGSTASH_ELASTICSEARCH_PIPELINE
 export ELASTICSEARCH_PIPELINE_ADDRESS_EXTERNAL=${LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_EXTERNAL:-"external-es"}
 ELASTICSEARCH_OUTPUT_PIPELINE_ADDRESSES=${LOGSTASH_ELASTICSEARCH_OUTPUT_PIPELINE_ADDRESSES:-"$ELASTICSEARCH_PIPELINE_ADDRESS_INTERNAL,$ELASTICSEARCH_PIPELINE_ADDRESS_EXTERNAL"}
 
-# ip-to-segment-logstash.py translate $INPUT_CIDR_MAP and $INPUT_HOST_MAP into this logstash filter file
+# ip-to-segment-logstash.py translate $INPUT_CIDR_MAP, $INPUT_HOST_MAP, $INPUT_MIXED_MAP into this logstash filter file
 NETWORK_MAP_OUTPUT_FILTER="$PIPELINES_DIR"/"$ENRICHMENT_PIPELINE"/16_host_segment_filters.conf
 
 ####################################################################################################################
@@ -63,7 +64,7 @@ find "$PIPELINES_DIR" -mindepth 1 -maxdepth 1 -type d -print0 2>/dev/null | sort
 '
 
 # create filters for network segment and host mapping in the enrichment directory
-/usr/local/bin/ip-to-segment-logstash.py --segment "$INPUT_CIDR_MAP" --host "$INPUT_HOST_MAP" -o "$NETWORK_MAP_OUTPUT_FILTER"
+/usr/local/bin/ip-to-segment-logstash.py --mixed "$INPUT_MIXED_MAP" --segment "$INPUT_CIDR_MAP" --host "$INPUT_HOST_MAP" -o "$NETWORK_MAP_OUTPUT_FILTER"
 
 if [[ -z "$ES_EXTERNAL_HOSTS" ]]; then
   # external ES host destination is not specified, remove external destination from enrichment pipeline output
diff --git a/malcolm-iso/build.sh b/malcolm-iso/build.sh
index 25fd8803a..f19f78883 100755
--- a/malcolm-iso/build.sh
+++ b/malcolm-iso/build.sh
@@ -119,6 +119,7 @@ if [ -d "$WORKDIR" ]; then
   cp ./docker-compose-standalone-zeek-live.yml "$MALCOLM_DEST_DIR/docker-compose-zeek-live.yml"
   cp ./cidr-map.txt "$MALCOLM_DEST_DIR/"
   cp ./host-map.txt "$MALCOLM_DEST_DIR/"
+  cp ./net-map.json "$MALCOLM_DEST_DIR/"
   cp ./scripts/install.py "$MALCOLM_DEST_DIR/scripts/"
   cp ./scripts/control.py "$MALCOLM_DEST_DIR/scripts/"
   pushd "$MALCOLM_DEST_DIR/scripts/" >/dev/null 2>&1
diff --git a/net-map.json b/net-map.json
new file mode 100644
index 000000000..1e3ec7217
--- /dev/null
+++ b/net-map.json
@@ -0,0 +1 @@
+[ ]
diff --git a/scripts/malcolm_appliance_packager.sh b/scripts/malcolm_appliance_packager.sh
index f5ba51763..7965f5b6f 100755
--- a/scripts/malcolm_appliance_packager.sh
+++ b/scripts/malcolm_appliance_packager.sh
@@ -84,6 +84,7 @@ if mkdir "$DESTDIR"; then
   cp $VERBOSE ./auth.env "$DESTDIR/"
   cp $VERBOSE ./cidr-map.txt "$DESTDIR/"
   cp $VERBOSE ./host-map.txt "$DESTDIR/"
+  cp $VERBOSE ./net-map.json "$DESTDIR/"
   cp $VERBOSE ./scripts/install.py "$DESTDIR/scripts/"
   cp $VERBOSE ./scripts/control.py "$DESTDIR/scripts/"
   cp $VERBOSE ./scripts/malcolm_common.py "$DESTDIR/scripts/"

From ca6f55cc5e05c7c9a2b2e2ed8cd3704446301289 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 25 Mar 2020 13:25:05 -0600
Subject: [PATCH 157/183] more work on the segment mapping ui (creation of
 docker image, integration with malcolm's nginx reverse proxy)

---
 Dockerfiles/name-map-ui.Dockerfile            | 41 +++++++++++++++++++
 README.md                                     | 13 +++++-
 docker-compose-standalone-zeek-live.yml       | 13 ++++++
 docker-compose-standalone.yml                 | 13 ++++++
 docker-compose.yml                            | 16 ++++++++
 .../segment_mapping_ui/jquery.min.js          |  4 --
 .../segment_mapping_ui/list.min.js            |  2 -
 htadmin/docker-entrypoint.sh                  | 33 ---------------
 name-map-ui/nginx/sites-available/default     |  8 ++++
 .../site/index.html                           | 22 +++++-----
 .../site}/mapping.css                         |  2 +
 nginx/nginx.conf                              | 11 +++++
 12 files changed, 128 insertions(+), 50 deletions(-)
 create mode 100644 Dockerfiles/name-map-ui.Dockerfile
 delete mode 100644 docs/work_in_progress/segment_mapping_ui/jquery.min.js
 delete mode 100644 docs/work_in_progress/segment_mapping_ui/list.min.js
 delete mode 100755 htadmin/docker-entrypoint.sh
 create mode 100644 name-map-ui/nginx/sites-available/default
 rename docs/work_in_progress/segment_mapping_ui/mapping.html => name-map-ui/site/index.html (95%)
 rename {docs/work_in_progress/segment_mapping_ui => name-map-ui/site}/mapping.css (97%)

diff --git a/Dockerfiles/name-map-ui.Dockerfile b/Dockerfiles/name-map-ui.Dockerfile
new file mode 100644
index 000000000..ccc4ecf86
--- /dev/null
+++ b/Dockerfiles/name-map-ui.Dockerfile
@@ -0,0 +1,41 @@
+FROM nginx:alpine
+
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
+LABEL maintainer="malcolm.netsec@gmail.com"
+LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
+LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
+LABEL org.opencontainers.image.documentation='https://github.com/idaholab/Malcolm/blob/master/README.md'
+LABEL org.opencontainers.image.source='https://github.com/idaholab/Malcolm'
+LABEL org.opencontainers.image.vendor='Idaho National Laboratory'
+LABEL org.opencontainers.image.title='malcolmnetsec/name-map-ui'
+LABEL org.opencontainers.image.description='Malcolm container providing a user interface for mapping names to network hosts and subnets'
+
+ENV JQUERY_VERSION 1.6.4
+ENV LISTJS_VERSION v1.5.0
+
+ADD https://code.jquery.com/jquery-${JQUERY_VERSION}.min.js /tmp/jquery.min.js
+ADD https://raw.githubusercontent.com/javve/list.js/${LISTJS_VERSION}/dist/list.min.js /tmp/list.min.js
+
+RUN rm -rf /usr/share/nginx/html/* && \
+    cd /usr/share/nginx/html && \
+    mv /tmp/jquery.min.js /tmp/list.min.js ./ && \
+    chmod 644 ./jquery.min.js ./list.min.js && \
+    ln -s . name-map-ui
+
+ADD name-map-ui/site/* /usr/share/nginx/html/
+ADD docs/images/logo/Malcolm_banner.png /usr/share/nginx/html/
+ADD docs/images/favicon/favicon.ico /usr/share/nginx/html/
+ADD name-map-ui/nginx/sites-available/default /etc/nginx/sites-available/default
+
+EXPOSE 80
+
+CMD ["nginx", "-g", "daemon off;"]
+
+# to be populated at build-time:
+ARG BUILD_DATE
+ARG MALCOLM_VERSION
+ARG VCS_REVISION
+
+LABEL org.opencontainers.image.created=$BUILD_DATE
+LABEL org.opencontainers.image.version=$MALCOLM_VERSION
+LABEL org.opencontainers.image.revision=$VCS_REVISION
diff --git a/README.md b/README.md
index 1beeeca03..369528d3b 100644
--- a/README.md
+++ b/README.md
@@ -116,6 +116,7 @@ Pulling htadmin         ... done
 Pulling kibana          ... done
 Pulling logstash        ... done
 Pulling moloch          ... done
+Pulling name-map-ui     ... done
 Pulling nginx-proxy     ... done
 Pulling pcap-capture    ... done
 Pulling pcap-monitor    ... done
@@ -141,6 +142,7 @@ malcolmnetsec/nginx-proxy                           2.0.0               xxxxxxxx
 malcolmnetsec/elastalert                            2.0.0               xxxxxxxxxxxx        30 minutes ago      276MB
 malcolmnetsec/htadmin                               2.0.0               xxxxxxxxxxxx        31 minutes ago      256MB
 malcolmnetsec/freq                                  2.0.0               xxxxxxxxxxxx        32 minutes ago      188MB
+malcolmnetsec/name-map-ui                           2.0.0               xxxxxxxxxxxx        35 minutes ago      20MB
 docker.elastic.co/elasticsearch/elasticsearch-oss   7.6.1               xxxxxxxxxxxx        5 weeks ago         825MB
 ```
 
@@ -191,6 +193,7 @@ Malcolm leverages the following excellent open source tools, among others.
 * [ClamAV](https://www.clamav.net/) - an antivirus engine for scanning files extracted by Zeek
 * [CyberChef](https://github.com/gchq/CyberChef) - a "swiss-army knife" data conversion tool 
 * [jQuery File Upload](https://github.com/blueimp/jQuery-File-Upload) - for uploading PCAP files and Zeek logs for processing
+* [List.js](https://github.com/javve/list.js) - for the [host and subnet name mapping](#HostAndSubnetNaming) interface
 * [Docker](https://www.docker.com/) and [Docker Compose](https://docs.docker.com/compose/) - for simple, reproducible deployment of the Malcolm appliance across environments and to coordinate communication between its various components
 * [Nginx](https://nginx.org/) - for HTTPS and reverse proxying Malcolm components
 * [nginx-auth-ldap](https://github.com/kvspb/nginx-auth-ldap) - an LDAP authentication module for nginx
@@ -277,6 +280,7 @@ Checking out the [Malcolm source code](https://github.com/idaholab/Malcolm/tree/
 * `filebeat` - code and configuration for the `filebeat` container which ingests Zeek logs and forwards them to the `logstash` container
 * `file-monitor` - code and configuration for the `file-monitor` container which can scan files extracted by Zeek
 * `file-upload` - code and configuration for the `upload` container which serves a web browser-based upload form for uploading PCAP files and Zeek logs, and which serves an SFTP share as an alternate method for upload
+* `freq-server` - code and configuration for the `freq` container used for calculating entropy of strings
 * `htadmin` - configuration for the `htadmin` user account management container
 * `kibana` - code and configuration for the `kibana` container for creating additional ad-hoc visualizations and dashboards beyond that which is provided by Moloch Viewer
 * `logstash` - code and configuration for the `logstash` container which parses Zeek logs and forwards them to the `elasticsearch` container
@@ -284,11 +288,13 @@ Checking out the [Malcolm source code](https://github.com/idaholab/Malcolm/tree/
 * `moloch` - code and configuration for the `moloch` container which processes PCAP files using `moloch-capture` and which serves the Viewer application
 * `moloch-logs` - an initially empty directory to which the `moloch` container will write some debug log files
 * `moloch-raw` - an initially empty directory to which the `moloch` container will write captured PCAP files; as Moloch as employed by Malcolm is currently used for processing previously-captured PCAP files, this directory is currently unused
+* `name-map-ui` - code and configuration for the `name-map-ui` container which provides the [host and subnet name mapping](#HostAndSubnetNaming) interface
 * `nginx` - configuration for the `nginx` reverse proxy container
 * `pcap` - an initially empty directory for PCAP files to be uploaded, processed, and stored
 * `pcap-capture` - code and configuration for the `pcap-capture` container which can capture network traffic
 * `pcap-monitor` - code and configuration for the `pcap-monitor` container which watches for new or uploaded PCAP files notifies the other services to process them
 * `scripts` - control scripts for starting, stopping, restarting, etc. Malcolm
+* `sensor-iso` - code and configuration for building a [Hedgehog Linux](#Hedgehog) ISO
 * `shared` - miscellaneous code used by various Malcolm components 
 * `zeek` - code and configuration for the `zeek` container which handles PCAP processing using Zeek
 * `zeek-logs` - an initially empty directory for Zeek logs to be uploaded, processed, and stored
@@ -298,6 +304,7 @@ and the following files of special note:
 * `auth.env` - the script `./scripts/auth_setup` prompts the user for the administrator credentials used by the Malcolm appliance, and `auth.env` is the environment file where those values are stored
 * `cidr-map.txt` - specify custom IP address to network segment mapping
 * `host-map.txt` - specify custom IP and/or MAC address to host mapping
+* `net-map.json` - an alternative to `cidr-map.txt` and `host-map.txt`, mapping hosts and network segments to their names in a JSON-formatted file
 * `docker-compose.yml` - the configuration file used by `docker-compose` to build, start, and stop an instance of the Malcolm appliance
 * `docker-compose-standalone.yml` - similar to `docker-compose.yml`, only used for the ["packaged"](#Packager) installation of Malcolm
 * `docker-compose-standalone-zeek-live.yml` - identical to `docker-compose-standalone.yml`, only Filebeat is configured to monitor local live Zeek logs (ie., being actively written to on the same host running Malcolm)
@@ -321,6 +328,7 @@ Then, go take a walk or something since it will be a while. When you're done, yo
 * `malcolmnetsec/htadmin` (based on `debian:buster-slim`)
 * `malcolmnetsec/kibana-oss` (based on `docker.elastic.co/kibana/kibana-oss`)
 * `malcolmnetsec/logstash-oss` (based on `docker.elastic.co/logstash/logstash-oss`)
+* `malcolmnetsec/name-map-ui` (based on `nginx:alpine`)
 * `malcolmnetsec/moloch` (based on `debian:buster-slim`)
 * `malcolmnetsec/nginx-proxy` (based on `alpine:3.10`)
 * `malcolmnetsec/pcap-capture` (based on `debian:buster-slim`)
@@ -1745,6 +1753,7 @@ Pulling elasticsearch ... done
 Pulling file-monitor  ... done
 Pulling filebeat      ... done
 Pulling freq          ... done
+Pulling name-map-ui   ... done
 Pulling htadmin       ... done
 Pulling kibana        ... done
 Pulling logstash      ... done
@@ -1771,6 +1780,7 @@ malcolmnetsec/kibana-oss                            2.0.0               xxxxxxxx
 malcolmnetsec/filebeat-oss                          2.0.0               xxxxxxxxxxxx        11 days ago         459MB
 malcolmnetsec/elastalert                            2.0.0               xxxxxxxxxxxx        11 days ago         276MB
 malcolmnetsec/freq                                  2.0.0               xxxxxxxxxxxx        11 days ago         188MB
+malcolmnetsec/name-map-ui                           2.0.0               xxxxxxxxxxxx        35 minutes ago      20MB
 docker.elastic.co/elasticsearch/elasticsearch-oss   7.6.1               xxxxxxxxxxxx        5 weeks ago         769MB
 ```
 
@@ -1787,6 +1797,7 @@ Creating malcolm_freq_1          ... done
 Creating malcolm_htadmin_1       ... done
 Creating malcolm_kibana_1        ... done
 Creating malcolm_logstash_1      ... done
+Creating malcolm_name-map-ui_1   ... done
 Creating malcolm_moloch_1        ... done
 Creating malcolm_nginx-proxy_1   ... done
 Creating malcolm_pcap-capture_1  ... done
@@ -1804,7 +1815,7 @@ In a few minutes, Malcolm services will be accessible via the following URLs:
 …
 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 …
-Attaching to malcolm_curator_1, malcolm_elastalert_1, malcolm_elasticsearch_1, malcolm_file-monitor_1, malcolm_filebeat_1, malcolm_freq_1, malcolm_htadmin_1, malcolm_kibana_1, malcolm_logstash_1, malcolm_moloch_1, malcolm_nginx-proxy_1, malcolm_pcap-capture_1, malcolm_pcap-monitor_1, malcolm_upload_1, malcolm_zeek_1
+Attaching to malcolm_curator_1, malcolm_elastalert_1, malcolm_elasticsearch_1, malcolm_file-monitor_1, malcolm_filebeat_1, malcolm_freq_1, malcolm_htadmin_1, malcolm_kibana_1, malcolm_logstash_1, malcolm_name-map-ui_1, malcolm_moloch_1, malcolm_nginx-proxy_1, malcolm_pcap-capture_1, malcolm_pcap-monitor_1, malcolm_upload_1, malcolm_zeek_1
 …
 ```
 
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 5a1d1206b..d5173f1ac 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -378,6 +378,18 @@ services:
       VIRTUAL_HOST : 'freq.malcolm.local'
     expose:
       - 10004
+  name-map-ui:
+    image: malcolmnetsec/name-map-ui:2.0.0
+    restart: "no"
+    hostname: name-map-ui
+    environment:
+      VIRTUAL_HOST : 'name-map-ui.malcolm.local'
+    expose:
+      - 80
+    volumes:
+      - ./cidr-map.txt:/usr/share/nginx/html/maps/cidr-map.txt:ro
+      - ./host-map.txt:/usr/share/nginx/html/maps/host-map.txt:ro
+      - ./net-map.json:/usr/share/nginx/html/maps/net-map.json:ro
   nginx-proxy:
     image: malcolmnetsec/nginx-proxy:2.0.0
     restart: "no"
@@ -390,6 +402,7 @@ services:
       - kibana
       - upload
       - htadmin
+      - name-map-ui
     ports:
       - "443:443"
       - "488:488"
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 6a1c412a6..015978040 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -378,6 +378,18 @@ services:
       VIRTUAL_HOST : 'freq.malcolm.local'
     expose:
       - 10004
+  name-map-ui:
+    image: malcolmnetsec/name-map-ui:2.0.0
+    restart: "no"
+    hostname: name-map-ui
+    environment:
+      VIRTUAL_HOST : 'name-map-ui.malcolm.local'
+    expose:
+      - 80
+    volumes:
+      - ./cidr-map.txt:/usr/share/nginx/html/maps/cidr-map.txt:ro
+      - ./host-map.txt:/usr/share/nginx/html/maps/host-map.txt:ro
+      - ./net-map.json:/usr/share/nginx/html/maps/net-map.json:ro
   nginx-proxy:
     image: malcolmnetsec/nginx-proxy:2.0.0
     restart: "no"
@@ -390,6 +402,7 @@ services:
       - kibana
       - upload
       - htadmin
+      - name-map-ui
     ports:
       - "443:443"
       - "488:488"
diff --git a/docker-compose.yml b/docker-compose.yml
index 68f1c9dca..3402e6ef1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -426,6 +426,21 @@ services:
       VIRTUAL_HOST : 'freq.malcolm.local'
     expose:
       - 10004
+  name-map-ui:
+    image: malcolmnetsec/name-map-ui:2.0.0
+    build:
+      context: .
+      dockerfile: Dockerfiles/name-map-ui.Dockerfile
+    restart: "no"
+    hostname: name-map-ui
+    environment:
+      VIRTUAL_HOST : 'name-map-ui.malcolm.local'
+    expose:
+      - 80
+    volumes:
+      - ./cidr-map.txt:/usr/share/nginx/html/maps/cidr-map.txt:ro
+      - ./host-map.txt:/usr/share/nginx/html/maps/host-map.txt:ro
+      - ./net-map.json:/usr/share/nginx/html/maps/net-map.json:ro
   nginx-proxy:
     build:
       context: .
@@ -441,6 +456,7 @@ services:
       - kibana
       - upload
       - htadmin
+      - name-map-ui
     ports:
       - "443:443"
       - "488:488"
diff --git a/docs/work_in_progress/segment_mapping_ui/jquery.min.js b/docs/work_in_progress/segment_mapping_ui/jquery.min.js
deleted file mode 100644
index 3684c36b5..000000000
--- a/docs/work_in_progress/segment_mapping_ui/jquery.min.js
+++ /dev/null
@@ -1,4 +0,0 @@
-/*! jQuery v1.6.4 http://jquery.com/ | http://jquery.org/license */
-(function(a,b){function cu(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cr(a){if(!cg[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci||!ch.createElement)ci=(ch.contentWindow||ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"")+"<html><body>"),ci.close();d=ci.createElement(a),ci.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ch)}cg[a]=e}return cg[a]}function cq(a,b){var c={};f.each(cm.concat.apply([],cm.slice(0,b)),function(){c[this]=a});return c}function cp(){cn=b}function co(){setTimeout(cp,0);return cn=f.now()}function cf(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ce(){try{return new a.XMLHttpRequest}catch(b){}}function b$(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g++){if(g===1)for(h in a.converters)typeof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k==="*")k=l;else if(l!=="*"&&l!==k){m=l+" "+k,n=e[m]||e["* "+k];if(!n){p=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1]+" "+k];if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No conversion from "+m.replace(" "," to ")),n!==!0&&(c=n?n(c):p(o(c)))}}return c}function bZ(a,c,d){var e=a.contents,f=a.dataTypes,g=a.responseFields,h,i,j,k;for(i in g)i in d&&(c[g[i]]=d[i]);while(f[0]==="*")f.shift(),h===b&&(h=a.mimeType||c.getResponseHeader("content-type"));if(h)for(i in e)if(e[i]&&e[i].test(h)){f.unshift(i);break}if(f[0]in d)j=f[0];else{for(i in d){if(!f[0]||a.converters[i+" "+f[0]]){j=i;break}k||(k=i)}j=j||k}if(j){j!==f[0]&&f.unshift(j);return d[j]}}function bY(a,b,c,d){if(f.isArray(b))f.each(b,function(b,e){c||bA.test(a)?d(a,e):bY(a+"["+(typeof e=="object"||f.isArray(e)?b:"")+"]",e,c,d)});else if(!c&&b!=null&&typeof b=="object")for(var e in b)bY(a+"["+e+"]",b[e],c,d);else d(a,b)}function bX(a,c){var d,e,g=f.ajaxSettings.flatOptions||{};for(d in c)c[d]!==b&&((g[d]?a:e||(e={}))[d]=c[d]);e&&f.extend(!0,a,e)}function bW(a,c,d,e,f,g){f=f||c.dataTypes[0],g=g||{},g[f]=!0;var h=a[f],i=0,j=h?h.length:0,k=a===bP,l;for(;i<j&&(k||!l);i++)l=h[i](c,d,e),typeof l=="string"&&(!k||g[l]?l=b:(c.dataTypes.unshift(l),l=bW(a,c,d,e,l,g)));(k||!l)&&!g["*"]&&(l=bW(a,c,d,e,"*",g));return l}function bV(a){return function(b,c){typeof b!="string"&&(c=b,b="*");if(f.isFunction(c)){var d=b.toLowerCase().split(bL),e=0,g=d.length,h,i,j;for(;e<g;e++)h=d[e],j=/^\+/.test(h),j&&(h=h.substr(1)||"*"),i=a[h]=a[h]||[],i[j?"unshift":"push"](c)}}}function by(a,b,c){var d=b==="width"?a.offsetWidth:a.offsetHeight,e=b==="width"?bt:bu;if(d>0){c!=="border"&&f.each(e,function(){c||(d-=parseFloat(f.css(a,"padding"+this))||0),c==="margin"?d+=parseFloat(f.css(a,c+this))||0:d-=parseFloat(f.css(a,"border"+this+"Width"))||0});return d+"px"}d=bv(a,b,b);if(d<0||d==null)d=a.style[b]||0;d=parseFloat(d)||0,c&&f.each(e,function(){d+=parseFloat(f.css(a,"padding"+this))||0,c!=="padding"&&(d+=parseFloat(f.css(a,"border"+this+"Width"))||0),c==="margin"&&(d+=parseFloat(f.css(a,c+this))||0)});return d+"px"}function bl(a,b){b.src?f.ajax({url:b.src,async:!1,dataType:"script"}):f.globalEval((b.text||b.textContent||b.innerHTML||"").replace(bd,"/*$0*/")),b.parentNode&&b.parentNode.removeChild(b)}function bk(a){f.nodeName(a,"input")?bj(a):"getElementsByTagName"in a&&f.grep(a.getElementsByTagName("input"),bj)}function bj(a){if(a.type==="checkbox"||a.type==="radio")a.defaultChecked=a.checked}function bi(a){return"getElementsByTagName"in a?a.getElementsByTagName("*"):"querySelectorAll"in a?a.querySelectorAll("*"):[]}function bh(a,b){var c;if(b.nodeType===1){b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mergeAttributes(a),c=b.nodeName.toLowerCase();if(c==="object")b.outerHTML=a.outerHTML;else if(c!=="input"||a.type!=="checkbox"&&a.type!=="radio"){if(c==="option")b.selected=a.defaultSelected;else if(c==="input"||c==="textarea")b.defaultValue=a.defaultValue}else a.checked&&(b.defaultChecked=b.checked=a.checked),b.value!==a.value&&(b.value=a.value);b.removeAttribute(f.expando)}}function bg(a,b){if(b.nodeType===1&&!!f.hasData(a)){var c=f.expando,d=f.data(a),e=f.data(b,d);if(d=d[c]){var g=d.events;e=e[c]=f.extend({},d);if(g){delete e.handle,e.events={};for(var h in g)for(var i=0,j=g[h].length;i<j;i++)f.event.add(b,h+(g[h][i].namespace?".":"")+g[h][i].namespace,g[h][i],g[h][i].data)}}}}function bf(a,b){return f.nodeName(a,"table")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function V(a,b,c){b=b||0;if(f.isFunction(b))return f.grep(a,function(a,d){var e=!!b.call(a,d,a);return e===c});if(b.nodeType)return f.grep(a,function(a,d){return a===b===c});if(typeof b=="string"){var d=f.grep(a,function(a){return a.nodeType===1});if(Q.test(b))return f.filter(b,d,!c);b=f.filter(b,d)}return f.grep(a,function(a,d){return f.inArray(a,b)>=0===c})}function U(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function M(a,b){return(a&&a!=="*"?a+".":"")+b.replace(y,"`").replace(z,"&")}function L(a){var b,c,d,e,g,h,i,j,k,l,m,n,o,p=[],q=[],r=f._data(this,"events");if(!(a.liveFired===this||!r||!r.live||a.target.disabled||a.button&&a.type==="click")){a.namespace&&(n=new RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)")),a.liveFired=this;var s=r.live.slice(0);for(i=0;i<s.length;i++)g=s[i],g.origType.replace(w,"")===a.type?q.push(g.selector):s.splice(i--,1);e=f(a.target).closest(q,a.currentTarget);for(j=0,k=e.length;j<k;j++){m=e[j];for(i=0;i<s.length;i++){g=s[i];if(m.selector===g.selector&&(!n||n.test(g.namespace))&&!m.elem.disabled){h=m.elem,d=null;if(g.preType==="mouseenter"||g.preType==="mouseleave")a.type=g.preType,d=f(a.relatedTarget).closest(g.selector)[0],d&&f.contains(h,d)&&(d=h);(!d||d!==h)&&p.push({elem:h,handleObj:g,level:m.level})}}}for(j=0,k=p.length;j<k;j++){e=p[j];if(c&&e.level>c)break;a.currentTarget=e.elem,a.data=e.handleObj.data,a.handleObj=e.handleObj,o=e.handleObj.origHandler.apply(e.elem,arguments);if(o===!1||a.isPropagationStopped()){c=e.level,o===!1&&(b=!1);if(a.isImmediatePropagationStopped())break}}return b}}function J(a,c,d){var e=f.extend({},d[0]);e.type=a,e.originalEvent={},e.liveFired=b,f.event.handle.call(c,e),e.isDefaultPrevented()&&d[0].preventDefault()}function D(){return!0}function C(){return!1}function m(a,c,d){var e=c+"defer",g=c+"queue",h=c+"mark",i=f.data(a,e,b,!0);i&&(d==="queue"||!f.data(a,g,b,!0))&&(d==="mark"||!f.data(a,h,b,!0))&&setTimeout(function(){!f.data(a,g,b,!0)&&!f.data(a,h,b,!0)&&(f.removeData(a,e,!0),i.resolve())},0)}function l(a){for(var b in a)if(b!=="toJSON")return!1;return!0}function k(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(j,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNaN(d)?i.test(d)?f.parseJSON(d):d:parseFloat(d)}catch(g){}f.data(a,c,d)}else d=b}return d}var c=a.document,d=a.navigator,e=a.location,f=function(){function K(){if(!e.isReady){try{c.documentElement.doScroll("left")}catch(a){setTimeout(K,1);return}e.ready()}}var e=function(a,b){return new e.fn.init(a,b,h)},f=a.jQuery,g=a.$,h,i=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/\d/,n=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,o=/^[\],:{}\s]*$/,p=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,q=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,r=/(?:^|:|,)(?:\s*\[)+/g,s=/(webkit)[ \/]([\w.]+)/,t=/(opera)(?:.*version)?[ \/]([\w.]+)/,u=/(msie) ([\w.]+)/,v=/(mozilla)(?:.*? rv:([\w.]+))?/,w=/-([a-z]|[0-9])/ig,x=/^-ms-/,y=function(a,b){return(b+"").toUpperCase()},z=d.userAgent,A,B,C,D=Object.prototype.toString,E=Object.prototype.hasOwnProperty,F=Array.prototype.push,G=Array.prototype.slice,H=String.prototype.trim,I=Array.prototype.indexOf,J={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=n.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.6.4",length:0,size:function(){return this.length},toArray:function(){return G.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?F.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),B.done(a);return this},eq:function(a){return a===-1?this.slice(a):this.slice(a,+a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(G.apply(this,arguments),"slice",G.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:F,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j<k;j++)if((a=arguments[j])!=null)for(c in a){d=i[c],f=a[c];if(i===f)continue;l&&f&&(e.isPlainObject(f)||(g=e.isArray(f)))?(g?(g=!1,h=d&&e.isArray(d)?d:[]):h=d&&e.isPlainObject(d)?d:{},i[c]=e.extend(l,h,f)):f!==b&&(i[c]=f)}return i},e.extend({noConflict:function(b){a.$===e&&(a.$=g),b&&a.jQuery===e&&(a.jQuery=f);return e},isReady:!1,readyWait:1,holdReady:function(a){a?e.readyWait++:e.ready(!0)},ready:function(a){if(a===!0&&!--e.readyWait||a!==!0&&!e.isReady){if(!c.body)return setTimeout(e.ready,1);e.isReady=!0;if(a!==!0&&--e.readyWait>0)return;B.resolveWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").unbind("ready")}},bindReady:function(){if(!B){B=e._Deferred();if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",C,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",C),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&K()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNaN:function(a){return a==null||!m.test(a)||isNaN(a)},type:function(a){return a==null?String(a):J[D.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!E.call(a,"constructor")&&!E.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||E.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw a},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(o.test(b.replace(p,"@").replace(q,"]").replace(r,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(x,"ms-").replace(w,y)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g<h;)if(c.apply(a[g++],d)===!1)break}else if(i){for(f in a)if(c.call(a[f],f,a[f])===!1)break}else for(;g<h;)if(c.call(a[g],g,a[g++])===!1)break;return a},trim:H?function(a){return a==null?"":H.call(a)}:function(a){return a==null?"":(a+"").replace(k,"").replace(l,"")},makeArray:function(a,b){var c=b||[];if(a!=null){var d=e.type(a);a.length==null||d==="string"||d==="function"||d==="regexp"||e.isWindow(a)?F.call(c,a):e.merge(c,a)}return c},inArray:function(a,b){if(!b)return-1;if(I)return I.call(b,a);for(var c=0,d=b.length;c<d;c++)if(b[c]===a)return c;return-1},merge:function(a,c){var d=a.length,e=0;if(typeof c.length=="number")for(var f=c.length;e<f;e++)a[d++]=c[e];else while(c[e]!==b)a[d++]=c[e++];a.length=d;return a},grep:function(a,b,c){var d=[],e;c=!!c;for(var f=0,g=a.length;f<g;f++)e=!!b(a[f],f),c!==e&&d.push(a[f]);return d},map:function(a,c,d){var f,g,h=[],i=0,j=a.length,k=a instanceof e||j!==b&&typeof j=="number"&&(j>0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i<j;i++)f=c(a[i],i,d),f!=null&&(h[h.length]=f);else for(g in a)f=c(a[g],g,d),f!=null&&(h[h.length]=f);return h.concat.apply([],h)},guid:1,proxy:function(a,c){if(typeof c=="string"){var d=a[c];c=a,a=d}if(!e.isFunction(a))return b;var f=G.call(arguments,2),g=function(){return a.apply(c,f.concat(G.call(arguments)))};g.guid=a.guid=a.guid||g.guid||e.guid++;return g},access:function(a,c,d,f,g,h){var i=a.length;if(typeof c=="object"){for(var j in c)e.access(a,j,c[j],f,g,d);return a}if(d!==b){f=!h&&f&&e.isFunction(d);for(var k=0;k<i;k++)g(a[k],c,f?d.call(a[k],k,g(a[k],c)):d,h);return a}return i?g(a[0],c):b},now:function(){return(new Date).getTime()},uaMatch:function(a){a=a.toLowerCase();var b=s.exec(a)||t.exec(a)||u.exec(a)||a.indexOf("compatible")<0&&v.exec(a)||[];return{browser:b[1]||"",version:b[2]||"0"}},sub:function(){function a(b,c){return new a.fn.init(b,c)}e.extend(!0,a,this),a.superclass=this,a.fn=a.prototype=this(),a.fn.constructor=a,a.sub=this.sub,a.fn.init=function(d,f){f&&f instanceof e&&!(f instanceof a)&&(f=a(f));return e.fn.init.call(this,d,f,b)},a.fn.init.prototype=a.fn;var b=a(c);return a},browser:{}}),e.each("Boolean Number String Function Array Date RegExp Object".split(" "),function(a,b){J["[object "+b+"]"]=b.toLowerCase()}),A=e.uaMatch(z),A.browser&&(e.browser[A.browser]=!0,e.browser.version=A.version),e.browser.webkit&&(e.browser.safari=!0),j.test(" ")&&(k=/^[\s\xA0]+/,l=/[\s\xA0]+$/),h=e(c),c.addEventListener?C=function(){c.removeEventListener("DOMContentLoaded",C,!1),e.ready()}:c.attachEvent&&(C=function(){c.readyState==="complete"&&(c.detachEvent("onreadystatechange",C),e.ready())});return e}(),g="done fail isResolved isRejected promise then always pipe".split(" "),h=[].slice;f.extend({_Deferred:function(){var a=[],b,c,d,e={done:function(){if(!d){var c=arguments,g,h,i,j,k;b&&(k=b,b=0);for(g=0,h=c.length;g<h;g++)i=c[g],j=f.type(i),j==="array"?e.done.apply(e,i):j==="function"&&a.push(i);k&&e.resolveWith(k[0],k[1])}return this},resolveWith:function(e,f){if(!d&&!b&&!c){f=f||[],c=1;try{while(a[0])a.shift().apply(e,f)}finally{b=[e,f],c=0}}return this},resolve:function(){e.resolveWith(this,arguments);return this},isResolved:function(){return!!c||!!b},cancel:function(){d=1,a=[];return this}};return e},Deferred:function(a){var b=f._Deferred(),c=f._Deferred(),d;f.extend(b,{then:function(a,c){b.done(a).fail(c);return this},always:function(){return b.done.apply(b,arguments).fail.apply(this,arguments)},fail:c.done,rejectWith:c.resolveWith,reject:c.resolve,isRejected:c.isResolved,pipe:function(a,c){return f.Deferred(function(d){f.each({done:[a,"resolve"],fail:[c,"reject"]},function(a,c){var e=c[0],g=c[1],h;f.isFunction(e)?b[a](function(){h=e.apply(this,arguments),h&&f.isFunction(h.promise)?h.promise().then(d.resolve,d.reject):d[g+"With"](this===b?d:this,[h])}):b[a](d[g])})}).promise()},promise:function(a){if(a==null){if(d)return d;d=a={}}var c=g.length;while(c--)a[g[c]]=b[g[c]];return a}}),b.done(c.cancel).fail(b.cancel),delete b.cancel,a&&a.call(b,b);return b},when:function(a){function i(a){return function(c){b[a]=arguments.length>1?h.call(arguments,0):c,--e||g.resolveWith(g,h.call(b,0))}}var b=arguments,c=0,d=b.length,e=d,g=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred();if(d>1){for(;c<d;c++)b[c]&&f.isFunction(b[c].promise)?b[c].promise().then(i(c),g.reject):--e;e||g.resolveWith(g,b)}else g!==a&&g.resolveWith(g,d?[a]:[]);return g.promise()}}),f.support=function(){var a=c.createElement("div"),b=c.documentElement,d,e,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u;a.setAttribute("className","t"),a.innerHTML="   <link/><table></table><a href='/a' style='top:1px;float:left;opacity:.55;'>a</a><input type='checkbox'/>",d=a.getElementsByTagName("*"),e=a.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=a.getElementsByTagName("input")[0],k={leadingWhitespace:a.firstChild.nodeType===3,tbody:!a.getElementsByTagName("tbody").length,htmlSerialize:!!a.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55$/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:a.className!=="t",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,k.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,k.optDisabled=!h.disabled;try{delete a.test}catch(v){k.deleteExpando=!1}!a.addEventListener&&a.attachEvent&&a.fireEvent&&(a.attachEvent("onclick",function(){k.noCloneEvent=!1}),a.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),k.radioValue=i.value==="t",i.setAttribute("checked","checked"),a.appendChild(i),l=c.createDocumentFragment(),l.appendChild(a.firstChild),k.checkClone=l.cloneNode(!0).cloneNode(!0).lastChild.checked,a.innerHTML="",a.style.width=a.style.paddingLeft="1px",m=c.getElementsByTagName("body")[0],o=c.createElement(m?"div":"body"),p={visibility:"hidden",width:0,height:0,border:0,margin:0,background:"none"},m&&f.extend(p,{position:"absolute",left:"-1000px",top:"-1000px"});for(t in p)o.style[t]=p[t];o.appendChild(a),n=m||b,n.insertBefore(o,n.firstChild),k.appendChecked=i.checked,k.boxModel=a.offsetWidth===2,"zoom"in a.style&&(a.style.display="inline",a.style.zoom=1,k.inlineBlockNeedsLayout=a.offsetWidth===2,a.style.display="",a.innerHTML="<div style='width:4px;'></div>",k.shrinkWrapBlocks=a.offsetWidth!==2),a.innerHTML="<table><tr><td style='padding:0;border:0;display:none'></td><td>t</td></tr></table>",q=a.getElementsByTagName("td"),u=q[0].offsetHeight===0,q[0].style.display="",q[1].style.display="none",k.reliableHiddenOffsets=u&&q[0].offsetHeight===0,a.innerHTML="",c.defaultView&&c.defaultView.getComputedStyle&&(j=c.createElement("div"),j.style.width="0",j.style.marginRight="0",a.appendChild(j),k.reliableMarginRight=(parseInt((c.defaultView.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0),o.innerHTML="",n.removeChild(o);if(a.attachEvent)for(t in{submit:1,change:1,focusin:1})s="on"+t,u=s in a,u||(a.setAttribute(s,"return;"),u=typeof a[s]=="function"),k[t+"Bubbles"]=u;o=l=g=h=m=j=a=i=null;return k}(),f.boxModel=f.support.boxModel;var i=/^(?:\{.*\}|\[.*\])$/,j=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!l(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i=f.expando,j=typeof c=="string",k=a.nodeType,l=k?f.cache:a,m=k?a[f.expando]:a[f.expando]&&f.expando;if((!m||e&&m&&l[m]&&!l[m][i])&&j&&d===b)return;m||(k?a[f.expando]=m=++f.uuid:m=f.expando),l[m]||(l[m]={},k||(l[m].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?l[m][i]=f.extend(l[m][i],c):l[m]=f.extend(l[m],c);g=l[m],e&&(g[i]||(g[i]={}),g=g[i]),d!==b&&(g[f.camelCase(c)]=d);if(c==="events"&&!g[c])return g[i]&&g[i].events;j?(h=g[c],h==null&&(h=g[f.camelCase(c)])):h=g;return h}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e=f.expando,g=a.nodeType,h=g?f.cache:a,i=g?a[f.expando]:f.expando;if(!h[i])return;if(b){d=c?h[i][e]:h[i];if(d){d[b]||(b=f.camelCase(b)),delete d[b];if(!l(d))return}}if(c){delete h[i][e];if(!l(h[i]))return}var j=h[i][e];f.support.deleteExpando||!h.setInterval?delete h[i]:h[i]=null,j?(h[i]={},g||(h[i].toJSON=f.noop),h[i][e]=j):g&&(f.support.deleteExpando?delete a[f.expando]:a.removeAttribute?a.removeAttribute(f.expando):a[f.expando]=null)}},_data:function(a,b,c){return f.data(a,b,c,!0)},acceptData:function(a){if(a.nodeName){var b=f.noData[a.nodeName.toLowerCase()];if(b)return b!==!0&&a.getAttribute("classid")===b}return!0}}),f.fn.extend({data:function(a,c){var d=null;if(typeof a=="undefined"){if(this.length){d=f.data(this[0]);if(this[0].nodeType===1){var e=this[0].attributes,g;for(var h=0,i=e.length;h<i;h++)g=e[h].name,g.indexOf("data-")===0&&(g=f.camelCase(g.substring(5)),k(this[0],g,d[g]))}}return d}if(typeof a=="object")return this.each(function(){f.data(this,a)});var j=a.split(".");j[1]=j[1]?"."+j[1]:"";if(c===b){d=this.triggerHandler("getData"+j[1]+"!",[j[0]]),d===b&&this.length&&(d=f.data(this[0],a),d=k(this[0],a,d));return d===b&&j[1]?this.data(j[0]):d}return this.each(function(){var b=f(this),d=[j[0],c];b.triggerHandler("setData"+j[1]+"!",d),f.data(this,a,c),b.triggerHandler("changeData"+j[1]+"!",d)})},removeData:function(a){return this.each(function(){f.removeData(this,a)})}}),f.extend({_mark:function(a,c){a&&(c=(c||"fx")+"mark",f.data(a,c,(f.data(a,c,b,!0)||0)+1,!0))},_unmark:function(a,c,d){a!==!0&&(d=c,c=a,a=!1);if(c){d=d||"fx";var e=d+"mark",g=a?0:(f.data(c,e,b,!0)||1)-1;g?f.data(c,e,g,!0):(f.removeData(c,e,!0),m(c,d,"mark"))}},queue:function(a,c,d){if(a){c=(c||"fx")+"queue";var e=f.data(a,c,b,!0);d&&(!e||f.isArray(d)?e=f.data(a,c,f.makeArray(d),!0):e.push(d));return e||[]}},dequeue:function(a,b){b=b||"fx";var c=f.queue(a,b),d=c.shift(),e;d==="inprogress"&&(d=c.shift()),d&&(b==="fx"&&c.unshift("inprogress"),d.call(a,function(){f.dequeue(a,b)})),c.length||(f.removeData(a,b+"queue",!0),m(a,b,"queue"))}}),f.fn.extend({queue:function(a,c){typeof a!="string"&&(c=a,a="fx");if(c===b)return f.queue(this[0],a);return this.each(function(){var b=f.queue(this,a,c);a==="fx"&&b[0]!=="inprogress"&&f.dequeue(this,a)})},dequeue:function(a){return this.each(function(){f.dequeue(this,a)})},delay:function(a,b){a=f.fx?f.fx.speeds[a]||a:a,b=b||"fx";return this.queue(b,function(){var c=this;setTimeout(function(){f.dequeue(c,b)},a)})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,c){function m(){--h||d.resolveWith(e,[e])}typeof a!="string"&&(c=a,a=b),a=a||"fx";var d=f.Deferred(),e=this,g=e.length,h=1,i=a+"defer",j=a+"queue",k=a+"mark",l;while(g--)if(l=f.data(e[g],i,b,!0)||(f.data(e[g],j,b,!0)||f.data(e[g],k,b,!0))&&f.data(e[g],i,f._Deferred(),!0))h++,l.done(m);m();return d.promise()}});var n=/[\n\t\r]/g,o=/\s+/,p=/\r/g,q=/^(?:button|input)$/i,r=/^(?:button|input|object|select|textarea)$/i,s=/^a(?:rea)?$/i,t=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,u,v;f.fn.extend({attr:function(a,b){return f.access(this,a,b,!0,f.attr)},removeAttr:function(a){return this.each(function(){f.removeAttr(this,a)})},prop:function(a,b){return f.access(this,a,b,!0,f.prop)},removeProp:function(a){a=f.propFix[a]||a;return this.each(function(){try{this[a]=b,delete this[a]}catch(c){}})},addClass:function(a){var b,c,d,e,g,h,i;if(f.isFunction(a))return this.each(function(b){f(this).addClass(a.call(this,b,this.className))});if(a&&typeof a=="string"){b=a.split(o);for(c=0,d=this.length;c<d;c++){e=this[c];if(e.nodeType===1)if(!e.className&&b.length===1)e.className=a;else{g=" "+e.className+" ";for(h=0,i=b.length;h<i;h++)~g.indexOf(" "+b[h]+" ")||(g+=b[h]+" ");e.className=f.trim(g)}}}return this},removeClass:function(a){var c,d,e,g,h,i,j;if(f.isFunction(a))return this.each(function(b){f(this).removeClass(a.call(this,b,this.className))});if(a&&typeof a=="string"||a===b){c=(a||"").split(o);for(d=0,e=this.length;d<e;d++){g=this[d];if(g.nodeType===1&&g.className)if(a){h=(" "+g.className+" ").replace(n," ");for(i=0,j=c.length;i<j;i++)h=h.replace(" "+c[i]+" "," ");g.className=f.trim(h)}else g.className=""}}return this},toggleClass:function(a,b){var c=typeof a,d=typeof b=="boolean";if(f.isFunction(a))return this.each(function(c){f(this).toggleClass(a.call(this,c,this.className,b),b)});return this.each(function(){if(c==="string"){var e,g=0,h=f(this),i=b,j=a.split(o);while(e=j[g++])i=d?i:!h.hasClass(e),h[i?"addClass":"removeClass"](e)}else if(c==="undefined"||c==="boolean")this.className&&f._data(this,"__className__",this.className),this.className=this.className||a===!1?"":f._data(this,"__className__")||""})},hasClass:function(a){var b=" "+a+" ";for(var c=0,d=this.length;c<d;c++)if(this[c].nodeType===1&&(" "+this[c].className+" ").replace(n," ").indexOf(b)>-1)return!0;return!1},val:function(a){var c,d,e=this[0];if(!arguments.length){if(e){c=f.valHooks[e.nodeName.toLowerCase()]||f.valHooks[e.type];if(c&&"get"in c&&(d=c.get(e,"value"))!==b)return d;d=e.value;return typeof d=="string"?d.replace(p,""):d==null?"":d}return b}var g=f.isFunction(a);return this.each(function(d){var e=f(this),h;if(this.nodeType===1){g?h=a.call(this,d,e.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c=a.selectedIndex,d=[],e=a.options,g=a.type==="select-one";if(c<0)return null;for(var h=g?c:0,i=g?c+1:e.length;h<i;h++){var j=e[h];if(j.selected&&(f.support.optDisabled?!j.disabled:j.getAttribute("disabled")===null)&&(!j.parentNode.disabled||!f.nodeName(j.parentNode,"optgroup"))){b=f(j).val();if(g)return b;d.push(b)}}if(g&&!d.length&&e.length)return f(e[c]).val();return d},set:function(a,b){var c=f.makeArray(b);f(a).find("option").each(function(){this.selected=f.inArray(f(this).val(),c)>=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attrFix:{tabindex:"tabIndex"},attr:function(a,c,d,e){var g=a.nodeType;if(!a||g===3||g===8||g===2)return b;if(e&&c in f.attrFn)return f(a)[c](d);if(!("getAttribute"in a))return f.prop(a,c,d);var h,i,j=g!==1||!f.isXMLDoc(a);j&&(c=f.attrFix[c]||c,i=f.attrHooks[c],i||(t.test(c)?i=v:u&&(i=u)));if(d!==b){if(d===null){f.removeAttr(a,c);return b}if(i&&"set"in i&&j&&(h=i.set(a,d,c))!==b)return h;a.setAttribute(c,""+d);return d}if(i&&"get"in i&&j&&(h=i.get(a,c))!==null)return h;h=a.getAttribute(c);return h===null?b:h},removeAttr:function(a,b){var c;a.nodeType===1&&(b=f.attrFix[b]||b,f.attr(a,b,""),a.removeAttribute(b),t.test(b)&&(c=f.propFix[b]||b)in a&&(a[c]=!1))},attrHooks:{type:{set:function(a,b){if(q.test(a.nodeName)&&a.parentNode)f.error("type property can't be changed");else if(!f.support.radioValue&&b==="radio"&&f.nodeName(a,"input")){var c=a.value;a.setAttribute("type",b),c&&(a.value=c);return b}}},value:{get:function(a,b){if(u&&f.nodeName(a,"button"))return u.get(a,b);return b in a?a.value:null},set:function(a,b,c){if(u&&f.nodeName(a,"button"))return u.set(a,b,c);a.value=b}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(a,c,d){var e=a.nodeType;if(!a||e===3||e===8||e===2)return b;var g,h,i=e!==1||!f.isXMLDoc(a);i&&(c=f.propFix[c]||c,h=f.propHooks[c]);return d!==b?h&&"set"in h&&(g=h.set(a,d,c))!==b?g:a[c]=d:h&&"get"in h&&(g=h.get(a,c))!==null?g:a[c]},propHooks:{tabIndex:{get:function(a){var c=a.getAttributeNode("tabindex");return c&&c.specified?parseInt(c.value,10):r.test(a.nodeName)||s.test(a.nodeName)&&a.href?0:b}}}}),f.attrHooks.tabIndex=f.propHooks.tabIndex,v={get:function(a,c){var d;return f.prop(a,c)===!0||(d=a.getAttributeNode(c))&&d.nodeValue!==!1?c.toLowerCase():b},set:function(a,b,c){var d;b===!1?f.removeAttr(a,c):(d=f.propFix[c]||c,d in a&&(a[d]=!0),a.setAttribute(c,c.toLowerCase()));return c}},f.support.getSetAttribute||(u=f.valHooks.button={get:function(a,c){var d;d=a.getAttributeNode(c);return d&&d.nodeValue!==""?d.nodeValue:b},set:function(a,b,d){var e=a.getAttributeNode(d);e||(e=c.createAttribute(d),a.setAttributeNode(e));return e.nodeValue=b+""}},f.each(["width","height"],function(a,b){f.attrHooks[b]=f.extend(f.attrHooks[b],{set:function(a,c){if(c===""){a.setAttribute(b,"auto");return c}}})})),f.support.hrefNormalized||f.each(["href","src","width","height"],function(a,c){f.attrHooks[c]=f.extend(f.attrHooks[c],{get:function(a){var d=a.getAttribute(c,2);return d===null?b:d}})}),f.support.style||(f.attrHooks.style={get:function(a){return a.style.cssText.toLowerCase()||b},set:function(a,b){return a.style.cssText=""+b}}),f.support.optSelected||(f.propHooks.selected=f.extend(f.propHooks.selected,{get:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex);return null}})),f.support.checkOn||f.each(["radio","checkbox"],function(){f.valHooks[this]={get:function(a){return a.getAttribute("value")===null?"on":a.value}}}),f.each(["radio","checkbox"],function(){f.valHooks[this]=f.extend(f.valHooks[this],{set:function(a,b){if(f.isArray(b))return a.checked=f.inArray(f(a).val(),b)>=0}})});var w=/\.(.*)$/,x=/^(?:textarea|input|select)$/i,y=/\./g,z=/ /g,A=/[^\w\s.|`]/g,B=function(a){return a.replace(A,"\\$&")};f.event={add:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){if(d===!1)d=C;else if(!d)return;var g,h;d.handler&&(g=d,d=g.handler),d.guid||(d.guid=f.guid++);var i=f._data(a);if(!i)return;var j=i.events,k=i.handle;j||(i.events=j={}),k||(i.handle=k=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.handle.apply(k.elem,arguments):b}),k.elem=a,c=c.split(" ");var l,m=0,n;while(l=c[m++]){h=g?f.extend({},g):{handler:d,data:e},l.indexOf(".")>-1?(n=l.split("."),l=n.shift(),h.namespace=n.slice(0).sort().join(".")):(n=[],h.namespace=""),h.type=l,h.guid||(h.guid=d.guid);var o=j[l],p=f.event.special[l]||{};if(!o){o=j[l]=[];if(!p.setup||p.setup.call(a,e,n,k)===!1)a.addEventListener?a.addEventListener(l,k,!1):a.attachEvent&&a.attachEvent("on"+l,k)}p.add&&(p.add.call(a,h),h.handler.guid||(h.handler.guid=d.guid)),o.push(h),f.event.global[l]=!0}a=null}},global:{},remove:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){d===!1&&(d=C);var g,h,i,j,k=0,l,m,n,o,p,q,r,s=f.hasData(a)&&f._data(a),t=s&&s.events;if(!s||!t)return;c&&c.type&&(d=c.handler,c=c.type);if(!c||typeof c=="string"&&c.charAt(0)==="."){c=c||"";for(h in t)f.event.remove(a,h+c);return}c=c.split(" ");while(h=c[k++]){r=h,q=null,l=h.indexOf(".")<0,m=[],l||(m=h.split("."),h=m.shift(),n=new RegExp("(^|\\.)"+f.map(m.slice(0).sort(),B).join("\\.(?:.*\\.)?")+"(\\.|$)")),p=t[h];if(!p)continue;if(!d){for(j=0;j<p.length;j++){q=p[j];if(l||n.test(q.namespace))f.event.remove(a,r,q.handler,j),p.splice(j--,1)}continue}o=f.event.special[h]||{};for(j=e||0;j<p.length;j++){q=p[j];if(d.guid===q.guid){if(l||n.test(q.namespace))e==null&&p.splice(j--,1),o.remove&&o.remove.call(a,q);if(e!=null)break}}if(p.length===0||e!=null&&p.length===1)(!o.teardown||o.teardown.call(a,m)===!1)&&f.removeEvent(a,h,s.handle),g=null,delete 
-t[h]}if(f.isEmptyObject(t)){var u=s.handle;u&&(u.elem=null),delete s.events,delete s.handle,f.isEmptyObject(s)&&f.removeData(a,b,!0)}}},customEvent:{getData:!0,setData:!0,changeData:!0},trigger:function(c,d,e,g){var h=c.type||c,i=[],j;h.indexOf("!")>=0&&(h=h.slice(0,-1),j=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if(!!e&&!f.event.customEvent[h]||!!f.event.global[h]){c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.exclusive=j,c.namespace=i.join("."),c.namespace_re=new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)");if(g||!e)c.preventDefault(),c.stopPropagation();if(!e){f.each(f.cache,function(){var a=f.expando,b=this[a];b&&b.events&&b.events[h]&&f.event.trigger(c,d,b.handle.elem)});return}if(e.nodeType===3||e.nodeType===8)return;c.result=b,c.target=e,d=d!=null?f.makeArray(d):[],d.unshift(c);var k=e,l=h.indexOf(":")<0?"on"+h:"";do{var m=f._data(k,"handle");c.currentTarget=k,m&&m.apply(k,d),l&&f.acceptData(k)&&k[l]&&k[l].apply(k,d)===!1&&(c.result=!1,c.preventDefault()),k=k.parentNode||k.ownerDocument||k===c.target.ownerDocument&&a}while(k&&!c.isPropagationStopped());if(!c.isDefaultPrevented()){var n,o=f.event.special[h]||{};if((!o._default||o._default.call(e.ownerDocument,c)===!1)&&(h!=="click"||!f.nodeName(e,"a"))&&f.acceptData(e)){try{l&&e[h]&&(n=e[l],n&&(e[l]=null),f.event.triggered=h,e[h]())}catch(p){}n&&(e[l]=n),f.event.triggered=b}}return c.result}},handle:function(c){c=f.event.fix(c||a.event);var d=((f._data(this,"events")||{})[c.type]||[]).slice(0),e=!c.exclusive&&!c.namespace,g=Array.prototype.slice.call(arguments,0);g[0]=c,c.currentTarget=this;for(var h=0,i=d.length;h<i;h++){var j=d[h];if(e||c.namespace_re.test(j.namespace)){c.handler=j.handler,c.data=j.data,c.handleObj=j;var k=j.handler.apply(this,g);k!==b&&(c.result=k,k===!1&&(c.preventDefault(),c.stopPropagation()));if(c.isImmediatePropagationStopped())break}}return c.result},props:"altKey attrChange attrName bubbles button cancelable charCode clientX clientY ctrlKey currentTarget data detail eventPhase fromElement handler keyCode layerX layerY metaKey newValue offsetX offsetY pageX pageY prevValue relatedNode relatedTarget screenX screenY shiftKey srcElement target toElement view wheelDelta which".split(" "),fix:function(a){if(a[f.expando])return a;var d=a;a=f.Event(d);for(var e=this.props.length,g;e;)g=this.props[--e],a[g]=d[g];a.target||(a.target=a.srcElement||c),a.target.nodeType===3&&(a.target=a.target.parentNode),!a.relatedTarget&&a.fromElement&&(a.relatedTarget=a.fromElement===a.target?a.toElement:a.fromElement);if(a.pageX==null&&a.clientX!=null){var h=a.target.ownerDocument||c,i=h.documentElement,j=h.body;a.pageX=a.clientX+(i&&i.scrollLeft||j&&j.scrollLeft||0)-(i&&i.clientLeft||j&&j.clientLeft||0),a.pageY=a.clientY+(i&&i.scrollTop||j&&j.scrollTop||0)-(i&&i.clientTop||j&&j.clientTop||0)}a.which==null&&(a.charCode!=null||a.keyCode!=null)&&(a.which=a.charCode!=null?a.charCode:a.keyCode),!a.metaKey&&a.ctrlKey&&(a.metaKey=a.ctrlKey),!a.which&&a.button!==b&&(a.which=a.button&1?1:a.button&2?3:a.button&4?2:0);return a},guid:1e8,proxy:f.proxy,special:{ready:{setup:f.bindReady,teardown:f.noop},live:{add:function(a){f.event.add(this,M(a.origType,a.selector),f.extend({},a,{handler:L,guid:a.handler.guid}))},remove:function(a){f.event.remove(this,M(a.origType,a.selector),a)}},beforeunload:{setup:function(a,b,c){f.isWindow(this)&&(this.onbeforeunload=c)},teardown:function(a,b){this.onbeforeunload===b&&(this.onbeforeunload=null)}}}},f.removeEvent=c.removeEventListener?function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c,!1)}:function(a,b,c){a.detachEvent&&a.detachEvent("on"+b,c)},f.Event=function(a,b){if(!this.preventDefault)return new f.Event(a,b);a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||a.returnValue===!1||a.getPreventDefault&&a.getPreventDefault()?D:C):this.type=a,b&&f.extend(this,b),this.timeStamp=f.now(),this[f.expando]=!0},f.Event.prototype={preventDefault:function(){this.isDefaultPrevented=D;var a=this.originalEvent;!a||(a.preventDefault?a.preventDefault():a.returnValue=!1)},stopPropagation:function(){this.isPropagationStopped=D;var a=this.originalEvent;!a||(a.stopPropagation&&a.stopPropagation(),a.cancelBubble=!0)},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=D,this.stopPropagation()},isDefaultPrevented:C,isPropagationStopped:C,isImmediatePropagationStopped:C};var E=function(a){var b=a.relatedTarget,c=!1,d=a.type;a.type=a.data,b!==this&&(b&&(c=f.contains(this,b)),c||(f.event.handle.apply(this,arguments),a.type=d))},F=function(a){a.type=a.data,f.event.handle.apply(this,arguments)};f.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(a,b){f.event.special[a]={setup:function(c){f.event.add(this,b,c&&c.selector?F:E,a)},teardown:function(a){f.event.remove(this,b,a&&a.selector?F:E)}}}),f.support.submitBubbles||(f.event.special.submit={setup:function(a,b){if(!f.nodeName(this,"form"))f.event.add(this,"click.specialSubmit",function(a){var b=a.target,c=f.nodeName(b,"input")||f.nodeName(b,"button")?b.type:"";(c==="submit"||c==="image")&&f(b).closest("form").length&&J("submit",this,arguments)}),f.event.add(this,"keypress.specialSubmit",function(a){var b=a.target,c=f.nodeName(b,"input")||f.nodeName(b,"button")?b.type:"";(c==="text"||c==="password")&&f(b).closest("form").length&&a.keyCode===13&&J("submit",this,arguments)});else return!1},teardown:function(a){f.event.remove(this,".specialSubmit")}});if(!f.support.changeBubbles){var G,H=function(a){var b=f.nodeName(a,"input")?a.type:"",c=a.value;b==="radio"||b==="checkbox"?c=a.checked:b==="select-multiple"?c=a.selectedIndex>-1?f.map(a.options,function(a){return a.selected}).join("-"):"":f.nodeName(a,"select")&&(c=a.selectedIndex);return c},I=function(c){var d=c.target,e,g;if(!!x.test(d.nodeName)&&!d.readOnly){e=f._data(d,"_change_data"),g=H(d),(c.type!=="focusout"||d.type!=="radio")&&f._data(d,"_change_data",g);if(e===b||g===e)return;if(e!=null||g)c.type="change",c.liveFired=b,f.event.trigger(c,arguments[1],d)}};f.event.special.change={filters:{focusout:I,beforedeactivate:I,click:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(c==="radio"||c==="checkbox"||f.nodeName(b,"select"))&&I.call(this,a)},keydown:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(a.keyCode===13&&!f.nodeName(b,"textarea")||a.keyCode===32&&(c==="checkbox"||c==="radio")||c==="select-multiple")&&I.call(this,a)},beforeactivate:function(a){var b=a.target;f._data(b,"_change_data",H(b))}},setup:function(a,b){if(this.type==="file")return!1;for(var c in G)f.event.add(this,c+".specialChange",G[c]);return x.test(this.nodeName)},teardown:function(a){f.event.remove(this,".specialChange");return x.test(this.nodeName)}},G=f.event.special.change.filters,G.focus=G.beforeactivate}f.support.focusinBubbles||f.each({focus:"focusin",blur:"focusout"},function(a,b){function e(a){var c=f.event.fix(a);c.type=b,c.originalEvent={},f.event.trigger(c,null,c.target),c.isDefaultPrevented()&&a.preventDefault()}var d=0;f.event.special[b]={setup:function(){d++===0&&c.addEventListener(a,e,!0)},teardown:function(){--d===0&&c.removeEventListener(a,e,!0)}}}),f.each(["bind","one"],function(a,c){f.fn[c]=function(a,d,e){var g;if(typeof a=="object"){for(var h in a)this[c](h,d,a[h],e);return this}if(arguments.length===2||d===!1)e=d,d=b;c==="one"?(g=function(a){f(this).unbind(a,g);return e.apply(this,arguments)},g.guid=e.guid||f.guid++):g=e;if(a==="unload"&&c!=="one")this.one(a,d,e);else for(var i=0,j=this.length;i<j;i++)f.event.add(this[i],a,g,d);return this}}),f.fn.extend({unbind:function(a,b){if(typeof a=="object"&&!a.preventDefault)for(var c in a)this.unbind(c,a[c]);else for(var d=0,e=this.length;d<e;d++)f.event.remove(this[d],a,b);return this},delegate:function(a,b,c,d){return this.live(b,c,d,a)},undelegate:function(a,b,c){return arguments.length===0?this.unbind("live"):this.die(b,null,c,a)},trigger:function(a,b){return this.each(function(){f.event.trigger(a,b,this)})},triggerHandler:function(a,b){if(this[0])return f.event.trigger(a,b,this[0],!0)},toggle:function(a){var b=arguments,c=a.guid||f.guid++,d=0,e=function(c){var e=(f.data(this,"lastToggle"+a.guid)||0)%d;f.data(this,"lastToggle"+a.guid,e+1),c.preventDefault();return b[e].apply(this,arguments)||!1};e.guid=c;while(d<b.length)b[d++].guid=c;return this.click(e)},hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}});var K={focus:"focusin",blur:"focusout",mouseenter:"mouseover",mouseleave:"mouseout"};f.each(["live","die"],function(a,c){f.fn[c]=function(a,d,e,g){var h,i=0,j,k,l,m=g||this.selector,n=g?this:f(this.context);if(typeof a=="object"&&!a.preventDefault){for(var o in a)n[c](o,d,a[o],m);return this}if(c==="die"&&!a&&g&&g.charAt(0)==="."){n.unbind(g);return this}if(d===!1||f.isFunction(d))e=d||C,d=b;a=(a||"").split(" ");while((h=a[i++])!=null){j=w.exec(h),k="",j&&(k=j[0],h=h.replace(w,""));if(h==="hover"){a.push("mouseenter"+k,"mouseleave"+k);continue}l=h,K[h]?(a.push(K[h]+k),h=h+k):h=(K[h]||h)+k;if(c==="live")for(var p=0,q=n.length;p<q;p++)f.event.add(n[p],"live."+M(h,m),{data:d,selector:m,handler:e,origType:h,origHandler:e,preType:l});else n.unbind("live."+M(h,m),e)}return this}}),f.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error".split(" "),function(a,b){f.fn[b]=function(a,c){c==null&&(c=a,a=null);return arguments.length>0?this.bind(b,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0)}),function(){function u(a,b,c,d,e,f){for(var g=0,h=d.length;g<h;g++){var i=d[g];if(i){var j=!1;i=i[a];while(i){if(i.sizcache===c){j=d[i.sizset];break}if(i.nodeType===1){f||(i.sizcache=c,i.sizset=g);if(typeof b!="string"){if(i===b){j=!0;break}}else if(k.filter(b,[i]).length>0){j=i;break}}i=i[a]}d[g]=j}}}function t(a,b,c,d,e,f){for(var g=0,h=d.length;g<h;g++){var i=d[g];if(i){var j=!1;i=i[a];while(i){if(i.sizcache===c){j=d[i.sizset];break}i.nodeType===1&&!f&&(i.sizcache=c,i.sizset=g);if(i.nodeName.toLowerCase()===b){j=i;break}i=i[a]}d[g]=j}}}var a=/((?:\((?:\([^()]+\)|[^()]+)+\)|\[(?:\[[^\[\]]*\]|['"][^'"]*['"]|[^\[\]'"]+)+\]|\\.|[^ >+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d=0,e=Object.prototype.toString,g=!1,h=!0,i=/\\/g,j=/\W/;[0,0].sort(function(){h=!1;return 0});var k=function(b,d,f,g){f=f||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return f;var i,j,n,o,q,r,s,t,u=!0,w=k.isXML(d),x=[],y=b;do{a.exec(""),i=a.exec(y);if(i){y=i[3],x.push(i[1]);if(i[2]){o=i[3];break}}}while(i);if(x.length>1&&m.exec(b))if(x.length===2&&l.relative[x[0]])j=v(x[0]+x[1],d);else{j=l.relative[x[0]]?[d]:k(x.shift(),d);while(x.length)b=x.shift(),l.relative[b]&&(b+=x.shift()),j=v(b,j)}else{!g&&x.length>1&&d.nodeType===9&&!w&&l.match.ID.test(x[0])&&!l.match.ID.test(x[x.length-1])&&(q=k.find(x.shift(),d,w),d=q.expr?k.filter(q.expr,q.set)[0]:q.set[0]);if(d){q=g?{expr:x.pop(),set:p(g)}:k.find(x.pop(),x.length===1&&(x[0]==="~"||x[0]==="+")&&d.parentNode?d.parentNode:d,w),j=q.expr?k.filter(q.expr,q.set):q.set,x.length>0?n=p(j):u=!1;while(x.length)r=x.pop(),s=r,l.relative[r]?s=x.pop():r="",s==null&&(s=d),l.relative[r](n,s,w)}else n=x=[]}n||(n=j),n||k.error(r||b);if(e.call(n)==="[object Array]")if(!u)f.push.apply(f,n);else if(d&&d.nodeType===1)for(t=0;n[t]!=null;t++)n[t]&&(n[t]===!0||n[t].nodeType===1&&k.contains(d,n[t]))&&f.push(j[t]);else for(t=0;n[t]!=null;t++)n[t]&&n[t].nodeType===1&&f.push(j[t]);else p(n,f);o&&(k(o,h,f,g),k.uniqueSort(f));return f};k.uniqueSort=function(a){if(r){g=h,a.sort(r);if(g)for(var b=1;b<a.length;b++)a[b]===a[b-1]&&a.splice(b--,1)}return a},k.matches=function(a,b){return k(a,null,null,b)},k.matchesSelector=function(a,b){return k(b,null,null,[a]).length>0},k.find=function(a,b,c){var d;if(!a)return[];for(var e=0,f=l.order.length;e<f;e++){var g,h=l.order[e];if(g=l.leftMatch[h].exec(a)){var j=g[1];g.splice(1,1);if(j.substr(j.length-1)!=="\\"){g[1]=(g[1]||"").replace(i,""),d=l.find[h](g,b,c);if(d!=null){a=a.replace(l.match[h],"");break}}}}d||(d=typeof b.getElementsByTagName!="undefined"?b.getElementsByTagName("*"):[]);return{set:d,expr:a}},k.filter=function(a,c,d,e){var f,g,h=a,i=[],j=c,m=c&&c[0]&&k.isXML(c[0]);while(a&&c.length){for(var n in l.filter)if((f=l.leftMatch[n].exec(a))!=null&&f[2]){var o,p,q=l.filter[n],r=f[1];g=!1,f.splice(1,1);if(r.substr(r.length-1)==="\\")continue;j===i&&(i=[]);if(l.preFilter[n]){f=l.preFilter[n](f,j,d,i,e,m);if(!f)g=o=!0;else if(f===!0)continue}if(f)for(var s=0;(p=j[s])!=null;s++)if(p){o=q(p,f,s,j);var t=e^!!o;d&&o!=null?t?g=!0:j[s]=!1:t&&(i.push(p),g=!0)}if(o!==b){d||(j=i),a=a.replace(l.match[n],"");if(!g)return[];break}}if(a===h)if(g==null)k.error(a);else break;h=a}return j},k.error=function(a){throw"Syntax error, unrecognized expression: "+a};var l=k.selectors={order:["ID","NAME","TAG"],match:{ID:/#((?:[\w\u00c0-\uFFFF\-]|\\.)+)/,CLASS:/\.((?:[\w\u00c0-\uFFFF\-]|\\.)+)/,NAME:/\[name=['"]*((?:[\w\u00c0-\uFFFF\-]|\\.)+)['"]*\]/,ATTR:/\[\s*((?:[\w\u00c0-\uFFFF\-]|\\.)+)\s*(?:(\S?=)\s*(?:(['"])(.*?)\3|(#?(?:[\w\u00c0-\uFFFF\-]|\\.)*)|)|)\s*\]/,TAG:/^((?:[\w\u00c0-\uFFFF\*\-]|\\.)+)/,CHILD:/:(only|nth|last|first)-child(?:\(\s*(even|odd|(?:[+\-]?\d+|(?:[+\-]?\d*)?n\s*(?:[+\-]\s*\d+)?))\s*\))?/,POS:/:(nth|eq|gt|lt|first|last|even|odd)(?:\((\d*)\))?(?=[^\-]|$)/,PSEUDO:/:((?:[\w\u00c0-\uFFFF\-]|\\.)+)(?:\((['"]?)((?:\([^\)]+\)|[^\(\)]*)+)\2\))?/},leftMatch:{},attrMap:{"class":"className","for":"htmlFor"},attrHandle:{href:function(a){return a.getAttribute("href")},type:function(a){return a.getAttribute("type")}},relative:{"+":function(a,b){var c=typeof b=="string",d=c&&!j.test(b),e=c&&!d;d&&(b=b.toLowerCase());for(var f=0,g=a.length,h;f<g;f++)if(h=a[f]){while((h=h.previousSibling)&&h.nodeType!==1);a[f]=e||h&&h.nodeName.toLowerCase()===b?h||!1:h===b}e&&k.filter(b,a,!0)},">":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!j.test(b)){b=b.toLowerCase();for(;e<f;e++){c=a[e];if(c){var g=c.parentNode;a[e]=g.nodeName.toLowerCase()===b?g:!1}}}else{for(;e<f;e++)c=a[e],c&&(a[e]=d?c.parentNode:c.parentNode===b);d&&k.filter(b,a,!0)}},"":function(a,b,c){var e,f=d++,g=u;typeof b=="string"&&!j.test(b)&&(b=b.toLowerCase(),e=b,g=t),g("parentNode",b,f,a,e,c)},"~":function(a,b,c){var e,f=d++,g=u;typeof b=="string"&&!j.test(b)&&(b=b.toLowerCase(),e=b,g=t),g("previousSibling",b,f,a,e,c)}},find:{ID:function(a,b,c){if(typeof b.getElementById!="undefined"&&!c){var d=b.getElementById(a[1]);return d&&d.parentNode?[d]:[]}},NAME:function(a,b){if(typeof b.getElementsByName!="undefined"){var c=[],d=b.getElementsByName(a[1]);for(var e=0,f=d.length;e<f;e++)d[e].getAttribute("name")===a[1]&&c.push(d[e]);return c.length===0?null:c}},TAG:function(a,b){if(typeof b.getElementsByTagName!="undefined")return b.getElementsByTagName(a[1])}},preFilter:{CLASS:function(a,b,c,d,e,f){a=" "+a[1].replace(i,"")+" ";if(f)return a;for(var g=0,h;(h=b[g])!=null;g++)h&&(e^(h.className&&(" "+h.className+" ").replace(/[\t\n\r]/g," ").indexOf(a)>=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(i,"")},TAG:function(a,b){return a[1].replace(i,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||k.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&k.error(a[0]);a[0]=d++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(i,"");!f&&l.attrMap[g]&&(a[1]=l.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(i,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=k(b[3],null,null,c);else{var g=k.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(l.match.POS.test(b[0])||l.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!k(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return b<c[3]-0},gt:function(a,b,c){return b>c[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=l.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||k.getText([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h<i;h++)if(g[h]===a)return!1;return!0}k.error(e)},CHILD:function(a,b){var c=b[1],d=a;switch(c){case"only":case"first":while(d=d.previousSibling)if(d.nodeType===1)return!1;if(c==="first")return!0;d=a;case"last":while(d=d.nextSibling)if(d.nodeType===1)return!1;return!0;case"nth":var e=b[2],f=b[3];if(e===1&&f===0)return!0;var g=b[0],h=a.parentNode;if(h&&(h.sizcache!==g||!a.nodeIndex)){var i=0;for(d=h.firstChild;d;d=d.nextSibling)d.nodeType===1&&(d.nodeIndex=++i);h.sizcache=g}var j=a.nodeIndex-f;return e===0?j===0:j%e===0&&j/e>=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=l.attrHandle[c]?l.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=l.setFilters[e];if(f)return f(a,c,b,d)}}},m=l.match.POS,n=function(a,b){return"\\"+(b-0+1)};for(var o in l.match)l.match[o]=new RegExp(l.match[o].source+/(?![^\[]*\])(?![^\(]*\))/.source),l.leftMatch[o]=new RegExp(/(^(?:.|\r|\n)*?)/.source+l.match[o].source.replace(/\\(\d+)/g,n));var p=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(q){p=function(a,b){var c=0,d=b||[];if(e.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var f=a.length;c<f;c++)d.push(a[c]);else for(;a[c];c++)d.push(a[c]);return d}}var r,s;c.documentElement.compareDocumentPosition?r=function(a,b){if(a===b){g=!0;return 0}if(!a.compareDocumentPosition||!b.compareDocumentPosition)return a.compareDocumentPosition?-1:1;return a.compareDocumentPosition(b)&4?-1:1}:(r=function(a,b){if(a===b){g=!0;return 0}if(a.sourceIndex&&b.sourceIndex)return a.sourceIndex-b.sourceIndex;var c,d,e=[],f=[],h=a.parentNode,i=b.parentNode,j=h;if(h===i)return s(a,b);if(!h)return-1;if(!i)return 1;while(j)e.unshift(j),j=j.parentNode;j=i;while(j)f.unshift(j),j=j.parentNode;c=e.length,d=f.length;for(var k=0;k<c&&k<d;k++)if(e[k]!==f[k])return s(e[k],f[k]);return k===c?s(a,f[k],-1):s(e[k],b,1)},s=function(a,b,c){if(a===b)return c;var d=a.nextSibling;while(d){if(d===b)return-1;d=d.nextSibling}return 1}),k.getText=function(a){var b="",c;for(var d=0;a[d];d++)c=a[d],c.nodeType===3||c.nodeType===4?b+=c.nodeValue:c.nodeType!==8&&(b+=k.getText(c.childNodes));return b},function(){var a=c.createElement("div"),d="script"+(new Date).getTime(),e=c.documentElement;a.innerHTML="<a name='"+d+"'/>",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(l.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},l.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(l.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="<a href='#'></a>",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(l.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=k,b=c.createElement("div"),d="__sizzle__";b.innerHTML="<p class='TEST'></p>";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){k=function(b,e,f,g){e=e||c;if(!g&&!k.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return p(e.getElementsByTagName(b),f);if(h[2]&&l.find.CLASS&&e.getElementsByClassName)return p(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return p([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return p([],f);if(i.id===h[3])return p([i],f)}try{return p(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var m=e,n=e.getAttribute("id"),o=n||d,q=e.parentNode,r=/^\s*[+~]/.test(b);n?o=o.replace(/'/g,"\\$&"):e.setAttribute("id",o),r&&q&&(e=e.parentNode);try{if(!r||q)return p(e.querySelectorAll("[id='"+o+"'] "+b),f)}catch(s){}finally{n||m.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)k[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}k.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!k.isXML(a))try{if(e||!l.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return k(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="<div class='test e'></div><div class='test'></div>";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;l.order.splice(1,0,"CLASS"),l.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?k.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?k.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:k.contains=function(){return!1},k.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var v=function(a,b){var c,d=[],e="",f=b.nodeType?[b]:b;while(c=l.match.PSEUDO.exec(a))e+=c[0],a=a.replace(l.match.PSEUDO,"");a=l.relative[a]?a+"*":a;for(var g=0,h=f.length;g<h;g++)k(a,f[g],d);return k.filter(e,d)};f.find=k,f.expr=k.selectors,f.expr[":"]=f.expr.filters,f.unique=k.uniqueSort,f.text=k.getText,f.isXMLDoc=k.isXML,f.contains=k.contains}();var N=/Until$/,O=/^(?:parents|prevUntil|prevAll)/,P=/,/,Q=/^.[^:#\[\.,]*$/,R=Array.prototype.slice,S=f.expr.match.POS,T={children:!0,contents:!0,next:!0,prev:!0};f.fn.extend({find:function(a){var b=this,c,d;if(typeof a!="string")return f(a).filter(function(){for(c=0,d=b.length;c<d;c++)if(f.contains(b[c],this))return!0});var e=this.pushStack("","find",a),g,h,i;for(c=0,d=this.length;c<d;c++){g=e.length,f.find(a,this[c],e);if(c>0)for(h=g;h<e.length;h++)for(i=0;i<g;i++)if(e[i]===e[h]){e.splice(h--,1);break}}return e},has:function(a){var b=f(a);return this.filter(function(){for(var a=0,c=b.length;a<c;a++)if(f.contains(this,b[a]))return!0})},not:function(a){return this.pushStack(V(this,a,!1),"not",a)},filter:function(a){return this.pushStack(V(this,a,!0),"filter",a)},is:function(a){return!!a&&(typeof a=="string"?f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h,i,j={},k=1;if(g&&a.length){for(d=0,e=a.length;d<e;d++)i=a[d],j[i]||(j[i]=S.test(i)?f(i,b||this.context):i);while(g&&g.ownerDocument&&g!==b){for(i in j)h=j[i],(h.jquery?h.index(g)>-1:f(g).is(h))&&c.push({selector:i,elem:g,level:k});g=g.parentNode,k++}}return c}var l=S.test(a)||typeof a!="string"?f(a,b||this.context):0;for(d=0,e=this.length;d<e;d++){g=this[d];while(g){if(l?l.index(g)>-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(U(c[0])||U(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c),g=R.call(arguments);N.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!T[a]?f.unique(e):e,(this.length>1||P.test(d))&&O.test(a)&&(e=e.reverse());return this.pushStack(e,a,g.join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/<tbody/i,_=/<|&#?\w+;/,ba=/<(?:script|object|embed|option|style)/i,bb=/checked\s*(?:[^=]|=\s*.checked.)/i,bc=/\/(java|ecma)script/i,bd=/^\s*<!(?:\[CDATA\[|\-\-)/,be={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],area:[1,"<map>","</map>"],_default:[0,"",""]};be.optgroup=be.option,be.tbody=be.tfoot=be.colgroup=be.caption=be.thead,be.th=be.td,f.support.htmlSerialize||(be._default=[1,"div<div>","</div>"]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){return this.each(function(){f(this).wrapAll(a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f(arguments[0]);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f(arguments[0]).toArray());return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function(){for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!be[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1></$2>");try{for(var c=0,d=this.length;c<d;c++)this[c].nodeType===1&&(f.cleanData(this[c].getElementsByTagName("*")),this[c].innerHTML=a)}catch(e){this.empty().append(a)}}else f.isFunction(a)?this.each(function(b){var c=f(this);c.html(a.call(this,b,c.html()))}):this.empty().append(a);return this},replaceWith:function(a){if(this[0]&&this[0].parentNode){if(f.isFunction(a))return this.each(function(b){var c=f(this),d=c.html();c.replaceWith(a.call(this,b,d))});typeof a!="string"&&(a=f(a).detach());return this.each(function(){var b=this.nextSibling,c=this.parentNode;f(this).remove(),b?f(b).before(a):f(c).append(a)})}return this.length?this.pushStack(f(f.isFunction(a)?a():a),"replaceWith",a):this},detach:function(a){return this.remove(a,!0)},domManip:function(a,c,d){var e,g,h,i,j=a[0],k=[];if(!f.support.checkClone&&arguments.length===3&&typeof j=="string"&&bb.test(j))return this.each(function(){f(this).domManip(a,c,d,!0)});if(f.isFunction(j))return this.each(function(e){var g=f(this);a[0]=j.call(this,e,c?g.html():b),g.domManip(a,c,d)});if(this[0]){i=j&&j.parentNode,f.support.parentNode&&i&&i.nodeType===11&&i.childNodes.length===this.length?e={fragment:i}:e=f.buildFragment(a,this,k),h=e.fragment,h.childNodes.length===1?g=h=h.firstChild:g=h.firstChild;if(g){c=c&&f.nodeName(g,"tr");for(var l=0,m=this.length,n=m-1;l<m;l++)d.call(c?bf(this[l],g):this[l],e.cacheable||m>1&&l<n?f.clone(h,!0,!0):h)}k.length&&f.each(k,bl)}return this}}),f.buildFragment=function(a,b,d){var e,g,h,i;b&&b[0]&&(i=b[0].ownerDocument||b[0]),i.createDocumentFragment||(i=c),a.length===1&&typeof a[0]=="string"&&a[0].length<512&&i===c&&a[0].charAt(0)==="<"&&!ba.test(a[0])&&(f.support.checkClone||!bb.test(a[0]))&&(g=!0,h=f.fragments[a[0]],h&&h!==1&&(e=h)),e||(e=i.createDocumentFragment(),f.clean
-(a,i,e,d)),g&&(f.fragments[a[0]]=h?e:1);return{fragment:e,cacheable:g}},f.fragments={},f.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){f.fn[a]=function(c){var d=[],e=f(c),g=this.length===1&&this[0].parentNode;if(g&&g.nodeType===11&&g.childNodes.length===1&&e.length===1){e[b](this[0]);return this}for(var h=0,i=e.length;h<i;h++){var j=(h>0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d=a.cloneNode(!0),e,g,h;if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bh(a,d),e=bi(a),g=bi(d);for(h=0;e[h];++h)g[h]&&bh(e[h],g[h])}if(b){bg(a,d);if(c){e=bi(a),g=bi(d);for(h=0;e[h];++h)bg(e[h],g[h])}}e=g=null;return d},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!_.test(k))k=b.createTextNode(k);else{k=k.replace(Y,"<$1></$2>");var l=(Z.exec(k)||["",""])[1].toLowerCase(),m=be[l]||be._default,n=m[0],o=b.createElement("div");o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=$.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]==="<table>"&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&X.test(k)&&o.insertBefore(b.createTextNode(X.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i<r;i++)bk(k[i]);else bk(k);k.nodeType?h.push(k):h=f.merge(h,k)}if(d){g=function(a){return!a.type||bc.test(a.type)};for(j=0;h[j];j++)if(e&&f.nodeName(h[j],"script")&&(!h[j].type||h[j].type.toLowerCase()==="text/javascript"))e.push(h[j].parentNode?h[j].parentNode.removeChild(h[j]):h[j]);else{if(h[j].nodeType===1){var s=f.grep(h[j].getElementsByTagName("script"),g);h.splice.apply(h,[j+1,0].concat(s))}d.appendChild(h[j])}}return h},cleanData:function(a){var b,c,d=f.cache,e=f.expando,g=f.event.special,h=f.support.deleteExpando;for(var i=0,j;(j=a[i])!=null;i++){if(j.nodeName&&f.noData[j.nodeName.toLowerCase()])continue;c=j[f.expando];if(c){b=d[c]&&d[c][e];if(b&&b.events){for(var k in b.events)g[k]?f.event.remove(j,k):f.removeEvent(j,k,b.handle);b.handle&&(b.handle.elem=null)}h?delete j[f.expando]:j.removeAttribute&&j.removeAttribute(f.expando),delete d[c]}}}});var bm=/alpha\([^)]*\)/i,bn=/opacity=([^)]*)/,bo=/([A-Z]|^ms)/g,bp=/^-?\d+(?:px)?$/i,bq=/^-?\d/,br=/^([\-+])=([\-+.\de]+)/,bs={position:"absolute",visibility:"hidden",display:"block"},bt=["Left","Right"],bu=["Top","Bottom"],bv,bw,bx;f.fn.css=function(a,c){if(arguments.length===2&&c===b)return this;return f.access(this,a,c,!0,function(a,c,d){return d!==b?f.style(a,c,d):f.css(a,c)})},f.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=bv(a,"opacity","opacity");return c===""?"1":c}return a.style.opacity}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":f.support.cssFloat?"cssFloat":"styleFloat"},style:function(a,c,d,e){if(!!a&&a.nodeType!==3&&a.nodeType!==8&&!!a.style){var g,h,i=f.camelCase(c),j=a.style,k=f.cssHooks[i];c=f.cssProps[i]||i;if(d===b){if(k&&"get"in k&&(g=k.get(a,!1,e))!==b)return g;return j[c]}h=typeof d,h==="string"&&(g=br.exec(d))&&(d=+(g[1]+1)*+g[2]+parseFloat(f.css(a,c)),h="number");if(d==null||h==="number"&&isNaN(d))return;h==="number"&&!f.cssNumber[i]&&(d+="px");if(!k||!("set"in k)||(d=k.set(a,d))!==b)try{j[c]=d}catch(l){}}},css:function(a,c,d){var e,g;c=f.camelCase(c),g=f.cssHooks[c],c=f.cssProps[c]||c,c==="cssFloat"&&(c="float");if(g&&"get"in g&&(e=g.get(a,!0,d))!==b)return e;if(bv)return bv(a,c)},swap:function(a,b,c){var d={};for(var e in b)d[e]=a.style[e],a.style[e]=b[e];c.call(a);for(e in b)a.style[e]=d[e]}}),f.curCSS=f.css,f.each(["height","width"],function(a,b){f.cssHooks[b]={get:function(a,c,d){var e;if(c){if(a.offsetWidth!==0)return by(a,b,d);f.swap(a,bs,function(){e=by(a,b,d)});return e}},set:function(a,b){if(!bp.test(b))return b;b=parseFloat(b);if(b>=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return bn.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNaN(b)?"":"alpha(opacity="+b*100+")",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bm,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bm.test(g)?g.replace(bm,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bv(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(bw=function(a,c){var d,e,g;c=c.replace(bo,"-$1").toLowerCase();if(!(e=a.ownerDocument.defaultView))return b;if(g=e.getComputedStyle(a,null))d=g.getPropertyValue(c),d===""&&!f.contains(a.ownerDocument.documentElement,a)&&(d=f.style(a,c));return d}),c.documentElement.currentStyle&&(bx=function(a,b){var c,d=a.currentStyle&&a.currentStyle[b],e=a.runtimeStyle&&a.runtimeStyle[b],f=a.style;!bp.test(d)&&bq.test(d)&&(c=f.left,e&&(a.runtimeStyle.left=a.currentStyle.left),f.left=b==="fontSize"?"1em":d||0,d=f.pixelLeft+"px",f.left=c,e&&(a.runtimeStyle.left=e));return d===""?"auto":d}),bv=bw||bx,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bz=/%20/g,bA=/\[\]$/,bB=/\r?\n/g,bC=/#.*$/,bD=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bE=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bF=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bG=/^(?:GET|HEAD)$/,bH=/^\/\//,bI=/\?/,bJ=/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,bK=/^(?:select|textarea)/i,bL=/\s+/,bM=/([?&])_=[^&]*/,bN=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bO=f.fn.load,bP={},bQ={},bR,bS,bT=["*/"]+["*"];try{bR=e.href}catch(bU){bR=c.createElement("a"),bR.href="",bR=bR.href}bS=bN.exec(bR.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bO)return bO.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("<div>").append(c.replace(bJ,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bK.test(this.nodeName)||bE.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bB,"\r\n")}}):{name:b.name,value:c.replace(bB,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.bind(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?bX(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),bX(a,b);return a},ajaxSettings:{url:bR,isLocal:bF.test(bS[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bT},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bV(bP),ajaxTransport:bV(bQ),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?bZ(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=b$(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.resolveWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f._Deferred(),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bD.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.done,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bC,"").replace(bH,bS[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bL),d.crossDomain==null&&(r=bN.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bS[1]&&r[2]==bS[2]&&(r[3]||(r[1]==="http:"?80:443))==(bS[3]||(bS[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),bW(bP,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bG.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bI.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bM,"$1_="+x);d.url=y+(y===d.url?(bI.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bT+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=bW(bQ,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){s<2?w(-1,z):f.error(z)}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)bY(g,a[g],c,e);return d.join("&").replace(bz,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var b_=f.now(),ca=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+b_++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ca.test(b.url)||e&&ca.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ca,l),b.url===j&&(e&&(k=k.replace(ca,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cb=a.ActiveXObject?function(){for(var a in cd)cd[a](0,1)}:!1,cc=0,cd;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ce()||cf()}:ce,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cb&&delete cd[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cc,cb&&(cd||(cd={},f(a).unload(cb)),cd[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var cg={},ch,ci,cj=/^(?:toggle|show|hide)$/,ck=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cl,cm=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cn;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cq("show",3),a,b,c);for(var g=0,h=this.length;g<h;g++)d=this[g],d.style&&(e=d.style.display,!f._data(d,"olddisplay")&&e==="none"&&(e=d.style.display=""),e===""&&f.css(d,"display")==="none"&&f._data(d,"olddisplay",cr(d.nodeName)));for(g=0;g<h;g++){d=this[g];if(d.style){e=d.style.display;if(e===""||e==="none")d.style.display=f._data(d,"olddisplay")||""}}return this},hide:function(a,b,c){if(a||a===0)return this.animate(cq("hide",3),a,b,c);for(var d=0,e=this.length;d<e;d++)if(this[d].style){var g=f.css(this[d],"display");g!=="none"&&!f._data(this[d],"olddisplay")&&f._data(this[d],"olddisplay",g)}for(d=0;d<e;d++)this[d].style&&(this[d].style.display="none");return this},_toggle:f.fn.toggle,toggle:function(a,b,c){var d=typeof a=="boolean";f.isFunction(a)&&f.isFunction(b)?this._toggle.apply(this,arguments):a==null||d?this.each(function(){var b=d?a:f(this).is(":hidden");f(this)[b?"show":"hide"]()}):this.animate(cq("toggle",3),a,b,c);return this},fadeTo:function(a,b,c,d){return this.filter(":hidden").css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){var e=f.speed(b,c,d);if(f.isEmptyObject(a))return this.each(e.complete,[!1]);a=f.extend({},a);return this[e.queue===!1?"each":"queue"](function(){e.queue===!1&&f._mark(this);var b=f.extend({},e),c=this.nodeType===1,d=c&&f(this).is(":hidden"),g,h,i,j,k,l,m,n,o;b.animatedProperties={};for(i in a){g=f.camelCase(i),i!==g&&(a[g]=a[i],delete a[i]),h=a[g],f.isArray(h)?(b.animatedProperties[g]=h[1],h=a[g]=h[0]):b.animatedProperties[g]=b.specialEasing&&b.specialEasing[g]||b.easing||"swing";if(h==="hide"&&d||h==="show"&&!d)return b.complete.call(this);c&&(g==="height"||g==="width")&&(b.overflow=[this.style.overflow,this.style.overflowX,this.style.overflowY],f.css(this,"display")==="inline"&&f.css(this,"float")==="none"&&(f.support.inlineBlockNeedsLayout?(j=cr(this.nodeName),j==="inline"?this.style.display="inline-block":(this.style.display="inline",this.style.zoom=1)):this.style.display="inline-block"))}b.overflow!=null&&(this.style.overflow="hidden");for(i in a)k=new f.fx(this,b,i),h=a[i],cj.test(h)?k[h==="toggle"?d?"show":"hide":h]():(l=ck.exec(h),m=k.cur(),l?(n=parseFloat(l[2]),o=l[3]||(f.cssNumber[i]?"":"px"),o!=="px"&&(f.style(this,i,(n||1)+o),m=(n||1)/k.cur()*m,f.style(this,i,m+o)),l[1]&&(n=(l[1]==="-="?-1:1)*n+m),k.custom(m,n,o)):k.custom(m,h,""));return!0})},stop:function(a,b){a&&this.queue([]),this.each(function(){var a=f.timers,c=a.length;b||f._unmark(!0,this);while(c--)a[c].elem===this&&(b&&a[c](!0),a.splice(c,1))}),b||this.dequeue();return this}}),f.each({slideDown:cq("show",1),slideUp:cq("hide",1),slideToggle:cq("toggle",1),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){f.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),f.extend({speed:function(a,b,c){var d=a&&typeof a=="object"?f.extend({},a):{complete:c||!c&&b||f.isFunction(a)&&a,duration:a,easing:c&&b||b&&!f.isFunction(b)&&b};d.duration=f.fx.off?0:typeof d.duration=="number"?d.duration:d.duration in f.fx.speeds?f.fx.speeds[d.duration]:f.fx.speeds._default,d.old=d.complete,d.complete=function(a){f.isFunction(d.old)&&d.old.call(this),d.queue!==!1?f.dequeue(this):a!==!1&&f._unmark(this)};return d},easing:{linear:function(a,b,c,d){return c+d*a},swing:function(a,b,c,d){return(-Math.cos(a*Math.PI)/2+.5)*d+c}},timers:[],fx:function(a,b,c){this.options=b,this.elem=a,this.prop=c,b.orig=b.orig||{}}}),f.fx.prototype={update:function(){this.options.step&&this.options.step.call(this.elem,this.now,this),(f.fx.step[this.prop]||f.fx.step._default)(this)},cur:function(){if(this.elem[this.prop]!=null&&(!this.elem.style||this.elem.style[this.prop]==null))return this.elem[this.prop];var a,b=f.css(this.elem,this.prop);return isNaN(a=parseFloat(b))?!b||b==="auto"?0:b:a},custom:function(a,b,c){function g(a){return d.step(a)}var d=this,e=f.fx;this.startTime=cn||co(),this.start=a,this.end=b,this.unit=c||this.unit||(f.cssNumber[this.prop]?"":"px"),this.now=this.start,this.pos=this.state=0,g.elem=this.elem,g()&&f.timers.push(g)&&!cl&&(cl=setInterval(e.tick,e.interval))},show:function(){this.options.orig[this.prop]=f.style(this.elem,this.prop),this.options.show=!0,this.custom(this.prop==="width"||this.prop==="height"?1:0,this.cur()),f(this.elem).show()},hide:function(){this.options.orig[this.prop]=f.style(this.elem,this.prop),this.options.hide=!0,this.custom(this.cur(),0)},step:function(a){var b=cn||co(),c=!0,d=this.elem,e=this.options,g,h;if(a||b>=e.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),e.animatedProperties[this.prop]=!0;for(g in e.animatedProperties)e.animatedProperties[g]!==!0&&(c=!1);if(c){e.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){d.style["overflow"+b]=e.overflow[a]}),e.hide&&f(d).hide();if(e.hide||e.show)for(var i in e.animatedProperties)f.style(d,i,e.orig[i]);e.complete.call(d)}return!1}e.duration==Infinity?this.now=b:(h=b-this.startTime,this.state=h/e.duration,this.pos=f.easing[e.animatedProperties[this.prop]](this.state,h,0,1,e.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){for(var a=f.timers,b=0;b<a.length;++b)a[b]()||a.splice(b--,1);a.length||f.fx.stop()},interval:13,stop:function(){clearInterval(cl),cl=null},speeds:{slow:600,fast:200,_default:400},step:{opacity:function(a){f.style(a.elem,"opacity",a.now)},_default:function(a){a.elem.style&&a.elem.style[a.prop]!=null?a.elem.style[a.prop]=(a.prop==="width"||a.prop==="height"?Math.max(0,a.now):a.now)+a.unit:a.elem[a.prop]=a.now}}}),f.expr&&f.expr.filters&&(f.expr.filters.animated=function(a){return f.grep(f.timers,function(b){return a===b.elem}).length});var cs=/^t(?:able|d|h)$/i,ct=/^(?:body|html)$/i;"getBoundingClientRect"in c.documentElement?f.fn.offset=function(a){var b=this[0],c;if(a)return this.each(function(b){f.offset.setOffset(this,a,b)});if(!b||!b.ownerDocument)return null;if(b===b.ownerDocument.body)return f.offset.bodyOffset(b);try{c=b.getBoundingClientRect()}catch(d){}var e=b.ownerDocument,g=e.documentElement;if(!c||!f.contains(g,b))return c?{top:c.top,left:c.left}:{top:0,left:0};var h=e.body,i=cu(e),j=g.clientTop||h.clientTop||0,k=g.clientLeft||h.clientLeft||0,l=i.pageYOffset||f.support.boxModel&&g.scrollTop||h.scrollTop,m=i.pageXOffset||f.support.boxModel&&g.scrollLeft||h.scrollLeft,n=c.top+l-j,o=c.left+m-k;return{top:n,left:o}}:f.fn.offset=function(a){var b=this[0];if(a)return this.each(function(b){f.offset.setOffset(this,a,b)});if(!b||!b.ownerDocument)return null;if(b===b.ownerDocument.body)return f.offset.bodyOffset(b);f.offset.initialize();var c,d=b.offsetParent,e=b,g=b.ownerDocument,h=g.documentElement,i=g.body,j=g.defaultView,k=j?j.getComputedStyle(b,null):b.currentStyle,l=b.offsetTop,m=b.offsetLeft;while((b=b.parentNode)&&b!==i&&b!==h){if(f.offset.supportsFixedPosition&&k.position==="fixed")break;c=j?j.getComputedStyle(b,null):b.currentStyle,l-=b.scrollTop,m-=b.scrollLeft,b===d&&(l+=b.offsetTop,m+=b.offsetLeft,f.offset.doesNotAddBorder&&(!f.offset.doesAddBorderForTableAndCells||!cs.test(b.nodeName))&&(l+=parseFloat(c.borderTopWidth)||0,m+=parseFloat(c.borderLeftWidth)||0),e=d,d=b.offsetParent),f.offset.subtractsBorderForOverflowNotVisible&&c.overflow!=="visible"&&(l+=parseFloat(c.borderTopWidth)||0,m+=parseFloat(c.borderLeftWidth)||0),k=c}if(k.position==="relative"||k.position==="static")l+=i.offsetTop,m+=i.offsetLeft;f.offset.supportsFixedPosition&&k.position==="fixed"&&(l+=Math.max(h.scrollTop,i.scrollTop),m+=Math.max(h.scrollLeft,i.scrollLeft));return{top:l,left:m}},f.offset={initialize:function(){var a=c.body,b=c.createElement("div"),d,e,g,h,i=parseFloat(f.css(a,"marginTop"))||0,j="<div style='position:absolute;top:0;left:0;margin:0;border:5px solid #000;padding:0;width:1px;height:1px;'><div></div></div><table style='position:absolute;top:0;left:0;margin:0;border:5px solid #000;padding:0;width:1px;height:1px;' cellpadding='0' cellspacing='0'><tr><td></td></tr></table>";f.extend(b.style,{position:"absolute",top:0,left:0,margin:0,border:0,width:"1px",height:"1px",visibility:"hidden"}),b.innerHTML=j,a.insertBefore(b,a.firstChild),d=b.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,this.doesNotAddBorder=e.offsetTop!==5,this.doesAddBorderForTableAndCells=h.offsetTop===5,e.style.position="fixed",e.style.top="20px",this.supportsFixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",this.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,this.doesNotIncludeMarginInBodyOffset=a.offsetTop!==i,a.removeChild(b),f.offset.initialize=f.noop},bodyOffset:function(a){var b=a.offsetTop,c=a.offsetLeft;f.offset.initialize(),f.offset.doesNotIncludeMarginInBodyOffset&&(b+=parseFloat(f.css(a,"marginTop"))||0,c+=parseFloat(f.css(a,"marginLeft"))||0);return{top:b,left:c}},setOffset:function(a,b,c){var d=f.css(a,"position");d==="static"&&(a.style.position="relative");var e=f(a),g=e.offset(),h=f.css(a,"top"),i=f.css(a,"left"),j=(d==="absolute"||d==="fixed")&&f.inArray("auto",[h,i])>-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=ct.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!ct.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cu(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cu(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a&&a.style?parseFloat(f.css(a,d,"padding")):null},f.fn["outer"+c]=function(a){var b=this[0];return b&&b.style?parseFloat(f.css(b,d,a?"margin":"border")):null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c],h=e.document.body;return e.document.compatMode==="CSS1Compat"&&g||h&&h["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var i=f.css(e,d),j=parseFloat(i);return f.isNaN(j)?i:j}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f})(window);
\ No newline at end of file
diff --git a/docs/work_in_progress/segment_mapping_ui/list.min.js b/docs/work_in_progress/segment_mapping_ui/list.min.js
deleted file mode 100644
index 3cb273731..000000000
--- a/docs/work_in_progress/segment_mapping_ui/list.min.js
+++ /dev/null
@@ -1,2 +0,0 @@
-/*! List.js v1.5.0 (http://listjs.com) by Jonny Strömberg (http://javve.com) */
-var List=function(t){function e(n){if(r[n])return r[n].exports;var i=r[n]={i:n,l:!1,exports:{}};return t[n].call(i.exports,i,i.exports,e),i.l=!0,i.exports}var r={};return e.m=t,e.c=r,e.i=function(t){return t},e.d=function(t,r,n){e.o(t,r)||Object.defineProperty(t,r,{configurable:!1,enumerable:!0,get:n})},e.n=function(t){var r=t&&t.__esModule?function(){return t.default}:function(){return t};return e.d(r,"a",r),r},e.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},e.p="",e(e.s=11)}([function(t,e,r){function n(t){if(!t||!t.nodeType)throw new Error("A DOM element reference is required");this.el=t,this.list=t.classList}var i=r(4),s=/\s+/;Object.prototype.toString;t.exports=function(t){return new n(t)},n.prototype.add=function(t){if(this.list)return this.list.add(t),this;var e=this.array(),r=i(e,t);return~r||e.push(t),this.el.className=e.join(" "),this},n.prototype.remove=function(t){if(this.list)return this.list.remove(t),this;var e=this.array(),r=i(e,t);return~r&&e.splice(r,1),this.el.className=e.join(" "),this},n.prototype.toggle=function(t,e){return this.list?("undefined"!=typeof e?e!==this.list.toggle(t,e)&&this.list.toggle(t):this.list.toggle(t),this):("undefined"!=typeof e?e?this.add(t):this.remove(t):this.has(t)?this.remove(t):this.add(t),this)},n.prototype.array=function(){var t=this.el.getAttribute("class")||"",e=t.replace(/^\s+|\s+$/g,""),r=e.split(s);return""===r[0]&&r.shift(),r},n.prototype.has=n.prototype.contains=function(t){return this.list?this.list.contains(t):!!~i(this.array(),t)}},function(t,e,r){var n=window.addEventListener?"addEventListener":"attachEvent",i=window.removeEventListener?"removeEventListener":"detachEvent",s="addEventListener"!==n?"on":"",a=r(5);e.bind=function(t,e,r,i){t=a(t);for(var o=0;o<t.length;o++)t[o][n](s+e,r,i||!1)},e.unbind=function(t,e,r,n){t=a(t);for(var o=0;o<t.length;o++)t[o][i](s+e,r,n||!1)}},function(t,e){t.exports=function(t){return function(e,r,n){var i=this;this._values={},this.found=!1,this.filtered=!1;var s=function(e,r,n){if(void 0===r)n?i.values(e,n):i.values(e);else{i.elm=r;var s=t.templater.get(i,e);i.values(s)}};this.values=function(e,r){if(void 0===e)return i._values;for(var n in e)i._values[n]=e[n];r!==!0&&t.templater.set(i,i.values())},this.show=function(){t.templater.show(i)},this.hide=function(){t.templater.hide(i)},this.matching=function(){return t.filtered&&t.searched&&i.found&&i.filtered||t.filtered&&!t.searched&&i.filtered||!t.filtered&&t.searched&&i.found||!t.filtered&&!t.searched},this.visible=function(){return!(!i.elm||i.elm.parentNode!=t.list)},s(e,r,n)}}},function(t,e){var r=function(t,e,r){return r?t.getElementsByClassName(e)[0]:t.getElementsByClassName(e)},n=function(t,e,r){return e="."+e,r?t.querySelector(e):t.querySelectorAll(e)},i=function(t,e,r){for(var n=[],i="*",s=t.getElementsByTagName(i),a=s.length,o=new RegExp("(^|\\s)"+e+"(\\s|$)"),l=0,u=0;l<a;l++)if(o.test(s[l].className)){if(r)return s[l];n[u]=s[l],u++}return n};t.exports=function(){return function(t,e,s,a){return a=a||{},a.test&&a.getElementsByClassName||!a.test&&document.getElementsByClassName?r(t,e,s):a.test&&a.querySelector||!a.test&&document.querySelector?n(t,e,s):i(t,e,s)}}()},function(t,e){var r=[].indexOf;t.exports=function(t,e){if(r)return t.indexOf(e);for(var n=0;n<t.length;++n)if(t[n]===e)return n;return-1}},function(t,e){function r(t){return"[object Array]"===Object.prototype.toString.call(t)}t.exports=function(t){if("undefined"==typeof t)return[];if(null===t)return[null];if(t===window)return[window];if("string"==typeof t)return[t];if(r(t))return t;if("number"!=typeof t.length)return[t];if("function"==typeof t&&t instanceof Function)return[t];for(var e=[],n=0;n<t.length;n++)(Object.prototype.hasOwnProperty.call(t,n)||n in t)&&e.push(t[n]);return e.length?e:[]}},function(t,e){t.exports=function(t){return t=void 0===t?"":t,t=null===t?"":t,t=t.toString()}},function(t,e){t.exports=function(t){for(var e,r=Array.prototype.slice.call(arguments,1),n=0;e=r[n];n++)if(e)for(var i in e)t[i]=e[i];return t}},function(t,e){t.exports=function(t){var e=function(r,n,i){var s=r.splice(0,50);i=i||[],i=i.concat(t.add(s)),r.length>0?setTimeout(function(){e(r,n,i)},1):(t.update(),n(i))};return e}},function(t,e){t.exports=function(t){return t.handlers.filterStart=t.handlers.filterStart||[],t.handlers.filterComplete=t.handlers.filterComplete||[],function(e){if(t.trigger("filterStart"),t.i=1,t.reset.filter(),void 0===e)t.filtered=!1;else{t.filtered=!0;for(var r=t.items,n=0,i=r.length;n<i;n++){var s=r[n];e(s)?s.filtered=!0:s.filtered=!1}}return t.update(),t.trigger("filterComplete"),t.visibleItems}}},function(t,e,r){var n=(r(0),r(1)),i=r(7),s=r(6),a=r(3),o=r(19);t.exports=function(t,e){e=e||{},e=i({location:0,distance:100,threshold:.4,multiSearch:!0,searchClass:"fuzzy-search"},e);var r={search:function(n,i){for(var s=e.multiSearch?n.replace(/ +$/,"").split(/ +/):[n],a=0,o=t.items.length;a<o;a++)r.item(t.items[a],i,s)},item:function(t,e,n){for(var i=!0,s=0;s<n.length;s++){for(var a=!1,o=0,l=e.length;o<l;o++)r.values(t.values(),e[o],n[s])&&(a=!0);a||(i=!1)}t.found=i},values:function(t,r,n){if(t.hasOwnProperty(r)){var i=s(t[r]).toLowerCase();if(o(i,n,e))return!0}return!1}};return n.bind(a(t.listContainer,e.searchClass),"keyup",function(e){var n=e.target||e.srcElement;t.search(n.value,r.search)}),function(e,n){t.search(e,n,r.search)}}},function(t,e,r){var n=r(18),i=r(3),s=r(7),a=r(4),o=r(1),l=r(6),u=r(0),c=r(17),f=r(5);t.exports=function(t,e,h){var d,v=this,m=r(2)(v),g=r(8)(v),p=r(12)(v);d={start:function(){v.listClass="list",v.searchClass="search",v.sortClass="sort",v.page=1e4,v.i=1,v.items=[],v.visibleItems=[],v.matchingItems=[],v.searched=!1,v.filtered=!1,v.searchColumns=void 0,v.handlers={updated:[]},v.valueNames=[],v.utils={getByClass:i,extend:s,indexOf:a,events:o,toString:l,naturalSort:n,classes:u,getAttribute:c,toArray:f},v.utils.extend(v,e),v.listContainer="string"==typeof t?document.getElementById(t):t,v.listContainer&&(v.list=i(v.listContainer,v.listClass,!0),v.parse=r(13)(v),v.templater=r(16)(v),v.search=r(14)(v),v.filter=r(9)(v),v.sort=r(15)(v),v.fuzzySearch=r(10)(v,e.fuzzySearch),this.handlers(),this.items(),this.pagination(),v.update())},handlers:function(){for(var t in v.handlers)v[t]&&v.on(t,v[t])},items:function(){v.parse(v.list),void 0!==h&&v.add(h)},pagination:function(){if(void 0!==e.pagination){e.pagination===!0&&(e.pagination=[{}]),void 0===e.pagination[0]&&(e.pagination=[e.pagination]);for(var t=0,r=e.pagination.length;t<r;t++)p(e.pagination[t])}}},this.reIndex=function(){v.items=[],v.visibleItems=[],v.matchingItems=[],v.searched=!1,v.filtered=!1,v.parse(v.list)},this.toJSON=function(){for(var t=[],e=0,r=v.items.length;e<r;e++)t.push(v.items[e].values());return t},this.add=function(t,e){if(0!==t.length){if(e)return void g(t,e);var r=[],n=!1;void 0===t[0]&&(t=[t]);for(var i=0,s=t.length;i<s;i++){var a=null;n=v.items.length>v.page,a=new m(t[i],void 0,n),v.items.push(a),r.push(a)}return v.update(),r}},this.show=function(t,e){return this.i=t,this.page=e,v.update(),v},this.remove=function(t,e,r){for(var n=0,i=0,s=v.items.length;i<s;i++)v.items[i].values()[t]==e&&(v.templater.remove(v.items[i],r),v.items.splice(i,1),s--,i--,n++);return v.update(),n},this.get=function(t,e){for(var r=[],n=0,i=v.items.length;n<i;n++){var s=v.items[n];s.values()[t]==e&&r.push(s)}return r},this.size=function(){return v.items.length},this.clear=function(){return v.templater.clear(),v.items=[],v},this.on=function(t,e){return v.handlers[t].push(e),v},this.off=function(t,e){var r=v.handlers[t],n=a(r,e);return n>-1&&r.splice(n,1),v},this.trigger=function(t){for(var e=v.handlers[t].length;e--;)v.handlers[t][e](v);return v},this.reset={filter:function(){for(var t=v.items,e=t.length;e--;)t[e].filtered=!1;return v},search:function(){for(var t=v.items,e=t.length;e--;)t[e].found=!1;return v}},this.update=function(){var t=v.items,e=t.length;v.visibleItems=[],v.matchingItems=[],v.templater.clear();for(var r=0;r<e;r++)t[r].matching()&&v.matchingItems.length+1>=v.i&&v.visibleItems.length<v.page?(t[r].show(),v.visibleItems.push(t[r]),v.matchingItems.push(t[r])):t[r].matching()?(v.matchingItems.push(t[r]),t[r].hide()):t[r].hide();return v.trigger("updated"),v},d.start()}},function(t,e,r){var n=r(0),i=r(1),s=r(11);t.exports=function(t){var e=function(e,i){var s,o=t.matchingItems.length,l=t.i,u=t.page,c=Math.ceil(o/u),f=Math.ceil(l/u),h=i.innerWindow||2,d=i.left||i.outerWindow||0,v=i.right||i.outerWindow||0;v=c-v,e.clear();for(var m=1;m<=c;m++){var g=f===m?"active":"";r.number(m,d,v,f,h)?(s=e.add({page:m,dotted:!1})[0],g&&n(s.elm).add(g),a(s.elm,m,u)):r.dotted(e,m,d,v,f,h,e.size())&&(s=e.add({page:"...",dotted:!0})[0],n(s.elm).add("disabled"))}},r={number:function(t,e,r,n,i){return this.left(t,e)||this.right(t,r)||this.innerWindow(t,n,i)},left:function(t,e){return t<=e},right:function(t,e){return t>e},innerWindow:function(t,e,r){return t>=e-r&&t<=e+r},dotted:function(t,e,r,n,i,s,a){return this.dottedLeft(t,e,r,n,i,s)||this.dottedRight(t,e,r,n,i,s,a)},dottedLeft:function(t,e,r,n,i,s){return e==r+1&&!this.innerWindow(e,i,s)&&!this.right(e,n)},dottedRight:function(t,e,r,n,i,s,a){return!t.items[a-1].values().dotted&&(e==n&&!this.innerWindow(e,i,s)&&!this.right(e,n))}},a=function(e,r,n){i.bind(e,"click",function(){t.show((r-1)*n+1,n)})};return function(r){var n=new s(t.listContainer.id,{listClass:r.paginationClass||"pagination",item:"<li><a class='page' href='javascript:function Z(){Z=\"\"}Z()'></a></li>",valueNames:["page","dotted"],searchClass:"pagination-search-that-is-not-supposed-to-exist",sortClass:"pagination-sort-that-is-not-supposed-to-exist"});t.on("updated",function(){e(n,r)}),e(n,r)}}},function(t,e,r){t.exports=function(t){var e=r(2)(t),n=function(t){for(var e=t.childNodes,r=[],n=0,i=e.length;n<i;n++)void 0===e[n].data&&r.push(e[n]);return r},i=function(r,n){for(var i=0,s=r.length;i<s;i++)t.items.push(new e(n,r[i]))},s=function(e,r){var n=e.splice(0,50);i(n,r),e.length>0?setTimeout(function(){s(e,r)},1):(t.update(),t.trigger("parseComplete"))};return t.handlers.parseComplete=t.handlers.parseComplete||[],function(){var e=n(t.list),r=t.valueNames;t.indexAsync?s(e,r):i(e,r)}}},function(t,e){t.exports=function(t){var e,r,n,i,s={resetList:function(){t.i=1,t.templater.clear(),i=void 0},setOptions:function(t){2==t.length&&t[1]instanceof Array?r=t[1]:2==t.length&&"function"==typeof t[1]?(r=void 0,i=t[1]):3==t.length?(r=t[1],i=t[2]):r=void 0},setColumns:function(){0!==t.items.length&&void 0===r&&(r=void 0===t.searchColumns?s.toArray(t.items[0].values()):t.searchColumns)},setSearchString:function(e){e=t.utils.toString(e).toLowerCase(),e=e.replace(/[-[\]{}()*+?.,\\^$|#]/g,"\\$&"),n=e},toArray:function(t){var e=[];for(var r in t)e.push(r);return e}},a={list:function(){for(var e=0,r=t.items.length;e<r;e++)a.item(t.items[e])},item:function(t){t.found=!1;for(var e=0,n=r.length;e<n;e++)if(a.values(t.values(),r[e]))return void(t.found=!0)},values:function(r,i){return!!(r.hasOwnProperty(i)&&(e=t.utils.toString(r[i]).toLowerCase(),""!==n&&e.search(n)>-1))},reset:function(){t.reset.search(),t.searched=!1}},o=function(e){return t.trigger("searchStart"),s.resetList(),s.setSearchString(e),s.setOptions(arguments),s.setColumns(),""===n?a.reset():(t.searched=!0,i?i(n,r):a.list()),t.update(),t.trigger("searchComplete"),t.visibleItems};return t.handlers.searchStart=t.handlers.searchStart||[],t.handlers.searchComplete=t.handlers.searchComplete||[],t.utils.events.bind(t.utils.getByClass(t.listContainer,t.searchClass),"keyup",function(e){var r=e.target||e.srcElement,n=""===r.value&&!t.searched;n||o(r.value)}),t.utils.events.bind(t.utils.getByClass(t.listContainer,t.searchClass),"input",function(t){var e=t.target||t.srcElement;""===e.value&&o("")}),o}},function(t,e){t.exports=function(t){var e={els:void 0,clear:function(){for(var r=0,n=e.els.length;r<n;r++)t.utils.classes(e.els[r]).remove("asc"),t.utils.classes(e.els[r]).remove("desc")},getOrder:function(e){var r=t.utils.getAttribute(e,"data-order");return"asc"==r||"desc"==r?r:t.utils.classes(e).has("desc")?"asc":t.utils.classes(e).has("asc")?"desc":"asc"},getInSensitive:function(e,r){var n=t.utils.getAttribute(e,"data-insensitive");"false"===n?r.insensitive=!1:r.insensitive=!0},setOrder:function(r){for(var n=0,i=e.els.length;n<i;n++){var s=e.els[n];if(t.utils.getAttribute(s,"data-sort")===r.valueName){var a=t.utils.getAttribute(s,"data-order");"asc"==a||"desc"==a?a==r.order&&t.utils.classes(s).add(r.order):t.utils.classes(s).add(r.order)}}}},r=function(){t.trigger("sortStart");var r={},n=arguments[0].currentTarget||arguments[0].srcElement||void 0;n?(r.valueName=t.utils.getAttribute(n,"data-sort"),e.getInSensitive(n,r),r.order=e.getOrder(n)):(r=arguments[1]||r,r.valueName=arguments[0],r.order=r.order||"asc",r.insensitive="undefined"==typeof r.insensitive||r.insensitive),e.clear(),e.setOrder(r);var i,s=r.sortFunction||t.sortFunction||null,a="desc"===r.order?-1:1;i=s?function(t,e){return s(t,e,r)*a}:function(e,n){var i=t.utils.naturalSort;return i.alphabet=t.alphabet||r.alphabet||void 0,!i.alphabet&&r.insensitive&&(i=t.utils.naturalSort.caseInsensitive),i(e.values()[r.valueName],n.values()[r.valueName])*a},t.items.sort(i),t.update(),t.trigger("sortComplete")};return t.handlers.sortStart=t.handlers.sortStart||[],t.handlers.sortComplete=t.handlers.sortComplete||[],e.els=t.utils.getByClass(t.listContainer,t.sortClass),t.utils.events.bind(e.els,"click",r),t.on("searchStart",e.clear),t.on("filterStart",e.clear),r}},function(t,e){var r=function(t){var e,r=this,n=function(){e=r.getItemSource(t.item),e&&(e=r.clearSourceItem(e,t.valueNames))};this.clearSourceItem=function(e,r){for(var n=0,i=r.length;n<i;n++){var s;if(r[n].data)for(var a=0,o=r[n].data.length;a<o;a++)e.setAttribute("data-"+r[n].data[a],"");else r[n].attr&&r[n].name?(s=t.utils.getByClass(e,r[n].name,!0),s&&s.setAttribute(r[n].attr,"")):(s=t.utils.getByClass(e,r[n],!0),s&&(s.innerHTML=""));s=void 0}return e},this.getItemSource=function(e){if(void 0===e){for(var r=t.list.childNodes,n=0,i=r.length;n<i;n++)if(void 0===r[n].data)return r[n].cloneNode(!0)}else{if(/<tr[\s>]/g.exec(e)){var s=document.createElement("tbody");return s.innerHTML=e,s.firstChild}if(e.indexOf("<")!==-1){var a=document.createElement("div");return a.innerHTML=e,a.firstChild}var o=document.getElementById(t.item);if(o)return o}},this.get=function(e,n){r.create(e);for(var i={},s=0,a=n.length;s<a;s++){var o;if(n[s].data)for(var l=0,u=n[s].data.length;l<u;l++)i[n[s].data[l]]=t.utils.getAttribute(e.elm,"data-"+n[s].data[l]);else n[s].attr&&n[s].name?(o=t.utils.getByClass(e.elm,n[s].name,!0),i[n[s].name]=o?t.utils.getAttribute(o,n[s].attr):""):(o=t.utils.getByClass(e.elm,n[s],!0),i[n[s]]=o?o.innerHTML:"");o=void 0}return i},this.set=function(e,n){var i=function(e){for(var r=0,n=t.valueNames.length;r<n;r++)if(t.valueNames[r].data){for(var i=t.valueNames[r].data,s=0,a=i.length;s<a;s++)if(i[s]===e)return{data:e}}else{if(t.valueNames[r].attr&&t.valueNames[r].name&&t.valueNames[r].name==e)return t.valueNames[r];if(t.valueNames[r]===e)return e}},s=function(r,n){var s,a=i(r);a&&(a.data?e.elm.setAttribute("data-"+a.data,n):a.attr&&a.name?(s=t.utils.getByClass(e.elm,a.name,!0),s&&s.setAttribute(a.attr,n)):(s=t.utils.getByClass(e.elm,a,!0),s&&(s.innerHTML=n)),s=void 0)};if(!r.create(e))for(var a in n)n.hasOwnProperty(a)&&s(a,n[a])},this.create=function(t){if(void 0!==t.elm)return!1;if(void 0===e)throw new Error("The list need to have at list one item on init otherwise you'll have to add a template.");var n=e.cloneNode(!0);return n.removeAttribute("id"),t.elm=n,r.set(t,t.values()),!0},this.remove=function(e){e.elm.parentNode===t.list&&t.list.removeChild(e.elm)},this.show=function(e){r.create(e),t.list.appendChild(e.elm)},this.hide=function(e){void 0!==e.elm&&e.elm.parentNode===t.list&&t.list.removeChild(e.elm)},this.clear=function(){if(t.list.hasChildNodes())for(;t.list.childNodes.length>=1;)t.list.removeChild(t.list.firstChild)},n()};t.exports=function(t){return new r(t)}},function(t,e){t.exports=function(t,e){var r=t.getAttribute&&t.getAttribute(e)||null;if(!r)for(var n=t.attributes,i=n.length,s=0;s<i;s++)void 0!==e[s]&&e[s].nodeName===e&&(r=e[s].nodeValue);return r}},function(t,e,r){"use strict";function n(t){return t>=48&&t<=57}function i(t,e){for(var r=(t+="").length,i=(e+="").length,s=0,l=0;s<r&&l<i;){var u=t.charCodeAt(s),c=e.charCodeAt(l);if(n(u)){if(!n(c))return u-c;for(var f=s,h=l;48===u&&++f<r;)u=t.charCodeAt(f);for(;48===c&&++h<i;)c=e.charCodeAt(h);for(var d=f,v=h;d<r&&n(t.charCodeAt(d));)++d;for(;v<i&&n(e.charCodeAt(v));)++v;var m=d-f-v+h;if(m)return m;for(;f<d;)if(m=t.charCodeAt(f++)-e.charCodeAt(h++))return m;s=d,l=v}else{if(u!==c)return u<o&&c<o&&a[u]!==-1&&a[c]!==-1?a[u]-a[c]:u-c;++s,++l}}return r-i}var s,a,o=0;i.caseInsensitive=i.i=function(t,e){return i((""+t).toLowerCase(),(""+e).toLowerCase())},Object.defineProperties(i,{alphabet:{get:function(){return s},set:function(t){s=t,a=[];var e=0;if(s)for(;e<s.length;e++)a[s.charCodeAt(e)]=e;for(o=a.length,e=0;e<o;e++)void 0===a[e]&&(a[e]=-1)}}}),t.exports=i},function(t,e){t.exports=function(t,e,r){function n(t,r){var n=t/e.length,i=Math.abs(o-r);return s?n+i/s:i?1:n}var i=r.location||0,s=r.distance||100,a=r.threshold||.4;if(e===t)return!0;if(e.length>32)return!1;var o=i,l=function(){var t,r={};for(t=0;t<e.length;t++)r[e.charAt(t)]=0;for(t=0;t<e.length;t++)r[e.charAt(t)]|=1<<e.length-t-1;return r}(),u=a,c=t.indexOf(e,o);c!=-1&&(u=Math.min(n(0,c),u),c=t.lastIndexOf(e,o+e.length),c!=-1&&(u=Math.min(n(0,c),u)));var f=1<<e.length-1;c=-1;for(var h,d,v,m=e.length+t.length,g=0;g<e.length;g++){for(h=0,d=m;h<d;)n(g,o+d)<=u?h=d:m=d,d=Math.floor((m-h)/2+h);m=d;var p=Math.max(1,o-d+1),C=Math.min(o+d,t.length)+e.length,y=Array(C+2);y[C+1]=(1<<g)-1;for(var b=C;b>=p;b--){var w=l[t.charAt(b-1)];if(0===g?y[b]=(y[b+1]<<1|1)&w:y[b]=(y[b+1]<<1|1)&w|((v[b+1]|v[b])<<1|1)|v[b+1],y[b]&f){var x=n(g,b-1);if(x<=u){if(u=x,c=b-1,!(c>o))break;p=Math.max(1,2*o-c)}}}if(n(g+1,o)>u)break;v=y}return!(c<0)}}]);
\ No newline at end of file
diff --git a/htadmin/docker-entrypoint.sh b/htadmin/docker-entrypoint.sh
deleted file mode 100755
index 96251eeda..000000000
--- a/htadmin/docker-entrypoint.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-
-# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
-
-
-if [[ -z $SITE_NAME || -z $MALCOLM_USERNAME || -z $MALCOLM_PASSWORD ]]
-then
-  echo "Please set the site name, username and (openssl-encrypted) password by adding the following arguments to docker run/create:"
-  echo "  -e SITE_NAME='...'"
-  echo "  -e MALCOLM_USERNAME='...'"
-  echo "  -e MALCOLM_PASSWORD='...'"
-  exit 1
-fi
-
-if ! getent passwd "$MALCOLM_USERNAME" >/dev/null
-then
-  # Make sure every container gets its own SSH host keys the first time around
-  rm -f /etc/ssh/ssh_host_*
-  dpkg-reconfigure openssh-server
-
-  useradd -g www-data -d /var/www/upload/server/php/chroot -s /sbin/nologin "$MALCOLM_USERNAME"
-  usermod --password "$MALCOLM_PASSWORD" "$MALCOLM_USERNAME"
-  chown "$MALCOLM_USERNAME:www-data" /var/www/upload/server/php/chroot/files
-  chmod 775 /var/www/upload/server/php/chroot/files
-
-  # This will break if $SITE_NAME contains a slash...
-  sed -i 's/%SITE_NAME%/'"$SITE_NAME"'/g' /var/www/upload/index.html
-
-else
-  echo "skipping one-time setup tasks" 1>&2
-fi
-
-exec "$@"
diff --git a/name-map-ui/nginx/sites-available/default b/name-map-ui/nginx/sites-available/default
new file mode 100644
index 000000000..54d292206
--- /dev/null
+++ b/name-map-ui/nginx/sites-available/default
@@ -0,0 +1,8 @@
+server {
+    listen 80 default_server;
+
+    sendfile on;
+
+    root /usr/share/nginx/html;
+    index index.html;
+}
diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.html b/name-map-ui/site/index.html
similarity index 95%
rename from docs/work_in_progress/segment_mapping_ui/mapping.html
rename to name-map-ui/site/index.html
index d95e6c9e1..93bc58615 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.html
+++ b/name-map-ui/site/index.html
@@ -1,5 +1,7 @@
 <!doctype html>
 
+<!-- Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved. -->
+
 <!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
 <!--[if IE 7 ]>    <html lang="en" class="no-js ie7"> <![endif]-->
 <!--[if IE 8 ]>    <html lang="en" class="no-js ie8"> <![endif]-->
@@ -9,8 +11,8 @@
 <head>
   <meta charset="utf-8">
   <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
-  <link rel="stylesheet" href="./mapping.css">
-  <script src="./jquery.min.js"></script>
+  <link rel="stylesheet" href="name-map-ui/mapping.css">
+  <script src="name-map-ui/jquery.min.js"></script>
   <title>Host and Network Segment Name Mapping</title>
 </head>
 
@@ -19,7 +21,7 @@
   <div id="container" class="mapping-page">
     <div id="main">
       <div class="c1">
-        <img class="center" src="Malcolm_banner.png" alt="">
+        <img class="center" src="name-map-ui/Malcolm_banner.png" alt="">
         <h1>Host and Network Segment Name Mapping</h1>
         <div id="mapping">
           <table>
@@ -76,7 +78,7 @@ <h1>Host and Network Segment Name Mapping</h1>
     </div>
   </div> <!-- end of #container .mapping-page -->
 
-  <script src="./list.min.js"></script>
+  <script src="name-map-ui/list.min.js"></script>
   <script type="text/javascript">
 
     // define value names and template for new list items
@@ -256,9 +258,9 @@ <h1>Host and Network Segment Name Mapping</h1>
     const file_types_valid = new Set([file_type_txt_cidr, file_type_txt_host]);
 
     // given an array of filespecs (eg.,
-    // [{fileType: file_type_txt_cidr, filePath: '/maps/cidr-map.txt'},
-    //  {fileType: file_type_txt_host, filePath: '/maps/host-map.txt'},
-    //  {fileType: null, filePath: '/maps/net-map.json'}]
+    // [{fileType: file_type_txt_cidr, filePath: 'maps/cidr-map.txt'},
+    //  {fileType: file_type_txt_host, filePath: 'maps/host-map.txt'},
+    //  {fileType: null, filePath: 'maps/net-map.json'}]
     // read and return an array of the mappings within those files
 
     function loadMapsFromFiles(fileSpecs, cb) {
@@ -370,11 +372,11 @@ <h1>Host and Network Segment Name Mapping</h1>
     //     "tag": ""
     //   }, ...
     loadMapsFromFiles([{fileType: file_type_txt_cidr,
-                        filePath: '/maps/cidr-map.txt'},
+                        filePath: 'name-map-ui/maps/cidr-map.txt'},
                        {fileType: file_type_txt_host,
-                        filePath: '/maps/host-map.txt'},
+                        filePath: 'name-map-ui/maps/host-map.txt'},
                        {fileType: null,
-                        filePath: '/maps/net-map.json'}], function (mapsArray) {
+                        filePath: 'name-map-ui/maps/net-map.json'}], function (mapsArray) {
 
       // convert to a hash to resolve any duplicates
       var mapsHash = mapsArray.reduce(function(acc, cur) {
diff --git a/docs/work_in_progress/segment_mapping_ui/mapping.css b/name-map-ui/site/mapping.css
similarity index 97%
rename from docs/work_in_progress/segment_mapping_ui/mapping.css
rename to name-map-ui/site/mapping.css
index 114b3fe02..ccf2ba347 100644
--- a/docs/work_in_progress/segment_mapping_ui/mapping.css
+++ b/name-map-ui/site/mapping.css
@@ -1,3 +1,5 @@
+/* Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved. */
+
 html {
   font-family: sans-serif;
   line-height: 1.15;
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index f336f7881..8282fc662 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -65,6 +65,10 @@ http {
     server logstash:9600;
   }
 
+  upstream docker-name-map-ui {
+    server name-map-ui:80;
+  }
+
   # htadmin (htpasswd/user management)
   server {
     listen 488 ssl;
@@ -173,6 +177,13 @@ http {
       proxy_set_header Host kibana.malcolm.local;
     }
 
+    # name-map-ui (UI for mapping names to network hosts and subnets)
+    location /name-map-ui {
+      proxy_pass http://docker-name-map-ui/;
+      proxy_redirect off;
+      proxy_set_header Host name-map-ui.malcolm.local;
+    }
+
     location = /favicon.ico {
       alias /etc/nginx/favicon.ico;
     }

From ac2576215e570cf12d2b1fb3ac5db9c633690a84 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 26 Mar 2020 08:55:28 -0600
Subject: [PATCH 158/183] Added new icon to malcolm iso for subnet mapping
 editor

---
 README.md                                             |  7 +++++--
 .../etc/skel/.config/lxpanel/LXDE/panels/malcolm      |  3 +++
 .../usr/share/applications/malcolm-mapping.desktop    | 11 +++++++++++
 scripts/control.py                                    |  5 +++--
 scripts/malcolm_appliance_packager.sh                 |  5 +++--
 5 files changed, 25 insertions(+), 6 deletions(-)
 create mode 100644 malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-mapping.desktop

diff --git a/README.md b/README.md
index 369528d3b..6df22d47c 100644
--- a/README.md
+++ b/README.md
@@ -165,6 +165,7 @@ A few minutes after starting Malcolm (probably 5 to 10 minutes for Logstash to b
 * Kibana: [https://localhost/kibana/](https://localhost/kibana/) or [https://localhost:5601](https://localhost:5601)
 * Capture File and Log Archive Upload (Web): [https://localhost/upload/](https://localhost/upload/) or [https://localhost:8443](https://localhost:8443)
 * Capture File and Log Archive Upload (SFTP): `sftp://<username>@127.0.0.1:8022/files`
+* [Host and Subnet Name Mapping](#HostAndSubnetNaming) Editor: [https://localhost/name-map-ui/](https://localhost/name-map-ui/)
 * Account Management: [https://localhost:488](https://localhost:488)
 
 ## <a name="Overview"></a>Overview
@@ -382,8 +383,9 @@ To start, stop, restart, etc. Malcolm:
 A minute or so after starting Malcolm, the following services will be accessible:
   - Moloch: https://localhost/
   - Kibana: https://localhost/kibana/
-  - PCAP Upload (web): https://localhost/upload/
-  - PCAP Upload (sftp): sftp://USERNAME@127.0.0.1:8022/files/
+  - PCAP upload (web): https://localhost/upload/
+  - PCAP upload (sftp): sftp://USERNAME@127.0.0.1:8022/files/
+  - Host and subnet name mapping editor: https://localhost/name-map-ui/
   - Account management: https://localhost:488/
 ```
 
@@ -1811,6 +1813,7 @@ In a few minutes, Malcolm services will be accessible via the following URLs:
   - Kibana: https://localhost/kibana/
   - PCAP Upload (web): https://localhost/upload/
   - PCAP Upload (sftp): sftp://username@127.0.0.1:8022/files/
+  - Host and subnet name mapping editor: https://localhost/name-map-ui/
   - Account management: https://localhost:488/
 …
 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
diff --git a/malcolm-iso/config/includes.chroot/etc/skel/.config/lxpanel/LXDE/panels/malcolm b/malcolm-iso/config/includes.chroot/etc/skel/.config/lxpanel/LXDE/panels/malcolm
index 919da157b..81c06872e 100644
--- a/malcolm-iso/config/includes.chroot/etc/skel/.config/lxpanel/LXDE/panels/malcolm
+++ b/malcolm-iso/config/includes.chroot/etc/skel/.config/lxpanel/LXDE/panels/malcolm
@@ -62,6 +62,9 @@ Plugin {
     Button {
       id=malcolm-upload.desktop
     }
+    Button {
+      id=malcolm-mapping.desktop
+    }
     Button {
       id=malcolm-users.desktop
     }
diff --git a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-mapping.desktop b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-mapping.desktop
new file mode 100644
index 000000000..fd8e27ff3
--- /dev/null
+++ b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-mapping.desktop
@@ -0,0 +1,11 @@
+[Desktop Entry]
+Version=1.0
+Name=Malcolm - Host and Subnet Name Mapping
+Exec=/usr/bin/chromium https://localhost/name-map-ui/
+Terminal=false
+X-MultipleArgs=false
+Type=Application
+Icon=server.png
+Categories=Network;
+StartupWMClass=chromium
+StartupNotify=true
diff --git a/scripts/control.py b/scripts/control.py
index 82fdcfca4..caf7fa687 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -196,8 +196,9 @@ def start():
     eprint("------------------------------------------------------------------------------")
     eprint("  - Moloch: https://localhost/")
     eprint("  - Kibana: https://localhost/kibana/")
-    eprint("  - PCAP Upload (web): https://localhost/upload/")
-    eprint("  - PCAP Upload (sftp): sftp://username@127.0.0.1:8022/files/")
+    eprint("  - PCAP upload (web): https://localhost/upload/")
+    eprint("  - PCAP upload (sftp): sftp://username@127.0.0.1:8022/files/")
+    eprint("  - Host and subnet name mapping editor: https://localhost/name-map-ui/\n")
     eprint("  - Account management: https://localhost:488/\n")
   else:
     eprint("Malcolm failed to start\n")
diff --git a/scripts/malcolm_appliance_packager.sh b/scripts/malcolm_appliance_packager.sh
index 7965f5b6f..9be66ee87 100755
--- a/scripts/malcolm_appliance_packager.sh
+++ b/scripts/malcolm_appliance_packager.sh
@@ -145,8 +145,9 @@ if mkdir "$DESTDIR"; then
   echo "A minute or so after starting Malcolm, the following services will be accessible:" | tee -a "$README"
   echo "  - Moloch: https://localhost/" | tee -a "$README"
   echo "  - Kibana: https://localhost/kibana/" | tee -a "$README"
-  echo "  - PCAP Upload (web): https://localhost/upload/" | tee -a "$README"
-  echo "  - PCAP Upload (sftp): sftp://USERNAME@127.0.0.1:8022/files/" | tee -a "$README"
+  echo "  - PCAP upload (web): https://localhost/upload/" | tee -a "$README"
+  echo "  - PCAP upload (sftp): sftp://USERNAME@127.0.0.1:8022/files/" | tee -a "$README"
+  echo "  - Host and subnet name mapping editor: https://localhost/name-map-ui/" | tee -a "$README"
   echo "  - Account management: https://localhost:488/" | tee -a "$README"
   popd  >/dev/null 2>&1
   popd  >/dev/null 2>&1

From 4774c4dd2d737068319d1f12d1ee04630aa22a61 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 26 Mar 2020 09:17:05 -0600
Subject: [PATCH 159/183] documentation updates

---
 README.md                                      |  12 +++++++++++-
 .../images/screenshots/malcolm_name_map_ui.png | Bin 0 -> 119629 bytes
 name-map-ui/site/index.html                    |   4 ++--
 3 files changed, 13 insertions(+), 3 deletions(-)
 create mode 100644 docs/images/screenshots/malcolm_name_map_ui.png

diff --git a/README.md b/README.md
index 6df22d47c..2e2f8e116 100644
--- a/README.md
+++ b/README.md
@@ -1320,8 +1320,18 @@ If both `zeek.orig_segment` and `zeek.resp_segment` are added to a log, and if t
 
 ![Cross-segment traffic in Connections](./docs/images/screenshots/moloch_connections_segments.png)
 
+#### <a name="NameMapUI"></a>Defining hostname and CIDR subnet names interface
+
+As an alternative to manually editing `cidr-map.txt` and `host-map.txt`, a **Host and Subnet Name Mapping** editor is available at [https://localhost/name-map-ui/](https://localhost/name-map-ui/) if you are connecting locally. Upon loading, the editor is populated from `cidr-map.txt`, `host-map.txt` and `net-map.json`. 
+
+Clicking the **Save Mappings** button at the bottom of this page will generate a file named `net-map.json`, which, when saved in the Malcolm directory, will be used to define host and subnet name maps.
+
+![Host and Subnet Name Mapping Editor](./docs/images/screenshots/malcolm_name_map_ui.png)
+
+Future improvements to this editor may include automatically applying the changes and restarting log parsing. For now, the file must be generated and saved as described above, and Logstash restarted manually.
+
 #### <a name="ApplyMapping"></a>Applying mapping changes
-When changes are made to either `cidr-map.txt` or `host-map.txt`, Malcolm's Logstash container must be restarted. The easiest way to do this is to restart malcolm via `restart` (see [Stopping and restarting Malcolm](#StopAndRestart)).
+When changes are made to either `cidr-map.txt`, `host-map.txt` or `net-map.json`, Malcolm's Logstash container must be restarted. The easiest way to do this is to restart malcolm via `restart` (see [Stopping and restarting Malcolm](#StopAndRestart)).
 
 ## <a name="Curator"></a>Elasticsearch index curation
 
diff --git a/docs/images/screenshots/malcolm_name_map_ui.png b/docs/images/screenshots/malcolm_name_map_ui.png
new file mode 100644
index 0000000000000000000000000000000000000000..7eb2b6c4df7165dc0248c35d020d25849e57f93c
GIT binary patch
literal 119629
zcmZs?Wl$YK6E=GAgS)#!kl?}H-7UCt2=4Cg?(PJ4cXua1a6fqPU^nmk-nw<`tFLP2
zPwz9cy*)io_wM#YDl1AMBM=|}003keX>nBm04nWY*8oEPlf+;@vI79DTwdzhE~>`v
zWDZXD7S=z^$y_`g%*o6>tStZlkByof>m*{H#@tU+Y<qZzX>Alq_DkWZHFpR0WU-ZV
z%cRH)nkHs;N;HQjc0ioNiT`Ka`Nw(R#}s4fv1)D2y()j7s*(Uwuhqxh`CZ$~{fAGV
z*X`~3l8~S~kN>;aE~W3o%U8qM6MI6RJpXrL1;hL~At85H-(KM5xv1f1f9OtK1>gC3
z-L;J&Zq(jghwppaxuMXvMf>=>htK+6=2zF-zE3_48dJ+!++ajn-TSw7m-OeC&)v^N
zAu&du<oI{rq@Db|os-#jpO>}6-1oZ(|LI&(!yWX`9E6jpwQnhX$EWAcQ~tgmz9KX8
z*OZOdUx)HPSwu5Fo(%hDwtBj@yakoMsT!9>y?Rw#)B70S#_CaxJeh{>q<&iV)?T}x
zxF4Y7qHl^j|MBKI$H};~nP^4sa@*dS!V#0-3z^&@uSVOkWLljcGFfDzd2c2BGVqI;
z%cLnn_we9`9mo6W^4f2Tz<qnv9rnOvRO#)Y?X?Z{)6nlz@6@2QHj^fKev`IeL}!Qv
zi|2j99UZO9&^c@8t#{{&wz|)czCICn{B0%{j>ylCnYHPCvgUc8=%x1}`7VF4zO#?H
zAItH2+K3SY!jRE|;n)U<-5*hio<A@yCU1-ZF~#%4IsKRTm%=a{7kj_5jo0mjp%c@B
zP~k&u6KakW!~t3QWFbyYC#%B@OqL|M+K!_<sYvQnJ=sbLJWfz`<*_cPrsk1X_ebTC
zrmk(x1DDq+I&iAz9_)4A6F;B;mrn9_zson8VLX~?k!QZTZjo=AD9BLLJz4d$rgs#D
z&u-E`U4P52>)P=mL6$bxXR@+9*Kd@1&93|G_`6-t<s+Y8(IfVXP_c!-#FdcLOm9(H
zMCp_7gVyqM`|7n^#x50ug*YP><-P_wSz)lrF`*GD7SG7^ld#I6@G>I<_a+uAMMhkx
z&n2x}AH@^t!LifdzNqid*AypMou8zM&InsthadQD{*fCb@hba>302C@-~*UncBhma
zqfNm0e=fVWQ{(WCVF@uLS}8byAxU$0k&Hnjc+%TP?6_5^W)m!&vgjsr_6I4%N*lFJ
zn{ef=nY#mBi--Mn>-e&FStrwneG}0j+IzdyW|XyJZ6iKE#x#tx{r&hALrvALHD{K%
zyku3g)N7NPtzNq`l#H7##QIOqn5zJhd$A#>es8i$-r}B@UjqCFCENXqBH0Z#zg=j+
z>$=UE%C5gAax^qz>fr?Wm8*N5bzARS7E*Y(1=+MVHy??g;M}VFZnU=7_?B*fQ;uP7
z3MH0tm>h>1Q}3Fq4~=9GmxaTupD+LW_F$<Uv-7>$*QM5zq%iW3r3Z9;Pk35df0X8i
z>s<)A$Sg_2Ef5`Rtg~kA@WfNk<5szXP1eJ&KWBhV*V0id<GL(l0anE=_Q!#PqwGaR
zQ4!gbxU>^_Yo=4W)oCi?y!N;z*h*_pZgA&VRmCN%={6O`oPjs<?hpH=czz|ObF%Ri
ziO`(bGAGsEWTbB?XI(rPf{bO%4~>;$3G-wHEMkWcc+PFk$F*r|k0oA8?$-*|ssy2A
z#|fDMjpdsRhn&?k$7?{Nf?uoafh@_=w|Tbdm4wEs{Y|36oKK|yuHIat9VUEMCv`u_
zZ?l5(5;V3&`9G6#b7_fP)k<)wiUi9e`12~Ey|Fpal!RIiKbUJj&#sM4W29RG5_T1G
za209WDqB*5?{ze*wtmqE=KPJ-%yda`Qj@mP(-_sZ;Xr6xSJ;KqI;IF#ep%5IG!9Z$
zH&m@wSC#((Yw`tsV_IxIusa^^xx`J9+4ra4Uu497h^HibhAy2^{ia-AHzM=2#kxtT
z>B0y&e>D=vL!a&UO<s34$AY7n!+C+0vL&spIG?Xbm(zF%7}zm$Hg5IzX+7{Fv9K64
zwVMgxrsVr?Ns?3_1Xji*>Ex{kvwC`k7NG2PJkzguZ!Shl!Tnea^YGs3E^7J>uQ~0^
zrRQ_}UDj6+g~nrvgNH7>NP!p3;sWc8;k3Yh)D>XPs!quqM6y|Qw54dfSDCnQx+ne=
z!4*ro+zQ+Z)ujCT&JquL=E5w(u5#dP0raLi>ryZhYeXrlhji$R)!O*Q`WGG<-k3Sm
zRt1V5V9^zL8u@x-Y*C2n{y3&!<upw%e{-FPxt*(P)MqF#)%su+d%2e!6dc7Z3ZWli
z+T7W3=18LGHkG`1_x9<apn1%yodOI}H&4uRI!$oOuTY4cOvnRbbP4WEIc33AH^m!v
z1MR>}KCAJL0BgB#lJ)Zy({5s5*JOTqXTU7JLFM7d1`otF>k$`b$a<ABjCjDFlABJb
zw4xf<i-$PBhBDpCf(+PmG9;-tyqVc2$itpW{oH&ebbg#YemN{y;(#ciE(%ULd|xC1
zkn*%ye#oqpo<Y-Y9_UN1-}epGFp{gDwcTn$x{pwW5WbyUkT7;aed_}R>t$qd{+4$&
zDU@865eBWZJjyb`f5GUUF|D!%uPB~<*u~qwWcQs4@mUY08)6>kAQ3E_JxKF5b(>Yv
zyGweU{MHIC$Go45YvP9M4wyo7dtN_a;K;7}IIn{s?*fobQXPD^%cac0sSTcTV2p{V
zEab9-yJuKJh*pY{?hvP&;>RJ}LrT%L5FH3@3BUvf(B^pa)RK^?hkd6Q<{n2VIdh+F
zzK$rwGs+-qD4QBe8xL9*NVghPtm-qFE6Tx29&F#sy80%gMHvXQl?XaW5)dAd*sDgF
za0zR~lcTy_4Jf>F0))5B#7+Q3vH3FFZStRNWc`lE*;m=%KLj#bXT?R0p0zyq0x|7O
zs6Cy+sBrt{VT_!*rv<KpN$)tnVxxC+*~vXs$2}C^NKYV{80`|Y^bq07uyDph{|Zma
zU@2&_(vC>v%?N@r>33I&iL7Xar@q{wiT`^xk|-t~?@z~nz)P`T0H%l<&XnS_L09C)
zb1DY~2)j(_Eke^r0O`sxS_u!)eg_U*#5B66rZk@kgfdny7ETjdzkJ8blnfK~OJ~DE
zrT_uHKgl!BPY(w?n=RMU`3A6&&A@{imq5tM{O*vRS;t7bnu<XQm9Px2MonKrjye{^
zO;xAp$dBLXR}6I3vAYo(3V(bu^vpAQ6GOW?R1oUD40dXa203Kb&kVy-q2>P(5$_YH
zWieyI3#-~$d_N7Zr!Q5=-Qn0eGre{gJ?;!p=^&e>LI;ORKl(Z0D!@v;>ATQ91dot2
zj;%t+*DF#niU%S|{2`<ZyrJ>Vlw&IxaHm^~E)5FQ0Ae~qk3neo2Acz^qK0*Je6m8R
zJxh^l5-IRI@M#@JhJY}z57`Ub)R2Nm{;>o;#eyp7yZrLo34Z*xl*p;dz#_y2HRp(^
z^+59y?^(<^#zjjk?Li>UO-ARU{(v`ggpk9M+E{~ecm%ZJExiPsk~o-^+?^2GKO)AJ
zByo@v91C}RLfH+x)*R|4rw9x2@y1AV5vMfHaxV)Av7z($mBddoqQbg+GkZg=#05*8
zjbk!WN95~*ewEr_ooKVew3&rfC2<V4S1MA}xH^(TvURYB0zRh)%YvXpXXc1=&4p3t
zckhhC;!qRqXCCvJXFdgmJ~vUj423Rzhf0*4&3ySP2NL&>W0gkiJR+eY2=lt79#uj8
zt?4q!N{;6o_x0j9E7sgplwxrAD1VAVk$FAbP@9&<tC~)zh+*%B-BVHEQvsLuTI4ie
zxa=LWC-f*(P&q++sLG?^e*%ynG^CZmQJ#uh6;6ieX_vL3Y-<tqzYU(co>d@LL*&gV
zA+oBGC>-bIchQ4-MXo&ri~6Yb$UGgXG~F$4qyZv(tx&<<@QU}KQA;U{AW;fRR(+rb
zP%NEi9SO&b7k#tfGp$Unya<#jImvUq2@a&*@j~^$G0BpK2vmiu@>w;}m*9e6MNUPk
zLQ%5r5g9!ij(phLhtXG2sxaW7l?{Uk3>?pl_b$PMYNl%Fv13SC7(;L|6I82mm4+=k
z8nM!@RxohTA#o8y_uc*Os1nNm3%J)>;Y!b@JnvqHDnw#VJLc9=IKPzRfbaq{J+lEn
zs!ne~#39{=-aPn@Sqg1BNYW<%h3q)7KI|)*`c(qvxZ?_-6+A-vy1S!ll|xv7S@3l~
zwRX=j@tUopDM3>zS$5tq(g8apRu5rd%G{QzLfD^7GsnrL!@5YCm?=Y<PFUk6<2CMC
z%rTg@L`~(nya2Ca<WLy(O}@3jNgc!3qb10zAN9yj3{84idtb9jdeKCCug4`f!IzX&
zguqH3)>D)jT^a>Hh2f8~_GlbDOa>4=4e7d#phQN3O<QuVJ3vaD6h~YfuI4%+Gx|J$
ziPjV!Ld6PG;~i|cM?XYG1#5!yZ13^9yT^gMzagV>qyfX?oML{UbZfcC>qlw+96L=X
zljNjF6YG<D2>V;*x5jybvziW;1*Inq<f4&Fdo%SuPQA4g`?M&wNx+F%yVpc<f(f3b
zyDef2b{i&sL=ms6HoY=5)E-=sXAqfxDnv#7PF~=#+D}zln@c#DH3w5OjQ&RAi3qg;
zt>ht*zwjWcce65Ft}Z=!!roM1TBMK{gSi+`&KHiT^TSG@;8*u_JZ+8eS38XZ$s<|G
z!cog~tuW?_k#+NnuY=h8le<pyix^AlrBRJgOM(HBUp=l+iTdS!)DUSx!%^$gt->U(
z;!GqW7whH30FaO8t3u}52Ad;hCf#qAO7N@&Z|F&YTWEx9Q%O!L3_hi3_%(+j&rHc|
zv18_wbTNrU&Q}bs$bwdh#BSNT0VP+w(qYrlyC=4eg{GMemfB)Hwn=vL!s^CqAqzDD
z^RS|Hah)j!-|izP#bxqquqlza>H84Q;5GMdkpPfd0lkrCmLwwWggGJf(19WXs@Y=a
zw8|WqaUU6-{SU!|K(qVJm!dd|mY&M|a?c6~;Hv3c{lL5LaOg<DqeluBxiuL|4Us*E
zM#8C%)=w3r6Esk_N8uk~&~V+-q;dQ{m5fVSas|}|-M$q3l?r_#s5}8q#*?4!&5X(}
zsDod%AyAhCcT9C0wezY*(rqT@**7smLJ~WcW!vi#%c?lwAm#&FrdyVxK#3p$T(!Tc
zsa{q@rBrZ{coJ4H1aU1PU|qRMm7l52tb_un!eeYig&`Y2P4ApU6TXA<=ae90F6_Gm
zZHXLnKXS-p_(f=o_#GPyUUMrS6(BO_x@gBGQozWClPE#~m0fSVLog6{<2ogMtZG6V
zq;skf-HNlcpzHWQoMvOiP@g{%RV-Df26=nYo#^(u$&X>+MZA8WXvSphbvDEGlP-&n
zMvEBKBkslo`~0q9VyWgYnlJur&ozoe4>S`VGnZt6WCK2QKLjF9YU&t%<YrSE5&agm
zRx{Q%s(=cD2)dDJr%sU!m+l_q$%Mo3E_PvKMzh@xxtGQT2gzBVcwj;f7Sl0%W<Zou
zW7yXXN?Rl?iG=^C%%)&!ys9)4P*ZrEL9n2tA^Kfp1CXxhuAP(}X^!7$c_pA(H+G<t
zh*c9o`SXT2O<_z=#gqqK6Qk}7S(K3a;`KXNBZwyhBP=GQ7mZ#PwjH_S99NMbaOA1z
z7NCNs)&+B5wl;4QkxD{!%%_Ifiq{=6Smrk%IJo`P1@99Z(tg;a6}JzF;3%S1AMP||
z!35?52%#CHjb2r)ZrpvDA)_Jkl#-IF?mVF0k_U+>GqrBmrTl4e14P?f$MFV6m#IDl
zL}VkP|E^}?yAgcgdl=_X2VCA3s(9yEdG&|x2G}Yhx?qyU254BW9@f*d+ddp}nNr<m
z;eGe6Aj1p3kN8c7KgcA#07$x1R-Dk&pvGbxjQXKWgd*C`)IDyc6r6B?cB7?0Bg6S~
zQAj6eFZB(@NTGt6X?AMg_-r7DqySF1oe+e42YstbLC0*OyUz)2BS%+&)ad>tM%(Hx
zKt}wHvITgCfX)QR=oUGp9(A!v1Zbp!9!2)#CM=>qz)e(aC#$ip*_B?V*;uxls!EBl
z9?<?POwGZLV*>c3rz~q>RMvRVi^@4(x=#`9?`nrFPHr-t&^y>^S|(X+z@MXUiWn~@
zSdf->aEQFGl#}Dqj%$g$9F0`HROCj#ag7L%gYB37Tj`3Vs_=cMpW<x3P9x_BsYWfj
zp;DgdZ;C5wSK%NYNm309t?zO_1AgeiK2lA2E{YG3<7MFtssu_fCq-sav#7zAn484J
zNL!7Zm6Xq0ib0zp2q&fibrI18D3jq`aeGlr{WdR@Jv0is(=s+fSba0mkt6R!e}K9~
zrf{*378+vnkySfJbHw|~qE+)ALUKTR*%S6}ta_2aA1f=yx_n7e{lSI4Am6DNdnWcz
zhftN@>gWkB_)h~ycB=NTO0baTin3^Dwit63QVTvpMvaq6>})E|QXq(REUYYk1`AB~
zmYeIc@t0*H6yh{R-LG@g@OLmml$G6&S`7!|!|WQMiVW1vp(79NKg^Sn!skXm7;BUJ
zunWaO8JdC!hfs7qzF5Y%J`uo_??*ILe^R~=(W!C6EEhl*ic*}*v-7CH{Bc*gwG^a(
zC`G36%&eXXscBiA<+qdm-P|tk84|g`NGdcygkDb`&W<)UjWb8;Vt6k}vau@m8fyM8
z6rLd^d-I@W$f01QV{&LPPg!z7+m>kKRi@+2x%ojt?NLT_aJJ{mGAv+nNE^vA&sn@t
z>B6gFHuI8e%`wR%f;j`roE&xxA89f-1f3(i<6|OdM_p9KkZYheD1YIu!$q}5tND=9
zCjUf9muWBWhmc>Ea|wWOl-y_U(a-{akxU{4$)WJ^N7TD8Z3N1vkp#Z`Q*YTD1|9a(
zcx24hp+jms5v@VL)gzicJ(ymz4k&rs%=QUf)*)_OqyFS#6dzvedwaax!TtNni;8^v
zb8_I`7g^7BX=lwCTl$sc#`+MyLMd^wYAjSM6uzH=Ch-I!StZ8mo~4$bL!JDZt-JN8
z?XZFCuE*^rF_g#JT+S_j_l6ovqGPC`f{okdPYwK9bQ^{z6k-Kx2{PlwyiN!tCX0%S
z6$}DaNDtPcvOi!+YQ7!!tm$b0L4EELuiKh9qOP}W&063<Pu(@|4?Nu(r9P90EDBfi
zCLO@dOKzFcDiT}4ZHG6)|J+-dDdLc3Vlv}!V17NRP0c$JfD6h(2nB?{U45U*0>7N{
zzdW|L5VAi{Ny#cb`6L)l`QuEXy8(2u4otr*OU?_}@k?v{v_VFUmY>=vUhz7^lKXB!
zL$q2XdcS)$ZwAmEG_XZ+MW`GiUp)Gb45>?+ozauXpd)^^yOz*wHI`f!JRfiu13Mad
z)2=7LIm6T)(~@YnM<C&a5;ebFxc1j~Ua^r8vmh+0^EhgCdpWp(1|l?o&`NCI<FZNC
zpqQX#2W6u$>h|@NYe!I<7!5rfb;U0XPm-Vg-{Q-=_xl?gqoNlcR;{K)5kT&`_757t
zX&(sp9~Tcpp6x&`h5QlPWfTkEN5|B|-m3@$?qISa)LGp(WXYyjp$4bA3{gsLTd=o<
zSW`mWP1_C)RV~PU@52!$t|j^dOW#mTg<&mjN1P}oS2O@7uL;iU+3<;rqZd+6_!W=H
zm1l2#Qqp@RrkvZ4&Royx=&5HwIu1dk`2OGwuk(X>=829Pgj)ZN63%{U&}az1u$*8e
zAjc}}JfbL{6XFM6V43fA$R<o<8?vMs-eem(jk9#F=;`bE{`AZ_#gxOyj4&2GkN@Yl
zutuR`XM((*2N}V)G57cP0i|Xk(q&pw>X+#3w^VbM6HQpw0RhWjgbGm|%Zljozon_G
z{5)EeluasK>U?`DYM^s4c26-<3loqnur(U?0J{xjKRm2B^F!u38*!2oh3ip!m72o=
zs&^uqcR0$2i-PL>mB1t_+5N#w41r`(87DH`?S6!m3g43=PJV0X8hAMrm0n#adMJJ{
z0Zb}F^dHi5<#su~t%cPamh!BAgRd7VeB|HOWPi3c(Q^o|PWE&t#*iW~0*e!!H_pc~
z7D#Mj4mOgY$F^&C!s=k#`MHeF*@LRFs~t+XS7`Qpumv$qXhgm6*bk|>5l>;O5Bv_T
z%-o`E|Hxa(cWUCh$x759TAdb;1|o1P6W?r;pLr|T7s3uP70>o3QrMs;spv|;{OYC|
z-$ltl{umpEl1K6XdwkQx9}t}Z8fK}>wPb;U<1~wz75QOvkZB!aF;!<R9#B%&yRlYX
zjZX~q?=3_{>=S{fhms2cL@KBCvan{`Rzbv2N|N64z9L{AT059hJwLZ{;q}Iuk$tq+
z85pDR{qe3~fR2iBV#J?yy{?>$I9#v)nx-aW;0rDC?_?tDRbI^`mIz%?ALwr3qx*tF
z#;w_zf5M;0bD6g`nHTN=kGg;=v0nbEI$Gvm63i@ZBpu$LZ2G4KKkR17q~@(4PaN+o
z<fjgWgv~Eg4QX+wyy{kRSKxL?jszZ<D7*h-8!QFzARjGzxOY*Wq&n1WBGlV}>;QUT
z+dhIcaOUc&*@DVzg{HGtpH)VE&1&2VQzoPbxDd9mnLI(aQB=FQS2+V*mAXt2t}Wp&
z3T`?}RTaOanB2xC?>)1%E(sQS@cIJjp;&G-)4@uX0A;_&drjdMz)ZpZ22W8)z5tnj
zBFklo&*-y!0;xQgN^t3p?wN=$bONTk8m?PnxYUI+L{3SM^v~Opv|GqZeUz4A8I|TU
z-u2-OZ;l6AHIABIPGRP`>HL{`bac8ww{a|2a8bnM_n>bQ7u9XjIr{n6nl%-vM<=z0
zy?n|$GMi1Piul)%$5Ry^H&$S=Qpkk8h>xS@!s>UI0kK~qH8^E<K%UQ*1SUK%6Ea);
zU)u0qLQ7Gn*2_d{2|g-H+wf0JOC1%$;q%t1I(F;e5&33_Q(?&solDheHg;GAY&%VU
z8hk@}zXE-t8`0IlwQ0y{1HQrwN~<{~Sl~&Bx|T)aJ{F2R-xJWseD1X@&dhRtB+*tG
z@{1}-Rl(*r0+$G8bob?IF1rQ}wOA~cuaRBf@U$w_B4sXuTdOmE1PQQS%loUG&6Oz3
zXLzem!Qelwk1`r=X6W`Cr7Z$V5VY*U_GFIL-0E~o9PATu*(Yc1^gd>^R+X{8N$WWo
z&-~lkja$OnB&?ZR?DNtJE(%h~=JY)FznZ<4rxoe(K0qpWA1R&DUz)<Yz^|!`N!{BO
z{#<Mgeh-_**;lh60+aS7QES=ShJH^$B2WcM@KJ+Xcr{|><UDKAIL4q<lK9BmlVSz}
zkSlGlXu0d0-teW`S(G{p<J!d4xkRy7LpQfu@$&K;f-w6TnfV86z&M?N8s5eNV`W$c
zO=SzTW!PZxYq#Zw?g@*0{Ghl&J<f}YWKo7-H0ap}ZzS+N4keO?<$TQ&WtVPO$zUXQ
zJ?%-e*(tQoDf}>S0DG`%s}2hA=T2=_iYfTW?tW`P@#kmMf-16fknC(O(r>bOk%j!%
z4|&ZcqV+l+@9*62nDrGiUjo-tg#+RK$j}ESpr>g#1qqP<tqe5}QXcD%?SBwk-CgQk
zYj%a%hjCfnxP(#IM6-&DE>Fc<>y&-8kH@$UR<(vkBDd#-EU=i;jk-`!wsd*`dBG|h
zU&Cux@I8B3LfmF2n)17L@slVa>m_M6U|9Vk{-I!|IL|e`N^|O*@%y3%?WW(};`g;0
zlrq`cYhitdt7sc&N($m+kNkVV79i@)d%tCl5eJvCS?KdjOA*%RRET{*R4Ly!%&=pl
zHQ7Fd0S*3{lbbT+9)|**(f2lnb=XQ5ml4o#BViLMj|wsmo<!Y2UmbBBF4g7Bm~AR9
zXdR{tcD!V7u3=_}wn*Lt0sULBdNteEtob`Tfw;IE73dk#J@TLm+zN60W9tn9K~T89
zXAq08=I|HFv~I~S*HyK0XzlR9#2$v^4&(6+#d#zC$8c31L!>~%KiF{9X9G&Rz8#b<
zQN7TX4e{f-fy=frz`h#?O$-8D0sc(N32>&HGG#?E6uQP2Pq?J3cY^0?5rK`yc?0^n
zvvE&XS`1f4T5w9WT!K)2=Z^etv~qq#Mi-~Zq0pD+;jgC}gdop(Ig-TL`8?iV__LZr
zAxWiLwgR9bk#bb9y8U*!q11`eat!%R&CYH%5r*_@g|&WNXc5Yk>|-IsBr^}>Sj1Kc
z9V0mOSZaR%u}MF*u$r1=+s^ucOxnW9FtySFnP1Kn`N7U)fR@eP@Dc{gCD5-RmRDtb
zo)N}3OA>r6kd+tQB1MFP&(-^FkopzRg~&}LHX_E}BUe;o>w|2U26-8y|DrIgw(Ha^
z-qCu0bsd6vf71|-h;?VPS?P^ZUgj-QB~G_P$Vo&;HU4CdSs3x|L74@cJFKuYBJXw4
z&uV_#|9c_<fZp>^(#>lo>Z@qTGl6<?C;t}ON>F4022mNdj<n3CLcc1DfW^FL(-u`*
zQkFx6f8Vt4tS&@%DuvAlcYmbORL*6`z<miOG&-Vl^Wwq4WRc%M^;O0rFmr#gEZw@M
zE`EcTzf0wZ^jd&_*P)1~uNXAyIX6EN76&bVp|0Tgx)?V3M{pi8B}hHwG4kJ^iCo=?
z<rs(=T1L9z`4w}ECQ#QU7Z!n&TuoMFrR^A3g&0AA&#j(q`cH(Oj*8G++JR-ctSJ^w
zdNQC_sS7+$C&Rwi=!$F=>0&fYvP{T#7Give^t^e|0Kbj?7S(5z#9dlN;s8_KjjUiH
z1>Wp8TM%PA3-T(&^mfMAXWj7b`E|MjB-0>z_&~eKbaoX`SrEm^3azusF)*96x!gJ3
z$gzZf0M3;;$(fz|>wN|2TJ@ZFWyj^%D!(ev0gJ`6pQ^wuy-##Cn00%D8^-uvBh#R!
znU0HHW5IpIw?;*IMIw0|SN;L+Zcn`o!j_IX<5E$eJ1u;B>?%Ls-})kdZuI<Et`8W*
zN8?jTK^3%XfSAjKNg2Y9CWOtXUfh51Gr4{=ST>-cm?TKov4)KvE;LPfX1o}&nX$0*
z&fb$@I<1?45A7#jo%ZC)ta6@QsZ0HAk5tQ`se)8z9W|&xw1q$zK8T)q-~y-?oI3vT
z+KKu>mY7I^fmvC5<Xpn%dSqxiI+2>B;|0yUzYL0m7DXW&<TWUda;4KVM}LgPH#x>U
zRu%YoG=WUsHEO<(8w%A18&sfsAVW);V>&!EzYWmp3XjyO<oF)Lz#Xt5h~C7=`ziF3
z-Y|e_T{vToR4PEfk%0cd9xe`cN%=uD)T$)H0c9v1=oh9Ri+o3gEtnao<7!G-Kh^Ud
zck0#W0rYurqB;UWkX$W-Jwsd)<*dz8zZW8YMO4sW5^uHZJ_KCo<4okQ;b0d-HqLS}
zr9AJ9OF4)q`Z+5l+E>s&DB*_QYXU$bZ2UKA%0*OFTI@Y>;oYJ3cKtrZs)xenOud;_
z@48@RTkrB2IZqKEUigA{lS@t=Z_9?_>b$o^+EnFK<XYx7t882(bghHfge6y0mhZkJ
zhkz(3I&vc3a?wXSM6HgR_dB)nS^kN^hs>nr3H_-XV=>>oJVqB=H%Y2kc)$M5NUMD%
zmQ%Djq}G&dLsfO>Y8nz&zK$=nJ_r@~f!5{bM5-6g(2ChaazXDl9qHe(A2_!POKCBr
z6&SRY?NV{yt|HYBDg_u-IXfY<_r5xRm$9`tWT8uw(M|d7@lHY4Uzp1^Iyj$rac%;~
zcmQgqkf?!4$?q5W{-!Iiz981ahoUe*Npwm71vV2xnbx&Z;e0SGQrW5j|7S|E9Jlkm
z6VtO^znz#zg<A$>DizMxH{wi7Io+F?@3bEUm{{<5yAWFIkQ}+2;ong(LJKI401U>A
zb^|u-p&3#@@$l26zwE9CXkliLD>8M|@N^-L2NGdE%^G$y0a^lJVeJxOJkLO@cD`;R
zno(KRE;m0oi=<f#E;Yi5Cgl1GL~wvX-2nN6mhe00YHKITq^vRA{z@tYSo%Ezy!<Py
zLWCH^H|p>^P<Kf;?(y#z<~FcZf8xMcKr^S!;slP;dcl`iL<qYQHMDel+h|Mf%sQ~+
z2K_;#5mk#LnQFo*u7+u-H^o|oqSJR|*WXsMg2El(dVFw!vSEy({wx>({=zZ7fv{rT
z7WchBBtso#d04ucy)f9pi(K@JA??0;bE{vCdgov1;|Z1Ah?!GF66yo>0SmEc<Crj`
zLy$f##DEz+PHyFxY_3<U1<}=4!h1yCu1qtv`UPp+Qqk+dfalppYhpkcq<Edb0Gq=g
zBqp9i)J9HB7{BDDRgDD}4Z5DX7R+DSa=qrYf0=Ryc>dTJ;88_u*k4wos0U4NR7TQt
zDIH&tVc4RYu#Bw?x7Wx^=G(NNdLk$H<S7!r5MbA+7Cv{SPJ)#?e?A701`5`;wS2J~
zL~OKm$c$Q&)h|n1#`#6lA45v9879vpNisNeq<86{?OefKLC8+}Fc|C}0p?^c{DlHV
zSsuSpTb5S7TV2)@9@b5l#pClDmISkfk{IVtAwlPMrQY%tWP*g{t3f$-9#cjYm!;fr
zTenc88VHiRX5r0)$$<Sur_&;TuI#?e`?vauL|7^eb75hzgdK`EW_V@<)=*9ibJChA
zZZM`mO`oXF#_`OIgSE7%$%`n#!Tvy$HCI3Wx#@U2ZTt3CM`aLPsWv{gC)fc$w_Jy+
zU`9r;@)I^7w)C=51Vkl+BY!)KUG+v3(Xh6<?btV299$c-L7>tHdm2I75)i#G7z{)f
zlv+<BgS_SHvs<<qisfR`-BYP*>KCvH@n}}5pmf*m9>sScZ|S#THS(>Iq5c%m%LulV
zP*S93C@bo$*n%%DBFGic4Y#=n6I@+Sw<If%6Dkt!&&O%T<L%yfc<C*|Y+FsN1K(){
zldUT+6c_O5)IAo~5f-7!Kmt6beg@QS2tW&IUYQA2YwRUHw|-wpXhdAj$f{p%3*8)<
zI{0M{yg_6?eIqu@U9t40BXXHvTa4;aRCM6nlPHng*3Wc(h;h9%>9sX`hM*U(A<s;~
z#!t@prWb5K5}uHqp;QxO<lOkW)}LS9@`uUsF|D9N?%v?{Mx`3+7mKp%${KyV>K=x6
zA?5{Alw(8oWx-&D{EwC!o16UaHqHyL>1bDN+Ti|O`<>iW+mrVp``lS9#qork4Q|(V
zi>L+s%xs!aV`asq2J(H_$;oCSEHApbI-K2RDI(ISX%`alKNa%R3yBn~GLj%B+6R&f
zs4SToBfNbj{qviFD_f1}Zi4K(G)tFL`XHQ}^@V7h+B6UixFUP#g1uf=7_RlDBA6vn
z>ISx`d3f&PfP%ol>DXZT1+i5qo+C;XNdx1`Nv)<2ybM9Ha#V{VsP0>dDg`y94<OBg
zkSVpzfh33^Sb3Qwj=1XdS_m$l?B;5VwiX~DT42SzG2kl?`Wj$;Ms&H&WW!V)=nd4n
ziFx@L_da#*ZaROSxQVl)aJ&)4S^;e|j|5P%He1%;??bA=W4+M|>TODpX+#l{WQ;4h
zJR-6u=#ZHG5gsq_c5Tj@Sh`hE$A>Oifq0PW7SxnhJ)s=UAS0JaW$LPF9zK#MF4UVh
z|H>^yoII>b5295Hqm=;-pP$mD(=>PyC#=EpsR2zo<Nt08fxCPOY%1NLr<CDhVSc3t
zxUks;H5>IR!an$}Xvn`QY&tR*;^J3bgmq8w;e>E_|AgDc+`lBtGcG5HsEj)et`li2
z3U{B5Ntq7{`kt>ao`A$9Nb74Lu(wk7*7WeJxKgL!tZ!d%L(+uE1CcWrWa}WGiz8<L
z!?C#Y%W}PIfAJdYk7tXkTVe4rzr-Xf^?K*Y8s!2wUzO%_D=;4EwVVBQp7Qh@<B`VQ
zIeV8JZAnD6!IvVM0i^mW1u5T)Q~cbbF8y+!WgXcU=r^gueJr98#M_F}>~@35Al-RB
zT!IeXe_xc4fnO8t{i-O*0{f?|qflp|)*`Xbe7n;nq%{Q>%8*-s9?YaHXOq;yrXVbk
z*R~okQ78TB;j^9Tv0o7K_+0<_dKb(X{ijh}h+!c7yK4T`G9g98`!aogu5y<+L<4Yj
zcn!!3qXOboLlrbfj0rDRNU-Iey7?PqP8r;4wqv7d7Dw3Ra7la+Oe`Q2vAVbpgT|C!
zteKX*Ox>FotXljMxz=nqcyU}Lpb>@LRh#ZP{@T{jW}Cx>H?;f}ITg!`@L7z&i~v5~
zu8_ohe}abtY4J_Ig)IOmukDH4c32fA)by7FKXJnr9rRkWw4OjIwk%g)n>#?4RDJH!
zsYu#U`H26ZR(XknYA*rj`hY>7+i*jb@CYIBqo#}l<FJ>RqNN`-er&eGr9{k4z?7%T
zU^GD1qE}89%q6O3mHE}u2s%EVW($ldsa^?XRq5?sy<OiUYDt%ju^y1$sX3t{kCoZh
zvd)yqK4Lr2>~|m}MTgH%aimPB92@0ZB_J>^s%|LAY}gXV{L&p;=8J<s;1J`I$%_-n
zDiMDQtbU|vbc2Vm*bxtX+k0Cp$@6~urdWzfI5_c)+cF2xLp)8E`6f>%O@LOZmF*~V
zlG&*+_7-|_nf}{%-HC*_YLT_7<^aHpJap4ii{=;v9-r?N^_6nop6Y2==|oXjt(p}u
z;mkJB72ilO4qKqQzIVcmIS<)h5nn0chS+TnYAxv85Dkh`E8ioir3Ra!E|mxlDl8|4
zV0a(aZR3Y^QN>>Kd4zp$Lic|!e%krGcz$a0E-PMusdLOSSPZ<Xn`iT^&?iVqGx#WF
zx~pZ^2gzn=G2rqBjG-3u-8WV?yqaS4oYPJ4I^@1>SDNs~N4!d0Qa$`-Nn}0wv=*1E
zlZ8wuXdsD;Y6zB;qJ43#ARU#ka4N+jLpt;ddvQS$`>Jg-<XTynk%08Yb{$?>iityq
z)*NyLVN~P~ECuAn_(d%{zV2HrZ&q}2Fva#nupIu|%ie2svH^H)p;u&i3H*yap;q71
z)-5W$^zwKCqUhY^{zmoh69?t6md&D`+&N@DRDJ)N7GX$T>ED{U_bJON&hGy5T)A@C
zusFJtwpsas)3aKY_TKaHfAJctw~oOi1zBPcEd8x6j$-=uFQYPJE_rb4r)OV<f%dqx
zLT`}4{mZH*#pKQ3v}Ztuv+fffq-j)P6|0_aE5ms|POooGTRu)dPMH>a&6>c-i>A+x
zfUAp?yX!{$yWh<<YM&s($K7usrFUMN``?C2HEVD*BafJzFV{8Hc)1mX@6PpJ%5=0p
zG|W1@N)0=yQDaEiX3v>W^uN+p^4|YNNs)RQMQ>)#<Xjm4mK?8D9_^M&hyN)QLr*%t
zl0%Dz`Q}OSlbDTgu&g~Pqa{$y3^~h_(RF9$8esvxM{8aaf<717#hyAW9|u27IcVFE
zrKQ!`G4&-D@fjj6|3xecPH$Ek?3d6=WumY02Yg3L7o0O$o~~6V-Y;}ps0vZ@v$kuh
z1kUx{=KL}aVajjzfr|tV%GKV9gtFv?li2Y7pw01TqY$M(+^&$=Q(4>0DbY80wnSas
z$1>IMyS4KI<yD5@<`Qb2<Y1J7GX(;T=tr*xVAV^J-veaG{p{VT*~xOEp{*Dh|L+o$
zvBM;<(2&1L+b^ISjt_5zcX#Tej|%$e!^=^3r55N}Ej3})r85aqGO1zqvc^-rSq<EQ
z`PZ~oyR(l@OO{+XwK=IZzRKpnf>~n@KxO8A+Lvm8sP<P@ax<yCI3&<<5;qRWDB*dh
z;!6B7$6M^Shx>10?>2kFVT9<sj<2+$y_|3_AoEm`_>X9g91>AaM?p{SPqvd;j4p0L
zRV37)Y>2xD6HH~IGf5ixBvS=7L&PfB!lM?H)vOKA;@Q^bCt1v%m~(cN+<QG4d&p+^
z4Shy@D7887IbE0`jzWwtC{Ff1zf_bWxA_YcyOSJF^R9<?tyi$gL>_Hgl)nDz4oeW*
zyh>dmuIjl1D)F%nlVIG&Q<7c(5QQ}ffu?Bxh;cu>Q)3=?ytMVlCwN8?h)ekbf!MH<
z{md*eT5LSp{D^a3h5t}2VTSjIQXc%{++6R;w!g)`u<#q3x)_*mc;v~BurY-6{bRSB
z?{zNz^VZjpwB0b@YT)UuJbw^$O66TDyFyMw%<+&$0ez&yT+voo<l2CnSs7Uu{oZp@
zom%OZUWH2y-V)5>Rq<4N-O`cI(@FeY44XxX1Tweg6(@&$;AN6UC(*{quEZRY3RhPC
z*x*{-+xV4m$V(garXm-T_K<FXRv}TExFp3TMa=t|LcIXlGQ5FCz>It7VW)`L4t8BW
z#~*iUVQ)L~yV`N-kA0<_%{H)9ZXW9wu9xF&sNjT4Qu(Sj&D*btlcZuYQSxBZ4eYS4
zh^8np4rA%LhLJDRGOQ@2{={jmB0iJ5|4J!JrqokY@{^LPed|FnEwtR@t80u`ADKC8
zD&gOCcl_na#nv|^_gU|dZ`l%4vJpraPT=Sd4E5MaFSTqhg|4`_B7?$vN}0&(g<9f{
zxo@WL+o-*1I0BEZauyZjYlHLN9Vl$NwpiaS(OK!`e6vyxR#+$UrOXs@@QTtYPJK(K
zJseVcw<Qu?QC62bA>0Bq!I#p!BAfX<uS9^hhew>Z72}r&1B_x^*;56Wr9wM$FIW7x
ztmPP}d0q{_v5c}+>Eh0zdJJ+?-=78(CDkC%4g@xS5Cbyb)<~RBdfXUCy!kvNoE1__
zLEEVPQZ2Q+Q;AGZQjXN@K3Kfk03BBA+(B}fk6KNmxsdp|t+jY)lZyWj*oJbcmpQ5s
zN}!3L=IigRtxpI#5;fPSia_^&2Pxnkq;;GD0A|YnbO?`9A-8`*I2RcO3AjTj0#q2N
zRodTM000?4MqEVQW8<R7GlxjZ^Yc^vL14@I;=<QjtDH%v)o0>g3qZz$^clhiLJuZ>
zJroS!rXqsy%b*Mi0gzLXM^3~8AO`UjgTFEw@+O$CH=4_BtZef=xjfx#XzU1ixwj;_
zSz2m!El&Dve_gNJTEEHym*-{vb$L*m6Ju^aRTV~q7SY6y4B6vmCWlrCBm+9}VkrcW
z0fYXvf)I&+SO3#e>i;YFC&R$`uK-#EKKg$kGCE`Q|AC;X8UHit{|{0gr1*aa%4+|g
zp#RJ4{~zdovrh-3LB{^m#fg_K3&2xnX(KxR<>J@+*^1{kw>gm}4!fS@ACxAh3hz>Y
zVHq46?zn&VqBBm^7_Q1CaGaIItO?OB2?0btoXf0Yl0l#3T}z=Crzn5PEz+Zhfaveg
zc56D|{-@u+N5Y9cS;3)(z>-Kk#C|d+7vJ?3<>-EPZRKsPy75(VV6BS`NubhE(Qx_m
zizo#RMH~<Sn1z9;wV}vPY_ev`Uf`;k<FLfcOey=~<Iv9L(9OnTrgZ2tYc3SzLl6CB
z#3@;ISC4V6^CIQvnt*5;wvLJe@SoBCnUEIG<9Gr#o+<=LzL@z#>M3gpw;@fX8$%RS
z>+G|e`TPXSx4ONOZ4EN$h^yh1pc%f|U0}HhOjxSH+8mZG>sqV!z54a9$`4&MgiKEu
zOTxxGcB;+d+rJuvhjMRTCK(FI01VZZp$3_7=W(vmy7g^T(GX*0#&sor&P;~quv!!)
z57es(A=l+&y(}Fbf#ia954|E5BK}7X%j!7$Z=7u{t}X&6W9a{NfyQNgT)+h=RANE4
z&RuhIWOQY~+5JwzXU|#x<3~2XrE5G|kSYZ<I^-hGZzt0eM7z`O)1c#$N@<Lv9A}gi
z4AB6`g$;_oYg9iqt}{(X^igq`w>RK}s<J%aIV)vH{Prt<hZ6E`e`IIpdwltv3Lo`<
zoN7qCwc<6wNo%F>HqkqF-#v32zBK=@YbLM<H;g-0Rk|!8)WD;Qa+@l)G*&q8c2t_k
zh;ez^)o!Ch0>pu*R;h+}i=1CQ{gm9bzC>{Y#v6z6>NW~VSvKL{$Ygc0%&X2)Xk;Q8
zTB*Y%f4)AU8oDdQQ!PyRps^ifUD`Zek>Y!MJpUyYNdIB|e!0`Wd(ubr0d|ig=D8ZX
zZVAC#*EtZKZ~Nb3GE^gmRHVuM(@2(sR0&*bDy7n1v6NRlL_SaBY{*wA4xGonEnB<q
zc|1Db)Rmu$=f=&69+HZVznBv6s<^pV>C%fOif>Rpg|(fnSkqg5>(r{&-%LNds;3Lp
zM@8LnQp=}8*Et?x)AMq?ZWx%z-}1dEvsnv4_n(>K>b^+(u>U+A@AG{hHw#p#8&5JP
zkzTI*pQ+5z;Q+hbD=bJ@68eQlJ)lw!%JhZ9@uDL#@|@e;HIC1PO)kUs!u8tFoM<vL
zp)T(mJ|UjoYa@D-#fwcgz<&E~`@rt_snXSq|EYeq`_<_gNC_vZMc~!>e67`76%vRQ
z)orifjrT{OkD%u)tT*tWR9*J<a?RHB<6+CN{UFl*!$CXE{9XrIByUTa$(Gm(#w;}<
zpXhr~f`*2|H;nq<j%guiI1-qqLvld-mZY=P(?w93`ncmPn5Y2c)osw5Wn1(ms;V-k
z;pm1GKo&K;^AM-d_C8>qR>?*V9e(|OcpCm;_xa7Ao0kpUK?EK`_MlV=f<h692oR<>
z*6X<29yo9P*2Y1Y+5EAaHxXqUAEyyd#Go=+9P#kjOhU?>@?~2BxA_RM_8{yZWH8(7
z+ata==~NeI1D)KMF?*@W6;?QHh;~|O6$lL)U_>RqBnwftBZ~GP(#uH<f!WO|&u*OJ
zD;%}ybSu@P$4z(OmHl<6KFBr;A7FQylEjYQm=c6Gzs3B%72eu+f83(M$AURI^g6oz
z6e;le9=xX-I>w0@g60_WqZ&JK*cD0ot;oF6E>_|2!qDIGQ(W)@EM0rXm6eUbG!u3Z
zQhe~QHVQn7oEtC1xt+z?s1T<AfGvU2(e5C&bm!Jg?8Ejg4-wv)qsT}R{^xn8xsD1J
zPaJ07f9d-lnK$xdq)8aFr6!trdYZxm$vYw&$Zk{y1>LEB_()-e6*9_o){gWs>-J&n
zLblqmeViSvJwBD$_)*Cml71ZZhYQ{PG7B8DhBML8*}-Zo2@zq*ytC^r(@1;BQ*5Cx
zre$KXwqB1}SkJ@iC-J8!w~;I~tJ6<jaD6EhpsW&Aqt{<5N$;t+J{8^@FIX$+QA(_D
zWGq*u7nN?&MIOT3+x<^W(V<r6fN<)i45`qZoZ6%zr$T~St1R-&&wlpX?c|h5oDmOF
z?ZlgdVBU?YImQ+8^kpl>6s2*xy6%4M<?H1Xuf!ND=fcaR5C)LPjX6n_jlb2t#{2)x
zfAs&@LH+%-TYnIiMf32)rSEKRvr>zU#8c`tBTbh?)pIxJ-|@LCKB%lsCHOF4W9a7m
z6Ro~rBd1gfzLX<XHnYrn)2&4p8&4&gY`h9u>puZ!QPUVAfHlnyWKe5f=)u{h%e=8d
z{l!!-R3P`x9NUe{7>{)nBaB=|mC_OBAJvbSW@COn-x30;!<erHSZ<}R{SQxX12A??
z9CaYoC6I@d(*iJVzZ!b(|J?b{HatpvFa77@&$U~oxwha9PHUMo-c8IWLGC2m#SPu*
zIIg?%9n!ZAci2w86uH)BP211alP6@PV^q?gBb?Ufuly&BH^0Rx_B`_rxSeZ-55D{h
z)c;Iu_CoaoOJ}0Fnr;e14y}!aM-U?nLiX25V@Pa^K3Z4`hS(Z>B`FyLVEiv9_@9M)
z80Fygd+pb5^4}h=q6DyY>wh6?VeueQl0OfWf5HBaCQC;i0x0A#jPi3@8}H=&JL-zR
zq&|gxeQI>nSW{C)Ln^51^Je`t`zl!z(*8GUR+h8<;l&1pBnuDk_I!8*LljGb%cVwp
zJay`bH$C!STu#t{gvB5`5efkax9I6IPe1|!uh;b86rzWrMYLONMI$q%$CEh9cK`_`
z@cBMFsbRGh2wM*~r(J@LYlv1vy7e4dSfT*wB&w0W8Hl@(A!sQ8xU)JTUn8?=3-ld7
z>#^YywMtlwQUT&Hv>@5VF`>^xt-g1&FO^<`UGF`cYmaoI2|P=^s<JcUqADp>m)vpD
zL$PGQe|ZWI0}ukR0?Ksm)ngEIYhfgSC)dN)5`sI$nzF+bjW~I+t0@Cj8J{)@C;&x(
z4mdrZO09O<=`fJt@i;qo3j!kIb5uMG5NvYeN$Uc8kaRHRl72T$5c=tAGA-roNA2VR
zzuE;c4Xdf-NMA27-M87TP8*HsNP8}w#4sInk<G-`FvI?>=lN;~+Rqxl3xpRgzkkH^
zkBq8u28}>l_ekYM+$#&}62U9HKWFk>CiHTgri*C)+_~@ymEJwrHXb5kiMHD@Aq|EY
zpLXK3iNOQO>fT$f(z}gn4xm@6KCe)POu7z{q7jExSlM%hU}j+e7rxb}ukvYD-+!V@
z=mCuh*iQ8Rof(EKLG}B)P#%ZX9w5gIdhPjEhpVT|yOLE!muAg2`(w=5@z>9Q($)JQ
zbC;&kvD+M<e`@Mb8@Vzc>WJw5XjNsaImDlB2|?R=;;(Dv)!3N6;Jc$Rm3I*2Ji{Oh
zQ5LPFnjvC$Ud{1(*I{`sH!MI4VjqRc*Hxu*h*GfF0W%H&(M=Q2K~-7uy2f~a{pPo7
z-)^t<^eSO3MBn>&E(8S$ay=axhvw-^^`>ushyX?4jfs9paoZVXRiRPD{BkkSVRh!y
zbRB;cYIutCZ?Dw5-FXJjJn?fkysCUxG1E|?9KAUEQP&hSK7!!GJFyt1>M+ZVd&{j@
zI#a4@+N-}KhG#13Kt8NKB}|vQDaLY$EAlVv9iObi12|M+k7jUKR_vS9GnB5he(-v8
zVT*cjuKnz2$-;z%h%U-}$xxPsFH}#$mQZOCA7qnP(`Z>T`*$+?q<U5Z1K>59#-AM|
zh%oevrdKO^ki`W3L~po(Iz(BPS|-h0V##%gg>xvwHm#H%TL}0@#)1i(ek9~`PBXPg
z7ijPId82eaGl6krc`SlanzG1(FvOB|2apv3F8(h0N6;}I-K28zp^yn@=M*XZ$x`og
zzGwZm{vM$xQvQD*qy3(~KCzN3g(FvU`y79ONKReKe&c`MgKAB+Y-%yXAfhQ|JJ52_
zMCnp1s2HNE&fu41Gh}qql-w_t>}3!7U;_=EiPl=6b}UuKxiR(RTjVRKWRe*FA!#wf
zjKPv7Wm<G*=>H9#^hs2hqD6E$cXcXQor;{9lZ-rH2VAg3I%Xjni^Alp+#QbhSAKS+
zIxW;{9-jy7=0LEF4zg5qD3+=hq|nGSY%QBmtKF{5y!rolZa?3Ej^Os(WAc+wS?09)
zR=bhuZ4tq9;?|<aln$yDI1%(BhXxLCTdH6^=bfuZv&hh|#EP?}HmF+bXo9B-yilM9
z9c{F1<$6xb{Dh1`RWF-9Kd4Gw8eW<dubUXB;`p$m$&S;)M1fB0t28=gdAKOC8{faR
zVUS_-#bB<FrVq6jV11l-1%GWXv^hUs{kJ2$_h!@VKdz;_g)SIlR9J;n7!Qw~*+s4F
zKfNSWObgF`t%%y0%=%1=0tfK&A1|F)zsfkV<xX(5(O2=F+{|>Jsxy?DY`a!Dm%(F-
z4x?a%1!_4TkWpwXB~_NW(EO|bCv8FfH#=v$tZV#{p;?)bt)?G@w&FyeIhivNbH0+(
z|8&eJx#F@VoidjelAFn`KgN7Wn*%a$U~-tf1dY^c$}_AlZkL{q#!y5RB}k|cH}rx=
zY<>%j7CAL2Gasibi^Mu#@wT4->X>Ly@2sTX?Bpn=2mlUj|LJ_lK@>~wecPE!slo`9
z&dKCe$EHRSQ&<clQ^%qPiirj|vo<l)$%QyBW|e;RH|{%;3QbC%>e3X2g;WwyD@(yZ
zGwB3mpb1mG%NYv%&5Une1?>?Uc0Bs~3##6YuP2(vH1OKt?6{B6Thoq8PL8~p=*G#0
z>b2;Btk1{Iz8}9`JokR%5o`=WRos1jnP@OEZv20Ed8??nx-M$7AP^vsU<r`m?jBqU
zcXxMpcTeH&4grEg;qLD4?iSn~y7Il<|5e|1k5QM58i!r`ti9GV=iHPlan?3@aUd!T
zeiiJ-Ohk@s6alrNo7GV0Z8hk^AHrKsw~zU9w8@1qmq%#dJ0%LXg<EQ3$_TQUdKj>9
z@wk0Xj*89QiqDT1=eqKOB?DJSe{w4yB#b6gB!Fe$LXwZE^1C}@3&{pV1DIPf_2iXC
zW$`@shgN&lGNy9vCkTZAo!>AEE85HA5icLMUK-w9<>X0cn7#>f<eeK!G@&HO5yAit
zA`qcwP$vUWy4h2L8ei$@WDA{@bC6HIpIgY1(Izt5d-eLW`$32SNhrk5t+@A$H?-#c
z9#b~y{3_kBKKli5Qx<U{U?W12sP+{XcsH7Rb3FPOA-t0(Xh=L@YTFa``bUcj3D4aE
z;mNtceq7DR!Rz8szhXaYsNvK9X5<6T496a^!)C^Fs0dp3ej-q>Y`*Eg72!x7mO6D+
z-x{LH`gLmIelfTuQEVr{mb6HA0QvU#9pW1Dok!C>Wj4(L*3fP{w~NEW3q35Dkpop4
zAP1}4jop~@4^=7wz`+X({V8#RS;@`qIUd6I&mT7GwS|+=5e&`smr6=twnF7nDL%cQ
zW6$eWu^@173&2B#jaIY}UDIc;+V|D75<Yaw?G2eqVA>8b(McHFzVDC%HgPBjgL013
z&OGWg#)v^L?;9LM>@d8~x0=tS!ytC*G^ts~8g@D}vkS2@)Z|Tcd+I#{A1gNoyp~1T
zt9V1ho?nh4Uuf#>H}0eGJ(sJfiwsbWl>Pl-1|LBHe$pX{g0?ioYpX}Fio{XDe*REi
zn&m?AV17|r0ruWffCFirhK~ac8zY8n?nprj0_83l2*nzAjk%)pk%4-E)&At~;-KEw
zAnHquc2zFOCaRA*ld8}6FYJf*bE>1{s&{4Rk49bswwW62+uD?qiN}F01H#h|`a%s&
zm(hu$Ix-Bc<ItcDBrf{iqp@1fO6nWh^hcOQ$>D-=g~=?N%Wo~yx8eP#>^&EH;$PQP
zY*i)V4!g*&e-YymDlIq*$MQ@>=b9~hRNnI$-@jFzCOca#C9Ktxw%s$PPdfr1@&rFz
z2HPC{m4hevqd+$tHod$K3n1s^8rgEc9J_{4g{<~lgqiLT=>K7fa7;Zu5Xz7eCmSQ@
z#_BPr3l_}v=|$0mQfS4DGA<#35L0Rp^ElVaZxw8OTu#)hmWXo-7!-w3*^&~G;@Z*3
zib`p!z3s(|O{JmG#G`r?11~3vu<oS#@uxR*>cMoES`+3Vl#6iPFD-bzTzlItScc%^
zqLKphpmR6@A#&GL6g2V#9@O1WfUw+$nbHvu3Lv&VA*oCQ41;N7)nuSaevrY48dRo&
zn9ZSr_5Hd=y=OMnyaZ+w&J{1&c&-|01KD~d_0<Ff@Vm*=MLKV+mXvdw8VB>hWpN(}
zL^zJSS8_*vmK&5#Q3(^Csy<qX_cnAg`)#{cut#O|zy5Bw3HCq>QZpIa(wH}-6w8yU
z$E?HA2S5z{RxL~oCFszAGNq>zv%1i#Ed{~`1p#SzKnfOiR$S#ls1I%OC&*qKsW>_y
z0&>uS%&gB#(#sLB4B52S#v9=UT@Jhr71`7QfPbt6p5F_|@YB~@x1>#&`Lhh=?FUxQ
zGg*vQFTzcwtf^!HKN|6xcq%a_D1rrRTb+gE@99O65p!SrP@%hHq@|jpj*mPHj+3H9
z?{L<9%z>mAH&xRgJgwE^PD^@ZnPWGh;hWC4hAzchIMNq=%)<+CJ`p|9C_-vPG(wl^
zA9KjDi-V8-_e?u{qvwAdEQ!b*K#(dkL9P$=TZ7IxeFY;?E)!*Yd5%-FkY#N$5=JWd
zRg0rsWmFd9I$m<NLJ`|Xi1@ru&8huRwMBzBM_09<pfE#uP+BZ5!`eJubPEA6JqOll
zWJCl^;862i)_&%L#RQ=dhM>eq&tO+rv_XOkh-}7Xpw$FcC+*N3xRUzw#;uE@w)3hN
zZ)Djs9yv4u1b}k9B};a%jL2_=NCk}6YiZ3@jX##Vg|5hTEXUQ*B~;FJno1Idiu2m{
zxXZPKmSkU*6Wd=R3lT~2VX{3Z@CgA7>LGaE-0uO{W9w(L!kB;VaBC_3=UTo1x$bfq
zF}CKyZ$A?PI>8CJEe0BtS|P&!cxUyY`DZ|x5hoij>xM(Ps-t&B!BKy1L27Ys^|dhS
zpJ{4NLut4j&VR&0UOPPFXd*g2@u*b{@}5cB7z~+8M@5^Z*^nKeP}_g)DySQ>>i?Z^
z;{6lTo=Cit0~LB%^AK{*oe8tuI@PKtpp6Ft^iW+h2<RA%vBJztGEe94MmT+rS*E%K
zn<{+o7bng}n!v!km_WaFx~DB*M@hp95g%l3T5aZ7*;t8_vZK>unoyEne_!OQAA&G|
z@UqEgJe;??=wSHR<3FDHFn-f;_fqR#hS>$fnr!*^xV1Z$>UDUPpRgxnWk^Oz{$sXD
zekB$n-5JcVPZ4-?`?6Yg%`#!RlcAdF%wc{g)T!!6;oA|k*5&f@EXs36!a1N%UEdA)
zH-r6sMOLa*;WDnPa{T*rLP&;63Mj*VU}EiLi0Y#}ym<*T?i)H8Rr<cd#*t(f7{CIW
ztSnXH-~l-7N`DgUz6c1}dMIyb>bmMn)}RJuFzQe|H3?X|joxu5$xsF$0yp)sSWU<F
zt#Uam57V5M=I_eWS8Tky9@bi-@Y$8VKxd5=E$GbM`RdFrBupX16h?o;C2#$E1-{JC
zEwLLHQxxHO=(R%;Vmnjofk|*Ud%wSjgOA-w&~(<q^~3RKMuUkh8D6P3I)9kItVz(c
zyu`OtUN9CXo1r^>*2x5og*U;HrIi$?(G4*{b;Ba}blzLs#xIN)>@P!l^6a7iR_;fZ
zUxBY!!L&1}RZ~-4-lel*p~jx$oJ$yE1gPMc`u>o?h9fy09=hWa1zLD+I+bij!m`=N
zV*t{}a>(RsIh_nYvQH|Se<$nbu9*KV4W9!ky@@u{==(<q<?IJ63suy65>1maWMm-W
zsoq69RoQn+&j%PdsN6hha?n@FI^thol*wrl?+5MV(^l|+y}(9vP=5x`^FWX&P6LKo
z()?;dCGJ!L<Ghn5s$pN8qf_NWuVRyx$VP2DrNJ<ZYVGOjls=a~%I}i6oRKVie?Q1P
z_c3^cO>0JxCYVJQCTDfJ_uTi;jH>v&wVpnrktn|7rI(mEekuUAp%EakIT*vmt)bme
zU!1RAxGVJcm$CrWTEbBM=&WnzDRTR{a#)}NV?!;hl7JZ5O5C`S^6BgZqTy&2b>NV_
zFMpyGJiI(5raVL|fDG2^f2vd8x+Dt72SoR0i2TppSq8*@ra={IP|iOd&x(NE=wF7-
z>N@Ww1BZ%T)#1hC(loiIrN^8+5TrBe*R<u8Nb?Gqq``&<WFnSe$MqxCjr&iJBGv|^
zGZ5@ple})a0zwg>WGVk+PRcw+8*fOANbN}ofK<CC={ZnphW(!hxYR3WON9)_LJT}y
zr+Fvy?AJl%S4*ZS?B=?Qb+}-j=yJ{U_N~8X1rc3X$k42@6?<1_RbAb%*cx2RGg+8u
zA!KADuBSg_G(s&atQeiNXGjSB9Oa9j0u4@&421;_jWJy@M|vmsqExExr!KvtmsPc<
zR~O><wZsxy4~UU@U#QbjLgEQ$7wiCfEAo9`I5552hUzh_iSWy_S}jhs+ft7r+zMN2
z!Pp+A4XIL*NVuhrJscCFB4>Y3WmD!eA|>MzB-qr4ZvLIWeDc~AcDUGv5TFKu12pp6
zgJE$D@rsG?`#O}A-w{eti@$#KKW29(^Px`7vT*66*eCztr3J<g9Y5n$p3zgOo8v(2
z9RQL@l{WYa`WVn;V*@)xIDm}vn`c*$7N=l;eo0k(fGn-x{-!(~3!AS0$&C=w8!wdc
zY>C<DiN~9yI|+!<ojccyzq>t0jeiMew0Ej>x_|9~bVS;<l#--Gl4ykXCuL%!b?s+H
z;7wi+JGYsjr1~VIcA@1J&6(7Kt=OTC*KXdCX}XQ&)p-l$Qh&{GBlW*W7N=)YBB<e3
zt`l!lkYd-qe^rkSR*x4KZ>B?zRN8ni=4rWK37`569rBZDU#B_IEG<Ju0{wBWy0jv{
zoOouo^|xfYN_A<Wt=Xp74lTNX!K+4xy@a``tghS73k#dqj~_M=y(+roNMZgr&=->^
z9yO6#wYoNHm|Gvz`pW@ZG%zlC&zeAfu?)(}=+sFeKf&zE#T|Fd(%rSqo(tnjRu$Qe
zPItW<)9aL!!@Y--?)JU{@Rx1NtG_%U#yxL{P7uLaOmA$0G(A5>3o;{dPgQl)F7y~C
zy8#i7FnxozsN4MI>*6k}8t2&lzPXF+<8kA<Q4NuspgQe)ba_}EjDG(J%5CXcbdi^I
zEljkQSaq|0=V|$96k2v9{^iS~&F6Zp$+?A<oA&7Qw=1?_Pp(83ZI$=5-87qH2$DP0
zbFbb6y8lrrpXGfySkZB~Ue@Z0PPwV^{0Mw|{DtmbU&J!o_&y+tD-kMGWKIF#g(4bv
z)_|6tsi8eZ+~1B2o~TtglB&NXB2Kj$2_Qw-UO^HN^E934oa(u?rUG49(EStiAS#z6
ziGKc{ct!JZvQHlts>+SpZrCo56{Ei#q}IkA6(qLDSme(R{*qUoX)!rk5H7|b6jH1Y
ztob(d)Q<KQu}Q=RdzsVI;I*0JSFf?y3TLx-MLk~#ETju%%w{g14V{7Lb_(By?0>zj
zD^cZ(q5_%ZUe3>XU!QH;Na9tXHe<aFvmfsZk-6m)3K|mXSg1Q*m+Lwnho$*D!E5U^
z$6Gm4oUsfE;4cakBG9uFz9&!jK34bIEn&a%`gG4InM6n^qm)Tc%m2b{w4Fl0s%i-@
z{9V<=+520jV09S{>qkF$LciHocs?;Sagsj|bB<YR)bZBpQs%l-v#T0(nAlBj68Tn+
z>1Gs3Y4C(jkSkG=3{{WuPdxD;(xyy~8T76fNtTt7x{TToWu|@e6`&|7{FYn*aN%7s
z?kFfxY@DwL(QKHTPyi4T9*MKG)Fz_w$A_oSV5}UsAW`e}*9exS5yHGge)<opk6aB)
z2!z&|Jct=w-=5Vzd)Z1nqd@_}gh)a`sOZonq5G0`w(l2*;aLkCbLMCQt~^Xvp1zM4
zUF6!#u>>#_u%U5Uv9Dv8Sx+Y&yd{<p<aj)9;=;qEa@{JBBVum$qjft5`Q<2Ilg*-8
zpM;h;UOWYXHkQGorIzg_`>d4CvL;gw{vjTj`ysDoKvCQh0lNx@5P$-!1y3|G`_o8m
zNNFH)TreSRNCaqn*#jrdb_0tEQELD*62oEDMbUOlbr;%}C=h8l#t{kJO>{uYtmw*=
zSeztzJvZZULKRLV4n8<=$yX{gG4GZFYw-*fM{4=&7E1LXU9z4spNm_HHhAt*R%u*Y
zODCq<l^~LF<R;YDxn^&T{Q_fqAG5Nc1xk^+KhZ!{oe`5DHRVbKgg@is{XHJjsw5oa
z_$qk@_wE8juci@>D-!@@d;mb9DCNFC)%i;{umaDUv+9#(7lmR*R#11q*r+H$IZm#1
zZTHCZ?#C_X$W2RAQ%V#Gr7lOx6)k!_%SzpHqoAiI`qPd3MnQNGVLVA_RenTXicSkb
z0>F=bp(RdfOzx|5m5c#a2!l`K|KkNHP<1@+^Y5*y8JabC&Lc-dq(cyuhxt#&Bb7v%
zk&>w9&R*50ame`Vg`BpdZeaoI)J_qQNKbV<w+f3nQ#5<nGx>ypE?}0HCBc>${y4|o
zs2FX3phyn#Ln)S0k)LCpy%7lM6Zwh855tFbNwF>8tC@!Gc^^$i8;>TI5|%Ua?z|w^
zPC^0I-*xXL$hN9s-Mm2{KE2T42~it8B@z!yMwWjnZ)Z5tS&`$USKi}dsV!_=-YsZf
zG;w87CWY0XzAlfoCEHk&Z<dxMP_u8m9@%-pVS;kN=JLDrXIFs$f@&cIRMed)Y$yQg
z!IdGBz+n(0u@okumvh@V`8^0vTk5W~@k3ayL^WC<e<tzwf4qG`j{pi{nF9Te`wBeF
zrq_lD0%_-3fQ#0&^SOOX-8d3Q(mePAlCtCZBi|Pfrc|Aio=MKpU0RJySF%f;RFA(x
z@BlH>>XBQQNV~8DA;M@P8OlqGsYTGrO5zlYoKYwv<TQR6H4F%0Bw(m1j6s9~$l?`$
ziDGZl#>gkqb;4zv{mHTN$5t)5?J_OP@B_M~M;X}VZ(~Hvrg8&#2y?BVmTbhyY85yA
z1}X%F4;~>;OgT|lQUstK4}dr9E@xDOb=Ox`*6db~q*)yf%N-1V+mw?qcK5%{H057I
zf#KNbQdZk-B~KkskPLj>jXGB9VMwv9uNk@ing|Q<10^OHx#y$vc~k{~sTbmk_liGb
z=!O(vr`gO-ogG|ck$@90KKi^8vq(p)%1(HhVXOoY@By@<VWF7Ou9yeHXlcm^`9fnT
zx3nI3e-#f*!T`7@*qqkvWqUP)QSrY!`+6*NuC?@&e`+t89K)XO@HtMyRdo@mzInm+
z@OhkE+`m22<(6ySzbZgvt9!fZG6aCo6s{rYJFf6)lta}hwUg-1pwFVUkeCp(8POu6
zHt;?%9y1`|h)^hT)qR~zLw!?Agc-@6Lqm;-8w8Pd{z3B8P-J3#$gD7aJsa(KrbL}O
z!}^LM0CO;B@k$X;ka*UC5<shTn;<dGlmwj?Ml6-$)1zE5&LodDuelwD&qF?%N+V{f
z?F@xdiOb4*WV4=-IXX9gV?wJ)r)-8|zZOHQ2!)b>LRY{YV_!faffZyw$+B}(!CS?p
zy30(=^i$<^h{to|Vi@e&W|)p&Y1!a<!V|NDW7ArK>-YCZB$la^5tD`Eyn_~=%(E0q
zP&HAo{_Mk~BZiA>T103F!b+sxx3X@DX$6y9k*mEvTKX>8f*;xMABa>o;NbYPEdOm-
zA9Qk(?By!P2^wX}<jvi_dbg+IxeU%y@9MJNIxiI^k}3)VE2!5TbC1@z+6bOh$csZ&
zxK(L`L?o3=&fdT#!!H!|S=q9V0*QD=>9h9LD#NGmq(%dYw1taxD%Z0|(*B?rf&>TQ
zF9H-yEMp*Ji@2|7pL8GZE`Z*T_RKjYVNS1icS#Yor@1B*h%H=Y21AI%^E0VhGvxr%
zp+A)3PQ&jA`Qi2v1+{TwW}xm(J7aFlvXAs?Cjv)G0tiLPm>h4cW=8q-<C=iKO8+~{
zsfTAB@7(vXEB0a9U7xzeoyo%Vz(W(YarPfe6VW#Sov^xkeW-j%iT#QutRdBZ4tr{P
zpwoEQ?ea<vDuY4rkZ$lG5Ou~$eZfc~)VR3GVC+6m(?+WXthxhD!6VO08zG>*0DxTB
z$$*4F7^Gj6cIMf>GoKrR4xJG5{%}qloHc|lz*;t9)kct0;($`UU#0_o@Sjjp_BggJ
zyVqK<=h2=)L->WZ4aq-H<mMn1!vI)sG}pAnyZR0rkAo2xez7CYM<jD&pNj})!xH|k
zN?hi&3HqO=r`~i#A4STr6Hw|n5}8{2p=NwLV#&qWW(zwwyMWm==RF|Y<GKpP?jyCh
zv)XdrN=;8fLAI=*lsNj)>Ju*D1gKOtN2DCf0jKQ$#&VRiRSk%hqQdt)-=qEB{fMBB
z0h2>B5=T-MLRoEv<?&TGYDZ*-lokXzW0;QKg8R`C`lJTATx;_cExuM+iO3et?&N*z
zf4HtVf2?_LVZ8AkD2L_OBSF$$AnN}URGS9yJ56R8sTP7?a{bLmNxF+e|1<8Wx0c$z
zMNBUAzfr2Lcfz#X$irrh7zO~55mMb6-3pwvxjr3y7Et~=CsyY66$<cE0V6bS?>(a*
zfnW7FBnyrX4lp3vX8JL#MB)`dc14);1M_c|XgGRPQ4`1QQnZe5kMbDIB298>zM}XD
z6N@%tfFB}Vc0|E&!nEnfH3g1pZGH9T^IwWP@sGbD9?996JuP0W%nRN3W6ig%9#xk*
zO8H)BU<@gxdFs%gI=$>b0<=A@in9<Rl~Up7FBk}frQOTa`w{;f0RPlXm%jsO4?48#
z55SsfMPL|&*Hh-3>JNwzE1pOwy=#r7%l|+S<X(90LIB`kJ0SxVS$`t%nSGKs${qYo
zDJ0LQXx^K0AbKg>OIR5MhT}hMW?6B8!6e|b<9){85rC&qg$Cd?kc|lC3Mrdo36)5&
zB>w$TJ{RyR`_(!b3TnJ*XC7xjS(!y2Yx;#h|B~udIoX8O)?$k<i#@}4`{)zkLU|MZ
zpp_ddfZ%{QB^JPOuFfw1m5>0WP4``dh&M|(R*@~NQ{yr0BXcG>Xq<Ww9*S`Bre@z5
zR5O>JqFvI_6pVtBJO1fuNkKaR@o6@8_)b#O7-3qx$zp*WnQncRP<*#@C%)re6<HM*
zS_n-5D~L|A`uusziPwwO6z~%caPcaq7%D^>YBx?Ks7kB2?E2eo3RYTN5<}qMFu8Wy
zskCQA2C+SbWlUiDp$INCZDt*0JA|VF1N7u?`c=UP0u%`^H(C1ql=%iMWs09VwH4t5
zXntq~3TJ)pWxi1&Eq^pXDA`MmRE*Lt&qGv}PDgEl+}KN*SR{0;g$3wU4oGTX=0_=8
z$3Fh3F#p`{3fBGt*nH!849&<ZnMKyWaLaEX|G+1axJhrbq3R4z_`4*`I5h)t#lAc6
zFGnA-6_-4gJ(aw$G8rO^biAWGTbP?<O)<r^>f1qa3m%1n$M%_I9EkutW`N^aBVBlk
zF<Gs8&XxeYI*~wU`GjT5+ut*a-JZNVdY4Fg?^1M#{qP?|5GgYX8qFSHM0!a(?iHxi
zpqxWRRbi4Im-xzG2E<rZhbSt#XMu~wdw-R`Qx;K3@U-D2E0;Fe*%0FzidGM;i;^Qi
zVK@v#R+~etD%q<n?A)l7)d>t})g)X|E1RD`96$p^$XmVE6G<UA!h{n+I}zzx+Aw_;
zrb=wHec5F9+teD3$ON0~K=x-TKbDHMXdFT6Pi18?A-PWxg1X5LE9bfzrGars@16%$
zmqYLjreFW($k<(F!j=3zp$ScZfwM;h0P$~f&T(FuHA(2x4l3dP4wOKzqTnQrxgWLO
z<76%4ML@roR+)vhBz9+EgZE+|;BSMN7}}8cx*4k12F1jxi5%(h9+h?Cl-4FKvJU1g
z!rNX1C^<RR5=o}#<FL{zDFZ{r7pi{>7ZC4^Uo>K3rewxGqlRxc*HuwIHP>0CHG_4_
zIr+snRMmUwI|iRtPZ$2grIEycko}6cqze#$f;n>$K-qnPHPnwaMNo7{P)JQX9+g)V
zg$GoghM{!ZmpCg_^)uGlVW>VJ@oX*6xgP^ip#_vi@*BsyQ#BC)UKRD9N=L?TViZb_
zL|&oc1VSvDW>=TnwOGyNbhEY<L7kmqP8XAIuBNP?QcF<!-B3{b)#{oP<UUKlh)oke
zJF@Al#E%_<_^M9q2;~JRNTaX=b7Be+M?VoNDcffhPuC@&5$YWm6g0HHb#tBb)W7TH
z?2E3Q4q?02uDMAUlE{k_!DWx)b1UIsU70*Z{|EENc~qDZvGG%76DlbjPD&KZXUz#y
zC9?O1^F4?diK`Ek)BtkDU(;8XNyT}uqfiAT0#~W<MQ0?I=Nw)QCHl0;Rvh-BG9~Lx
zwXh{rW+B^QQ1{h-fV~hEy;;V17=T48xpab`?Qs7A-PZS4#j%60?b9Kjyk9R2q~A~o
z1ILBPsv@x75Tvw~O9Nuo>B?((ZtFK%#gzRR2}cr8E<W@(Ew=gADq$GLuL}{9_(4M)
zx&L_erx54DfBZI$O$I=~#;9TH9*tr^%4}LQ0r-uLAVE5QEZpMIe-*!Tn#p5&waPuu
z)2>>Y5MJu_6J5ojE5Jw|3&UZj{8U>q>Gm>o&mfCYWMB4D7695DQi{(lDQs2s8V2*s
zk$*Yx7eo<3lW)*nz6ys6(+VNo<01uYr}E$Xi;CDZ75i%Y-W_f-t}#d^5`?L#iaL0A
zJno`KqY!|^l&-knd+PvO8QR|Nr9wSBdHk*|qfJHbC?Zw{(>%ONOj4!!>Tl!G(I5Oe
zxmDl;G7j`;Xs)dCe3WT7O6Qh-<YR|64lk%{27D73tY-Q~B6lw>8JJ<Hnyh86A{8td
z75%0B>QCimxmdRpotqsY@QCwn+6pavN`a7#)xpcb%gDgW%^}Mdg6tuFw?{1^{lhq;
z)yvz$05PTEcKph8@Trt~4e6NyEg(VS{jod`btfTigwDou|ImmIAA~B2HJq;77UlSn
zPfGD#CP5k_ObWJBnyY%HzFsn6rQY@Y193Evqv?FAs_j`+d*NJtrrz0cr4VxOLtkvX
z3Ur>{e=gBd#2E>?$F1tbVH$N}x?d+chu)&Wa9$gl0?0c%2!!Z)JuC|x^!<$S);7D{
zB0*8G;SJ(tx|U!bMqado{c_@BsNa+;RMf+il9g#CX(mJl5yI>Kg(oepk-MMxv8uAb
zH`qRH$bNFowRQT?1a~|-uWzzZBuM#neXUp1^`du?iNpQ}!42(tr`Wnn=)$f0_Wchx
zNi=ATRmHlV8~C~yfiw}lgKF(9)GI5Q?FO0yQKvlCr?jtYN4{^-aQFCEl%Fki^vKYf
z!CMQk|990wKgJT4FT}XOXc`xSuZk<K*)RoE#!=?`8x_%n1x4{N$Nwlpog&+A&IR>8
z)hUf;V(!2L3KFNC^H9@q@Y%QLR^4teYlkBEThq9>-K6ZkI8UGnphz$;B`whp#~Gy|
z2!vX5@uT#UzrVbNW^b@z1-4o|+xnaarY{_4(DSS&C_Kr&b1<+gVL;P$G<shb+~DeR
z6_qHAA#dD{OWJl=TiRj^$rHdZ^ebSv-%4_}UxXernQO}*wtq0Rd}dn1MG#0N_?m}K
zlbO(Qza#p7YxyCL1_4U`>rxbPBf}V|gvxH(5Kb#o7*g%{Al?H$YJyVG%kHAUb@R`f
zU#9JeHS8=W0qOoS<oaYaW97FWs1XRGv?Jr=<{>2eHYl99*Yl!j6KqIN;m&@LC=se)
zK{6@=vZB%Xuz`(>r=|p7Mj|e~G~bWUmi(#dX{)uQpm16`5<;qTDJ+P+_cN47gvFCS
z6IcC~Hu$APy*HI(_&JHk(!xUAIL+h?1`R<lE?;9TJeR_!h4L2ZrkFUf-Nt(ac1)mi
zPqPNt>PQfhbk~~&2(gIdy}j9`)>%D&JlP(j-Elv73l6Sm{38foWvn<;PJihB=4`EM
zYw2+->AC*)Bu(!*rJ+s~Cv?xt*-zxN)OXsB|0SAHIZ;~h<*JJ~`)L~;2TdTO5@<++
zB&ZBgg}!At60)1-3xL~2zaz}lDtwM2ChV;%txHpUPl1r)MiR{(h}FQZA7eGe?4N_S
zn@I2%JfTZnwch-f44(f8bvh_hf`*EEPr;{3cBQ8L6!GtPVoYTfVA?59gN{Y1n-6{f
z%;^${Mnz4PpD-$m@({S%`!Fb1Iq0BrpwcZP+-u>n=^1&W1;3?44K|dFQ`#VFKi}&Y
zbwJPi+#F0Yl-c%LHS)a~Y^i|)(~dv7=N4f9bco)BU11|jI#-|6yZ?D!_8iwFgHF1y
zAa1#8XM9p_i<Ir2qt0w4iFG6V%>BYmQA3ur4wU0mr<u;iQgI}mia;8sHivM>!#Nzd
zSYOAis)w4aQ9b=2bh(*xY3t>yXBRP=3eOrw)Spsd9##VJMp5m`cjrPN*ERI0m>>5F
zihx*kMy0}>1L{8gymK0RK~f@T@LCc{aZ|aWm0M-kPFormCpQ7L1(E)bf_#b+nh}r!
zU^7Bk{?Ie)c#&lRH6Xh~aA|o8(i9lV6AvtCc`nu|OG~DR6YEojQHe95pk#>tb37SB
zP`yq9zXn&ck-Ew^;kj7`c<aKbAH)D6Rg&}P-Ynm@bnM&^U03Ic!gcbum%Qhf7==$>
zu{)ha{FE;jXWW>`Uc2?D{Da`;*3u68*U7V~w&*BVSCVHB#V{gy=z8?1C@vdX3tLH7
z*8*HN=&nzX)9pKZQW_iAYWDB(Z%)VuevW7J7Gb$+1?Fj?7Ik5|#Q%XUN5OxPFFaB;
zTOws>=KeT?Wm|Z_iOf=U*rjf@@hYnOx5Ah0!qdz8EcWGVb%p@u*fHF-ww_<2*g(dM
z*UtN$+opWT+k!%rI&74#=`6jIu~I*?X&%k9_qKN$?e!$cWyRHa)STtps{L3h`(i<Z
zDUEEA_l1m)fsBF_*iH^)wcmi-a6amHUP`jsUeIauv1_b;zg+c3{_M^>VG;o<E{ONg
zlq3pU>=GodKSh8-5NvxI&Z_V}KeBz%%TS;K6=~L~LadZQ{wPH8LvC3I?sz^BBSCdq
z7az3Iw<@cuN<ej)l7#U3MYpP>r6{p*lL}Fcp34rxOo_@5MDi5bJDLU69*)l>Ddh$%
z(&R8d5Wec@q?<KYT?WvW<j!-`BlU=ENCEQgoQhl?QeO~l|3(t6FX^}0nI24v?G65x
zgwOx^WlsA+LrFO_mtwxpFn$Z!hm}I|rTg=D=A1tY%lnZ_kfW@_&al3&&&+l%-b72%
zUlSp}lzDC=eYv*kF<h7TA;02Fzj6zPlNDrdNy|h$w%cL_>0?Dy%>ena#27w|XZ`09
zQ0(r$`B>a}?^Q7$au!QcT%O1E<+qldjV2)i_6Uo398wSDKeYp^DyaSfWim>3OF8tn
zra8`kl29MoeTu~VM38k(ZvmT(!c=b1<{cfS-O|RBs8meTcC*i7t$uXbBV0%ZfF~u;
zgCZ=YkU#;=aP<?w4}sSnJ@K(n10a%r@gEZ`2UbI;S~AY%GH{fUt7&!9(Bw~!#M#^s
z--q)%uj63D$V1hXb>P5v>Tix2jvM#i4U>#1!_b7MtPmk=8KOx1b3f;kSiPtU40S&*
z?PRDFOL4|qlZ5HztLg`$gq2t{+o%px8}A*(>BZ61P-yI-x%AVhFtOwtsA5UaFr`YF
zy5jE;ftTytKEyXJ5TkERoN=sgq&M1m&zB2B&}Y+L&=-^~<_~iOAogy5G$OvyVu%F{
zp~r6iH~>w7LiC<D;rVE-M;3=}_fy?a2D&hfL95oK#5Z7=nq`gqgV<61iYu_TLIUAu
zuC6RvU|(?rOorpcHAQ}svAl%oe9nL6Lm7G>GNuLg&LqZGV#w4}!2n1UQ|D$J2|<Zc
zt`+K{#Xs}dlV_L&C`y*sT2zt}ug&-ZQLHo9Xst7A0w1b7BK5Hf%t_NVU}Kn(BBCbn
zCTcd`N7k|*R@({m1o#vcx9fq8FCDy|YnnPUD^o-WP+Fs_c2N13#-YW&+r1SaKt5>l
z0gFjK<n104J^SIsAMz7@6OfZY5<EQ?XEQ~2eYwxsc$;}f=Gj4oh93Oh@8X%IN`qlY
z7_LhLA5cbR$Ax)yLJ~z<8FvJ6?!BE+sH;fL1k|W0)uT3<Xbi2t-9n5s?dP<HGXn5y
zVotX=BVkP6_7^YatLF5Q_UB!s7Y0OwbAx^<Vis~1Cz#u)DmkmO-u1C~7n8gnyd$l(
zS)SbcJa=ol+%fgHaK`&SMOoW=-S)$|MnmS}hxUOm^d^9jJEw&!r)??wWetjAUN6T8
zNq#uJ6!3ic?zrOY#7fpfr|9?-soi@Iadykjq@ipxVEQVm#Cqi+@xM`%!;@qN^7Ibt
zLm4P2-BJZbB$=gJFwPK-jl^TYCIbhb67zb5bgIm#InOilr*j**)4Y4vC|Vtu93qoq
zC>Q6%_Seu_kI|kQSzNz4aC`_=6_1V<Zdhx7PY1H!^{bX|*c%6<#E6^Iw;7*G>NdJ~
zb@MXG@m#q1nAN&GsMRTbwq(H&(MoE95r`ERNS2n=*)Y9zA){+%sL27&t;NQX{18Fn
zqbRwVT#tQ!x|_=008)xG5e7JR5^4Tdd~2u__FobG{LrI?u@N+20c#A((#X)+qjmH=
zK8&dn^wse*p(h7Vh%|}{eyMBPxY}()N@PF|6~_q*qyz=X8AZIZ`f0|~6)>2A$z=Su
z&w@bUZ;G)A&m~g6z7>YLJg4WALaG%Z+ZpFbC7&7T%-BpIZPKd=+4?3d0Y$ziUJd?I
zhwF&Q^*8#zZ8n~swz6r^=C*a5%W(_3GqjCG%ls%z7?%V_K7-1sB_$-{Lh^qS@+HuW
zrKC1|LKK!(ZU+~U&v2IOS_r7aNQOY2)6GD~FND_~uryPQdV~W6_UYlDKs@>@sV@6g
zUd0MN1%l8WN&od4Qke?3004@x;_V^!)b~q96()#vDa3s_!Dva0hAzyHnN=5RCKVG_
zH^>5-xlTcv+FV1tMS%{(k!3)~DojzroM|n=+FVf?ayzK*9!=V{K!Mbn8jJt;Meg#k
zpID}!xE%elO4R@%W7~^~3WVqEbEJzI5^=`)OiTNVa3&Ii;K^6@vg=|JT+VIWr*8e@
zs2)}AX{S?VYfRmg(<6x=L1k15ocRb)5sqk<!cfpKq#y-ofP60x{g2ejY`5xK%Zc5d
zX9sjx5%}0|fhdrOp?X!{0v%tkuxsB-``E)aQ@j26F;@_ZfS+1|?dT2bm!RSUXRpx5
zqs5ms5fr1kG7oLLsr-LgEQlA5rl=nhLDc$H(&bKv6aa~cZ7`M;s1J##>hFBSZE4<A
z*#jlcIvY04Uz;?bKV)f_v%B=&w{bqg7<d<$Hz!JI7T-j;Wv*pQG^vs2CP*k06gOSs
zB}oQ89a()-)?T-Etf41If*t^~yUbm$KIvD3P}Eg!gt~vm7bM1gGZvZ8t`m!U@HV-L
zCAvQQ;%(^b;O)y4uhP7XhHH%=L77j`xC!k5YwI>kr`+vNcrY0|JSjGITi}8HKJa+u
z_QSADfofLOra4wDMP=tc2GVM$bU{RZDN=KUHrnK?+hlR<^HWO5BkLA53fAX;?x_9W
z79c>Ru3usbucEkkWkAYhh{zSQ`vL=>qm&!=FK$+%Q8qE&F2ogVvXwDlg3#k9On86;
z1BtohSC<Wj<x-U7S~xw?9cE~djTbrpt$`coAk|6=G5-;zX(%NWAy!Dm%}>b@Z>$Q#
zA9Ib1M8c<%iKD&=wv4qf>|#xB>&j<Y(fh@GPA6U+8}pd~`{-{*rn=5ZS??lk7fph~
z8iP}hS!Kh4(mXm{0jD4W;m^146#0Ok+nd1(y(Eyt3;XY{e!ayAFaY%&9?cQnDC)mh
z)C&(ySEm0nEF6$hliRDflP6!Cnez70Js0FFZ*xS7T`QCFZu5u-WS3-9q&m}HW>v=5
z*kod6cYR~I9cGET`ub0pfe%om(J&ED=Ck_^nOXN?OC1USi}C)Wvj63OA#4^xOCX>B
z6XX4V$@>1EknsQcqyImW#1nX04I=RTT>l?EoKe-FS%AldoE`5gB9wS$jY`xelpW)1
zI!tvdC)HngLcsXW6|a`iRzQFDPPIBfAfr({KA}m}`c7Yn5KUWU#u4DLo|Y9#p%Ji$
zeJ%ba<JV@54hbJT$|s?24JGOe+DbLmuSB0rK1U(N31M(cO=n>nvOP-{w};BqPn4wN
zVjKx`gU}Uokg7r1N-(4+B?oaE&(qdiqYnpq@22aQsc?B5Q5N2pqQGZOZ^aIz_s#l_
zhwLs#pe>`G#YX?^;FN(=yT*I>#_K}IB8Ty7?0Nfvw=TBjVQu?@_Z2$*dD>Hc?X%+f
z+p0}=TyyYe-}4XWZ~c=F-b;vhlw-#&50_oT?iP<D8_omxwyHbX+3h>BHt+U6O*9|M
zG0z&^4-z$5Z|Y2@zbgh3*sZSac6RPO<2N2;wSCA!O4vSelhI~$zJ>${?;;gDV4~kw
zT6jHlZK4=cz15DgqTiN)xE^$iPOs^2Td(xyJV*JPm%eX3EBIv@286M#k3H`UhW*Mc
zTr^O7VZg`fY;DHdM7syz`sJ1<^~0lp3KW*ug;hp_T8vK1wJY%M9^ZW~aM*G6M=JHk
zizap=dU!Rp*G?xfzb5!4^4{yo_Fc~u@o9U=#@yQN_4)0s2H)*~+C`_Ss)fa{1OO<p
zFll~jICUFJe>*|feb~k4sZiX~`rV`wNnN7pvm>pV4jud_DwI{L{j&C4U0<uR9NGF8
z0W~7HoA-Dhth7;X>orhXamoax2VDN3;o8182lRMX4elGRI33bX?zlU(_3TQD_{0#J
z1RSEhjkNWA_p~_z9puUXKVATpV+((<<;Gik#M1))vpH{f;^N$P*!~?`o6Abxd;P}1
z+@(9qNxiezgd%x49OW_ndTy>ciji@b@}epBk)+Q3zFG&7qSM+_eR}hF|MYsA=7!60
z5|WHoVGmpD6)pLZD!J>!R9g$4o7qCvhXFEEILtInoqM>3ddHtjR1STkk+vSj*#U@E
z*Vtwwq&(#5qE6b?k4rbCQn@dKgNGOY`&4BFvoQ}^G^vZC6HIu_Mpk&u+#-9w_+Yvs
zW@7giXo54NWP&yqCpsP)beEF32(=>HG25=`*WK(*ENY)@nw(GX&#*eHG<cjgUgkA@
z-~7*|H_5WxPipo8R2bvZtD**NmKL9^nmaE#7uG#j79ce#p>kp`Gy}2A57AHkdC&Yc
za#6tUV?d91ml+H^ELCQjHNkkc-E=Gxk#6U<%PL|Qq0dZwN<(SDBRQSeG(1QCgkl@%
zEnOUxX(4V$L;)MU_bWDd^}25@+#8Fkk$vc^BKCpo$`<Z9FR%L!&b=^<BG;2YB1Tr_
zuDCcFNUsawLl%<)5n4nhyS&OEPQecOeGDLWf9WfWXYx-dao7;O0&f9-D(5je7-aoB
z4_0|Ti_Sl^-rA|Dx>*lr3wQh7OXPDOeXjB=bS{TB*0}2|7Mt}QF_9wZyxD(Tfz?fb
z9LL>O>F9xCPFWa(INC&CL$nHk<ZN}Fg@)qUWr14u=J?cg=X16zkDaT}%^0_ln68@8
z60$A3OX;tqF~$zf*2Uc3NhsU_OGgG~Ymt7ER~dmR+^lhD=L%4OC%PrQ7XuS#2Nwb>
zJFDNT8w<^yY-g>ySB~ucxi5}Y7+C|J$HpY=#Xu&p>EbbHSSnfrr-Bx!8pT(+L_HG3
z0JJ-;V%08UG4M*&H7r-f>g2{;9AlUL>h$1DG|=um`fQ17o6^zC9-gjo+PUxAw(T;E
z_SL%_(k4Mc7yeA;Vy*PO&jfZH$WdlwjvBkXfl{o`Um7af(E(%~_x?Z&tAV!7oVc~-
z>v`;owd$NwmP|%vKLWeqc;XNLeg7(3_nu-qPD9&H_6AoXyWUl>?_(A{{x5L2ZPP6&
zo6hn=stlhR9#8B0I==Tk<};!J_?&=HEk(!om0IU5z#6+ngIPjt`147}eelNf<yn=n
zw?pdE<^IB}!MiUvE(^CQ0$xD7&B2IntK&*gJGizuKoR1*TKApE1hyaWG5)zKOG>kS
zT`XK*1wNn5CwuKu)B7I@VeD=LpH5o9k&$0d-bT-T-@4Ezws)!DHyzKjp0E?nUM9Ir
zY5BtTHF>X6H`3PcycdGsFM!$XLp-^?X(O)dUORQ^Y)*A1Qt&uzYz_}cqIeIFJjghd
zl2_(4iznK<&m9+B*-y&nk{fRYn6}3fe1|e$P9FDxzI$C>xW8iBb)Ppybvo>y9-SCo
zb~>IrRkNHhe;WVPly}x{mhsu-v#Sm%K6%TweZ5GFYTWC@MV>HYmziD-T`$$Wyu#FK
z%C{YE!TYx)Pmm?)jaq4c7+Be6!+EH<_d0xLex&2neY)&;jC5o8rJe0DbKslrq~&w`
zZ;do{E&D<Le*KN-9@|%=`$mA?@A9?BlH|2kZ$Vwlj~Ua0oq6|O_nNM}Dqjv#Dg*Vl
z-VM)RcGAk$-+ha%#v@m|X$QpW4Q5k-DIxGheqji$-zbXtBHaqVB|Tk={zywr`~EuV
zW=U2|qW>|qph&mtB``N2B#e(?18Ku*SB=q}nbn@n&i8%Mb`j;9<h2K{8~5;9%f#6;
z=K{z5vDN|SK|#xNpr|Z7#x;i&#s{Y~5o2xV%c)ky{LexMU7gx>Wh+hFYc_HM-#Ri5
zU2WD#b6Y%DVy!2Wckq9p{vg4)SWH@%Tq!CmrQ%IfT`U&7NNak04eig7+1c7dbQyl~
z0EvhOKR;iv(|j}o4-H43jSsct2I~N<oi0I`xjo)(?l>P0e<W5{=K)W7bqbwp-xsvq
zWf}zHS(NLzvyi_5in?QU==wTR5^(w~i<)AwjH)#X{5JLoQoE5ezJB8r7(7VD;P~P6
zqg+GX@zF@<ZAimgbl@Vb-F}WFk8D2k#cMx_>4~7@VlYHbmp533@W#Sj`6!kLE=);?
ze2(2|y&*iHm=(jto9ZVM(dtI<K#n4Oxq^!K)nr!Qx4Y<XJGjnO#8A&o$TKEbT;F>3
zD&m0D^P1tt^6=7m)y+3%Z#mtZ<$0YjOY5JadA{NCkUIT|88DI$5g9SABvQ5U5;l9$
zP=0#%cH5U#LW7rB>=5jzmj|KRzU#IE2go=gyM8mZzVfublFKA!kE(T?Y6TDAiQm~r
zYrUM6w$nV5BmCOyigCLj?Lv(u@6c+?e-Sy)k~AaJ<nXB|9Q|CS>nxbh#E!R)gKYaA
z8k?W4$d>)G_Bc(E=6M(p$SkU1n=rg3*{vH3l47s6vF@kGEw~b|jy&Ts9BQR#7j{=v
z=e9R%WjE_yiuiEvBlz)`zXZ#`UH3b#Yi-MM^Po$>(f!})T|57=6u+)*_vl^s=nNFc
z$KZD>ZladCQ(C-GYSU8Zt~Vq|KM>u!Zw|K`-@ZP-p@)#Y7kl;5@n<lH6=?6MkP=8<
z<9&7Og6wU1HmZj=H_uVjPmL6su8~k@KQg5|L>I7elT!f}`@%K{u^4oj9@;u>^_Gvy
zUngnYQvby8e${uqp$3>8AOGC6b}*7T%&i;EgS(3QrmeCL(rL?4wLP4Zr01y?T<)3U
zuU7=cW712bthlS%wJ!R0KSt0?wkSJ#2ku~WFpm_Vrb)mLzuHODad-SAUDohKO5(#I
zLWzbSe>1y%SFCe!at?dgGY&UsJw5B}(cIpmMaWi2eBSf*i7{`1H{Vbn`OAp(k%5h%
zf3Wvx`^vUtxdrtz@e1V!!GpH<<w2P?%;2tV_+H{3Vi}tkv+MkH8M>CtOR3o~_e%rp
z7S9kt9c@MfqxrPxiE1>(eW}`J=wHMand~F3yMs6PK%NCcnbn@pOYO?X)L^O}Zx{do
z>0Dnnt^*4$`}9R$;JSh(LHY1kPi6zv51_|ZoVh^|G4o|#7djELca?|fskA9s;mz4*
zwi1;r4i4>?F9>UQL(S+VDuvE-<8EYUJ;JQ(l6&x89MBt`MK!t=Z`HL`6KkZAH~QS@
z4YOdiq+r*WU{^V}L$-5Yjm63NQo{-+5`9Q+hre(H9{6M&gmzsKyW%&}bOx%|G%EcC
zBxpGsE#Cf4txB?dq{@Z$GU;xaEaT9y@*Mi-v3*{=WBJ|@FUN5`^#wGR@#lK^M8#Gp
z?n54i^K8YP-HRz%uzkil{hI53ON}UJvpkjU_DQmrHfNdpA+4AD5E1sP#kIH0#mPdz
zxjVnmPBHNT%lw0`>w<HvwNyvLJWaLd$&z-)IkhCFOf7Xu@-^8!B0!@wJb$0kE2yHw
z`4Vo(d!EiRify!|<B<Szr;n5wYXP|Afl42D{UUcmmv=>`!^JM@w|c268Mm-=J8m3<
zjY;F$r_!r9i|%563fVqd>AQx;ynP3izpBZ#YvsYEkB^@;pT%=^G@ETK=l7!(_DO`I
zFSlCaj7t5jY+b$TT;*{AeD#-Pv^uc_E{EF0ru1Sc>ppepbN6-mH8?B+R6sK0Q}T0B
zPcDkgt;`FP;BV$6;@>9JQqgu!d-K${Q%EIs&kTlUGi%FM8n<zCD0#fPoAaQ^jZE(6
zonz_N5h!tQErUnCNc#{Mb;MVv5MC=--ImVPZ}++`6w;*}4t`T>uNcF-$8tZ<nz43@
z{Km3>7D()qB$}31t7c_0ou;9lH{O)`^wd$Wm)00=6Ga%3cKuhbFqSOrq0SZOiM*1e
zCW-z>kHhlI5q}LP$BhmZx!YN=qgSe{F*=p6ghW`6fj?muqvy-cU0}UpmV{ar#kBmX
z98dSbXpPl*Bmq`nn`%+}dve|N``JUS%TvrBcX?I?K}FB{%0DIkzdd-dnOqW@Zkc*R
z5z&tom@Gya1)eSj2^<$@-Sk%qGIE!XJpi8^W8SZs<H_BAu+7~>W&QQtJw_DSlTU9s
zn_-sfD1OJZiCUe*eV+g`@c?qp#x<dy9?7Lp)xO5R2+bp#?pi>nSY0kQKA^ZN)<W)F
zqrdKD9N6Lv3WoE`*?QR$6s4!A{W=kYiI(eixG&=@R5THFHOy)W$ID=)LbB1%G%eWj
z<=aqQ=glW?LOLz6bAJuR?2+X?N*_at9;eGSjRoPm_*PElK_VKKIiM*%MXaSiB@XWW
zG`k_(7)l4X=XCykw3!DKV3lI6U1tdA>tla7nxjbPBkl%{H2_ea0RT*@YLzfW#K=Jb
z)OdZo6u^hD0FoKgl+HK8&Eq|XlCsYLKO!vir4&(BdlieU4`k2qx>?L)`}{fay4>no
zlnaV(I#4<OIt7V`N<O2xf6`pr+wDfS7K6I<0Dv5Msvihs(Xt&{T1P@%_3_bgv>IQn
zZ$B@c&Axx7IRAr}05mmv>_|7$EmXqLMH@|q5taGy3k-fbDSmksrT(!(fr}<{*2)P0
z3_|79Y`5XMVXjbnNoW<t^!*(Ngm&rqZD~xs@eJfk1kh!@NaO+s(4Kbye1^hj>%{pE
zJR{^(_CeW?Siql7lW+JHsq{gAxL>!eEXjXYa3!`JG}fY~ymS_U;876)epDgu%wRY5
zyNWM6CTq6p4X%A$ispMwD~mnJY0pH_gWtCb=Xcj^v@w}?1MMsW#T{MuF(~W!^sl_g
z$hgl<6}FMG^>QRH^I1hRX@5cej?Z4do=K%*>H3brc5NKn#Aal#1_%ne_H?`+#)jA7
z>%Q?#?W0r1;mmNazUXgrAJ6R7Kc*i+LVqoWWKH$A--5B<PK57#H4Kt;n*U00Fix5S
zcX&An7juDg2fl;j)V7n*nPd2P*KvCVYVB{b@g1}5t=v@M!myJ=6SzED3i(h;6NiW5
zKKu5Rf^qCTMFxtO*<WzO`k(>Yr$fJB^BrjIf<Ur(2P2Huwj-Z>te1;jS>LC923Ykk
zxdA_`(VvkMW{VJ#CVC%|MN%t*|Ke^Ba5!jLx4n}SnTlwLPJO(6>}k0U!@hB<KYwT}
z=0BrZU4!LEcxDs)f+SlhCeJYFE2EvRXr1OoJILj>UuWz{mWF4YF$t=CEtN@0s;hoX
zs<)QQ0{RN)AFpA1+_IV-hcmG$P=vOF1XMh4(-a76xRY*5{(e$^e~Z;iZJ3_d0T;C{
zS;xwVO=O(x4c*`DPUU~Mbp86hq9#X2r(FM8ZC$))s|qS(oShBt(Q1rMVaIm<Tx^Dc
zSN-cS6YzR1Rc^_M@w2Z0NcfvS*x<T^UM97<!6Q}4!}@4gwe7qOk$5(6sbv88Ttc~P
zqP;LDoN3=LQ_roA#IoVrcvmD2rUa{u%$5S(<oRF$C9b=UFWIh?9#DLx&GibOIeklo
z2!0qR?x|W!%&8^~BcbJy+@gfS#e@~;0O;0xK)8l(?Xq#kS2}>*8J{FTBzXA;5$Q9W
zEaJhEP#Rl%#~cm{kB`y&WijQ*n{hP`_2C@mmt+&_4DK)|;}xKWua+=CZc(dXUO$Zl
z;pf(9Q-wIqNBJzZ`=uN%3_&69^<`P43Ucy~O^Ub{82;x%{^z}iC97lU)xJ|JyTDap
zX8>RbF@vD~5^P=C&Teu;C)`$+d$(MDUx3iEr=6Btq3Y#4wD@&bv&P$NKeE<LSMavJ
zF3Dg<yn=q6@gUdH&FYgD^Y?^5kFuYu;EOFEk5x~8ew;ntt4mZK?mO0DrZd_J6b*5;
zjjvx<9QhkWz5bnT*mXbQvt&|=sK0$EzbTN%HE#rgTlJK_Fihi-+ck?T!A2w7u$eru
zRiywsp?>yfo4{UWDnNStBTsRuLquk}R_r*=(-DoOv&FdWlhJD*cK`C~=G9FQ8!a^y
z4^LU<%$oZ+uDzm)4&obczxiif`s6%g>#y{{aMPjEioadOpnL^iS{@gfvHM-mYUf}!
zFi_35*;&|H`uX?Gu6}{YsQye&zdD;u%;}q5c@vL{7F9EY^KG?n>XUMiuhMVLsaPP+
zMk-{dI7lXIs%vPawwmY{4N0r>$M$rTx7uBgTj!R(-M!ZRU%Y))T$|svZE!14+=`Uq
z?kVn2+}+*X9a`MIxVsj2Deg|N0>$0k!p(p0bM|>S_vOCa{PLFdeM_=rt}(|PlUlBr
zuDj+7g66eW(9Y<W-}MeKPp3sRCzpCI?(-QjLp&kgZK~RZ0S<$((S77CP*_Ok4d015
zs1{bGQ@nH-o)>9Y={;<@P0~vXy~ALgCfON*wI@|qo4a?U@0$~&!rcn@g^e5JYpT>e
zVBh}xb+3@0V>Y!XKBvYG$)r<K3NNllecZKF0bc4$^35#?cCahnQKxIjpd~*Qd_BHr
z8?>{ZtFFz@^k!@)>8`1EAMFFry4jav&jgB_)%Yq*e5Q}Q_q$bxn@QWuW3XVm2siIu
z+Mi#Zbv96}%EkoUs;g5t-U+}Sbkm6mV^>#u?g8y*5>|C)Y}tZy2dtQYky2mYQP<d+
zuU}TCNR86TIaG0U>gA>6|7vEIK1EEXyJI~+uks%Wj#d}L#o_RDNSFyvIpG*7Khrgt
zsEr}zcJ#IvSC+Wml=4<wOdW(jn;3KfU%GBjRpxA_DpDz9wQe^iENpK`&ue&|qu!pl
z=mIubc`qua-?y?#bnw<ax!x1+-0x61xtNh>^u8MJG*&yO-;t^!uRr%ujWzrhNJXyX
z_CD-^&(yKxOE<7?hVS<X26|mER+i4Dnx57d{RZ>{!D@omOBW}~`h3Y(i+J>@%;}si
zqx;t1Z5_U>>5Ov0tVl!kS<6S>jMwnG5Ab{qBXW}_B6a9Y^O@xd1<~PvOk9Z?Hfuv|
z9f*z=ZBoH&@3hD(=VvxbzsA_CG%k!Nu_?LJ4N7ag9quQ9n@_^RiD%~Y3D|RnT|Vtm
zkZ21ol650s4u!Q#LsWIm<bxk5J>mq-bj_{pd8~?bjIrtTGR0(_;3@^|I@GM{*0iwt
zpln+iw)^s|sX}&)W@gaXv^aUJ*LHwfM)onf?;bxRW3Cd-B9rEPS~{y!HjozEd-?W+
znzxH2vy5L4^wqvVYP>Bf<PGf=1P#cm;iCs4PRyTv2znO_dLMuV{3wxE*HhEh_6CbA
z-f^|Q>@~`Bw0KD}@~o+lUE)3?4sHl+Y<$XGJE<_4A0b+BCvCKL^9J0=Vh-->ItTXh
z41pjbwb=|V;%Fv={7x#t<iH)x-bkc<7U#$4*22nZ9!{vGHFGFdY8I;5as7E#)O}v(
zhy9LT2fKB@Rkh@Wz?rqjK>RC)w_CWky!`zmk;xSm<o9?ZRlwgT&j;Q=jxKq%l!a4d
zjMcwJ@bJ3PH}@l)YFwZzulw5CJ-e+A2Qa-G@<Fo#Fc}rdPiM6mds{{)C)mf;?wIHP
zK15vwrthG{H=UQduFe4gQQxqL0sS0ztWedBffeQ)-OdJ3>-Elg#gE<9QxnrNr@wkB
zoS}7J97x0L;@9^69^P?*?2~D2?Hp!~h+8l{m@~!5QypBPhtF3g>YHJ3bBBYEi5@`p
z=P<`Rkh7!*IJrO!Ng!sxr``45tcN7kEaJl(GPREq0v)8tfa~*e$-N%wcan_i&Lp$E
zs^_(6-_O}4fzW$o`}hKiKO-(GkiKC?PpvCQ-BY?%H!4XOBLuXzoH?xp+9Lb}^9gLO
ztx3{gdq;&pzff&0n76Nv6YF)Tsn@UsrzJ&r=J3(fxE1+TR`8ntJTk*^#y3}f`#=(h
zw6}Dz{E1WgMGLlC+kyR8p)vzecblUp2#*w~zEr`hA9Gv(Ny5AEQb@7y9ufX2U(SH%
zPh#lX9|R%;Ck7*}PbE!(5+Q}XaoRO?uDz<bQAjh!(Zu@>V+5THbtW|eDU=@(kOqX6
zB0_C`-ZV77c|M^_E0k*{+7?4J(g=w$Ncd#`a-f%2(wb&>n*>h%Jw0*%;@nl!V0Eh<
zgO+EZ?=-L7MSpM_-nOqL?!P<ntDVjQZ^%@eIr^BDZLZ&{Zs^(ixcOrlp8>)KG~}AU
zJe{drfgLFua#Cc0uD=!h;RYU1F|#zjXWAd10NsFUM)|Ya-OSmxqNGmv>@aL02A+l5
zYKB`D5QYibYSZh#lnckp-K6VEB9KV5bwD7Kdr{A5zV9rrspeDD@j500-0r-@MEHAE
zxH%D0TNX^CHx2DhbyT87+UY7+&bnH+1go2<1?n|=XUktKym8(SBRXPo7O>k9vPxo-
z&^kT)xT4KFrA`qyR=tS$f$zW1q)dB3&P4XoWYV*WskM;}hRsXb1gzIV5|4zrZ-=h(
zyu{h^Yt>ePFH7-fj4EbQVGuha7ZlFVFxjl^p6RkS%7q*-P*gVZF~AA0R+S<v^vfL~
z@od|UZDTuE_IZ(}oyoyqns(EWA%Bvn#~%mR75&@xSOWB5EWzT2L-ig<)ne}$&`b<f
zB*f1LCO@~WiL|8ordNZQ{t1WRt7`A@C$oI-M+xS)_?xG>T4s(1F%iTS`2Z>-ap|Jo
z=6M#&+C`B1xb=}gGrUgwK2wd>W_gb@=!e_PI(GezvUR<rhw7}s*s9jnOS75Y()hgQ
zddIJt+{6XmV<WXaoH47RzwG_P?^a86H>NGZ>RRiLDW$LuB>2EXqxw)SF3F!b8rIna
z$(=q5^C#z2p967tzEA~N-Pf*fx|EV`I-~)^28|lD7*h8&z3&5f8L--Ddpu1|sza|w
zZCx^Ge_V`)j%}WI^PEl<DE>X~8gEnN_<DC1%h>eNB2=t+(Pp+z8ov6cN(D+rl;NaZ
zKVpuTw2^P0*XJoqv13y1HpW>zrb@XVEv`OxJbPWF)Mwtq<>T8DhbiwxHIqhQ59@jo
zDIX3)f`QhP+BO$I6SeDapN2CodotG;WGy$l6eC5~)+d}Mz2xoXCOcBxuB@CRXTjUR
ze3MDHhWZho07G(!<Z+HfB?vlgAF13{0e6K}IER9?CHrcj?2MeHsN{avgGk<Aat|>q
z(l7K89m~t7ZEcW4Qy3|stymE3f8nG#C;ocO7v;~XOTU`ra{0$>5EUBG%P4Yd?1(Oi
zdB<hMLRH#>g5>T4pZNCD;C;)uv$|b%Dn&ZUMp>c6{i)PgSVohn>S_i-#$C55-~~ep
z`u5mOBj3Tx$!rIk1OX68Ny3_8G?k%}Y5)lgub@M{)CBZmprh|;&QaqW(4W>1*#5x!
zw6R06vT&tm1OvbPC#!kZNg(I<j2>zc<65`Cw9AyT3Kcx_b;?Yk$7KOk=vSU6wVU8P
zH28~d<=NFI)tJr_3<mmQnh#_AY6$sDYhneOws_YST^@Htz4`BIU4inoEwa>ykpliM
zHeO-80L=3<ex(2;;JC+L7HI-sqEjY3?5>IMsDt)xrMy4SOW2p<Id4WN$mwAGOS})$
zBOQ`%r6H^>0ClCtYotaO#-tB_QO7p@NgcGXad_S7K2-!Xk8Lz3{<NCnbJ~YfOach}
zl!#4y?((u((!l*TvWnaBQox?Bz63hS-t}$ZUq0J)=sN4rr5bPEoY^$+m^-R|!;gBv
zN9tK|5WB_?`|(+Gm+P-{%?pDO&K+ovl;n#@u5D8kIQ}fTbm&{vkIT^UCZOE9O=gg7
zm$=i}bikP8p?hWB{apDEUQn&yKQ_UBjjSMfi-ZWbufkY1x;Jt3SXfMx{R`w4x~?H9
zE%%HQShP~zahT5Flk%sX5o>Wx!?1_Zo>y;o_+o3d)!){~e*KJDU(KS6CD!m`fA`q)
zb<XyUu2lUU?uzsury@-y=Z({kBwH%4a_uE`70)~X8oHvABNbt>=vp&17pd~~;DE}`
z)ePmyYf{Sdd2^2-Q+fxn_}=S_p-Q&9E<`9jxvA&7;gj))b6WQ4Gvz^MiVsI?XFfel
zl}%jGq3^pRLGXpXzuNY>uCFX4R;vU-l@1#^Ze_M0J*BR&73RNR)(%DAI^XLL3XhLD
zPmF20J@fqh+E_vq>bU(J5~|_rtIvYa_^f2=Z9#6_A>5_~+<}Op$5jeF-0DViwL;D8
zhXE@yTmD?89h(VbJj@CU3;OD=ei=TB;e!Zn7A>`FN|tlA0E)pucfE|8RB0UesMAzX
zf~muAmJ|69_&v3zhM?jek71@I8PhXoH`FnrhbDJzB3sOK&F!sM_snX`QTI7JPZs-c
zfqB7indME=xBz`q=kKkxLAExWjQ1XQQnJnG%_i|UX@kh(uVa!&o9BNLz_|(nz8**P
z-M7tL^P;&Fgf>&>g2oMKr8`8VcF(-tq!K#xD-!W%XDy`DYxc=f_=qZDB8g|!yS<;g
zN%-wEh<-9_UVO*7R^Ck#YHmt6J2Um6U(rZoS<Ic?=_&u3==9o*l(#g_tV!y(J)-Gk
z@SS2!Dv<(Wk5U)n`n6j7d7Do)%blpduWbsbtWZ@+S=@dexmT~B^q+y&kYUd3Cs(}z
zq47WtegNQebrq}YS9mw^6yh39JtbuePTj}TCExUFkoe|p>9)B-lR!ibPHw`w3QOgd
ztrI^KU^S5#fnnNI-O(6(v$!M9Ps?bOlZc<2(adR={f!3lk4+kWs+i6Fkde*SFQGzL
zS%oqKG0^Q**Ss}m#*q}-mK%BBwIUvVcVy-FC|j@d2jcN8{#*e`CsIf?C!N7sOsvrh
zy!x69O;t_i`hWFcC=K&(Agb{Mmc?0|rEba(uzAU5GD!AUb0xw8Ae|l&@C{fy1;5ZQ
zUvz)o%&)FpJx4P-pP+YWQBNE-T2WofEg{LFfE<mH4)JHH4tlbwY!X!R4`()HYirTn
za$e2_XH2p6DDs=R!$|2E56LJiAoF9MXJo9BXPuV(%5I8|=?J=OloT$9$+XL33a-Ir
z5y(JqoL;6gdzyU2Z6i+m=GfEL9^fEeW@h6jyc_A(*FYUrnG73pfkjAYdSjdzT3CA=
zlJMVLfK9FDFIFiU3!)U8e`LDaT!(<0`zhlK-gzuf0-upsL6gR&dm6SK8KBHyH}4^z
zu?d1(y1!l=pH_7pGfjVFt`fOZ$5yU7%H|{ROus)33|QKzqSL7IAkDxu<Q%(rnK5fV
zWM(x#e-YjQH>hbNTWDHNz#<*^t4dbdI)FxdL-O?m>XJ)u#`M#yd{Lo1gPFZ^GqO`W
zw8~3w-geBz(+2o{3|hUZ*|$)LI201$gClAs@vOeS>KCW`jN7Gt9br<p?i>Dfn(JOt
z8Uh|O<NkJvyG6%raC)m98Opv=3U1;UXjG2JYIo%Cx!o;yZVT$WLHmGu-8=<vEpI_w
zbwRsE8?fQW)@KVzm!mP9rKy*92I8pNR+K+V69?}X$9&q<(D21sqWMYB37_}N)0bq}
zzL0Buuaj@EOFiuRR_R1b)qml|#!K=h%9ICr6UfK+t@n|hH;70)jCn9ZvQG9oU<&#1
zvrT|icI@^RQFfZ8w=%?a6xpf2&fc@ksL|OGU%1}RG~7}-N7(ziZTxOk`!qful>!?w
z`Vc4OOF34er!y~pj_$D*f03M7?+o|2YIn&{+wI-q^+*(>4Y+xMxXw$n4IcE$SA~p_
zMX~f7y!M~~A#*9IJHZTk!vgj13wsj$qWIVZB&H23_r;wqQ=;V%0QAM?NfJG)3Iv!R
z?jBdm<<~6l*_<qB{u|CW(K!jHmeoqPc%Z3Yo@I#mMlFkf6a<L}LwW(^F;0BLV>G}v
z-Vh4jBmT6rPFt($<MlF>rG3(F<u`a9O+H&dwxjjoqO8rP;1jmJBFU(L-I5drszwS+
zU)5Lc#4=B$z^&IoJGh<}cVg-I9NNWbwudZ+(W<x}DGvOy?4R6<X}A9Sc39`L9FzpS
zlBF4U{EA+`Sx0}fg8E|!*M!6sLI&s>JoIk^)@tcd3;C1kTwITP#D^|eU_Upg2fMz;
z%4alm_3At7)+!zMcK%BHjF?UZ0GRFQ^R5ehn^rp-TJGl6@c(_?*r89!$#}#j7|e{r
z`PI`j^+Hx~zyN=+G%a9UQ2OuY5wcCgeEpcurLdUlIarGDHe=+`{HxO+8StRN&y8bw
z>C?%%Y63|wmwqqx(Z0WzgP$bJ$upt|(k&Vv^odv5dEI00xpLuDV=0btPSgQ}F`?k4
zt~bd5R^GyIjWi=P+vOy`YZ*}ei%oP=-+Q8SeXKiYA@f0oxomRsE2pn`_|4~%=4;a?
z`BNMJanZ{^cfTEYPNg*`hP}->Ag->bDaoDs${4c7y70L)!i77-zkRggf9P|l;HVJ;
zEKFK|*QGB{{eXvuQ7mV;8W6i0kOu|`uy-t2-2lPZl9+cHMe|9;SE{LJ{fFK8W1G$t
zk1#h;_<>ujY~G-emp|`c-WgaD{?>;7PPW%;cn*t{u()yH8JuMX6=eX^Tewe>P=~Sg
zY%gk)-aGBja$@KCQ7I*P&#<M<_?=#AgbdQ__JZ{)%8G%U99fJ_vZTsz0wnxRI)Uwu
zJ7Jq@Uo{;K6?4~bM<426>RXzczw&lGb5T~t)xJBvh?lCBB$x*@v(^^2+A<32&MjY6
z%EqCUP}gKtH&?5zNx4|k)HXFqm^@Jq&nG<7^MYzt)EEAqLZgnkWNP@;_mt*}9?!3M
zrM79QEB2xIN(1?YA<eP&b8l<6={PYJtkt<QOK6v@fJq((*6=Ex<iT0dHT$Kyr9VdT
z1}SiTt!2(WJ#foCJ8COmJ8#?8b8hgqn0l(&_~5jox*yvR6I@s$W}xCao2b_JG1Bva
z`|07F?;y6kwrqAKhNQCnO4?yB;<n1U<9EiOY{s#R87>Mtf7c5yYf_2h4IcHU-3OwD
zgBIWVy4EOLP-v$d!M&U5aZXM4YOD9j8~Sg;0NFZfxA_Pg_^`Kko|oj5p2jwEbQJuM
zvqb%7%+04nqcxaVyw;5}fycqlK4EZBp(wOCG*{+mL7@ERvZ9WjFIDYj;+#>KurBkM
zuGiD!<;+##TS$(t2h|U0D2VxQT`Z#QUGevD&|C6APcXGP)Kh@UIXE2Ry+?f>3SF&m
zxm!O<yv5;FXQ++N;$t;UqYe`<CA=kc6P3G5FGNuIiB-5k$~FI}Op_W=cJa`(7re7}
zVVYSJ3*9(|9#B`tL+0(A))NPL>N6pc>7E4|F`rV6{oO-@Z;!@<31`cTH~?Y@zJM<|
zoj?S@Fg*9yaq+$BP+4S@`>XAa1_D)<!^RRiUVo{hGD*rJUiAQPe)};?17;80lo_jq
zvDL_N;sY9;%4t2;$Cq?cbq(8}ejl66xOC1dneli7Sj)P>%NiFrXT+Es?yi?C3M846
z#)0yMYIH@#A(FAUyj4y*?Dx*yCyEXh`>+N6@8}02cxn3s{C!x|Bu_N8nV%WnQr>bI
zxsM1w^7*&+%tQ^F*W+UY`ts&&7E#^m$L6+O#OF@rb5uQ4hylP#55LATJ_a6g+oGSm
zNoc|9N^bdv(;Mv0*~?T0KYp!c=4+51{P5+4xvxhTdN^KRyC)@%ktvJp_O3m?JRG@#
z>K4f1qe_yd{6JW({F%{N-QZ!SzWpFFmMDImpQmO_MyrEvAoVF}Dn>=G-pNb!Xt!(x
zgIpj}3QnX{Z5#)O8vPTGnoQjO6D9u61qnF+wTl}W!DB6dq{bf9-R*rBeee|++aE<<
zqhCY$JuIDy;6qc7rsS9ApG#XuLS?aj_d&k4s<)nkb<~-{lplDim6d#+9`oM@?>Z@%
zM`5`DfJI)8G{4hdJHPCA28ro6y0D*oRYzD9(4s^v7p||_y$}MJ>{=%;)k^u2ZtU%5
zZ&+u8$OV#+g0;1Doao+XW|0x>W;VdYuiY{)Yl5P@K9Tp^vBekq$hrT_EW9`=2&u&E
zZt%^=MTSThdRUXPI_MFlpl?L9Y&M6OL71Kl@f!VyEl`Np3Rko%uVtM`=-bcysBV2j
zLOT4h_oOWKXeE-}{J%#(fmIo%(%LhhbObys>^!DF@c~Vgepz`ky!&5Oz*O|KL^LPb
z*@3oPA#=n|wq0Jc*(mksF1kG_cS^3dw_TFwyAniG3><V>;+y;oty8;bO-Mw<8B^@j
z&0l_Of()H-mP{R{ZE~rdf_X>({dLe&ZnM?;lU|{nt?dG2AXEg+3>GxCX=Y%JZ7O_4
z^<Y*}{vj!k6b7|#@hCnqp#2zxXqNhV0ak{s7hn}N`L@E#S{=u?iR7LreFexz3?|*w
z3WMm(o$wjZ0N(~|M;?!=bVUIngIEaSJ%)NWbUmsy5<Z{*;YoXOkkQ3v+1_Sa;#Q~%
zKb{tEp><otp9^@x{rH7=tx?E0+VPPdjqRdo_~Y;d*6`Qoji=lxnpxfOFOHHB6<%-x
z;r&?bbo~_2y<Fa{DQs>o&L|K;7z}TpYHmMKbM76J-+UYvbA;!RSNAc@5F3&#A)qYW
zjz;s{K19J#(=zYd;gmUR`Ug6|N1mAGI^oY9j{BBdlx-wu!F;OAXVx<>^6ran_1S%!
z;oxI%)3|h4YzB*aD{wPuxP-k78vt3{+K`>ZZFF>}bezbM8G4{iVJ8+MMD-8td!!$Z
z3iIFm?|(w6{=ag<uh9qg&gFf!k<eDr{>?>i3wQ<ln4rsO0?JYr^UO$n;n6-lt~vDN
z6Mwvgg<S^-1BFO<49>P`{?lf3g8#Jo|B~A3KTP)j6#7Ss<lo)>50m{rg+>gbP%;4j
zv?Lx)7M~On<Mg^@5FoBX#y_5<AfOc>=hb}p=^r6HND1#mt1IT?jLe;#9XROUSPFbW
z@WS4an*r}#H8o7^>^H^b(-*4^c>h%!e}C|mQTzV>w7^UBZ^Jy!_?*26>KxDQ2x@qA
zl1|U7?Z0_S513Jdy8nK8)vt9D1!-xKx5z(&_#Y&cmFLLNA^X6;77V2Bs@La}+8+q$
z=impaL|aQ+WuVoE>S{k)>{z0xaVJrBa=kAf5zkrYpGoPB)(e*Qn3BKpC^vofKaZnx
z%|S>XHks=VkQ50ifpOWHANwHRL#_3=Gi2Ff(4Cdq`O<PuDneq<x6?D~y-uVWwomP+
zD}gVF@@-TPZ_C@>?Ur}g%`#sS_w?Q;{yfYOsi5h#N8{ZVBwDNQ=lx&>YSCT#qgb99
z%6F42lPeH#B4-&nKUWk)D;3m;Fws7jmGT17#>4m{xjKB#Km1PvQ73yAX|PoRdF@wi
zHGoOfNGccrzP}Bd;l-_CKQZ2yd}u&xOjLp`9sTDSif<Oo5!#Q|=T&xU%UKww_wVWz
z)_Vb5Cwio$Gw)9FwE})4&CP<G)^bVD($&V7><Vs=&QTR#0}O=IrRSkJaAn9oh73v|
zTE=BfYC=Z@i;HfyX@Ki6o1Y#_Yl#s6fU8$O137{jS7SS4Z36Yj{y-M*NFV?oP*!8I
zBhitH%~7ZnKjkT(jpz5(%Y$DV`nUc2#kNEP82v2w!~TwJGi||gr9v(k20oEu<#G5f
zcGI4ATxxph8+oF!ID>YSgc@~<wKjl+pK%y9I!5R~7|93k`LJ4Vt)v~8t9jd(fe8a(
zp{iQxa{i#JEohf>x(I2G6XVKr-NeJ@EGAQvmeccE(+T=mH1ycw!C;6(7e1M5DIsCS
z)ak3UO3jB-h6@CNgdKjUj9BxWOMeqO12(hoI>PozdxyP&!2Ri{RLAnk`khUZ!quF^
z+xW|vv$aw$aJ`R>s8F9~%f3mugRgG}A&Z^Avu<Duk*-EE@%ZcU$<7@-AaIy+{-5VP
zo%Mdt6w&e4y^U87W5WU*hdb}&=e|bFRM+M|wHGir$gD0=1{m7CRVyM;PsZ_e(bVq1
zUhP0RFi6G5dv+-Oo}pmoP3Q(!&eH)}Mv45jS#;h1-t5${Iu&;5p<dU+5H;)G%V*pf
z2bS726tLXP$2}|&uJ=axkfAfncR~l!`P$F+X$&K;3#p}c?0xVU{O;JlC7vY6D4gjA
zW7mKN(A9$B@de}C2)S4w=}=e0DEZpvLDcs(8ES+~`O6Z{*M1tPmqHsNQDD^7Vd4UW
zWb}S_zt;1lNWgH^(6DfEP2e|Hk87pFU>G&le`iyRqOmgT%qy<(H1H2nErv35qO7~B
zBTrQVRz|wq<9y>}<XBTU3wATNh5`yy6_fSIE{b5m4h>8GI=<gKrB`X1X$`uPD*0L`
zk&&BgK(%NI(9~7Zw6!H$dh~MA)=sBU&tsGL2^VyAHN>v^RDM*^tEsN{PemDIEL<C|
zcU%#$Zrt=PmKYdhlgyPiP^mQJ0s=D}gqBJ;7vrNp2^DaxoRKZ1XzQR0<?eB0)ClwH
zG@+$zm4p9cxb;XnNJ6g!=@JB<jC@0a1N6G>1_K~R__ciI?zhdrrJu23G7ut1nQqrG
z^YX84ZXf_qdt`NT5QF#qbRvHq`J;mOLFFQ=?rHb=4?3hYwjh)lR{@8IAU-&N8YUL&
zh;KZ3PExzQHXwIZ)$Q52;qlIEXT9BNWZ-Y>QW%kGJ(ZSLiZGkSTRU*bF>^e2|0hQq
zd}pKa+t?LE6+~y?dU_MT-;O8u#n0VdiXCWpJjPjz0@cgzf0j{R_y>Eqdm7BtGxnF;
zd?;g)xd7%hrc9oc&IVp%G}A?*!#&(#pjw}ov3Fk4jpO~28z+U7#SJ2sbK()KvM<rw
zcG1JAs`LbfbkbZM8+^m-0jV3QACJjv77IW#^#{f)yik9tv(N5!Okpzy(*-p$(FJ*F
z1jiw+xS;7g@V?m{aJVCKRK}=FGgGNC>@aWHh?~+_Q|!XcIG1(nM<^_I{hD%<WYSjQ
zcl2^RL5<Y6opexIG!chxOFK1@(5%VnAe>DmV751was{o3Q)GeLh-eHcF`*EP-f%m`
z=r;I7Cv1EDx=VqSytgZ(^Jycj<g3A0%(tA}Pt0@J2d3ud^d{mIlexJRLEBlrHz@#_
zkC_|+;4w&EjPI$hvL^>K${M;KFh*%<=~cG1<|ZbLWA?fu$6M=eRFu`JBxfSoUB*7W
zb(U1M%40(S3^VEaZz;J+wQSk#%=`vlB6D*S6F<QZ!llyJj!)BCCJam)w6U4_D_4nK
zB2rWEedonoARVuj&iO)u^Ep2?s}w#OC9kh~J`5!j5G~+9qxArq>!b?2V6L6i;^#87
zE;^VNbjB({DQ_9;PHWk9#0u28eI`BlRx<3h=dTr|ry19W7>>^m`0G6y!6w>8XOQ|D
zI>YN7dHGUnYM9)R1CR?#?YVM_Kr8Exss{}d+Eho0;$p8{OsqnVf~5n2xclIJESt^e
zq5%kue+*p192$z*A$gCWzduFEQ%=U-&!ts49Ywi>4UvTsy1TuCZCz9~aDMJ>tJrkD
zk#t5yCa6Js;(cQDcx!pJb3iA#0qIJuux7%9)@QjHpmq8`mtx`sI)XgbFdub4;~|@x
z3odv2PRhfz5=g}9(ZDYTHI28Z{oaAUO7oz|`N2;+!(kta_0WqP;OVrFGikCt-2S_|
zLT=RItq9sN>d{j}8jw->GGpZjmAB{^C30f%;#IkY8*e)7fI_|vGtWM+ky_UZ9VA4S
z_>BTORcQd{TN?(g5ji0skcOP=7eiMolR6myvi@g$-3@IuwY0T}!)5Dq?9*sfQ4}>4
z^DqXeCGk-V>#Dj0<*<!DywsDEiw$xs<AlSa*^6Og5Ygm8{UV2k8+`hhU>f~XA~+)Q
zK}wD6FZ3_5R2d9$G1yeI)Wsl(XI2gq<99I>K<*<3)wfAzbvVK$>pBXIAO-*cvdKiJ
zsOy#_z`94n%)=UCkmCX%`&iH)V=FxrM=M6NL1lHr`l~=PauM>Bj6`E?ZEZ{4gg|ka
zJSVtBN$%8Z8vBZ39{<NVqU|lHB#H&PV^1jqOM#4lp$xn7*4HSf)%LdIEa;&~egq$7
zWPSvGct9eYAh@&lS{yhntXejBG?+8sW_pUR5m@5#WCjlyJi_91K<sMU(NDI0YmEl9
z2>WUPMAeMa(Ez=QYMP6m#@*loYtYi48jkCw20SA}Q~}4Wap<uPB=^|f(8+tb@shH8
zlARr_(Dt1471C3?{>({GLMy*bDp-~JXz6=0phHVC>TibcEi^`d^?}u~5d=2*&0aXB
z%R*|oXsbwpqta7Kk_zGanDqCUQ6VsZK<Oq4&<Er;WI(T>B|Ko~BV1nF3WU-~*F^sy
zg!FQ`Jwe}UtN>8V7I3KgQ<BKehKL`1f6N6#Vxe4)eRj9G%-3zVtX2t*0kyaYWm1J_
z_pphmXi!&IR??3vFw-E)<dFV`lgq9U&uCzy99CB)oHym1^EIIgqD7>gft(=#00-03
zr@)1U@<5^yw~ui}b*;K5@AKLmu@^rE*=lPF>MS`3$Ca^T;Af1Vt<+Y!U!lwQlr70+
zzNHN9)!Tw|K?QS-06c)DZqVL=mM&D8>V9QQhXh2Jn=lGKBNZ2rAyEu%pSNdP6DUK^
zF5`t{T2cy%5Q7e)P$c&ZUJBt)eCgxL9%1zH@$4NLVJ&=-*3Ex%%sI>OsHkjPNhk4X
z0RYMXj+LhKofFn4g}=0do|`P3hy=w&-~cUUjjuGBal;Y_whX-UABa!omVIXiKVwZ!
z?mHnb?!w#ryhzZQ0&<iCKByUVah>>@-WDNY8r03WJbF%VnfR`oPrfNRfp@eVuq9+8
z3E7ny?r+i3c8OWMACHSXVoi8XHxWON%dP?a{i+UBGmFq7FJqYJOOf)+D|T-q&Pq=V
zve;uUW`K|=fR+#Nq6p~D=OiPdQ7W}8clX3TenmR*6i=n{!^aoT9qm%p$%6YsPWg&!
zh}+YGgb}Hk-Q>)}rL&sQN_j%q__#D9vg6atC^CtSfEkKW`W-mpo=V!0i3H^BBxNyO
zLLnI^^9naV{fA_oVTUHy8=ve#gQxVDV~VTMD{@>^A(i-4b%b@zD3I|@c8*rN1lB-F
z5v+8va(UxdYQ|h5UO}loZw~&;Szq3t=YPQL0pCxSxoZ(x`|fta&fH1vJ`vNF0054X
zu{eZ<9Kq5`FVsQ?On9b?YHEw{R|^EQJE0v$7E28uvOY2%p*U7bebz{OSDgf0E~kx}
ztOHc<IOPDUTaNjx7h^W9%bzUHwiPX~)sSHV*Mye#k1Hyy2^Kwu8fg<mfPhfPSCscy
zBGjkciOf6W$6fBtQCYM0h}=v8yRpj>{_*{H-ut#g@h3WfhEX6jXk{~c>w3u`rxnc*
z>l|ZP4Dsc=?aOQ1IOt$koparZ-tCxVq#rWkimJ4LKvEXvZ*YLfgES|RM)j7vlc)N~
z!VvK#LRDXMrfOhWK()%-MNdo*xYi(7-~UI~OUImp3T%|jk5tGs{fn%rsG)u!1gzj-
zP|6#@##SrO`ar1#%~V!Yk^17<!|3M5_@`GWfpveSKzU`zMMu>wm2_!g5n`5=%veTM
zOgWFzl_T30G_`P|;n^zGG<5J1YEU3W#pLE<k5tg7HuF`;KZbW_SGMgs8qK%T0D%BC
zeX!X}VD^EGRr-%{Y*nK`AP$&ebV?;qxQSYW)jRZHVY-J<v&@m0Q=hGu?8WRsV>#-M
zqK}qU1Q2hR`@Szf-pS&&iy&AW+97Q`gg&w6_cXj-KLQM9u9hm^*H9TuDySl?j}pzc
z<hfaQTD(NO>THbJPTc$hGlc4H)2(`K$9@>ddo*Ziw8{EoV7M}~OdpF6Dx(s)GTgl8
ztNALnNB_6(T`{?awMzh#(0uWHn$#trac@48D>Yh|z>uJhqdWufhmRWKL1WI3&E^^;
zKE*<^k5YLMBGJ$C4moy}H<~-H>sy*{kkH_4Lkh9?o7G+i)!w1@K=sBD0snBr<ap0z
zTiQ`-uaz-DKJpuuiY?4tX;cZ}u)4U_;$Ik-sp0I?!r_II#KMuCot;~+Fvyt#B`6td
zOvJ^)Eg5j-RH)UUexfi|yuPx@MeQso2y2qj`x(gl+lu7{!qcT-w+4MDL6w_p)y<IB
zE=5ZIl~>FpXs`+mo!LM4>StDkh#{xaTq`t)91S!um(c<XDA@)Fme4J0RACIb^Xf|{
z!A4%Y-0z`m_rvDVjW9P<eXOLXnL(t0W{Lt8(5YD2Uel6rdkYpk*wKvhuEPTIc#?D$
zKf^abe2dl<n%ifqw=!V7n^ZgwsKET^lPB7v;mV9QD5af2GT!WN3Nvctw49hEvFII`
zKXknDrN64nZv^)%0cAf5OFf}!x)r=E#;v%+O?IfffM;4AYuX5UpN@lTOyBy7H*;&C
zwwA-4azZOaPgGLR-cbRjo6K1cds{M-eMnA7?BoNX75%x)S_!4lqFUP5iPe&3WU=4U
zSnWQww3!+l_r)pf)L5fK2Yk}$xl44z*M2uS#*;Lg%)xMA&SbX|8f}qO1K11vxF9n=
zU*L}q!#&WSbv55hWR4xn=#@K^s@}+HKfnX90H`9|<lN+{m3p89<Cav08Z{!LP_jWw
z<^FJhR539X$kjqtK~7F?nqkJVKQXaC+N-+Yao1By#z|iLc&xE;!j~5RMzqaH3UWod
zO(`!gKYIFzPvcwyYQ-3p3gS5GzFkPMvf_q&_)JD09*!RT+6XCRbu?J@OQ<Hh8#U^0
z>RwTCi8*c{g#hgYgQ`_QIEywUg4kNSBpEjioB61FwJ5?ksb6z0t8roB78>yb)@-0T
zkB&+wGdrW(-dN)&TE^|!b!C*irG_7r9!{%R3Xaxhoai?(f+SB?`}F{grw1wa=Cl?G
z;CU$H8jqiP>~^m5Zx{r$*E68+Gx;GBVtde+V551;8o7#9m(t42-cGF`av$$)uE8&-
z@P#mv=c`SXQOsG)m8vvEfL_VR#z%r$$+fVo?jiM*+>DwCJp$(A2vXW_GL=3bH&c8Z
zI&bG>EFz~p&MKcXTe67#V6l+k<uxClVe=INmvKIr37!vYyg)!FzIH+`XL)GS52$9;
zQ{`p8qm}}JueV5Wge5Ye;hp8Gcp#IwD+I4R&T~9ED=n1qG#15QwL)LQQ~vT=k$NH7
z<T*>ihnK^vX`TPHadt{)g`js|AZ%W<%JQ3%7~Cl8LFvEhNvD6#tESnV`XMAl*AMXh
zE3^KM-QC6*+DG6yWsT-q+gyoxXoeaZh9lBa!+`g<2Ooy51UU*%)m|@ASbiu7z;-@@
zsvqkk0QrysHm?K!NJ>jfyPvJ5blE5@b+3w(3p;R-{|iFHU62d#eK~94f$#>z&+&M&
z&ml-%%F??xbI5;TYXf6-J8-Jjo0KxCS%LxJ4GSNPfm8@a_V)U8Ba_OIul$n3$m78*
z-j>JtFXXY#Y$>Pfw{T&7LqovZokk=4Tm#?JZc<NW?Pj6>KVnZ1z%m@>T+fIs9Bb;~
z8*SRR|H^OAXZpX<ynobV|BWjCKZ;ibFnT<>Gu;P5O$KZT-S9s;ezoO*{+<(<M?`iA
zKhl3#={(p(lKSiTWa$p*kncq5Yu}9jtK`1{%GO%GE7*gFO`=&e{_{$`PlI9*2p9s|
zecb&F^KUe8xew<0zqtUA9zhh;|M~e}QXl`uWdEn-{~N6QAK8unbnnT=Nf_&&p+R)+
z*}D3(nJ)OSV$tcv_wb_Bt-Rv6*Tb1xYNtv^G*c1xUG1OTJpYv3Oi{m&b$AxMPy1nV
zRy_%fP*1d_c2N0tq2J}B5(uuW$9p*vkVO#uz0($l&&s!zvP6P`vzDU9>v)2`J=c~=
zO|L`5aV7`vXm;x!ka!G?#AO@Ut6O^=fU!~gFCg}h0WNdefu<FPciXXoo)0i;Rte>O
zv-f+b{##A~lYD`<GEYF^yGb0QK8wTe?c%sbwX??^^{H4Qf?=J^Gr?}xBTzm}0CW^)
z=7_HiU-7sxiEO1Y)4$={2RuQ+i2mt2i10nA_F2FF<eiu=U+ES9&ui{hgY1v*j*ndy
zogs0pYSp^63sV{Mx4H7qi;<zrEyBb-(hmlDOO*V9>Vq`@{W6Q+efRh0$jkSe;4&A#
zEVrAuF(+10vWJL@cY@|mCk<2u3Z)JkrByRwBNbGH$nTyudQoGywfe7HZ^pw9#Mebp
z^dYvO#?jiwPu#vYe=Yz3xu5o(-JN$)oU($U4Sgg+l?B1#|C$9C#o4WHC+hS^6h!w5
zT&CVLScuyaU0Y7Ts7O1XPCV@?f|i;;o*qBMd%i!=!_=3oQt0zZ5wHc{*Oterk<4`G
zI?2EpKIVeg<Mf(qj1WmObi|ON0E(@`^H^BWU1@nK1|xFQe1(njQ>~ZKSeUsFH%9YF
zUE1znZTf%HKilI?eCjY<ClcLSpl)c^uk-!(fGp$7J+>Jo^|?{{DB-s8%k|pNg*ZV0
zqy3x0N7sV7d)KMdEaj%F8{w;5hKHVC``LPT{8k_L8)oNs`og@}XoJ<AoE}mg<T?L<
zlaZ#w;9kOm`KX$B=)LTM?l+KcrJl({a(Nw6{J8J?FO24sEMjn+@B#IwZI!WQvq=!=
ziYAV2lr;F{PCab+mgLlrTq8y%x6y)Qlmf<|lkePJMTOJ)6{}y;h^q+eL+B)tD<@Y3
zE+=<@@8d$?!y6B5^~;C!?dD0*m-}IFZm7u=puptCi`qaxIVx$;YAGzk#G`kO!Spx&
z_qu7ecPn`3tMqP1eX_UfshAUY{a_6CO$9;`AgM`QcE|IXlI%)CbTxq%0<(3RtMmg(
z3A&W$2FizfQg4Z32ASJp)zi_5Z<}64V>3Oxlx#2-C9i97G!vRFRxQ!o_UGH>B4ckZ
zX%+@r&5jj{0sao^&!Bb5z1}<z$vZS8(k&!ZocbXWy31zI!HHPIrPJr#w+Df5E3VH_
zGqwE=n=_%^ZHy+uANL$Ai#kV1{W_>3AA~qA{a@>#&^|4vJAq?a&(_y|d)vPwk@|KS
zJ<odt5Zunv5*ScKDMs-T-j<+yOMI1Gc)EyS)ep;YS%l;vX>35S#pOE5DcYEc_k#|L
zbuKR4%5r>jz1gt2C&jP}6X*ty4mM92ko+BfHKtmGkinStIPi!_2%o;=touDqPiOO1
z87gh11T5&WN)ASwEuHD5DwRQ(sm^tQy0CE?E3eaV1KB9fi}N#HIU#Z@lmLLV{Cb4V
z6*YBuB{~k$&Uagq4PoZtOPm!M4Pqr|NHPE;k4VCgd=T~doH`?o2;4kfexb+N){*=+
zBIf1|be~_t!y)X&1Q-5JWBBh3Oot$=NPd}vbEreSde7*zIV`vhbvnmoSJAW49Su|T
zNNP^(vq?%qk{OAL1mcxK4NH<>cqZv@QpV;6Gzl2*y|L%HD^lbEP-osx0XWC8+3jGd
zdx#zlC)aN-XEGo5{OEG0fb@0J>iuNUm#3C!5!XxEd*2`KztIW^0O8Gkq`<p3!`|1=
z#5+IFF(x$7fc9Y0!2SIVmp7PU0c<Gw<X>?-*tMTUtovu3Rl1|wUlW}rqHBMS*F{zT
z#rZ2!yB_dpjTfigOd~WgH$G0kM?8nJY=Sv#?V_RPh&#OUx;#UMp}XO&?Ij5}Ck{R*
z<JC9HfFOGn_OCzRS(sZb{blF)sXIB@?Spy6D`{3!64a{5?L9)Ur)RI2gJW);E$V54
z>zfY^-PMgCw7i*3;EYOukzc~ilTYMJ16ZU)!o99NpO^4iANdnmPN(6qDF#C0Vu)6z
zhdSZ-rPQ<WAgoHX?NO`}0R0<zP{rZjd<4++-Q4##W!rPa>%6(lDZGeBchdDkhsU`}
zwRvF~3?Rv709bn*n?nol@WbFcyMX?4H(w50@Ya1u&CyvdA`IYTwO~~{8k%a=cn_5l
zS1A_2@hWi(q^WI?{0sfVhmFH@731%G>4v4wy377f4f-T|{U+ZfoZ1{cKsC~wfL_4+
zQG^OimnTD{zLt(R3w@>HV0tH;TO_Yg-w-jB7K*^wODP2j8@Fw!Frx-cAPSr|lACB@
zP~TSFRzc*bOX&%bYv1F;&loHhp)b5GK0YAUkm?C%46%tUev#~sU49>=wdwa_eDkYk
z73(x>;1tmS%$?b#j6N3LfCXmET!Eg}edN4S(5djJitdUl_&}79Iq8qbJe<Kd%dRZu
zd&*x;u=-FMfB_|DF)^7>_qw7x2)x!h9o-^47gn()rVsa_68yjah7D3P%7PfzJg=w%
zJ6d>Ym}mMA0yx~tctb491ai8(G>WUiMK1#rFD+%(FR$oC_OAWC9tLEKH*I3uVxSUH
zSZ0Q+;<l&-(yFgj(1FK#q!gq@ED{sC4~hOa9V==8*!;!&VD=gQeseJI*iw?*=LKmi
zVbHzkqBa14?Bn^`v-4g2+*PEKK`^oDMzIMu5HmiJWWH5nESDovQdic%pVribt?p<t
z1`q1+hlqY;6v@`0(X8+i8U3FwuLH_EJ+3)$KNU5VEFqm?kOVD%2atF8_9>fFd1E(D
z0FAG~_31MurJ<2`wEF?U^J7H!x$C%t+t(KBSINpJJQu{Ca`N`;zt1=bO#(^V+e7F$
z*J-Lh?lW#(L8<(E+JIS`%*~S1O&M6Z`yF=L=g_E*7Sps<L^H*a+u&9qX0#AXRo#g<
zrWegKxl3=e8y^!*Ktm6h%5#3Ld=Qu&Z4JF`5KBnwe83{KR7SI&nWChr0Jt=Gw&Z-5
zmDq`gyn#x5Q`3pUWIW&6Pr)6rGnVU=Ix9Kts})VI=;!1naUVw1`{w&iO8}sR#veR!
znQuEoCyj1yMqCTjuQG{)2HeL#5;*0Ht{-`e&u(ZVlf`{F^Y)VKl4Gg@k3zL|zww@E
zv`kXN_B8f3Sk~1%ro<EFRw~>P_W=SoL^0R9$!eIt&R8qgkph)8TD$J5vb_-aWcFY_
zBUpl)s*(O0EiY_gj0TrH%A@_*A)rqUNK}$X^71oBBmxAU18@3UB!!KJBH_l>ZEFpq
z^;);@KDz?;m(yKfA_}cYCo&ss`<?pUW7-nV^Y~i#-(XPTpU%Z=-&`P?6D(=20DfV|
z!X?|)W~xZ^;2aizL<X*GX@ZQ)M4w5Ilg)RU9frqAZNB*)qBcqF+BC7;)vT^N;{Fy_
zo*!c$a!ACPC!QVmo~x|AN7hhwy6l0m1@p9d)VEB1M>Y*}KV=QEyuSmG*PTBvgo+Ze
zPbbUJE7(nrsI-U4V?x9mN*Oom1a3ykqf!><=!?VHotYG0VZ^Zkc{4}Y$N|bC;pZcv
zO*Wu2yT5W7nQZAk=rtb9aG>*zWEEAX;#<d|eUYw*B9{3Q-)AE2JGYor7D$M=fktJm
zO%s2j%GK?{6A~X}b$T2yYiBZ=3^P1GIPw5k!l(n{Pb;|_jh?o}E7>CPu~cvs_A+Hp
zN!W6{oX4M0*Wy%<?BH3XP%NG;AAIkBcXCGwPE?u2D&%lBZ|ZR><K-6ZMN!Q&I~X)r
z{?3>jj!3BO;RXH@{A2UQ4L$euc8_t~d@}2O%ZdE(F8%ZA)PZtY{}3GKevQod7*mZ!
ztepOBr_Vb23EpIS&tZdZ@k`IX9I0_Vl#S{wqS}4M6D0OBz8ZJZn>Q34z+%|9?Sb_a
zc{(kS_Hs_GwRnycbs%pDvv8jFaAcL8Z+w#l%sSG@<I8US>P3NVtJ(C`>vzU2%HP~%
z{3$M<mtSR$+cU>)4pZJhnSBD_MX`mC`hnXon1Jh!3k7p^zlYHRxN&84F2suoFt)s6
za*Ojr*tnpkhbDav*xuPN;Bc%EevmnbXsT*Nv&q&<8%matx}*TtE4bhnU(f;jcj1kH
zzQdBJJde5oF*1^GV_e4?dCr~id86%-ea%3EmniDz)^yZUpi3{Fimt4kwB)Jgda~P~
z|2slz)X{hb=mdS(Pk>Hox%~$LK?of{@tg;fhwJwmacnt4u>94J?U)lZbxc6sMg!U(
zU?(xefKc9_f)!aW16em!ul5s^J2%Ut0IDHMB1UB31YB}g$aL%Tb=iMsqv1?H;>L4;
z4z$Hmc@@`v4EHY%NtJZ4v0BYUB97V)oyITZZY^05b_|CW3cHRWLO1vfFm3Ygp1z)u
zD#)s(i>N{7Fi29boj<wDKCMky%wWelW*%>3^;JMqrR!jd@4E{SVB&!=&x%yau;~D*
z^Rxh1ML=M_;KLROnj5fC;&3Ca!y_Q;$ugYiT)_{v>bv5d`Q>4d*ABwY_^zJb2x9r2
zGz^=5-`xfX88yO$BsMSX&JUB(vdYaWu0#U38%Fnl4{&s*N1y;T7n}8K9)2Q4G(bIM
z0GVKxUsd1oS{)<Y5gnS@CqAVjOE`d?(|P%5p~#;V09S{E;<MJzD-7V>6k+)WvpGY9
z_X&aox+;nM=4rS4;4W+DwrH}CO%Z2Ug95ERbl~eF!PCtUTK;@ndsK%<iYgWWU@JG8
z!#LL&MF#-b{RX2bb&GHj3!wmJ9Ip{fJ}RlXO7q;<DUcBFo@1GG65e-asuaNk6fee>
z1#Q(PiiC&VL0GUK0YYC%-4w$s`n4>gP)xM}txD}JLR<nt)9@^j&Xa@d9dwJZfzNZZ
zD92>^)L1pQhiR)rXvv>vlh!NQ4~Wicnf@efao)a36)q1-;;%RK<n#IT*T`rCEWbh6
z@6DETH11azj@wEE0|Sc9#?u`>(u)8`D!+NMEy+T~Xg(ezO-tZe*`kb&_<KXO-^bgd
zG6Vhqs~`dUX<2+hcUU4u5Wnp;l=sWz>-*`tk1Ezdw;&ij9*Ir&JB21zNM2wd977Oe
zD^9iMNpacTNd2!y+w}#Ks=+VXHfIWJ6^$V8D)r+by-dBHWv1EUaqn`Fs7+I2q<zR_
zF(zE2u-r10(09{#+2Bo5UD&qcROJ0P?brO#35uKa1E~$K>xluoq&DNlQ6F=1wkxX>
z`Vd<Cx_)gYS<uX;`;;^}L+w0A&xlJ_I)3VB^76Q3j#6ozjbE*EBB+zsiF0wKXa>>W
zG~c{hg{#NLr};D8^e6e7idhM`$y1H!{9g|zNg+APj0o5Wp7uLh3ljHxE0|R>(-P24
z6Yfn)Fj!qExOp4yK71hyHA)*w_y#qs6Mo=H9#gT0pf)Bw_IPxzjDh2RM>65WSNFk2
ziS*@flZn_aTZB>gLF>!b3wUdbJ4f^9xkM!Kcf2ZXj4FQcq<rz}2-Z_)Jynod+R&XB
zTX`*q!NGWex)rVJ@zl(h9N!yK+nEWqOr3x}vILV_|GF`}PuxX*7GRz|Tfe%BzsC2q
z7EEe46qm^H$YyhQV|Y5a*vRR|>EWtk11GL$g4G&$W^cwHkaM{_T6L)sr1<yPhSE08
zk)BT7NT)5mQRayK0*><KdCFZ|qZ<XwE&@#Hlv2{agpK33Ka#r5sVih2$PKt^YBY4~
zZu&;w!j(>YhRR0zZ^+OkjPmUXU>Zr?Xqy)fdA?h^46ulix0QCx@Vd`$np|kad@fAR
zCt7d$az50iqAPT`tLcF5kuJ7>bVj*5%^@h>a0PDI_R7I8!IPw;%wdxpvYBmuZ#neu
z#=RzCD|jVY%w57xA-rgLWkbG?PY_y`io#4t-W!Y5(MM_2SfCQqJdyh4!D$wQg>($B
zv6;B~xRGa!jt(<V)w7B?D6CQ<NIj^<x9-^J_Jxj`ZL_=7j-9fX$+*sw-{5Mad<feH
zY%53ERJ6R7T5{t=4EJUlzotzHt$=<bR|yt5zW)9LEL<oe+9zV7KAq;~ZnGmcS{koZ
z3Pj@H!{pHbJ(f_q;c<l^6;4@}AP642`_!RoL@dmzwQt`zJvcZkD90)lzdcY3o{YQ2
zU1CG96LZk|dPtd5McIIiNT{#h4KLM>XMj8uD}$)6n}^Ymk4RaW=lhFKJrR&5UPT6N
zrt*%X;x2qSAcK(9?}rGem@=CsmO-?$+(S@WOFGuC^{dTe*-ZSezj;<sR8#5Bf4kh?
zCB;--4e#){tI_zUi7F#HBRr4E5+a5fbdnAoCdQd)+FhTcGl=e<uLWE5L|m*7o?lBu
zE}u(&E>o{a@e0uRjx&vybawgIsJa}z4$l4Qtm?;3NTzVOf$TJ;{h#(Sx_++tX0hHM
zx_l%`OH0Has+`iJ>&$Z73YH*z09R4pUjOZl2T#PxA&hC0`ox|%y?Nz0++CC?Bk@`(
z$u9h${}Q2zp`(6&Kut}4<ABO7CYD-Jf-NKW<QB-`x*hfV{Ju=>A(YKIbj+*Z#4UtM
z(khemPkrVu)y^Ec4Q{tMLY32Yx|igjhOkx3+6<!U6L&%o+go033n9J0&?+Y5=xdkG
zMyKY55P?;|67nvFi}4pR!o?7*%~!wviidd_F(Zr(1-n*eMg~?HNjTu-R5EPX$V9PM
zaq5f56UVf1viCT#m!DQ9luE?=@>Rm;YxVw|_Nr_f!EaVzl^o7^+JK8^^f_i{F$uMt
z&|OAO3qDD2HmVrV@*aGIirzw^f~DfT)ML(PsB>K>|D(5=)17tSuIb-}zG75v=`|;)
zY#;hBA1o+Xz=i*Zy|)aCv)lH4NeCf8fZz@Z?ykW@;}+aKxHRsP;O@{k!QI`12X}WG
zXxv?I=UwZ)_pH6w*>%qObWhc;daAoxo@qUq%<-H5F~)I&@A)QrP7YrsPv*PU*1T`@
zmRDM+Jrc0};*rS5d)&W#DuqK_gr)?LJRjQvnyXizIEA*jtXIF0JTLYt!MoTz=<n6*
zac55C<YLQ)WaM^J^dYvjf2pV#zsRWB=?`#XnbN}-V2d9;lDKoc>BP`z64mTe>EVk;
zb9<^Iok{5HK=*<SsCdYVOvaoiy4AiW@d0M(mTbJN%YF9LtnJv?DmZy!0RJA)V=BH3
zZz(*elFt#dw7rZE3zrq0Vk0x{?|pN#t67pgzGnoW-EJ-$d`cEH!AXn`+m)0>n9-X`
zBDZ(RcVh~V%wj>9Sf#(JeLl{Z+#zF%_K+?*ObPsKtsqvHXvFWOCBPxgZyfoXR5d3<
zsYDrssN!~4oTz3god686m{${YeeSFA6T2O<qVsNXPZcR^hERv&&faQjHJm6vsHwLg
zNUzLBS!NU%6h3^DopG5vxF)jJR74{^q$0sA<>^vQ<JS~IJCjs;ZH!)}&EnPj1<r@&
zB5k58?6H7BA{ZH;-caY;^M-+<ZrLPy%)oCX(H}mD=h1w!RD<|qB%_laqEwWC0DsZ;
zX2*IikXP#-;@7^5pqeHHq*&dE_wV1i3m6PIGIig9@5<mc-{>lVaXN_E@@KTzfUOFO
z?qzosGW}?HgP~GGJfzvsbfSn!X9#rJ;_weaGFtJ>t2z(eG+1lU$wNCzJhb5pP8=m5
zDs>gG8wfj2$&AEYK1ndy+scJA@`Dl(CW$o4sb|~j7Uc6h9O(hmK>$h2_xVmE?4CLS
z@v_~mGsA(NTrSF>JNU>DxlodB%*@BStCOIrS5r708O(I+KNb)f1wx~l1G>}z<oE(o
zXz2O4jQ3HT5`a|}>78(dbEGgSiQsQx^4D9Y!_TmUWKqEyt@@==J)-1i@4`+^kd1rY
zC%+Mm8Fk?>r4rL)h2{QW1Ch6`4_G!Q-F4#eu+gDjgDPLEZgQC`JibvgB(`Qx9pXtd
zCgfnEQQi0y^ByHBwvjt_fY(`5g#RG-@Kn+P625olR+sK#D`!fsmiZCdA2ei?NV#xS
zljgg(dI@g1fXl8}f5~S*3iPN-w-5w0MJ2F5Yz8=BQX$LRUZH<1nhnn_%Q5~%KhZAQ
zHA>d=srOTqW{0>#2a2*SxinpBY7#DwHYxf8ppR-qrO~3Uk9al{cP=<d-3Oi&9j>=W
z{1g(I!KGNh5UNHbsIbFhDruEepuWj-KQmY0@d=unhWhZ`n!>B&ML%&ay`5cMzdrR$
z4QD0>;Cct))|mKMc%-Yd^7j)50l!nrxBQ=y_-5MAu=X3m_lJukv0aC(y@r6Pc>9X0
z<;yNDc3*!RICtEQu$5#e7!EHq8K}uT9{NXIXy_KSr6n|9e`OT!NncK;4UO{hTA^2C
z-Kzyf<<ZKke25VcyvS7A+yp_>rn!5_?<pz0m7d_rv?=g!YzhGn6t?FsSGH8%8QEAr
zAIqA1dJebd?!B*|<L~h5UxjYZ$SPSZA^ldKkMXxy70j(-SKYIh;giQ50-Ppvf+k=L
zQ>xO)O{YA;Ja4<o8GxcL$Z6fw`F=71oi*{fRU}zq_ULVi&uR><9{S5Dge6>9E8giN
zKd(S%oADNt!;lH3!SiMAi##B(y45R_RzA_C!zlb^m?Ff-0+9oZO%+AvFnZlHHg*=(
zEKKUK@N&d(7Or)k9egQDr8FgXea@5ZX>h;Oc7|lyRzuSn)2NjPNl3lHJ_GdWHI(Mu
z229};^fbnvCGLY5NQkI6KR=wO|8~`F8e+1uQQTMVvl_=XCV4*BmT4VU0?dU+jdQyI
z7k~HmGHA06CA_zoS<s=uTfhS3?nzQ@Kk6l&Wmg@ZHWBM|HjFe|`}F2K_TcQD&zY7z
z@de6=MeKtvD`*U^ZSkbj^)?zGdv;`Z-0W%+%REM6-tYVRElozT*AG|g$z#$O>ggRn
zUp<^`yPUqiOKV%|koP>gii(eHl~i&+`*x42v<dsokEY-;%1zWvsT;`YWfdNl*~WL}
zG@DB|veZ#jHOgP;6B>BCR)a*Srvaig#w$M@K9<FUs{^DrP}2%l-zj+uYj-_hXvle-
zji32QQIUnIk5F43jaa78hBZ&iSrpYhJz97Xp&<~#BO?)V^~w7#z@kd?jhbI~HhVP$
z%Q(>-l;qJc{)jwMJhZ5CGZG!VbI*R5%F0LwV@?1W;S9kyhYnGdi$8^r8-NGn688dx
zG(yra?69tzBOh<Nn21(&a~@pq!~s`MbuJ@`yea4-IuKz$_|H{xa--MI=@EE*Y(28e
z+aI)l@7m33tB__l)Ae<fZs0S0pd(~mKWYFlAzN~_T9hwcnrt^Tq&`D1cdO}oCrZ|o
zu^?BkU|@d58C#zGTEsZOIe%|)<~sinQqS0S)0fz6PkK?-LNnmx@r6(~vKp0;*4FU1
zRVAig)5FTZ;_}WTEn%09`iiLck>3XcXgTYWRc`)Bv5WIRZTLS%I6h2HB((<6aiS^s
zeFi<yH-HDe+x!?!Rpo`du3@9LwhR7qO9<}zFFr@YI-|GqS@!&7s=>})$Jc`3H*)C=
z8-uN_%4so^C+BnqnAlJ$v-?td3chIpiedb(f!><u(Iej0ydV251QB(0RaM4^6gF}?
zdLW?^hKBRvdIQ06foq1F1q9FQyT!vVVY6TL%t@)#w9Y;n0B*mZA^vcPA}&Ey#X|e5
z;JG~MrZM^8!(C!tahy2=#;A*`a&3nC`(o!0-;xoOpjT#ou^}n6!7!KQBU%k>MMZb8
z#Jh5`BRgeF3M!U`w4_k^Aj~CWgct#@&&D2`M%#^7t*Vyyy^QMNV*q{xwn|;#KMQz7
zbE9+HwwQjU;-$@uhy=Y2Cb;s?<G((AfA`l%|N8W=U(|8!(SyVW_ZI4Od?$l5L-=k2
zWA?VtLa=QAXsNlM(BKLSOUDZH9`m2mNr+8IC6hHt;y>5*&zk?Wu7AGz4^@8n31t*8
z<4fOI_q2v$AH{A5zfG>rw~OVp+1K6rG~`*ZYbwv+7l;1U`nHVP>*Kqiuo?&Wn;9(&
z3pZ&I5ib!gf~vZzI^*EBqN<qp4H!<RA6S#w+1bgDXF4<`LywA!Q432p9meJ|Xll)n
zuM$k`?Q0WIuxPvB!%;E0T`oR&)ffNOsPPt6N~R-j^Ru+($H=1gpi~xwns$$!+SxvX
zB-`!RSyWTr2soyYgaPR|wetG?;(7%YP*s7Z+o0mq_0IBgGg$m2n(o5BbvJ@Ke`w@#
zq!@a{3hmn^W58w;3J_8(%RgF?CM(%HV@kCr_F3u3>0)PPhqb+XTkQ5;-A(1Bgqpqm
z+GN}G=={Lz?eo&n{k&6tNq%|5G<->@0#vC8v#XPij6FMd!~SdbrDflx;756#N&to_
z+~kHZs3NuFc7oBkSf_=;!(7!&u-F2_T6Km%>o}3?X-tfG^VB}xYyImFjH$0ijRo!Y
zTo>Pt?v?<6gr=FWS@rt-V9dyL>(amHZ$_zmdwKcj<oJNqJTLkpzkdYyZl7T1hYbVG
z^{NnoaygrmTCtinaG+xAp_toCt|SCUB>C5`S4<;zjC>Z_C8cy!ta=btYs^C_yUTs9
zmf&|t<Y7r{Y?D5@4Gk?hXF;fO3B{^6EPnmNVNqeH*f9!Td#9r-9TvA4R+GZSSRiIz
z?a}k*Nj=u~-;ISnla?$$LNX}_P}&|=i$eSAJo9_{<q=|AYFe}CPqtPsjnu-;5LxC|
z-2T=Az`)2;cCIq0t(8_fx{`1K&dWODg!LP&{XbQ8#@M95H_zZR28kmhBJ^ARmP;Bj
zUy|)DTdfRZE9QKUQK7=eY-Wwa-F-ClsgHtyheMttU?$TO_|j1HM1jA#dxI^8&MhFZ
zOp;OL$7i@Kfu>eUYsrNs_JJ9AH~Eh9Bz2l$ZR@L9*CN~xE7W@GPzhJlEZ;Fjn+3a{
z0CpDhZ9<YAgbIq#B!R#Ip4gQnJxTQBTIY7b%=G6o_*CZ%_DE0TyHFZKcFjvl7}qZb
z{#Upg7>8@mz;W&qFw<weHvqsDx?PHVgn41*;<!Ez8s>3NwrzUhZQjm!Sv}X;O(d{%
zKHj0?smn0H%+hx}Bskcf&7ykbDSu{N=mrIJCLL?&EBdriG@G%M*y=bkJDo#&+_{V+
zK&N>AP?bJd+Vxl(eiS6N5WHv9yhe4FnS*8Zyn6J&v;|39Z34eIR)<XazL9rih%%p8
z?JFG)ll9nTW}Vbhx978d3CNzL!-=9n#bjwm6DDQX`qKr{eV)2~i{owh=jXhZwvmU`
zBUQ<~4Lr$|*6Mk7X27OzvD0AeotKW$2QN<H>I0R&BA#CFmMVKK1NfS#JSEWz6f#m$
zk)y1OtEX>VXa-qI;VwU;zNUiK*b~GuGfU9iqt1^RRjZ#36lt53$1mGFHEd!ciSQ1e
z-pm>LQp!iir*pfN&GajfW>`iZ^7UWzfWO1S@D(w44L&`Iz-qk=P)6Q*7l&>9XdrBN
zUyt!wEw&OGXx3*n)dPCo)c8<@BBX)quR3rIl%D7xW>p;H4dIw%&F>M}sOGfi1g~q>
zMgy?!MznEnd^@JoH=K-lf;v_ojLaF((7-I-y4o`SE-g#&QON{cRFiAz8`BFxOrQH?
z*m4<Hy#gLzQtJJA?83XU{kG`wq<!wrOOTFhz(!y4=qtu}YuT>0kTVKrrX>UC;-PUI
zGct5WF$N&sjk?bzia59!8w`frI>PzqVPMg;?pv3JwjGhJ8WZ5|OPNlF!lb<AA)_7p
z!Hhd8I`g-UE6wy|JCG!GL2JnjIq~tA<LdGhiC@gv8FMe?1vuZ(6U%MoO&CBdY+cFH
zykpCmWLl{p6@7JfH@WEjpP@!irm`21=O!|E2ZIpp*V*9BY~QWp_XP^+cbdrxUu6N|
zkonuYseV^!Jl%@XvE>I@lbD!byr<Dojb;(ryLel?%$f_ot}`v8TM?efm<{_x*PQ*H
zxjic7x`<Td$jGQv^sQ~Fw-Nh?S#5X=+k9wnPgg^8$z&SYIN5x7Gplt=-g!TH>|U@0
z29-9cw~+VK$n^3usq>uMiom1qV4l?Z3mDrcEEwszls#SJ!#b}!ANLcl<K}=a1E^RB
zgR;6Sx7pmo0^>2kR<Pie`g5!SafY2f%$6#}+l(awZ|gz2YmC7VHH?|%RyE0K62|>;
zd2s_cgNs;`YMja0G8yfwy;tckmP3ZGaY@nTHJfO4b?aR&9wbXR^Kc}=s+6*^U%_dk
zJ@4+_`XA_K5Ba)fGBFk{-bPs7)~;I)ssNvjo2u3CH}~WHW8iqz$muoCBD}YjZ*j;0
zfb(4y%N$Wq$7(I<-AYuHxfgbsRH)fKiU=;>6WsIdeeR35wTgR)>F{Ke_xqXW$BDs9
zbln>-DbJ3P3cwb%VF-5y2_KtrKZs^(yT`#39HC>V5y+i^aXb7#?FCtiBmXnwD-Yu|
zhaApjfZ*h~rm~z$77s`uFx<!6qvo81S8)vma_y6nqGWwl;r{w=S>*&E&FIr+E_(i8
z4w}bFWXPnUhz<9GtlYwg>?Cr~sR0FkCXTp6RuU2VC(jhJ+4MY{pGt;@>Hy?-7nlPJ
z)^s>jWskSyY!2J!<`Hec&J?T(t5r1`x>%)2xicS&8L!_Qo+<JM_x01YIdJZKmsmrT
z&AN*14W1g4OGQ-S&u7vmceMwyI*wv6yA@U%$sou(CR9D>Rq<nkxL@~B|50TUx@_(q
zM>L)3u*|4&zKs`lwi$s_B@b>G{lFg4n{vy4KsQxUOElz+#m-<=seBoyIwgpTN@s8E
zI$AiTMsPLfz52AbXq{}4@!R8^9(dGAga?rty1FO8xuJ{NZ8McU`>4u77d!G`0g3Uo
zZ@V6hYKa#-&;-i*IP2x7kg;N?(QOwUUapqfN7CO*<48%+f<CbPV9Uu9UCTAuS{^^3
zld8U^uDMlE>Y|YC{|x!{{Doh>Rp2H_+FkXShLm)Zz%+{w%TJ^=1nd?GTm@wuV*s~g
z2>bcJArRka`mWP}mxoy8<LjGLFfltk%WGZr_U}<St?!zZIbGZo{bxEzS)Zq}$@ial
z+3an0ueR?V5(eYo-im$9WVOsaE12#`XPi_ulVYOgf`+PI&a^ERXu9e5wY-Dl;wB}1
zKF_+$tivV^qqIChD}&?~_N`LUE~cl%IEdtQ#Q4~oYGS_>?Ald7w4L0F&LlieS_IY#
zo~$K1ABOg+m(5`l-{~5oOD-qZw-p`y`Rh~RpW)I`80vFPo>?t9`Pkw9><l_w7Hj3c
z$oqPEM_diWy2V7WNzI>!(%9Oo1iU$|f_ZN)-keN1@<IWZOAt;XMecEUi;8Bn%U;*m
zLK9((#PJ^EW#r1`&3qzUz<a#B@IUaHYS1FJ<%_v49?5KVxJCtZ1zs@Zj9VxK-s>5e
z7zLC6e~9_Hr7ij<8VxUGxX<28x)JPVm_n7t2bT#BCqx@!#uD_t+=&A8_*cG94qwTW
zjs%AotB2js!&eZIk%A=OPg!j4k+dXId%C}gYXF1laTd>$IDOK<dGbn8Smyv`O^a9?
zZ{Vt9<{>}D?4uM_>>#dDRrB_g%U#nGd<bFR5WvJKE8m#K$h;~8Ax^UJd$4PI`Bi}v
z_+&q^^DtBke^rOkIIr6{_epqV`Qf)>HZ7Yt3Wz256KRd^%46zME9VWo&23@f-V`7I
zvauqQyu3KA>#3ykD&Ex_m?y5z)tPt>=*SUhdr4b>J^VuX`QFQ<K3b4r!pkN<r(uF%
zj{<Yb2o!i??ymW*Q)yl~qlNVz+=brAt*~Ll3_LERNJ-g+5t)bp9G509Ee@%7sYE_M
z)qS#s^H8NCLVc&|4+j?+E|((E^3i%^mXDNmn|kiBZTUWjz;r8bMJ9ElMba4M{odH&
zyyMT(D_TNva*tx(AAghcxkfO0QA_lkd2<-zJ;7(TgX7~b(@7@ey6CK12TfE}iJpU(
zFkmJEdyA#gUWqpHZ`^s-0*BZ-$r+TA-{=!;U5`Adb<*BaeLxpkL0w$y$UMuad0xRG
zk{)|udl_tc9Dd)wM}Wi3e-aKe9<@+yFDS@^mh5Bs`x9xkGDn`e#b5<&ZWe~#d*=r6
zvSzOM7&hfm44n!(b{?sv$MwV&|GdpB<+ITukLe`CIhBQi_i6moVjj>$+Zka~m5F=s
zUTrg%W8GvZVUg+N9N5OD#|w2%SH<aW;V+r6gyHyQofArotov73?p^`9W8rB;I2iP#
zM;yqKuzW-*YB%pszY%XvT+XpmhAgL>ua-`*uv30od?@PpNTjE!ZkQN}NW6TjCutiz
ztev8^xU)Eg{!#@d6WJ=W>?~rm7@(@X!&mv6FJq{OA*5l`C}a+M+FB(*-t#qiNT(9~
z__d<-g>qDX8}bIP4qtbR0+_7!*>$lcvor#|h(j!k@ASEVBc`FkpPk4jHs*G)_r@a`
zHAe|_wrGhT8yVklDexnzqv30X^$h`@uY!{9B`t5|bB@m;kMq6uC<hxIIy#!)=sSHl
z=$1{&spxA0sKR1zG?8`<eWtR)`}8rw6h7h<w4nOve8nkHas54qIr|Jz!*iuw>Bxtv
z%ce`Q;R>AM1OD~(W+0{bq<rp(cd<5?6fiF@Kz%v&Ziwv_coU~D;tVqkV3-*^VL$m&
zUQVI16N5g1B#lmahngtC*R?}I36PM*C$oc~n%d=HQ_3OX)5qLL=*6G<K8WyZcE-?`
zS=ksGZrO%N9Ae;Qva4+r&p5li<{fh&KSw~g#=d#tQd8Z>$$y7{6wTW6+gCh@=F96`
z6ae54*}c@A2tiQzWDrxqn0_>3Od>dE(g61lt~+&YScPR8wQbvJCk=@}QRT~Q+!A#e
zkrzj#_j%OJ4jwQ{@+H$ag5;HqemfxQCofIn{X8#dE91Dic}A*py+=wHRoS}VL(?{P
z=$|a?Cz{>aIdR6;7J(BsI71bshb=4P4!(ma`inmrvk2V7ql|d9J75@L`BB7ffN>~V
ze_<2yXvk@gZqS1Z-6X3JQA57j{)+GEjgeWcno5CJtHb4vB=^qYBf^~(Ef3cDyp#$J
z!72oFkB2V7UV`D3=V<LYub1oKqiouTC)(adR0-4^>T0h3^5OZN8I^%Ybaq$>vj*{e
zyK!M5|Bh0=4wyE5t0m@Sq9Tsex?SJC-7xari3X^4+#(AAl%v!<i~uvPmYOQ{a+{gL
z!+d;dN}{<6RZLwx-7CX`2j#6+zh&TXSuQls5f1!h<Zfhml1L5+4sE}4r0VTw(7+kP
z4XcrRDb2vT{!pN)A=SQcS;fNWeSJPXrx91q4t$~9E-IIwFBy3_YdyXKsa9ZG%iN25
zuZ@Zw$DGlbu*)XerN?l`?#@o!tS$QZ{Z_mjDOjTUWMi}G%391s!*$4bI6$RuRDW*7
zDPZT^wNI_9cCWOL1226m=v~%{k^K~*k$V2wwJ$Ln$Z5T?xdWgq&FD-*Hg*$NnnKm7
zx<_Kun10}begf9j!+}V>b?OWm*`uljIJyssdp<sD&?#>I*~tn%o^d5pc($A=K>usn
z*AE^faA=W#qvx-9-2F8sMp}(|v|1Yz7N*r`l1PU)U0l<m$Xd<2D?st!a_kfl<>AwB
z*|Rr@=so{L#DEVupt;qUspsN%G=1}3prZYHheI|&RL6n}8fV(uyRJPl*gw)Q5H6Ac
zOx1b#BZz_+!v3JY(yj%_Z;rp3nZyJM^*hrz*Uh(9k>;HRy-!(#$@~lVjqX;Rd0aP%
zt6PtMyjf~+dV=UT-@cJ-nxsp~X9uITm_t=XC+#lhdp?i@p!j~3f$wv(SMufWVpREc
z_DsQi3g#TpiOjmoql*PfXavq1AvV{q#{qhuTie8LPFN#@_YW*iQW#v=DN<UX0l82e
z4b#)oj*dQiG`X1sr#23KYK)!$mo^mx08VP*J{sK|x*t`!zx`SQhUntY+PKbWH|&iJ
z0)bElK{IZw7Mi2hQB<6eHrF3Gq9-8iq5sf+fv-y*73v|Z=*&z)#wE|zzD^Q`@f8{-
z!Mk&I^+z4mEYlX=^yXRR4TiOj`$+`UZ3VES<)RdOaP80CN@z^Nt-Rh7y`WFiZhzAf
zSJyOhr^4;OQrR5#xCpNy>CYh8D7)8aI~y9$Exze!3<uA3!k;Ay3yn|VT5UzV;hW3J
zS*V37LAKKF$W95|2$cm){~X;G7&>z0{HgWxB7a8ih?3xA*EK@xweNWjk`%ky_tkwP
z90A$J@2oJtMDW&s&D-t-4OKc1!|*DXoAw}1l#js^Dyq`?R82cJ`v0LpLj($6AkPgB
zjY7<SU{E<P2gj(K98vBEDx9%<-iDLY#J9yKj01~{^Yg6N=v)Qm71BRv61Ch^mMTfi
zNFEX&4&Mkocv?GWiCPv`u*bxel(|MTlY0Jg4ftugQTI2oasOW;j*HoPP~<37vDoVL
zke-qvxc=jKdfIBWndlEqB<+I6c@{dEG^?$;z{wDZoAFo^x2)SP82i>cs#iE+_7|3<
zM2B|b7fDP*tXjDk(bt)NxSYRO<NpHc`v>^@*DsC-h(9_phNy=xULkQSeout*#_uNI
zi?64OSKG@xhS5~@6efDbvgA8sUe`jWCX`_-U(xu5{6U5=|60<&rHlWzO1M{2e{OG+
zrHpH@qaOhJSIAHvMI2eOFVd-ny|`!<i{*%_lx6*s2_8sVo@Dqma`U>_>b2$NCpNIN
zPjfleplK0kX$8)w;u8$m@+!cieu|S65fRzceJV-Foi8uG|K3b1aN~KD{0~q}NhPke
z_caUptKACyaNt6nFfI8f(6lr@pNx#d9xEC;N!s^l#EWA-Xfc(uv?dHhP-Fby&Uys0
zwR6@@Ze@oO-jZ?)0u?7bkK%*^dJb#g=tvo__a#abD^q{iYOrDRvdmg3?an`bL`CY1
zgHz}7#cA;4;6l8zwwH6PO)lGvE*Egsni0&aZR1}Nm7sRj9{L4r2~_o-W$airUGG>a
zkJ2%1w%B)<_Npw#4S<7=@#@TizJZsQJgn7IM~Sx!{;sB$3b&o=M<Qa!yXLzvk|V|Z
z#X7BOkV(LGPBG_%iAr15wvF4=i`CXA6ejTncoZyd7G#b<k9|59Hu>3%4q1S5vR0c}
zgt29)#K!zW-@U#H+Fz)DpcrznzfX^xJ{;IambD@>&z(`xZa};{8*6xiTr0f&S;-~O
zedapxQL4QnbP7_N;>r?_@SgB=k`U6B(^oh6=WM~rW=5>D98<i)yCy8SQm8tZhmGt>
z+}#7}i|TXBtWjjq?nflxeSL}J+h&Z8)@>eEjhcHhHpA`>1V33U!ei(x+4OrJPjx(&
zRknybM2q)Q45NT*TFWm%;Y_TI`yS_nB*qMV4pvr|yD<XKy2rz1UMKBNrG)+XFhAuf
z=UcY-Q?U|JPQZZ@?N=_W?+)uDn8`W0CuJ{$8Z^7NPYZ=VZ6qNtAk^?!w-hzb0KzuI
zi;=r~EU{4EYc9c!+CJC^+YN}xjVQ?)Tv4qpy;xiLgaoSEUM5crCHTlI@+Hb5ql8^z
z@LR*#M~jCO&}@dP7^BMhpJhPvsk3a6$gkD0@k=v>NolrF`&+k4rzY2PI7tt!sX?52
zaJJ)}AM~?>{avtWZ|S!aiQuIG7;&njX9k50vxvA4raUEdiYu((?NX|qDaGe@ukwEI
z^0#pxpCTFJ?w<s&h35W`L8RZD_x}hYA4aq&#SBP%J)IR5Pxr7i)H2FfiuoHD?g-J`
z`fX5=fe!L}KU`vIFC#KHtC`}*gGl6)2`LAk79@HSAdqE}X-rXB>|~_tojGTM*k{5r
z{fmU98$D+9?Sozc61g;NM{bV(NhHgd=Pjx*d2|JRML;y+2+qm}nEO(9Ij=gIm-VpE
zT*~(3J-y==m1R&4iC>YdLhmK|A2{T&mCS1Q+y^wDlck7+>yt1LoB+2sO**anRW9Sv
z=a{VPaW_!#Z*P`gAuO)DgmY<nA;A(#`5Z_ZYV|q6czYu_+P}fgOCJwNDDz^a;rjYs
z61TDU=3_cn+p3`lM3*@ArORuA?3GuUR-3^m1<km`xaQyzc;Y)q+2GswQY1=;YbR1t
z!$Z9g!`F~T>nA3$d1b+&b|<VQ#HCCTDpzx<sfJXZrk&>Js?1qd!~<%ARA!@DTzNFS
zq0u9?d{fW`0Ps45bf-?O3-%i+Yy7q`k;Ix_Ar&cl&`4M&6dgJkbIb1a8tv_AY#&dM
zc=CxzVS<`X9o^4^s4i9KsJ2!!z9{XT9Jy#`<DPWut!j>2`%;7iwM4g+mQbQIhX+8e
zIu7>WlKu1OmW}j~o@>+s<(l8JWEg?<l8JYijNRJqCk?ib^=A0c4p_WxhKIibUDOg~
z7Gq0c&DXZ}Jr<F5d~?9y{5Nh*vBEi@J<Nb&Q%AdjFn@$1IBRAcIEe(b0(`|Ix0XiU
zPSOtp2MsM-L7`6Dlod9FKKLdiyApu<A7?gNccEK3*bYXaE9x|!V@JpxoZDCr2-`g+
zAr>~PCFJ|4I8K$Z3hE}xmluvwcdIF~gPtaj+5Ttfq@=1bl?IaB#x!fv-ZyO(h=gRI
zjt1&z3UpCQa?w*kD-WN&)Ds)Q-k`P&c3G(uBO1#ni;;a;x@U_7U|MVyOH8&_K_sN1
z<$Wf-VJWC+9pbxq%+*!>-j0vzH2Fs1ezbu~(lrtiVz98Pj`R$h?u3jUA?MEJ9Z%!%
zkdi>hNiqx9(@_JhFsKr42;+4)JXc4@<wyd7Gbl70T`$aWSAz@l4ZV5|Y0Ah0t+A-R
z)FREZe3&YQXyb?GPv2FljE!|O$XfY4+o0FmKo3HXD!(%|Nh5EHtd<5`iUZ%G_SoQH
zf4{@!6r@s#55V+KX82(oXCAX^`FiHOiAS_%n)CWayHsU;Qjw68{`kRCI{c$LhX=MW
ziG4Z>(ldWN#6eXX9@WBGP>BPI%^ht}M3R6Qpj;8{EKLr`j!zdVM=SXJ)ooS+fSnN>
z%ylt4M}!+?F1`7>Hb@C|#mr@G{VXOU|55LPIG?^XhRu%fCOW~hwr+jHX_12*El&Il
zGUfaSQte9nsCe70Tj5ppBq2u9x#VWjl`!K&@fqq%DMg6#WRA^mS`*RGQ0Ia_Tx}P)
zmARap*!x1`o)$ii{Hj#yzhF-Yw6kp2Wv??yJFTZMp%KSY>)Tnu?gyAlCnl!q1Ay1M
z1?I$68{BMAjUGUegvMMhp}rN%J}&@2Wt$?8M4qS}H>UFb!q!hS0hH;%dC<C8+)?F>
zpcRctM<b!*puHl%<r;|`XNS|FdPS{ZODIp@tvTH<;Ch6M)+A$yyUA0|HR~%rXFfOX
zCRKFkD9yI6oa~_t0Nj`Ag$r*??Vx~$$XSaDwEJ)`JZ6#q34~bvfi!>XGlOm3>5C#<
zm*<z-kqWP@?`tU%tPv<5ZW!n<ZmAJuahnZZLUOs$+6W@+Z2-_+@zPDLb^e=qQF`nO
z2;C~L)0hl^^1{@TmZq1%ISCnU!aA(p+(}pvZ>v60K|O;WwW{`y5Ym`VK$)0kb6Lbl
z)#qFxwyRUq!&itnJs#77uTjHoV!m@lAZA14J&&mhKV8Lh;OKC3OGBDC?OANJa1O-X
zh~X9-+)w{t296zgMPJbF=zbEJPBqQf{0W9n2G?NQ+dI_s3A5c<k${v`I^iUOp#1Ua
z@v{*AXAT?6b4&U6##<2^FYY=UeriLtf24o{#drIa&{iK5qpVncBt24b06PVy1=h(3
z3i%(^)KX~1-gz`=>&IWA#K&B_lnD{DP;q|ARnXx+8(HHjbr);{U}78OK{}*K(btkk
zo?F3FWX42+Q5zUvC;}h#!ahsU|IJ(qO6`loG|v%`Et(4pOeMbas-@{I(ph$bPw;bT
zreYzsZWlx{<9ZE1caC{7PZR3&rI_=*V?U~D`>@*ZlHgDIL8wmu5ZGDKo}S%c@7LiI
zuYCBGGVNfIu&<Z}jp99X{>7%~oIwHkVIO{M&DDAQolmlLFHj9=beauM7=YG|-;cb1
zoo?~6W6fnyv~+JbLNogx$cb6hyQMjm|1+5zv%JbD^&-6_QgV8s!4G6e#6(ai68-rD
z8kirFE{aHdd&LSSfxe~W?@#kus~^zkW0ll$W~gc|j-a~E!Qp*&z+wcjw)CbCLW<P-
z40NpAyz8N0YPR(Ltf;@2UKgw$r7tR>?w`pUlOz8XTFbE3@OtmjM9bT~8n%lhI|L-L
zAqqzHlPZLZZagO&$+{S}nsa?01Uh{R?>OvUd0UFWJ&nAkv~G<)g^O52EMoM5_3tzx
zVPwgzMg<(-oS<V_yionWN;M2}v#H+16)bX%x;-)Ee6A_Zfm^lLT037d32csUpu1V2
zBqdb~T6o&w8Y^`NtR~esbeAXHE+7y<YFgzyc<7vtva}<Ed7Ic&Fi9Tnn>EV6O`0>2
zNULNNe<bzt-VrS5>1C3R^}M{!m@Ftj`L~cF#tj7xJ)n;sxlOM|wL^&RU9fWFzWrz+
z@#d1jzatf^nqhoYOmf6?mvoI;c647tq$V-u(m6M`j}%(o;xXlV_w<ZKX|zag{ytzb
zEdbu;M}y%8b-Y6y;uH&5P5kPqA5K9K!%gE1(&kw|MXgZhe=Clvs)nv2Gy9f6-6>^_
z={#pe>9Qk;+QC7v#4fj)`g$XaH@XMr?x&D`o)H1{h7;_VB1U7cI`&?Q@hY8A9R^Nd
zsRWOnJYf1U<NlDa;GKcbf;2&gX{Lw&%v)sp4lk`BvB{eaiC3Dhf8zbZ0KRR)@!mVV
z#$V|e;wCMwC~32-U!I6JJN}G{&o>_8WN%;JaPZA&m`!B4M+c=dAe`8AM1_L1xW({s
z2*3Pn_{~Q2D_{qOySaMHhKj>VJ{Mg_+sdV2fe=WCCQ|n)zc>j88EU!7CziFrTFRH|
z{bnod1sj}DEjC}S5@_uYh730x=abJJAsDS%u>Y+Euyf@Z6tFG)74oU3Q_*w#*oDf{
zA@!of_FapC6V6>7>KFe%b`DkV4jQ9`g^^$L)pz#EBWZD?bL{eY004Pk`?zK~axBOJ
z$#J!Iv1sL+U;A?td=M_Q9T~x|P=-bN6?jd)6VcAGLC@RgAT}>-a_iFz=;gyh(!F>z
zPmCStVt?!#X!PHrB0J~(k75XE+I$Bm%kAA-_=W8)6Y5$71X_K%n>*82P6)M&_H-2%
z1lO=fMr-z&>Ay@fD@GXq60K0$+t*>CqKo;X;#Pd%zS*t%+i?2nqSGAz@aX?L@)#OR
z-i~PJoSWoeaK^Bt!UA46F_}3bnfc1RnD#HbUFhWhH-`T|&2{-G@y8z;|84*OxBdTr
zf&Jg&69^SL%<oQ+c|Eo*Cu=>ddL5{{$zLB#Kok6Z7v%fjRUA=jVwx&j<5KFDxayBD
zGTH_%fkeWkIqfYnED%cs?^d6IN)OWPwZ1uH;kxCI9<iHMRu;DExtY7>bkYB>^vJ`O
zH2h}kRwCrni|c)P`kscnhVta1=qD?%&f;)wS&^3JbNlBCvUci%+9h}lQS#QBubrke
z4Ts!cNmG()?ITgAo|G`*!k=o=X0VEEl1U8viLDvvC^HhzZ;l-Ji6NAJ&kxeZ=eTd7
zCUi3jS!w^fO#PQ@AHO~~5}%2Ij~_{kLBUg=7BV6MGl6egf`8glVFw%ldYL$aZ0g!V
zI$S)Bdh^pfh+41d09qLSasWVlszTffaFvw>@!`W(O<b(6e8unPbH^jqqbBPCNbql7
zXAd*iR1YcC);Q%X;3Fo;E6ZQt(RFZ(S>YH8-OKp|A<sYasV%C1Ygcl0)GtL}Ld@V&
zE0)_|d}FBfn6B?^H*0@(7x5&Pt4(D-emj#SMU)AB7klISr(;4~Z@vp^@)xvg=KGwM
zeJ7yhLEkhq<Cvd44JVJ78>UTcC$$rv`D{G!*j~;OERgz9!-SLaWWzEzxZ~!iPwL^O
zcjz?<VMn|iR-3yb$T|J@SC8FRX~4G*-1Qz@KF3JQ(Fy<nx_?XwD5YCcV2-%lL1Nsp
zTd|J5LXA@#$a`%B_8GDdb3FX54^+m7`Ln~Z_jwurHS1FyLe`$SZ|JI@8&N^*x|P{L
zOYpUtF==>V4l3ZP`cEn(D>^G5l=SsH8rijwovoCE`+jfDA?nf`E32+>4I@6$Z}hwk
zddYtTLud%(p-FSP2&mB^zrQAeoIZN_WMu?P5OOkk%lS79Cv33i;Y8&Xm?pG{`<$M=
zr%}+}&zRU7Ajufl(#eeW@IaK!>u6ZB3o&d(^>MQlZa_%<pXi5NNA`>=-lsbv8}jw{
zb+Gae>kXc}U*&ZVu5=W;k<J=DE+-{ttsa-tC)ZMFz)!Xh%-qxxG`|t=@0Ue5x2NzE
zbGja14bNYifSPq;|D&KsIrVI=?>`E9xS!eocLY896gic{g}acw`13Z7)cCvMTTuis
z1prV=YS0~PJE+(WdOY^f!{QcW^Z_b-lqL_AkqBM)nZJIX<XT(t4n_6gH&2OY?^m29
zo=KU3SACqJUE`)OG9ndikRuucy5I?D^r$l_b&kQ+tpNRv@itxM*4a*SF4KYXv8RM%
z7~O`SmGq`G<~~mB=DL8zlUW-oG@1-A40MDZdBa|7*uT@N<ooo?)%M~+dQH2@z@><q
z_N-1KD8ora_?IsSUG_q2g`z5XL2mlyORbrTqCZj=!E1FaE!CZEp01(pIp}4n-`HP;
z!;9;az`mn~-s};k0G&PibWkeA{d=^m=~w8Rvspaf{3>;f4pT4V`-FO<g>v8g0OZ6_
z?@5c&E!SsnnWEw5><L}o2Em%(+;&B%&?zbFr`2|%QGkV4(`U$fVuk%YR1*l;qQycR
z+q)FYsmk8XJqM#Em_`7;ZG;57vH`tTew-!MlQRl=a9@o_INu->lkAxfzHpov40aLl
zVD#JZ>6+c=%e4fO8=g}?doGqwi7p~~?Ntmip`<a8CE_Y|+HFT(Iv8V#8Hq|>Z)Dby
z$4I$PBWv`QN+?VmPlu-w;6Ft?#_>*7-wKLG#i9KnAw>oE`E(WwxJ)&R9#=$LYGZ51
zvFS^}IHv8Gw8FjaeeEjiO5}~!DTZ^ghEua@CfdMs!-ti__jJh;zYf?($T$g2DFcmz
zCHBcEMv5jA8@`m+eif-{&AkK{b>onstNIYzd@VUYcNjBCSJS$>S!OgqiZ!HwE3%9%
zS%SPBt1@6c-kd8Yra=6UIua4SAdNR(G6gy!5SqN|DTa~nO2)?uXlQ#i-Yjne<WqUI
z8RLHEX4vBy4WDRm#iM{?uHl`AKD6fnR7@fX8I5*Hq20rxm~Tm`?t{jz_A3EOT6+S&
zRs{w9Fptx-_TT(TGnE;)3AnW3UTj87z(@wJP1Pr(>*G|Zw`Nqho=o$zp(PJzmKEh<
zHq0Av0ssvRi}^GEaD)^yaI5C)nY>3T8UmHwes#+Yc0i5Lcp4CwM1;3ILU`@wsHj+Y
zwr;X5Y6S1{00=~7*-BHnDsBCTq+`{dxCrXz_%?!gAU6{uO5=K>k0K6MUCwLoa+Qcz
zzR=B41jaS#kHGQ~bL^hR^C%ZuJ5)tLz@>fn@RvKF#j?!STn6soZ-VZZtL85FibQj$
z3GC{nd@*AnyE8VcLe#t<1XwKD={tDOgKU}X{r%mNskwA5`NfS*6FtoV5jEM-iRKSJ
zLpdvdiJWHJ&D0K{`jxkP2sM3|)L04#K;F)l`sCJMAU^o{JxMo}ztsD?4s54*b@FGU
ze(}KHTJnzD$~bjf82HnU3i4yoFfQfX9kr=-?&o|Y<_xaC%Y{=|8Qf4nTx*?go}3=?
z)%^IoOamvIh-fmQxhhEM8YG4qLvan=Z@<p5lM~SZ2lD^+vHP=nN%9w{7BONKpP#ER
zFm3&N`9vU}`!5AtmQuUrpEhen*T7Y0jKt<LlDRZPWT(v1qWfd_mG&H2Y1%LT*TI!u
zI=u@yaF}SB>=a)q(T1?5)aaE@L9AnV46VO?7JdEae|D12itdmQQ*O`DGN2`gw|>RE
zE%=CvaG{Lln{XdM^QG%`?t7N%^$CN}XqX~cG?rC|RgK)AzIse-&(OD+MJ19*E1hJ%
zJ@yAeqX(HJILGV%Qy0M|HeJ8dZ{N7yn0FxtPnRLDeV*O2Q$PlncsxsL$nT5w$pFp!
z7!WBS{HGis%SC269O@E>L}q$&f4H<dvnHcm4AgroiDb0ULAp31Eja=HL0bJ4-C1fa
zwYM)Fi_949$Ts09Yh(%tv*a{d;w`+4q&DHe77=gRr;-CG5FSZPh&m<0S}*5!b-XZ+
zJmxS9ze+Z~nLK~{JS6<=c{#irY$^_SD*$18M~3weH!Zu-10dc^vI-HyY2wm-;u<I0
zbY81Y(+MXUTGQv@W3CQ2lNqw}zO-}#=iZ(%xq0r)ZKuT{jUr3bZF|7-KzdR3?fl%_
zh&@G|oX4Gd@wqY_+TI1*3l9aOw?^z%PQy*S0Kb!MRJa~Xj(K(XL3mFLpdqsTW%ijM
zeApp4nws6jeD^7(?jBB4SSYtk1>_)h^<fQ#peBK&<}9QJLsk5&c`{S6gIj$vPNOy>
z4u>kr@}7Tbyb&u4K(QBcAV=U~#IW0H8GZI;UtH$#F{v(<JhJuK-uXTdh{&V+b9o!Y
z%|+uxYs6^=J;3sDW2DsGp~<%7r>@I0yUCBx)?V)7sL>wyshYl$5F4W-48W)RGmvHf
zmE@pG{0DKYYuePIpVNa4TJpZ)teUiv_G_Z0y!jc!i@wnKiz@(N<fLb8)GqYHHK?uj
zUo;11<X$9^m_I3CQeN?$nM8YRfKY%H6HhJSWZC!4i!CNYM6w|}<rhCYVbj&As7yUt
z<T(5OCoV=~G9OUzPOr7HL4kDyx*T)X?ltF2OR_Hxh>i;ho4Yf>;!w8<sO^3FZDEnO
z^1A0ffX`2pkNDa<yG;6|ttziP?YHNFjg<XL#)lwK&LM0NVj3<h0e!F9vA0V#X9G_M
zVo)W4s!NRC!$-g$mkL+K|565U>&e|91d%OCUzFwCJ;?O1{cj(m|MoHZZy%%oYkZ7$
zmU0B=&qE=wND!~8EpVwODd>Bl#uTZaC%-8Dm^t)BrsH!4@bI|`cdV*vB1ioG)}x87
z;kxZ%w(5NLrh0X(|Bof3)pIHqLF)jimvOpDb^On|fZDmzm&=~JIB`i0IX&CWl1sAU
zeH6jXNR2y%*O~2(OK_3F0Pi>x!50XO4@t6wdVI$1#NG}+wuCQbp9~T2q}KlEX>&C+
ze|<qFb(!eYYnWXP-!`rCb`68QQvsXcEiE4^zh5>>??ep!$X3`<9ZNX0QKIlM(IXe4
z)0tDJ>Qh6tWNWEM3m2JXT2;?}{jAejf8W3qgbT9Tn&z9qgdXg)J+0+mgUo_+*0gXX
z*Ka@C`MBnzoCn*HiE39BAN~koZkG0Fu#&aDlYXcQFJ!MMObiZ2PT`Q>DCY6e2iZfO
zFVb9w_iyx&^_zW|6@JYN4r%Db>?by@cx6njxp8@8D%sjL*h9FIK_iS-@|?Iar=wrs
zGV_+J!9pQshLeLl0{rS><YN`;c;LJ-nU(sB;8`{s<H=f-j!!X>se91qh$-D1{OapS
zSsA$u)ORlnEjN{v$F)9>4TC+bAB82fsTdFtrG647iog~B%*M{5J{ZiiUDzoKbF$NE
zRhB9fAXb&Gn->3;$5_fa11!bal_ybi%%Y!F`TDBlREYWw+>(DvC97HB;K$_P4ng!$
z@seYyCOwdk1Z&V%hREvO7F(wI;S=rZt#vMeg3Ctk<FAPtmGw_c)#g>VplUklHCd1k
zu8hD*`ZD-N?>E;QbQpa$;E*0_Y0~{L)3gBnUd2nz@GE(NG0*dqL!7NHpIJBSog>%!
z5vkEfiFQG`&?O^BT<Om;F4ytbPh94SN~2n{?np4-oqu>WUvwwVxsKdZfnW1ImPyht
z!=#k+@i{a=M3%v6{IUaiQ4c&W_op}g=cTV;e$pQpR2k&9N?QeZ30wKj^@-0?;!vmR
z-h&o3<D0YI!K7uQ-rnELuQ_pWHNPFNyhMuRn9g{bo$ec;?U+~p!j@k#JO?xzfPLY&
zY!^3iDzZCGm~hK18-RtmxrITM93v-c<WtNZSZ-z0gSv}~26Rg?0L5;jvCd(sD%fDK
zYTGWT9J={N^O3Ju(?q&g8e{q49cZ~>u&5*#8o8$_Zp>sWa=JMje@KAhROhPLNA^a}
z3SQCsVVE{uy&D{^^9yOJZCa??r4-5U2?&rG5paiqDw(E?7fdatm&29@78bi|n%wcn
z@R<+>Vxd_Iq!9u*UUu9j3TH=)f#$obrZ(3c!u1Ui?OH}lae4@oJl0#*7EQn2mT-PF
zdY-e+|9J0Ss^9iw!8Y9E9n3Pg<ETl{JLt*%X7va({pGpEEn;sCc2{dGe*Vpyh~T$!
zRso{jR%mDMu0L8JNq_bga}f9D2w35b5Sm{U=;ku)BKwNC?WR^Me^Z?6jXAxloZ>S+
z7q7w<Ym*@-GQznqqN4v*r-HMWRn93VrOwF-=PD)i1OrbfK9girnw8bD!3MTeZV1MF
zh{_u;HKTl(-$!Sp?N?k`Gc%RiLO49$mz+6uMbd=(W|tSL6yB$U0M2_|25aq$o<rct
zs*f)P0U#{v)?<q5;CB0y|AS)7QwN3X&OM&|p_NqGp$Bq$?^4#zSm`9I$kK1uOtN~c
z#FJ`Q<6+ODq634yg$mXV7AJmkLSMBW037#~o2UJHbyA+N;-}8yu(8$3P{gT%G9FFX
z$+f%+3i~lXJ^vv8H~GhdIO63<px@b^G_g5DW8ZSOXB?nuOh&U<H41|O61I!Y*=&fS
zcChdtHLeF32UOg0Je0p<Wa<+n+?|W?%#<3RCQhr2!i;LMdA(Fw8>t>KeeAp+z4ZOu
zJM!%C_EQG!>-*|^JjHk0A73{UdTz#Mzozgkhlb6X)ZXfRN9fO2UtERv%lBhAq4<kX
zw`a_Ee|+ch1;A_lVsn)5AL+SA=Ox(I={}(SJgOH^_}WOPb-p)Ja55<sN(A?lVcL$&
z5(C~^La#H=`tdQa$l2dRTdMVFphup7Yzm`j_;w7j5s$<ez?q>S`Q=Ge+im0NSAY($
z+jDL1iUF47f!r)K9f_Cv<gpu;BuQE+e5D<7L@45!E%uq)+nw_L(9Q9^jFo)r9qR>x
zA~{_bLc^*0(T1b5VjB{Tjwi#5pZ(B4aM5uek`}u>8Gf2lgx*dSgi(J_sx@N6BoG+L
zdl0;OHUCf+&46r+zJOj@f86I5kX<P}Z?wt|3v-$`abN`Tc=vr`nY-evb}841_Un_~
z1O=cJO{`HZ)?Fx=XC`0g%R2Fs+_V*H=r;~g)BShL#5v-;CG9$EWlZ!BDNh;|#77nR
zj~1Y3`Ti5)A4sZJ%!2kiszEg1l`<Ip(w1Qx!MWOvv<ZEwDv#rf`lYANJaM-p9ar@A
zX&6)=Pfrqk^7s49U$hJu9#wmoC@Tt1WWtx??TZzfExh9CUcp>npmPn7rwq68ZgNr3
z6&EG-+`7GnskGIBO1ohYQH~|%Q|yx8>FqC-wT;gT4qrriPLaG=<~(v<&F<u?a~X?$
zIb8Gy*DkRxc)o)9P7WQuciuB<0|*55p6<Gk$LIW8m<u2--`MG$_GtO-TE${+A(nWV
z*3K6p%g$qfD8t;XQ|uv5jNU7&N8jA9E>~hNI99SKTF3IrkgZvM>F=avu8&-5{&4}J
zQ7`e?g_M4CHsQ|Ixb}>%)g$X{b*r>u&Nld7_1hDE*!ob``9>IhyvsIs>;%;_xp|^L
zKfvIJIQohpGXkjct5hmT?`fK6y30+n5l1aWXP&vbp2g!rkw?OhpJ4><G-*$qn(5|w
z@(WzhDHDklkL}jM3zNAzFOMKKqXEKIcSyXyAXMJ&p(@?hW)tuLGqDwE2;QGxtB81d
zTAW{_BBnNcAE73P#f9pu-O*sD19LOdNrb?=&E=1@Bh7rlM|X6WYYlOHdsXDW<`pZA
z>behx@9l%P#Zh!AeE=uI;_!6LoEa#exV?I3pnuDLR20>4JP+z`EStwP{cL^S26pao
z+jBs%l9idKVXD?VRoGNScm;zp5ps5MCv`W<kgCKaysOPcY!j_uL{DRnDevN#w6n`R
zVwc^~eb;br?t_(dPIu}rcdcG6TwA-w1s5*~KKzV$h+)~`6BBTkWU&!>)Lc=xw~%OU
zX^^1~w8H=7G4jqDV`~YWaEN_!<h@tHy4hg;v?mArdhN$aNtb(lRRtYb*|{}tnz8(J
zQW2u>mm%*-hoZiHqa!fW8Q}`rhT~`K&#FlOtyTjQUR@XoJCZlt^%gt)a^#>+Nb(Jg
z|HJ0H;(J$3Rdaq>t{H6NI2?Q3tmoGk^^E*Z)v-I@bA}j~b0tHPP+@*0yJy*Ugm?cq
zVOv5dMoM_1P?v^aok_#d-epOT%_hgde9Zb1lc=VurKVx4ZkMIN%&Yu)SfY!?3TdcX
zUdtwNTT?ypz?5^6i!b`?b2#qcO-vcmrwSrPOcpY0x|%^GtaYp{;ny(g?r<JLy))+m
zWefYQ!@zhK+W4!(Q)l}xK2MjQ?y4r;Q_N?J8I9L+5wi4up5PLiep^sY-1Zl?tAa+I
zY70elt^|Lk|Ne4x7Org!TUIi_U)WgMA60H@x+P=EY*VR}$<PZQX`PD~XkI)T=W`$O
zh(G0^3j@Qf{Ee7fBY&1d8Di{dhaq!;_?q---Y1u+U9-$G+bLloNNz^ap*t7b-?7u`
z$IfNv6c@YfVsi-|{EHh-Lm%}d%Fzy5T_3Yb?y;SR;GN3j3K^~`*Hc+9@By*Xu$!%2
zYyBdmP8x-1F4=I(Wo7KX-6NF9u8mF1Ox$-T+d*xoB1(2BxJj#kzQe8UXJa_rx^&N%
z3?;{Ny&PVuEwo=>-*BkBY1WqQXX?_{X$rhJNb3`_95L@UWB&dlD>*Vs$)OrOSX9*?
z{803A@>D)%Obq$>S|8@U4D5)LH;jYOhmO`jSm9qXTwn8U=E8(NV1hophVx)U%s8_k
zjNFE)EgtnKGqd2(Zj9a(q2PCY3m5w_V*kQN(}@_yY6tC&Ej@2fGj}2^oj_-CWLX$2
zOmyS(8V%mxT7X#npDm&b0~chuR(6BP*EB|r+<XRg9nUg~VtW#Y3+AQm>VuS{mt++<
z-^DBAp<#U%3ShL2z*AoQ1qmR=ur`S3uwCvO(irtk`t=#~o)3Dkh8T%wz}(~CGk6Bk
zU`^&3G)J6ioqnf;NCJkNtvfEF|A)A<434AO(sYZNEhdXB%VLYEB}*2AZ80;W#n>WC
zvRD=~vs%o|U@<c@GxN5;@7~#oyF0V95wo!o{iC8QDl021D=X`L&U^A6Chg$^Q(6la
zX4AdBSBtum_BW@J^3Tho9i3+2L*CW_!s!oaF1&&5zPnQApQo7aHMAC^#h38T?}Z|Z
zcbs;i%D~_1?l#2;IFN24l?@Ig#yA`9nK+Eq1(uw?kKqVh91^6ph@0M((KTa&5S0y%
z0Ym`QTe3qp2P6Xg@?KB;+3M#F0~kOx!AtWska}M93n2{P`>1KF_u_!QAG=+|6seCA
z*&<2$=E45v?)nKH7J2LE#8yWy9zb=>K%KGjb)Xokcmpb~8NAm@6yV{aV@n~4j4luk
zGc5Q=$4l5-+8-aXZPKW6Pd%^FR6*>LrEWW{U-tug)7ex&**<TOtpGBS-`3s(KyU(z
z7dbWTu*h(*3B0@-h;SYm`y=7ykbdeR<-D#tJXv!98M$V}7nBVx`E&$@HCB11b1jDQ
z=36<pStdj1pB1N_brGz~#b!$l7jWf8Gs#cX#msEtmI~<UnfXzm&d;MVTj7hZ$I@lu
z=$noepUGx@3qd-hZl&=2*H9n<tL%&Fsjk7<#ZfNv%dFoPk99e*wKqI9b}e#MBmfLR
z(HASAqWK<>Vp7JBf7zArIV+TghKUIqz~XV6^9Im<*Pf!^k)orM>9O0oO-B+@L$qMw
z=jRQNzV=u<fJa}{hgR1+tZmYUk_2qLBaoqU+Wm1Zi4)(<Dds$=`>;IjCS`K_BOX*n
zn3*}iOzB3}qlmvt&e!a9nHOp&{E!Ex$)4UX>Ba_%Ov<t^f1dPPj7oU_1-N%&>SKqi
z;WWhLgexeU&hrpnEBY1-n>56z*dtq?Dn)G2+aboQ+>f65X!))9R}}1-(T$6V8{C^!
z2HIaEsOT4Qs8uqdMVctsg*f9_hD+U_LzMeaTZNPzMG!_>$#z&7dR9t>Z=6JzzcOcM
z7A5USnj|1p(&TuS=Cn3eZtB04ZWDdU`MB$QVpjB7CQL5$GK)=6K(jY=Eew>Ok>G@$
zz`-Xm@J0ue<k_C$1LM0_@R8ydqD)UJ5gx_#Zm#94w6fF6H1UTd%nO9aL|;KFCf13Y
zJP#f1*;#KWi0(OpA=JR5;S{iH_U6VP^ygNoNkGSmA)M6|9X9m6KAh)~2CKK~2nka8
zAoiptcMETP_Sp%?3tdnrDky}`>u*+-Be|CgC5H=D?~B?nOBKXa(2vBm{_!n4RSB%f
zMX$7tTQpKtbKX&{J{?1a-@R(Pm9sBDK9_fDy=+jSEK;=rC&QYWxG1N2wD^YA`i8ej
ztBUu;HpAx8^6*ES*Q(P-imMd4%?jdu7K<<ygLwT&R7oh(o5jofn-M5BYN6K*Yd9rO
zCq}QAg*n%WerTT`tHJeifFjXBfQDV|uWNNe{2f*`p$6DCaz33qMGFOE{DaSf8ymiP
z$agm*pDOQ+fVI5K8It~+s%w1i?!5DDPm=LDnol0h&zf}5h>^Rfg5)+TMQkTOs7><>
zLMk(|OdgT<$&v{+hhnq~w%zYt9{>6^-P}3$b=qcH4j&Y>Yg6S!qo)B^JfWC`0rVyq
zkRk+W-Jt;)>ldyxSR~1qtX&ERq&J?H<zJm4$=-?eePm}x;w#fw50!_`t`c$TZWuFf
z(&wc%e=%osGUo@M>C^!E$GZ3|ODs9n;!|f?qi8ssD`FTQ8mrrIa>J@3>e3@d*?|DB
zqIk&WsN&@N6CVpMG5N+UVX-Z}Qn9{ABE2bpm70m)xpG%EofHT)$F0#^;OS5+p)Gw3
zgvdDoORLcM`{AlE)Hz;v?n_3*7sJs&?nGKvT@zw`a|ium^2<@?5mQ8;miDU%8`d*h
ztt3#SlNMgvoI#}!3&)*+S~=!em4zNR+3GVI1_BhS!vUL}huNHa#W-2?eNLFf!Kt{d
zd2DH4Gb{kJ7V6u$yfk3V{c}HbeU?29s&_3*e#)6n6>urKa#!IbWVUw%-(H=FTS=}|
ztl7b;I(<(2ZQA+C!FTZ`g6uw3`H!Hac<@)}hozMdcw~a(ACK>o`u4YRUPt9W((2oO
zZa>s6o%B5BM>;iTA;Ckz3+GBTX&W>j@fur&C7(M!Xs%0aW!&$2q&<O5gG;ufu<S>x
zuom%ez9xM)3bpLh)*#DQ0hf}>@RUG#2Q0Pp2jH?s9y*s+Lbs^9@+w7^utE!6pU0s7
z>M35Pqe@uxk4K)0^!#$3on3L`a*;0+YT4ggJ#8p$pmpDGc;D0E4qF@Nr7%(da6BCJ
zByg^y+`J?hi1fn{DP$<s$P&M&0cuI0ZWHEmPXfIIN>RF}a3%iwtOuLotleumpmf9>
zWJ9osaqi1OY@FC9dl4pi23Mfeecap)VDTqRkAi#`GU)Mim?`1k&{rOWinO}qslL$B
zg=k<m@%UL3KbkCLPS$i4a)S2TwLdy-`_^Mf%7J;CRMIT0?Q6cHrBY33Nhw^{nF}|%
zSS=CnJaJeI2dL@37r?xA#iIR=7u}9CszWN+X1_t^oI%RtKm(Wbp3t^Nh;1uJ!1*GY
z5Lsh><C-tNvhkvMNG1>i24MPIAm>+c_|lE*n`##IY1|$a%qGL4KtE6T_AKLOItrJw
znVr!_H%TJvyb>u!;=TG(fwanqkjRpih8V+Xe-nGK!P8mQVd6OM{c1q(@0mUnCodOE
zZ-sPDW~wme5bYMW2|RToN2T3KnF!}(E=iOnj2<cQHs2&&lrBen#5<Ej-k&Tgx5u#a
z17{qP-)h^Jl(gpS9u+xI0BG~>3iY@8`p!c%YRh44Jgf33-|a*3j!Ohr#(^wFhrQo=
zXDZTH&23-+Y127$Csoi|uygKfX7i(!+IEe{-CEvpwK-bDicw)rO6hN!=2yz|=?Zg5
zGr+_%htef5VnetB2AbNh*P{tm6V&T1?qO6W1`FKoUoEx5W>UIHvZCu6wU#Oc%J%Ww
zh$E^QuhYdw<`O7>WCzjpl+@F{<)?VNgq9Xxd8qOLdeYl$V`l(V*VO<&5_nC_n3KyU
zu)Ah)m{|$vJ=H_ui9H=C@jZS@UTZcPA{thL1DJyKUM%P>h~CEC9?+9}wtKltrSB+-
zXk3t=z8<IDGg~+(cS$OTQ{@$9Z#4oZPE*6G9P`mr-jCaPNJ<QO`0O}{;=G+gaTlOD
z;f;f$@Ox?L4X>l_gW2DBrZ4WfWL@!Z^IF~%JhHF=uq=UMsxyxh>b7l!dz;#f^<=$2
z*)(fi?wz`p7?Iw`-hQ}0-}!WLC~X?^c`jhG&<-3Mi6qIY+|FqplYeWxbMPHO91(Jc
zs@|tiD9OIijz%;XT*F&`+$ueC_a-<%TEXC)VEnb0KuYSP-`4QV3Dptu!1%{TqWmVN
zRghLVAG<Ij#npsMPZU8HQ5sWMIF&Zx&sbtIck-9@Q5_yCn>Za-;E^-3#s=5NWI?~P
zccIN(KVe|0{4j<0dLH)IyO3sPo^voQh;1Lg+<I<=e#rn8Q1dwrB~)~~_@rL1ZDQ{^
zpk+4~352F|10P`4qf|@lb86}*3MT7TZJ;a`D{i7)pkB&gA5~GAn_K;qdJsb}g%LCH
z4|j$ud8&RqxErU$h8@32-fbvN(x?*$DLo=pb|3jeer-8L;XRwk6p)%QPpv#7c)H!4
zt(Iq{lL42SUIEIE?25Ql43LZS(`G19#(y3ekd8;uSvno()#}O}^dCPho-%h-ogV+H
zbR^;Z=agRJD+|Bs2@k!MK-%TFcz?=8)bkUC6ad-yyCh6u0zIrhMPiDn{`r@}kEN6H
z?+vW~;D8@@iO##&bBhMYVz5i{h_|qQO;DZ705GpG*zHt%(>}c1L1FSOiYPPgzu)_S
z@`DuVuM_;&&-8y?wSPU}Ws;#B7BMq(&ZRU^2WP`@kZzKz{~BxO)kGVU;rV)cSi`<r
z^-pX3IglCO$7@Jf%AL|khogk%sm}4~6^g?Dkw{<$;qT@dlm1y<_i+z7nBKw+aGp~7
zDk4&g4F2(VTkZ+=_p%A&;T)`+qPUeDEF=yUZ@?qYo%N_=ka=6a#!G|SXf^W_UUhy|
zYT;MWW@J-A@i?vo7f9&PQgker(DQ((t0YWd0j=ULM;CC~*uXu<Y5)9IZZ$E3M92;L
zbK3;Us(cRJHE^K!mP91Yh%oQOO5MDoF`aVWoa#&ywAh3woXl)#rbd20cxZc{Wxvv|
z7nGb8L{I3xU8mMTeA-<iy+y=jRG7N5T)QITF5fDk)Q7|$R~o)3mq$%fvR*!i7zU)o
zy6$*ziQk|6OnD&6paY(sUTS<6EHqOuK?n0fviw0h1;pE%^TiOe?cprEctRO4wqul|
z&{QWrgpIpvDjONi1`U`!e%0!>?@ZZWdIc)yKzZjaiP%vJ3t@8lgcz&g=I3rJ*#U%f
z2JQxEKvwmu{Yk_rG@lYow&#>(su9Bia$;SNq?3_w9$ZV8@5*D@fUXlShJpT}q-;(M
zP+JiTtiFYtchAMb)L9;&7K4@N<@b^mKa^_XYY{ZnBoDWxvgKAiR{=B128FXOK*)30
zq#;9~kIQVO#0u%zkVx{R575hSjuw5Zz3Q>OnCwcQ+ke5J|Dp_D%_^L5cp6qTCPx6o
zbM^R@u)l<Om(scNt5cTOX*H<qSh{()Jk67{#i)Y(JlC<giVp?NY>OM$^W$#xnDYEp
z?jVb;O@vjXbV_?f(7t<+(__;U-Ux6c#^#DRD7rbzU_4Z<ddfQ28~r&ruwXax3|rf6
zWB4TKhxvnPXS?_V<N+K*xf0PHXbo9zY_lU7EboroBA2*a4TTT!8)Jsd;L09BDOT2m
zPM$`6Q=H3gpp`jy6IvyZ&7Auic!`S1e4dDlA}6yVL(XHpHVZ-*WP#f{7>7@p!!H=c
zc^YVyIq?wFFr=eHg58_4{Tr;Y2Q5<zDP}s=4!X0;On;uU2`&~GAQn==;pXWi{!S#0
z#y3?^@Eo)4z=jf^Wy$-QE4_(VyF)fqIFmsB2{8;Ch6As*4uh+`_Vus>V+O}cgIsYW
z%;9HMbWtl8$%C=xM5iq%&*M{zu=rOczL5iejF<A$Z$IwKSg~yeSN%ery@orJTrR%8
zs%l-n7c8sUA_KHPSMJ=_5#7?BgWzQ<nDvy-Pc#uJ6wnz3G=9631V-H0Vj{k43g|6C
zq8u32A)2v5Ibhm0FX#bhKX-F__zX5rM`{-z1mrdBX(AmGMwfSLP?lp!>~@!UE~1$-
zI)OwHuaOEgH4eM*Zt`DVpDjG3E7|Vvl(a9OZE=p(H9qW$t=K06o`MX@?O@EnW-AUE
zY;B#@&c{_wXW2irZPWGF?}*k<UIrGWtrRe1c}e&@KLP**ttMQ@X7_s3Eus)yftW}D
zj(B&fXP~ca9aat3qV9P7U0&IC@@&WI_i{4oY0vN49At=T>_BQ^rC1$ZsBo?}J@Q$(
z)`EgueQ!bkzOS#$;E`Uq;EOM4D&wW1f9`emPzBB_TK$l*H&<@9PoTn=91T+0Yo!;8
z=;r4NQfmOb$b(PZ;xZAcwTZx;OYk#ix^~#i<`Vuq==?*K69#x^P0#4kL?_~Purm@H
zt*^fM<uILfF-Nk~{g%j<-1Q#KL^=pMjtM=gk%tGVBmpJe@|QDlaaxA)Z)Gt!UL-_0
z6%7w%&nGu=oTM-d2}9LieeA61TdE}=1TQ7zdRQuvC?M%eSi6SR4&GCrq|IG)+y|VD
zM#<S54t71K+`;ylD%}$n-kV=qqIaD3e7@&JDiJDE)_TzqRW_TfDwQT8yB&dM4mLD1
zI>8dHEppvc8FfyqGaN}Sl{djkS1Acx1O>VF!nGQ@LwDjpcP_8N(KUJIuJ)00zDRc^
z8CZIOkdv(H+hp85%BYIM@9|smW)`Fd!;#L;@a9nKc~1$e#O#$aArqBVGE=sz7e$iW
z<l&oSj|Zm~!1AnYC2E%lpuA?u>o=!27iAGIa%(##8|T0)(dnfo9>+ZMZ~s?m`d_)!
zx^cwmEhQ6IC#SNFebzxJ)Um-+TcEz!&q7PJw@btL>%Yh%={+oKX!6kq+2rEN<-R35
zHy=u&Qo%Nkcqj;SDuYjm9{6d|Urj@XLcXQ}Ka6sx=@^w$45L(ExqEFA>1-@+nk@qR
zf6vJ45p#-#q+4nE@*o9$3wQ8THy5jwBZ(#;=S-0UdfeW(>W|S`5T{Q<L*5HeLVRH5
z<qzP4>r+UTb9o)NRRAs*^q(5HUXJ5}er&544!tfwM3D$w63_T@PJtnTm&LTl!q{gI
zg$%rl)l^7EiH8|Bnq#UhD}8a_{I_b@<fpE5ndLk2*R|>)@?3AAycMpXbY97jX6)rM
zN_MVJ4B&VH1>bNsVCXxa<&^PQ0L2#}VKnRp57WC3XpF9FZ6?FFzl)hT&|5$9o>p<V
z0@ldL*C_TAb711drPvdbop+LXb?|VVJng?DUu~}rOY<nJVgPC!*A9qJ@z;Lk7QQwd
zLhp`!=PETE?MOjJ7wVCe=VU^6>=)pjiknVZf!K@NKXTi~5ufwp1w!7vfZizV!s^|i
z#`)f}hUjmr;M_2aw1ns5W$}=5!yl%sZ@g?C?nv7B{l3>#F0R^n9lzSa1J*)moj5zt
zAFoeZkS)%g-bbc&Kna;8W-{)@o>S?Sb;yRnQ@&B)Z`pC`ljxOk%#GXKqTvJ`o1OeF
z0{~J^<ft%fYqv&q2-mUR`(HHEKkM*!L-jdb?XPp!KBf!y8FH!kd~$4A;FoGU5aX~o
zJYaGQ`cv6#Nj`9CA>DK7rOtdyKnz{4JLm$e^&m((NUqlce@m6m2_ljuJhg@c7%Uq(
zJ>sh+xFdY;#c@A*&CPRG0JorwUXgCBM?{=Pgx>O~tLv3~W;4JSg%7@OHw~5>!0kaJ
z0eJhj)0$7)d8uHLUnO01Dg;NzvID$ZR*~l?0JM>e9p;DDDJt)giT$v=9vraXFr%F;
z1N6IS8?x8MPGO<O80qXt02FV|Kg~ChfA}X3bn}u&r_31apk<=_@U?T7NJ*3ycW1b}
zkm=1NxxXL6%24wsoTy*l1-}~Maq)K%;{?LCD^8LCKB<0BsfaXgS9wdhwyVwXx`h9y
z3Hnv#x8B!s0U>DWZ0zK`f0prT(`{Gf(}Q5ossQvFQtD9!<hGe{8GT*Jv2`May9ugU
z#gHW)Aw&a=b&@VRuDUg~4COBVLa)Vh0+<8Fh?4<g!aDWeCXl6FM2CDrE{-*#w{bt8
zJyvu;I`;(a&1TKZ*Y~TfdV@DqQs9iR#Z_losJl-U=TJ-jQ>2G4_1o>DBQ}m61aJ$N
zl8Ynzs0Rv2ZN#MaxI$&wJ~@6*r70g^-v+h{Xw&{=yrnI&w>wPJGom)@*=%c|Okq&;
zc*=hx%0bxdWKbQwPajwDU}`5;!hTZqBbZr1P+M4YF8OA-$`ac5Et07o_r&fkLaWU3
zp21{ic{>%-My}dhVZ<<|<1y=jGM0csO2>#rgx_VGM|o{EcUC%3%9bvT*9ZiMI2Q3F
zydz6^i=DZrjp^5*TlWVbp_z?!wFC9tdb6gsYWDOp9dDuz+7vr7;K+pe!bktU^)lAH
z@spOD+iIlz$G7~yFlyhBbJs>16XX^0etFray|6$95byv1BP`|%(+SBcU?HL!%YeY@
zw{)j-+hm_t53|}QTt%PceWX11CaU1vp}qZ(Mb)*{th9_e^m_coI*z{5K>>8vn;C#J
zu_FQr&BxI(%+}a?qlfx*e<2!oPmQYvW=sk{F;QPo&h*skOXkZBM$Pa+(=kTg^z5Qt
z%jF+w+~jT%DjcU=`$rX#g}DdEl6&#td3U`x$4!$kuR`(qs76!noV(a%w=y18PNaK`
z1N9nFjf2T=7QiQLfDn&DMvLmK>#uUhSoJ`MoVDZ-6C2oW>z5^+GUZs67%h5+Z&leB
z?{!P_$WxNad98I=04&?IBP)nul}7GU!v7OqR2U^0@Bm7rCM$T@YlxUMCC)RW@P=X;
zv&=C{M?YA@d8^}6Ijl4|1l{_##XJuc{I+F4Q1<XuBGtf00KB!O=@5E-+PeR{gAb_6
zZ)`v^hj%%Dk%9t*LN2z;3IRbN;qs6^=5(o!-+vP#Yr2R1!W?Ud@>o@#*B8C6U!SR;
zKRj~&G%1cxo~&>*g0LC=j>*+3^dzoh>eJ{SWf~^5oLM{oZc{-<R_DuN0YBsQ*~RtE
zW!OUV`-_DaMzh?K>@)5R=?JTEK^n|6AG3@go~F2Rb1RjfD)J8};-^8=;?Y}0CQRtd
zENj1QVtybd42GqG#|j-&Vgs>-6K{4)Wu!$iz6uGo6iQcrZAW-eJ0ZIM`+^{YR%>o%
znC`g*?$~((M5$fCYb-b4a6X18wUeR-$*oP-pLs#pLEA*WxXil9F-y>E3v!z5OsZ4#
z2Vu!ABi8ZjFE{iNP=G6|bSqH%qMqYp3J>kQ%ca<FeE)HNN}p0?1j<4M6ED$;el6HW
zatFL9@7!@HkCFqolk+yuX0xAJagbL7yW3%R%|s)7Qq6aCt+#ryv%I{`*i*iK*H!h+
z)gb@pRU@Idse~k3jD$P=0pDURK20?6AXX$Nn2sM10CZLH?#hCB`v5uAZ}fBto=3Iu
z*%g&0`S&3?+G_o#Mq{T`RGcunVYkUh*e9baU9?d?BT}$`C!nC2%y(@-cFZ3=F412<
z$6=gID|1cJ2A;n%(AZPriNiLZZ1Wz^jwI;(?9uP&JkMK!UNz#_72LD&#W-?uTv?P^
zjk{WZ#<_(gWty?;4{X?-HzmWb-Cy9@-l(Z`38OsB3&(sMRDSr*H5p8h&8S0E`x%+>
zVu^P~>Ifo<9te{Hs#!=PPG16k9%v{DJfoQFQqkda1;b*A0w^w0*2V1@d6jBPaoc-s
z)MD5avW*clM^k!yo(@DzhBw6`Pbz{~M`VH^?YF&Yr7jmDr&e-kd0hKl^S#EVboz67
zu{am%M2EtMwevh=sNxiXCy)2K?AwmAB<z~NGR<aQ&QI})3WF^~*tiT++hmHifQ$x*
zPXb)VqEAiVZvxW3qXr}6uyV=8IB6VAmZF$n+7$^Kf@fw;JWHxl@!67#6}GMkx?&yB
zbgJal9Y3pO9s-AaA#!vy<FCm(K(`_@c>vsw(>|#&!C%dtaWg}HYD!Kp?YQ~g;Bao#
zrlt-GFls*W=2p#z3HnIjtoq1AjhScJX@f~fT4SQr_(Om1a?zLIWlNj6$r!`N$WP*V
zuAsteK;2F!;-j6O6dMpoLIY7ccS)lxrj&5=toRgqq03zf%{<hu4pJj)$0iEEyy@@S
z=3oI1qAzustd-a2zRTof;K%K$PXyG`s)nun15V#kh})O#`GDMN80|IQ?aZBm6L?qZ
z)7w7?)p|(LN<At*Bl1HO_{>9VM3BwK!rxl#eA3G)ar7F>S8(8>YY>z!G8>S_sPd~?
zr=9O)5z~>1;dCOjt;o&F8&xb0FHw(r+`Sq{IE2YJUHh}FXN}&i4!X>QO?ID_ep2Tv
zr7qKtPNQYZ`#GF1)N>7q-xfo}UZ2b>p`~5XrBN-&JA?v2z^8rpp@&QTGEUBeU2kG5
zXeOuT+V6a`oJ9~nqRyC9tvOc7UiYrm==f)Z;FI_3O$@M(O`^QyY4f>lneEl;*t*Jb
z9C5(^9||R!O|^jhTAXm#3eHhil+#Zo>JmP+S9@h4nH!X~Ri<LSwCmV~p~Xrr`PAl<
zyVQ=Eci%B`9N-4>@YSn*W;U8Ps;oxtk@zmnAgbk)CPCW&R4u=NI@r&_D#u3%Vd^Vv
z#$h`}N&CpBuX;Kf;)4?eLI1I8nD|5}*lrH1gloeRg6W2ywt5`@S2Wr~M^~oo*}~oL
zg)Mv%JxJW#C({_>OE!3FQa1QQPE^HT%lOJe0idH}Jb+6UlfkRz%<C;2-z`#qa>;Uu
z*vw-WM4xjjB$)Q+F=v1g&hDa*>n4~vb0BmgIY)M4C3yEA>4su!rcHl7r$O`e0b-*5
zF5Dq^{4n+^j-s}E4sbAUpS2#`E-qZpkZmhzgmj!~F2R$y?165pp7Z~r6ERG-_#z~<
z%og$SVN1k;Dy8j|R`$qn*Scxv#Ee>>zRGb}5H`~|#<F=|&d98KSuQ%zexRy650%0`
zVBU~otMybHNylp8e?p_9srHQ%8xCVbcGVL=U}>KK01$nguLcUZa^Li`E(Ck@oTr%Q
z?W%JcPosaO^XZ#NSbcC0f>Y*~D`Of4X8kU)fGba|GdMj`7ma=IQL89q=U}y7c(rN7
zexhbt{r^ZAJqROz6JPFE@A00dC47AeldI^Tu>jwI<6xsh<*DL(X&MB8GVoG>O>pI*
zA*trp-Ah53(sI>J9RxHZZm>_@ogU`1uTJs*--}~hT|!kD{H+M1Y#uMOgiRatgssj;
zad(b`2Q#E4baSbuH3rVAR(6n8E=gEnyphqz>Cki8p;ZQDV`+L_&E6n5#c|p_nPpbi
z-x?m6U&>}aY7zC_hA(2#7Jem}D>8>Y7<Sedl&W58y>y7ELA`n?IP<%<pJy{$RB(is
zf7;=zsH};s8+MIPz{4&TNQo=2^Z6y_6+=J|mX@Kj?rA{@ljE|98%`vhT4mcTwzSNj
z;~#Z|sBQuW;Ds;0XpEVujhUZllpGnzR1h<@5udLoe{S_j9h&8-fg58$(eM0x!;LXy
zZz4S)1Vff9JiP>O2sv8)s{Z-oJ`Q1b889hMNxdxhkpAN11WE%JrEw5^GD!DfLV=dv
z44u32s8cp6Ch$HF7fNWBg(YKT@JY-yUs!DvTT>~G^7(hJx)z%VBr3?h5bu4EZh0=!
ze-O+9nw|KPDWvlKBh|A<Se#iNB+f+#tbPZr*QYuOzpVxdNJMEbV8Y!;6sK)2;Uj9f
zIT1XY?E3i{fct!PwhocH%Zngzdk#4S^B_!FyOH504WG3y5<Bp-eo&RSigdycwUCpa
zBj=r}%US^`?>0nkQPK(uDaW+FI&*RnStt>Sj45J4Evyf%MEjWSk^D&9<bE6YBF3;q
zM9df0K7+4is0G6R%*TT$3LQDuAK9n%4qh$E|99+0P=VG(9WQ?0CRUxO$5(WLJGOlK
zrgph&WF!n6K19)&Y*kCRfe~6Yfo0om*u_pLfKL-1QBAeF))gN;4p*^#A}}oLU0a|M
zga~ldS)VR@34y2el*C2;(i+`x{5|U}2y<K1?6OOXo6i_vyZfXc(xYxI3qx-`gh^+o
z<)s??XnG!Pi?WhqmHcPzYZQmVe`n%<1({!F%8S&&*~zfAj|o~~%Sk(1xegYUZY>5U
zWd%PmfX@U@v6ka}o3MoiE@lF{hgA{&p&x$aU=S`EU94E<7b-Sdqx4i+%#WRuMa3lo
z05G|EqAg1rO^Az5!tr(*B^jz5^8!>+ObT%#TC=tTxE`z49|I6BlnBosLu8KA_3?oi
z@T5iK1tqx@4n^MmWh^bikOyagQ1Izgr)?Y+^m2s^8vJJe!L!cQTlLfXbOZ*>A5K6a
z2z%kz)lv2P%4|smQ#(R7;(_8TIL}5Yw<GEB2$znm@ob&(H?Mt=h<rz@0ypOPXoLWz
z;#T|XTpf%2c=Ii$j1yXz2F~Z0^tK#Q2dBs{E)IbxUiD?a{)ymk8(9*qAS`*CCRGMI
z4mv;47QE_)i>N<Vt8Jwx$FtsM463I!8qHtAFAGa$-l=vtt-;(N93M31y;V*BHd^`i
z`#H7-c1~C~t=lp-?Hbmc768JV(EcEjDQS@t3V%b#t=iG-4FB<>()X>tb2JK~)TU5?
zgWwOpdxDxosk2*MZ#J{<^DGxOZwAGqZ_8O(>FdN6e6>p&owy4RXS!jAm=FU)W1h12
zHdt&<rqy3$B{vW1xM(kKEenn!t)$s7JV@)zudN$!XR}J0BJ=ApKiK2S22A+;{GnHR
zvWQd}yKWJcW$DuZZmhJqEi|v)Ro`eUjvWfs{QMEWY{rS0u=&PNEU$#YxUWO$4>!XP
ze<58-=a9AhmeJYr7a(fxIASKTrn}<5h21}$z=2CVPsc5P4VuSF!^Av+S5+!DNBEl(
zK|at3Ld*YRLZ*Hlt>uWBdJ3S1cQ=Aue2{s?6qLsQEg$+<2=jjgN?m&Am&Q2%KY<cE
zA_@c4ANZxs9vS$c3u+#`GJ}v1%DA%W19R);m-H$266K#tq-g&J^U|t6Mu5y90>9vB
z4KaDGT`%pIg>=-4Ulj(u;WXY)-}uB>97)>Jl>$G<l$ALTHMJ4b&^eVC-Avqg)6<)^
zXqrv!FP;*&FPJl26OH!0#_BqUAc+)j<d*!w01#EHMKy?c<~qHaTY33RLHdyef3lPQ
z>9LGyzgJamou;)92M3g2p2$LB+tr8`lq~M3<nA&S=UA-fIeu5Z+ht^A#k1=P{fBVA
zkP8QX!oRdr#(n$??CtejoZmaPMN|zlc8!!BB`oA=l#N<ABm+uTiEqd_OzS=KlYzso
zF)B6E3N%#*5x1{Pv~5n~_FjBK;-{7k(;x4mv^$IR>Hp@C#XdwRi;F*rbr)Z+*ANba
zYD+L6B6?%jyrj}9F*=Bi$!xtIsL-0Bok>+tWDGG9d(GVzbUe-e`*|L}Yk^mBscTI7
zthyZrV9itQ@=+t~G5QXu48wRt^VhfrX^>}=8ha}%t6o}|tAJ-ofVd8g0e5M`3d?vY
zTMsae8=ju)S8dXcECTN(y^Q;;c15*DU&t(?^R3E?HgDzyNtNu%3_$lTZMnK{<9k%>
zW}s^bq@M=<i|h?<OrtCytc?BUBM0p}IgOVdOWsz>@oH_bNrX*^x5X+uM9ZTL9vJ11
zQs_W!VG`zN<JAvHuA2HLu_REj{o@jCIh`hT=Xc!CN1k(}@bRJxHu=lxop}=9)sUbI
zM{IQ;$O!S&7F;}$x8C;2b1VP^7RY$(I=!A$>L}T@xuUiv3Q3<nB#`x6nFGV*TUYYn
zI~H4KhJ4j{w^TS3pT4C6f41e6_Y@r*<}nRAbasd8?xUalPbGuxa$aA?^Cr!gsIY{y
znL2>xUti}8k8XKxlsZ;(X52z-3n#B_zZ9>DcYSVB2E}^)rnd1qLgNAapm-J<Jhmof
z{4bFM+rzf^e(eHtU7pm<^3sy+3|v5WjokfZtN@3IWo&$j54eT>kKyz|-t|_e4beOK
z{FEwpbLP@=q;V!G40@?qoTo0cu>@jC4ypHfewM|`%N$p(awIR~c!~I#{2;|NTmH5I
zU6CYw)BW3*UXIr8y1vO;P*h||ZYQT@C?3Y+bL0uDbV|nT0jxbXb~efWQ}tA+Wh(bO
zR-h$!+b>jmCi5A6It_=?7&yRM+xemdSJp|V<h@U}3AkOP)@X8Lg?Z)OT`HU~I!2OC
z`?w$GgR7pOL&C`s-SMN%1VesGUGX&}_2)74qr>h`#<KII>o2`<E_WKys`XIpTCOfT
z)}ue``*_@wqNK@hQ|DHGwh6|WK+;_qsbPemQEhAK(;uPe<1}*uD>)m4=C3B&re?CH
z&_n@iZ$Ry{ZQ?hVDLAHJo|Z>dA9R5El;2%@@b|XpSU6Mw_(|UYX*i+vqfT2U4aU=L
z@jY4MbZ&2lir6lw_8kVqCIiDyEfDRnb|De;&i-=5gAo9DgX^?|pD(2IvfLbF;C~JH
zs)112dhQ8@u9oz$ezYDHNKki>Lb+SeZXLn<GoZ<q#vOe}@jKvyTvVm4ZGrU3cv43^
zM{@&%rU-tZ1CN<wo;=Ge`n#Qp9pl-oWYk1#e7uhwk9(=5yzZYxk)$f=je8`{+6ni?
zafJ6w%uJ^1*d0zWF#o%)J}}t9bZOf5O$G$qd5!Xr1#z&GTW{E%w^RTCIp=&VM2$t0
zJ24p-SgB0@)8N`w6P~rXaAm1*gQiy=?hXbuO#7SAN)wpNf2!}*sQ<M6pj8yF5BJ;#
zp}rj$b#BF?5^+A{Y(J<*{Z;#9jW&ZG67RkQjJ$-Yg^ZA5B^5cJKU_PWzI<VKewanE
zx@u8hsNV^iUtMW=g_Y(E#1lEc&HFNQJ}82Co9p!GC4Dw@&6YMdAEQ2hOT-&eCo)Vf
zlWP=E8+i^Cx1?uSH98+ixR+OW?VPC6G4eDx(2?MVEei}n{(f+Ix7BXMD*Yoz*jEWZ
zy+scfH}4B1AOSw7O<G5KD-EFy5d#THW;vEQToa!uQuJP)T0B0zUt$ov3ji>ria^u^
zjG$j@)sCVjZ-O`A(S<6HqP3#H7h<;s09s%N=ZDMfpLRuRgKLb1;1sBoI^%~IgT>zB
z1uS(#U%(z-F*mw5X7JruK5HoE7hEWi+Va!otSC>QHxoj7eNKT8Qo4mAZYn!IA@{Vu
z{zLY!v-adfE>mG_>=T5dp^X4NhN%e~HR?9*T<?HffgdFj02z*9C`>=NK0;zMcn>&A
z=;|Nazx9S`kdd8@q=7B-3$Gs~DzX99{*5C%uoSG94Ji>)$^Na(UGM5_!vcel&VL~y
zDT5oIV)>=#Q2~A~c}J;dLbSnarjDYXJLga4@ZJgM-^2_z31g|Jbh=}Wp9(*^c)fAX
zoBHruM;N-Vz^+Yxt4PMN{5<qmkDnViWHttFbb7}&SZyTWdD~-7+4M_L@Uu+8$GTi?
zxQJZVw(DDLlwy|@ZAhfz=SU3%P<Y-8hM3<N;vXa1tn(qtV5_m$3|RaTOxL!M`#O2v
zB);a0OFR^jvfv<}@^NJu8PMA}cywd`7n;a>)3gh;X<8=Nbc>l?@u!87LpwX`>$`;#
z>&!r>s>Yq^v=M#Mzi@jP>8_Wh%O}bO&xkibJc@$Mw$U;WH(wK#r$S{`Qm|xbIxPTz
zGK)*R37xUF7VcL<7$0<&+q%4fV)fj`fBKv2`MiyDz(&EwN-o$@!I-+cRF+$=i7|Q@
z9{`Y`<g^M|Qvt=Ml<N)V?>dg0+5}^;yase!qNa~-9|gZY7s&>z+fFqaF~L^j9my$9
z*@fxQ_KR72!i^o8zNMpRqt8c%Ld>#>nC;gad=5HDS!y&<C6rV@zq2Vtq(#9cf29-s
zCJSG-OmJ-Y5NuQoOiKAiANF{Zu`xIm5s!&~lLr#Ppz`4p9nd_i9GS8QW${P~p>#z8
z+XT;y4#dcl@dDt;Br!!`A2N3-H9Ljrth7BHUn2+p&BhbiCV84b<C}%^nxhlmB~@uT
zDURh^R2GH9c_h&$Iik~M%L?~4;U4nF00X^NXS#>ozZ8l_l3S@ASbEMXen))0$c%vz
zzW}R437r`itf`xCB;9p?xeV+HBJPqAUxmcZQ2xH4l0+hof~+HM<G|<94)H-X$VVo{
zdCEyDtRo%nF091Ztkwfxx~etBK4=i{FYTHVZRvhS3{y0ajLddv%<f_r|7jME^GrI@
zHvQ!h+#aLjL+jAldj7-Atjz}beRS`<<C{6!8P8Wr6nhOz6lcp>kf`ivt)&LaWw+ZV
z;(j#;Bucrzj)ptVEGL=pL9Syw#tH(*(c8^F<wT!cbrfeo6z<YCTlq9uKG6VP0OTY7
za~yg9Z)MK0#v~i`K@_4U=CD>LN}XY7mVqo@boTg<D8#BP6I^Ap&@@;8%##qRf`d&n
zwcKm=Wkn4a8SUS${tqZai;Y)P{ZdIV;Y>~6qu<f!0|5Y&1OJa%#6SO6_9K|u%$Tau
z&5T>H^^-|J1Dy&WQSdcqJ9c_T36Dfs)AY>{dMtL{R^7jlpRUFS^NS~E<NeX}#tw9T
zq(M7IhCzXCWg-`*zq~q5G*fAJz)DAots0SF$~?AlF;}yZG<iau;A2^dE@9Y%Xu`j0
z{nb{UX;k3=2}RO0hxl@|x=piahQsWzbnrH<2zLnWlEtgO;PPYJx0S-LGgSb9<}{(G
z4`fZ8DLiB2!|qFA8FBKq2UCa<sU@zo?DwDq^VUjW0?h&MgPnDO`G<ofq%qu-Aqhd9
zY@;MIEu)*+BD_{1i7WmjctHXzVJaoQ>SXaLqAtbA#=hg{EtPZU2;G$Bt2(^4<B+~5
zmatR2I}iQiD3LzLytyl_+p5;nG<|W+(@?C1$c%=)rP%vJgUOHjCo^<|HrmYZnGB%r
zuq%G;zDa$W-5Wu2g=Km3Nfy_KNoDeUkx50Rbp44ppLI;#K8J+}Rae*aQYSA|7=YMK
zN#A+?JoS3(Ih!vKVUG#L0)Wr+IXTGfhZ-MW-@^B9Nb>w{-g!_D>HxIIq;tDdu@A%@
zV<EwPvPGi!TF#ZdMo5g!69+R^#CuwkRXF{9T{svcwpzE;5=+VbJ4o4<9xzozka;<h
zE8Wcelxz9xND}@tBW{fGn@LzbDA-S!09Z+EJO&f?>%5u`oZ^GIMs5Hgh#m>vE$}_x
zm1gv=xWxQMjHd`21^O4&<1)eMm~RW?%fc+uc+m0A@s)mXP<{|O2@}=~>d5Q;_yrwS
z$C9$M=cDy|URMaZSMBC1pl^D3&*oTX*7=1RKm+(57Pj10!Y1h8_|B{myzPe_oRb$U
z<os!QzN%9dJVD@_7mPRt?d_xN>`=SoV1z$cs7<l1r;m^sX!j<hL}>m|6y1Ym!W)yQ
z;lI~{10>c^3;hLI@urcge83=i(_T{m^u)ikOu5k&|9-OWgc-p*PX2yosEBMlaJ_({
zaTs+P)kG2iy4Ss+la1i-f)4cD?}O5Ev$TJr^YO-zfsq}Wukll|XyR>-ns63$`vMt2
zsa0x#mq|oK2yVf4m{9f&752EiHQ`m*--O>!qBrwvKp7cH(|7>EhZK6v{9j{V9!HT?
z)&Bx@-h~l9{t!@?G=pA2jLM2np~aFup~bB_IjVoRVtWYj!hNhwJ)Hr6T6??oZSuu|
zrP-pf4)}7oWbx>guFNa%glWA-PQ>6M1W}kiI|zK?W?Zh>W&}4z+0dH@f4HbB?!0Xl
zM}7S>_URf(28D#c0#H{4=->b>K$d(}mfcyE_p1#yuE>1`B>^`?6ciagFn6sbl|8`+
zwp}H*RkQP_zIhQ$KzN1V<$GO^iEf&*u<_-O37(&-(<bJh0aQmJx~KRR-a4Rz<c+6;
z4Ue}b9x-^2d0-<S<@~yfUuTKXmo8$_KUO1>@`hqmmd1VCz;l%bmQ)qs1i<sz<TR<(
z;377~r}!k!GJk4zr^2<OCztI4ZoGPB^;u*Hm$vlrQ!;jPaG@!HLpn6Eb?tvdemv!%
z`ZeN!Q+beVbg;gKBBoU8&r*o<O|>5iK;eXg!#K?g4<LwxdjV4t7qI1;NC{)XCyiq?
zmiBgrT1}@y1tM#ZALjNi-L^^n2^UwIc90oERmm#$g?anOkMm+|bSotD^~7hy17s!X
zUs@&WaMr-^jCUU`)dQ!MUMKbsdrloW)1mF<&&HH5uMRbvG}x1##LPJKlM0t$hu2KB
z;k{~-)o&AOyZw3^oDaD9@2gQqC$(T>cifrIQuC06z`0Nl;luO^?<#&azPtRkBg2ko
z!A)waSDM`YQNx7yfgvSVj{iX_of#ERJJW{8T(0MIgsUbWS@@n`H*=T9{|8AZ>RUgt
z;_y#33}l7Syku;^1m#6xd}Z0E($o}oP@}2kq;p-GME;k~aowN#Jtzs#G<AUbS{(c^
z6uj$Tw@u@+szsyvw&wu@006XTqCtM<q`C|=d8xiU-wFH0j7-JeY3Fyypa$q58z|Hl
z+T#;}zA|#8H@&E`FcB>an<nGcki!Yjtf+wcY)uAZ*+1X;J3_hF-!^e|!lMpx-h+Z)
zv<fYMh-u170}sFNgPameZCa%5pvT;1J^^6SXLtQ?BMxhgqb##44whs?{Wt2s_kUY)
zqAbP>iyTV;oSuVODTzcJB8Z?J2J|fza$bwpuR#tGvZ1!dQg3QJn8|G>?bICx4ocfi
z*6Y94_QnGr^+pk;d0nL7_*WDuyko0=renZ`<~5fF{RkM`jSW%hd$;$|-n>CYB+J*o
zap}hgbO3uiQ^9U;aiACe$jTT__@{4rlsmma6V}qlCR!v4I*YjG^<sEJWrd||xAG;!
zgN4YECF(lq_cbF<+C!F=a*?wJE-Dio9>Y>*(^y9SrQm7T@`i$jkX+00l?mYD!n^Os
zy%G@T-FvEwGfu9><du)JIi-hEuYP1gLg2%br#?^2UBw3ceJyEyd@f_{8E<Nd+PR>9
z;6z60??U9@pjVL}Pob5O-;p&4w`E>04UAq}Nb?v&LS_b;O(p7RDlR2+`OBbGA1w8z
zZg9`X1BOtD<o1Yb-UYrFbSwOV()bUdREI7DDUzMvDG29G@$+f6S^Ezx3U=Qx8VDF~
zdHC$5ci7M}X>9FOF$MIvAid1VGs+ql`)Fdlruf1Qfs)1~=y1HnmUX)8cUKx#@ZP7D
zNtY(`j0tll5I*j0v7kL+Ema{&UYn?aV#ydEn&6%mHrHDIbHb0_z>x1|;ez{50HyAL
z85)3n>qM5bI50@F%{~@)Z+c*|FxWB-3s4l1Z|Kcnd@M)UvBcD@m=S*E9xPoFTGJOT
zXryl_&6!v7PJ`%h;LE!~W^~UEZHs#@nlSL{O3Lq5oL8fsL6A~Bi$q-c?<KX~|D5xl
zCNak$`XIc3IUSbKGEdPA9x1fTjk_4^uWtWS%gs>9{vTh7uISVg?)kcM#_S9(iHt%F
zP-7PEVZx`y@Mr+emOLs&+0m(tU*(p;UadZ01Z$ru_u5`Bu3b$A`U}68<I~efUlFct
z6LX74;a~wUu{k2Pr+9_X0L885qjMRh3M5|n=6J{O^z%FFe#CHPm6Ycz7f(inu~7iJ
zrc%X#?fnc0TK7O|tLY0ai!RYueGFopDm#lD#=Yqxi=WYrPC3@*UyKbG2K1dsG~q0>
z#a!3-R@a}^CcE+Aiqga<705#oGvl@04<nqbF+vX-ZDT4Nk9J=L-EYaJyHjs5p1O>D
zWq!S-t__OH$k0S?)Ku1mQw$a@h^@4H6K++@RNK=C`DSn7R|n^+4^UNJlvk=3eJMt`
z+8YhV8-S_#P@-A%z5b1_H>WC&GW_sc)Tp4l#~<IL!L`+5z_Ly9s0Je-TeRyg-)f@f
z=?OFd-T8sRgxtm*cthqQuM9NK%x{ugg5TSdnp=J+!{WSyE?J>b!Va11yUAPH$hey2
zCdRKUjT`8`PNb*lSME>3IiFPTjrOwF*<*bSbClA;Npy7CaLPwn1P-~sjCwrO=3e16
zyya9w7T=5x;iElG6JiLIjWC?NDxf+w^dm>yi&#J#kZvQtxxR^eWoHG9El=MIWw(@B
zeg!7*KKGaz=OoT6;$%kxt+f;M%s9+(QVyZh`!$sS-le<`Hj9aA2;FwZGWTns6>wDm
zdzpD7_N(nJn6I&IC}kLf_Pf<pUQzT`D{x{nY)-UD0YNV2y;@qgAf@-JLnF3^^_Yzx
zoox7ro{w++#wI_qv(m_VS385CEY25MDt3=o@6K94TEl>(MGS2H#_)!u))Siz{>iye
zK$yCQ&h6S^^T@@@(?H@U&t}J%rw7y|YOLCO2Pt@GD+x_uSp0;zyrN0T#D)(`9gx`4
zOu@Jg1^!=C?SMm0bYY#r(FTVhU|uT>fQ)V+(JKza%RW5!a;m$;ScI2Y*AMiryl5g+
zAeXRSgo^!JpQ@Q1HK!<*U)s<cg--8rezgD&$~?$|6TN){Va|76c`5y-gLm4Cz#{^@
z?nC*@+b14{Yn$yesE$7*B1!djaWOwB5iMGHXsBoT_H@alCL+VVnA*ZrS63q8jB!}Z
zt29n(n!g{+8`#eteRd0%8EI)NX<}QWoO{x`2xW{HpghT=ou=@#6xxTco!(KT|CjG&
zth>>v#N(WDbv=N<c9_vP@ilI+s7YIJAIvNBiw2L83Xjn}ttj}5stBYSW8G2<UTdE2
zkEi7skH^Q7j~Kd2w11;LOkq=fy4a#Kt{LrSMQ+>KY^9=|ka*;-RaLNJQF&1`gk?rT
zm=dONoA^p_&}y(_d(n&Xf1d>>+hss!cSA!>@AwMZn$8ar7`+TwxAs<=hAhk0FnK{N
zu3A*%7?YS~g8c9If<|=3q5r@I3cr7Ndno<^e*VoB^iOuv`Il$uZ`;fN_JFWX0_ndz
zMnUhekycmVSP43ZOHii--qXhxH6C8SrbZS0qapq-l6_s0{&Eg~M<E}btyp7mrQe)f
z;J}l;R|XXg6%FaF*Egaw6XNp#H9rYz2WRInm&?=WRY1z-KVt!?d%~5c`y7@H2BmqK
zl`NDFPMU~VHi?i;?3VcR?|6v6kQ!i(TK+{{|J<6MK1&jySw(2py{Gssx5;D&-P41A
z$Oo87wUoO$Zhied0!T%A`z%9)R(T7-yuVvYiw&#@@vD!2=rA##4)8dWGX&1&Hs3x4
zeKWbV{3kjw)o*BcHk+GGtPQu_Rq4&hync{ouH%;VA4yKi$xeFbG<Uu;Qjxr+bUdpr
zTlUzu?1kQ6_B?f@f>3a#MLNqTmOja*s`SSr@TYGP6;_ltxi>@AJ__D?awZ#(yOz00
z2C}83YTGN=?`dTF8HtJXra;Jvo1zk_(t6A7jezOQv(Z~y4$$&yw`*Pn;dz19^Ve^;
zZw1S$w$K6X%NMnEbr!d@XG`@|!$*Yw22Ls(=SxeOj<d1cx>k0(#t98!2WyunWU7v&
zD=_j2b+^SPlxA!1g>*dqd2H1CmC^THSfjr?rCl5h6i)B%krMtHPLhXqT6%xt)N{I3
z1^?kD&B~=`j^8V5aKG>Se$oH9_51^I9eRI(#YO{?*MTT_)R=@>>7aBmf$!lb?0w@9
z)}=(;w}DHxh%Lnl1LhD+W>lTl_WqF$F`*@3#qsmyFwD=W+K^oE4*^S8SZVt0`+d55
z<YmJdPa9FchDGH14CUX<&w^^oYKN*JAFmhVYFBLAQG$o|j_(y$D@lB_S5$d*Bt9xC
zonWceHe2!65Uncitem@3s?GPt$is);Gf8*GF*;P@A|ux37Jj&uR<kzP-BdvQar@41
z{;Q77yob7vJGHRs1kD`6aIlVgO&7X>@mZT4ivlrm?vRqWz(yx?l385p0nwM&{nE5K
zVmnx(;SLzmYZzYjDU;<#m$+&4x;~<kuoRuDClB}*J?3oP%$COEDjS)X8X27|3bDB$
z;j`2h|Dr*qlF=tVj#!s_?(?LBZP}d1H9mgH-QQN<$gZ3#W8`c6E#{I6NMUiD>yw}W
z6Eucl#A;8^h0PkMJbZ82Ef3|u%gGVbl?Du<yY*+x*jcU0a%Y-k<nPc|Dj8+Qu9o++
z9nII~8xo>n0VsexGMm2Abn$JHFO23CJ9pxKechd2&nn833E*CH^H=8QWa37y9`<V!
z%a@J%JC;w=g;O{mItH;O?o6E?X&WGGbnuK6`T^-l60!u0Pyv9`Q7<%GeQ9L5o$B)D
z`xlA{tK=Xpaw814%N<V}2HbL&F@A(UfS`~dYR3N97<Do~V>sn`Hsz<e2*BIAb-Lr{
zlp6~SjltIThMt)Iy4ctQ=rM6IA{CQ-=g4Z?vS#7QB^ZvLYvo0vgk5VA{cGB^_L0qc
zPX{7jV&bD!Ai9~v)X!*ZlW$ToSb(_z^6$4KF}k~qH?^j`ExU6@xPU1-#B(2x4l-IW
z^CUoKdbfh+&GKbz!&Olf|CtUDiYc+iXki>*Y#USy!~mpZw`fxTh_1dpz?4+jnbEq3
ztU3Aq!_gpf?aE2>qHBL2vJI4w2o-muxVwv*3CA)KUstUne(W?FXqky+E{JhHIZmM;
z`nQ^--BGa6<5IR`_NbMI0wEtf6K<iMJh8jfCmqR<(Oie&Qqft{k31iKdpX^V6F)mT
zA)#!>8>&2fhVYc}+iWC?E5$~_p6ho9=QxOL(dozLrDS7M4|{MgpOgvZnKg&G`ijCN
zl3!)x;Q;{c;4PbpG1k60Cx9-wXU%PCzZ_V0B%)3mCH{P6$b!cOM`+nKuX|}wg*mCN
z0*x$8;w_%tl<aj&NvMNWO_Twj&eCN~ehF6_Br8-AF{6;G>Qk^yw_ivdjN%rkj06}A
zJ$O|sU&+9BHp*(kKXhA-pGtC1<XTudoDi#1V#Gj_Drzuf=Am%DB-|Vrd<mk@$}NOi
zh9`)Pf}il^$`FaV4xVPZrnU3zRfc%ka*QOTNJy4a5ngZ@6CZ~^+Fu)_uURfuACcRv
zg8XQRMSteq8IK~38P*7{H&58T>L6(~eE<tofH`vAOx^3w!9I;R3Th2`(t<MzHX3@a
zH}o@Nu-sQy%nW>wMmu$oSXd;BHV!O3?OG9SuW@&!ZYdoEsE+r+quSd6aD@u9<Rvga
z+sK!MAS5MXn+Y3xulH0?Q2qmAY(N8wWLyz<bXt;g2t>}PL5Y!q(V~X-RpP`;jqDFj
zRs-}GeQ}cZ{B3HBep$JVB_plm*_)Z7-aBQZF~G|QXgW?jd99=31b_MxBD2S|b!#LJ
z5PrMS@vE0bm|p{SispZ?_m)9*eS5a(#z_cn!6mr6TX6S{26u<x4#7RRyKf-4yA#~q
z3GVK2_y3$e=k@8nUH$HdTlK15QxxmN-fOS9VDejYjxl~?h^@>p%9ztbf*@D((0ba)
z`5MG@os`v$^><<VXR+S(&#h9`sfD+RP9UyExA!i~0SmNuj)Fg+Mo)*&Yom>I=57Ob
zBOZhnl<5FpKi8Hw1m$&SGLi~$YenNPsFH5zOBDT?vC8b72*6mm_^MfQl>XzK2(@d^
zn%WAzNf04@b=ARLG_W&5RESCXv5=9q2DA+DLt#wlKs~XcCDV{rO3ilX>r8?r#<G?|
zw&4Df4DAuVSaTBtdc6y&HXCm0$U;NY(8_u)q*Gs4fxC7eDMa;W;K0gJ8?MawJ$kfM
z!{Gb=LI5UIus0bg{-p9M`v8&?QGIVS8222x%e9n}yhW41UYOBETVO)vC*iRv#%&|)
zO^}JHR%WJP$!k4jrxxMM_+Bxbehenw7-M<fzKBCo7%Mj5Q)Xe(^U{2Zqm~?4)a#ji
zoxAIK7cgvPG7$?X1DL<>Zs`EL-AV$o8hUU&%focPCK0Y;64i4*sz&s-$QeXK12o$4
zJ2h!6hGmy=+PRg~Xd^>od{U7C1JPE7`E8rum&cn<50gVT6VITQ5$O2>_SS|LUt&7@
zO=l7GmeNoTRTBxZn@P^NcI%{ZyWjvn={DMoxGVQY`kGQ~va{5e+S|F8Wn2*hSQ)we
z#+C?P&sxT6U>z0*fOpVNy6fnSR{Gi<Qa_LEd|(vIsEC6gb$#VA0VsWw5>lO?>z3n7
z#(vwpU?O~xVhFiUX74u6J=uwgGpR4w2wt>b$*R;?Ud|6YL_|``F8tjg`N)+(B`N)y
zggf|b_rP#%{?wrmcTYfVV67Lna#!>vH)4+rf`Cn?rQLHgB0+=m8Yv9|iF-5+5$VQA
zL2MBY=3}D!<CmKc91RGFSrbVn*mrw&)9j=PdQRKCM@wAgWMv$7n&Xv^EX)k1``uQ?
zT}6wS!hp9P`jvv{qZjX$okogG<xpWTabZ!cZIzoXcs`x`2h6Ql@j&>!CkwqLCOq6u
zU1sm0(rz0Cctm$JHVo2J(nf=0JIV0dy58KowxF=GzPilSB+LfvgQyJbSBuE87FYx#
z*DzkcS~8pxub~)n{xQeh1p|zSv?9vJU$U%>_y-3(qQ}@2j;|{}&Abht|E}ypUDPu8
zEj~5n-AI`u%UN?mU!`3z_qGt}Y*S5eQoZJC;vBG2Lm%n<rL5j#+CoMFOs>=tYXsZo
zE}I_>?B@UGRldTc^E;hJ(Vjc3E6*D+4R3M2H5TVE!9z1gEYJ>R)N~-@Zv~|)&v|=t
z?R+2UYF1L0|3mv3&;lxn4JwLA4I2AoUTRf{NSts10l$wq5>!8^Qafy`q-rIyRUIkp
z;*&$E*H|$kpIKg{p<jCS!wQ2M^%?+J%+jUuSmP4ad(MT$?@^;ii5)1IWdB}|kc-2U
zRJxXSkm%(;kQ>p-5P}LIQyo^m9>&8hV<bw#th>O5;X&d5Z3lEJ_>!2O)U*@-XQC4I
z>*dr}Bj2wl<$UgRtyOKxy56@v)iEj^R;UkwP3cIuK?aLR!3Np(v{8JRhlD3`s<)K0
z-EOwiQEz_|MQTV}7^i~A?07t-e|b|haBiXenNZIFTf4W4DUBskva(!(W&^9qnEJxr
z7;g2jt$-E71JjWODu^%SUm05BBS;yqS3r1)z(#PYR>NN8NsTl@4iL<@l=U$_-{X6?
zE$5eNnlvWNRt&e@1O%OACqIWi#dKtpU9}7ka6qaiD-;p&=@l2OPywCqIIoZh^@KhN
zq>2AUxIBUITAUSTS#qo-=X%c!uF4+3Wx<&HJ`uCBWrtZ%o&pLoTf4x-Fh@x*oWJSW
zc7DvCTJ7A!?7%|eM?;?D2Ap-ctXxdfng-CJ;^w;pH&j=AC=C9}MW1iTebf+%9~N5A
z5~<=Y$F1&)2_9{lMofnTTY@q+bsa9Exw-Vcx`H?f;K2|zxyqe)*LUMgaK%x>3Kf8u
zlbc@prkh5G0=?h7bbCmIR5TXtNoko)1enC69M?tsRI8ujpMT+<zx}fHUHNHOZ|Ua{
z3!R_x`n@)-9HN|cmC#UtWq7CPQ(6^?jf$EBC4g<n!hh{oV(u@PcN!w!JLBD5b^@6U
z>mWt1{9;b}WC^A#BfNY7fGnEKyo5RLWKpI4bJeOpwS33$r)1>*ZijO>&;(gQ@~unb
z=CkDM)^rw2FcXE}CK>?x>(7C%m#<+-lo+T^?Rn=bu8vc`X8=V$q*>xhYa0@&w&lg}
z$f!ghfS-*8&Vx<nTXQF?)UgdY?N4~AEo;=0j~L$kv~`GA6jA5asNm@BNyYH>@%eI4
zn_nvbh9H-uH9g7)n?6GZRsJ^$34zblLhy%nKfH6Sj}9d#Zw*&$a=SCM742*)C}4Nh
zp`sII^e?gl-M&11ZVFBUfVU33$iRRW=+EvIjmu*VK5kpNumB#m_f;QkG`e0hu<_gK
z)R90`^MJ?nP(>v#q>8h(l~eQ%A15-lS@G^vcP<dF@w^h?7hMy1n#vxKhdTCg@PLC=
zjWvTBVz#iZPem@^>Jt>P$9fDD=wxyJK*dV{`M@+>qm4H~iRziREe^@f)?KEYEA1!A
z`OBP)r7e!d&q*!lo5G|Hu@VfLBwDnOIo}@tNHv=oNPldD@q+Z=;lV?A;LD-f{oLC9
zSp^kI1}YHrqprokwAV3e8N*O1wPWX{;w{(93POTwKfiAC?NaygVMFHEi7zL3t?z>3
z@&^HN0H0X@1OfH6_rpqJYh!zl4c%jP&94#`!3eyzdwRncxG%zzF*tE(o}M27<~|;(
zuz;NQVwvikkxG@oGa21fN~UhDC>shesgerQv;<u1#zcDRrq36{t8fuHPC`J=rR+az
zF^glOcPjEfYAM?Pn735kaRxW>q?@0eJ~(XT{xBlk(!lk;xb>>dS*(tN<m<pzm`KB}
zPPa9MF(<85fg#2fBpx`n<9`&478t$V5iw*a!F)+}cobX{z=(>{UR&6FW)M4KLpcI<
zxF|0@C(AtG;x9ukJD0eQR2gV*u}VS2!RV~Fb<uA6fQ0bsr9-|$hfZIq_@l2|t<eC!
zIzHt<5o8X?!GU#S74?242tp&t&9%6Vr;BjXWXc|S`L;5ny6{a!#sMGe#wE)6!k%od
zehvzXnZ)VtT8GPSGWm6?nB~@OEWUi0`twtYhM|j_*Q^)K^-S+>fX_=V^ZrZ>n#;i(
z`7jNRVlw^<6|>44oQ=6wp|LwhTn7*MVS8Fj@WvMuw<ih9=jLz58-gsoTNRb{!i`q;
zmOmP8uEbUi!jnefk$Q?2Fye*NMk>U;3hH+A*`(!=D|R`5++KW)5HsOqBa49oKods7
z%R#P13Nv)7(N~rv+!Ks1dphF&sg1@6^)>u`=tv+MTp_5_8L*)~=s$9qHs|<u#^Ydc
z;LH#HgVDP_-v|(>t=%r&dFpMP@HohG7NyflD0EPPL&E4}xSk~2;rA5f5fLHpVbF3I
zsCja!1zWo*y+jJGCYL^jSAB?#ydnL5ZLTjpjumXJiHF%|`X+gqkt72JeE}T;p`EBx
zvRq9=6CRrhDxlvB60P`d6rG(1K_{LSY~p9O&ohx^Yi{j5fXuCIeojXAm5j^}WlVeX
zYYhR7dj$x+Yt;ytLZDNe^TB^*8*{yFS;WkllO}dN_7c^_DXiR|b7QRDOn?9c(gJRD
z8(P=OwybCJJb!IA+<c0kzs7&SAGd}8ER6T}%E3FSh#Ao$j3tk&SGZBK$S0=Gbd6si
zU!#|NpZP-vVAG*fqzltPf2GK12T@pi_5KjOnL{^$+T&TR>7#Y+{Gy7XzM%4n#0Bx<
zo(xkj``0x4F2|qU*$0^go0i1KsNwD1P%-0tI=jgo9jU?1TPp&~XjLHSNjp;_UAoCQ
z2udYEmBUy&-P0}<5f$_?dYTklT?gev)1(17wV3_(fgO;o%(ni}%Me<7wTdu%HaUbz
zpPHN|v`wpHAY(>kp{BYw`yejbxsc&d1PZD`)WS2B@V<ALyJ#oaD-ZvuZic}YE1w$+
zVGI=4Wo4RO>Zw9r5Dl?nK}gf^_gwVQ%iBKaC!s&kV($fP_;frxk6@5|hmZbL4-=i?
z_F|5E`PU+cSwxw|bv#ny=*Q`P+#cPkr5(uH_Xhp7<d;#}{I?pnuzTw)RKRE4&s+II
zgNdg}46NL4?J`goDr(vtF}u?iBI0fvXp8g6GA*9U);(}KEmnqDMY$f=>1G~(nUjI^
zZ33Ol;$T96w13p6;}kd{gdA;^^GxMLhl+HL!4QgSrhKdkrv*gLo!fUF$uAryacEB7
zTm2*9C^3{xbJ8pJe3vRb!nnBUPe@Bs(;5ye%sV{?oF~p|UfR=F<7L`A?w<LbC0-5Z
zM`#byJGwK@N!4!j!yh*9nlsO{+hDp}02@ZlW}z@8iB~cfhnoHER%7Tg&|MG{&djf!
z!Av)BMj<4+Edm1)*sp6}wpSr=jg?v%rU6a{PsIhQxKvTva#hmq-9DO0XA2N%;M_R_
zIgPHg1AT^)#Hi#MWfK!4XPq3oSyl#LT|(3@ayA0h-uls)n0?wO4ru2~AvBz37mHaq
zva*D1x#7>x#m(aB!;8%J)soK4&MA1c4=#piT-$!Gc~DQfWr<>^%?~Gq3>DkP+XCXa
zm*c<S5fo`b-{Xy&X#h=4cF45eU&t7~N>?T1U7ZvUUgIs2oPwXt)^gRWrnh(AUO9L&
zEO!|#vLX{u<aaEns8)?38h%<No!_~@mP@!fTgDzmL2QO*%RKs8Y2eA|gJ}0Wii)R~
zge;Jj^#Gm<{MRkKzRkI9#XvUP5A~VB?~d)Q2mr3t!`ck*w$n$jr<j!HV@gmKxQyWC
z<kK3srZaV~rt*^Y+tyE?*vK77RkxcBCaa~nAC3|5!`?Bz9#T`J3+UMI%SXIf%R2I6
zlgwxo&$7pAhEUqNwp5+=w(Y-<7Tak{3&tWC#uwVN2{bo3UY&jD`>}W<$srfRb0shS
z;P3ZVvX;|!^K77JXZNUp4h2}#$wX#bejbM14Je(_%P<vBOO<11#y#BG3&KfK%jf8B
zX1GWl1)GZ<fb!oPG7l}9w?<R0x}V$B%@8eg=bXsjcFxpYoqSWd(~0Camk;ECl)t^b
z3kLD3BUJzL7E`L>3-c8PbRIg9H>~Dtz^kO;1H(;(;B$*j%nhZ}02b#@kn`J(28I(W
zotIml&n;;XY>h-@eNF_9|HMEcaO)d7&bk-eGk4n`6IlaZ+>WUpZ*kb9NUg6A6F!}R
z{jUPy8JOthfW`4FgU(x@{{rRFhc>ARB`x*+obljtD|h$5@t6{+Y(M~FFm^`;M?yNe
z2dCXFx7BJ%G7*`21kg2r76Vz+pH_2G(@KoW*|^ct^H7BqOv9-Sy3DiadT~)zBCEdd
z80`-5z6h#}8`qh5RoW1_d_vfEE`9WT%P4(n{Qlsl{}=EsR}SV8RK`YwrASQow$Gkj
z&uW(?Ci&Ik*x8tv$YdXqO!EaL6bdb~{s0O3jMJnZo_|bAHZ&E~Hffb9yKbBUSP?|Z
z4)GZ$sC{e)b`UBj^#2KY>$IwMxW%5^i$pf<VbzZMj+o5pRA%1*2`GlpB9c%elK2&X
z{gmZ@-M+aY`Kh3NXZx$G#^meWUBO@7S765C-+=n+1Zm&{o)x1mO-9r46b<mYUnXeF
zt{g}M)R_DIPiwJ_FLwQXcKtm1KwsLw+P3~875-zR$3NMH|7bP#4|d_dI^p2)GC`1O
zq_L)F`4Hycn}~smf$fgPyPVNgs#eETtYQ-w|NhmdjP7V?@HoJO`9Hnle>wp-h&kzR
z1P;0!8Cpjt^|H?yeyk)H>a{uz(0SqbotGR~s%r4>=%Ai>wY_S_(PDW5Q;o)k_V_sg
zkJ(rA$W(AW$3+u*%VXP|;Mhj2g^!gyI6K3=+}og(3MZ%l#T>Q_CM7%Rg62W9Yp(42
z1MC>%f12FoFC96ucm_zbmi|dxg~u#$c}*MQh+V%%pE-;d1*kmSB47hyi)y(p?Hv00
zCYiw(kBV9PjNa+2tnU2NQ%7@fnT5f81+Md(?s}r*nScgLrHuReBYOV$-cmWu-M{e=
z-yNT4sw!D+2zJIRBfp9q-zMwYI;4Hf<YbqUV3#|o+8N6<;{08<Tv?x{dmq#KjvuG@
zT)I?=q`1|}^UF0-pxCVHZ;g9kzA%hk*~q~4-VMt7-uLX)nqw^QTK6^%#f*!$eXnS5
zvQhlQNMvv%H`o#Cwgkij>hU~3^_(n!9ueBMd}`?oyOuR#-BxOS%FR3b>Z5D+n*iX~
zx@%)+w{WJg+3X;ZwghHR{!Umu89CSL=;$m<e7Om3p9slk9fD7?X)R1OT}n12l4tE2
zjw&eoWpnM{@$%7ey)Lc-fAZ3hV(Wx&cP>$-Y+{O+<*!o0nL6ef^*6%R6ccO>hT>lF
zZR>c`*ot;@8Ya8Xc<31pwFhRp-eA1}Z1lj6kv+zx3!2qwWOltl{&3}-`eiScE<a)4
zjPQ49!JsY{iSFkPFaP+=fGEEvZ^M=6{d71aavN+JbvVz(EBGX};p-WdE6kSP<*)1E
z@Q#g`_FpT0>OJ|^l-JDbwbF%bmT)GGW5<00CVGk{(c9ro<S0ej(Kwzz@W+;08%a|`
z4R|G!8;oG_EP?HrSEf}H!RTCL_4OrnV7DiFk9A39qqRUqS0*OOjTgoLB@)B-^)C|R
z^;`MPR%V)Xn^%ULY<t_`Wi(TP<DUj9yBg`FxTbSA%q`6N9eOim&LJ>)kseg@XLc*{
zCZ0UfW^q2#jt9+%@$bw<O`)2PHmh+8m)i)(p;z9~%~a&g&LcanqcW$6N=&2CLMyr;
zp~Bjwlt+W|XAE>ahBxPtZN}&b<l5XT6_x2);CAT40r3_WY?NV!$_H;XE+(=4VK6$e
zp8bxyEy{+KG0J6sV~yA(*=VDC`QVZI++MBPb+oqro)=Qde;!8R;C_D{`PmLqkQ*f}
z;gi&Hv&%Jp@LT$sQTlaw>hfnmPP(1*<ga!kiekCfp`nrfnaIALsGQs9JJv?H&OU+B
zrIj>|JNttnHQTn=SbSD6cQ9eeIDasr1?~cYX1-rRA(;N@)(pB$^)1U3qh=NZ=;Qf-
zO#~EwWHv6Y<Q?8*86^V&ip9izaP!cf8RZ?aP)xw=!6Zee3H80{GU=->-$&>s<M|{D
z3BAvW_e)QF0Q=~>@3Eicr`O9w$mCMBU3bBW4>=`OjL1tKt=G2u<V3V>FaX4;%>%;I
zEtAYSr(=s`7#II;dF$Wnbs5rFLgUhLM(WVZ`-ByE-jh@VoQc&&o64~?l=aoc(l?29
z58tF0PPCk&DB|;fyqK90wNG_^_}0_&K)#eHfQsh5{7jxZHFeD}fH}Vf2O(_!?LUzg
zi+BH-v`|+-@urUJloA=lH(G)4^M06HZ>8X^;NTWq_o4na;K^FKyD0~7-cLnyWYlXn
z-|SP<U?cU{7*gV#yBC0s{#Bv&-FiR5v*WJrb`RVHqUM|r1CJ1)cNvvpf9c{E-gchY
zi)7+&;*n0OnS}GOKjSv_JGL@5dH!xR;GcxWCyy2!q%KE<OH!Kg`-=ReB3LIpeN|~(
zNrZL3V98_5GMyuZKQE)(<Dn=XzrcHPI5^jR|94TDJ)hdqZ?76Mcq<(A&x0$jM1R4M
zxzrs?j;8FIrwUw^b*t~{Kl016@A`htCmiM8PvUgqmhe6&BwDrH81dhN(_YLv4Q)jI
zL=-4{YHIaNeO6||epcOSqoeMb@cy~QZdVs8zi~!EiOhRA0orQ(<Z*tT;<0~t?nV?n
zbHC6yBPH>-eR;e7QussBBBk}GacMZ~VX1qg1^}SaDpblgDMm`HVPZ6elUm-C3iGr4
z$++=PNF>%i6Qed^cb)348UApoiR^1bVR<c7)k@akn=h|nE$&U-5Hti6F@H53fCS}I
zUvh?pB#R#MC@v3-i<8%3K>#6al|C4(qY<u<GV+wtvQ%CDFtm*Dt-7xtEyEzWM7{&K
zn>t)qYA|<%B0JIdL!tySk63C`;jTWCLMEJ01!UO<zkUhx3Lr?0Q>b)C5=2(E?u9eS
z1=)S<05A2@YYWTeHs4xpzB>-?qN2Vrpn(aS-Q<qZA&?~$K)6luNxZ7D;-@~fn8{x~
zA6mG68Yt<6!bI;(v>uB8&;t11=z-Z@$Td|b77?{oI*qrf;>r&Yq{=b$Kl{Cuciw;7
zN@-#pH%$AhW+}W~w1uBzHQ3e{=ZC@_6@~Yx)WpwWWI3Ru{b|7wd#!-*Hb_lXGuubD
z^gaDunFQBa`*;YkXw)x$jZk*L9Y4zAum|avTRZz*a0S;<zU)w{+VlLoK%LiwkD`0U
z2{)QPCg8M_uMHsw8QFPqMoq&ghJA{5XgZ*EJD-Cx+tNX!k$N;104Ph|;glhlOO@iy
z=cF9A3_`t}V!VdvT6B=JPQd;qzk&m1v(Ql6roDwcbA!w#+wgGG-!B^%BR#fg!7U4!
zpy?e_&OU<T3^ggJ2LK>$H{F$Pf6goQGj{Fi%r#AGBd3Jt;V%RGJs7wu?$-Pbokq=h
zVx*O(;Vi%L5zlQCMC%dG56Z7&l>kdjm;%MF<B3v8z>m+%I+y)9b6KJ`^0qsb8lR=U
zbGLPtf1p4xA@WV2D<gm9=nG!C^Xi|TCzO-5vk!fule-fe9?TW}s(jSgNpXt;EhPju
z7H4}-_&`cNKh_pt>L-HM2WDr$Q())c2#ES#2?L|n$<0S=O&0?@HcFi@!jEE<9nS<i
znbpQ~d-NlZ?0OUf{U>~GU}tfRR$=%qy(W|NS*6TQJI|N-0+o+SLrFHYr%q)QpELwo
zw<jB%W77pXx;#1w4hP|O9|H;YRdM@En>u~tWFP?Dsf~TDyC)qOnx>cZ)AUz6h*^p$
zmj<H^$T6x8-bR96D>%=!By3AKain;c-|&vPIp!U$i`=!ceN9sC)O{3uV4}O`Kgw`~
zN1wIwLzuM0n%McTkyhMwnwDEdoa)D%cF>mLttQzRl;deu*v!SZiwklh|9^;W@P<k0
zxD!F-3aro~CXJHHwfbX;ZI~jzUgTnxr+&4I6T<M;QY8lXsYop|Mr&tY-r=R8Hrb<x
zaUgWl*9x49jaIeQ+KyI;6YLa+j=IJwV`l!e(#=HoY#fkf8C>95#i=xxtq8Z%EXDa0
zua5LP{GdY=kE8SOgu40eeq}vS<fovX0}FrI36>bUde-RBP?<9NKwK9J<x}gduTD9z
zo(4~bHBO%WA{n~*K%U{&JvBL<2Z9F^+egvQJ{kp3XFWkOsU93%qe3ZTwYyuNFqgNm
zn!{zZ@n{J%S5C#-elCe~h<P#w6*&249&xRO(h_Hqz2L~;o(Y_iG6Tg_lkq$puD<rD
zQGLmbgYvLSN{<c|^`v~#z2;hLizHj^vA`>$z>8LgnfWZBuVQTJ(RVrk3b!guju^oK
zWQo#kE(TM+@wVBCB0<#sL>b5Or)ey`hh$jMnCkPmiOSDSXj#pfGZzw3Y3cO%0T0oI
z9nlmxwnF{>?DD>p)vFZ&Fb5#6$==>i8~Y!e+F#-4_;RIi@SbIsc>4f^)HAp|*_lRv
z7{EsN+((69hm1%aCi|LLk&ILUq}?~{D%jZBz=m}s$RO%Bv_q?&;5s?Y{!G9maWRZb
zt6Fdi)=Sw7btg#`T`%Ona0OIJ1mMCmrnuklw~Hj}a0N7NI-o*|_8e64rXXoAZ={6X
zkT^n4zDr;ZWQKrF1`xylV1qR!MW<JwB0caB+h{!B%Zo3DkbM>9i^^;1jA2>RP(URl
z6;Oo$tV~ZYs|O-|?x@!ixh41_%u7PW$aaSrY*DTz96Dy~{)t=Iya4)HXlZsPHs`p%
zVMREAyD?{dSxfHIa3w50ZF1M9;D<}`8)kb%dI<1(+m#Rm>->S~O3SW3-RAY8M+6bz
zWd7Ft%0Q+OJi!70G=W|0o_g5l<Hc>g*HBYHM%wv~`1{T7O<cV6F-S-iJWbxdFaW0n
z6YGg`9E>P)HFH6=0vzwAe-Z)02>%rk04E@LJ4SC8hADy0@+Y&?Lu!ov3nH3UgkQ((
zbR&GCaQ}BPVTc6UY?uE?0+91Q<rJrr003K6Y(gb8l4W?N9DEBUawJ%ZhrHt(M?}Mo
zSoVRA0@4U)MCXYy@9lqv-&|EjvQGI;9|*C_VZobi<KTk6bzMk6S~g)K1i<|KP?_%F
z>KG&UIZl1=gKU+WQM!~QytyfatqaiAJ}AJ)e#CrAylic<Ww%EJjP$ggrIN`aWLo63
z{5ouwHRmX+eD1F8SUA|<tG?18e5?8Si+)_t#qE85><}}sR}Wv#qELDaQ^t)=tX^4_
zRt!}>7uDd}EvF?HIyZl@&h>kB{)1GOpwyb8%LO@Po@)c!0zcjN=2PRtu0a=NkZCw`
z1Hv~N1JJJ<7dP@inH`SDD)-Xok0Iymy{;Mu`^PjmW~t`xL1<)14K0Wwp_zT6A<AM<
zfH9`7bdn=azi>rTGB&mfpCgm6j&k(<4jMV0Kk2tNw<JMUp18OYIJ1r0<31e-`-qls
zpS@{RVix#*gEAoJCc8L!`2;Kl5+4t@uD*66Or=~ON_^mTdPg%!{8S=?<dcv>ojrso
zSC&9GAwI3Xj~&q9-O!s|tT>JT+pn1R!g~MWYpGX@nkz8iqo}twj$fTKmj96%X4ZF<
zwAB`zpl?1ETDnTq=g-6o>*+JZ+0F$*FX%Gz*~i2z)~|<81h7`@91Me2Y7>vG$9+M$
z*yoX0Hg&6~GtYQ%N53W-HlCkM7s4D{nAg5>dt8ZqRnRuj?3t1{5@QPaZfTCv#P}27
zEH(8(?r{lGU<;2lF=Sj#F;Gt5xBxpgT>?twdjpg4$Z`oW$F)TGe%&`*Vn0f*Pm7=v
z;kjs_l2YV}D!C0aBbj9)p5qG!qCWE#8yyrM?}B@SlZeqVtItrZuqP$S2T~G<K=XA-
z<hWDC-&Vj(z#d^)&&dG~j2!$bR^`PWxT~V96)(&wIx?mzU&a`*?a}rZ|Mj6Fa1Qi@
zgk_X&GJShCyM#Q93AK=2m$l!uZ*PhKXmVj7v=z=tr@__MH1BZgu<YlJbpVZKz`6wc
zreq5xrc;<f<Qy9M8%p)19dK@)0ND+8@UY18Dzm8Ym=-8?u-N`L5WT`Z%8U~1;oi~b
zHlGTSu~?8a&^O@5T;)S@xxIdP+;H#-?A|(_p$M2&%dZ>i2PUI>u9K{Q%un78g-ReE
z67ntw`qr2GhaDLeTSdO8*BR?tLWWg31<_}E7icP_s_fvQzUn#-q=K+|ILvKQ2yWK~
zf%(oB2RWKZ6OR)NS46up{H=|*!_6Q}yn-pYnsO@|;S*||;{jb6`aB2{wo;t9xMoLF
zK4olc!DKeGEj3RSljr>G0|{q>nYz8WewjA2>qtP?WEVUU49_p?MyJ%@-N!n(e%Uq4
zSKf5V@^~yg&q-YkJ{r?&@rLLE2h(e9Mh3VbaA<i^qqhNa;m3J#NmmMRbXmQy4>|p#
z6FPuxpMu<SUNq2pxjq`fQf%%JL(?T53t$;TSscJ-*vmlubpczqtsMT+?T2<n9pWIm
zVBwd7-0ITvp9J(#n3U+O43R#)x@P^2<n-rlE$ms1oKF$MX3xJE{43ec*mcZsA{O#8
z0JhmHk8i)V0oHIA{7Ig{U_hF>Ga)GpxY|0;S1k&_zxakd^KJz%;@ju^dAsn~$jfPJ
zgP(MqAm=Mq{V^$`5O$HTv~;2WbkiJkSpxP+vdN(jWDYkkHO_n>OnDg6-Vd!MH*R{M
z8b|amgfEN;B@u9OLqqj4`2xh6g)i31;<kDsn^Xbf%-gC1(f$!)por4m)s+55^!P4R
zxHfcx$$PB|I?IWEL8>VW@IBo#Plvj?h=E6`l$cI70)*)5_x98{#3OO|p!}l{BhgHd
zKWn2ade#hV*bW+fXJ!&^p-$`E4;Tr6n=&~hB0`D}7C-Y2FxFOO4=UvyPcW+eC>*cj
zy3fd&a9<ZL{w23z=EC=vt1AQ`gx5O>9Du`5<cZ8jO-oceIio{q3+3cQeqxJGk;3a3
zQm|N|meyYJfuFj8v#70ZdQ`^l?0~t-_fSEBdFkfx2d}HvjhRu}N;7=w08inWss%w-
z)7oKA1M;<2_Vb#?M#HRQ$TyU9x}f~a-~E~3ppF+Ip?DWgD#llz#f25^x0ybGkgNJW
zRMcHZ&DTf$qZ{nv)L2tf6}d?96r9VRPcmgn>6_oMA7uAHkN~H-Dc_ax8$RMBR-<9K
z^K0Eq_5yd{OyWaKtKQnwtI3|V50}4HJ|{4f?EW^E(5{a`Ig`gePxSW{*&8avOVLbX
zh2Ny8k#u~%boD2&gC&g!y2>=Pq~`*56;>xAy65^^6!ON(!rZ5v=2v2pqT`gZ!{axK
zan`6Y_{oy`TW92s@ngF4vC0gbKZDv5zbhwlq|gk~6^f1R7lQl9MeY49EI>S&38@jT
zKZ(IWt1nYPu^VxzKg7HZeqcvZw&P)nx2!iDfKNGr^&LNVC+WXv5CES#5lLMX2$Anz
z^T|q7mbqs*Dkc%{{Ni1fJANwZvc183k@+tT_TKrUW6{yZ@D|jMzhWxbs?Qo571&wv
zD1uT_BU;ZlnkOuYzTRs{%};i9{bbtGPK$bj7E1)V$EiD`#9L5oog)Z;S=x>p-?prf
zUh{5*8m0SGQRLVL7L7OK#4xrA1pLF%C(QX&>v3DGqZg5RJ576(<()nm=-Tcxt?ryc
zEJLRyPN#Lp2gJ;-3I?OgxnYTQ?_FT%e8b=?xKSbgj;ISHAN)_GR+$C}2F%;tO6|9Q
zNtCIMVKZU|cUG(Y8(v)f<!??yJ~3^W=$)A0Y>w9o{lB~Ep!@?D|4#`S|52v@54ie2
zogjXh&^g}!Kfw9_0O$XI0M3~^Go#;-r2Ypy|L?$aLRO{dC#1)So$X%hl9$<p8|y?a
zQUM-GuIR7%pZ8UTvoVomr<z${0e<)UoxxnFQ81LONcjBPPz+#=zdB!s?%xIezC+Ol
zm<bo>@46;YgDk@4+r97>{0p{Oy_3E(-qwz~%qn<L0H^B;q~&_o(LZ&iL^$rvZfUU^
zO{jG~8$Nq?o5_nI+~CH%5kjPEgY$tEqTkHmMCYsWJHx1sa`J{Ac@)P^#3>TQu;enW
z?8nAs%>*<RXh6dj+$uj@P?vi|JAIn`Ik$@@48ZxLu$R7E)!^@=5jKFzt-JLHv3oBQ
zhISAc@=LOUpNy$Zs>@A~5;!=00t&Ei&WQbclkBveM|3)&*;%~<4FCxL_}qcG_`gTa
zt?J05o{&x<12Pxm+AX*f>HIPh$p(MH*G=$iaX$Txm@yjcDkKHUTN+KY=2aH-?<==}
zeUq%%Qt>hW2=YE3L_u)#(M9UT=^UbybQ^snxp_G<#aKu$8B`!1mGx;TYxWQ_TFJ+L
zfYUUQY`16Mz%Sz<wRz*z;s1J5DEUT#NZ=T00|&U<QujPhJE>d#^WyegXpeI~)|M2&
z2{D^#COz8jb(`mpu5B<C3T;Rtv8KB5{F$qzLF;#QCga)T^2~fX5(GeFE((j7j?Ska
z9F*R_0zq@tp^n6x0F!iR6K<?&x|#h2cbA~!;Lp&)kc^e*UiWb2JPTIzcpfvDQ~7^1
z{>LT%qVcC+@#wcqenRIKtZiZ?4a~9v?{2%h*W5P+r{bD7=vdVS=cfl6<VM~u@75$V
zYLuMJ!|m=eH09Ku(Z^}&@81(Q4~~leuJJ$McN(aKJsKA<*-c}3)lg`+3EEw%)WAdC
zoSX@(Iyp&B-MDiiB`bdgFP+_&klbIz&Vi`3-UQIl`BVa)iFjBA@;bhCNce9)_E52&
zgnUV@l9D-io$oJ_rNpYZdkkcnplw+X%XNAzK-VmTA`PNbEIhp0l7^Ew1+A?q1X-ED
z68$4den0o<NRk8-JvgKUyqm*O>9nCfJ^`FGn6<obL@$=Z^3$_?1$>fJphFOX7v=jr
zT_+oA7U9=YVD9;3@}WXZ2<WG+DxA_7IM^^0A%7J9sk|*GWf`pP_olz55tDog;1|l$
zTzxSvV>uwW67$NjqQ>$gj?@Hq+)r(eW25F6OW?2#pA51m4skBVQa|2k?O$9I_j7nD
zVu7BDHlHP+tGKm?m!Z!(SFpfM4v9{Ml@)-4;GUO`O7u8j_DNELN!{Yz$$t3uXe1xJ
z2Hqb19t1rjS3(x~`JYFhpKsB<InAY=8w9Un^jUH!!baeE_}_`~Wm!i0QV{^b<H{qi
z)>fn36-8jRVf)DA<Q4z(*WLP>eMvtcpzi(Zg27LKZ}zXva1{T%XeF@>@>zJya)uYE
z-(anXNdgj3t{c5Um&j&9aT>XvK~;t+-Y3yH3I{M6WUp4zwdb}mTfMuH5xtPUhd2!a
zYsIf^jji7XHw;;if-0@$LY+X;F%hdMt{LC8$PqW80Fp^|>(v?R*CvMFMjI3+%1+kT
z@lOj|gS%6)@w@g;qJ3P~Of>_ztaoTUA$b_j!;;yn=r_nDZ^7LzB|way!Vr~$FdqT%
zhUPH~*a2#uX!YF9QJsbcWWRSW-fAdP=n}kNlxoV8ZdOq6Y*(%^WwbrnnA^Kaj%wMK
zu&Iec&|suWH<T6F?z_)_5=%nzm?t@T-gjYBSKICputDL+5sMSBS<VxA()0*WDVB_m
zR1ye$#9Il1oiH1zLGaAyKEy>GX5_gfxaB2Oi?-{xy)o>R1LOX*J0N`vzXD$vuInUd
zCNo#j_Ev$?$eW1ec8lDrk<8<~?HQ{e5~~1muuiJxW(_g++&0w9Rb*B|@4ei>a(rLk
zM+`oSG4kjC3q+e}bta0=6X68QqW+!TNJrZm&eQr{M{{kn!5YD6ZOGE5EbD~*so7mJ
z3#OaJ31LoLg_D6uZap@xQXj%PId~ByUu=TO&Y?0}QAWvHL%s4-$clJP*z0%rm%}CC
zSOVy5r57hz8+JUZ<vXcfH((Md7DdOVGfHP|DkP&rYXis)L>A(z)L<y*&q@QjMC57V
zeT*@|sJVvXe{8YQaXB((?}wC0#Qv5q8I}SE=(@WRo;s%Ox~V6!>>{zAgG9BE{iyRr
zy%nX`>58LX8@)Y_ae~X~av_Kw98DpuX{qZjVsyLPTk`|!El&t8k8-^tJld(?`wW_^
zSKP}ZJE?g_qej#t5>D``{%4n_3btWzA^&fr@~;FjG>ycJ>oJ2fj%8`oKpoq(lQ@q}
z3B#pQR%bTA7sd*ph|Fc_>VUld$}cQV%Lidp2!K}7p>c|Quzl#_#m7c2Z#`XBaHn>Y
zlSt!Pm=>%PVyVX>zpM}D`wbwHZoi{u8|W&aX6+>l3oXznInpPT-+|$2f4^3q4y97Q
zemg!n6Af)6w%>ugh>@B`=+IgX+SWSU-Tn^iM~RBS)vy)zj&yFvOZx9*?p^;*=AMlA
zPnkQ)zsTGtwDIS)poO5!4@^Ow$rK2pb|LZmfY;vcx+RBm(bH=vK+AUDQklO2)+bhb
zj1D{148d>m(w#4~+6bD#Fp9&^K30XLxnYP{@a~Fom&uZP=o|$$!!&2mez4s1RV(!@
zv-O*LyE`9JdfP;jOf)vH;KhBcjW7UyeX-Dp{WbYWxTj+=+;b5SBLpeif67Mfw{-CF
z@1u*KWQ9F6?G!$B#LN;goKhRX8$rS|{LM<})2Jwg)|)k+A|}-nay%~P%DoXC)SaVR
zZ;iLa2f#>=pA~N4ZMa-4;cO{#j2f%kl@NRsXSaYN$E_3Dfk*Xe!=(N=eMw`38hXH0
z8N}c)In#rJa2u-kr*9%Mex`u2%n;C59mvSGdF@kEZNat+MJND4ny+mq!iS`-T5#{<
znYnXghkev-L9Di(D|FEjSZa<x=x$5MFfKomA0SeOWV@jU0U$8JSz)z;75kEg89ilV
zTHe5+0$Czs5muZA8-xWbbkjxzr@B;KF;)EFML0QzQSIhRm9L28<#Uv-y^cm3O<_F5
z>w6oQrY(+32IgYDOAGB#X@bIc!vi6y)T7xKP}fNc3%azsD07PQYpeYxpu&}F@{w^*
z*J1=P|IYwwpTV(-=!<vMRL?eo_BizhJMf~&?yCrVR5l59bz?HXZ?9Ow1OQm}Y{5Wi
zdEpT|==hW94vAhqw`hun2AQVmm##BM@NFxHXq82)ZpxCg&bIji#Y6ezmnX%C8DTTr
zl3!LHzcNzCj*fjU%Fq9*D&>4hA)RyuRuR`R1nZs7jvg>u7uXUiTBXX4{b+=8U`aYy
zmma8MF1pA^SYk`{^?-`wH1pdD6-Ac5#Vn!;oE|B$hnbAyS}$qxihL5>baiF|DAh3X
z6f#*l1w`9Up!;EKx=BvJTKA}<XUlW!f&lC3u|;}7lR`^37dkAU!nPO1kdk>SS9J;?
z#QN#NH1vruhcp5H0~k~u)S4eUuWBwz+UBC0<fllo|GON0m>KqVY<_9Nb*t^`DIj0L
z<mfVuQZrE{2e)Rv@8sg4<WY66IAjFwl|j^KyqJjmWb#!e0mzcW!2O_PSmY(#S-JXv
z6DaS}9s&+X`{EVX3mr*5lApgnRjgvX^B9W|h;p<rM)l{)YVIl=OaZ|)->qlBK9+xh
z+0NGZ{`3tl*5FuS;e2y9(_!;_o9S&vXRG|T&mNcKV0vI=O`yHgA?NJL`nkQ*&Lxwp
z7;k1QF`rTo<E9QXi5%a%Ko{DPsyG<d{~7XwVlqbNWJ31ZCVB^nvipHGjMyTyxVQ&u
zvpX9Txfy~;LwVFkLss7cH~Eo52uQady?zzL463IZn3(-T^1x}VYvDY#X68YKDFD_N
zg<h7fTE|Q?8BVqaft?V1>N;1nIASz3q0l}03*sfD#5T3L5Bg`-G^5eKR3-zvY%V|A
z>7M4+wzS4d?hie{^R|f2ccq{2Ewg4L0f7~ubA9FpO$wcJ`OMdxZ_M_uQpfH{UPxvQ
z06(k!?JWxEmeRcH#GpNy{W7&Sbe!VhQ44)D=e^J9|Ih+FggkywZMOK11xRDSqDm4i
z5A#7E*9D?;bQpXkeL4!Ofp8?S)y(hc4Q|W8^*wBnYXlp|X|~~4hgv7>9%gOv3=^+K
z5(F$%I+t)O151zWeiGWyY{h}MLrTg^Ki9feJw>cT6@m5%Sj|mGS~s4c?gkp%XCuyB
z*iDu20X%e1D{Pe{ZxZ7{&;h395+>#$2F)$H&`4A9p1YWh=2#_HoLA7+rSsaXMzCe?
zHKMRN{;5TQ@mU5=%q+~x1o@a|)7-l1(%S*$lakILTSc?+CEEEC-xmNA8&i*je>Ck1
zy^iVk3y);j&EoO~FQSpcnc&Ea4)UrBq9mvLg2h1O7N><}I$4q1J<f@n2F8<I)$V2Z
z!*MbMq%yUk$^!CiTS&jX)dJD6w9ub&t@93FD@u4WNk?p_A%#va|2X{=w_YSCKX~ei
zNX8@~RIo2gY}j(!E_MoJW8=6bsL3y^-ZnNI2%556JT8A|DA>(ZZydP36ZchmwANF_
z{J*RMrv&_a75K~h-5LL{Lyvc;2fV?7McC)>4xhGJV2t61gc4FY+sI2XO$Cun-4%Jo
zoNqQO>Uc~{EC;Q$q>AaHO{e<Pih`3PMXhupMZ4XJa;$SUe?qj@Y!H0|3b85rFI;!;
zWUSt|PTaTN-(RokKA+T{JBjThd)4`<?41@d)OCcY&n#4Ij%5f?Tw-Q5OV-=;4`ky7
zOKNM*hGU(Z5b<#g$i#Paq%xW|!#!Mu?(jZ6YUbnF^43#3SUh>-_SI#q)OaMi57+H)
zWc7jFqZjY4OR1G?+AEDVat%IJ!^!%33hhLt*;KY=fk*&;D<!2JPPqqZ<nMeVGs<f_
zy{zowq}vx_?ZP3SK7JoO@#o#;5M^>GyG$PuO&lOU|91av8-KWyyr1DaD?P1_a=PKM
zk@OImf7^^#{vZRDs0+3$dYDI2!nZ>{xEXHZ(b}Vz!@L$$lI(~3jf2+rdQR75mq**x
zrD)aUUOX<>TQ+IUDlN^ZEP$J^pX~}_O*Fpsoy%+D_756T5VIPdY*KihqZlk@?4no~
zI(!Dc20h!ro!ih{#T-dfsJ}>yBQPv9vUueEO&oX%W5|u{pqI*szj2(j1&qIZ^-ZFd
zK6)dEcYbsFpf_y+T9)fr7>w{RJ+mLXKknfEW{mX|mBF&yu5Tqz4dGM=`cj4-lLLPI
zRvc|@4mlF*Dh9$?P6^=u2(&WQ*3&YXMN4JCOB!Xijkb@(J489MVbqV8GUN7Ku5xsB
zR`d4R<?HiwRib^og_xBiEq6Iyj(Ry%7}aJ8QUI!dl(*Koyq$RP0vD4_f!fvxgt+CU
zTw9w>?%7*bpT`U!(2O>0C@C9w`&I3FL%|-=*~2$>GwC;MXcaPa?cUHpp#(>s2owOo
z$J7*U-AXf)X`+FZJ|eukJV3Afa2T>m#HqXCHkoJVf*4G|Irdl>i(fo`ziIEU4*&oT
zG%!8d<Ao+=KcaFy&#NY=rqFYMnswq%4a^n-PB+hJ%wH{|aHAU1)o)>u7?3WnJ>@ej
z)Chm6W!0HGv7024>3cMVab208RY^WK1TBCC+@V$AkDaW3dts$DeVE)!s(KigW!%48
zoj+tXYxM@Ef2cXxss?}Sl!BUiz-bTwr*cfIdEmkAy}k&h$7?wIvEtmBB2W}8F9VNG
zOf2oetf=@sY04p6!isJAW`kurJ5^V;;482d?0^H7G=Y~yV(V$O`lv^Kpa$&79&pwk
z06<Fj*Ux`F5dZz9e?9!m8--}kt`?eC*H#r<<sl?KPND<W0F#J{bMjhqadEV#_y(0p
zNe$Cfe2Vr30Dg!`MDWYNQ$wb|4FZ5-0P)u)|Mh?h_VEUP{mbEB-=Sp?14e-WLK4?k
zR~gxCv?U5T$;oCCb$Y4=+}?X9!}Z4z;cO+At|c^o8>*Ar^pnT+{<ysS7+qQQLD?8q
zdc}ZCy12*U?LjxidLb$A{W_fiYx>32)yamS;czW$i&VHx1&EVbm(`5m*V}1<SbiBb
zYpmZ!?@T&6&KLof<+)S39A6bsED#1vaYfhbkDu(tCpFXPX)9^Y44Bez<M8rNv%5sM
zb0MH{b)0A~*t>k!VlunSfQe{v2HM$=rL;Ug4ZLE#Msb>%;JCi3e*MI2n|4tcd!m-^
z&QuoO{P+1l`o&~yUDvt2X6&(k`0U$Z>Q5#0Cmy9+v6*lT6@PGV>k~Ar(=~{LhF|k-
zRd7V0iM*3zIu-Ny*FdL^dr{485@8p}5aX|3Cy$y;KoC2-4Pq60|H3RJcG1)FZ&ZcA
zX%3}zu^C@q1NtzNwHi~nv5%*sz>56eO?T5Y0S#w*E<UKy4qpg_+fQMv({;_p1Z@^u
zTc7Mdpekw3-}<&0Xx55;{%u!U{f{YZ?>m<gC7$0u-($V_(N)?#l(XNuL)ZMfgN<ah
z8aA)$FY<wz1wEaGpL*06nvHVtX|in>rXj)K2Nk~aJgPi)a^lvD7DWIn8EW7ER$>TA
zN$FO}8_qW$K0rOgN|N(0C3m{pydlwBf@iF2qCVpCi%emXX)=)i&##{!o$ku(y`921
z1aw%Mo79f4@+87Z^O*5!U?^sSofFN{W$U=oJx<qjZQrBYEGE-1pHhy^kP|!G%4s%a
zpW+wZ<M%Ectj)rL*ESDo;l|e<ewPoqSV-fuvq^@k1cZhLb_WpM?dWh9wpa@@x4<?^
zBzx7^)+l&#;N10?;q8Ai++l<Eo9~66C{_>>Jgo4|BYA5jL_IhO3$<Kb<A6S(ZRcKa
z=1AhB)9Mo0(o*zLeBar{vt!YArKj~4oLL@q^ewO-la2NZ4XshW9hSe&i{@l<?Xuf0
z*EC9hhBR(;a=!P~^}21J%RU>Epa&F_0A4WJfsY_oO?S>$6Fq9pV>^0_I8|%HGrX7K
zakUoFCf<BY`kE6t)_K^epQ&fr0wY+n#TxxJHT9I~sop0zv|bI^sHle^U%qcMQiK!~
zXhQV+ev%dnEosT_xi3gq;Q!4R6Mi=z<<bpAP90Yc?*qH3HMVKfj<cHA1Cw4ODot7%
zx#0*=(LR@l6-gJW4QDx%r4hjtIZ@*VuWJ|T_T3~54;6#c!59-eNe*-+)1=>A3CDi$
z&t03Ih*^(|=mB0qs=610jd+~Y^`@kxp7%q=S<l)|Rmne{U<O$`Hf~OTmx+qnDybC9
z#XWm6pMdhN2VJa}6LL?v4KA++`NE3IH~8#lGVXmkmiuY`aC>=dn?K!Vntr#WjmRmp
zJe(y4PaO+iJZ$pYKdF^_@69$w!?|9ps1s(3e~Jmu&o|<?lnVF04cy~380**^TO6#~
z_0&-t^^$!$3|H-Ze{i;3J6*eAgFg6W3A&oV;z&i%-aT!gUwxc^IcnKbm-^-ZL$P}P
z8_WK}_>a?Flwry|!rYl}3n?=DFUF-Z)g!}Pb}bzkP9pAWKe&91$0?`vYLZZ$gClsH
z;=`a%E<P~V`R=6KwRJLw@ShN|hBTw2UXq%1Jb!01vG#Htx3cqb_#x<Ymi`XEi~1pC
zJcFF`T>E+c#J8itwv+qlQ8UIvc`BOx{Y}bf_}ypyQ=7do_QG`O*B<{`-E=J7X4f@5
zguRMI7jn1d9^b&LA!Ztbv(e3~3flFw*9n;Oq73Y4SufiXqZN6P=gmOQJ-JPScf;Rp
z+%g;|oX8J@Wwn3C17}cjv=6(l;~wr}AE2eZAjuh~1b7J@=9e}y^wzAdX&pSCT62vn
zO3JCfkdj7+?rQ064yD>!5!UX{R_L$4$S)PmaO%GMS66Clno*yU8PTu(aRa$pucqXZ
z=jGYmBN6eCPsaN+A91`?ODg};tKTU|4gF=SBbIfnOUQY!62H$EWZdDgYw7OZT<CQ_
zu={wHxGQSRjE<Trx5uEFJA-F7w&*q(kt1VyIm^XBgl;R)_A+y$VoJ(WciGt{1=07#
zWj9O*&-LX=!apc<IB^9@Hk5GhP+rvy+&4pW6_(qhlHHM*rYR>X)*8?0#^CMPgTlDW
z;Nr@M2+>l33o32ROVV*CtnAU+5h+i<F0=dPukp)UJPLn#g8<Vio#Gn8Lv-B9dqef<
z$hIsjlx7TXoqC7PA?ke2-T-Xq>S@15){|C=F&DF_3QP?hGeVCw^P|K(72LQ`)^L6^
zM&&2DEYQ2N<E6-MKIk>q={RzepFhV5xh}IO6uO_<E_LW%i2pc!eT=PIdS|PKimEfl
zr9p`Gdhlo6NB2xOtHVe4<SL^fGdQcgU9y(3v&DyCgd6B@VQ$CBLC|XfKN*Eqo?DXR
zLh7&N^;%P`qfe4~dpT8YH&p3@-&j?>W1RJXHDPn%*@R{hCQGh1hNuFmafQ9M&YaxQ
z+{w|OCg7GIiK}cKCZ^)*`Yg{fw5Ib*QlDakpxpa*=&4!idVQtoRTVh#ra=ERF|8RJ
z%|!{&+T@_JIIKw?guVt{z01Bo<^RdP9^*oU*p%;qpJ1e-Vj-hq`MGN$A!^)=rJ*sD
zf_F{3Q0se=Fc_=1(vyCwj`zlhtFZo33r>BgU0cV|6ztKlc-lO*64b3hjophZy}LU5
zp^G?!jAB5fk>-ed75BvXEi+`F=tvB=eqdcefLfP<PMP4*eT4G7<7vLgv4^VJSG_XW
z(a-CG$=z-%lm3UTv!$Yvf3TP5^Bkjo$e70cTkWe?9?`jiuUDP1^YDB&YmL0cV&qRb
zo3^9GJz-S$yIZTFqB{s>-*KQ^Y_n%pFklTR2kel(-ItoX#0U2F>(VbkPLz6hS5I&*
zjH2JhdfZZt@vHnmHd^+Zh+WVn8L@sbeXsZe2fihp4IJfcL+63_HV2!1u^mpqxe6Sd
zZifT>m|9+m#pw-Sp08IHwFAK(&8?4O(dnH0(=Yq$g2VKtxi?dRsh0+ZBoj+AxCFZv
z<LVZnB{i#~sKH3^*AC}DunTYS1)TRHRNy@8y-_EM^^8Rm_(~{I1&QfsSV)IA5Y>-Q
zri)>9fM@*Uge<HEIoYkXt?!$u6QZ@(wc|RBl`NMpPf}~{cYOCbO7AHg86+I7Hr}~3
zj@shx53`z=u>xmj+nd#4j7TO#8?m~gYuA4jMvse^C+J|f`&sK(3o%_xO&hUYc29(I
zyy#YA-lu+9H?JRjWPDtTSj0V*ICVj<DH<WmcDB1kx*MJq&6s<w9WxgzraU`w>cbt>
zB&4JR4u-{#W3{&Yq<UGYFK5LHa_L;)G(Ns-OgY_wC*SuJpqOesuY0?_*2}e>V7KBf
zrrdh;E#7@H+SFV|yTqV;Y7*Os_aSZigzK|PpX+FZV=z<w`<m}?+neY<2YE+kG=iP;
zmP){IOu620*4?PeyU#|ZT}N8+>do2zYVIqe;%M47lRzLOI0TpA!QI^@!5MUb;O_1T
zt|1eGyE|mi!GjJG+}+(>2X=VQ`|a81+dcbd|LmDLr@LpWyQ-_Yy6U>_>#jQ?4q$#C
zlZiy5lu;{^U^ix^L|^ZB1yvt!_6?axDE+OYln+<fTlfFkbr5R*!D4uMU-(HaK3_`X
z`6YS(e}#P>V&9H_%wx89mG?NX-~fmcn_U)NB3wQ`CEzyo4%U>p${%77P7FW3O{V_g
zA~29!^X@HZv3pS}CxeDYYeb&Rmrw0$#)};!$K@vRDNxYhQbn5@P(@mbyT>}HPfgXe
zqIZQFyXlSRt8Z}#r6D~tWEc&NwE~Fv?2d9C6%1IQQ`g(&<)RXp`KxV;BgXTPb)Q9!
zW^0btr(q6h`NcNG?4eAS)lUM70Cv`AaB);ghW=d$dF{2dXBOUJCxsluyzVj|Aj1sW
ztupE(S>JjCg@Dkrm#$v%B)cY57orJzXjx2dYYj;@d*IjpG$a@M2hTXR%`A4mmOngD
zspmN%*}Efb^BpQFsg9R29T+aT`%rp&+}RK+(9$O7IA9ut4D-W4XNPCLfDe?tB895{
zuV}2|iO87M(&`zC%`>~n7Y<YgtNsIZET4f`Rx*JZtK(I9@yB8|JzEWzrqLNPcX#0#
z^rMQvsmf1Tqn1rx0Ed;8HB8aA?XG0=%~k77`6wAJbxrwK1!1Y-RIyv=Q8gac<8|=q
zGUYSi5rf{H50@paN~Y>{tO;_qq|LkN6%MBzUIFZAd#l2r@UMG*i7`A(^#A`z?C2$^
zh%R#E$gehULjnGVDb3F>=X#5QOF}QE{K6GMjQ1-G5)KOdM*bV(`Vap4H}Lw;(Z8Ts
z*83~ciHbpUs+`BF-%chn7e|{=x0S4^!|pF!`jDhHm*L01>vR#lLqq7?&lM&$a|K>&
z;f2vGWh`M+toK*d%a+eaO&WtjfpH;W>00>BXFW|H-@sFT=%|Z*tYQlgJr?mZ<E|r$
z>$Bt}QrW*Uwy=QW^SutapsJF-dN(Klib{c}uEA$z9ln*X4!lG3_VRL<x`)Hyaf_h}
zU{h<6T#&V>BbNI@5|*(;M7ME8y6TI=Uh`_5@`My3L1l+Fr`Tw*XDDY0eYm^a8ct77
zv)3_Z7!*tZs913%N88!-f1|=2K$4E+uea|Q7^n_-3a1|)5{vX(p|q_uX#Flkc4iZX
zq$5kV+?MFjRKw%?dqMtBlZJM9hdbqxhzN~V|93O<dXv;06!-^e2WfF3kiR;0pwjiK
zlz%wDy?x@u!MzeRER5H0QLSg)YdS?X|FD$eK-c#4*k&52mnbO6&z!{RGZZLYbQ|>E
zh?JD1=<$>Oi1@+50R(tt=&&7uV!~Kq82dE8OpP5OM=fC_81nNccCBvu&z~HtqwIqI
zOY<ytIdoZcS;SeyVy1az4XG};dZ`;)lxx?7gn}FwTQlCCo8trMDG@W0OApqMDx<sQ
z_Z|WFd!-W+k%u@0UjvtG(VL6#&TM3D65nEwGF3wS{kkLHBOs%94FKpUu_KVsNg&4E
zktGU#8t2N8|GHC0XbNc{%~;~zah>#eh=ZY@MPgkt4Jp?&9#$PGHr}Ja!*OM1=_>;X
ziC3A!(7qAE)7yvOV8qyrisvgFj^T`;ji6;oCb630WxYKtL#T8MVV_aT{{5Scni|n<
zr<odC-pJ>#j+C;PvKX%z?+dZumU&DYKJaNdn(Tl>gFc`2(R|#Uqf@iMUW`vuO|Cj^
zC7=(Fw%37Q#kzY<LqVH>P8>XMDCj>I1?Ig7zMn#?v9eL87opc&K({0OML$rTFCXDt
zAbhP-uAL!q8nsR>C19pdB|uAW&~Z4X{N}|XUq>BtJJFD>{@pFu8Nn$;Rh^FHe&@rW
zKHp;xUB=omzQYW=$=HGjbFJ#h=#Q6z<{J+}od~iu2!=)pm5RK**m%%Ss?kRZg`W*7
zR5;JNdg`f4es#a4buvmLnB0}ohp!^^6A}_Y!9i3tUPb6Nws=Je*jwYG1+zaz=5rK7
z5Y}m^VnGFrzZ&xhkn~?=G0M#Fd~dhDw$rX&CBVW$J0->JK_d}$>$oA-qOW}1D-Gn~
zy3s0RF>S_W3u@)NKUKMiGMD-AYZmAgtsP&^A(u~paohs|O1h_T6r{^Svf{p&p1z|&
zLcjtE*x3<v)AT4<H@!Z`7YJq%)Mx%4<4{S5S0S}DN`5P6swQdO$b)pe*jU}qN!Vrz
zTz9dD?3B*p-mV?=&TWQqUS;yBM@YE!yqTYp>qGN7UEhU;qsl5{&h9<g+d<u%&}JW<
z!)q7Y?d!vIT<~YA50-uImxahGS9?lIN~V{+r;TgN3|rP-D*T>hs9<83Dbp*}Ak3=@
zO(aTJ$W}2eMFYwZ;mlvq{LKO|sEum~tSM|bsUfH?>Q59$snhd>rlx0<bIal2L8EH>
zxum`8G-at1dQH}i^HH%t;^_$`DkZf@YaG$kv?Agx_Ny|GdXxlEU(&&a>t#7SSVg%?
zUg?AYDHau|yQjO)+9#OD&Z~-rR=i9tuhb2mb1Eh)_k<gU3=uK;vLk^TLkK0aUU^IL
zOV2EU7wR4mS0D=(6<(ALhMzTOSnE}qBA^7VOKt<KW>=#2({+C&Unze=enU|tp4T!y
za>6xUQ#M+g2#1^w-(_FmrzRP+XdEy%XOVD2fRb2aHK1OFCS`+Pfa7F_617gl`<Z&A
zcnsG{q4p}&f<V%}|IF1X4OsYD%L=WwrK+`!L4Ev}b?s3>VV)jGS=Wz}32Y8qk8b1n
zN#NZ1Xrpj>nF;s$C-HQij=IwkLM7Xz^Vjev$3R4&tXpu2Cu>j1HtlhuD&1lr#7KSG
z7AV+yl=9SlzoevlG1*$Z30(et`c72$-j$pME1nz(8_S8kPG_R906EM|a4)wp&#`%S
zOw&lMhZy3F{)h!MWgMMYp>T6^%f?y^`CVR44lI`{f&l=43x2CV2P>-((}nn*M4CeJ
zT0b@+ix!JKz?|6BZCt;0m%f;RmWM*VhoEX)ZM;S!(HfOOS|LS~D3gG3wPalVJp)2t
zO0z+J={h!k54%*JdO=>Ei^*DCo-s$!xVpOfM|OJ6&+s#NczM|6dwz%)0`?(N6Av+t
zmF#EQ4FWpZ(ejN}AEv~jnOG>k8||T+r9f8W^n)0L(<7pkBRPw3iz9#GqICAI#~I7V
zC;Ti>QNY<m1&PO}l(F@$W3N*KgLI4K6gAnBL>KvMTzB01Cw|#R%FF%aL~?7S1lWB^
z;m<-USAf3frPbDVw{}huC(BIwKwHki&CMU*#Fl;KS1q3Z_xq>MktTA53W`edX7Kk^
z7x*2HE4+0r?|inbrJYL@uv33fo4J<MOiY+60JZBgG>a!_sNpLL6HP>J;D)IE{9qA|
ziuAL0-FU4F)v9_Nx48K8d7L$2#7vgPzFhRR&Y}|Q>I98&3!<I&xaq@Td<PZ2Y8Cnz
zXgZ|jd|zTVJf#H>zt+(wPIP?~?U<aj%5{5G*icvzPS{_lHw?<~%qMdzE5Vu{c4N`E
zNR}GePIl6u*dBYfrh>mcw^GjNM2Gp@Xf1}P%+zy&dGs>#f&>e~rPSSb`up9?1T*m#
zgKUh;bx!@4S61S@yx=XasRPilEAror;Z@$+yhK3--aeky)i}l)WNOSZ$gr4%L$H%I
z($mXxL$zMW+cpC`90|cfEHY|OV@4|U0P3jNxX1>0-y^1LVz-SnA?n%wrBF-FV!&cV
zz(SP(@204;v$~W)O0qz(#$U$<RH}r2Yp7yM6V_2DUm72+X3i&Nbwc}QeWoaod>2}n
zT4BF^Gb$xjR7`v%p$uhgymPItlWm&DUp8Z}=;+as8YIdwv%=CYxR;_Dd#72~*bE=P
z8RKM;d*Mh&_B4ENEeS#(e;BB(bABv<rc28HISw(k!hFLC3{M`O4?cC4Nw1jTcF&s=
z>XS1uA*ii->?_*zSe`|)0;T~w*rKJ#@aecej_>=t*CHZjT*b!HqD<tlcC+)?RM>DX
zmV)2Ha}vf;^U{<>q)s-|kv+$gCh`P5<$DSI#bTa^bdUF57h>H4e-YT;`j~`r6GRIT
zFLFWD?IDXF%VL6amw=ppZxV}!ODn(MJ#6~%a~ZuMUHsuoyH}1QpDPq@*<Zp<SS6o%
zJQ3qll?MS52zZKRAtwq6$z1NrD$ccqnPigq++UVzHK%c1n=Tc5y)&fCiSsJV6ZaF*
zZR+`E_w?t1Cs;gRBf_k99Pzp7QWMJKpwHz*jfSj#!U0AEuTHh{?M&$Y<nr%jO^}1k
zD&nZX{7`kvr?M1uW-gGi8aNQJv=|Z#7^hgY<nz^vKhwssO?1RK8cLLLX$~nWsqf{n
z^HO8wOMoiI_N)sPu(j+hg|>d)9sMzb0G&E}-zToB*`baU*CN5k$&g}2-Cuh|g;{?P
z%0eXJ5rI=kY_LCdEo?3Qnpi4c<+G_3_$f!6DUxTbX6+{RH-<EV032L%`A#=$+*+Q=
z!S^TjCjzw+H|kYv?wCPf=qFuCI|t69@%L}@6||ndbQw!V#S(|L>WMt@i^B4_s$v*3
zF=-DzG>`8FV_j8nlsQei_^&0B+H1F4a)q+A4g$52my2H59|{01FtW2}zEClUx)dx>
zm9@z(`jK{o29KTLSXlKJ?c(5zo_o%KRoBC!)7UoqM*V^nuQrxm%cc%){i%DhJlvbZ
z{UkM(B|=`VfB46I)|MMXfqWGH_#xF=-%3cY-vp@<t6%E?Q~g&H=Fi$7pFekQdn?NF
zJrCr%@eF$T3d-`zaXob1pBe_2!sBipQJcEE6yl4m7<ASVvEnId20tjvDg0ntXk^5!
z1<OtpzN}z!a%x8GK6E|W7~!2JCSV~%wezhXb8TsRKq_qTPfAb8+30~sFzG@~l#6fF
z9#!+@#!PI-!TbXo&&ENSyO{nJbPU;5{!a4#BNq<^DhdByAHBWIo4fzg0tERvjK8@q
z;E9QeS*~Fw2032H%6>mK;A|01m-li?I_Rr>Yp=VS0h^q$C8>jj*=Wi3n}RrI;X5uf
zSKK`F`WltF*kuaE@1fKzwm)#`I87OArGV_6lUBr{j8i<mMLlv|ijUF)wRN|nZ!5I_
zau;bZH%ppzsd?D~CDa0=HD>pw?1S&wFezeUj5MrvOF}y<r--P};GH?DQM|ON6N>>H
zOu>zAWihdqjUPoQ8AtcZ?wvAXwD!V9vJ{iK+~Q4H7QiZ^n7p6ca&oTV9TC(Mjaeun
zJk@?G3$QP@u(!>tTbq#Q+yJ?1uen)}&TFz$e=%Z3bwIko_m+fvEG)ce`v*UHD?h!;
z4A+!*Fb&f^8$}tj>X7@o?~7D6HWdxuHEpNG!%!S#WwkHb<iwyDNY3w5^`BF|xARj{
zu|b9pYPM8WPJLoX^DTqFd8#I7NDdA~Z%=}hMIQdNFD+@BG{ud%c?JR)+>Dcf9bA|L
zW@<qS#kAN1X3-4HiZ&l8gLs(r0oU!sPWjHo;>ntVii(8_>ehOZ%xBsWEW*;D@~K@^
zfpXpW3OTLmB|825sXbJrAf@<n9!J805aQKVBlu)X(!Fj@<*7A<!p{BhK|5UmRMFb`
zW}w$N|5tiSiN?MwQo2&98iReZ-8&3(Wy{?WPL2lcRQLt=QQ<=)C}FYV^p_k>o_%jY
zG?Pq@dO<;PjX=6)d_u{DyfIO$vRSW^dQlBL)ARzBJ?gVLolDeCcy;RrwL6~U<*{>A
zz-NKhZb<36#VSP*c-xg?$o&1$=<dy96(4z!kkN!{U8_VH{{<Is<+0%j2SqB^z_WD2
zGy>ESDus6XTeU%vZ!ct0G9^?SnSqt>W?-5w_$h_cVCF2;K4s9FD(7VcieKo{c7E-*
zfs6}!(VI+u(UF^BviCpTm*<ofI%s7=B7--#>&O`KknY~}$xxDGtjD&IOrXD67kCqL
zeOBCOUJcL^{(&Dm&QR?Z{ZPQFBoCi5m#Dp`1NG2$5v!>uu+p(;F~tpZUsBNnt$-5I
zl-yoUMC{QTEQ!Uxm^TxGrPT8B3o9mx!UxQ#$FvEtoFXQyigyLlzd@q4@e(l^X*sw&
zs1`(l^0v|1fPi$L3N99dloIXMBnT>1JhXSh%3~&tON3oS5tPuVnN7vgDVKMqjTo#n
zilr-b5iRr_ku9Z4D7_2Y%Ql*tyJ=REA$~v(R31|f4-KQ^n<EY?kyDz+f)A{;JpL5F
z7-M2q8PpRBiNZm>IBWZO;hRoXxYB3FA=y_sx{AxRP@0}XdfYyn_fp0YLL#R;%EZw^
zESl*lRX};53{y-DsCYb85k8eKm!g$KehrB|2$V4OaN-3OS;+UrYii!?RlBv^U$k^;
zVhs9iq&pifn<xBAbCXLV1sn-}`26uL+6Cm+D)&q0iMSvRhsWp27St)QbX6bCvHlES
zMtIRpqKARM@a4*^Gjit0X{A5JTj4`uKSl*?d%idzgZ^W~(TBIB+&-5jT`wgl8J4c+
zY8vPR@QAEV!Wsk%TmzTy8Xakmcel--;;AMp9aid>{i8Uu)l-GMoRyYl+dPMI=v>1x
z91WYk{euH4ZkMme>Eq&R!R3Zh<+b<A``1@+D2eKXvB$mq=*_#c^(@9X+FHi{?#J8t
zxr_XEORIYR!L0%f#o=HI3+t3z{}D!vkg7vtyn;FLaCEm9bmCUwZSg&WB2z?S+Z>Od
zFOz>O4)<p0H@J=1@9{CtdGiOcTG?<^o4z;LDGHWomgz9l2rUW-5ZznmJ&Hg7k*DYr
zXTJy--O0D&|8(sB1YdKAK1e`M5j!HuW~6vrJ)YWbci$V{CQ8LNu(MYfBb^*<?57+k
z-&z0onLVu>M6L=rHPBcLC2%$U+BdpLZ?&p)T-2hIl)gDB&<AL0p56LRWXCbk(~B#A
zbw5BkoI^w1a}ALw<s^VaOW~zr&Yy8hb&U<3oA>}DfKzB0m@BlGqSQ8&>g%HRP+NNl
zFEY)65Z09vtIgg>z?H|mdHoz^h?1|#ZkM0~k?z*|dR%I%pyP_zubeow(n){+pYux8
zaGb9U!C3st81o58Fs+24Lek{Oj(*<aE%8<FCJga+0KZv5f7yiMJ^jzs-+IG&v~dk*
z8&jQbhAu|e3CLNY>2w_ug^v1$mu*ilRyc>y>5#5!X14kCc-?ju$#8*q5$wME4@aYt
zJuQf04})pPw!wU|uX36DUG7Sec>_Fu$HX{wk@<fA6EGwC$lutInKx-!^YI1&->5XE
zCnY6?O!#ELnzX2($9tdK^hl$JVl!A4+I-f}h=PLR@9$3udJ}SptDvB8c7Cp|rbgoR
zVCa7jtK<#O_?q$6{;T~9sf+DQ9rn&Jo@%j&leQ(l8^goK@^K3`gU1!=nRobaA0E6<
z5tTkVL5nNOgaW`TmG#x@+byb~s)>n-jt&WpTAb6<Q~JsxYiJ@P{C*H!5nK_p!RGo;
zk643fU3JxOTl~9I-2N%B$KfLR5^M0ly2*#SAo%IO;tdwT76DB)?o6D-G>5JN#*M_@
zue@J1zHAid)zZj|2r$2cGgm=yip|@-w;q+7=n$?@(JIq{|0mu~4taBLaTNiaOjdxo
zffHl@==2(cpZU64-OK3#?!<Q!iM2XV<u%1;iuJx=hW{O2Hu@r0$K32}%jHtPKZUqS
zsOZ7={-E2RZtA(1cFTTNNDUqA8po^f@ZdlN6HfAp1>4oXv9Yl5IGdP_D?AyMk!`<W
zg#Ye3jvM?e3HfjGmH&uY{w-hm&(XhCECc^d#gaw;Oq+hSK)`(|@X3&wzF}+#>&n{7
ziZP}G;q^Z<mlwlGBi&#A;eg>x<v$9Ve{cSk!T+%&H63I$FTS#Lnpb0~2I$N{*r~j)
z&(;MTRd6iR+btU%*#ovSV98KrY*2bSsr8sUXf>N}I%^h(fsqa$&cUvrmw6s521L{s
z)=Tw5st!(Zk?W0Wweu*ZO;?S!Ctp`KpR&AlmfcRtte=(?Y4xR}i0YOQ{~BJVX`|v8
z&Lngo;cq0Hsp9F6{Iw#tjp^_5aFep3PE2`^DaTwi(gdQe#s5yU)<~Or7G>6JeQ_)j
zUiv73!-O}G?6iuKW^HXvc^Bfkqs_F{@k(r(-Tv<zaDA6CyB>4Goc!w-<<+ycnx);w
zU{CM+7#~x_w_{f>hZN+78(NkLEiEmH^~Vr)QXh%z^Os`Nqos+JRIwJ-lUcZqg>ZWZ
z^!j)+O05P4To*)9MYfFiqcbx~hYPP=SJLn3=u*L}T99|{?p>SCs$q4RHc3x!%fEoN
zN&O@!-~~w>vp+}fe*`w{!0fge9qP&SNG>17JbGTQy_?<PcjS#m_Q=%tZ)_a%z6Z<>
z4WX>Rg0BchA_pgfzg8qk&E*pgR_YO*?@KEC-<)zC_k>Jy)IYhN5nU1yk$ZUoI{IVH
zS-Hyft`OCj{*W@#KeAOeZhA!8Y9YHMgOA9!_NUb!Ay+qX_OB+;;M93mDb0+#HPq7j
ztfb$mfjxassQ`A;X%@LdN<L`e5`Mv-S+PK&>_4`?rFl{4|KJ+8wo)8u6W`^56$L{u
zi~aimebeSc;Qpz8*vHon9h`suRPUby=|d2zT00H#x!Az2zngzug}(S2R>6;><!CVf
z`1pp-RRwbUxs<)O>K9F#=;HbbhS$8p-jHqer1!vGLX=P2Lb{=7<iHvqijP7EvebPO
ztTsHi$x~=~gBi`)1+q_D!d0l0DDXPiyME!E8@cYFztn!l<0aKu)DPL$Y~dDgOV3wK
zALY5x)X%)j-L88<iQ55sTbz5R$-_uZKU%e280gl&cpojBJRDtmGN(#1bU!{sDD(O@
zNd$OaQ{bd3Zn>9fN5$iY``kO<kaW;pIugGE?dN8*P`vUnzFfh?0!s!Db!MPpEMzpD
zl{M7*IFm(^;qCQMmdY23WVo$O>%ZrspUU*OZZf79PWLK{9KUCkp6OWVWB|$9U?qfy
zPgXDQ$SLFLC~hV?bGTgFP3vSvqOD~MKKE7Z17S<3`?-E}Sbz$yvrJ3NSvtifxzBgM
zv)QY~zPd9)ftfV0kHh1yWPdl5tC<QaTwy*TM%Y8S&(aatbcV67^Qbd7bf~++!F30|
z0xPH0u))dBmr8y7vvb{K)&b|UpPoLLSYFp>?qzoj`sMwVXBbB${3G%c1JKm)Ug)r_
zCETr@Vp~F5<)cW=^D}o8|HbZbLJ6n9hIeSvL_${Byj7-!jFN$UI-ty|$!h%lbVYKn
zG}Bgn&8HM9;yCr#O+4HLeX8$a0T(92e=|7##Do`}3<PhtUg%#e3bMzr8ha6Eq}1|m
z98T1SIfnOY|Hyba<!#$|pO6e+Pr0a%bueQ=Yvc@JH8?t^FTiCxcH8`c@oRX|#YjeH
zS{ObCyIFo*x&NKxz`bPNGUsswpdc|JTHty!F>J_2k;HH|sVgtJv#WN!Z_Xj}$*0P5
zs^laMO)oZ`kq6}=msXVbKKWZkt;Z6#$C$!Uj@^JsTKG=y*o<_DGE=I!pvcp$Ty_TH
z%b-l1lfB^3<gOkUAI%CF$2u@seg#L^s>k%scWU~Pv3@ua2W!_QKtXBg&d1&;KVs11
z{k`my-_kx+*Upvx*AKsks|d2=S|0`s-@3mi+*4xosh@rtoxkn~@e;*NudZugM&@OG
z`CfCkG<=V;3`~8!Gm3Mo#ZVGKb3lm65&%(#aRo*C=5w6a6g1D7nmHjx%L#Z&LGaUO
zTlsUt!_oaxeZ#|hEoL~^@A))v$pBkGhS7K}0M4hCJsc8#zJ(@#91C~*q2K+`*Sj3m
zXO%mjg*y>0pvwCZ{q+Iv3E^^>9P9>1PWOKJO(P*T0>Xr)F0o{y<qbLGT6%r(a1X4;
zVy-Hk8{r*>qRZv`f;>Mpk_%bm0q=4juS_99TQ}KMB^?|sef?{1f{*+`xyZMZM;X!{
zkH0y#f%0Cp@tYfaq&z#T{yB}Kn`@%2x2J*EJ4S&~$?%he866jv!#tmjnhRm5^N%b~
zY}*m!DGji~%&FRDD_$!H_D$P+Psx?P5u<+H_1}wry$8DZd9EFJV(^N@XUyH-7Svnp
zir(z;2T*2a$6hEc)$rz0ngjh<1{YyrQ=6-|2z;hg>kSU(gLgn;Hvb;Rh;M=Y3+2Rd
z+bkdTpW35drs2I?<Majo*>VUFxU9_kl2aAE2z?#29JO+6+o&{fuU;>4RJd<7*L=DB
zx@k|@?|P|fdP}q7!L+s6A45@A#Ly`9^zQDKB8_9Sz$|JRr~<a`jPm1;Nwq9fUahM&
z6uBFFV8!!H8af8vZQV(e-`dK*_4trebuqnF(SJ!QdY{hjpSFfzNZ01^NCXNv^kYOX
zPpj8_k1gu6+exNm-cqolttm}|<k5r}CY$Ti2zneiR-#Sh;?H4{JQ{7Tze-ePt)z=i
zv6HqFoWW}ul49bWZj2i$;;-?$Mk&?i`BKB$S)xWR>iQ*di0In$Hx7u!=C~CH_vVDH
zK`_>=Y%Jb@p&k<?c??$8x%PYV0klDlgGeK^No0{JOBgD*ZbO6?h9kDc05le{W=He(
zzD)jEdYuVToER!uz8CAlUYd+f+8DF2n*Bh_i>{9tlz36&1r)1$XKyKy(Zk9FNZG|f
z?JP<p9D8q_tI-e2jD@*rv%v9Z%?Qaa5s*arwZ&+i%lK*;nM*qat-HjqV$I4+J~A_a
zCwlxp?VcXa#{wV<xuJcFq@TO#V#$^oO7~8o8))BVTvxx233~U=v`Zw6&RMl4M!tFX
zLZ7L<&LRhVo(!j_=FeC$lm7;^s(P*%AHtnGUH?Sqv*NW~B^#gGz6Rf}y|C))G<iG*
zC;hqmJMA&n+=|9{eK?({F61>Hn>;)i_2G<^z2LZD*n^b8&$WyZ3q&vLR5asuLO=*L
z&#m&yv>U>K(o`y-u3}<cqFvVwdhbRlh86IT*0!*>&-I#2P__4^x|_FB$9(*>9KS7K
zZ7wRlIdmu7HuyMEJMM9&r+(Lf1+r-?t{m=7Ydkt%9F|f(E7I%VO}y#9X?;}%lD+tJ
zUO@H)#ZN_7)F)flm~I`M+OWoIJ&iKQxcWf(HuIrlCOx99V4L<b>VrV)-L28y)6{&m
zOcOS!#^HA_m*0>_L1X#^Nn6%6!DEL@CxXp2yO6bp54jUWRQmxFBWJC&Nx@zyWvXfe
zCPmrC9Ow6Wce?I9pnfcL)Drx=*P4O#uaNi91`*z_mf&Ac#eAV`d>Q5Fm@nbsauefy
zB{%Gxr5_!W5^HOUqBprI1*FuPDtfil62FrmlHf&YD}7f|im`~7-TB>PqyZ{KE;asS
zZa@0R$ROqzNJWGs5)lqH!UB6LrdlRUs<j=@l`U($r~Y-@gauc7VLpY%czFpVx6Y==
z8NMIk<L}tR6)@H&4-F5O)$rUbndDX=n;R&$zxJM7Y}$JmEyEV??K*YF@S&u{P=*J@
zAsP4^OR#Rpi*2)sh(=CCSydS7WCNF;e^rXv?n_?tZ;gNd*FWdd6&zBT?D&eV<#KVR
zqb!#{EOvV%qyN@y{VX%!=CJ(IA*KSh)5NqrKiqnI3sKNB=Sa4pqrMnm&3&Uqd3qvy
z@89YVB~Jmb3r9plJ<NgUo);j0bSYCcGZNl=B_f<LKFu{8*ze&xa_1q{&r$<Tdpw@e
z2kRSlP(w%I`s*~$n}=2@SqETlJgj&yT@^+YmI}O=Motpt_bxI1DZ4n}@~4wSJWiiz
z1=gn=u%-IhmGgcL3u_?>u}g$3uT9gMat+raonZ@66z6bGrDG)<0oZz9>pyt16i9x>
z0*f7(z*41Xf6Rc?sNr`|loWC8r0REVH)31qwFT5#Pn!c^q9im_Ya2Op!Ri3l;%Hzl
zLQ>DhI>o8$-$~q^z9^%G;3*v00AbU&N1L<iT_^T&ktJOGvay*{z~Z7hI2}I6K4b&f
z0A$`1hz>V}f1P@`U{xa`E4LX5$5OS2tLNNB_D}jA)|^}V6l(Qcn3x@~IbIuN#KcA>
zWgL}N>mZ|pYU&d$l&?d>j2oO)P0S=-2@{bMuTx<?`m5<FJi4u>Qk^*+`hLTNLy5)&
zcbEYF{ARW|hZUnuvh_@+3T*l=b&+eCj<Sc2(p(56f4*Nb`zb*0$!%yS&)-xaQ|S2e
z_@njR-+D@4AR<YQ$$sYS7Y;(3c_&itg5|q-K~Ao9x~NN8ck=Q3=m4&yUKtH1MTdgG
ziNvsiB?v`b*wWNqrxW4D&esiqs2}}DCS1|xk0Voj5}$Y)2Onp`!x3Nk$3c7XPx|sI
zxn_x+kut|kkr7!)ICdGMrP64LOYRN7e_hN2+EQ|WVtNZ$$8q3m4RTvSCxez94GY7z
z%Tu2=w?!Ee4sSc8e4X0ZSs!eAEDeFN_2<=^<|Iug`DY~t)ES2WFiX?!hKpv+=N+kn
zXl%(+tQn7;Bu9^gNo}XyU=CTom1$u8DFrH4GDAstKZe8Y!AXpVBNqUN-TrI_j1C89
z<gm-&zJ6!d_}~HLusTdh=KTKjCgl-HRRkFy_U|Nkqxq7{ANS*!u(0?YkGAj!v@=xK
zkv*%dSxW%qxuru-ck7k9wA9vJA3!)^(s`nwy89lKb`pc})?-{DZz0lwzk>o<cZ&)n
z*$##cz@v4k0*1JFSN_P2wA4BVHl9abXg1E4IK2Dq7^Bo7v<^+y9WL3A+n$EgA=%&9
z`53hW-nt03T_;M2AM}T)ckUa6D7frV8XP{MAjJ|wjBbZ_UqA7#c2r2lzZ{oAo?yW~
zd2M@^e)8yp1GFb9!REbgLcjDetHuggp@La~jfpS)SFs%Q{5Z<*eV=&lO{j7>?2==M
zcyu-0WB6En-C+p4@$rBk<*PKcHDbzXORtnnbZiw<tnYAe6|YC)mGfAel<Gn;3>a(T
z6=^9>5PDjFyB@qVWf1gvsAnc_^}OdkgPnzlUEC`T-<&&0SG0Kho!v+Vs?)W(Rowfg
zcDhCXxXxG%GhxyU@B&YsM|Hbg<9cC&ddCx2ed}Q}tGU}gF{j&D&<M#1&b{JQf8M-L
zcv0KhsSnLmp+2&hgl;Jv>arLguVH(9Ud;h6_+#*#Thnm3{H1~|^xaFwYQ}RtOq->0
zQs1h1URCvR3b?CuHh;5jT*ROA%vmu4w|DkxtL6wNdhMLF8hR-UFAak_jj*Uld3k0|
zdm^0#?rGq{R5;Qzn?W`kH|r+)7G^PS^t0;SYj13b=NnronYf4<MV16z_Y*C^;&p<x
z!zzY1SLD-OMoXAJ3kmzRzY#=v@$lexcKZPU3b<G^ZL1TyqLnOHQgs>+ORWaVLhrZ;
zc`9JBQ`b-#DUFkR2Mde4>CNsyQGb5rml0}(p)y0qf<=T+Qimic>O;d&1-^DwKfA$0
z6mDKiJE|(L-azRB;WkowQqB^0mT$Wgtk4SX^O2c~Z>l(k1OZ>3dO8B%zU_(*92(|k
z+liy|@y1q_+PUUc3TIC+(7Ef(53H--#N*&osnw5<SKnjxSoe|#?m`NFy(gQnHg)+T
zgn%S%Ak@^9C#C#|E_KC3Sz0V_TcgX|W$Z*0s6N^KPAeR!H!z9LRHe)8p^j17ZEXf7
zLUv<Lc^5Ki*IXGC*UL(&7FQ3mE&krySDhH{CZ;YC)S=&~nJEqzXqnDj%^k(yPYTpM
z&ca>MlSU;w{eZWo41aHLq588Mu!}e&bW^H;hQDUhkAprLNuoWm>b{=mXUy9U*1^Ij
zAn}UIW8FIN&%7rRO1MSTY$Hm&e(-6{u)0<~lLU9AgMByZo%7@0ET?^g1CLa{b-AbG
z%YdilK|mGO=;0N-!Yl5Umkj=9ihwgqMYfwZn74&wDm|qpOf$q!6Q&cB&7=1jAqn8y
zw)uhPOn=2AR~I$=O}5$ak0%c5$VWQW)~5pF)h53D-LuQK{FZCHOoMZ57Ex9sMMX=-
zTHlKKEaqbwzCWG&y}l99(o)e>$@_@ex--C@kU-8-i;1OU^BFIyZlz>RqhZQhHfGjG
zTIMEguy;U+oV{mRngK(w`u@*QP3da82r6_*4WL@lQiLTHgW^%i7w;}MaB+3{CCyXA
z@6y*iyAPaL|0BHDV26eJ(rZ$BSd0#j|II=g5Y|ir*yb3%Af1AS091e6+PLr9U3JR$
zI+mq0s}mt(g>^fd+6zwCVGR$=$8)%Rw-U+~_9__T3_~|ys}qoK_k8>_^e*k|QU>bq
zXnT%eqDyul)s+(!Wk#D2rN=h-aQ*@-+y6)?p<5g7C!ra4aVnmX-Z=aW#b4Rp*SL)9
zBdR`K52M_plPzBMWni}?^ZBZZ-9SPr75%u9OsFWuCl<PgD<40YZN=GyA1_|7KKYz?
zi~iI!upzqOTg?rF9L)R2FsIVv^R_GooXuhQs__KeFCyR9#8W#uon9V`o;fVl69?P5
z4bT4;Z5?LuEpZ$Oz;~c$bMg&>GAE1rWo3c=luph+kqzmjKOE6@(|%KaD#U*}5BZ|>
z389h~=CRIPVUkdmH%V@*({^JKmv#LoVtDxS_L#Bl{8oyGGS**hi1)r#j&({ig`Z`~
zFE_*R-Z+h*EqR2SfU(ZkuXzQuLfG@J5~g{prMG_h{pZ$0Qfge`dF&S<WYNbYA9M4e
zQv@$>94C_WU}3*IL;)-;=-{Ux0e3g6&3o23PHDkwS))`re%85I;~sJvr|k=V^DgCX
z(;=5+JhXRz+D(=nhCX~B>8xC~^m@EPC`XH#`;-$ZA0X`OdL2t^LtOc8{tu1s#ZC!A
z+cE4eIDY*jE^?pjg>a)_<>sYM^h|e2zj{V_5s!|}_vpgq@Ke=Vt(7W|cL5JhTiRQv
zIPkSmlfu_`dLdrO!S4ip62b4@Hl!~1;QiyF+D>@A(g_N*pTudsv(-NqX+IqMr3pUS
zeabMB{rh;l1}gWx)2xEUZ}VnQ<g9GRiALhM&GzqIGbh#ba2*d|kXh9cbT7B?t+$Cd
z9QfI(_&7jrngUu*3={c9naKPxwhs0AT=wAhnDyDLm~CC{jX&-)sXqg6n7g|bjUyP_
zWOdA<f+}p=mPCbiLzAh}J0kv41)K(3w^Tm+z-1Ax83m+X%-<dA>=%fFzYW@3F;~xi
zmg+i&^)81+sMK6JGOwo|*O0*wgl<UuoUVo{)ihYZPlUmla|eyz=GJdpr?s{L)3Hr+
zx&xJPsxS!n!|>(v)aiqsk6+ON_UYK(uwf%>sz2tyTmf{3?EM#)ix4Zp>-WC^DdDVF
z$C<x3ZVT_7Y?ByA%=n{8hy|RP_Flm0vynqdCWVnl#N5X?o|4V8$c#HrsQRJ0@8ciB
zW7M>7CU0NVk0LzN#JO{pWyQtfq$?~F6WVA<2zw)N4mH%~4q>6!y4LjqB?PXC-VtB{
zemptf@5cGEMZMrfTl#Dvc;RN58-@QaubpBjno;59U`ZKd3C^I(z{jcmnOctkom~KG
zS4VnDaWOq(OQXrK|F4`F_oLa$2H!qoFr0*CjOxy5@U_}r`YxQ!_7;u<p_#LE&HxLB
z%js?dkyjSaw6bEBn`S8>patmCAm*o&>h@q7OGYqj6<3zF@a`7wdB|<B)C%XWcToU3
zsuc~syUmSkf^-=0>dR7ui&&Suds@meU%YsUE-xjn;b7MGBa6M0{ObI2>%YkGf13h+
z)cI`2cu?JiL=$u7csPj4A|vA>h8N9QHak)TY%jq`(+#nnM`3AgLBXcD!l4WyH@wNO
zf`O;gO+Vt}Qsd*I1pdJIEmZ$u?f+5!KARTc0^t9-`Nx$OE>?b)ng7@3-zhAU^;N<T
zSdM71FQpEj6J@Rc`USMI0{J!7KdYBtjAZ{mdbyrHfnQsO&B=f9dcK^zw31YX#FxPT
E0e9kYr2qf`

literal 0
HcmV?d00001

diff --git a/name-map-ui/site/index.html b/name-map-ui/site/index.html
index 93bc58615..9e8abf450 100644
--- a/name-map-ui/site/index.html
+++ b/name-map-ui/site/index.html
@@ -68,7 +68,7 @@ <h1>Host and Network Segment Name Mapping</h1>
                   <button class="save-btn" id="save-btn">💾 Save Mappings</button>
                 </td>
                 <td class="foot" colspan="2">
-                  <button class="restart-btn" id="restart-btn">🔁 Restart Parser</button>
+                  <button class="restart-btn" id="restart-btn" disabled>🔁 Restart Parser</button>
                 </td>
               </tr>
             </tfoot>
@@ -206,7 +206,7 @@ <h1>Host and Network Segment Name Mapping</h1>
         let items = mappingList.items.map(
           function(item) { return (({ id, ...o }) => o)(item.values()); }
         );
-        download('mappings.json', JSON.stringify(items, null, 2), "application/json");
+        download('net-map.json', JSON.stringify(items, null, 2), "application/json");
       }
     });
 

From 46dc86f95b61c9a1b7df202ddfd775e47a15c0c6 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 26 Mar 2020 12:55:03 -0600
Subject: [PATCH 160/183] start logstash under supervisord in order to add a
 process that will watch for changes to the name matching

---
 Dockerfiles/logstash.Dockerfile |  9 ++++-----
 logstash/supervisord.conf       | 29 +++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 5 deletions(-)
 create mode 100644 logstash/supervisord.conf

diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile
index 98ea2f797..16eafeefd 100644
--- a/Dockerfiles/logstash.Dockerfile
+++ b/Dockerfiles/logstash.Dockerfile
@@ -51,7 +51,7 @@ RUN yum install -y epel-release && \
     yum update -y && \
     yum install -y gettext python-setuptools python-pip python-requests python-yaml && \
     yum clean all && \
-    pip install py2-ipaddress && \
+    pip install py2-ipaddress supervisor && \
     logstash-plugin install logstash-filter-translate logstash-filter-cidr logstash-filter-dns \
                             logstash-filter-json logstash-filter-prune logstash-filter-http \
                             logstash-filter-grok logstash-filter-geoip logstash-filter-uuid \
@@ -65,9 +65,11 @@ ADD logstash/config/log4j2.properties /usr/share/logstash/config/
 ADD logstash/config/logstash.yml /usr/share/logstash/config/
 ADD logstash/pipelines/ /usr/share/logstash/malcolm-pipelines/
 ADD logstash/scripts /usr/local/bin/
+ADD logstash/supervisord.conf /etc/supervisord.conf
 ADD https://raw.githubusercontent.com/wireshark/wireshark/master/manuf /usr/share/logstash/config/oui.txt
 
 RUN bash -c "chmod --silent 755 /usr/local/bin/*.sh /usr/local/bin/*.py || true" && \
+    mkdir -p /var/log/supervisor && \
     rm -f /usr/share/logstash/pipeline/logstash.conf && \
     rmdir /usr/share/logstash/pipeline && \
     mkdir /logstash-persistent-queue && \
@@ -83,10 +85,7 @@ ENV LOGSTASH_KEYSTORE_PASS "a410a267b1404c949284dee25518a917"
 
 VOLUME ["/logstash-persistent-queue"]
 
-USER logstash
-
-ENTRYPOINT ["/usr/local/bin/logstash-start.sh"]
-
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf", "-u", "root", "-n"]
 
 # to be populated at build-time:
 ARG BUILD_DATE
diff --git a/logstash/supervisord.conf b/logstash/supervisord.conf
new file mode 100644
index 000000000..1dcc55fcc
--- /dev/null
+++ b/logstash/supervisord.conf
@@ -0,0 +1,29 @@
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
+
+[unix_http_server]
+file=/var/run/supervisor.sock   ; (the path to the socket file)
+chmod=0700
+
+[supervisord]
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+pidfile=/var/run/supervisord.pid
+childlogdir=/var/log/supervisor
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock
+
+[program:logstash]
+command=/usr/local/bin/logstash-start.sh
+user=logstash
+autostart=true
+startsecs=0
+startretries=0
+stopasgroup=true
+killasgroup=true
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true

From 116f58e456d1d6b79b2a8350b9abe5cdcf44a825 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 30 Mar 2020 10:48:51 -0600
Subject: [PATCH 161/183] more work on name-map-ui, allow uploading of the JSON
 file so it can be pushed to the docker image volume automatically

---
 Dockerfiles/name-map-ui.Dockerfile        | 39 +++++++---
 Dockerfiles/nginx.Dockerfile              |  9 ++-
 docker-compose-standalone-zeek-live.yml   | 18 +++--
 docker-compose-standalone.yml             | 18 +++--
 docker-compose.yml                        | 18 +++--
 name-map-ui/config/fpm-pool.conf          | 56 +++++++++++++++
 name-map-ui/config/nginx.conf             | 87 +++++++++++++++++++++++
 name-map-ui/config/php.ini                |  7 ++
 name-map-ui/config/supervisord.conf       | 27 +++++++
 name-map-ui/nginx/sites-available/default |  8 ---
 name-map-ui/site/upload.php               | 56 +++++++++++++++
 nginx/nginx.conf                          |  2 +-
 12 files changed, 303 insertions(+), 42 deletions(-)
 create mode 100644 name-map-ui/config/fpm-pool.conf
 create mode 100644 name-map-ui/config/nginx.conf
 create mode 100644 name-map-ui/config/php.ini
 create mode 100644 name-map-ui/config/supervisord.conf
 delete mode 100644 name-map-ui/nginx/sites-available/default
 create mode 100644 name-map-ui/site/upload.php

diff --git a/Dockerfiles/name-map-ui.Dockerfile b/Dockerfiles/name-map-ui.Dockerfile
index ccc4ecf86..0a011046b 100644
--- a/Dockerfiles/name-map-ui.Dockerfile
+++ b/Dockerfiles/name-map-ui.Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx:alpine
+FROM alpine:3.11
 
 # Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
@@ -13,23 +13,42 @@ LABEL org.opencontainers.image.description='Malcolm container providing a user i
 ENV JQUERY_VERSION 1.6.4
 ENV LISTJS_VERSION v1.5.0
 
+RUN apk --no-cache add php7 php7-fpm php7-mysqli php7-json php7-openssl php7-curl php7-fileinfo \
+    php7-zlib php7-xml php7-phar php7-intl php7-dom php7-xmlreader php7-ctype php7-session \
+    php7-mbstring php7-gd nginx supervisor curl
+
+COPY name-map-ui/config/nginx.conf /etc/nginx/nginx.conf
+COPY name-map-ui/config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
+COPY name-map-ui/config/php.ini /etc/php7/conf.d/custom.ini
+COPY name-map-ui/config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
 ADD https://code.jquery.com/jquery-${JQUERY_VERSION}.min.js /tmp/jquery.min.js
 ADD https://raw.githubusercontent.com/javve/list.js/${LISTJS_VERSION}/dist/list.min.js /tmp/list.min.js
 
-RUN rm -rf /usr/share/nginx/html/* && \
-    cd /usr/share/nginx/html && \
+RUN rm -rf /etc/nginx/conf.d/default.conf /var/www/html/* && \
+    mkdir -p /var/www/html/upload && \
+    cd /var/www/html && \
     mv /tmp/jquery.min.js /tmp/list.min.js ./ && \
     chmod 644 ./jquery.min.js ./list.min.js && \
-    ln -s . name-map-ui
+    ln -s . name-map-ui && \
+    chown -R nobody.nobody /var/www/html && \
+    chown -R nobody.nobody /run && \
+    chown -R nobody.nobody /var/lib/nginx && \
+    chown -R nobody.nobody /var/log/nginx
+
+VOLUME /var/www/html
+
+USER nobody
+
+WORKDIR /var/www/html
 
-ADD name-map-ui/site/* /usr/share/nginx/html/
-ADD docs/images/logo/Malcolm_banner.png /usr/share/nginx/html/
-ADD docs/images/favicon/favicon.ico /usr/share/nginx/html/
-ADD name-map-ui/nginx/sites-available/default /etc/nginx/sites-available/default
+COPY --chown=nobody name-map-ui/site/ /var/www/html/
+COPY --chown=nobody docs/images/logo/Malcolm_banner.png /var/www/html/
+COPY --chown=nobody docs/images/favicon/favicon.ico /var/www/html/
 
-EXPOSE 80
+EXPOSE 8080
 
-CMD ["nginx", "-g", "daemon off;"]
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
 
 # to be populated at build-time:
 ARG BUILD_DATE
diff --git a/Dockerfiles/nginx.Dockerfile b/Dockerfiles/nginx.Dockerfile
index 40a91529a..3b1cb044a 100644
--- a/Dockerfiles/nginx.Dockerfile
+++ b/Dockerfiles/nginx.Dockerfile
@@ -10,7 +10,7 @@
 # build a patched APK of stunnel supporting ldap StartTLS (patched protocols.c)
 # (based on https://www.stunnel.org/pipermail/stunnel-users/2013-November/004437.html)
 
-FROM alpine:3.10 as stunnel_build
+FROM alpine:3.11 as stunnel_build
 
 ADD https://codeload.github.com/alpinelinux/aports/tar.gz/master /aports-master.tar.gz
 ADD nginx/src/*.patch /usr/src/patches/
@@ -18,7 +18,7 @@ ADD nginx/src/*.patch /usr/src/patches/
 USER root
 
 RUN set -x ; \
-    apk add --no-cache alpine-sdk patchutils sudo ; \
+    apk add --no-cache alpine-sdk patchutils sudo openssl-dev linux-headers; \
     sed -i 's/^#\s*\(%wheel\s\+ALL=(ALL)\s\+NOPASSWD:\s\+ALL\)/\1/' /etc/sudoers ; \
     adduser -D -u 1000 -h /apkbuild -G abuild builder ; \
     addgroup builder wheel ; \
@@ -39,7 +39,7 @@ RUN set -x ; \
 
 ####################################################################################
 
-FROM alpine:3.10
+FROM alpine:3.11
 
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
@@ -67,8 +67,7 @@ ENV NGINX_LDAP_TLS_STUNNEL_PROTOCOL $NGINX_LDAP_TLS_STUNNEL_PROTOCOL
 
 
 # build latest nginx with nginx-auth-ldap
-ENV NGINX_VERSION=1.17.6
-ENV DOCKER_GEN_VERSION=0.7.4
+ENV NGINX_VERSION=1.17.9
 ENV NGINX_AUTH_LDAP_BRANCH=master
 ENV NGINX_AUTH_PAM_BRANCH=master
 
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index d5173f1ac..a2c772382 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -120,7 +120,7 @@ services:
     cap_add:
       - IPC_LOCK
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:9200"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9200"]
         interval: 30s
         timeout: 15s
         retries: 3
@@ -146,7 +146,7 @@ services:
       - 5601
       - 28991
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:5601/kibana/api/status"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:5601/kibana/api/status"]
         interval: 30s
         timeout: 15s
         retries: 3
@@ -166,7 +166,7 @@ services:
       - 3030
       - 3333
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:3030"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:3030"]
         interval: 30s
         timeout: 15s
         retries: 3
@@ -203,7 +203,7 @@ services:
       - 5044
       - 9600
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:9600"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9600"]
         interval: 30s
         timeout: 15s
         retries: 3
@@ -267,7 +267,7 @@ services:
     depends_on:
       - elasticsearch
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:8005/_ns_/nstest.html"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8005/_ns_/nstest.html"]
         interval: 90s
         timeout: 30s
         retries: 3
@@ -385,7 +385,13 @@ services:
     environment:
       VIRTUAL_HOST : 'name-map-ui.malcolm.local'
     expose:
-      - 80
+      - 8080
+    healthcheck:
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8080/fpm-ping"]
+        interval: 60s
+        timeout: 15s
+        retries: 3
+        start_period: 90s
     volumes:
       - ./cidr-map.txt:/usr/share/nginx/html/maps/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/nginx/html/maps/host-map.txt:ro
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 015978040..c0342bcaf 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -120,7 +120,7 @@ services:
     cap_add:
       - IPC_LOCK
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:9200"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9200"]
         interval: 30s
         timeout: 15s
         retries: 3
@@ -146,7 +146,7 @@ services:
       - 5601
       - 28991
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:5601/kibana/api/status"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:5601/kibana/api/status"]
         interval: 30s
         timeout: 15s
         retries: 3
@@ -166,7 +166,7 @@ services:
       - 3030
       - 3333
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:3030"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:3030"]
         interval: 30s
         timeout: 15s
         retries: 3
@@ -203,7 +203,7 @@ services:
       - 5044
       - 9600
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:9600"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9600"]
         interval: 30s
         timeout: 15s
         retries: 3
@@ -267,7 +267,7 @@ services:
     depends_on:
       - elasticsearch
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:8005/_ns_/nstest.html"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8005/_ns_/nstest.html"]
         interval: 90s
         timeout: 30s
         retries: 3
@@ -385,7 +385,13 @@ services:
     environment:
       VIRTUAL_HOST : 'name-map-ui.malcolm.local'
     expose:
-      - 80
+      - 8080
+    healthcheck:
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8080/fpm-ping"]
+        interval: 60s
+        timeout: 15s
+        retries: 3
+        start_period: 90s
     volumes:
       - ./cidr-map.txt:/usr/share/nginx/html/maps/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/nginx/html/maps/host-map.txt:ro
diff --git a/docker-compose.yml b/docker-compose.yml
index 3402e6ef1..25966d915 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -120,7 +120,7 @@ services:
     cap_add:
       - IPC_LOCK
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:9200"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9200"]
         interval: 30s
         timeout: 15s
         retries: 3
@@ -149,7 +149,7 @@ services:
       - 5601
       - 28991
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:5601/kibana/api/status"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:5601/kibana/api/status"]
         interval: 30s
         timeout: 15s
         retries: 3
@@ -172,7 +172,7 @@ services:
       - 3030
       - 3333
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:3030"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:3030"]
         interval: 30s
         timeout: 15s
         retries: 3
@@ -217,7 +217,7 @@ services:
       - 5044
       - 9600
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:9600"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9600"]
         interval: 30s
         timeout: 15s
         retries: 3
@@ -290,7 +290,7 @@ services:
     depends_on:
       - elasticsearch
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:8005/_ns_/nstest.html"]
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8005/_ns_/nstest.html"]
         interval: 90s
         timeout: 30s
         retries: 3
@@ -436,7 +436,13 @@ services:
     environment:
       VIRTUAL_HOST : 'name-map-ui.malcolm.local'
     expose:
-      - 80
+      - 8080
+    healthcheck:
+        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8080/fpm-ping"]
+        interval: 60s
+        timeout: 15s
+        retries: 3
+        start_period: 90s
     volumes:
       - ./cidr-map.txt:/usr/share/nginx/html/maps/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/nginx/html/maps/host-map.txt:ro
diff --git a/name-map-ui/config/fpm-pool.conf b/name-map-ui/config/fpm-pool.conf
new file mode 100644
index 000000000..a3a6b288f
--- /dev/null
+++ b/name-map-ui/config/fpm-pool.conf
@@ -0,0 +1,56 @@
+[global]
+; Log to /dev/fd/1 for docker
+error_log = /dev/fd/1
+
+[www]
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+;                            a specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+listen = 127.0.0.1:9000
+
+; Enable status page
+pm.status_path = /fpm-status
+
+; Ondemand process manager
+pm = ondemand
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
+; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
+; CGI. The below defaults are based on a server without much resources. Don't
+; forget to tweak pm.* to fit your needs.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 100
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+pm.process_idle_timeout = 10s;
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+pm.max_requests = 1000
+
+; Make sure the FPM workers can reach the environment variables for configuration
+clear_env = no
+
+; Catch output from PHP
+catch_workers_output = yes
+
+; Remove the 'child 10 said into stderr' prefix in the log and only show the actual message
+decorate_workers_output = no
+
+; Enable ping page to use in healthcheck
+ping.path = /fpm-ping
diff --git a/name-map-ui/config/nginx.conf b/name-map-ui/config/nginx.conf
new file mode 100644
index 000000000..4936b93f7
--- /dev/null
+++ b/name-map-ui/config/nginx.conf
@@ -0,0 +1,87 @@
+worker_processes 1;
+error_log stderr warn;
+pid /run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+    default_type application/octet-stream;
+
+    # Define custom log format to include reponse times
+    log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
+                          '$status $body_bytes_sent "$http_referer" '
+                          '"$http_user_agent" "$http_x_forwarded_for" '
+                          '$request_time $upstream_response_time $pipe $upstream_cache_status';
+
+    access_log /dev/stdout main_timed;
+    error_log /dev/stderr notice;
+
+    keepalive_timeout 65;
+
+    # Write temporary files to /tmp so they can be created as a non-privileged user
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path /tmp/proxy_temp_path;
+    fastcgi_temp_path /tmp/fastcgi_temp;
+    uwsgi_temp_path /tmp/uwsgi_temp;
+    scgi_temp_path /tmp/scgi_temp;
+
+    # Default server definition
+    server {
+        listen 8080 default_server;
+        server_name _;
+
+        sendfile off;
+
+        root /var/www/html;
+        index index.php index.html;
+
+        location / {
+            # First attempt to serve request as file, then
+            # as directory, then fall back to index.php
+            try_files $uri $uri/ /index.php?q=$uri&$args;
+        }
+
+        # Redirect server error pages to the static page /50x.html
+        error_page 500 502 503 504 /50x.html;
+        location = /50x.html {
+            root /var/lib/nginx/html;
+        }
+
+        # Pass the PHP scripts to PHP-FPM listening on 127.0.0.1:9000
+        location ~ \.php$ {
+            try_files $uri =404;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass 127.0.0.1:9000;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+            fastcgi_index index.php;
+            include fastcgi_params;
+        }
+
+        location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
+            expires 5d;
+        }
+
+        # Deny access to . files, for security
+        location ~ /\. {
+            log_not_found off;
+            deny all;
+        }
+
+        # Allow fpm ping and status from localhost
+        location ~ ^/(fpm-status|fpm-ping)$ {
+            access_log off;
+            allow 127.0.0.1;
+            deny all;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include fastcgi_params;
+            fastcgi_pass 127.0.0.1:9000;
+        }
+    }
+
+    # Include other server configs
+    include /etc/nginx/conf.d/*.conf;
+}
diff --git a/name-map-ui/config/php.ini b/name-map-ui/config/php.ini
new file mode 100644
index 000000000..d91b95891
--- /dev/null
+++ b/name-map-ui/config/php.ini
@@ -0,0 +1,7 @@
+[PHP]
+file_uploads = On
+upload_max_filesize = 64M
+max_file_uploads = 4
+
+[Date]
+date.timezone="UTC"
diff --git a/name-map-ui/config/supervisord.conf b/name-map-ui/config/supervisord.conf
new file mode 100644
index 000000000..3302799c0
--- /dev/null
+++ b/name-map-ui/config/supervisord.conf
@@ -0,0 +1,27 @@
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
+
+[supervisord]
+nodaemon=true
+logfile=/dev/null
+logfile_maxbytes=0
+pidfile=/run/supervisord.pid
+
+[program:php-fpm]
+command=php-fpm7 -F
+stopasgroup=true
+killasgroup=true
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+autorestart=false
+startretries=0
+
+[program:nginx]
+command=nginx -g 'daemon off;'
+stopasgroup=true
+killasgroup=true
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+autorestart=false
+startretries=0
\ No newline at end of file
diff --git a/name-map-ui/nginx/sites-available/default b/name-map-ui/nginx/sites-available/default
deleted file mode 100644
index 54d292206..000000000
--- a/name-map-ui/nginx/sites-available/default
+++ /dev/null
@@ -1,8 +0,0 @@
-server {
-    listen 80 default_server;
-
-    sendfile on;
-
-    root /usr/share/nginx/html;
-    index index.html;
-}
diff --git a/name-map-ui/site/upload.php b/name-map-ui/site/upload.php
new file mode 100644
index 000000000..db79a5b28
--- /dev/null
+++ b/name-map-ui/site/upload.php
@@ -0,0 +1,56 @@
+<?php
+
+header('Content-Type: text/plain; charset=utf-8');
+
+try {
+
+  // invalid multiple files / $_FILES corruption attack
+  if (!isset($_FILES['upfile']['error']) ||
+      is_array($_FILES['upfile']['error'])) {
+    throw new RuntimeException('Invalid parameters');
+  }
+
+  // validate $_FILES['upfile']['error']
+  switch ($_FILES['upfile']['error']) {
+    case UPLOAD_ERR_OK:
+      break;
+    case UPLOAD_ERR_NO_FILE:
+      throw new RuntimeException('No file sent');
+    case UPLOAD_ERR_INI_SIZE:
+    case UPLOAD_ERR_FORM_SIZE:
+      throw new RuntimeException('Exceeded filesize limit');
+    default:
+      throw new RuntimeException('Unknown error');
+  }
+
+  // maximum upload filesize
+  if ($_FILES['upfile']['size'] > 67108864) {
+    throw new RuntimeException('Exceeded filesize limit');
+  }
+
+  // check upload MIME type
+  $finfo = new finfo(FILEINFO_MIME_TYPE);
+  $fmime = $finfo->file($_FILES['upfile']['tmp_name']);
+  if (false === $ext = array_search($fmime,
+                                    array('json' => 'application/json',
+                                          'txt' => 'text/plain'),
+                                    true)) {
+    throw new RuntimeException(sprintf('Invalid file format: "%s"', $fmime));
+  }
+
+  // give file unique name based on sha
+  $ftmpname = $_FILES['upfile']['tmp_name'];
+  $fdstname = sprintf('./upload/%s.%s',
+                      sha1_file($_FILES['upfile']['tmp_name']),
+                      $ext);
+  if (!move_uploaded_file($ftmpname, $fdstname)) {
+    throw new RuntimeException(sprintf('Failed to move uploaded file ("%s" -> "%s")', $ftmpname, $fdstname));
+  }
+
+  echo 'Success';
+
+} catch (RuntimeException $e) {
+    echo $e->getMessage();
+}
+
+?>
\ No newline at end of file
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 8282fc662..ec623675d 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -66,7 +66,7 @@ http {
   }
 
   upstream docker-name-map-ui {
-    server name-map-ui:80;
+    server name-map-ui:8080;
   }
 
   # htadmin (htpasswd/user management)

From 5daece4d208771c31532aea9108695d3f08b14d4 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 30 Mar 2020 10:56:51 -0600
Subject: [PATCH 162/183] map location of host/subnet mapping to correct
 location under name-map-ui container

---
 docker-compose-standalone-zeek-live.yml | 6 +++---
 docker-compose-standalone.yml           | 6 +++---
 docker-compose.yml                      | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index a2c772382..55c2db8e2 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -393,9 +393,9 @@ services:
         retries: 3
         start_period: 90s
     volumes:
-      - ./cidr-map.txt:/usr/share/nginx/html/maps/cidr-map.txt:ro
-      - ./host-map.txt:/usr/share/nginx/html/maps/host-map.txt:ro
-      - ./net-map.json:/usr/share/nginx/html/maps/net-map.json:ro
+      - ./cidr-map.txt:/var/www/html/maps/cidr-map.txt:ro
+      - ./host-map.txt:/var/www/html/maps/host-map.txt:ro
+      - ./net-map.json:/var/www/html/maps/net-map.json:ro
   nginx-proxy:
     image: malcolmnetsec/nginx-proxy:2.0.0
     restart: "no"
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index c0342bcaf..e0a2a03c1 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -393,9 +393,9 @@ services:
         retries: 3
         start_period: 90s
     volumes:
-      - ./cidr-map.txt:/usr/share/nginx/html/maps/cidr-map.txt:ro
-      - ./host-map.txt:/usr/share/nginx/html/maps/host-map.txt:ro
-      - ./net-map.json:/usr/share/nginx/html/maps/net-map.json:ro
+      - ./cidr-map.txt:/var/www/html/maps/cidr-map.txt:ro
+      - ./host-map.txt:/var/www/html/maps/host-map.txt:ro
+      - ./net-map.json:/var/www/html/maps/net-map.json:ro
   nginx-proxy:
     image: malcolmnetsec/nginx-proxy:2.0.0
     restart: "no"
diff --git a/docker-compose.yml b/docker-compose.yml
index 25966d915..8eb418fc6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -444,9 +444,9 @@ services:
         retries: 3
         start_period: 90s
     volumes:
-      - ./cidr-map.txt:/usr/share/nginx/html/maps/cidr-map.txt:ro
-      - ./host-map.txt:/usr/share/nginx/html/maps/host-map.txt:ro
-      - ./net-map.json:/usr/share/nginx/html/maps/net-map.json:ro
+      - ./cidr-map.txt:/var/www/html/maps/cidr-map.txt:ro
+      - ./host-map.txt:/var/www/html/maps/host-map.txt:ro
+      - ./net-map.json:/var/www/html/maps/net-map.json:ro
   nginx-proxy:
     build:
       context: .

From a8db25061516ea65073acf9d930443ce163cefc5 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 30 Mar 2020 11:27:34 -0600
Subject: [PATCH 163/183] integrate upload with name-map-ui

---
 name-map-ui/site/index.html  | 43 +++++++++++++++++++++++++++---------
 name-map-ui/site/mapping.css |  1 +
 name-map-ui/site/upload.php  |  3 ++-
 3 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/name-map-ui/site/index.html b/name-map-ui/site/index.html
index 9e8abf450..8c6c259fc 100644
--- a/name-map-ui/site/index.html
+++ b/name-map-ui/site/index.html
@@ -62,8 +62,9 @@ <h1>Host and Network Segment Name Mapping</h1>
                 </td>
               </tr>
               <tr>
-                <td/>
-                <td/>
+                <td class="foot" colspan="2">
+                  <button class="export-btn" id="export-btn">📤 Export Mappings</button>
+                </td>
                 <td class="foot" colspan="2">
                   <button class="save-btn" id="save-btn">💾 Save Mappings</button>
                 </td>
@@ -99,6 +100,7 @@ <h1>Host and Network Segment Name Mapping</h1>
         updateBtn = $('#update-btn').hide(),
         cancelBtn = $('#cancel-btn').hide(),
         saveBtn = $('#save-btn'),
+        exportBtn = $('#export-btn'),
         restartBtn = $('#restart-btn'),
         removeBtns = $('.remove-item-btn'),
         editBtns = $('.edit-item-btn');
@@ -178,6 +180,18 @@ <h1>Host and Network Segment Name Mapping</h1>
       focusItem(itemId);
     });
 
+    function hasJsonStructure(str) {
+      if (typeof str !== 'string') return false;
+      try {
+        const result = JSON.parse(str);
+        const type = Object.prototype.toString.call(result);
+        return type === '[object Object]'
+            || type === '[object Array]';
+      } catch (err) {
+        return false;
+      }
+    }
+
     function download(filename, text, contentType="text/plain") {
       var element = document.createElement('a');
       element.setAttribute('href', 'data:' + contentType + ';charset=utf-8,' + encodeURIComponent(text));
@@ -188,19 +202,28 @@ <h1>Host and Network Segment Name Mapping</h1>
       document.body.removeChild(element);
     }
 
-    function hasJsonStructure(str) {
-      if (typeof str !== 'string') return false;
+    async function uploadNameMap(jsonStr) {
+      let formData = new FormData();
+      var upBlob = new Blob([jsonStr], { type: 'application/json' });
+      formData.append("upfile", upBlob);
       try {
-        const result = JSON.parse(str);
-        const type = Object.prototype.toString.call(result);
-        return type === '[object Object]'
-            || type === '[object Array]';
-      } catch (err) {
-        return false;
+        let r = await fetch('name-map-ui/upload.php', {method: "POST", body: formData});
+      } catch(e) {
+        console.log('uploadNameMap error: ', e);
       }
     }
 
     saveBtn.click(function() {
+      if (mappingList) {
+        // create list of all items (minus the random "id" index field)
+        let items = mappingList.items.map(
+          function(item) { return (({ id, ...o }) => o)(item.values()); }
+        );
+        uploadNameMap(JSON.stringify(items, null, 2));
+      }
+    });
+
+    exportBtn.click(function() {
       if (mappingList) {
         // create list of all items (minus the random "id" index field)
         let items = mappingList.items.map(
diff --git a/name-map-ui/site/mapping.css b/name-map-ui/site/mapping.css
index ccf2ba347..97cf832ab 100644
--- a/name-map-ui/site/mapping.css
+++ b/name-map-ui/site/mapping.css
@@ -190,6 +190,7 @@ button.remove-item-btn {
 }
 
 button.save-btn,
+button.export-btn,
 button.restart-btn {
   font-size: 1.0rem;
 }
diff --git a/name-map-ui/site/upload.php b/name-map-ui/site/upload.php
index db79a5b28..98f85246c 100644
--- a/name-map-ui/site/upload.php
+++ b/name-map-ui/site/upload.php
@@ -50,7 +50,8 @@
   echo 'Success';
 
 } catch (RuntimeException $e) {
-    echo $e->getMessage();
+  error_log ($e->getMessage());
+  echo $e->getMessage();
 }
 
 ?>
\ No newline at end of file

From dd603c963d75bd8d60e02e1e2ffcb5e0bab3653b Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 30 Mar 2020 14:45:14 -0600
Subject: [PATCH 164/183] add the ability to signal logstash from the
 net-map-ui container

---
 Dockerfiles/logstash.Dockerfile                 |  7 ++++---
 Dockerfiles/name-map-ui.Dockerfile              |  5 +++--
 README.md                                       |  2 --
 docker-compose-standalone-zeek-live.yml         |  6 ++----
 docker-compose-standalone.yml                   |  6 ++----
 docker-compose.yml                              |  6 ++----
 logstash/scripts/logstash-start.sh              | 12 ++++--------
 logstash/supervisord.conf                       |  9 +++++----
 name-map-ui/config/supervisor_logstash_ctl.conf | 10 ++++++++++
 name-map-ui/config/supervisord.conf             | 10 ++++++++++
 10 files changed, 42 insertions(+), 31 deletions(-)
 create mode 100644 name-map-ui/config/supervisor_logstash_ctl.conf

diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile
index 16eafeefd..d84a53bdb 100644
--- a/Dockerfiles/logstash.Dockerfile
+++ b/Dockerfiles/logstash.Dockerfile
@@ -10,15 +10,12 @@ LABEL org.opencontainers.image.vendor='Idaho National Laboratory'
 LABEL org.opencontainers.image.title='malcolmnetsec/logstash-oss'
 LABEL org.opencontainers.image.description='Malcolm container providing Logstash (the Apache-licensed variant)'
 
-
-ARG LOGSTASH_JAVA_EXECUTION_ENGINE=true
 ARG LOGSTASH_ENRICHMENT_PIPELINE=enrichment
 ARG LOGSTASH_PARSE_PIPELINE_ADDRESSES=zeek-parse
 ARG LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_INTERNAL=internal-es
 ARG LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_EXTERNAL=external-es
 ARG LOGSTASH_ELASTICSEARCH_OUTPUT_PIPELINE_ADDRESSES=internal-es,external-es
 
-ENV LOGSTASH_JAVA_EXECUTION_ENGINE $LOGSTASH_JAVA_EXECUTION_ENGINE
 ENV LOGSTASH_ENRICHMENT_PIPELINE $LOGSTASH_ENRICHMENT_PIPELINE
 ENV LOGSTASH_PARSE_PIPELINE_ADDRESSES $LOGSTASH_PARSE_PIPELINE_ADDRESSES
 ENV LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_INTERNAL $LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_INTERNAL
@@ -85,6 +82,10 @@ ENV LOGSTASH_KEYSTORE_PASS "a410a267b1404c949284dee25518a917"
 
 VOLUME ["/logstash-persistent-queue"]
 
+EXPOSE 5044
+EXPOSE 9001
+EXPOSE 9600
+
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf", "-u", "root", "-n"]
 
 # to be populated at build-time:
diff --git a/Dockerfiles/name-map-ui.Dockerfile b/Dockerfiles/name-map-ui.Dockerfile
index 0a011046b..71ad66d71 100644
--- a/Dockerfiles/name-map-ui.Dockerfile
+++ b/Dockerfiles/name-map-ui.Dockerfile
@@ -20,7 +20,8 @@ RUN apk --no-cache add php7 php7-fpm php7-mysqli php7-json php7-openssl php7-cur
 COPY name-map-ui/config/nginx.conf /etc/nginx/nginx.conf
 COPY name-map-ui/config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
 COPY name-map-ui/config/php.ini /etc/php7/conf.d/custom.ini
-COPY name-map-ui/config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+COPY name-map-ui/config/supervisord.conf /etc/supervisord.conf
+COPY name-map-ui/config/supervisor_logstash_ctl.conf /etc/supervisor/logstash/supervisord.conf
 
 ADD https://code.jquery.com/jquery-${JQUERY_VERSION}.min.js /tmp/jquery.min.js
 ADD https://raw.githubusercontent.com/javve/list.js/${LISTJS_VERSION}/dist/list.min.js /tmp/list.min.js
@@ -48,7 +49,7 @@ COPY --chown=nobody docs/images/favicon/favicon.ico /var/www/html/
 
 EXPOSE 8080
 
-CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
 
 # to be populated at build-time:
 ARG BUILD_DATE
diff --git a/README.md b/README.md
index 2e2f8e116..faca48564 100644
--- a/README.md
+++ b/README.md
@@ -450,8 +450,6 @@ Various other environment variables inside of `docker-compose.yml` can be tweake
 
 * `ZEEK_AUTO_ANALYZE_PCAP_THREADS` – the number of threads available to Malcolm for analyzing Zeek logs (default `1`)
 
-* `LOGSTASH_JAVA_EXECUTION_ENGINE` – if set to `true`, Logstash will use the new [Logstash Java Execution Engine](https://www.elastic.co/blog/meet-the-new-logstash-java-execution-engine) which may significantly speed up Logstash startup and processing
-
 * `LOGSTASH_OUI_LOOKUP` – if set to `true`, Logstash will map MAC addresses to vendors for all source and destination MAC addresses when analyzing Zeek logs (default `true`)
 
 * `LOGSTASH_REVERSE_DNS` – if set to `true`, Logstash will perform a reverse DNS lookup for all external source and destination IP address values when analyzing Zeek logs (default `false`)
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 55c2db8e2..731b0be6d 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -41,8 +41,6 @@ x-zeek-variables: &zeek-variables
   EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA : 'false'
 
 x-logstash-variables: &logstash-variables
-  # experimental java execution engine (https://www.elastic.co/blog/meet-the-new-logstash-java-execution-engine)
-  LOGSTASH_JAVA_EXECUTION_ENGINE : 'true'
   LOGSTASH_OUI_LOOKUP  : 'true'
   LOGSTASH_REVERSE_DNS : 'false'
   # ES_EXTERNAL_HOSTS : '10.0.0.123:9200'
@@ -199,8 +197,8 @@ services:
     depends_on:
       - elasticsearch
     expose:
-      - 5000
       - 5044
+      - 9001
       - 9600
     healthcheck:
         test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9600"]
@@ -395,7 +393,7 @@ services:
     volumes:
       - ./cidr-map.txt:/var/www/html/maps/cidr-map.txt:ro
       - ./host-map.txt:/var/www/html/maps/host-map.txt:ro
-      - ./net-map.json:/var/www/html/maps/net-map.json:ro
+      - ./net-map.json:/var/www/html/maps/net-map.json:rw
   nginx-proxy:
     image: malcolmnetsec/nginx-proxy:2.0.0
     restart: "no"
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index e0a2a03c1..5f954438d 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -41,8 +41,6 @@ x-zeek-variables: &zeek-variables
   EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA : 'false'
 
 x-logstash-variables: &logstash-variables
-  # experimental java execution engine (https://www.elastic.co/blog/meet-the-new-logstash-java-execution-engine)
-  LOGSTASH_JAVA_EXECUTION_ENGINE : 'true'
   LOGSTASH_OUI_LOOKUP  : 'true'
   LOGSTASH_REVERSE_DNS : 'false'
   # ES_EXTERNAL_HOSTS : '10.0.0.123:9200'
@@ -199,8 +197,8 @@ services:
     depends_on:
       - elasticsearch
     expose:
-      - 5000
       - 5044
+      - 9001
       - 9600
     healthcheck:
         test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9600"]
@@ -395,7 +393,7 @@ services:
     volumes:
       - ./cidr-map.txt:/var/www/html/maps/cidr-map.txt:ro
       - ./host-map.txt:/var/www/html/maps/host-map.txt:ro
-      - ./net-map.json:/var/www/html/maps/net-map.json:ro
+      - ./net-map.json:/var/www/html/maps/net-map.json:rw
   nginx-proxy:
     image: malcolmnetsec/nginx-proxy:2.0.0
     restart: "no"
diff --git a/docker-compose.yml b/docker-compose.yml
index 8eb418fc6..6bdec3756 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -41,8 +41,6 @@ x-zeek-variables: &zeek-variables
   EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA : 'false'
 
 x-logstash-variables: &logstash-variables
-  # experimental java execution engine (https://www.elastic.co/blog/meet-the-new-logstash-java-execution-engine)
-  LOGSTASH_JAVA_EXECUTION_ENGINE : 'true'
   LOGSTASH_OUI_LOOKUP  : 'true'
   LOGSTASH_REVERSE_DNS : 'false'
   # ES_EXTERNAL_HOSTS : '10.0.0.123:9200'
@@ -213,8 +211,8 @@ services:
     depends_on:
       - elasticsearch
     expose:
-      - 5000
       - 5044
+      - 9001
       - 9600
     healthcheck:
         test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9600"]
@@ -446,7 +444,7 @@ services:
     volumes:
       - ./cidr-map.txt:/var/www/html/maps/cidr-map.txt:ro
       - ./host-map.txt:/var/www/html/maps/host-map.txt:ro
-      - ./net-map.json:/var/www/html/maps/net-map.json:ro
+      - ./net-map.json:/var/www/html/maps/net-map.json:rw
   nginx-proxy:
     build:
       context: .
diff --git a/logstash/scripts/logstash-start.sh b/logstash/scripts/logstash-start.sh
index 0fb815245..0545b71e6 100755
--- a/logstash/scripts/logstash-start.sh
+++ b/logstash/scripts/logstash-start.sh
@@ -79,12 +79,8 @@ MALCOLM_ELASTICSEARCH_OUTPUT_PIPELINES=$(printf '"%s"\n' "${ELASTICSEARCH_OUTPUT
 find "$PIPELINES_DIR" -type f -name "*.conf" -exec sed -i "s/_MALCOLM_ELASTICSEARCH_OUTPUT_PIPELINES_/${MALCOLM_ELASTICSEARCH_OUTPUT_PIPELINES}/g" "{}" \; 2>/dev/null
 find "$PIPELINES_DIR" -type f -name "*.conf" -exec sed -i "s/_MALCOLM_PARSE_PIPELINE_ADDRESSES_/${MALCOLM_PARSE_PIPELINE_ADDRESSES}/g" "{}" \; 2>/dev/null
 
-# experimental java execution engine (https://www.elastic.co/blog/meet-the-new-logstash-java-execution-engine)
-if [[ "$LOGSTASH_JAVA_EXECUTION_ENGINE" == 'true' ]]; then
-  LOGSTASH_JAVA_FLAG="--java-execution"
-else
-  LOGSTASH_JAVA_FLAG=""
-fi
 
-# start logstash
-/usr/local/bin/docker-entrypoint $LOGSTASH_JAVA_FLAG
+# start logstash (adapted from docker-entrypoint)
+env2yaml /usr/share/logstash/config/logstash.yml
+export LS_JAVA_OPTS="-Dls.cgroup.cpuacct.path.override=/ -Dls.cgroup.cpu.path.override=/ $LS_JAVA_OPTS"
+exec logstash
diff --git a/logstash/supervisord.conf b/logstash/supervisord.conf
index 1dcc55fcc..7e23e2ee3 100644
--- a/logstash/supervisord.conf
+++ b/logstash/supervisord.conf
@@ -1,8 +1,7 @@
 ; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
-[unix_http_server]
-file=/var/run/supervisor.sock   ; (the path to the socket file)
-chmod=0700
+[inet_http_server]
+port=0.0.0.0:9001
 
 [supervisord]
 nodaemon=true
@@ -14,7 +13,7 @@ childlogdir=/var/log/supervisor
 supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface
 
 [supervisorctl]
-serverurl=unix:///var/run/supervisor.sock
+serverurl=http://127.0.0.1:9001
 
 [program:logstash]
 command=/usr/local/bin/logstash-start.sh
@@ -22,8 +21,10 @@ user=logstash
 autostart=true
 startsecs=0
 startretries=0
+stopwaitsecs=60
 stopasgroup=true
 killasgroup=true
+stopsignal=INT
 stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
 redirect_stderr=true
diff --git a/name-map-ui/config/supervisor_logstash_ctl.conf b/name-map-ui/config/supervisor_logstash_ctl.conf
new file mode 100644
index 000000000..de572adcf
--- /dev/null
+++ b/name-map-ui/config/supervisor_logstash_ctl.conf
@@ -0,0 +1,10 @@
+; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
+
+[supervisord]
+nodaemon=true
+logfile=/dev/null
+logfile_maxbytes=0
+pidfile=/run/supervisord.pid
+
+[supervisorctl]
+serverurl=http://logstash:9001
diff --git a/name-map-ui/config/supervisord.conf b/name-map-ui/config/supervisord.conf
index 3302799c0..c74777e9a 100644
--- a/name-map-ui/config/supervisord.conf
+++ b/name-map-ui/config/supervisord.conf
@@ -1,11 +1,21 @@
 ; Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 
+[unix_http_server]
+file=/tmp/supervisor.sock   ; (the path to the socket file)
+chmod=0700
+
 [supervisord]
 nodaemon=true
 logfile=/dev/null
 logfile_maxbytes=0
 pidfile=/run/supervisord.pid
 
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
 [program:php-fpm]
 command=php-fpm7 -F
 stopasgroup=true

From 89330cb27111ea3315348b7b86a1e0e2854d2488 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 30 Mar 2020 14:52:34 -0600
Subject: [PATCH 165/183] clear out previous maps between restarts

---
 logstash/scripts/logstash-start.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/logstash/scripts/logstash-start.sh b/logstash/scripts/logstash-start.sh
index 0545b71e6..13aae3f35 100755
--- a/logstash/scripts/logstash-start.sh
+++ b/logstash/scripts/logstash-start.sh
@@ -64,6 +64,7 @@ find "$PIPELINES_DIR" -mindepth 1 -maxdepth 1 -type d -print0 2>/dev/null | sort
 '
 
 # create filters for network segment and host mapping in the enrichment directory
+rm -f "$NETWORK_MAP_OUTPUT_FILTER"
 /usr/local/bin/ip-to-segment-logstash.py --mixed "$INPUT_MIXED_MAP" --segment "$INPUT_CIDR_MAP" --host "$INPUT_HOST_MAP" -o "$NETWORK_MAP_OUTPUT_FILTER"
 
 if [[ -z "$ES_EXTERNAL_HOSTS" ]]; then

From 5182f9e19ad212c8ab5ef2de3d309d76406b8096 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 31 Mar 2020 08:19:16 -0600
Subject: [PATCH 166/183] add ability to save net-map.json from web ui

---
 Dockerfiles/name-map-ui.Dockerfile         | 28 +++++++++++++---------
 name-map-ui/config/supervisord.conf        | 13 +++++++++-
 name-map-ui/scripts/name-map-save-watch.sh | 22 +++++++++++++++++
 3 files changed, 51 insertions(+), 12 deletions(-)
 create mode 100755 name-map-ui/scripts/name-map-save-watch.sh

diff --git a/Dockerfiles/name-map-ui.Dockerfile b/Dockerfiles/name-map-ui.Dockerfile
index 71ad66d71..383269c7d 100644
--- a/Dockerfiles/name-map-ui.Dockerfile
+++ b/Dockerfiles/name-map-ui.Dockerfile
@@ -13,39 +13,45 @@ LABEL org.opencontainers.image.description='Malcolm container providing a user i
 ENV JQUERY_VERSION 1.6.4
 ENV LISTJS_VERSION v1.5.0
 
-RUN apk --no-cache add php7 php7-fpm php7-mysqli php7-json php7-openssl php7-curl php7-fileinfo \
+RUN apk --no-cache add bash php7 php7-fpm php7-mysqli php7-json php7-openssl php7-curl php7-fileinfo \
     php7-zlib php7-xml php7-phar php7-intl php7-dom php7-xmlreader php7-ctype php7-session \
-    php7-mbstring php7-gd nginx supervisor curl
+    php7-mbstring php7-gd nginx supervisor curl inotify-tools file psmisc
 
 COPY name-map-ui/config/nginx.conf /etc/nginx/nginx.conf
 COPY name-map-ui/config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
 COPY name-map-ui/config/php.ini /etc/php7/conf.d/custom.ini
 COPY name-map-ui/config/supervisord.conf /etc/supervisord.conf
 COPY name-map-ui/config/supervisor_logstash_ctl.conf /etc/supervisor/logstash/supervisord.conf
+COPY name-map-ui/scripts/*.sh /usr/local/bin/
 
 ADD https://code.jquery.com/jquery-${JQUERY_VERSION}.min.js /tmp/jquery.min.js
 ADD https://raw.githubusercontent.com/javve/list.js/${LISTJS_VERSION}/dist/list.min.js /tmp/list.min.js
 
 RUN rm -rf /etc/nginx/conf.d/default.conf /var/www/html/* && \
-    mkdir -p /var/www/html/upload && \
+    mkdir -p /var/www/html/upload /var/www/html/maps && \
     cd /var/www/html && \
     mv /tmp/jquery.min.js /tmp/list.min.js ./ && \
     chmod 644 ./jquery.min.js ./list.min.js && \
     ln -s . name-map-ui && \
-    chown -R nobody.nobody /var/www/html && \
-    chown -R nobody.nobody /run && \
-    chown -R nobody.nobody /var/lib/nginx && \
-    chown -R nobody.nobody /var/log/nginx
+    addgroup -g 1000 nginxsrv ; \
+    adduser -D -H -u 1000 -h /var/www/html -s /sbin/nologin -G nginxsrv -g nginxsrv nginxsrv ; \
+    addgroup nginxsrv nginx ; \
+    addgroup nginxsrv shadow ; \
+    chown -R nginxsrv.nginxsrv /var/www/html && \
+    chown -R nginxsrv.nginxsrv /run && \
+    chown -R nginxsrv.nginxsrv /var/lib/nginx && \
+    chown -R nginxsrv.nginxsrv /var/log/nginx && \
+    chmod 755 /usr/local/bin/*.sh
 
 VOLUME /var/www/html
 
-USER nobody
+USER nginxsrv
 
 WORKDIR /var/www/html
 
-COPY --chown=nobody name-map-ui/site/ /var/www/html/
-COPY --chown=nobody docs/images/logo/Malcolm_banner.png /var/www/html/
-COPY --chown=nobody docs/images/favicon/favicon.ico /var/www/html/
+COPY --chown=1000 name-map-ui/site/ /var/www/html/
+COPY --chown=1000 docs/images/logo/Malcolm_banner.png /var/www/html/
+COPY --chown=1000 docs/images/favicon/favicon.ico /var/www/html/
 
 EXPOSE 8080
 
diff --git a/name-map-ui/config/supervisord.conf b/name-map-ui/config/supervisord.conf
index c74777e9a..c01f68e10 100644
--- a/name-map-ui/config/supervisord.conf
+++ b/name-map-ui/config/supervisord.conf
@@ -34,4 +34,15 @@ stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
 redirect_stderr=true
 autorestart=false
-startretries=0
\ No newline at end of file
+startretries=0
+
+[program:watch-upload]
+command=/bin/bash -c "sleep 15 && /usr/local/bin/name-map-save-watch.sh"
+startsecs=20
+startretries=1
+stopasgroup=true
+killasgroup=true
+directory=/var/www/html/upload
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true
diff --git a/name-map-ui/scripts/name-map-save-watch.sh b/name-map-ui/scripts/name-map-save-watch.sh
new file mode 100755
index 000000000..666bf8437
--- /dev/null
+++ b/name-map-ui/scripts/name-map-save-watch.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
+
+PROCESS_DIR=${NAME_MAP_SAVE_DIR:-/var/www/html/upload/}
+DEST_MAP=${NAME_MAP_JSON:-/var/www/html/maps/net-map.json}
+
+inotifywait -m -e close_write --format '%w%f' "${PROCESS_DIR}" | while read NEWFILE
+do
+  sleep 0.1
+  # verify that the file is json|txt and that it is valid JSON
+  FILEMIME=$(file -b --mime-type "$NEWFILE")
+  if ( echo "$FILEMIME" | grep -q -e "\(application/json\|text/plain\)" ) && ( python3 -mjson.tool "$NEWFILE" >/dev/null 2>&1 ); then
+    # move the new net-map.json file into its final location
+    # (done like this with "tee" since we may not be able to cp overwrite a volume-mounted file)
+    (>/dev/null tee "$DEST_MAP" < "$NEWFILE") && echo "\"$NEWFILE\" -> \"$DEST_MAP\""
+    rm -f "$NEWFILE"
+  else
+    # invalud or unhandled file type uploaded, delete it
+    (>&2 rm -f "$NEWFILE") && echo "Removed \"$NEWFILE\" (\"$FILEMIME\"): invalid file type or format"
+  fi
+done

From 10d929a2dff30aef1fadb200af7667a763f95a5a Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 31 Mar 2020 09:02:44 -0600
Subject: [PATCH 167/183] basic control for restarting logstash via ui controls

---
 name-map-ui/config/nginx.conf         |  5 +++++
 name-map-ui/site/index.html           | 15 ++++++++++++---
 name-map-ui/site/restart-logstash.php |  4 ++++
 nginx/nginx.conf                      |  1 +
 4 files changed, 22 insertions(+), 3 deletions(-)
 create mode 100644 name-map-ui/site/restart-logstash.php

diff --git a/name-map-ui/config/nginx.conf b/name-map-ui/config/nginx.conf
index 4936b93f7..97b316e81 100644
--- a/name-map-ui/config/nginx.conf
+++ b/name-map-ui/config/nginx.conf
@@ -44,6 +44,11 @@ http {
             try_files $uri $uri/ /index.php?q=$uri&$args;
         }
 
+        location ~* maps/.+\.(txt|json)$ {
+          expires -1;
+          add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+        }
+
         # Redirect server error pages to the static page /50x.html
         error_page 500 502 503 504 /50x.html;
         location = /50x.html {
diff --git a/name-map-ui/site/index.html b/name-map-ui/site/index.html
index 8c6c259fc..6d7f45888 100644
--- a/name-map-ui/site/index.html
+++ b/name-map-ui/site/index.html
@@ -63,13 +63,13 @@ <h1>Host and Network Segment Name Mapping</h1>
               </tr>
               <tr>
                 <td class="foot" colspan="2">
-                  <button class="export-btn" id="export-btn">📤 Export Mappings</button>
+                  <button title="Download mappings as a JSON file" class="export-btn" id="export-btn">📤 Export Mappings</button>
                 </td>
                 <td class="foot" colspan="2">
-                  <button class="save-btn" id="save-btn">💾 Save Mappings</button>
+                  <button title="Write mappings to Malcolm's net-map.json" class="save-btn" id="save-btn">💾 Save Mappings</button>
                 </td>
                 <td class="foot" colspan="2">
-                  <button class="restart-btn" id="restart-btn" disabled>🔁 Restart Parser</button>
+                  <button title="Restart log ingestion, parsing and enrichment" class="restart-btn" id="restart-btn">🔁 Restart Logstash</button>
                 </td>
               </tr>
             </tfoot>
@@ -213,6 +213,14 @@ <h1>Host and Network Segment Name Mapping</h1>
       }
     }
 
+    async function restartLogstash() {
+      try {
+        let r = await fetch('name-map-ui/restart-logstash.php', {method: "GET"});
+      } catch(e) {
+        console.log('restartLogstash error: ', e);
+      }
+    }
+
     saveBtn.click(function() {
       if (mappingList) {
         // create list of all items (minus the random "id" index field)
@@ -234,6 +242,7 @@ <h1>Host and Network Segment Name Mapping</h1>
     });
 
     restartBtn.click(function() {
+      restartLogstash();
     });
 
     // apply callbacks for the buttons on the list items
diff --git a/name-map-ui/site/restart-logstash.php b/name-map-ui/site/restart-logstash.php
new file mode 100644
index 000000000..54e84284e
--- /dev/null
+++ b/name-map-ui/site/restart-logstash.php
@@ -0,0 +1,4 @@
+<?php
+$output = shell_exec('/usr/bin/supervisorctl -c /etc/supervisor/logstash/supervisord.conf restart logstash');
+echo "<pre>$output</pre>";
+?>
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index ec623675d..8c1c0e25f 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -182,6 +182,7 @@ http {
       proxy_pass http://docker-name-map-ui/;
       proxy_redirect off;
       proxy_set_header Host name-map-ui.malcolm.local;
+      proxy_cache off;
     }
 
     location = /favicon.ico {

From 5a16fe61e5e3950e2e3bedde9b22108f1986b4d8 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 31 Mar 2020 09:55:38 -0600
Subject: [PATCH 168/183] put save/restart confirmations in UI

---
 name-map-ui/site/index.html | 19 +++++++++++++++++--
 net-map.json                |  2 +-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/name-map-ui/site/index.html b/name-map-ui/site/index.html
index 6d7f45888..556520a99 100644
--- a/name-map-ui/site/index.html
+++ b/name-map-ui/site/index.html
@@ -67,6 +67,7 @@ <h1>Host and Network Segment Name Mapping</h1>
                 </td>
                 <td class="foot" colspan="2">
                   <button title="Write mappings to Malcolm's net-map.json" class="save-btn" id="save-btn">💾 Save Mappings</button>
+                  <input type="hidden" value=0 id="save-state"/>
                 </td>
                 <td class="foot" colspan="2">
                   <button title="Restart log ingestion, parsing and enrichment" class="restart-btn" id="restart-btn">🔁 Restart Logstash</button>
@@ -100,6 +101,7 @@ <h1>Host and Network Segment Name Mapping</h1>
         updateBtn = $('#update-btn').hide(),
         cancelBtn = $('#cancel-btn').hide(),
         saveBtn = $('#save-btn'),
+        saveState = $('#save-state'),
         exportBtn = $('#export-btn'),
         restartBtn = $('#restart-btn'),
         removeBtns = $('.remove-item-btn'),
@@ -139,6 +141,7 @@ <h1>Host and Network Segment Name Mapping</h1>
           name: name,
           tag: tag
         });
+        saveState.val(parseInt(saveState.val()) + 1);
         clearFields();
         refreshCallbacks();
       }
@@ -162,6 +165,7 @@ <h1>Host and Network Segment Name Mapping</h1>
           name: nameField.val(),
           tag: tagField.val()
         });
+        saveState.val(parseInt(saveState.val()) + 1);
         clearFields();
         updateBtn.hide();
         cancelBtn.hide();
@@ -222,12 +226,13 @@ <h1>Host and Network Segment Name Mapping</h1>
     }
 
     saveBtn.click(function() {
-      if (mappingList) {
+      if ((mappingList) && (confirm("Save name mappings?") === true )) {
         // create list of all items (minus the random "id" index field)
         let items = mappingList.items.map(
           function(item) { return (({ id, ...o }) => o)(item.values()); }
         );
         uploadNameMap(JSON.stringify(items, null, 2));
+        saveState.val(0);
       }
     });
 
@@ -242,7 +247,14 @@ <h1>Host and Network Segment Name Mapping</h1>
     });
 
     restartBtn.click(function() {
-      restartLogstash();
+      let confirmMsg = '';
+      if (parseInt(saveState.val()) > 0) {
+        saveBtn.click();
+      }
+      confirmMsg = confirmMsg.concat("Apply the saved name mappings and restart Logstash?");
+      if (confirm(confirmMsg) == true ) {
+         restartLogstash();
+      }
     });
 
     // apply callbacks for the buttons on the list items
@@ -255,6 +267,7 @@ <h1>Host and Network Segment Name Mapping</h1>
       removeBtns.click(function() {
         var itemId = $(this).closest('tr').find('.id').text();
         mappingList.remove('id', itemId);
+        saveState.val(parseInt(saveState.val()) + 1);
       });
 
       // populate the edit inputs from the values of row where Edit was clicked
@@ -403,6 +416,7 @@ <h1>Host and Network Segment Name Mapping</h1>
     //     "name": "home",
     //     "tag": ""
     //   }, ...
+    mappingList.clear();
     loadMapsFromFiles([{fileType: file_type_txt_cidr,
                         filePath: 'name-map-ui/maps/cidr-map.txt'},
                        {fileType: file_type_txt_host,
@@ -434,6 +448,7 @@ <h1>Host and Network Segment Name Mapping</h1>
       }
       mappingList.sort('address');
       refreshCallbacks();
+      saveState.val(0);
     });
 
   </script> <!-- end of ListJS-related scripts -->
diff --git a/net-map.json b/net-map.json
index 1e3ec7217..0637a088a 100644
--- a/net-map.json
+++ b/net-map.json
@@ -1 +1 @@
-[ ]
+[]
\ No newline at end of file

From cf6ca1dcd071cdc4ac801e736d7ec8e2c4257c91 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 31 Mar 2020 11:25:49 -0600
Subject: [PATCH 169/183] added import button to name map ui

---
 name-map-ui/site/index.html  | 276 +++++++++++++++++++++--------------
 name-map-ui/site/mapping.css |   3 +-
 name-map-ui/site/upload.html |   8 +
 3 files changed, 180 insertions(+), 107 deletions(-)
 create mode 100644 name-map-ui/site/upload.html

diff --git a/name-map-ui/site/index.html b/name-map-ui/site/index.html
index 556520a99..41efc6d68 100644
--- a/name-map-ui/site/index.html
+++ b/name-map-ui/site/index.html
@@ -62,8 +62,12 @@ <h1>Host and Network Segment Name Mapping</h1>
                 </td>
               </tr>
               <tr>
-                <td class="foot" colspan="2">
-                  <button title="Download mappings as a JSON file" class="export-btn" id="export-btn">📤 Export Mappings</button>
+                <td class="foot">
+                  <input type="file" id="import-file" name="import-file" style="display:none;"/>
+                  <button title="Import mappings from a JSON file" class="import-btn" id="import-btn">📥 Import</button>
+                </td>
+                <td class="foot">
+                  <button title="Download mappings as a JSON file" class="export-btn" id="export-btn">📤 Export</button>
                 </td>
                 <td class="foot" colspan="2">
                   <button title="Write mappings to Malcolm's net-map.json" class="save-btn" id="save-btn">💾 Save Mappings</button>
@@ -103,6 +107,8 @@ <h1>Host and Network Segment Name Mapping</h1>
         saveBtn = $('#save-btn'),
         saveState = $('#save-state'),
         exportBtn = $('#export-btn'),
+        importBtn = $('#import-btn'),
+        importFile = $('#import-file'),
         restartBtn = $('#restart-btn'),
         removeBtns = $('.remove-item-btn'),
         editBtns = $('.edit-item-btn');
@@ -246,6 +252,35 @@ <h1>Host and Network Segment Name Mapping</h1>
       }
     });
 
+    importFile.change(function (event) {
+      if ((event) && (event.target) && (event.target.files) && (event.target.files.length > 0)) {
+        let f = event.target.files[0];
+        if (((f.type === 'application/json') || (f.type === 'text/plain')) && (f.size <= 67108864)) {
+          let reader = new FileReader();
+          reader.onload = function(e) {
+            if (hasJsonStructure(e.target.result)) {
+              // replace current map list with that from imported file
+              populateMapList([{fileType: null,
+                                fileSrc: file_spec_in_memory,
+                                filePath: e.target.result}], -1);
+
+            } else {
+              alert('Invalid file format: ' + f.name + ', ' + f.type + ', ' + f.size + ' bytes');
+            }
+          };
+          reader.readAsText(f);
+        } else {
+          alert('Invalid file: ' + f.name + ', ' + f.type + ', ' + f.size + ' bytes');
+        }
+      }
+    });
+
+    importBtn.click(function() {
+      if ((mappingList) && (confirm("Clear and replace current name mappings with those from a file?") === true )) {
+        importFile.click();
+      }
+    });
+
     restartBtn.click(function() {
       let confirmMsg = '';
       if (parseInt(saveState.val()) > 0) {
@@ -254,6 +289,7 @@ <h1>Host and Network Segment Name Mapping</h1>
       confirmMsg = confirmMsg.concat("Apply the saved name mappings and restart Logstash?");
       if (confirm(confirmMsg) == true ) {
          restartLogstash();
+         alert("Logstash is restarting in the background.\nLog ingestion will be resumed in a few minutes.");
       }
     });
 
@@ -298,9 +334,57 @@ <h1>Host and Network Segment Name Mapping</h1>
       tagField.val('');
     }
 
-    const file_type_txt_cidr = 'segment';
-    const file_type_txt_host = 'host';
-    const file_types_valid = new Set([file_type_txt_cidr, file_type_txt_host]);
+    const file_type_txt_cidr  = 'segment';
+    const file_type_txt_host  = 'host';
+    const file_types_valid    = new Set([file_type_txt_cidr, file_type_txt_host]);
+
+    const file_spec_on_server = 'SERVER';
+    const file_spec_in_memory = 'LOCALSTR';
+    const file_specs_valid    = new Set([file_spec_on_server, file_spec_in_memory]);
+
+
+    // given the text of a mapping file (eg., net-map.json, cidr-map.txt, host-map.txt)
+    // populate an array containing the mapping entries from that file
+    function parseMapFileText(fileTxt, mapType=null) {
+      let result;
+
+      if (hasJsonStructure(fileTxt)) {
+        // is already JSON text, should be the format we want
+        result = JSON.parse(fileTxt);
+
+      } else {
+        // parse the lines from the cidr-map.txt/host-map.txt format
+        result = [];
+        const lines = fileTxt.split(/\r?\n/);
+        for (lineIdx in lines) {
+          let line = lines[lineIdx];
+          if (!line.startsWith("#")) {
+            const vals = line.split("|");
+            const valsLen = vals.length;
+            if ((valsLen >= 2) && (valsLen < 4)) {
+              const name = vals[1].trim();
+              const tag = (valsLen > 2) ? vals[2].trim() : "";
+              const addrs = vals[0].trim().split(",");
+              for (addrIdx in addrs) {
+                result.push({
+                  type: mapType,
+                  address: addrs[addrIdx],
+                  name: name,
+                  tag: tag
+                });
+              }
+            } // line has the right number of delimited fields
+          } // line is not a # comment
+        } // for (lineIdx in lines)
+      } // if/else hasJsonStructure
+
+      if (!Array.isArray(result)) {
+        result = null;
+      }
+      return result;
+
+    } // parseMapFileText
+
 
     // given an array of filespecs (eg.,
     // [{fileType: file_type_txt_cidr, filePath: 'maps/cidr-map.txt'},
@@ -312,7 +396,7 @@ <h1>Host and Network Segment Name Mapping</h1>
 
       let result = []
 
-      if ((fileSpecs.length > 0) && (fileSpecs[0])) {
+      if ((fileSpecs.length > 0) && (fileSpecs[0]) && (file_specs_valid.has(fileSpecs[0].fileSrc))) {
 
         // if this is a delimited file (not JSON) mark the type
         let mapType = null;
@@ -323,15 +407,20 @@ <h1>Host and Network Segment Name Mapping</h1>
         }
         // else the type is per-item in the JSON
 
-        // GET the file from the server
-        var txtFile = new XMLHttpRequest();
-        txtFile.open("GET", fileSpecs[0].filePath, true);
-        txtFile.send();
-        txtFile.onreadystatechange = function() {
-          if (txtFile.status === 200) {
-            if (txtFile.readyState === 4) {
-              if (hasJsonStructure(txtFile.responseText)) {
-                result = JSON.parse(txtFile.responseText);
+        if (fileSpecs[0].fileSrc === file_spec_in_memory) {
+          // the text of the file is already in memory
+          result = parseMapFileText(fileSpecs[0].filePath, mapType);
+          return cb(result);
+
+        } else {
+          // GET the file from the server
+          var txtFile = new XMLHttpRequest();
+          txtFile.open("GET", fileSpecs[0].filePath, true);
+          txtFile.send();
+          txtFile.onreadystatechange = function() {
+            if (txtFile.status === 200) {
+              if (txtFile.readyState === 4) {
+                result = parseMapFileText(txtFile.responseText, mapType);
                 if (fileSpecs.length > 1) {
                   // we have processed this fileSpec, process the next
                   loadMapsFromFiles(fileSpecs.slice(1), function(nextFileResult) {
@@ -341,54 +430,21 @@ <h1>Host and Network Segment Name Mapping</h1>
                   // we have processed this fileSpec, and there are no more to process
                   return cb(result);
                 }
+              } // txtFile.readyState is ready
 
-              } else {
-                const lines = txtFile.responseText.split(/\r?\n/);
-                for (lineIdx in lines) {
-                  let line = lines[lineIdx];
-                  if (!line.startsWith("#")) {
-                    const vals = line.split("|");
-                    const valsLen = vals.length;
-                    if ((valsLen >= 2) && (valsLen < 4)) {
-                      const name = vals[1].trim();
-                      const tag = (valsLen > 2) ? vals[2].trim() : "";
-                      const addrs = vals[0].trim().split(",");
-                      for (addrIdx in addrs) {
-                        result.push({
-                          type: mapType,
-                          address: addrs[addrIdx],
-                          name: name,
-                          tag: tag
-                        });
-                      }
-                    }
-                  }
-                } // for (lineIdx in lines)
-              } // JSON vs. delimited text
-
-              if (fileSpecs.length > 1) {
-                // we have processed this fileSpec, process the next
-                loadMapsFromFiles(fileSpecs.slice(1), function(nextFileResult) {
-                  return cb(result.concat(nextFileResult));
-                });
-              } else {
-                // we have processed this fileSpec, and there are no more to process
-                return cb(result);
-              }
-            } // txtFile.readyState is ready
-
-          } else if (fileSpecs.length > 1) {
-            // the GET returned an error, process the next fileSpec
-            loadMapsFromFiles(fileSpecs.slice(1), function(nextFileResult) {
-              return cb(result.concat(nextFileResult));
-            });
+            } else if (fileSpecs.length > 1) {
+              // the GET returned an error, process the next fileSpec
+              loadMapsFromFiles(fileSpecs.slice(1), function(nextFileResult) {
+                return cb(result.concat(nextFileResult));
+              });
 
-          } else {
-            // the GET returned an error, and there are no more fileSpecs to process
-            return cb(result);
-          }
+            } else {
+              // the GET returned an error, and there are no more fileSpecs to process
+              return cb(result);
+            }
 
-        } // txtFile.onreadystatechange
+          } // txtFile.onreadystatechange
+        }
 
       } else if (fileSpecs.length > 1) {
         // the first fileSpec is invalid, process the next
@@ -403,53 +459,61 @@ <h1>Host and Network Segment Name Mapping</h1>
 
     } // loadMapsFromFiles
 
-    // load old delimited plain text format
-    //   IP or MAC address to host name map:
-    //     address|host name|required tag
-    //   CIDR to network segment format:
-    //     IP(s)|segment name|required tag
-    // and JSON-formatted native format:
-    // [
-    //   {
-    //     "type": "segment",
-    //     "address": "172.16.0.0/24",
-    //     "name": "home",
-    //     "tag": ""
-    //   }, ...
-    mappingList.clear();
-    loadMapsFromFiles([{fileType: file_type_txt_cidr,
-                        filePath: 'name-map-ui/maps/cidr-map.txt'},
-                       {fileType: file_type_txt_host,
-                        filePath: 'name-map-ui/maps/host-map.txt'},
-                       {fileType: null,
-                        filePath: 'name-map-ui/maps/net-map.json'}], function (mapsArray) {
-
-      // convert to a hash to resolve any duplicates
-      var mapsHash = mapsArray.reduce(function(acc, cur) {
-        acc[cur.type + '|' + cur.address] = cur;
-        return acc;
-      }, {});
-
-      // populate the list.js List object
-      for (mapKey in mapsHash) {
-        let map = mapsHash[mapKey];
-        if ((file_types_valid.has(map.type)) &&
-            (map.address) && (map.address.length > 0) &&
-            (map.name) && (map.name.length > 0)) {
-          mappingList.add({
-            // todo: better random ID generator (if necessary)
-            id: Math.floor(Math.random()*110000),
-            type: map.type,
-            address: map.address,
-            name: map.name,
-            tag: map.tag ? map.tag : ""
-          });
+    function populateMapList(fileSpecs, newSaveState=0) {
+      // load old delimited plain text format
+      //   IP or MAC address to host name map:
+      //     address|host name|required tag
+      //   CIDR to network segment format:
+      //     IP(s)|segment name|required tag
+      // and JSON-formatted native format:
+      // [
+      //   {
+      //     "type": "segment",
+      //     "address": "172.16.0.0/24",
+      //     "name": "home",
+      //     "tag": ""
+      //   }, ...
+      mappingList.clear();
+      loadMapsFromFiles(fileSpecs, function (mapsArray) {
+
+        // convert to a hash to resolve any duplicates
+        var mapsHash = mapsArray.reduce(function(acc, cur) {
+          acc[cur.type + '|' + cur.address] = cur;
+          return acc;
+        }, {});
+
+        // populate the list.js List object
+        for (mapKey in mapsHash) {
+          let map = mapsHash[mapKey];
+          if ((file_types_valid.has(map.type)) &&
+              (map.address) && (map.address.length > 0) &&
+              (map.name) && (map.name.length > 0)) {
+            mappingList.add({
+              // todo: better random ID generator (if necessary)
+              id: Math.floor(Math.random()*110000),
+              type: map.type,
+              address: map.address,
+              name: map.name,
+              tag: map.tag ? map.tag : ""
+            });
+          }
         }
-      }
-      mappingList.sort('address');
-      refreshCallbacks();
-      saveState.val(0);
-    });
+        mappingList.sort('address');
+        refreshCallbacks();
+        saveState.val((newSaveState >= 0) ? newSaveState : Math.max(Object.keys(mapsHash).length, 1));
+      });
+    } // populateMapList
+
+    // initial page load from cidr-map.txt, host-map.txt, and/or net-map.json
+    populateMapList([{fileType: file_type_txt_cidr,
+                      fileSrc: file_spec_on_server,
+                      filePath: 'name-map-ui/maps/cidr-map.txt',},
+                     {fileType: file_type_txt_host,
+                      fileSrc: file_spec_on_server,
+                      filePath: 'name-map-ui/maps/host-map.txt'},
+                     {fileType: null,
+                      fileSrc: file_spec_on_server,
+                      filePath: 'name-map-ui/maps/net-map.json'}]);
 
   </script> <!-- end of ListJS-related scripts -->
 
diff --git a/name-map-ui/site/mapping.css b/name-map-ui/site/mapping.css
index 97cf832ab..40b45c36e 100644
--- a/name-map-ui/site/mapping.css
+++ b/name-map-ui/site/mapping.css
@@ -191,8 +191,9 @@ button.remove-item-btn {
 
 button.save-btn,
 button.export-btn,
+button.import-btn,
 button.restart-btn {
-  font-size: 1.0rem;
+  font-size: 0.9rem;
 }
 
 #container.mapping-page {
diff --git a/name-map-ui/site/upload.html b/name-map-ui/site/upload.html
new file mode 100644
index 000000000..01bdc734a
--- /dev/null
+++ b/name-map-ui/site/upload.html
@@ -0,0 +1,8 @@
+<html>
+<body>
+  <form enctype="multipart/form-data" action="upload.php" method="post">
+    Choose a file to upload: <input name="upfile" type="file" />
+    <input type="submit" value="Upload" />
+  </form>
+</body>
+</html>

From 7fdd7c89445cbe950b7da87a9c8afbdd2772d451 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 31 Mar 2020 11:41:52 -0600
Subject: [PATCH 170/183] send save-state post value to restart-logstash.php

---
 name-map-ui/site/index.html           | 6 ++++--
 name-map-ui/site/restart-logstash.php | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/name-map-ui/site/index.html b/name-map-ui/site/index.html
index 41efc6d68..cb984edcf 100644
--- a/name-map-ui/site/index.html
+++ b/name-map-ui/site/index.html
@@ -214,7 +214,7 @@ <h1>Host and Network Segment Name Mapping</h1>
 
     async function uploadNameMap(jsonStr) {
       let formData = new FormData();
-      var upBlob = new Blob([jsonStr], { type: 'application/json' });
+      let upBlob = new Blob([jsonStr], { type: 'application/json' });
       formData.append("upfile", upBlob);
       try {
         let r = await fetch('name-map-ui/upload.php', {method: "POST", body: formData});
@@ -224,8 +224,10 @@ <h1>Host and Network Segment Name Mapping</h1>
     }
 
     async function restartLogstash() {
+      let formData = new FormData();
+      formData.append("save-state", saveState.val());
       try {
-        let r = await fetch('name-map-ui/restart-logstash.php', {method: "GET"});
+        let r = await fetch('name-map-ui/restart-logstash.php', {method: "POST", body: formData});
       } catch(e) {
         console.log('restartLogstash error: ', e);
       }
diff --git a/name-map-ui/site/restart-logstash.php b/name-map-ui/site/restart-logstash.php
index 54e84284e..fe1bb405c 100644
--- a/name-map-ui/site/restart-logstash.php
+++ b/name-map-ui/site/restart-logstash.php
@@ -1,4 +1,6 @@
 <?php
-$output = shell_exec('/usr/bin/supervisorctl -c /etc/supervisor/logstash/supervisord.conf restart logstash');
-echo "<pre>$output</pre>";
+if (isset($_POST['save-state'])) {
+  $output = shell_exec('/usr/bin/supervisorctl -c /etc/supervisor/logstash/supervisord.conf restart logstash');
+  echo "<pre>$output</pre>";
+}
 ?>

From 2657a34e189e99da2cbbf4b8432958f33da226c1 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 31 Mar 2020 13:52:12 -0600
Subject: [PATCH 171/183] update documentation

---
 README.md                                     |  24 +++++++++++++-----
 .../screenshots/malcolm_name_map_ui.png       | Bin 119629 -> 106240 bytes
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index faca48564..31bb721a5 100644
--- a/README.md
+++ b/README.md
@@ -73,6 +73,7 @@ In short, Malcolm provides an easily deployable network analysis tool suite for
     - [Automatic host and subnet name assignment](#HostAndSubnetNaming)
         + [IP/MAC address to hostname mapping via `host-map.txt`](#HostNaming)
         + [CIDR subnet to network segment name mapping via `cidr-map.txt`](#SegmentNaming)
+        + [Defining hostname and CIDR subnet names interface](#NameMapUI)
         + [Applying mapping changes](#ApplyMapping)
     - [Elasticsearch index curation](#Curator)
 * [Malcolm installer ISO](#ISO)
@@ -329,9 +330,9 @@ Then, go take a walk or something since it will be a while. When you're done, yo
 * `malcolmnetsec/htadmin` (based on `debian:buster-slim`)
 * `malcolmnetsec/kibana-oss` (based on `docker.elastic.co/kibana/kibana-oss`)
 * `malcolmnetsec/logstash-oss` (based on `docker.elastic.co/logstash/logstash-oss`)
-* `malcolmnetsec/name-map-ui` (based on `nginx:alpine`)
+* `malcolmnetsec/name-map-ui` (based on `alpine:3.11`)
 * `malcolmnetsec/moloch` (based on `debian:buster-slim`)
-* `malcolmnetsec/nginx-proxy` (based on `alpine:3.10`)
+* `malcolmnetsec/nginx-proxy` (based on `alpine:3.11`)
 * `malcolmnetsec/pcap-capture` (based on `debian:buster-slim`)
 * `malcolmnetsec/pcap-monitor` (based on `debian:buster-slim`)
 * `malcolmnetsec/pcap-zeek` (based on `debian:buster-slim`)
@@ -1322,14 +1323,25 @@ If both `zeek.orig_segment` and `zeek.resp_segment` are added to a log, and if t
 
 As an alternative to manually editing `cidr-map.txt` and `host-map.txt`, a **Host and Subnet Name Mapping** editor is available at [https://localhost/name-map-ui/](https://localhost/name-map-ui/) if you are connecting locally. Upon loading, the editor is populated from `cidr-map.txt`, `host-map.txt` and `net-map.json`. 
 
-Clicking the **Save Mappings** button at the bottom of this page will generate a file named `net-map.json`, which, when saved in the Malcolm directory, will be used to define host and subnet name maps.
+This editor provides the following controls:
 
-![Host and Subnet Name Mapping Editor](./docs/images/screenshots/malcolm_name_map_ui.png)
+* 🔎 **Search mappings** - narrow the list of visible items using a search filter
+* **Type**, **Address**, **Name** and **Tag** *(column headings)* - sort the list of items by clicking a column header
+* 📝 *(per item)* - modify the selected item
+* 🚫 *(per item)* - remove the selected item
+* 🖳 **host** / 🖧 **segment**, **Address**, **Name**, **Tag (optional)** and 💾 - save the item with these values (either adding a new item or updating the item being modified)
+* 📥 **Import** - clear the list and replace it with the contents of an uploaded `net-map.json` file
+* 📤 **Export** - format and download the list as a `net-map.json` file
+* 💾 **Save Mappings** - format and store `net-map.json` in the Malcolm directory (replacing the existing `net-map.json` file)
+* 🔁 **Restart Logstash** - restart log ingestion, parsing and enrichment (e.g., restart Logstash)
 
-Future improvements to this editor may include automatically applying the changes and restarting log parsing. For now, the file must be generated and saved as described above, and Logstash restarted manually.
+![Host and Subnet Name Mapping Editor](./docs/images/screenshots/malcolm_name_map_ui.png)
 
 #### <a name="ApplyMapping"></a>Applying mapping changes
-When changes are made to either `cidr-map.txt`, `host-map.txt` or `net-map.json`, Malcolm's Logstash container must be restarted. The easiest way to do this is to restart malcolm via `restart` (see [Stopping and restarting Malcolm](#StopAndRestart)).
+
+When changes are made to either `cidr-map.txt`, `host-map.txt` or `net-map.json`, Malcolm's Logstash container must be restarted. The easiest way to do this is to restart malcolm via `restart` (see [Stopping and restarting Malcolm](#StopAndRestart)) or by clicking the 🔁 **Restart Logstash** button in the [name mapping interface](#NameMapUI) interface.
+
+Restarting Logstash may take several minutes, after which log ingestion will be resumed.
 
 ## <a name="Curator"></a>Elasticsearch index curation
 
diff --git a/docs/images/screenshots/malcolm_name_map_ui.png b/docs/images/screenshots/malcolm_name_map_ui.png
index 7eb2b6c4df7165dc0248c35d020d25849e57f93c..a28d1b65303eb4dad3f30211e6e7a7a23c2aa2d3 100644
GIT binary patch
literal 106240
zcmdSBWmH{jvn70jLm-5WyGw9)w-6u@+$|7Xf;$9v3BiLq!QI{6-QC$paQoIy&i(q{
zxBvF&F?#<()_Sb!nKf%xLC7b$_b5nsNdNrv56TBAam9cBfuZ>4A83CBIN&F)4C`k9
z{6q532XPT)mz3j`J8$Kk4$iZ3Fi8f9?{U%x<8(_S(&%#k5&ds)(J-W+-*&|d$D1#4
zeew$+L8;ATmkO!w;Jjt8_*g)=Xj1&<aGjObx;Sb@3;Pzk^d{&7m3@2?kIAkPRmV{f
zcrV*vxA=y~{`6>BCS}zW8tv~#fxV~44LbPmXMZWk2j<^jNDx9JlKuUJ^1^|{|9&tW
zktzOtnC1{i>g~USOtVCj{Czg7z>q}b--i|Ygnj>gI4kncz~7M;cw|1eq5uy#L;oF=
zmKpNuB;4QGF#n8c=J)T@e<rK$_%n<Y?4K7F_5X~Y1NG+xt3Pj(Df&QO_|ExvMTPB<
z7o_n2E>-!@3pptNFHJ{bSi1Tx;57q{y9cS)^Ooc7<H^eHLmblM)|Th((fgg-6DF<<
zQ$tY9k37SH&uk9&-HA4AXlM%Foxsj%{OjxMgTo0psCFMRxE9~0n})dPoqDf#B!b_2
zbLp=O_w>2n1}m_vt=jyERmM+Sjt~3MN7U;+dQxv+B)MKy=ahBOS9E@O_kQEqo=4Ed
zP^h#`Eo6zy;%sL|`mx>`Hd(&7gII4hd=b1$YSBu_>qq(PA!FB#NWj=~IEn`i&9e#O
z4oIYv(jMB{+QT;@Hq{2x`xVF(_y53wJi|uyMKlheJRW!DmRmI#5J{o#ZYO_mKUCG!
zdsgAS+}0!6G;8|s)tR5I6~(zcFT~YfJrjA{-oMdyH{p82UqcWgsib`U$5F4SAtn|b
zCyP$x^;8|cF>L?#>fc%XW~@6hiRn@Cc!5d$yuE9Qz1tLhY^?i(FoRy!6xY08o}@AP
z%fNjnKRLeY(f1s+F?F;Fu0*wYm18?w&#VXR&3)EwY*D)jgLu~enh1x}LtOU8;J&ya
z`4}ELq@N`^n1jyi@wn@DS29laAB6~|zB&D)-Mju_Y2O9&z*YU;Wf(S)tnu)Wl&FLT
z<MZX6*P3%{qiTR&TR9PAqQ$1T+g)RhQr*(-Ho>Cak(--aO@(C-n<yK?)V2lWAGyw&
zvJfZFdiDoaqJW^OyuG!#2^ckUK`<QG9Thr6(AP)YavxchUdOWQ<mcqu%`UFA?#?^O
zo}od_as)76`WeF(F)_GnZm!67XVOdLC{%v6v|DYiX#H_T)kfdeH6bHcVj|FW9KR&_
zlp1oa4&@;iDIi0IgyqX(c%o(7sQ!#4F^-gYq>q0Br5RC-B3pJPV`_)*l#m9s8QQtD
z4B8~yG!qk_2_opDs<yXtosEWjntHh2lLw)uS1XnY-rTxS`bi(Kg7a02hx1wDx{V)P
zLtpn)QCe^H%Sd9sK03V~Ry~1hMOIA<M8@?+M5p?*XF&)M0DD&1g-0PG_;Hd>XroUu
z5yTw*R<qhcqKt9Pl=F3?`f`JcpN+LL`G7TodlCRJfYX<oOW2LE+DP{$xSX!rK|F_%
z=X%5a!QRum&B--kyGm8dm+Aq(fWD`%uPOjyVV=LP^ox}k8yh}VWNCLn8X1>2)<>MU
zQ&@CR|AVBtWbN+INPqd}S~^l!Ffp+k!aYL%=J6W}2RORZ<zGH~S5GnDGM9ioj{n{Y
zvOP(Caw*B~zPS;q5eO|SQ$rMu*?doC!$QU=cC+fv)EgO>Zt%y6d+>lG&w5*pOhL8G
z*Pv%3^vA0ZhK*z-k|jI3v$Tu!@y3Ad85+pNPz{~Fq4+I{|9oYJ+1jib!BnQYk$;7{
zp)B^Q6$>TtZY08dnpi!=lW*_g+3D)Sdj7}oEqJffmYQgZK!avN#|aJv&p!m68je8^
zvR#_lzjpo-;I*D1qOfxPK<p9??6^yqtorUXc9*3*%EJQ>&j(-T&BdLS^2Hi_<yoO<
zZrfrUte*}GW`$H8?FkScp3fBZI6XZmHIS(!oiOU?sb%mTi;Jg6a9@JVSE!UvOZy-5
z2{JOisoJHIv|0*6A?^^)iZUR{l=U5m48P;~)n+2kikSDi`7!^5S-l#cUC{;u4%E?T
zK$%$V@(`8VYIS!zlFEHKmDa(*Rr+)8N`p?<QhRSsF$-_#;@H4y?rftAGl2;L_ZSv`
zjmjI1Bec<4V0p6)Q?<J^DokdFOfk)(9`il9v=~2Vz`SGR=K7ZQI=xvV5GMP2>f|0C
zM2b7yI*V6lqiT2=h_QCfK{RmlkOEs`!il6QZDc~H6(m5}#bp?he3S&ihySu+=`<=1
zGYRdI=gaf~07N8kpp6R3d~zNJx_uK}u*<Mo(#vL-9Yt~tD*128I3NFsK(RHw-KEm5
znj(*vr!o0!M8O38a^Q|HyLmH#WPP;saTo@qlDPEFxFGwPPKVqIB#|R&Pi<|2P4pTo
zQAU%$m<LSteL%Y$A;kD#J(jP|<bn1=Pp3>&S`$2Cn#~#AKk)IwYN<i#=zJt1?VO=I
z{UfvHd0o_?=gaDHz2rUa4}o>g|Bf;(Xj0)gJdJ8~Jc1LGbW0<Dj*Kk9R8G`wR&?zp
zKW70F4D={lw<qpe8lQLQF25&#FPY!WeeJPyZFecz;gD`OG&b-7<d20~B7Oa|)I1E!
zyfg)6jsM^9WgH*#p<eg2mc?K*r-?H<k<|(=@C{*Jxu_6m%A}{y<LA>=oiLf;MEE&6
zSgCo$5S;Xl$IVc=mSG~rfB0DYG1IZC?BaQ;3g6wcg(vJ%zcQER`EfE=fPq3Y83~r{
z8_fM^+KGUY|Eh-#m*qRN@_ZwIZ8dM;o~;O}OgOUGO`8r!a+y|+;#OVZu-L_BZLz!b
zzg>Q5_Y;9<rX<Tc`*YZtYEU8d+_FDen&xU<&!R~~Yay}BQ!qNQgiZgk`vVTMu&adb
zXz=%J-#~Qf1oQ(Ok|$C~JmQoLCm^)NCFZr{KK0h;b!eHFc*i!iT~z<_Q1w(!b!DB)
z@{R)<fGhnENXyb9$N5)xtycWE%4y)Xmum%yaj>UH;qc9Zjy%0`b*U*F=tizl@4T^l
zEtTax@dUl_jch&kIpSe2LK2Hs(D!UIx;bdLH{C5i@<;?LoO`KB$?j_n0H%cDy9hsv
zcq6C!yFnq_eeY!Z*v0QxkQ>JX)`;+DYhOgMK;(#eMS4!7eddMG@J*xv9RexYWL8XQ
z70dKwLr(MG^SZ8Gk3H}LTMUn9?x+KiOqrCa9f$aBA|L1w{RU_fN2`pKlEE)gf>o^h
z&Ro{&n-9laT)!|0g*f&oReib>D{f3xOY>xZW}0dRy-^Y*{H3@>EostAL6+5o`v>@@
z1#^Dg$=N86$HI{To2rwC1D%Iph2!Rb44}lZm5}^MNfYyQ6z0?I$F?WA3?)(cKqZu+
z(V$n6Wr8#U04u5BgfGkw!b?_ck`AM}M{deow<g(Jcu>c6k7?~Dxtcs((2%zm)JTMd
z=ZjuFmCCjIz-6V!mbl07-XE=F;H4ydJN%iHFjIKQw8(huQkSe8ZpZcC_6!!o7g{va
z;E@RmG`K)ySvKU5J4jmKDLjL3g~P9|kq~lFwcBgyZZh)m*xsjmxB;={B2X~eooc!0
zzJBGSkN>E?%5s#hj2}E|hj!e^$&SNg<Gh;2nnp6iEmxQTO433m-I=t;kG;F+CGWtn
z+IYpBT$!dE`oS6q+_s)H*%!g(r>%uE3C<rqco*s161q#nS-v~)ZM$>+(6F<BZx=|!
zu}7NxXCe<h<i37|NgrS8)qIZ!G7byt&t<wr0MDlTch$@@_;Er7s07@frmRx4x!!4k
zGepMmtvqR?>uoNe6^i(8@wvRReqDOh!GNkZ(GBgIp9Gk#jOUkZ%GEtFub9eII!(Wq
z6^spOBmDT-O6jY}>xVf@aVNalrdD*GK2~J=V9c?MP2Be|dgA+bbF>7{!?6TONU$1D
zJ~rp!`FaAM&%@>lC4M_YDP+~Hjk;UC;j`|zm5TjiHm(#h9)JDZ&=2o+7x4Bw1*S2!
zJ&NCpSJL7Rb)WzGaFAllL|_AwpHDrvRg+aXfq>)$Z(k%nYD)ze2DEjW^!94duWdjn
z@7?q9%3CRZZhLFlsJb@5?~yEsYi&k;t4zM+yDIgM<r^CXtwfM>2*{khtZayQWWhq>
z*N-|{N>cH<HZSGK_&hK`$sW!&j`%#h%L>(zfO&zS#H{(luhe_*nqck5>*^8=^HiK{
zNDQE&rt$FXl^a*Yx0^s8XdZNUwC~b?Le8g$Pm50ixjLw)sq7L}Rw|kcC)SK>*ia!A
zEN{q_)p+k+NhT6HgRO7E+tjYSZq@FwcWDsuikUSn)f3r>FRQ}UQw${}8_^`IaN(*{
zR3s|-qUWo<(roabA6(<~{~7f5tVHG5d3^?!zu9`4yV-(|6Ugj5`8iWgncr!u!s%GB
zV64EdQn2_ivw|bly*O^r#nEOQ5`1d>@9KmXpIQb``3v?h#RA_<8S%|1vp2P&9|?aR
zoIYSF6E2uZhX$N`)6nY?D#_tRx#wX+$i634i{n+7KTI}alM}t@LmB7BPyCrzS}YLy
zg%3XME!>+kI8fXWj=L`Pp?~_aNAEN7xd)s0dibp3@*MVdgbC^V=TyM0=MXuB=<Dg0
z^u}@BY|UKu)Ss^swY}r7Qc2|kPJ77v^Z+R)*?fB2t4BD?8Rn;MVsNnkU!rntz@7pg
zoq#XZr{QoL=9V~Ww6T*93s;8&@%nM>Vg`Nvy(dgI+sBBJ3k{96eIuKCcX;=Cpp6=5
z#HHa5&BL>W))WD)Ur1;nsHW)0cT>3-6h79f%5$|g=FP($9mulO)(#FD&u6aimOa`)
zFSjnlg6{75V6Yma0AdU2ZF{WU^~vBB!&aeZ7za-uGKE`T`35<Ai}imyTIR!-6@#uo
zy8B4170y`ebnjcVB4JUJ@?XCa;n{%f3mIP!DqAwD2S7&s--)(B<Y9+HJxE1+dN3r(
z+(Cv14ARv<VaV)u%pFd|_Xc>h127*Nm;N`ZK2AZF-^ciE=8Nk^DP>xz+c!3<%BLFi
z_^d#ZgEALjb*nQ(^|<k9{CK|e`7yHwr_I|8y|k@L>zdDo$I0LZy&*9@H9VFbAB#b{
z<GWuGObG)dA#r$iLkAda$6Bc}VA54pw3imm2s)eijhO_l*LhT_2}G+rDO_X6TBB=a
z$5Y#0GeAi6frkGKB#}4*P6WN-P4L-$kzGItWH$W-M)l`09oG-XS*SWyFzo$2e};yZ
zu(!Y~2P-X}1M@H92j6?&_?WSE-KS|v|J+2y<yAgwQHKR-%Jw<0ZNoFa$8P@e!6OS7
zU;!4qEBZjlJ`MZY>w`xA-e7jwKSN3G5LtCNR2~vs#H&jcvitm((}n76u2e=pu2fmz
z4Bzf6CQ&HwKRU7yy_4<RMKPmU5+s%f>xIrS9S0mmVcxc(Hoxke8EX1^Fk@A)Q1$lZ
z&a%xJ3wh2<qU2qgP;+JeQlER=*J^hyxyS2-sP!$bfTb#P3B~!nPbT|GD%)%6C#dru
zB}OVD9Z6U`x}}CAQFU$8v$;Mm--aaXw5{~6u#uV$v8Q%~;#N5t$cyoNZF(kaHvwSG
z_b(W~y?U|s$dWj}Av>tebdYWdxmjVl)uo3*Obs<8qh6k+sM<ooVKp-C#!Py~k`kZf
zFb2-iU<5CNO})h?sY@G7(DJUolHqpgy}$}3XoNGzWd8hy4%2t`?dY0NAmFYj+)mwP
z@?}9=-ke*&HFX(M@L>`xhCsyay(Ff25%xycoHHy68ROFiOY`*u$iqGxuZ};?<sr-Y
z>1A&rtP5UseW*xag{!qeA;L;)CJLX_>A`sHIf?$FPin+A@(Yj}9wMt8C3A4Sf@U`l
zV6!i6Jm3k6!oi(wBokN@7hi+>12w_FNgWD0t?{$_!e3iFOe>%D*wh=MN%`{?^{#h_
z`Kl_%CA+L`2h*{CFBV$#5wGuP-+nhmrt4g9QwxuRhw(KDPDx(Ir_4sV!;%FFDin|f
z%5Bu%wBBa$n`VsbRJ^E6@#;yu>^{V~fNMN&f0sPD?0KiR2RgpHJ<kj}I~@9X4j}p2
zPd$vy2EU<+g+@#;_szys-OW}QYRi_gwzmnF6F(<$S?eQBX&ZG4Ty=(i8r2QiO;4Za
z&~O@)P*rg97D18l=S|NaU7Bm*3ys00EA{o<GX~;Zxi_}nDNwP&H0=M{6amxQdoi3R
zw3Ul_nCCcdbeB}^d!!Qy+Ue50h#$O#n;f-#5|&dyo)9d+G<M6c&pVRrIrwHb0zp2;
zw9HHHd5<1@^0~J+`2sq0&vyfY#qQi6K)iqyfT|0g4~*2q-dN;oI-lX#&`&V&uI-(R
z**wCZxxFoUy4|B*#X`4GH4#fN?TG17RX!Q$ARe{p-3gO#KVN!(zH%YauXQLeT4*-l
zaygUMzD`W6w&6GD+-`&@KozLi_on26;UzQff;1@E5ZEkPjAJC80Ozp<SBy0V;D^8F
zxUM=hl2hFQ%7*#p0$01tM^=Nd!Y6&$^5qf)3EuNXC$fL}b-2Z2dZxec8?N)V6d-AD
zRdXSG-Rd-r$dVXB@CNvTSP+U*3n97WAh?NP;It@q?e|aV%cCQe`Acy|$d=dE1lyWl
z)2SJKh&QN6I^PTdBZ!8)sKxm~<e;RbrN)gSi<#SU3xbf&8V#ur>EH)1r%}+F_mUE8
z`R5)FcCJ!Pe-e4YR`E-&?X{v~+;aP=z`M$H1^aNo=lI_mP<mSXzAHZB1hUU_#P0!O
zVu8PoE;z2!5R=oqf!(3~3s1iX84RcQS&--u4jZisaI-~A6^T!T$x=?CGvP|Z#koDZ
z9%M++<Sb%I#R4U(Z8T$*L|_&3h8L9{p+aulp+bn2cQ$`tqCPyoWOJqYubPShnJvr@
zkDI`~Ln4qrh`6<)Z_YFOCxAqdkYi?sm1Dvnp2dT>z_VITYGO+iZv6VqlYZ_xpQ}uZ
zpITntP!Qb4Vq2BT;TU1mUcZ;*$a#bWNoJ2Nf(d=%2DzkUvu<w5N~7()JXzNG-$2;|
zeG|TLuj{Ix?$B0=1@E)U`JOF0@n=TsgRo7T0kX-@dl?cIIzff2)+<RFjF%GynbH6s
zfrV3ip-!%;o+#Cg+$jMzo5ve-O3M!d53JrBpBJnqaf^Wqmf8w_I?V+&KlSwi65;2^
zd+dPQbZoA5K+ib?w4JXf7uFOwB~r`_6{TOHhp*Z9BRI7mtq^&2X)hSIsNY|B4sof+
zKnId;6wqkxYsoKcH9+jsnoTH$OvEbwW9zLP7fFdRf@0O^D$;Fm@F~^5jAfm!4jBN{
zSJ1I4;`t+qC3m#|JIy=30odbk%8!gzUxEOUjcGZh1wE(`maXZNxkTHW?nh0f&iHLY
z^36ef`D=#}7k94Ky0-kQZ<o$dA6gSY88w}ccg6sJfgaP_&cAyE@5Ry3ee84hUWn?d
zp);taB8MnivQC!oMmva?oHn*(1eQLRBMey%@|z`m|0>Yp{oO`DBI<V=BmP#e{PZ@r
zY!WZI@ePRM2$_?c4h_xqj}9tw;%Aew6Hde?H*pi!Dv^@SCHcrq1f*Y&-4D|$(S57v
zahFB4d?Mb66w~ob3+I7}dKS{^ma8HRYu+b_5O(#Ri)!m|NBXgJ2Tkvb=Sr7Z40u6_
z&8Q68Zvi4LZ53HuO!+yv-wnGpKjkAO((jhCP!!)DpXj(eY`zg0LQWM~9PHNrFl)3H
z_53x!MyH7Q(A!T_Znhw<bC_pPD<z<jsffen>@DU^s1Hk<ZgBAZAH|>4^lF{YqV$65
zx1Hx+&#A(^rEC9q`$!;!uoJLL%{1nXB%;^Y7njD^I>Uh~T1R796I-Udyw2{?Z|~hO
z0cnqE^<_v<yYVcstTL_X)ARj@q5k+sh7O~inV~qB-GeU>m6Ty2a$A`XX>OzooA?;h
zAH>x1DVTU>7jpD=c1mY;bSm|BKq3sTTU{f^cS}4eOg?Tp>f~H&#A1{Uy=?}tXZ$ev
zO@2|F>W)o!zrx@g{zi*$@cz=bztW-LEv-&(tQniA^&Ck6=A(u^Ius*$vX8i4DM^$H
z3%-Om0>!lId>{%w(dCgW&+F%_LT9Q7wg`)_Ksxj6l#5i-wx7hY_5JFi1RgX3DB4*I
zZ;DnZ?j8U^18{PMhm|kBpR&wvJ{#@P_nw;&cP@D^21PLmgp`%tgqu`+od7LdsUJ_O
z;+x-%Z5qhOpz2Jg+yJ>I+a63Sc44k@3pBj>oTI1}cG<ihleoAiL>~dfz+$PW^o-)A
z&gjf8Uq+Ki-MeY$j`%4x=#W>?*-O)|gX}w=lMiAfnNFPF9`fa)?i}+1FK;MypruM<
zWS3k4T~)hGkm#%_X(0^eg^6g3l)?TL{fAEB?CV1QwMwQJGro9w9f<36T;6+mcxEFp
zw$0)m92h5B7WQkBXh$tzY0x32cF^L?k&XY8<H-{}Zr4k|aWwNeFv8lfFTw;!%5q5m
zggsMSDN{@e8p1DL$MxqT36Le4qQY_6mtMT$0v5;uELEk?-P)IDcP<GJkk2-N#PIQA
zo7ZE3<GQP@N%NzN*4t?ka;4{{5UQrK*8ww3E>i5&A4L6$R39Iz(nOdN=tsMO!~>{$
ztj432<iGZOxdw>NIDX3tCnOb)M*|Xn|CX_&B;yHQvbNDILaA<QbG6awVzr@j)80bU
zk3Eo*$ln+ZEEa$xAlX!(umch^%1x_eK{~<x+TSz6pSKGp6a@OtLk63;e+LO~u6|HD
zJ(Qm6y}|{e>%&=7{QI*Fd;t*=!zZ!UmuCP5rPyVfJ_Dl}4UhSZ>IW>OApz*b4lB}8
zxMkrv#P}{P3KFyGN`*Hs(xqWnc)eE3C7J8LXi9R*>M&4%Mm9b|yWQs>c?`XH&BT05
zKN|A!kDnU+r2*zf$wxJY95BP*116M`t#^*;3@!7hgUux$MpYg^$t;5d8H!dP2k*F^
zqWW}0U<AX^GotWICC=G(PoM1pYShM+kn%0<A)x-ZuL;uLJiTyn6;&8jJR-Acyv8CW
z=Tkf9b>?54qTD_RmGBjYr0e{R9aIRE&tADu#$jJ~W4_Q`7|483YiR>i5p8$pD4PXb
zTpzIrK|(20?ufGFt5voQ-I3WL;Bck1{y_9NZ#1ARh*{J20)(8l*fRWe1A`|=G!6%E
zWoV41dEWCeuvE_<#K9U8ESjrM{BPz0`p$Zb1bn*R+Z?x-+}t3D`fyn6ez+b>iy`IP
zl4L$=`*EOkirQAE43Z+?DOY|gMewvCHjba8gHdT8Px58eL*>YeTS$lb$NTaz)@VqX
z@BbG_g+)hL`{bMD&jkL&3^<y50Hj{so0Fhf{+e86rqjKPEe2$|Pi#^qfRYN}7$I=`
zOP-prHl6o~I^LJ2G2#meOiq2-x^HUwZW`-^rXG!7-z3Idq?&UV|Ma8l&R00A!8U><
z+$D!u%n27xrm{@YT7Kl)L~@qtN_uO}RNXQ3nhw_QDr5>sK>oLWv>ze7+4_)At2x{5
z0}YFM4&*m<OK$?=c3bhJ#NFc~;E7UP)nGwY%E*(r*w{f6hGKPj2NuZ2uQk1%3D+{>
z)tJB+DvNEcx&hO!0_iij#Zp6Oa$C5k_m!1yjYi8Z&UJM)zJ2&okI&2Gt=<+7JLInt
zNatwD+4!*GWbE3({EGAF{*OmfPyPJ}x`ierkiu$#&>xvl)CLA*-iUBp=kP}g1<NLK
zf0%FrE(X~m>V>okLrB;WF#wuEtD57u#RZFOYib&0S3j>WCy8Y|(`CjqX_9)`ny+xr
zuddP<@m}tYh#6nNf{zbVPiK!`g1}(opO5Vk9mey_nlazsv872UhGGH&z;A|!btRea
z`bdJzImz~;!lD8YmtXv&`H0%690wv3=9#(z8L&bN15hoXSqubpP`@B#g_=?zu~Ojc
z1HM*i)^WBVK`YxpMws|q(Y<v&V*YrNP20TOysBoqc9!bO3~+$cG)UHenxt86JSJNI
z(u}I6Eq`A#To9<6H<_wm*_BL>B0=OugAQjuW?PqUe4B^(ajYERngXx-A<kJ<Q^X+v
z25JV7+V;QqvY=%Coz5vmzzSz$LSeO5M@EMqri~aoG-8dCLgdWXU#<Gn)vCa$3Hfw?
z3h+^@1GK2fyPCZCQT+}e&h<QaFTl?Qfb@1e?<%W<8%<yk87vz9s~6zH?^jQ&<Ky))
z9H61$5$n-jKAr5kH+`X7u`3}4%0Foy9)f}%hD>tLE`%4v(mk8ne4#`G{#$igfC%R}
zX1BKHx0bRH3S+o$YcQQ+4+lDg5Rpl&zx0;h<Cp6{DoSW+oQ9l%$ST)ZdLv!V?9d?^
z_Hn2L3;39c!o89BW#)e<qE#=!%)<<^$x?p`7yR66VK-gdA#UFWA8cVuC8Lh-KwadE
zM=NpZ>!q(1R!t=Q<M;u6%o8aXUtQa72Q-&m%B0UcD_%TmiBW=(&RU+rFs-ux)6Tw&
z($&ddPyyXlqsQSEq31|#>bD>uX)eYi*xK6SuwAF=3e?%7$I5pc>e)sarA{DGY@(0+
zy0O~yyt!GdNPBGeOXUBOOe;Nf@zZ-bGXI9*LS^%1y0&KSdTXrA@~UJHJ}&HR^d-K_
zvts(DZX3gZE^yl6?wz0`9G$i6_2%^mo_34&JABFNM-ReP?-FF<=2mp7u*$*a<jax&
z;gP^fQ<J~QrwVFaUDRlM1EvPlDnOGcT1`)~|J~wb9aM<m)_9d5-09vNhvIu^Q#+b*
zXRFGGQaFiZ39x%0P?1@9ff!T3xI=(%sW5BEwkR3{Qp|bD9^ke7EjDPHKixG=v|XP*
zteIF19K1@nJUeu4jYk7Y*8y8Xnvt*D-bt=Zg;f+e5IvvU!ahG~U_RfOVa8Zh0Z<*p
zKzVl2Sjf}*KmGK#G0EG}3qJ*X9C5yAm-P;fUpHp$?LNLqlGUtUn>po?w%$k-L@7LK
zSI;QZw=QFmTqM@*|I94ej@^d5N=W)!@#$ETBhm^JN@2Q&h3<PJkmH(kaNU>SuKB^^
zepc?Wz^NwVOV>?NyogCT8Kv+Mf_tR|v;NM6pR3E10;xJs)26c>QVJk`5}sEf_w;%*
zeBG|2I89*qAAYHtGtDTJq6+OZJX7ROM*vB<wjeP03c9+4q9|!ssgdD{IvU}@1(l#+
zpco&b)+3OI2Zx1;d3?JR08$j3l7X1EBV?=;7weV`MH~6a)|wz7`MUNc=y20DTkyZA
z4DfAxI*0?|giB6vYMyUzy@r_zYTfgIg7gNw0D`2D;Pvy<%G~uv(b3HQ;}sP}aC|10
z8+4K|TW|qSFET}Ey)&dJG>P%|CP7y0oh-S+3DCz<x0MP63MwGQzZMicTOSUdB}~_U
zQ-trAQMoz>6|%r9Hvhoucz;|z$7dKRc+A}C{cFj3cH31diF$1_<EOwvpqf|B2WFC-
ziQ*^WRG=&bl(3On&+)@AL@ii!xphf!;WvwpRBoqih<j>=nkZhbz0+DuUv?zdUYY<v
zvw0cdtJw$ZF8b%n_}T;wB>Qex(|4>*6PWzxDd$Zy>Y0=W>eya#9XuEQnj;K@sFR;F
zLZut#qcg?M*N1t2&G7+>m4PGS+antvAb;)JXW8mpT{Gx<Ux3#K5g8!Dn?v|hf(ei!
zaR_Lg-&e7o01XiGpT6F0I_;x;ue&}=NZqnZ{d9c`CDQ(NM-kWjdKWH*rEBeHnYG_h
zry<a30tadJAa1T8*3&KO1*+y}%WOkux7oO%b=2=T(65!jdo%yJc(Ov-cN`ww{lRpD
z8^v5$z|wG5)j@WW5k!9QCZj#aF3`J&9}|E6>ABe5|Cq?Zh4zEk<*i>3%}+*^!e^j?
zVbZa4t^ORH#XgeA-a&HsBQv>RM|gu9x^W*qvt#2$p_yNNMd4H?*J8AO<pb@rIfGtu
zDAQA~>Fst2D@9^;5%Po0T;A1zFCz|6H^`_EByJOELgQLnB2S#WgmgFrm4St?(qM1r
z@`0?yOlZ}8WQlB(SdI2<>R!d=g-L#WUC9+FQTs0E0_tAyrs01g43Y}>Q6di)X_oXd
zAdhuw+7v?}wkZ63ONDh0sKZ=~%=VFjyM2tYnK~<xlT}!qG3-poo&XV`S>@Jy3-a(V
zqb_!`(v%MNi;1ICge_rhe0t6$<5x|IjLBkuJlu;~pLua5m|H9AzPh0WO2Os;XW)ty
zsDcuDIX7><I^+a8C9u<qv@jKVJkNlJA%54&tgZiCqqIu(?3RsWqLN`RYcx<nN_NN$
zu6@RXQ0rwrGwI<dz49&d@`9r@w80DhCJGw$nq@589`(|lKp^(X<Z~ftiud0g1?}A4
zm^{FGKLDAcVC!#+H=aVx@o088-yzEKX7{>Z9c%QbC?JRXUi(+lsQrw2>NYL7Z+@OZ
z3=}F<Jw6Z9b#5r9kT2{3`oEi@5nK50ctDV8Pm5Wlo3jyl=I_Ax390VXnGpL7WLZn%
zd3Q9%4F5FgXuzHgLZ*T!-T>=d?`>*=l&%J)u>)HKp1b>;F1817*o?!EZB0nfdat@5
z3|Hx|2%*)0<Sek^v;=V4M`?-TKLJ1k%}H&-H#s_^4IZ?Sa<j^AF<bmi$-|to!?c6i
z<}|ii`u4O{!hk`3U>+;Pm~OUI4(PO^hB<0ETn)KNm0v%?SNYTT^k_t^I8}}B!1gIA
zmCYn_`+uVw`Vy6;K7Me8x@*<A8}cLb*nnqD1mae8rIWELLc<}q1I-P;#@<(!d6EKF
zF<kRB-0uI5BV+&t_;!{Z;Sq>|`+iug-cxB_8dA97KAUD$*^(*1wVX2LFnmeNy%ieM
z{qQ<O@8vVln_$(IsNd(YKc0yr<kbv*!Idh2^z!}7^gn4$gc|7>&Hx9&Op+D!*b0K!
zes}^un@AcE1`q&bR@u9=Muc>#7>|AkUf?Ez)TWnpt#L`Id3r)+yyvM9;jPz-d-=Rq
zBWqv_gXNK1but0*yCXCu0E^rE2ItwmMzON=#jBM#42#-AQv{s1OThde{*Z+^(73xF
z@oV-EB+SkwKn_IfJHCLiwlZyZS76jz<!B7G9B`I!)<a?x4i7DDUo#hN@P=l6d#LmC
zqj>u{Atc)wd)DU(B_0r0Rb`D)v}8^kkz!8%UPA(pDES)n(Re<_vcF$eawFOG)=Py5
zC<d9dfAR7tM2;$!2gi|!TJc1N8IqvA`Cq)%cX3daeU9rr@pHR}o8j7PipG(Y>^|T!
zyOoIYyAD>DM?I`yN!=1(0-Es6BFoL`Sbu@z#3u*@KR+6!+#T>r_<eGU5;zCCK{kdg
zCgV|kfJO&4)xCVNgn|`yG@k+<;{O@p3rZX$8U;B#AINpo^iY8LW^vh3r~;#KFv}Hl
z9B=`4yx~0@giQErfh8&|tgGCh%iVKbnqj-FdTZsy6Y8a2F_YUe`Z9g&W(z1g&o`42
z@`{0j-fqNh)pG+4ERekFU(PGr=>3cKdnuFPM3$+5QvO(|iw^2&N|E^*#L5Fa5ai8y
z$p1WFzVVB$3*hD*o;UI+Jh~#)qvtvArZCD(2CH#d=x)wKjDao-2cW@(xA^U6Kxj>5
zb#znKgf;z`U@9q@M;Im0_!ebscgy1v&f_eB+DJ>m<M~>y`pJ%5j=&Sg-HE=_H{ioK
zE}2CGhQghqLL_-hkZgL1QjH)3G$O~5=ht2Bky$>g-jsr8qPJ)(ClL5hXk)jqCIcEj
zFah}jsFP<yx<A4RxroqDQ~e=@&Q?$7Y#ujsDxouy-iUOdl+~*bh)Iz0)@jmLCL))w
z#%-psnXnvHmO#&|f<6Qff`k8GY%Tr2+&Bwq1^(arfFW(e|K}Tw73x6|;|J(ZI2mj(
zFOiHBB=?bsjq2d{>cv3L`sA=wqp#q33LPH;W1GYr$oPH}Orf4t3kKR(k3CObhLcmB
z9f1dj$0>usJUUC!`u>a)j|_rL&I$cxEJf8R6p3QXWnWsmE->KEZTu$fN$ejVp6o@9
z9AZq0KYd9IzK1kgY%G3-VvK@MvpzMptbluwQ<ZQZ+Y=yi;q?m6tyo2kbASVyb&cpf
zX|Q_*%LOVbh)@{YF82?_Pd3luYkmvom&<a?8z{w4?)xR&@)5!l9X@$-s%OYBw<pF$
z<>FQdK37!2ezbnM^dfS{7T>DZidHEntU<{iU)=aMwR76ISHEHBlvQ#Eb2u1QF>U>g
zk;P>pQ&6_bf*$`%2~meY=St;kjSyALHQOu$9b#^(r%}9V9{;}9J%VFl^Ni>|W<9&n
z`%8OYtnePD_7iUc%^Q*$R7-3$GawKv)VEssh|hJ|9sbfWHMQ?pd8DwcSj|g3=n?MR
z^2s(J3=eFN3)+VRsqTY5jwfLmC|R))Si>J)7<xV$QV#m~cR=YZYEIX3@6geHK9ysS
zXYl);DK3<K#X*Ha!B2#pTx$$xcGWH{ithuB81;a`3F{&`PHBU_qIG{@?;8l*Vo!H~
zd?U@((MONx?itz`nv4muMeo-D(;tXir3vWgvNrmNv)YBe$?RFUQe6eQ7&U$T8O;bI
z9qM=J-o0uVS8T<R<g5d~uWs$#hC)Q;AKjusp1%+E@#pk~0TEG07JmopnrM4#-||n$
zr=wSQ3;XUb0UfBo&cFDGA70ycTA7ecg!%ZxpUxs}!<c?1ToL|^63P8k7vUrB0EPHk
zb#@>YWlo~H)deqtS}yB6pvu%<JKhz2DROXmKY~v5`{X^|>$g%a{QCt%sBcwS0OeX6
z?hOU-t<F1i1dWR7Q8aF&<M(5Tnygm*;kBc$_xC5AKJ!i9w>zPIzXnbq0O&@B4$(!1
zoY!dVAXkMk2^yUOG6nLQh~IjB(}Ytsj0Weq30rg>m_8-zVynPAafS0fVjmW?S}tw<
zRTvJWnL4EJ<DXvxrLpPWNQ&(aom%E~ogyrb0SRFnp{gVX<qi>?3~cy*o8PaR?rCI<
z9rlTG*DzdW!%M%HD#>Vx`*b_avnTEVxgJcSfbfFgA!u7NFkxve?Mb;-XP0CxN|I#5
zr_WW?>6^@qkN+{t>0)}fa8<5D)O{LL34IA@gw^0}6g?A{Qm~3!>Gohm2ZfI6xIIOk
zo+PXvU+DXqo6|74=4Y4}Pee>9^)JSg=coCHU-dh@s*wi8*lH=@X`5bua+8~`$v$c7
zpJ<jXXp!sQ(>7KG4V>4~s9Q&SN-@)}dL8h_u2EMvfD7t-mE+P$eEg}$|4E>Q4*Aw5
zv+`j1#tymXCahG00xDI$!>*XMim3o+SS8zzIFUR0YevZwc+o+o%uwgzP0D#wS^d)D
z#;3=WjN>|iv-9Bf`>@~5f!wR1#tYGwZ9HeZSJGbCu`5~>H+LD(y&we|ATo5$903=_
zPfb&>R++FbX?C=9;%en<L(0CXKmhqpPk#lz?@Kv8{Wv8Bd42)Z`((}WjjtUmPiI?B
z9SakYY!UFERHIR{m#d97pJF!<E>T(-ClCy0;bLb}g=K!O9ls*tT4sDdCYaofnk#^W
zuiXiMx3j8&Xop1iHK&2_O+LPL9X{iGzR_v54CW!c&5e#l4wpTrX^xt#t^?ntt<;f>
z+)TWmb`0Z`Sd!GyXD;gn32(j@Qbmtb;$>FtWmnI-hwGe{vTh%XTTGG0Vj2TfFsAS~
zedlWJ`reA#u9bx8Zy};nCDyn-BTI7!#8z;uYgpM(>08zA)V@z7T6rktJD7$xPw%Ro
zxHs(FJ*woYISJqI%zES;LMPyx!4~7@4oK!;DQ6dsAl5CR)D4A1#%IrOz9#gA2Q`Z0
z$E(&LJqWlj@4GlbADa(J?&>O#YzT`P*tLhIdFo&uMiPm6CN%m{_D?p;27~3{<}ai_
zEzOfP%i%SZ{cx}}yGE5>RCw1ahc%Zm(pI@#kJu;<9p2DWV7aeb3UE%lraS`9#O8-j
z&PXM1@^9D}sTVaP4Q&jZf_(&9=IR;haN<x#Ozj;Kh_O=$OSqNvd_Fb|i1<-ho$}F^
zvZ(A(yO3<0*N-d5((<+qLIaEyIn@)5Gj1-sum=52!jjtV3L`av6@%%oCCqJII&-wm
zTQpTX+3|&h%<60ZwX0+C_d~YF3{p3$6ew8xzYl0=iu#f`gTN^~i^;Y*^u&dvd7LwO
z%RyvsD0ppio>SHYIs$sH27JLda}O`QjT4G51iZ2Q)DBOzOe>lZfxD_}HJcAs&ehqu
z=l@8n<-#)#-3fvGiAw`N>de)wUG1H=mZIv*SldNQd!pg3u<mg%tbv=|yqA`en@Xoh
z_GBk;K(DV6Pk)^5_8I&rp3-9E)0EGstu9J|aUb};|Kz1H*V6Ogxxs0ol7g+R#IRIF
zPQxY+;3AE73!apEri@g_;Dypx7(CaepGAZyTF?UDv@+S4x>k)Tvwt^DOneHT7MD4D
ziY;OfLYKmk?Wg69jQsSlciz6m9WbeVCqhJt>F4`}#>y_3HsE=$5dA$8bOfhO03#`M
zfa8hJ&BBSW;Q^xotag`h=Lr_-XBxtFMKh928FsRo0wSwY{k}Pr_x7-=R3UqfYDyZ?
z9eGO6dmRCA6Jm9%XUvhoKUwQk$ook6p9}f4VD?5`Jp^QZchoc37{tsBP1fy~J?Z)6
zGU&(fNMfVmK<;(3GDF!%CN#ete;^P@?ITm=SPM{|@Y-fk410}PNZ5?Dd;!a@Fk<Xd
zJ+#c!&{$ugyC$9K$swt#*1)vLB}-o_{NjzK=@_gu9<V*uu;w#YqwK0Z{6`b|)bDkP
z$`EvT+<HqL)^u%PeHqV$ViQ*3D_Xn7W#=qxsrsIsMOy+`;}=gQ94Q=n=G{}#AN7`S
z^Lv3=$Vu)c+|k_roxbMPFxq*q8Fq&BWtYB@Ta|u0vgfox<*q4I-4SHBC7Fm^92r9x
ztj``53a-)5)qf0jQnr51T)(^+LsZ?5xlmXD-MZWox79Y*ln)T%123o(Jl<b&+vZu~
zhFA7!5J(Y-8i<r1O{2UwM687J2W`ND<VooEc?G`K9E(O$3iGfeMr*pzNb%TaXSd?O
z?v(hpu|<=FB10o)eI0-WQ8ie@3serq!GapQl`*CRO22*}n(xL$@8ZYcq)A~dKkBQk
zF%LO=Ww$jj?$a$&<KvInxNKhi4w1Z(n0@<x6|V;q8k?6F<GAdS8)=6~3fZZ+*h<ZI
zxycM$%3)fF+;tus^=lzbG;`v2O$X8W-&_c4VJ>e+B<7chHr-FF<|kD&>V&8~Trldq
z#u<KL2^zWcpVe!9N<LkK5hBz|exxgBWVe<@i^spTQ?8|TMF8u*2P_n_2Dd~~@~vS#
z#udRab^Z`L7zTj?*%(KSFgn)6#Gc2FyuNQ+wGDLZ_O*6Pc8gRw-nxB~T}Hm@O5etr
zoDp4MXy6@o9nAMFf2FUoV(=iM1iI~~-Yq--H|7Et(C&xG=BFjr)iZ;rP=zC&?^ihT
zQrNXk`CVk~R{3Ba@&F#AF$+sfE@D@jTtTU$9VqVOzqDg@@-~Z}CneK3#Wp+FvQ@Uq
zD`K#PY*IMO?#^xF`5wL^kYBm>F5&y$r}Abh2NDCRt~^POwi7usDa+~)P>6L?xD?_0
z@4zO~*n`U!z=$#)Peb;cSmY|ZF2E&pNl8W0wX2`dOe074RoB;cl$y9nmD{j+3)rzA
zLa!2h<Dp3h;6PaONb*v|NGVL&=lYm~PO;gK3qM#9TcO`0iI*TK`g<w~L}Gucb*m`5
ztAEEvtQFNt_Bi33+D-KWzdpS~Gp`=baFxZJd%|P6pdQ{C(L<vilXY>M8@5{DzHTlQ
zI2mE_y^ey|^+@`Y*Q0O2<hXAo@<F9PrXS<!Yg68O^njwv?{(JHhod?%{GT|iqXknA
z?C5exLoO+&PiT67Vcx0NR1jS4^$cAIPYGw;lNz0H)6r^mzG94n0X1%qm}0=<kJ<;d
z^ttqCVw?(6xrI@9Ny&)J9)8BK_Chj&Nw?1`>~vp!&9!^e{3OqS9$ypbr+(<Je^u)d
z?Otw0f5C@38_^k0U7C(Kltuc%X%|uL!EAaaHrv4&(>$sTIe(kLt#9)!QMT~NB2(AG
z9joRNQ|C^DfA7fi7cIu<a^Zv;LKE@6MaO5e?ZQ&2(D@4mMy=Hx)c(?1V}f^U-{^mk
z>L=v%4~fs&RXS%<&O25%5TH~pm5@a5YufaM<X1SZXl|D<O5PRz!}gYYG|TBdi)x8_
zSe9pgF6Jq8k@%8zz<H+I#2#bji3?_^>K?g`Ba3vp=LZMyiTDYt866@dT$Qo(<ZN_)
zcYOWHMO4|xvF>x3%{LhckuA0Fe5eFY(t7DzGv?6uIydOr*%Yh*32S!DFmTPL2!B)A
zR(b}IeQ!hN#5;FA<Ll*EQYa@QE~*tEw^EsC)KWB?`L#?(jxI$%+76(uf%NOaMo~PS
z`!^jm+q@N+PUjq?mnj)qk75ROZ^k6pXJRw-d+fGL)x$aoCk?lXnPN|W&_wU^U{fnJ
zWy1vE%Y1S>tCk(AP+}DUetzb8{e^w{SbU=QGscNvxbeWSupE1_e2k@*x{vrxYno8t
z#Rz`mDGGJ&(ps(jV(v(}IL;ea;J!0u9c0us@08Gq%pjiIhhYDgPpjF$f&z16h$WmK
z3@~y+1rs#F$x}PIBx6)zh9qo+lIz?bW~h^&;3~AkC$~%{Tz=!mf@wrD_4GI7mozxB
zGQO@Eus5H976}s8ol<*M&!2H~{QL$Y_?b#@xW5|d1fJO!N@U@_<~L=~qtJ{Wp0+5h
zqS2wz%(vpXt{rqJ8mEs|hikFrxlY3_>9YAYG!B5DMiy1>>8$j?lG{{hzW=N6EseIf
znLj6S|G~;A?(zPqRl(Kt;KPCYGkJT>`hE;9Q%i}dz`tJ33Nuzhr?Hysn49qgWT5wi
ztl5)Zq{ZO29`~9;o4d-rp-jTxY{PD%7;95F3)B5_c2g>7pZA!bsztZ!%g}p`Z$bJR
zqgc~e#{CXk<G*CpzbjE9QR|o}P&LS1D7<6rLV`xz3ju8i&^Xd1cfTrrNHI-)H}4?o
z!t^zL5h{B<ja8mKF94o!tQ6A;k##Ye@|Qys9w$;l_JQa75stiAZ4v`NLHj0}+q3qW
z=9Z(A>PlfU=gX-AA=_E}`39yegH-NtImt}Z;zZ5?!66t>YEXsr*OCx0^{SQmVzY30
zaW!@Ks{w_HL^jRU*KyIWDJ-Ryc3vJ1B$X6c9VGF?CGugG)+#N0ekVt}$}yMBM=oYl
zPk1~-rJN4!b0;!2tXeJUVG!XrtXU=rcQT;oC94XNBOYlD*-P9gCkcz5a<SLopk%3X
zp6*(eheSHp`}iL%>wcIgA-e3?;*AuYxOcFK3>9Uj#*^6jXfrI_p<qTc3XmPvKcrs9
z$KQHEWa4L(+;nO58r+n*E!(n_GUG*2Fnw_>|8diz+=kSQ6UJ_C*FHWE?|ksSZi~Q4
z{;2-B_4}Lt*=vt!M}IHjcx7bGTvT#5L!{aikcv1(+^s}R;T-RqVB(9$$cNrNi9OvT
z;ZC@zP!sW;3=@d2h;t5VKDHh8CdIIW6QQ9rXfQqGl)b_^3kvCTPk5QsO@^*Zcc%iu
z{jF$MF8p322@F}n{SkS6k901Rp#goa$gr<8Nw-zQXh%k~)o~r(3Ze3+j*&3!-+|yk
zat;o`gXx#CYb1$_6=n00zqXh%#YE6eqnZFJW(3DDog*t1^>b?+@9xNG<uVK2gVM)e
z`%aSz(JVm6teL{_cQ9CC_I<9;q{sR5&kQyjtlDW?A_<>@i>#GD;ZF9OaHpx*>}i7d
zMm&0iMBzAY=g(^;lX5rkQfm^?q{93<Ld6&m+DblG7%k8pNxZ7q;wi?k@v9d-5%lTQ
zZNjD{C6?MxKmhNJ27=p7%QG@o+h(MxX%qUj(L;^5DxIDJozmf7E6T_tdgmKyMoB@3
z2!COM4d@GCuv{MD6Ce8rGPqmA<I^#Vg8C+}kLZN@JAm29B}EUzJ=rOQfo|SS%+pV<
zsmN>PKDM_P=4L%00H`4a)XR|)D5Ae+T}_*@x4fNClA91K9`=(wlvC(wy9^S^18b4v
z(Tqp1EloW=d-BjO`TcHk<eQkagL2%Vr0K78_;^IwR=SEn@tFTu{e?kHWP(w77RUuv
zgJkEo6fvZ@kLHF-i-g(Z19L!M-j1bgh<5e<vy`S8h}BVRM(p|zjqrc<0szwbI~s0U
z>tCypi~R2U!lIQ-)(-51qB^O{Kh{rL@jp^#Cab|0(lZoeykVZ*_B^6QUPv+JKfPf-
zw3alhR9R&0e<G8HEkVvHp@&MfXqkX}+60HvHlAd?<ITl9${1o>BtfAts!vwnWePVF
z#2gX^qGaqWf#g<$TF#1+M_ip-@o(ZX;UZQ88jLvjx&o~*;-9x2Iv+?#1;H14ze+?G
zCxz{z%+Xe|<HNdi;YX*32>sBr7;X0`S9;i+zy&S67>EF$j<}m#gLyB26thc*N`Wk(
zWP^9Ipsu0rTlq`O)Y3YEaEaW3WJ5H2xJ6Y_#FFtx?J9Z#@eQKoVU2qx=oJ)Vwkbgf
z5Tng?LNs5-SME~k9D_E6J8cH#m3Zw`t%S|)UJ;mCiu_!5!7q8p#k8~~A;sxdlLC=(
zr(wd1Zwix1@x;qo(6<T&;Y+3bI9V(ln<r0_Y+&zsVFOA-96o-k4G%!~?_Ua}#xzn%
zn&g;ycTR%oodoZw7ce_iokK7pEh&CeKQZC)Pk@Hx!Y9!qpl-_CkywlM#W8=IIE^B<
zCK`c#t9$VNEhcnPedU4h%7yTf-n2!PrNeD{+cXF$>N{J&)=mc^P!vbK?z8`tsiHWc
zq@<zAh>WRC{mHb3%pzZJ2ySky+$`iJHh$IYtb59{QEO0Khb4zWJ!grQA1>zd-Msae
zIBil`AOAjRlP<{*mxhjyYrOa^P__Dl!mGQq>`tL&q}X_meRKf4_v=u<8uBXu<xxbx
zRikMdQwjU})4!uA!OFer>r#(T_u`g8t@)97$-ZvJg6I1yjy&;l2=*Ly#muS^*7Rf@
z(T&sN8}G|5(9oClCB4bdDizO!Mx>7HKemb7U)?vSkFl07xX3<e`4l4TBOX{#BTIK(
zineko=U8*EfFb4Z@lHcIA~0U=%Z_HLDAOAX3R1sx$1Fya(ygpnnoZ%&W(p$&H)1p$
zLjzdQDfTwJ&xniSZ;%LqloXg{)1;7S^2`@d-;5x_7oE9JcWp4F!UN~Is~Ickj%Ouz
zuCK_NLS1f_=HTG=5gO4Cw$@kdqRO&fPpq#2h&i_ycoI6Cku(StPy*t`{1lc}B!xKh
zwS&slP|8p!KeK?0)JkfJifDZjC5T-7OTQ}KwU~=mM14p}<DlZI$jg)MW`8ohNSmj#
zJ??SuPQmeSK5R!+a!2>7wXXc7r37AajRbJiT2JFgN0JFLr2$MuEGZXw(b)7sxg-aA
zhQ-Lr3-jsOne5DS4D&fDcu#cQt=t$}ti@lCgE6XKMD0?!Z7J3r$*ezS(nr(8(#w=C
zwERAC>=zcDoRKaJE6`ezxk+U%tr!P%5jVrYoV%93lW$@eASq}>I)}^9iE&bF5<TDS
zCrWlAPdvvgvpl{x!BG*FPa}m`upkrz7*H}0LJ=^eq?)R0YOAIDqN10m8%k3{!W0%M
zxQ2Sa)Dtje-`yH0&!nTr-(Ud_m1FU9jdzX+8x}Mcgg~*V&_L5}8`C6Y0g~#6P3GKJ
z>O`RU1?Z$7fnW%cMga)`Lka=D?V^3kw%jC?87<YICg<*VQXi|4;M`2xbhK~r3?)qo
zPhg%sHWcU0DR(q=;UlC2lOA8fuccwaHVa9D4(s;nHFg^sct=?Dg0s$Kon_!U9~>;2
z5MdprK!r>2$)mN~h9pdUBo;b=Ze@o|UC%5oE*CQh7PX$xamM#750K~9M{Ji~DI*b`
zjT)A@kgywuZkNPXdFiw>N=}*q{{sO-ZE>5fLDbHt+k(4_k2oOfl;bpBryt4vu)QZ{
zmZY?Iq;g9BJ~$sWHuiPNV7J>q&5|-`o%aLQ$OZ8CaH5m^PyR;weBg>>K{%f%=a)AW
zmg6SY32!hC(Y)S+q;Pf(WvX19a?&#_4FxA3SEa+iW|M~K)+D4;3{*z1@fpAY(lEfE
z><{H`K_PmHslv=t57_&{YHXT0r!r+)_rY!7J33EVahD24f8{ciseC-Ih+_|Hw0xAR
z)&cM>An@v9WzJz?vlMG`7Gna1B4?|G8^4vD7z*F6T+N~E3yBB@E=0IJ%oP@GyDvA5
zE|i<z9SA?sFK@4x<`2+m(#suM<fvC63pZO(Z#0Ki9mQ^|`3NLJC){L*O2^h-+N{5t
zKLYZKIz6wG700A4D{|Iz&8y@qb2S!q5?8U!V?1$1k7X+@`K$Ykc&JUZb%`7w|7y`C
z#rSthfs@fyw8T7SSYY8Sw}w+*b2=G|0Mu>kgf+1*V_M8pyXkj?VqDtK4|9w{iHSxz
z4kiLf!;|p{ynY{e(fzlWRS^ZLQ7A-jaIxV*jMb`p?qci%$Z&G(Sb4A|({NRX8WXpq
zr>e@kc#p<?=WBXw4jN4qY+==>7sNE5idZXzd9NkAB$JN1>Frayxuc~p+Ze#&R;99c
z74+?cDq+!I<o)GrzA=j2CwUP|;q1WGV?ZosgpgnGyM8QFd09`7^^+k`#Q$R>L<-Bz
zuiY=Y*B)cXB&5)Y=Okr-V1T8Esycv7lon5oiEMr#s`TAOSR3B~uE~fW!`Z&jR2KCh
zBR-O(EwfXEAw3~n2W>@Ibh&X1I%?}}JXI(ZrXOtM9cGL>P?r2RumE|;CQ@o2wDS@v
z#yrZZ2z8T5medkS>i@^yTL#t9t?Qymu;4I(;O<EvI0OwoA;E*YyKB${ChiHrgIjQS
zcMB5S-DTnv=QLU0`u5uE?!D{Qz32Wpb*reZNz3T&cZ}Db=N+SMjv61pP{7ZRGn*l-
zSiB5iYO|F<_j8pmEMyz4G|QEyrJkOvZef_enAGl--rikHVK`XD{*Ygb2ew2g_Y}I-
zhI8HsS+aw<P*6I0&llwlR=B^S3D%~LpPK?QfTP<pcMAOvZTY5e5c7C?VY<V30)rmB
zy9#>T*Ne|~0lH>`bo-OxmP1D7`CF@g+!D>(&j%u+U&<^!;jV<`yYN6WfkWfvpJjf+
zg%1|%QvKlU9+jVG|870?#I{-)i3T(5xB0QrvtR=N);TKDu{nR0Vd(wjJ(GU3{r3dp
zt~ImnMPDa^b41(eX*{0Ulj;GE%($VUOl2Sn(_6KXT*x;Xy_4d-ml}jaPWValBfJYN
z!*X6p1>k%Ig<A&|b2Gt{IL2Q;e*pCHfb&H%kW^fz^{{<`%zr?T+AKb(aQ9<%Y+i@G
zpFI-*DhFd>BD8>=>PG9UthjHfyLfj)^GOz~X45evy>;_O8;0@Xhp$X{#*JO*S9LD_
zBc6!N5u5G$T=x=FL!GMal$TRQvL>@~u8#no>s>%1+<ibuuG=JWCOH_ai&!_R*!;Zv
z@J1s8nRkpThBGwx_E8BL|0p3qMFmunuG+%^t!j>{X?`jHtv&sU5MdE6a_iZy3aVs7
zjqPo)*{lG*#-4O3+pC$I7rikN+5Qte)QLYuuhaDX%qzB6TGv_=>Mek9QL;nU96wU;
zLz0|yP70q=H5!)}6~G>@<C0=oD@}=BBbsl>j)i<#XR1LWbEPM;tT9wt0p^GELD(_s
zkop$^Q?*z(2Ztv6k}pkXQ&!4<X~KoX7-1mldu({NKb{%rAoND7?!y4YIPV~aIk$ZG
zNdyO(So&r9keQ#9;$eO48@Eh4FUK9e*!Ry!OVDu1d}K~YRp%JTze7dL)e$U+HL|s%
zlZAx!dlQJMFlo-Xj^8=}h?Rc4tp>ZilXQIvStJs`Lue!>+2_<DSYyQPYuc!u%8sU`
z5yc`WY`D#1B>yaUw=;RbQ1HD$=o8ir5PRHge#<D|k&rY*KshasPON&4VBAAn6g``t
zJ@#Nh49;um_EjPR_hQ=3+>uIAM61(TQLY@fj;i^RC}p@N_BDdWtH2$-BYqkeHWcX#
zKwJWlT_0YRFc;mA0Sn8}#AcRjJK0(n^yIvLuNvCx8N*rmK9y1f=AUBR;W}*97JYIs
z{qbX%V%^@1Gf4caNB#$jl?Lwp_SlToCoSpt_C{4sIVpKapz^0bP)TI~o<_s>x5M#=
z*8)I@A|CL_6uJYX9x;B}w%aoIs$xm{Czyj&0g(GY4Ux@Lk3c#cG6i_Jm|a>qsYThF
z=CQN9tWZh$pIvOWaso%S3&M$54fZ)=yxVEjcyPq!>+KW?YfL0hm{A^A3aPZtHLhVA
zdH$f@psOetl)6V7Gl2LM$j+s&CGtF4Xz@N|qPr)#z4%%jXd{gOj5szVsn?zV$Vt$z
zG0oT%Zg&<BZD@C{Bu;_$v~=#(V~d5_874<VIMXq>n;dCByYiqP%SxJ^Q@U092uL(y
zk%=9?zwX(=^%pI}q-lhSU8PB0EKV}}2#sGf<8*Vrh&g#D@|YvrAD^`^LcvH?TAvjY
zYC6awi4Q5X`?b&`gZh19;E>S=yv*9*kiD8OnHpgvs3!IbEP2K@U9ZYpzT3D)9S4vM
z8~o%U0bsi}Z@-47fE?@JaW8(qqjIY|(#Git%^s^G0;cXw>uDT+7&(kyxPf8`v;Z*W
zKXB)B3jl9etbKyOX==RXj4#OF<a_-q6s}~dng9SKGq&{yC%g&#pC<iemYAt~@;y`K
zO7Nj=nwt#uz609)xm)P~2(9Xb(W(Fk-Hp3`!1wAVV5vbHf3()R&g@CyHauw2k-}>k
z4finz>z(uBbs}_VhU8EDZj*0Fm?Zt?6S`^NCx_0U+4j|ilBLK)#~~R&M$o<H6;Bmh
zRz-S|OkKC6Vwj^*sjaq)0AUTpH69!S%&#DY@rc*L=Y0G(FB5e}*N$7A?^!~gL9hXt
zH?hJYAn9Uw>e{D>&x90Z2%ZAfT&2Rcnh`}P{gHc~%QxwhFw*lWH5Q9!$i!zqY0bXE
zcRtOz)2by6kI<u>p{-2eVX|_jB#eK1{RQH(AsB-NWbA6M$b^LZDpRXB7(7_rN;mmk
zL8iBn6%7c+I~ghgY!y~kGbHOZGhWy-eCs;i(-hnT5(k?<g!>1Kok-pwU+!Z8C8D;K
zl-8%LPVh4i-PV}tmFoNh5_yD)K@0?csvg{coHn^jr7jl1yZj>fIzG^y*s4-EH6b#?
zD{$259*-wEZuvqhVD6lVcPLfjt{K#pH`_L?8k2UrZC+Wa3mNd5fxQD3YI?Va+9O}}
zR`-I*|D8p%>$Q9jE!5BV21IgTI$CNgx()4TVPX`XIF1`x*;h}gI5p-VWs+QJ$K7Uk
zMM-+j=R-w!nSXRitKUV@`q6rol|V$<^War==7kunT03Ci7$q@M<x|aondm6;Ltr7Q
za6KV>oa>RVUIVX)3}?-{d0$6{lPCPBy-w{@<KdKjUf3e^dB1#+Ljh0_T6JvBacN>w
zhZcAGOhcC^tmx^*T=PL?UUq9)itt?hjI<cuZD^h@sk^4<o|<A<xgY)LZ||qFQyawx
z^+A*PKEC<Z>HVkAVt(KYl5ksN;OaQx*g^*w;(p$~uScle5XzO94LM*C+7$>~^g6ex
z07OM{@Fsm{dyGN5hUcAlx@-UAOw!qUhw-K(6q2C<yM`tu3@(8NoKHWww$YOSr2oU`
zigj}Z|C6i_6lG70w;)^jpOVhBW?Yl;7IlXY&@>Q#t3bsLj)9_t#>sO!7~A|%sF{+y
zxBFUi<^_?GPPMM6SCG8uEZcrnt1#F?u$qiN7~rngHZSfYDjV$xvJ3Fv*=j|+6pr&n
z&0uk0+68h3Ck<tw2yvchrD@dJ)6YrMs9#P2x8F-|l{HOA`1|s$aoU-<KElG?s*Aol
zu!v9V76d`9YK<jv$Q3$ZTnnh0%OQ<LLq9Y>^L_)$rU47q(dm`BF|TZ^ES-kd%xJ#Q
zj1UUX`24g4y?o4@x%yENG62EOI{&BxF1}c0jj=`ZZeg>2aTk#MCeB4vQ;imd=2`N?
z_>YWttFNW~`1ulEyvV%WR)<zZH0){cAAgv-&kgN<X2149DsKsc3I#CQKrIqu&U+50
zUt%KywK=z8@Vt8_`k&Xlu{EiRkFcXnp234wnBKgjz~1xv*sr%+U*fzp7dFx-vtSkf
z#-eNkKyCy}@5Js1fSPbBD#h2i^`tg6sIrm(v79(Mt`_-Q3u?u;n1I^I{u`V_>q3I@
zTRc1nSPv1htp-%<@QzH*`m)RPC}>u`bI=`|2^C+k8M=|Fkrn$>cqb+nB9*A<(U^G~
z_kvke_K<3Qy{IdvT+|FZ{QWY2y|8^8h$`e6B1nJ@CT$XZT&p49;LH@e$t)s!$cBrn
zybLZd^US))jUwK&rr+HHycDoXqC+)04^=`eH$3b;!<wd8MzjAHNGh5#`;k**)$dAm
zn{I3>#eXco_|rf`F(N0eg6Xow*ptwi_-aIUd<$57O<FrN-%(mLcxptkf~)XpQ!qH_
zj~IWNYKHle4yUbj#f`4G{o=M1hFQ^DZ#A;xuQMhi2L)wVo$D)5*rOG+>*$m*L}3lH
z{MI$1a5a3pE1N8Cxn=2H@%58u1rev9W<+}$djwWA(Ld_!fKt2vC#y~Ve^X^P`d|vZ
z^O@y`-aR~IDrSL|Ol2fYhu~+P5s|=Wmp<=D&Xz)Au)_*^SAjhw{BcHI8__R}!9hY4
z8;Px5^XZEd1l(ui$*u=p25dI;zhr(_+Rt@n(yD*Sf{tXFI}Eu@ZfynLT&RYXA$Lw0
zr^J#e;?C9BE|uik9`4!e>OQB0V2J=5epd#X=V%f*-ii01zjj6OP)}O_vXcj65rid1
zx#<t6h-4UOu0|R*V?xAG9p4-ICD4|)4T7jJ=0H9qr`0Arf0{r+F6VM<6E=d>{W&_L
zXM&84gn~?kfD1BWI`Z}Feg3bP;)29b7-)JmmJyJmu{UFT5!wH=D@MXV6ND=dj;d-!
z#h{`dWQs;N`ExLc2Y4RFv?vP8FZd*467iZ;#DlLN4`SH^I~Cti3Qs<J!xI$7QX|F{
zul{(DauwK_^;yKX5JATdi%{Pt*ovj%@t{cO7ZG3ZQ-64M)W&5Bw)S}t@T`vqAwh8d
z@X^nJ7kTl2>qW|92V?h{x_~-!c{MfgbL2MQ*U_$J!_=8an6oB32`&g8ks7!SaU+=S
z@7sta&G?j*^fY_jEIaX*)z&^2yj-R}di;?)7VLF%kzRfAZoH*Ot%kEhm{M4eMG=ri
zTd2|BvXJ0NV4Bek0nS`GUh65dIX!L*Jc{gzBsW}Y_EI>H`44G)4gOmiqed6NL_s^=
zA7wUM!1)}Qz`fv*sGzjKE&dV_4bI;p%ILGw*I!{jkGMQ+fF4bCmDt^Vo4Z`@&b>TR
z;@*VbwK!Yd1Ffh<c6Ev4zIY*V{vWSvc#9GYNvyDISkNcvdh^YoCAGZ#iur4e{*roJ
z?2lKH#}!cVi{@1I;?@I~wc9V>BUNciDEB%x2doJc7dt&{xaSYwyV1kCK5w1y6?YuC
z80wX<Ufk66>6=jd`J8r9YEYI<_AK3BxO&>HDNV-^0)MwYs)A?t9-C{Lmp2dhP+l%L
z?&~s$c_?Ain4Dn~_1=-4{>Xet@D)(Mc`L|31D?k&5m~+QSnBd{;j;q%;)?h1X{J~=
zu7oTxrM(Gm?qa^nxJD;`%;jFJByq-TBpAJ6py@Oi+u$P6p<D@=TMYXk)F(kni7{wp
zbY$Di!~cfTe!-cT%NS8r@akFWyoc{_^EJ7r0~EQ~(;W%eP430ju<DUIBxhJ#foI|f
zM>J?sso~Db!x}oh^VtmqI*lhw`E1EJd4t`8iGmDr?JS6TzPyoHyI)s9y5|*)!!;-F
zVDU}6q1D+Oy*9}&`_da8ni+)^`YU#>^b!@h26YSbcKn9KAHu^@VfoqT)Uf{)3xwHn
z^#ZteoObG3MajJ>VVqEcpG-pAnr-T9pVKkIv&3JeXmW-w-pKFYpT;}O7#g@CmRXAS
ze2ZE(%p}JJ(Hu@!icmG7D*-(+<q-vKVmA|$N<{_yk*P)XrzKa%BbgWu^mdm8|D@tq
zZY4M9S@*5BH$uH_ZyF?7ofi;l_IPuKnnS&Ij=d;b>X^Sej=1-s*W94g6V2*5Hmtb(
z=xR20o%0U!Y)MXry1}*VW5l8tv~*Jo4LuynIL(x-ZJxh(+j6GXnJ!1aLicimhQy8z
zTnJYl-Z56Y3;7UxPmTn_n6-OkYKXbDRrQFiM5RJXxO*aXY&$-mquA6h*fkWdl~-Yg
zBh10`bPpal(!T@Ot~7hU*l>@#*bp%wK1o76->+MltT<21MZLvbY9*{8w%JqIx7;4p
z*{a8w(_=pwLseKZ?J|x-<t|YhRsMz@HFK0eH@HuvrT{Mdy2hkg#@PgdhUv6(#-UE_
z`<Z#(p*z*h+v)n?UzOeKd_Cfabk4_xmNK%}zI~7ZQ?6)?K)M$EZw8k3i6Arl&!=9d
zmaP*>lyspv`VnqU>Yxo@?u6u4lw!KH|IQa!vLJ+bP0G;?Vzkfm2JP(VJ5?v@b72~&
z_$;02(QEuNDKeGVDqZ~c4j*)({sB{C#Dc41el~c;ZUHT2C~eBB4Pq$)J<yl1gu<Jo
zTHF+S*}UR~bN7DT#>u+9VC!f}kC?j!my%i?Kl+x{FIWdvL$eAhxB^?)q}R|ttTHsI
z#gCm-iPvP>uDbD&7>Np>5sudkWEEf!TU22mG+}@3H};%h^w^1P%<o0~uj{S499A=%
zuA{<-<Lb1D63Kzi*IWmFBEFrZNh)BgE5_X-;RUFVd<YIR_k6K%%mc6_p$)f<4pC=x
z4p(xiB|h5};;ZOV<5xP<U%$8)xUdR1S0h24A`SYpxz*O(8h1_V!HXJ4#VM(-(GN|j
z8H>fnt4#r^*G-4wM)yNwp{t-FCzxKV_rl!tn2{(=$?;zJipyI0`Rk#%8~OVV{A2dJ
zCZLD5cegt{R5_#^3`*#5K`)0^bLPS=GX>17EhH>cwQ(>nxUy_!b}c{aybX0tOdK^M
z9IvSV)U9HhGhZA+j~RD;G^EZH7<UtLbjLK{-x-M!X7P3Jx4M&a<KC~Ln%pQ!aP2~^
zIaGM<3wP6&bj=)srY^hp%y_PpUJc$k<E*Vo)dw6C7nwo|8kJ#tY+0@2WRIJX3GV!0
z4sL%j4t`8ZRu5M)KxI=GeTWpno);4jt%u2Nz!0Kb<PV!fL=7-iJq$k@=M0*h)S1>k
zRdcV0e42vi^&{#X8)F`P!?d#V8)TB}F=}z>KTy#(BP{a~?HX1eAGnYq1sA6~jFuW@
zHbT>RR(LTlmP;qAGAq-R8#u!jv@=8d`d0&s6>DZy1%8vCOA)NcYQ)<Rx!AnPH0Zv`
z-47Tg9BFOy!NFI#*Q%reUGu@_ccFuFl^N;jcugq}Y7Y9P6Jd*l!w~^kAaoP80PWc_
zH{M9(P{J2b)RcBkvw%9sXT{mMZuK0Y!HX*K#GW^te1%d`Gr+EEC*;!#c023Uw=W+J
zbJ-_<h>QKIOM`t;1D0luRTm6)VUGXG>$)p=%Zp673>YAn!hqyp+8=G1w%a%X-5+lL
zLhc0>x4K&lT|AJzW2U}X^75PJ$M2J9oGjv=<gHA;&1%c%tYqFnzhlxoZik^94>=dH
zp38pmR=x5lS?;A3n!)O`tiD7>_NV|1SYGGn_j{wKvzV31)-tw}?v`PbE0UU?qC!@r
z-!IieCNrt3mhrOa2+N!YRII$ThilFmq;>9Dn_G-ud7n8@ddJ?c1qGyb!X?qyU@zl=
ztb0HF?D!OC>id3;jWRk)2XX@E+zShOC3nG3c#eYHz)W0Cm2NVA!`C-ojyKy`nwZ9O
zd>x8y%)8kGeiA>!S=zpIJK=CkEl|OIcM>Ph3Z}%S9To-8-}t<r<;V89<IM^KtP8qT
zKU%Z<5ld%7s)5V&Ge=QB7grxUf{O%oA^TFuj_d<s^+kNDng1s{7k`1@i|pGwF06dd
z9YyJ%N$3FvX8#S7?~<+gyMke~C-La}w59u&W+Db7wtjNJXwp0Me<*H1{AGsD-m!iw
zR<N|SYe2Isnre_URTF*{tin+#3x8&(mRQ|7|F(#{151R;EHyTVPyg`8q`NXduyMb%
zwex=VLWr_#)^*zIkAt%^p*(JXG`Vr6(*f8e=h{>59~$osmTwAeSLqjF)*a0XOX5{E
z_C&sbx3ix+cN^29c}V+c$x&BwsX}$+;tacK$>L3R1^meQ3MUjR4L`bMAnX*$n`8#)
zNl0fEMvD-Scaw8$x-NsQR~<T6obG+`oPACMA#KWvs1QRZU)=5DR=qC_aY_7cFDW<l
zHmA>;<`OlS>CJU;DHq2D0_KbxHu9Ue)i@dGYNz@uW)FwWXmm2lmAC__Dw;(JVd1#{
zR44=CxcfKseJ|FG4?VX8$WPcC5LHOZu?2gC#>A6<wZP^umqv!>28}ua-9C==@eF*g
zYP&p4?j0Z}`aF1txQ12Wl=c32!S$8x`VPoMd#qFrt^N1xlZvjf-juGix~J&ql-oZ>
z1L**xJ&O9i;O+92tX#<#z!LxJm}Nn~D>H)GRw4<V0jxHnAsJ4QN#XW8eo?O5xt(I+
zct4}I{nEGZoCb%{GN*o{R4jQX9alfm{%0+KhX7qy1^E|`pXg(DD?gW7;K(XEyqCDo
zqR<~oj>jiZE4qqFL$CBJnTbW#P@-7nOan(PxH798u{v<Z;<abz9j$>7z1C0(5Shf?
zvn$^E3l$3i^5T}gB&GIK!3VwxP46(>U6G8vbNu6Phz-o-yHQsTvQK_89`i+Zn$&@1
z^F{-N3u%57J6mec>w?{>Ay!AuUQ-Y;_>!4b9FS7W!12NRV)_mN2F#%ZUCh8DM*nG8
z16lI%AkNBUpwYH#k?y51q7L6k0FLQFbErMc8O`b|^GOnI4K_9fO*P`#WZh3wQ5?`4
zs;a*H^Wr+T5S&=<GU&TV7t>D(QQK{n*B31<syHC-8-9ZeaVUuZoQG~0&sY+vi3>X9
zHmSuuLSV~4^P4VIA`+Yv6%-%-0<`1>BW?CRLl>;)L`}+A{e3=cw{{59LS0(zUZB0b
z>d>rpyW%DDKDAya)=rctnHhW4?l0^}fc-?9SuJ2C5ylagYEVA~q&FIw_@JhANT>8S
zZ8r$y0TFnNQyeo+O_mjnlcB3pqZ&73(RC36Iy>>NPo7rXi->rP@oTZWpzS$Yoefzn
z8uR}#m397|DxMF{UcFs-MNeI4PC}qIWiX5s(xNvWhmgIdm%vCkgEbsjFB+dJVxBFF
zNfLV}5VwRk{<4q0HN5?u&plGS{k{j`&8scap;MFyt<m~MkBV|yxNw(;6@utS69mfR
z4ru{b!MajTm`w7v2YwOW+speG)QYgl^ic=go8JPC8S81I`LNBI8!C`av6$DGLgnH4
z_)ySo#QSTz7*%+lMIh{=RRdd%4h7yfz2Kl+=_{JxBU$s0JD2*BDh@78G=CZq{RD_v
zDb@ii=eSQ;zEa&BJPx()Le<pilso%G&p<<EO6}k2y5xnFdrdi{72mloj&NAlB64@h
zKK=bM_y@LHjtkvu^rMTyQ|{ts0=ShDpY}owX)7t=V?P%oR}k2szoAhfFE2Y5S>16m
zjlvz>vV9IXDi+N8XY}>^Xk_Ksmq65`LRgM13l?KBqP|?YYWy`T=ldsm(FQjjHHkDj
zb~!%vMwZmUI2Ht=#3|Zja*}a+ZO64)y`Nk^H((AU+X>shX9Hd9hj&k9)f7^hTV0nZ
zxVps4O+CvV5DIl|>WeMIy&}PvQhqM5UtSxpBRDwMepIN&%BT_cS&E<_3w>H{W(z5f
zAWLq^IJe<Z%4`|7orB&E+5VRHI)@b1Nmhm0PSK*NC5}#?6*q^!+IAQ4_BgewpO=t+
z4%pIIYX-tbG8!6woF@%OIz7a0*0!XJWxF^k?n6H<u|e2IiGY-;_QfVw9QKpOPd2j^
zl1EkNmRT~krx_?$-ca-N-$5UqKDj-B`t;PuJrMgm+&mOFr_bm+VaV#ua)w@I12Mwz
z?kj#Zy(!IIIc+~P&Kd(d_ZRQq%av7fU{0N}&^aZs2#umR=4#ts3U%Fz(GRwXa{2nh
zSN4$zeA5ur{v8lDcwJInHYz}40@#v6|6Io}T>8cx4wU-UdUg^?BT7l7W3E;}_&KV_
zmFYO`f0ZkD9?Y(qFwT}7rRJ<SkQ-kmr)T0q_Fhh4I1pdr_#Vh}?R#?YL7F;evWNsM
zQt1yj`_>FXBYv>rhULjPix1~}4iD{^y24GSGjcVkaYbHvk!y?CDL7h%F#XKF+aHr^
z^`9=#y~Mwd3^yG7x+bBXEl;X`r6Iex=Z&+`Qi0eT0M^0L09$pTF5R%|0P|<TjXN%D
zv)KxbN^3s!GeLuJ(ABWJdRKM1xf$0osBx+ln86K4J2TGiSGIP%ZZ+mA7-1`FItGFZ
z(!6v3a<v&Xop_H}U#My~cF<n+N(GIhDY*E(ce#y>h=C>iKQfCI+xz^t7e3(w{sWU_
zw+^-yTt;jC4V1;?U<NK}u;=a0!4tyc<J_9b$wbXWf3I3q-D^c%iE?(c8QCZAi;<yP
zs3wlDUN?2bUofMwVtSMy0RL(LQT&hiw$7KLT$L~cCSAhD{VfSpWd5#wu@WwF(E@~6
zVLlT&5ww}ohBN3?+MAA@8kJtLSA%|Ib~|&dNle@5Y8o6Gl<DNdSOeY`b8aE(Hx#@~
zMJ!3gBYHLyvFHnh3)BG8vKl2rNz-1AzTuZ*pDBdy$-JHwyY9~fKpzhOKv+_#ce3+@
zju88GhmWPqTE6qRkzx@N)6y{OHmrQZPF+}R-CQ*BhJdKQV9J0Cjie?mx%W%sJ+Mu<
zxz7KQOQ?cx320-<k_no!mShA&y`+Ro(xcR{b^eAfhOwb60{D-KCpD=6k7HkzXU2O_
zY&ZxcmvYZ-BIvMkTGwKur(|0pWI#i+sXY*2^g4;>8z%Ih&6^2O+th2<y6n8x(8Xl!
z^c67>cZ>e;7osI72N<P`YW>z-!pY6<UqA=m7C#rd)+vO^kY(V3BFTj!oNpp9q0|y0
z1}fxaYouTGdtO_M_4cf;Qu)IN3vrc1Q4BwO^IxMfYyU)Ld~RxdLU&;Vd;bYm`}-k4
zGeL9}v>xvjw6%ZffIN?|+tvUSD6hD<yP)JC;(xr3tD>q3NnTq!d?4<Pp}jrpq_v>n
zCDtK;JOu%JGVAM!fa4kW0^RjRgcvBu&-|hR=nVZoge%51`E^EBcP<<b2_vnvGztsk
z3;YtBU~hl;A0GGrd=&5x68Z>d-fv6@Ovhdtieyl|GBq89eTg#rSJ092apzp(3ShWc
z2&%|HWs68u<b&w{f_{c$s`XsHJL6S+L|#{sz6T*YivA0nx&}ANDu~q-@dztsUJBD1
zw9o$wtT}V}**OeTtONiYzqB!U%Lm7^aQ_QV$|a~rx&}A82Y$p9L&!f;(fyxrYq4Rg
z>-TR7h>3d+G;5C5=X!>J%+=WFTUn9pyxHiyRV$4sG%QSi6nGcrOKhCYfWJX#N(YlM
z-Tt=rcF)W1O>W(_#ipA}hhwrsX0f5TP+k3%HdVK?mB7o*feGSDRMb-uZj<a1Lk6<>
zwhq{^-bzu8eNDy-M}&#^InBrh+j}xt04~2qkj{tFh+)M4vIC;o`2+>Ao4;J03)BkQ
zulXfeu84Y0PlR+$`F!zsuxOhq&Q>O_SX;wk6{53O?=hZl`+fYvGddX=Cgi`SJlNz+
zhM9?rQ@A$!-@T1$L&5#T{63L!C%Tq^ZBN3_fy=xd)mr@Ym|CwrmBC0U{z=x)ZxK#Q
zTFOI$p0B3v+54EV=C2T!3DU7mj_PGaQSfH`+mOS0TT#II8tT<ty@(xmfX`~w5YYEf
zz7~0}xY|nSS<!FWeI4IvNZK@?(yCkW%(z3>VUN|v^BHC`_tEy6+|kI-<u-Zp=EBQQ
zX))l!)<$XvM(jO9Dnn9q2^8cEYWIH|qS5Tcby2ncI|-3Txv#kOFb7iY*Q9C5cn)eg
zoUwh-VnMbokv&$uf-qjes|(f?{@M_K-{g0F@*{zP`irOGj##dD2oerVhdv)D%cB2~
z7mq3=HD1SRoOyQiq!5E1w}(cSv`Dy~@zOaM{6@%k5!Hnu1P5b|z@6B|aE^U{>mpx}
z=ObQ3W<#7n4O7XB*n24+T<g>!=PBw}yTj983hxehj2%T3a#&`4o{O8`4{x=5wgr!N
z&u^)wt}o<4d5TCajZr4kT|OE~w1n?={NVZ2h9Rz;elcZmgXpDlug@2gj#u3h_7S%l
zt#wyEJ^$r+x_g$DkqvS%>m!)~NT4k0avL!~l5WJ2j>MGpI2Uw#=cl#or)syv`-QP2
z<`O4>ZmFl~#;UhFBSNm(>vM@u19zug7>VcoX4g@Z$|kdc;FO%vzJQ-3E{OP_BXJ5r
ziMAe>KH|I8x~WlSo`owU{N+_JGk0*W5I^z+t8aC_0j>&ZJ7XZq-013)nJC2xq(EMO
zM@h_#j7AWivrK7aOwnCD9bSjQ4_{GaN*V`@)tHQSE+_aZ<?jqd`I3&3I45yZUyrQb
zK)=ZRXz%Nm#*H0scW6W25W#VAuQ^TjhnRCGzTrt%yBX0^_4|FIF-~qHX{{48*Js}T
zc8);SrDiS58G*7)HWlxCR4?DNB;H`d8&^Y9S?2QJE>?Or+`i@8L*gF1EArR!^@_|0
zJT=+eVZwxhL1)ghi>HQ2<@qn~ybBb_Znio#)}i%eOP>$2Gu(TTEeDFv?^2{Vx0Uxx
zaXWc&j0A%2KDiiY5SQDd#tCTz7hD?UkUU&c;2(Vr^oMaUvU2RS&htYHd-5aXHiy=1
zR;3-q)|XFfRH8vO!^;t_&jwYGH*NqcjSi#-t$MgZd3)`SwPwQ>Bz|lp3kw<v!7sV{
zfV+K6w(PyQ*Ogu{XXt;D|4o4NWk6SsL8UQ1XwsM*CwhVhac|VmtO4sajZ4}Y1gBr#
zYdt(K$|%i6&EFxT+x0kg45HwS(jyHzpW@f0j8=3d3dzL8>)WgPMViNhtpP5aG8Lz$
z0rlUcG5lcAS~Kms_lyhw9pJ|hQi&h@M8u%Vajx1|V;s7KXD>&mKlB~ppp?-o53I3P
z<|7O6Pv?ToU*<BSC<<_HPWSu8#(?6?I#wri|5c7|tCSS%w)K^vtF`SWP(qlVsEgt5
z<+fXu+`C4>pui!)L0Tl~;5Xg{5K`IGyoz?%H8&m4nTg*YpVo!BTTjs{?$L-XV*`=~
zI;%%-==kPg(2pmVcXY$N7QeD1Ct1Q;!)WdUW1g7!C)RQmiw{{7t6A1hCd}(tkWi5Y
zFts<L7qoScE52ITDJs}I_~b7=Kt+<2{SQjFPMs+2YY`_%sY@AUc?xq!RZ>V58zDD3
z$Zt8#4h7K*tWiRCA#3eVX7e5HsxvuXSV_7{(l~?ITr(^4L01XE`Z_gVqtsf4e?!D@
zq=~Ot@-cUItQj#b8*e*Ytb-(2js=ZGpHX7(9TX9w1an$N0?|)I@7Bz=I~Zbsn5vC>
zNVu|QTivvMd2VaB&gL(+zgrtr^3tJkb>%RKi*>_rt0De<n27Y?kG5o2=HM6nZmqmF
z@PGMgZTz#)i^Tw<N_2Ba#MidCbX3{vQCvP>@<qzR(+bL_p&86@;!IvVx!j1>_=qDa
z*-b)C`kf`wxSujLOfvdpfRU6ZO)mYdaxGbpqfPInXq;|I@WG9oXjxTe#x0ht#t(UA
zdMnX`ydmTXHCZu*8k~GyM8{sfUwrc8`aNdvnL%Nc5HVRCiSMi&aZ{~qg%fl7q-w$-
z$W>voXlcGu>HcU-Tpzq2E8fK2%kg`nyNI%js}MGS$3RPYHTkfROltXYR*o$MpPHj3
zOOGpTC(>d`aVgdlRF}-WVw}tn(jIAk17q&j81%ASG3nJFXc*%Ds|2F9hW5RSNOLgE
zcglYL{U?Tmz|dVX-5{?PRZcEFCl}cvJMd7)qnDkyavvx7s#qq#1h?Z1C;y%7W0o-m
zEfd__w~oFT(}AKkv-av_4HDwS@s=f;A!l;2X5GjrNF^IbDuJJjLORbr&(sR6@h7OM
zpJ0|KVmZbd1;dgr<g0Ih70pJ*svWt6wbJaT9@c<wOvcTpvJerf+d3vZe{=yJ(=i`a
z{Ob{tquYufbI$^-;$MzthoxIT2$K+3znM#wpBn&F+aW`0Ai5($3B8VmKq*>x>M*H8
ztjzFC3<pJ^r#g+4OOxILR<jo4j1sa6v94u5^3?Aa_ZPGc&mXo`{E_>hauU(HNnh<Q
z+Siw6m>Q)Xym^Ri?U8@c^x9iQ{)P;xDfK6VOPC9}*u8YSAsicVy$)Y#MX?f}ELn8j
z=JlRP#u~-og5lz|#>E!mSrqb3152VF_*FoiCQfC@0mthb%oQ4cv3ZIUXXB3oGyy%w
zskwJ={f_ZGB+S@WVJ%#l<tZXm)y|C}pP-#F6SY2buzABC=&|_c7&ipRz>;DLS{pq|
z?lTv)p2sZfA4bjhCrCR4Wx}4wTDc)Qr4BVaP%@1nSD{E(&-T?0M5ZjWCY?ate5UuM
zdAn2+N`c^T+eQ9UhHA2pTgG}G4u~gv*Lq4l@~P&&ZSg@r!mq_Yg+X(I<C6-zS@Wdn
zLq5#pk-LZh*88;*>uZb&k6fk#d$jxxjHD{e&94j7>hi&x>5O^RvbanQX_!lPa=m=;
z1x1oRK*@rF9Xyva3fCM#{ce9L`!F>!UFJ7<z_|VVW;XD?b0}6S4=}f5l`9m@e6ZQA
zf~SW2=U%%E7$Ay*;8?7lbVC$rVB+Gs{WP8Zp&1j(sY`lkF_KCbA&XXb2Rm}G^X+RH
z@Fn^ZE1kuIsQ~1MaLK}jR-o0sNX103Ba<;$?!CCQEa7ax4?Cwg^YD^&Hj;|BtnQVF
zR|$mRzSk0W$b2y?bVdmu>Z9b-)jZ^zOz}}*>js*wB%nkdCFaUZ4oSX}{nxfVd8=Z!
z-xuFSfPs%!)R>>vFho3!fA0{T5?e6U7g6j`^kUfEMw6N5W8Ng$$MyZsZMAUf=x}zI
z2XaRj<wW%9`AR$!iov(OZ0ot^H|uuE5{^>LieHtYb>u^t3zlqifDsAU%TD2Sdir*~
zehKj!(p`T#FN0aMk1)A5R;TCLpJu>P1L6v6<~$^Di;mvyDK0!Qf*%WMs%|5jr1q|i
z4vM>m20vQK0p|>u^W3^S8*@hNEM*cf(iJJ#jC#Bm7+|S1+uBoi@g$Z=o36ah%`(<A
zoxo1kbi7ki5Xcfy&b2EqLsL(f=`Gp&qMUGIV>_|rzi2tgIu6N5M$6ioXazz8<?N^+
ze6i-@u$(}#<(I@`wZ$>3KB_U;#`R$=nJ2102<(->oy8IO$EuM|U{4SA;eaT`jMJCR
z+SNb!E-gy7IE8u|zd6r8|5JK$>{rjcjo<eaJv)o&>}5*B9AO@*L%Rz{>6hA~EF_Gk
z^ccY9cFjhJK)WnomZP{(irc<M9Ya@doxg-Y7Qx#klJ%<K^=q9>Sp<wsa6!-8i4yx4
z*fV*gi6;#WWYR#@X2Rzc#D)<obXw&0WqO)&B8lbF^E8gPl~G6ND<i!^7MNdgqt|(e
z#lr=7j3*BHU#0NHr7RMpbf?uQm^^Ahd&JME@S9#Wsec&2Nusa!Jyhw9NFltXR^B07
zFKIp)Z!6~5l@GbXxGAmiPaGAa^*AWAZQ!L_Vccy|T7KX9abJ6YnnYGVY6mR2-1&>W
zJSo^!z#c(mfIIK-c8q}M2yxZZ{7OzYw!2lGC4KgCD2?pNHBE*4eaiX#3u!RC=N8Q{
zD{@m)VYgIXgbVI9a%7A^RUQ*Et|p%*P@El(TiNk~1MPKs7EVYmy~-k`S{(Y*F-YE4
zGR{O)c$QYo<OJg428?9u*%D0A`pc5&+?MH0!_fy(t`A*2o6n0|kohogE?(7NTZ&NW
zEt1^1LT45&T0$Z69j6W$`Y|F@Hdt5nYz~z6sAH;L10MG~4`e+>E1+9zJi@Y)Dst0g
z$J)~<5h@pFG!TeV=k(W2;PI!Zm|DkM31I7Y14OeJf8|wE2*b%wY47pxjjtaP^jIwL
zt?B)UoBOJGvZqH?^n59cKt24T$N@Kc=7r+=InZ-l&?_7sqYkBSt(3%!&bgva$V)|1
zp$v48d6h-Dz#>xdzF;u$l|IToYNGzqUs+Q^P^`jyA{t(h!t6nqjjZoyN@6k*^cgk5
zpBqE5eGJ5heDZGN7!zEdH%}IN`v)c5O}Jjx=cc(C3$sSN<@mY!uy}BDzSfen$oC4k
z3Wzs0qn`5~dd#joXBAt%x`+aI4h4+a<-Pm}WFyYx!d_R*R@~;p=1uC!@-go|D%(aS
zaS&qhw1^(PB<721&PA*Wm(<%i>|pc?^5uj?jktp@0|?cK9aV*DHb{My2}hwWH(&<n
zmyENtUL*HS$2kW|?6V&N5BL&bh(@-drYvDTF-H1<8Kx|TjD_>jdKO?GXu)cq?%(uH
zQPbCQh2)F8RoK}x#{NYD%0XL?o9dYV9brh1ct*+6mO*>u0l97o|7A6D{EI)xF&~BV
zl7}Im?n~I{q%Lte_B^V^&HYmbU^qz}HGqHep?A5^9L<})>|jOm7i$Du(#C9n724YE
z@zU~`&@JL21tWm;*{+3)nzCM}6O+$pMFm-tssa!^1#Pz`5M<xa{alU;|Bv8Wq&Ije
z0~aKLgVs$7ev>C={hnS{C*C*zx*MtlF8o0AO@l7x?45$72uiS-N*>sj09D{BJzqq*
zsyl?T?gjmnC|HdD=Z5=P)Chd*&(FiZVKc8#%N2wgwLotEBlRf3=Qo9=0yMrvp~I@+
z?VGQSsNy$CdOKvJ-JO`EVzId^6S|R3UV^CPKNBlilrvNlPPjTbZ~es(r5g_9NvOAZ
z=OMHCZ0lS50iUJ`6~Q!F2O{2WHgEXGKtSh+Q_-C9mH@g}7B%wlrZVdJytn(p6Os_p
zTwaXy=3+!~ggS<kh63mt^2Su0*EA%}brQETDeFSfHdz8RA^K&!E43qm)!ptN<M4q*
z$SWv?JOeqHE-e3BX$*u1qmS>_-A`P@M+OXkam}i)`JImDg!)n&z?!=aP=a|x*7y3&
z0<7HXT*y@K(~yyU9tB^-@}SU03-w^2G0^N8`KD3KK>I8f-V4uF&O1XYc+T(A_nU?d
z&)*TN3LdBceFiM1@(E{f<KESuO`b1HWR%zl7o;C#G&8)ek&JezQT#qs9%m>UcRVd4
z-)hDJ7rC!)I-zDDl8B_@r(JTMq_<A>q9rBqIsSO7`<`JZsbn1HjM`2`JJZb!Ug^H+
z5eaDKn&m5l;6T;}=d#-N`|Rt1XGQit40;6O3O%?VE#>hoGLexJy7Kb!g;x?)9`y-@
zJ5cP%C8Zz=ycj+kd;M7o8Rr7XEG*D(&jMKUs)s%^Uk9wSRXV$7@b*;JNA*6ATW#V+
z?2k&&QeV!Z@)cJbP5a&e$!7vLb=G(Ooy?UpzT!qB@_EV-2$$T4qhywuJf2y<>Jzk<
zDM>n-YE|^h06+M<N&gq195$!7ACpg0DJJ8C3hQN^s&EZG#?N7e#Y!YBluq~h4K=xw
zfYFN*<>GHaKnbpW2XsT8J9vA*o9scz`f^$h?0Fryw7l7;o3@um_}%s%<6%@FtT>(Z
zcB_|zSrPnPp=a4xh}_@fpm%N{yK@Bn_1(pm*2U>t0AGJZ?Z%z;l_~YxFTRpZ$4EI%
z;86nsvpOx3{qLOi$#faLI2|BST;mw@C@&LW#M?mt4y<(kyqoQ^mR@-NQIp&PwoYY?
z^TCSHdJ1;i@lBqT+H6iYAS0ieXJZ8N+1A9x3+!w7<d<?+?~+nz^$Mf)2bY*{8i*hR
z4CGAYxq|Cu`GaliJTZM?LJPj`v^+x=$)*!=Osid7+3JrOrCBdxQDqtM6HCW%FRwxj
zU`6HjYMRC!jaCTJcB$V(LcHloM3Kta-(m-3S;de|sMI`<LP$90$>w35Rfx>+HHhIl
zYs*J0Qd^mUm44I6F))=P43V}N;VKkq8i@$`%7*)WUjsILQdB;gRa9Qqf|J>Q(ol-H
zcA6rZ0enRmXEK6l|HBv^+iL+{#IDH*&u>yV))>|XUG0NtR>Q9)ydHqj)Ii6of&=Q~
z<oU^CUz|<AC>1;%TTMJcI$Mf1r|+fSWr_z%SxRwL6kVc$G%3#>hhNXfR-#UX%P>r^
z6BR{0UtDycOouh^OqHiZC5N{M2wE$n4R00F(S!l9f`dqzOGf>>)bVm-_>fgt!vGMr
z0yqW`L4R+&^*}h2W!!;?{(xlD5YK(!i~6bxHvp6xP|8<!>VV<Nmc;h02>mj`S{18M
z8T$yQ)w5-icYoSColntMeUuo{N|P!+@W5C}HUz~A)Sqb_xato|+(qF;q>D22_q~&j
z5d6aWA4!1VHCli8fSLD3F2fy+``Fx-dOx<te&3q?Vk)VuWCxQVJ_xMv{GYV|4#IWE
zgfYaaD<_isl$6q>se?ay7Q~k1!y2ev+fl=!b@jR4Nw32{4|%iX1EjQAe;WuYED)k0
z)$aj;0dL-w(g+}r9h74>O3N$5%;XyWYD>LsaiqD*Qh}&F$(YwqlXwb$Ih3){9TWb$
zBe!bfh~yiObEU~u;a$#ttMT=9WE#i%!i_0DXdteAPt>vR1ksM>eVEAsbiDi9E2Yv4
zauEfMqb)vG_gcg%(iGzpL{C@q%&Wq60}hy_;SSy-hBqK@KYqv^2<g7?_1h-8&}^>O
zcRd^McBd;sBfH2rgXf5tTC1phOOq%+I-R>^xUnIc3X2N2ep^)vC}@5^uEb3w{0EVQ
zD0RPTZ|hH@*5>`94ASq<$U2Thxj@l6ixEmH)}BoU#G<zE(ewFkEv^Se+JTfA&Oh9H
zz#Ah_?SehgF{x(j>xDoj9;j^&mD7ltGWSIff1Sg$eQ^VFwzHQV&)I|{U{~p6SV#m8
zv~$L|=KZb(ysy|dGOB$*A(9ygUL~!DsUhvLPt{2CUBZ~rTFYAiL?D@9!oxe5iYE4f
zNm|@nlzvD(H!c4q$>bQ1O3i>AqNI|K7e;WVOeva7`)0gv2QLtsgneGr(f7dzT&Gln
z!rY4bg(G~=1-Tf0pj9V2m9DD9qUb7hSaPZuw9Y2xz#YAd6RE6au_6TcBKX>ZeIqxH
zfg6%P1k2g;<N(g|Zmvo2XO!9(gspy2?i9}(g2({hY%wE&*J?ec|I8W1KExCMU85Y(
zn-Ja@*vX_-?+)j(l{&iQgV-~y+ZiwF@3mQhM+5H<0YA2E$p6U>@3hWafD{B<EfM8z
zM{9EXoL%Eh#z6hm(*D74(w_RiL%TDH%F9duN2V?LriR{*`&DVrzoXA)5^a9zf}VBU
zU<sPTuG^ax4`l$H|7Q^SpV^UU_J;bX%Ypjm!3~i>qv}0R03fw_`TK?_Yy0tVRc%c_
z7UrbA*Iy{t|Ak0Uwfrck(dbt&{E|lSM~^B1&Q?YY1lm4A_%+AkCl+k0e*k>ovrKhf
zllH&<#-{(3-T|=o&`{I@j@RU?_qW=fw==JceRx9?<fyi;b5qy4bvIcb&bhI<4Hjx_
zdv4=9O-WT>;9&Or3l)L)hl+3xw71=+A}bOW`=6PJvg&|+L{@;2I5lkNEsrRJ{FVCu
zdpFAXFq$5?PE93rbs=Q6#Nhmor*9_!ry~IzhTT##={Ll}n+xl(NV(?=LB^!&JzEI>
zB`;#~e<m>%|G$xrqq`j_@HiSfi+di7@-GZl+h8|Rp`qu|o07xePk+re$h_PP`~O)(
zU^>VD8?JPeJ?UN%qr1D?{$`Si|LWq{aqFT;6CfES0j`l%=tUv*9)aawxPx>jq>l3M
zxg9~tGiPxQrKK#uhZ(PaP1U+W1)H@R0~=7IPd8Ro)!dHo$h<Boo39+s5f9qi8%M&`
zclHQEkX(<B?%37b_N;;V_FY=SoSPSuYllfKJx!DdkuNgv0oJeL&s30qr)@>o2O}co
zAhvqmUYNyl^Owt;8kbn)E>#A{=eo;_EgDBvmgW=P`<Itu0R5*mX;0`{>ePs!OJmx8
zC%58;=V<$*r-Pvjey`T$zk8dB!+al3?gj}$dpOnMIeU{`HbIMPyhCvYTAQVMyi-F^
zq%)eHY}@T#Ng)-L@8y>Je5!hw#ic}HWN?@>2LU5ZP{j7X5!GTt`xfW}9;qcouARm=
z;%GC)`X?>>mzgawJa&jng(nFBA$hF!Xx5LW3g68f#m&19lBc%9ZK3mDU*hmPy>w$4
z4}9|qa1ykjS1iyVE$Pnd_+B;1$8v@3AhQ2VYy%RKV5YIrci*JG-RVc4?l>`>uT>02
zlI3HT(e5Po%kG?muCWrA4>vusX<_u3#RlmV^zv-DXDj;gFwZrTPHmqr(ORK5<Vs*G
zn!ky6khRV4fh4`R_CzXyD9TltMHHQTz}hwf{7(uxkh@rel_V{rY%~V$58h4QyCj#t
zO=nOdI1qwlaP(Ch0#wi@5R?->otsgg3RaqAWXMMew1)2?axrXp@+k@-1se2co|4#*
zRj0^mCNTk7!n@%FyX3CUROuraro$IZoi?vM_?$+?RXKu0Pjc8{1toFlBPaT_`Tk%L
ztAo|y=qd@n1E!JC5Ok#_6kP^GBU1od5&ZS^3urW1c$o%r5`!>mqKtuG7%?sY7jW27
zc8JXb<k4cl0z{Bq0%1*MR+Ival^9X~12fiY@jBbN0S`T;M`RD=Pg_;0WhYWM0{NlP
zAFgI&>M`*ISCT&DtLH<UBIgtFsx>1++LKd&8c4_Fng~{Mb}*JqneWDDOEK-;9C{s%
z1Mr*+QQ?}kx1-WpUG(f5mpw>zpX2ynH|9zOr%NGiZhkTqP;vHTb0u@dQB9<#LP~9^
z3IS+rMAt?fz2<+5L&JR(6$I8HRmO2oZa{A>hhzZgN)$PG9RLDf4sjZJJiN(1<iIt4
zGSN5cDS>DasLVib;VFRRkjRoRyP_tQK{MCqe<fl^=aQDOgzTJ0#&|!oqneH}Q647-
zv06O+k-SA%o&Zcv69<OU|30S7;+EP}RKLkzOhk&FWS3y@t@lIfC#<cH^z|9oPo#hZ
zC6A|0Xaf4+n*J-l-Nmg2cTQ@03?s>bsOo74uS?o01joWBTsJbBltEwxGAl=k&6ou9
zq~H1!V6{02QpbK<F?t^LybDdR;l(_Ad(V=U$LR6i(sHjcO7QfAJ+`j$x?5Mr0=Bh5
zf6tIBYaD@pOgx|8Tc{R@$?fR#f1s*F?@nyST_am}?L?Gw^hhlvofk2dPII(AZaZQ@
zyakD~nY;*`dD0nNl6f^kuMZh@J4*lXA-j9L_WfK4;t9T04_GMduIcrL@LXMhW&{-1
zYtgvD27I(ya3WCQ%w7#&2&Mwq>_(?B)SEGcG;;wdIyI}QCPUXhe^(7t-?T9DSYit(
zMt$T!^M42arU9TJv4hKm{t>)!O9N#GjJAB)wsOg(h(35*Ip5FSjd^oY;^IK#5#`3i
z){lHNq3~%6nic!OyZ#i>M~G1QE744I6z4h@-W7WDQq6$~`Jjhq4<BVNqV=7j9Ya1B
zR7z6dL_om(!}o3F?vY75_*^R`JGD85%1n@UKTQNDi3k*d&x(t$u;WJ_(=_%`!XF~Z
zQDj1>Vg{OQ0CZDe5zcuyTq$pk-d?eA$S5R6K!%5l1356m0!n-+X1$0}=$V4-b4X=C
zF|lMO5@uk^l}`rhSi2k^yH9Sr3=yE_AUwX&O;S(?`gM+1r>oJ`px<J?<-p^xYz=lv
z^-j9cx2{7~H44OC8b$2RSGaclPxn9`%&;5poB2R-!md;%V2%Hhmo9xaf?~-Cz@WeE
z-ZSz9V5D=rA!anMW3b>y4>Sab*V&s>OgWLV^K@@HE=7PWtv3XP<RhXW0~~^wK>61X
zEHrT|@iPATVJm9NT-Ag)(T~*uOAC920oV-He~62(v0r{DOWMhnWfo{zRvK|e2m=g2
zK9FA1;edYk>y1JqEb;FN^CqBL{o`0_wv><jxAKlyG$ZkOhb%(}QnWE(6VoMJRcnC3
z;|#L?6g)k{hOA8Z&N*@M8--r2U)p1xKptE0X5&c9m$N&s(oaOO`J_!x9l{E2ZE!f#
zw|R;lnky8h-H0%Z;m;H32!31G0mz4$B-05ydsK>QFo0z&-BRQLsQ61<OU!)OzQ{_7
zmKD2l#(RbIS$Fy9guIE${GJlYFz*xxv#pr3N-f;U^VVHgS=N2?Kv8A=J)xis-vx%j
z_Y>|oj7mH+rNldZKmWn`G^Bc}d8eo!%!_xvOKBN}m;o_>nL8N1xSTb7Pnz-GRh&>E
zXW%*eOP`5gY+$0#{;nIg&p9}-vnKA`>Nz7VZ^`PM@m!r>$%VVlspBA@dQUhoW%UmY
zC#a~f03AO>bf<&+(BD1OXmud#@QBMhJ5CYROvY*ve0@1u@FBgRv!$o=u(kNqeXVSU
z&x!(Dd_fq!=aC3eD#eZ0W5HXC?+9KzA$@vNe|kiNdnceCZYXbkz;Kq-YG)b>{iNQY
zXqy~0(xvDl@ViNbiu>f?2Kh74yF69`3^Lwa(MPw{--6mRU0ST*%f00IBuKw)TQH2#
zRh@Bte5<e$us-<_EtJ|V`<qn^7gstJJ+?a2H~BXtBC!u1KoX}ox`j0AFV>osnIrAQ
zIFv@o4^T5M29=|ZDJX)u+c?b_<YM)sS*XG9%)dve2h7&5w$ASZILVIi&s^1rhfj3A
zj;e*0;vDN&#4<sTX{8o;zWq#j=_JMHx~0e7vKHP)Q(R)-@}P%si{y|W0F<>!{UBmN
zQ=X^y`krJow1*@u*uZvK(7!W4^sm}CpX!6RzK$U%$_edeKJ<xu{ZZMjk&DefPxA9c
z6q3K>y^O*64t~z~nqvivg2tCl;q|_q$PV-Af<KqJK}UH{*06n=2>Sg8asOR2$#ezs
z@)dLNHvB!gKctO-->Ac}Fx9y?AkdW5;yAhbn^uKZ;wQkv_*U-*l}L(FonX!Z8VP0}
zr=Jx2K3D0UtWj1I!j&8NTY+R;R6HrlsghDtNR`LFuoL>}8<!EaTarJilDzCk15Kdo
z1q4`bQ{?^$_Wy=J*gl73rA^U5MMm%a%mn9yi|?_mgSE2(xH)Kf9&b+r8$ID(0>^+Q
z<i|`E`V2w$)mlqiuFoa<ys%<BJ@sNYao~`_nJBklt<<BXDdsn#ekUDPQ%FU7TcgxQ
zNlXm?SI!m}9rNY(#GQlupyO>4%EV}32!}S92hg0@FEJF=^tA0!t~3UeD?aJuI$#d{
zkB=x<rzsuuoo}>=0b%mEL)XEhSx`48!@je*sY|03RJuqF$iHB+O#V8;??cJzZ+Or4
zGAjx!rVuzLmn=a=^UN|OY6{{Qf&&Cl9Ngm>l}7l#3*6HR8E905T)XO3I&r;#>E%y=
zNa9x%`kSetwSID7g25YFPqqxaO`(^y>t2}tVpe+u?ur9=*<!6<(@Itk`{Xzn?LDw`
z?Gy*l1OKUGZ1UrF&nG^4hbzg!HuFhYa7ji3G%tm02PL{j$tu5_x&>;$|1b95IxNb)
z>-*kY1f)cUZt0Gpk&;HbyAcqiI|h&#N*V;DLl6P!?h;U1q&p;qp@-%@G4{2u{p{<0
z-{ZKi`#Ij{x$l4GP=~>D&RD;-KHu+Jzj>c|=-MI$@yI<CHNplG#=)_(g?1$gO#`|H
z-SF}`8H(}<SKSlNyeuSK4fAPza#4OAtJed{rsByv$pFdcM`(m2XJHsQy4*dE;j<3e
z+CV1&NsKepp2tK!ew`3Gef=bDHj~t%H<)!q69;5H%>H0UkZU^m_Frzb+l83O-zc(C
zA{Qwh`!`1ggxD1O?uNU*4-FRd%S9Ohz=6tf%y80`;I-fMUU_EB=@DjY`#^l_;|Wnt
z#)V7L>s)UF197v{p;#;ZH!%-#qT2g>g;C+tv9(EZVcEpm=Q~67-`1V~6m`5zQ9tcr
zC9FNY74zM8fkkwGR%1wNCk8vb8hZ@!{7oVYm2v_&*}3ZDieS9%_*T5GCJCvY@H=xZ
zu?|4-XE9Swz|t;sqoCnO5Ga}k7oK*fm$FhH3A`6qpzrSsh0wovT0fOoPb^7ePH(*t
z_|r4?DuF^|bad}?&qo2N;hI)-Nnla=l#QXH?JIv&FZ2bR%$ejjesVyz!>P-tqOFS7
zhxpb$M^v=7vbhj5JQrD#>BMC?I@(&=-i!tnEnH=K7@?@JV=MjPD`1s4e!_Ab=1@y#
znOkP^IQ0d`=v{GL+qO4}4E(R2k);GUEyXOnNz8@@ZSi3^KjBgR>}Iu2Ax+L0ceV8`
z-G+ns%vGq2QElV>XBw$cGLXRSGwh|DUWtJ6<XtZ#e~{XJ+`=vXOvFq};O@i%$E@3P
zQ4mpnU)ITekiK@CbG06*C0t*mo>nztx%JKPozxIsY!6IM93i92*JsV10=#y};f(4e
z=0V;M=UI+DefM0fz!GA2Zz((RLmH<$cRwV-M2ty!@7-FnRW7rTve+)H4q2a1gsjD(
z8<{a%;TJ|{j3-{Hr<Y;Cv*zu?gaa9f^XAP(=^VHAM5{0aOazJ-xFd9Bk{5OG_R?HY
z3ky3;gd)vc8=E3G#-KqcGjh}5t>GR!Ij6S*)3eWtA`AKmY>!gQKHm~s-K(GGNw3}&
zEW_UjA_QWpTh;V<RE!#`=@nLYp5|VQ-DP^83_MO7I`>tfro^IJX0Pqzv?_M%4QlSL
zJ78|1LDmy&`MJxEl!A3mI1^$VmRFZ(j|}&iSs-_D`LBg2Ig}?iZeCL)UI7wt@EgES
zIi5&9mMFL@;p2&|$lz9m`%K6&G1IamvoVxF=9o9-LGI*t%qUI3FA_HIJVy^qx(R=N
z-_)<!5;v0PvZryy!=AQl5Ad>6Y@M#oAfKMsdi$tSl;1%cd=+8`6!u^;3`DuGUN68V
z{D*6IB3k|1Y$fsL@9tUE`}0ih@pMe(o=%nf)ZeV&dMB|q)Zn4_tkidC8>p$#!9&ax
zDwIwZR4_o+PAZvyF?VKp1kY^WKg0*GDVt=T*&w2bQc$RpW&+GqiA?_kq{K)mq^tRK
zdpMF^oQ=$Q^L-}rr_fd1*_&k7S(#r}2H&ThkaiS3ccJe|91A`)62ZZv!Kepvvub*{
z8r+2q9%2C+3gVJ26JzLsR9^*<nK^Ml<t4dEGuU;hxRWbOZ1u;<BEtU2gTx+3`*a>$
zx!;|*v&7U?Ah_xE)m}3rfNp=q!0jhu7Bti62#wqmcyGEPtxunFehu!z{LBARgcjCX
z{4%EQB2<hr5vcliDc8^pb%b%KNN)6BdKaPZ8<S1|<37IMn;@`>-9JWgP+GcGOMT7#
zAW(N+EVexA3HcCgBfnh-7_Uj0N&Se8s7q<73_r~3t?wU;CCpfoPN4rSDFh&GU0s=M
z=K;m;(87nF%z@?ex0T6f)J`RS=lph;=46LPe%Ovw<31N|0PcW{JDP*{9WK%F=DmpB
znXJKD%Kr7u$8~z{1n^+i<q;x@yW6KW{|dzd4D<Q(Ub_cB{Mfg^NA6!C5&-y&`?~w2
z>*(u0{?3PJ|AQaTxaC9a!ot79cV@s=Z4LGd-KVEP!;#wKv91uqzdf4&9LxG|fmfe(
zv^F&$izxVo#S|F->Bj4~fwVp9M!q@N%1Hh-P9@xaF!aAeXT-k~K>xKB<$+Ko&|YB-
zbXnBe&vnGxlZ&_mI1pN1?)XC@Xunkyg8#LmfDANLED@(JKq9^2yDNPkyz3et@EfuE
zLZQe;OCurV%c*Qy_QR~q{b+N^uUewAJsglR7eoS~we#I`;kx~}>SlKKLc1+z-m}E2
zd(SAm!0nHOiT{9ef9{F_U?V_3Pm$Ip;EU&7k(hQRP|ST3Ehapp8^qnKB1EIcL`~aU
zh}s2cD(0j~j>vL7dV7*iw6ixjQCeX5xTj!*D$vyN{8y~}t3G0|Q*y55T=_f!i`U_}
ziPSQmbtO07Xvr{0bs1pBKrhF>HXtV9^tWDrVx*)D^(*PQ0?Z7-_Wv=nEEz9rf}c%$
zN$b}bb;axu(cbh$iJZ%YAz1DWFlG{N-*VR@C+|Cc1E>iYejnfWT<)U?I?T7_MvJtI
zzYRbZ_c^UtUiVj}EWdLY)te{rAL3Y>Rk3Bfd`sbu%#zs`Ld<^MkxZ{V7OPf1f04Wd
zYs)rW36oV)T+D6*OK6YB!6G9bs?!}BaZz%zV9z1mLDAV`e1ebFbvIyWmz3Ba%|#<?
zw9QQ@iP&#VTnm&n1g22~4CAZNa9M=-T-)!5<N&tk?Ako^P1@FpRZ@QijqKpZoAgl!
z0^j}uOslF%ULH>=iYa2G2%I|%ZUq$<64>@ec}A{a{a15R1AG7gsiyI1R>Wq;M&=aG
zO_FWH&eK9!c?FcGZ9`n^Fnb!L7w^$fpSW}^5r}HZ2{C?RQkk1XF3RZ`R|&Swn4mV#
zEqjA5dHoF*q~V%V3z1g8Xl-sn1{|z(#7sXDSh@r>g-NS$2=R7(dP2kRldNe{6C=VA
zjDX!u(xraj@lF}`IM7~F>Gz}e!J1<~O|r=*ymf@S1jzeGFsACDedO=EG$0&mQGSpZ
zG>?y+9o{Jk1Su}Yb{X#DW*R+o&g+i6j(Pl)02S6Nk_nr!bm$TIeXZ#9;0n2T1qlF0
zh2~t)UtWM8CX*$8{aH((UL!1#mMw1Gb~YWT|0r<xc`q4=PzJ@i>-H@TB<0wqgOeH<
z`3t~!#>J3w)e9Uf>Q{-#QgGt0?gg_lQonG=2r<*nteCy>sX?8J3WjT`_&TwFD@xsJ
zXnT3#YB>j$xCi>=omD_pFr>f9{oMgNVz9X_iG}jN@>KZYg5qz$Nk)MNMGv?Q#=TP5
z=S}It1yc3~GEjDMyX8cHx76ursx8|i-z#F0dU*=0#z(BnMd2i+9(4ja3i4-@XRK?W
z+!&CvCHs21Tn-{8Sy>b@FjMS%@7)CA)pAR1Hj=G)yaWBuW`)SRux(JRs?)t@{BO$Y
zxZ$>U4I)4I;%^huTW@yq&*0#Uq0B&kuhOuBDcKY3rw%Q0Sx<1``|AV4Bg!kyL4~>4
zP$mq&TXU)_ssYUi#svE+Nq|OrfO)hg{BAr7k{M&+g+{>@cWhte@$~mE_puTsY-|u~
zTK}OfUAM8CI(^g=fYSytEBVGdsW{eQ=GHLmTt$J?Y#0ukMS^1P`3=fSnuuc#PNm&8
z6MVPD3l8b*x8<J_D=eb|rM3oU*plPrx|QFcG2}xAR!YR_Rp~%M@!MM$U#aQ50N9*+
zci}_`KDqA=0W5un?XycoOfq4_+PxUfq~nfPe{_i$7fK}Mh`FXo>5bXFvD_8gT*9LN
zWTn21zdR%R$VBbihAq96rY=u~Y>ES5ZStxjn2DgZDJ6Pgx-IHzh*U#o`LMMFlgCxQ
z)jJdLmzyaEV<IVb5cJs8#mE$imUf1Xu)Dt<1<c8h9;x8$fZ3jfD5Oj18RpOmCH$`b
zcIWXX3f-4%`dxz33Aa00F_SVGz%T;0D0XVCoW7-?>Ri0<hVG(va1nM*l&KBp?qih@
z(oayggtceuG3j4-2sEz!PIgb|N)8ptPcxkjNvepbA9EBa-<5iZCZ?c0`WpxH9hHJ2
zohmBI&q&xLp8}Zm?@Hp3^rJre9Y4l%YfmpT43a<anp)T{V6>ZO5FsCF2CJNOhOMEo
z!I#bA#cLBX0y06kPn{veuq*iWKBSa{ZzAnNm<)aF9JSg2D)Gil6ND;|WV~VajCDxb
zLP|KC7-@-1f1~uku)NbOk(=aY=Eze9;9gE-qP_#G*vAs)WZY{t=?j%LA{>cGaX)8w
z&V))_u6ZEbOfr(j4Z<2KD4sHmxMQ=q3k@Pb+}*aH&v!J0I18dOQ{M|`^i{@$!jdi+
zZsMC(z0e8uGVQ$Ct|nMto%u986E{73=wgQM`mUufHGPg=ac-LUAt}G)+t{_4#>F~=
zYsedD5DWPU3U5SMe!5bU`$x&cG?Zpu2Mh0IE$UUS!N(IwDzRQ=V#|-Cv0p&DRHpqX
zu&xMV$JtTDx23X;EU;ga)D3F~b8(YGtM99?(;y1Am`#_upsC0N30crg828?r?;q1s
zO&(R~Rrl<#2shj3OkoC;n%(A@x{zqQ-P!rW&YPA9@6oTPmI)lomaSwTG=><-1kEV0
zTKSQ1K@=@(A=~Mvv;_$s4xaqL>kB$&>L?O4lz<$-Z706ecv&xEoZBwDkU5oAV7@UT
zMDPxy;YegG%CXb^AWbEZ>@Do`1~8nfdQv5=`S7@BC+Q-WiTbmOmlaCzc*y5_sXBJH
zWK$Xy(F0TniMrneVeN@FB#VxB%3}CrFW9Ja$f?5F>P_^+xZv2m%<n>)zfv|J1%r3>
z&X>^jWF+`3aH~44zReraWLrN725&T5hxRbb@!^T&epCfAo9jdyd0?Y$xWjrN+(D!u
zVUmGraAkeRuj|`7e1CI6Tc*oBYAMO)ZUP9+Rz()&rsv&STqIS8SU^_6GV-x<(CkCj
zZZWZHQ5B_!l?6yAHNp}7^(HB-N2e!je0Hs~<O&qAL22Dj2+pZVJY!!5tJ%u2SMTm!
z$Vqf4utdK<#RcgU5ID3CTMjQwp?cfWpdJopP5DKK7o_TTYs(by>?PB*{<<FB6;I7(
zj7pc{F`J-4ehlSmQkO&ne(ZbeJ1`RptOfqy`7azc3|J0w!@T7@2YIy#+Gj#7U-J{C
zqo8+1Re;8_>`+}9iAE9u6n>5O&q@wNp7aO!bOep)AxR4P0*5L|5v$34Zy;G(`bm`n
zqYvFx(x8NXNvx)N^wzZO>bC}(XQwl+Cn0qP>mwpjB6uL_&5a}*eRS=LSmn<c>$8$L
z>pUi(To4UM%$UTJEIOuYqQxk`#bMz0*K0m46tvL!P<~3NkO-9eW({H;?lVJuH)H;6
zz^Fq3@}`j1$jdud3Ihe67b5$8{#Hjy{VVRA<V#3sC=_c1keQ+N*cP|7%UxAdQ^JMT
z8$A1qGorGXhxCP~qCz+-Xeh+0pOCW&<u>f;#Vw@poIa(p=e!>FVu~%8j+t7#T5YMP
z#%K7r*~@I*5xU!cTF*>hh+&1n$zE+TDR&U-hRzfAlAAYd%2HX^Fzj=;$+LW7Di&^f
zmQsmq80a7<K(n8Sw#uJYJweN>wWbM__tm^naS=P5RgBYMgFf5^R}v(PEXY3K$rVy(
z`%HE$3+`GqmQ^<!Rl<)MQLmXc&D}V0$S3P09Nx#IqB|Du*crsLxOaVlR$;n86?mVa
z)<0EON<hlS)|%h@9TGp`rVLYo^hBDyTHhD12m&(s>Q@vj{3v0BmdX>2cSpIhT{BLE
zjhLZb<Gxra?rMEi5&Aeh=p9ydVD)Vw+Wlm6jGkpnE}d|I^KYVt&A6K|`$eGHU*5yL
z+2`3suWB1}B@<dtbsQXt$gK8#0fsM_FfTyMA^7AAYq+4C{{68n?qZr9<`3Gbo)7BV
zl0A`)kP|?jzaxI=+)hnf!7`x`RaV~*^rAmemZ7%>aTL|qZLa(8riuE=<t?yn>CoE}
zb{E6&yc?X6t|H9^G9xS}au+s(t(cd@{C~T#Xm^Sq<$$@Twv*}+pVN%r54rSqo*2V<
zLf^6)u-O!<hLy=F`+HW#<H34i7z;KAZ(8mSJ%;CY=fn}8<lL~>)dk%*0m9sgw3)fu
zs|ZNM-rR|^3rd4Y$Co7b&pNQimy*B{HGp@I+PD-5rUiqiw^Sy!1HfCUj`GkT_%Uwn
zDe!?uUA7{g{c-cZ?nk&Uw9B?%U$0~M%WsTIH%y<lQXK}%UGXFDUmnz=osPbL&?f+l
zCI$CsvGML7T~!L?iK%k)2rebrHF=%g8KMi23u`toY3C<H{}J=lLD<gX9Hw?pc>0+?
zN&$iN3N_68^l-quPSCG?V?#r~#SP)G0cGNSqlxT2JP_r;{#YNrN3|#R_L;BNBkJ@I
zBD9HA%*~Tsa99hjw$z*H{Z+KVefshrH#`j(%u7wRmiV-@Kh6d)ILOQKoJ0bh0_%0Q
z=2*}9{j~%kuV8KGUnOn468A4(vh80c`VWMe2nrIbO98+8{J2+3!yyW}=SK*8)zvi{
z6OpVJhruaVaVvSFg_YjVi_!KT6r;>=MlbV1*p{^aW*Cn3F?z>?#5@dn-GfhC<^hhz
zWma5rGI1Q1vs{IV#S<Q2rJR29^-vnq;V=u@mF^1Z!Jeucbc7#7BA;F#ctTQ%-bZ*~
z7r_iWM<WTyGo5F7@j!PaaYYKKY1e|EcFo4wB<sXQ_P+KxdPemr>?^0Bj!`GRduz9)
zdrS9wHo%`DuwZ;v<XS9pWimup4%gCLzRu8gj#_#dW{IX%zQ5~PtT9urs~$O4dB2$3
zWqH2~LvTSF>tA0JR%Yg1n8ZmaGc$AdmCzCie~*Xhk2_n|)YMK!s-NX!@N1eWK#1&*
z_q@1qxr!0;s`3Z^?C7V&Cp`$x_`8#kW65*)lnf6K&(Y7EhLx@iILxxLGWw$@%<H}U
zEv!E?fhY3)7#~CHX{OjKsfjJdiTI?SKk$kApEv)%oCNDmrFrJ|XbvUN2f#B%2(AUr
z;O&#3i?IF-L&UR^dUrh~_Q%RFKo}PGzx+tfQ0$Mzknw-s1g3fX`6N(zS#T<?nfUtt
z&II3G0wPlB+^1&m<V>T-Yag5HTJh7U)(PzY?k<hxO!efzBqrXDRpRmU2=9r`TwKcS
z(Vm%X42f>(>|S&CxISAyT{1bso{o%k%~rC=%QT};#oYULu3^*UP4;}utr&02<hU5&
zx%~}NG#$F&LTGdHA_->j-&`pwCkuQ$JgQ7%VV{UrKTq<^Yg-ZFp7pEN?%d4lJJC1q
z(UfkkeZIs`L7^Y&TImwgR#-9juD<d>Qd1%?Za^PXwSC}386ULe9ilG&RRk2)xUoCl
z_DRI*tMeRy7VSnmHXf4-&YLlmJHZTR7qFQI!EJ^9$C)iyd7<|X%#br?y>LbkB0XB^
zI0jWzbYx<p0lVH`f^-#jU(dof*j8w?0WW*@6|UUP5LDze33TI&D<a`J2z*vEZKdXw
z<RukdnawHVg8y;f%gH0=l{0*!<<~uJYhCPQnyt9nveX)81`FN{STMLmH$NjI8p;8d
z&|gF7oHvCdCiz@LB&LW?FjG#e@mV~PjhFsu<pt991AW=F)+l_zSf3qd$ngQ9q3wK^
zl!~G8M`f-EORSc4<RMu3nvwDMB?rjx!hT%>hVj{_n$<bmpQzIsP)1#{bLlsp$0_AD
z*gjZsX59!z5l`(=)}!ID^)*s+z)G>|KyTk*dAYyfaEE`r0bJr~Okmd^Rg=p_bpofL
zC?&)93ITt;U84JW)^@kA1dDsJdp(+{z6V4=p;#ANKH<o>!~=V9$BCHkcRF1Ty*+Dt
zYrh!gjJ3O?x-2fwY|yhpCm0*qLt@lC+cgRw3f7K_4Y8kZ!8$8^HAbvG1ZUzHH2mNU
ze1)HP(N=cZSk}T`*4s<^Oe*}mYRec9%y0WSNY73&%d`z~{fONQ$s#L+ky`dVYnyY!
z-Z`tG5XqIL(*a2R=4Gkvd=#8mZ}Yb;m_B)0KC-w5ovGIqgGS)6Jg=0lwX(h)kg*|m
z>oX}%om>-yTZ`*<5>(YcIWi*ZE-t^JTq+|Ap?t|wt5c@ry=e2%PpGu?4Q2y40yQ<V
zhk4qK*;gt)4_Im@6K!TYduluD!`SRKmTrUxkZW*_SCr;~wD(ER)*}&}=m`>|_lBLi
zs&zt?2YUmJDzag(iag4ie_u=W@bHOu7Nq=DZGL!u`c?R?IazlVg4O<YZ42$ipn|AC
z8bxVLub8efVazB8<|u)<tMzG*96v8oCxL{d6LTpQ+KCl*_p9^t`0^&r{uH~T1iGC=
zAqMfGY#fx3V?G>Iv@p`1on)G#KS~lOXczh0wGk1lPt<GG@0q9qa2MOF`v}gT+MC~1
zdKzsJHN-ZtgY!V-N+`oKxIBeOTNZNBg5}6RaM-eyUV3vznKVy=^)nL)2>^<a25~lO
zF_{9QAd|tiSkm3+6~>u+kI4(B>cdUh;<mx2$prjKyYTh5BTKi5@YK3@hnN@=Fam_6
z)-16&>ch~p3LF5k%;18uXFKLvk&Fn-S2Cw{j;^<a^e>Zd3-;4{3mWUT_?XW*=OY=6
zJbYh{y&;ed8!OVDo0rSMNCi?{72{tiE~Ir9lY2bZ%oL?z2}p4zq%~MUHLa{DRsg?9
zac*Y^QcU!7y-%0EIzwVsGwk_Xyy&9{wsz>G)$_0+o3#CzA!E>q&o{}3sS_$PY1VoH
z@8H>dvmD{*$ocZT=Y3{+CE2UhomLGa8q4Y40Ru>q3es~0D9%;FHBM&4Xefjv#WA67
z5qrCcpB>G~QcOCAlh}RVk@4%DDGW-xuCrTk*TOH3JtL|#b|HR%qIdviBK;5<nEY9g
zT>-NSD2eZ#dXrTaFKS;#(8>Y19oT>Z-27re;k+>%TBarC(HFXKSxCrz9}l#jzM@cU
zZ!fPCLdPWF2N%1+Xu+VTnQyaRA7Ibx;@~+D7rDRg;qf!)Aw$)}ILE-w7Y>V>=Irek
zjtn0pB<QBzg0zOxCBj8H^$Dz*#TBJkoj&P-b6z_bGK%L|i_7j1pxZuhMbwdbG9YHs
z$<F0G58w0wDOUG)CflLT290z?HO2H6^u+A8+XN}S<s`N=-twW3JQiZx3btU)&VBe%
z&x^pUppVZ#oQW(M`{JrA85)FsUsXmzK#Kky_r`>f!^yNtayqms!0U)lXxOVSrXb_7
zRViAxJ}=`zQ%{VV##}PDAVJ|Vu5}}7m`qPGHI5r=`*6>&enxbE1O$iowuTxu`r3RD
z(!>1x7a*`<){?n9Z@xkWu~1+1>rBLY)xwcO$PGI(SrbMJI~~|Zx-QoMa`pvRbMao)
z92l+Pu2&lJ>F&4ji6*Ek=DG*YA17^r4X$=g=lSuNfTKp325xv>YQT7S;W853bs)OY
zO|Yfvlf)~~sFK!D-Sha7Q@A44K&^YbW8>wS3>u1_@HcEb0&E3=OjcOj%Qb#%FZ;#*
zlP=(Cwo3Ca!N{R}1?_SyyAh*22UET`0R@joinaFB;_*9Vm!n%*KSF&@S}-Vw>H+Dg
zGTOw;iMi+9FI&<cgVpr9sP+x}+tiqM2g&BRzv{-H3&?DJ^LogQ4<S6iZ-0p1ylco;
zD7+{`L(rpJjMCQ`osn7$GJrWDu&<!Zu)lcV1ib#Hq%A|j|Lbw?a6fbQYYT?HY7wav
zRp}ef^=4NkcG>hRBwY!Ht@7t02`Mh*jf{3~SeNJWd9QCr&#=LzwPfDp9(@L(zsJnO
z;;EdS4yq`6N}j5W#5^_WX~;TN)^ddp8i~gGkTlC)BJpVm<!R!V&Uq&+1B6ZjILnno
zFbg#$NhRv^5|<mSG)|fOUMInkA$ONqBF!(L=jJEJlkd25;9Ymv?p;T&F8eJ3YkmLl
zM8x#u@Z$6c$Z(bgdiLaa?#PBgYv}WWZdTNtKX(74>=m<nfNw^TJ)KoR7o($&;H^h4
zwKmJHfbRvlz$d9S+KtYSkr7i|p+@%sMK$$GcD}2jN!E2gy`rI9%1`Xk1b7FtI(nV)
z2ImIM2HIQ$f_hpGe`}SN{Gz~O#!RhF?9m^$@T)L2)2S%mDV^B+h&(UW(R$0Kd?VLH
z2u=@A;AJtPFcNWlYr>j@dv!D$soKP6pY>#mFUc01)cUA?rZ&gQ5-ij?22trjX@#0x
zT4$Nm7VW|&9UClxIb^NCq2>Unmng`hKR1_pn)X%8!Q$uFp?%z+!?#on^up2%YVTtB
z%?w>XsJ%kJ;k(Ykzg+{W{G?l-u9&vPMFz#$@vXDw@YSNI<umPtlj#vQaA6PD_yDcV
zNj7!HgVmI3U%`Ehf5hZbTu{r5ui<s+eaMoQ%<S2s(53Av{)WA^)WFP5n9+UtTt8E?
z*3`3myx(i>#Tj4W=%Z@Rb@wC?cHimsRjtR&(8P;Bp{&UmRpEOB+G2j<gdCg|F>3Qc
zSOY=hdSMb{!Tm@uI`{xhz04CuX$uu>DHqJ{A#+g`Tbbv{{_ik44dbG#%*vkV7uP@O
z7Y0UY$tLjJ7w4QKuzDwI<w=9;lN3XTQ)N2No{hnkozwLBqWbGAdKR`B*E^ZYE?6m>
zV$v#ais<8%A1(S@4d(K9*@~+bA~l!hzDN4-)y-wV)40ES`Af-^q%R2#KlumXv+u1x
z)R~A8J9rqmi)t$CIB7?Vm$LoejeW}gJ=ljnTI~x4%a`qpGT74<W%3Y1BRltn6V3zh
zEkGQh0WwcDqYfF%W*95pliuR3?z&NgQ7)5bhXmF|(gr~6FR<?h<AUZVv}Tuq4{QRr
z@+w%)>yJQpfeWeyJKLg&t05E!UX{`p*>~{wj2m!0+Ur|jT~w+SV}==1P;~vuGItYD
zpNviJ1sOH$Z+%4*%)G}+bK(X?T=!uA`?{zR&P2VtG{l><ba087o2%t`HjUB0O{-tK
z8_YnVEfdNG5GA9<u{DL_^$UZ|7#F;oWbLT3BU9{!)(cHz!dUB`cs9PC+^)YzHDH#h
zNr0m4XWSMJ#b56l?(b=|AZ#b$mv8EHAF{P{9qJ+R&;{@B*(ejny5Mb3P#I|eK;$Qw
z|0|@DVxw+(lptoh!;co`0aQ3!7{&O_<=zZZ)FL%2jtMkmX)8-V6QjQpl4o?UhRB85
z1_JRw?&JHUN>5iF_00A0k}Y2Jt?%1fS8*&W6t{R|DDj#?AcKwoQ~x`BbTX0~Nl%wJ
zwD;5p!)W%3D0A+NsJ3OcacCD3__cJr{Q4+FD6?zcNGI&V+jM|Gn2k1rMgK#0<9fNK
zZI87Ix8~5Jvhm@t9&Fw{2)X3le|=5L%IaFNr>H8*$_U`_Am>$*l|QPSKk)*f&;+XC
zotx2P@so`aBo3vu5C0J+%DBZu+S=M(SFc{xrL_Tv2~5Sz8Kx@-s^-&%pQ!quio#@_
z=ZhroMUVI^{s!y)_k8mf;M^7YB=`ge7&7{c31V<Q$4JZNzFZxMtIK>Y^+S2#wfr+S
z{P`oH!qR`k6#w_Xd5j?Q+b=JG4!~8vAOHVf4i12<8?OfhUx%EXAr{Xzh5!Mm$qfKL
zx7_D7-Qn`Jp+i)fS<}B@&1)Y8ZET9Ag{Ll;7|29?145$7%xukIWWwk70V~qd*?Q(m
zNXUrNGhUu?sPOAozERmW!fln?e*&~2w}7_!idZm%eGfu)VjAEqNbomT4Ise=+S(D2
zfU_g;_4QXD$a(G6DM=>$hA7(i98K`LmR0cT0<NNTOM_Mb66_S!DA)#1n%T3p=GncG
zqqa9ao_p?rX9jNP-zEQhDlc`Re$_Zu3fGZhURmSDFKH0z-Whk_^N7yt0=O4|d5iga
zek(#6_dAzLprq`LCiQUIR*~=HUB1fb<&%~)rw|neX1)FupDQwx`&G6UQ3<=vwFRAM
zF<*(`UoRTTUS4QiKKRPNa+RU&7&W7bw;!F>R<TqBK^|vgGaaprST}-%S&|{7Vt0CI
zUuhaM#HvTS`oQuenijAL*9!`mse7f5{tDdPV9+ihh|4yQ@a0p&lF;jbuS(Wsn~qCE
zyTqsB4h)Xhj|}%DPO67~sSCuCp8hoABkUQHry1metvx9~SLW>s1LW*9zb-+(wsXAB
zSa=Cjyu%i){3tXkC#%&y&EG180%I&=&&S{q>X3oNO&5r(6G7bF#5xP*!@Kg<>!2nt
z{SDIYgxkdzJd;d(unj`{wn1bNVCP}HA(u?#@Q`i|zJ1qe(A7-;u#J5-nbcO=s{48#
z-jzdpq||6kK=#Zz&;ch;`YgjmUEfihyg+n$JTost)W8zRuJzgFvDXSn8Gc`g52^wo
zH<a|Zz4JCEvg4yWH)i82FP&fpk-=nsX)VC`+vbSP*OKUlk*m?#mt`b3hgQOSo5UW=
z`a#}}38xRR<tFw|QGiA24?Tw>(QI`owbovu#oGKBY5ediJfc!-KMmRy`%CO1p?;c>
z-9XK>TS|pj{&npxBa*&@B4)0oF_IThcT-%T%l0uLsJjoganYG9Jn~d3>4{nDIL*`i
zqA`}WtS=zNg`Iy$iE3Nkd|ed`e&!s%(aIH}LnTiUI}voN20CJ$OcSYpdE}5?%e}TP
z`wqy-8^E7c1DBly8rB5a*K{2jyL(hPz7c@s`H)kTbyZO=+CcJVpp$R+7UJiE7|c*e
z5uf<plxWIZ9TE_3bcb@PQ^X=(1Q8F8ymUxAyl!lyon?<C<U3f-Y@SG(p}&<byOq;P
zuAkq(y4i^n-som$wBez*ezYYe<WQ3?oC9Y9ND!ul-oc7+?F#c+|Fn~et~c$*%_hP<
zk0zHd3M8Uyke-v09C3(zIB~3BX@u>^ZXpOnAT9OuKoj>GHVQG;`<>@{m4${j(WSWL
zF#gyB5V>xJMd%C_CFVjCabALUeK_(Av2jaS$OJEc&o4=R>^y1%zlo{_HVe#BBg~1J
z+_@`@Jj+f?B6H|n`dKypP77;x0ddNvsFLUBYr|;W;EWh(7mB+6ep|A`!^6ig4ZLro
zv=L0l0(AF0-zRg=fm_#ZHTPp-9D7{C8V(mL+NwcLlNLG@XgVvw=+ZR?ow5(j5iW><
zP*h8tdLqk+H{12ot5NYjU^fW!GT!lrbT;KKcW>;GaX?Rc-`NH<Q%`GfTzn7{yIXF-
z^PR8VI360`A&-XMm83g>y(-tI*zbAgd88D?5$0*T{VCKK(ZgYfBUpG!kFXtkD);ru
zVV|o2VwaL%v}J}#aXwNaXraYkLSON)snlzI+pncJk5@YAN0n1}Tpn|ep&scf7@2B4
zC(R~r8f=#`(#l%Q4h<T(xV+Lp*3Xa8kH(@pJx-Sj;Z%)%Aj?Vue0zUcYMUD!kgWF{
z`?{_;{{45{1fS=yt}&KS!;}w31o1B~4?LTD8gp5xqlnN@uz>7jD)iFZ+(t_#$O+B;
zh6rNb73F7bIdV}1ci1-rGR#x}e`uxG8VD8-c<|;!md;o-<4x&lG)qlgz1hNeZ0ww(
zr2T&!v-OKFoDS%xrO#nf={F5-dcuVQJ(QO|tc=sa;398h0@etlicaw2JU^IuD>(nS
zePlSqaR8&!p_6|)YWdq}!FKxojvjmTbugqgz5<(X40!u3aqy<UFmG^F;p|T9kk#uD
z$2_YGSHfVlN(2RZ`4eCJ<AMcWltH(&aJV<*OZ}7?MXa^}dMAOnLBbUUNVXw6Rjy9C
zY{5@1S&Xt2x3XK1Redb?`E=t%z%F{)PR36HXBwD8OJQ=M>W#hj>}s&(zPCrZK?90q
zDtwi_J+UgCZFEE2Dir%me>WikR#Ih`vJCZvSuZ;n*P;|drz>uzYube1{Gses($mRL
z!+D<U>ZxRPPdhaODa^=7Bk{o{_1Oa6BPSP&H?_@lr-LuBFBjvlU2u3@VBcUSb?n}G
zu9lezWpX@<x#DQe$bF}pgf(whR+8bT1#Bj72K)g;=ZG(7fdF5g(%r>7vrNdb$gZ*_
zP)mWss)4D)U%YO7;VWmTVe_<HnEm3sg2U<Y8;_F69hl{M3%a08hr{TjjT1`t*r-?0
zUkS~hk?mc{kI{~}mXK00Q!|UNE-(R>3{$V)TT_qRanVdlBlZ%pTF*2%tx3MqkW}r3
z`Q(cGN}6uhyU=T52(hwklmFOYs)=lvxy@>bFUjEk-p>?wZt03ko7`5+#O;wPhhlDn
zJ4$|yYsV{Sg9`6an43DzDkTdQc^*sr@G<y{xkqbjnKMc-54!Xd*3T6~Staf$!B$AX
zgfNtya0LF3JoN8gZH&k#cME!1JI5B#QoMH~Xeh5N6;)h8N4G^E_<APO*W2-K`eic5
zt#2#i?rK$kC)XT-J(GCKz{N}5B-p4Uj4eo~>_XTvZZm#8mjy5t32pg<b;-X<@Z(2W
zVMeH2{4R`vt|o(H07TqutHTZZg06P~9O_0X{wAzTVxs7BEa45=ujhqG6suX<xw@5;
zmJIHjDt7HL<i7`9wTL||Z^BI3l=Aa@^qGj(B&D<9-h5A+8xm;>vKmG#YEUyC=n3B#
z52hNq#0O!X2e?n<>lI2Q{DyI9QNH>NAB(~+nu}uCP56*iw48`O(45K49^befiBaac
zp*IMJp#fh|PC?otmh?&y;C-**V9IY4vBq*@rUxjQ%<4xC#(V%R{N|HU(9<Ia*osUh
zeR`xX+Tz?hweUa(Pc;=f-X(ex0Iseh+}IIcsk|>y?ZZeaS~1XsFU){rM4WSdsrUY|
z$7Vq)yGe>&M3p)vod7-*BhZ0pcc<s@diKcpL{$j2vN9&o0I3HTKVnmJ;UFKvHRPEE
z>|4jhhV~lqcq8SojY~&H8`|5d)$Ih8STx`f?y!_XyymqbRM}*rN>KsqeHOcwF`)}2
z_KW0tdE%eX477NHm}$=KmcN$tc)oxQ+W8FVX~P}<h#*_{VQdT2kA*(h2=6Nles~w4
z52NEm+;KR^MKqkp*0j_UPFN*EC$u|Cy6~g)pxyiIx$toXx)XT;0GS6a%gOrD6rDR)
zA3kaZlg$NYXUQ!qxw6{Ad~OvFwe5Kwc&Qis&g2xazZ{R-lWMcBJs(uklXAsH^%+5Q
zAA+%qCNrp3omhvKqQRpTEu8dj#GCle<~=5ACnC$N=Ya(>LdFy-E?9~_C<Zii9eAKH
zjZOi&L9F@CW*iX1*Et6w)}sXSF+;>srD8hw56yN2S~a`M%X1SFu=hvT?xA9)P3?XN
zeLxrhHn6gyahvQzsN4`TJhiBLtH2T;GrGt^{B5e`zy`CY$3QLt;+;?y6T?s`D#v_s
z%K6E`E!V@_FT-UOCtXU{DYWMh7xcULvdxv>vUgKeFd>2Sdw+K-+4nu6OHx`-;@lT9
z7n#?p%@UzO=0JG=I*$gJP&U>EcZ5VPVSRPH22p-e08l*HR?$B$UT){Sjq_&86j;m8
zee34K>;q)Okdu-Efme?XvE|;M1;KHWwiA|GFv_TdnOhYmJ`rQ=%0(B?*I5Gj(I69#
zJFkJIms{rE8Crd<129!KAQ1%z?saEkV5aGVlvdb)H!{L#5aDGSKy6@B<qgMu`f6=N
zH*F$-laLvp*7;zP{ar+>>dxT^PZu20Bh3U8)UW_IJ_I}dtpPbn2T@!FfIG4v8&xc2
z=FQ3RK<HA^Epu?_0MANL6K%vcSp@HzoGYRdU-{a&_rYqPsT0PzD}IA4gwC!J6$R7l
zQ{Wm2fNl$TsMj=dO3Fz|laRn1<#*?}+&OAPfTykrQ?XM|+xAAMYQ@Y@AgwzBrsmiR
ziEsk;K_o4Rnd}^*r@4jJnDT(g<3(V=;)Y|HdGE@jMIM=LP8Lwn#9>nVnql@xBAM`$
zPb(NY0BsD)HbB?Ucvd74Jt)?}C~@8F^q<1d4RTI+s6`}o4pu<yM;V2qcz&t}C!aqo
z1o$T&H4Q(CZ2Jcxe9$#rM=V+xpy0`EFk<efy`ziCs)(7Sv8E_@)e283quUOX#0NjG
zV^{Yks8s{P-<xT$69H6$gr{1bzJXwQl_P;3Dq&6Il}5(r&4dZV3vk5qwo_UO7!8b_
zc6syVe&_Jz$?BwrOx*~!z95v5`i?A(y=Rr{=gcW~q&WwZrdradV6Ozcueo1fqu-tZ
z^EnK$yD@mXiSMAj0b-Q{v<nxw+1$ziwPL8?y^bZ`Slj$~NGv}uP;ihfj0I(*hP5&I
z+sG6j<AI=h(5?c6*Nqj4Q8=kAE)>~`<uPRsZc|S4kKHw`hMjce9%v{xs-|xvPPtQV
zj2DMy7COZ!Tb$9G-<eOUQZ6QD*_+y~%GooNA9zFh0Mq3!V=5_NRkM*!zd65p3VRzT
zUQGviejPXgU(Y%J{P0m>MNN|KUFNAhgMe0;Schhq?;N`B+svS}VBw?MR}?_?S1t$a
z?c0c=W^vl6NBvZQJ;$4U4CFHuS(W3ZKB4IaM?kr7U9!7)jn<QfvJ<y(fSy__Gt9PQ
zSb=q2-?4B~DFT?#sG8TB=S~jqGM3b3V+OIgT(<JqP?!iru32Fosa%}sx-d;D+12vo
zyWTa5eBey6bOn3iIrV8c*Pi9&o}E0Q_HTDtU}5SqZ^pBv(bOJF3JH4wPE{O-78+Y-
z>eWv+i*b?9L~`R|)W*Ws7;jpKez-krF7|6UNF30Q<_ss@Nj}=7g}ggPWL8sGWf}nw
zhcpQ4ZO{-;DI_n)Ve~yXgMUgci2+P@hX;PHi)gK4%Y(?UC3~vY$9`&@*7Mg&mrlk+
zSJ;QAbN$kF?P6k~{74HYhn{ar)A?H)6Oy&N;jq>ZGrlc=Li^nW?fxcrIh?rrNK$>(
zlXu~ftKEYXaP*oWF%CEW2?{2<CHYo3B(<h`ppAWPBrWOgjRH$8k8M#4SF5*LpEfGW
zf`wl&IIv`TR7P$9SorPwiO3={4}Al0nq&5SQLW^wa_Sy31<Rd&{iI-eLYR=Kl~d(N
zkh0k=BZmPLXe!C1+JdW99=uA-7#ft+N!fi?9m(6`2A+BFeF$o0pwezFD`|$ba{&`#
z+@Xp-U<EDIj3B11`aJ|*j#^P;nXW2;KIdXmP>%FL@>Lmpu#<g#r0Ka@U+>T>Rql-|
z-r9dMeY)n5f91BE1QcrrLn|@KCwcCpqGlkso6-Thj)d}{s2mw$`}`GkPa4_2?GdnT
zN7}ZO>+N5ZE)<`Rs(=@Rt@^WadG>rx{QRC)m97}LVdtYq!?c&->ndnrb2s*xTlxX-
zqT5yCqWhaTCXv^&iS_8N=8KGvMrhMy6~x4>S;L7#vVk4Z-mggBu4fMkM|bE4@1H+?
z#Es(3FPveW8j>C9$$K@x*X#p%N<pDzF-l|sNsV8l8o;}<RJZ87Rj~dfp&X^RVnPHL
z@)Nt!Sx*!D@)D}dWZ`<03A)h~b3tx-C?BSDWInP6ntj0-o!V(^RA(i@CfmT?p&#fI
z(>26km9MLRmj}HqGvopBrv=UI%uL^7MY`ZLy4KM$3$di+aD#s#!a2&~viKMwqW<Q-
z*%@oZ*T&ORV8^cq=24}Zr6w#^mJHp~{eiuR-TeZmkFpYa(dg;P3>Q{OqVN4QoBswV
zOxD5m&GW}%^$RGf2UcGUQjX@w2ag`7k_F{<!Bjo<SQ%^Vy=#N^2Weg8y|Y};g-s&r
zW6DHTMpY&!Lm1u?=Ua)nE9SgiI&v$20Nhq~M0`aT<43XwR!6?V)o8AA9c}UHkcIr%
zSJ_Hlwd3L;UTFqed=mWia9iE_?Q+`7QoMUD1{u8ejW<3j8FE7YY0f^$pCPq+Bmna0
zjpWM}io#%!RM^OLwr$N=%Q<=hWBaB*{i@c$hI@lo>~bbjbRnz+{wZ4-c9>y@#aMPl
z3Tw(FNNtBb{~|`&bu;tvtqGj86Wx{!FxM6kPwL>s##l;6!+0u#cRRj3W@032B2Gx8
zo$0^_dCm(di4E9XoZ{}B7FcB0nLnsZfz|Y;yKy;VhSj~~ubevGaBnan(yJAZy5y8q
zsZ^fkh|n2GMVsRfyzZ_@zZpUx8>$WI%F}dFU=|&n8%{T?Q^wU+r+qq+Yxc!^MhW)*
z`HV`+lAr4e;bg5{-ur>9b^UmEKRi58;zOVk_6DK_k3|WK$usNUUcJ4+H9uD1Tc2!r
zDTVBNHiLM%sTul}l$kmxd8H^R)#LnnDqWT09T9QHo*b`XGsJ%#yFIUKzNG9QKCrE&
zCq3`tID64gSLeJh$`_BzaOU<uMoPpzcbm(PyYtfu2ypvbJFn2?*&2s_Mys*Q5hJiS
zp1<c@(DwKoJI!4*l-RXXK)h+1ZVEewv@!v$8_VR_eOQTxHp>_83#iOgsyiMBfTWY~
zOSjL^zfE~D_>_~=qY?n0Ky8F5X3J{&$?EB9aB<L28z<m78I6nd0TLM)znz{=m#*R>
zE~e2}fihoDtkev1!JB0{!B%r)XHx>qA*5GWPb|xQg$^`u(^lGlCRRf7C{x@U1ji*)
zJb>vL+oud!|3J~(HO)zUy!{VzY^0$K#FZY}H4PY>_S4K>08S@1FEhAmgp99E&kDVq
zAYV^s``?R2BZ`cfB3>_2ky)sBi&q3Pdb?et8k6jAq3O`d%$H~8T|caGc3r2ZX)7&%
z&wsz=N)xLnGG{J*JSS?YyWkdXJmj|Xsdopo8l*m>_hwg{nBKx+&8-z6IJ_&x8Qn-;
zP_HgL(tXJ6{dCk=j&*T{tMU76>}Wc>#WUgXdxQJNf3F3(nV2~G(N#!4H8BD2!cYM7
zY&Z7bLtKlD{+XM%+acdZaxtD}^uN6D?%;Qd+W%X{OsEn7+<+f9^n!`Wk>4LU%m64<
zGF!=%UwUxg^(X54CvA(pa=eXSH*mxG>EBp`|9iek?0aB=;+x<ZM-S|M_ZJuQ>Bm$W
zN0Et$ANb0CQ09M(&c4e32fDpC_MB6rmTR6o1L`z#DOc-7KY^5W6M0?=wHJN@AH#Zd
z|AnaKvQa<aVEoC&>`giPTU4i5f}@3Zl5Tv1=~6kr-MGbJM_2y~zx&3pbLzzXw_p@+
zspK2lM-R!K1FaLq+zwIW56?+-{v;Qxe5+TGc3gRw&-J|svm?MSbc)TIj#1`D@8mK$
z-^letzl6z|_u8QAR>VSxT$8#NzX-8o@LEW-<xmP(U7V@PrVNYh1em0-S9zjWt5Yhx
zfJZKe{L62Iqh}YdJXwENoLt=5Q<#JEKxLNw-rFTHKaEE?W5Gdp7I3jzR4Gnd5zxZ)
zC+P&)^VxE89->)ISsJ%42W;B(Fr;Fj+?HC**{#{={DeBa%oVvkoBoxD=%BkEFnVE+
zVxYy~yLJrttlI$D$>aFo!}D4v7}?r7(B{a&whKeNjedX`@V1%mhh`tnQ2UXafCI3y
zJz9dV&&PGlG7{!6PXYDz0pNRDA4yw>le{x`sG3qqPK(-NB72tf>CUH+po8z2Kh9RB
zEd8<R!Tm&>9)#Nq^1sEs{UKonsN(?zq5|PY@OvL#sA?)pz8Gb>H9_!v$a2h(I{?j4
zM)%t8nWh{*8|(}4F}36my>&){Zs74zWIv9y5zy?<?jCNMU0(IwdbKY0`GsLO++<fr
z_#T(`1|H{dSZ+o?(AojCbd;}>xC3~Jt#)bVi_Pp!lFWS9R^!ATb2lJ4&H~+Q|7bp;
z_M!lfIU!jQ>iDaU-f~777&_|9nlvd3r^^MUM_z*C-}`K;l*U?tJ%}^SyEyC&otFwP
z%x3L;kfY(+vVe|?4=i}$K)Z~!@zq;<2?ol5%SnH_TCxvS5UP1tScJ2>Iv!{h*sbw<
zG}v%R{BDryZh1<j-X5zT?Q4rPfVf#eeB4&28jaIB5u^Pj{Mw%uXByZCMFp~_{i8GI
zzg$`z@#U%J;)dlXS`pUM+Ykf+kf(sB?}ED=2h^efjD7-|ck`%dR?xSQ5{>&kd8_4_
zH-iD8YF;xeEyCpu?$ij3D;x96-2@z$rk}^`%?9{ia`kHWm+1N&B#-c!{Zs=LqS5@^
z7TU;xuBpR`{Q$a(QlF?&!<M$9fz(O*PiV}9;lcaN9q`M=GokTIv<P*93`o1!@;`My
z<xV=MLYMJcXM7c5vnOgQwqQIE4?U0?!_tG)c$;glnm$K;eh<@#kI|fOaGp`}L7_@N
z?p+$g>LL1hBmGxc%o)Rex#YuP68(Tj{uz7%Qqf@X%L_pLbRx^_d$Zc`I{33rVE>Ew
zau=M8#?b39nrFet-xGN3a5Xc(D-_S;x?zC`hPTN1R;D#z-qi^jyvY&nhP!inZGZ=u
zd+~A9&BWw^ijNh#qR)Czb-m#BhM|&5JUnP@?{O+|P%gdD$=NUYw27`|tw3m%ZZG6O
zKVWG;>Q~>GjU3PJ(#p)zY*$ik;htaS8o~@}**={;1GxN+nQMAxanJJ~Wf#LN8J6ei
z+8jL~jB5x^&i{6(AlTIMk)P}j<93H;pl@ej#z8J53fSW)gP$i!vnMeX`?j-{UnnBO
zpKt>}I;*$h+tKFB0#^RO<!QHwZQ3e1bD7!e6rdj(P=%}|4Ky$q2dm8_I87e0bvJbj
zzc)djo~1r#!!R4ar}o<_x5+Gfwt{|8a}5%1^?m&f+hgw%Z2BG7_Ahjf*)`~I!x>Fr
z1_4-*=RKWXLWFJ+1hi>@KE(1a$j2BZA6Q!4Y=-hyt4(E7dwL)9N~Hm4vD1sSo#f>T
zsSfIo-nW0JcDI%7fdQ3J>=TTzLjJsbW$&YKlAa30Kye%Z83(fWw_)6<4o0@KcPlsh
zAWA&?u57aXRoO&r`>AYx)3<A7(rSU(euQ6C${r!#Ol3Eb5#MSOUoMnwW<0N10q3Kq
zMdpy}oiQyjd{D@Zz9}DGk3a<u&>aPoL}ra*lnHuu7ZZz2RBo4Q0x#!{nnPZaf9LY#
zOO0DiJIf}v-HqU{XhZhpDLCQ`<zBc&Gu}_COq_wHf<Ic=5z)fL-6y|)E&2Dv&}*Yq
zKztqz%!s>ZE)KYQ^TT4DFANkP<o~v3o-eX^AFaKfQ9RntlyT9!Z@7AU=>F1iLA`@~
zDmxOR`w5$Jyz=z+eEo`ee+Mo|djBs6{BP2ugm7Bo`?9;eT;x6A2)C-(-a?w9f|#zS
zKrm!`3&R%aipAU)Q5;WpCK#MoZ;}ic5zICUj(z<sR?y`~kM?I42RrUJ$2<e9`v&OD
z)Ep$q910P<K@0H|*>8v&>Vwb_FRp5X7=Am@1wZd!5z`QAfTW^t4VD|cX7~m?ZQrCM
zPf(~QKRXth0E$j<gOBAyeTpTPM`^b6Ol%;V`8ZlYLe3uv`Rrp0At;IA3ttCymh;WW
z=H0di0ySkHF38_~>hxYFA@1oynYlz>X~Z+B0Rf-n`k`A7c9XxK&8z!Q*4+)J9#kZ3
zG=?QLlCA&VBG7ouZErHy$xnv(bDazM{)7g-Q_9IbLFcGc%FS^GTIB0}mXo#Tkp~<A
zrUhgt^}P)CA3`lUHfK5?0t!?xPiR8`^P4vo*<~gKDf}=!)0iMNmX^6A8etu8mU<Kb
z8>bNm5|#;e2H)lu7H^6$oR*SL+6b!27e6JiBR(FH1RAMRcmOR|HjR;9{5X%0U=75I
zb81u`3k{#Afvv^l^O_AHVwDt5!nXHW5MNvOA6tyM<hBZuT4BVq516P^!`ACNa6r-r
z|9o@64P|CKrFq@$U}sByM%~SuP5{3k+^;l>UM{r6#mp$bm74-l!yXtNb{;E2u+?P+
z>zYV_*EVdRA?S~8_&q>Ap{u#I<Iip|mW!%X-nN=Fs;|K}YcayU1`bDpzvP`KJ_SU!
zrsfdQAC7!?r*0ZzZ=C!XW!3HGRC>cgQ41#!sFG=fdp#ISu-2B&q0p8rSU6$}!5|h?
z60;F(kuuDhzTeknrSFh3>|N^=2b@FB;c76KR(kup91eg_`DaIy8Xxuu;eaIZm%bzo
zYd9@$0MD5>EBMc`=|T^fh5I~dp)(zGzVj;UmUr_-XV%_eRc0>qy!8XX126!<r~*q_
zmbprjf##C@ZHgRE)GsauY;j8dxUD<npRD*tAKm_8#UD)96L9-Efq|L&gkB%8xW{Pv
zVyT^vf5yiTCL-M!5u|{J$P|$V-}=Qj9%@mYT96n1M*l1X@ciJ!gi))bdl)O8uB9!t
z)or#bw+UmPJ<H(ChHD}v=pp+GiT2T7I=g?7<GH_H-{rs@<^Gi6M|1RleyYK}`gi6L
z&>-u;oQ%g7Dj45veF$DVcXAnQFu;8=(ZYnnm1R6EUGG>;)z332xi#My{!%}PeeJ`V
z(bRqe<PQ+AF;TrA6!ttn^`!ocinkhvqgKMP<7bDpmdvT$h38r8qdlk*g(EO2Vy`yV
zD691yA-DYvoi9Io<aL<mrQI6U?02(pATXUk@bkoA+Jb?sJoCy0d|}yE#0cTnqey8@
zfo1zq3glF%JEH&9FD@A{>Y(J-qKAJHGabso1<gP%oSx0mA6-ZYQ_T2d%>}+o991cO
zEW=bN?P^QoM9B&cRsOC2wg2lf!1OU1)N*X;x#N&>JJ`gieW_Wj14tpe#C?Ry=fXKD
z8qvq9kLd@aTm;nTPvT`<ex7m{XxC07d!k4;l-D;X{KkXW9Z7d_>rr&Z;Q-(Iv+f~X
zk+$Ru7<(eDL%Zc=wEZC}iptul^)b<SoLi!4F|di9zHxt3U@3xZSksGu<)veV!Tr#m
z27v$9aSXszl1z#3yKRof>U;?TzTdv{ywWBBpN*|M%aT^96qe<tqZ$8p9K+H{MUqQG
zjZ1EQHW{vl8=seDR_bnB(ZjgD;jdgK{m0oQfLY%|7}}`V6#vVe|Hb$I$1{4?QVA;!
zrfv-E=@*?B+K4(ch!V0p>@K6w>~10)e2tEI0nE-c>BE!!#CZj71s@Q;b)T|!#WA;l
z)*#8+HekJ)_u(l4ngQN`PW)+-yPx)6G2SlU=-vWfT+$eUU+yXNC|@Djd9L90e>&St
zH>C_-kNfziSbpmTw=-Lt1_kFMDSMt9sc0?)IY+&3eCD#4)N0U{X$RGw|E{34c-4o!
zg=Nk$;Kmh}FQK%$tlUlq5XRD%{kDS&%mMht%*eulkP)5|)L;01#@8!L02m>nx~awb
zG`q^2pfbgs9OWm+#jgA2btEvy9vL_rph{N01}r)Au<-%`3%!~X20s6e#PS`uRw{8f
z^o5?ybk<W|6UHvHWQzhO)Eu1OS`?Vvg~o$!#_j-tEgN%15%%8j7-%e`$JC{b^FoT6
zf5LbCeu5P8e7F-L#PbG+JKK*b*SYf<E2;*c1Os)=?j!6={qBd1HsvBo@=+i5qnM#T
zn(CW@=LplUr5-(LosEFBIlOPe&e)K5slk<39tAiHZ}?k)$qJ=B_NGD$Fxikdm8U&j
zPC<G2si)U-wRieLzZV7kWPjKeZ)XSqwK@>NPuiy9{5(qA6JLIw=4?#tCCPC466v*Q
zBk=#Q_m*){t_$BNh)RQWgEUHagM@&9Ac)c+-QA6JhaxR0f`D{ONev*abPgaO4MPll
zE?m0zTI*T+Iq!RZ@A-1h^AYcvapsOI{@Jv;^QfCi%B9C(6XM7*tOo(c9AZ3(ndS`P
zHQWI53*OU{odIjpoYPEAMObxuD>G$tuiJ}@eHuQ|FYcF}N$$R1ej0HzFz?g88Zf-@
zTrRpV00}huGd8#fG*!N(DRj%<_&)1Zj2CH+sPN-xzjWZqX#pA@X~*lpvH#74h4@4C
zaE<b~I~0FxUC6fH?Vsc#*Le&9GES&@Dco9Twa)9L3(4E>M5Os~^mCcU@KLu?=nt8w
z*g?VVzaR%f8r1PIZ6UTGqvl02gJOH|B=bimr9&Sd6@DI{JN>{q=-7~D!KR2=l_Su8
zcAOH;?d#>L*p>nH>09iQPz;_HrtdY{Cag22y;i=xVNi36`3$6(#B6<7JlPzRAV=oq
zx=M?vbo!QnNzvyx&e)i)NaFFCA&_eHxQ3eg(`};LrZva%!(bg&*gx<4Ha-)=Or48M
zRMIEKtw`K}{<H}Qx-elvfCmXc53hRl{6LXKf?sjRi+>i`>+=9Zy$c>?RPAW)Nw3JY
z05uaLr=8~<eEW|RbG9}tlYsZd%)O#HgnipL8W;znwe`1WL4w5Ref13uzti>%Wy77)
z;tl`~tdO@8;SCa&7%t7iG>U4BstZVq%qTRh);gBL$=sV`Y5uNDb_Ttw|0K&P-Qg>1
zj(&8g61p>1qRG@$b<?PXK#-5D#?C}|Hb`;akLVvwhT4uehn#_1Y;=lWqX8ZJZn81&
zLDE;Rv$3F$ez`lnK{rQlcLMQPdk~adTDQjnAB>B`ZlAPQ{VDP*zQ(_bj~%IbwAS_f
zLq+K7qmR<DE1x&>Jn>D<s98T@#4rP4qxMxy);Nyj1L}CNLT`_b@8a%Od_3>l_?C;7
z!Uc~((TGy_S-qT^jodv;NCH&G@7XSeeMgrO>vdcSz)$|$Xbj|gbR+VcWl6|${heN~
zHb3FXgWJdHHrCarf@@8jJqXkHDw^=8C;J1XLKBcUO2l7r#^XAMC%=@$$JOGGu=!l-
zu^}Irm51AWt%$jD{d7`bUUpVuy6cB&>r60tbRYuqdFF6Cud3gV8Fkp7T~d^@PRezc
z1T|%|>{^Bb$?CLQ#2z7T*8@!4+LkV_G(EFvYFpL&I;P=^%FBKKE3^PsL#VW&9{oD$
z^ss})9a=nvp~rYDV?Ec;LKAi;VypuxQF_J}-nqYIP8Nj{ZGrU@o1ea9jGS*ZwGa$^
z!=A3^^-w&x8Q9w{Xwyw+O;kM5`2N62o8Pk}>Lf9_4q#X7oPk%?8;P})#4>lk&fFI_
zoR^}ZKID-f<b_I_QJu<~Eqr^N+*PJe4ShN0A++0sW7rav+sC4E9{#^>D9H`P$4$XB
z8p0&%@|uR47sy(uh{+3ID7|V=K&F_20yRi1$r=Y5D!-@vIVE>JhOQF!LA`-<mB17A
zXCY5Lu;xcGvnjdZgWf-d79^T-=y5Ul+F{`CX(hnD1=6TR>|<P)By%YUzURkl3Zu{#
z#G!bLfWfR3=^w2PRacUWJVHEpm56RL*Jj;}R%W_OaWA(sJcvgr_W586QDDp%?p?(D
z_!2C40-oT-SRjyKX-Q|Rc@1ge4D%&FU_wThz`<9s_otOYuk*)<{FJWmN;_DS@_5mK
zjL`;n+N0IB)m7S%aW68%$@xOBuWXZ>#dqS2QlDLnJs`=TY5t4C%2fRhr^p%`rm)OQ
zGUf)VKm!FbEFc>SEgvSUF{VA?q!m2@>J5|6BE#6zS*rK8I#1(E<LtA_z9O~r<CMRX
z>apoq_;yoEVM!!b01GW#@mox2({^HGj0p@ayjU6n#{2^oj>@A}!KuHqLlAa4`2{`R
ztbVs_7JfXEdisLx^uR%moFgxetWvD(>?#zGy#6(9%m@08p-SIiLSrxBD+`79WHZ{Q
z*xSr(EmPE=1oXyOxE~^zY84kz#n|_?ow7OCX7U}E%hktqzjWe5@%cbBO7KtsCm;Bw
zGyP4i4eFY2GLj2+7n!&37S`W1^0R<si!;_@a;GBBTN4#VM#kytARl`pgt#3n#85#8
zrCjdjR*}q#+Avi{!~tnr@4$%x{Qa<2YG72ccX}~ZYmR9v2jK!By%L`H6^q)(9Q_T3
zA6{aa>}GN?upVvvo?ntuJ8!*~9QgimF5ee}H^^Uzw^Ldp*im%n+ZOADoh3gOU@>*t
zBp=*<v8KIN#Nj97qC8<EuD&#L1dB6z9*b-c#22Ml9cO>{lP~^8DxwtGLl@I@dNNC~
z!ZV^iQPQZpRnfOFYHJPbX~PZ&UeR8qM=kPU45Zaw@YtmY`A-D|MhntrgtouLV|6m9
zm5rW~qS@e?c}fXO%=AQ<%R{Y8^DHko<J5R#{#p^-w1YRet+3N`MgQi<IZ$)b=0(eF
zzCvwkh0uN2ZMqJXnF66Q*ndlm0mSI!|I?%YN~`&&5B{Hne-7*UKXZmC;KK^Ma0w{7
z^gV-rXFC1y+_uN+6+SwvH|6?6n&c$&=h&xzezbpOLjBLd>ot7FWE+t@bkBNmB^u=8
zU$_m<^po)~>{;jR29H#=5CY$0vh6>+VzuFt_gvlFUS(SQo?&j!eu`z^nQMPLn|rpu
ztv)e(hK4=wM>X&30Y}~1-i{e!tQ;BS%xIc+-(7jQ+3ZQ^md<9aUTt_5Mdqe=!n@7-
z!yP=~z~&`J`Dae&-+^MYGmYuzH(_aB@H5%k-MRUgC7(v|6XuzVy+Qk(`H;Q-`4+JQ
zV^=4b<CH$0_5f#>jkixTmHsl}(pU=}47WzVDG2!<Azu2@-ha?U7-SauRbNbUehJ&C
z^X!R@eCf6;u`}qf6PDKj&dA7R>V!iKPL0dvIlNOUB8*AgdFitH(>>OCxnnDuC31o{
z!8bLf|CYq$Xo@Xd4#KPVN@Cn0ezz2wTV8CmT)=(Y@9pgn?QKzubI+EBQ>+p@!niIS
zxGJpSRWs3VVM*mgjWMBAzCp+m6kZBW@R1Wo<9qQxI$~T8RB6B){$Qbu|7&27s3)}p
zlAZn;f?bmr#pS!psEr*yBla~&<_-1Tvo+Pl%`|unW5u9%Ol<QNR_sxUVQnE#g>gY@
zdm!CB%x2fE4o~mJa)bSq6d|tizjPW;3+wM$uXpZlay6zRw(lC1-9O?a>Fg&?pAUFX
zHpGj~mTo1JO?%FHQeaKhwmd@U?RlqR1=6cVROs~7?~)|XW{oVfJ%S&louh0{6ZhDG
z@xBgm26!)Www1O<isO<o+=%?UeGE%$(JcdF3HbBXAzl3gjZz!eFXTM!{(O!?M<;47
z29BfHy4Y>CoS1IUF3Wvo)*(Hz?bZlWYTQa-R<dN+x11r)(B;0`{$r}R?}$s4TZhiv
zfM}G<zt4*=P%HhT>n8@Z3G}qsB}Oh=T<_T#V8}YYMU+=CJ;B|%$hw`Ts0SeQ6kS2v
zZgI{hqx-!PI8XEK{H2-UmE^hjnJtd=C(oFt)ytkzJ~vLU4+~|X%OL%AuMP%A1qcaP
zQSQ(kX)3Vt3z{eIw|^1}E&sr4z6TZ>LKtTl=0#HWW9c$3Ul0g+k(%R$Hf~NJ(idTJ
zH&8{=HksR4%1E6du)#5i=cv_$RJ|@eDA0FpSd1Kvu{JydBy+0JBO4IsNABpb_M4kK
z<k~gzZ<>A2a-G4J(w5Ozpy(|mg_6z#o8FMFXWuwq5mx&g0*|N?waP-<tyzD!LiB3h
zX#2-DpNEp5_m%d{$X5kAbv1@-IW*!ed_JO-<RLV|r0i?cO8a+J5ki`8yUnzCiKSQi
znv<f3JIC+&gk<dWy-Eieg_a6@whM2uaqA;uOL(DIbIiz+_sh;?D-$%PM#`GnmB+sF
zLS(0t>>0U-DRJ`P=c7{c;b}w;!c~YX3h@1Y(Sf~tzw|klekbO-Xl>Je^8Txi&X9q}
zod}H%XyJH|zYaz7*0n1|R8A9RZJ^tSl=yec>e-rh9Gj>`x0&7Ke4gpixSBg=z+y`s
z9~d%u_kf-s4bP{v{d6v4zpRwkkn7Y+HZlCQD5bk>14kW>wp_xY-RB{OCtCvWlXfwr
zW~Xv>Rl3)w4qPf81K2*i=hfZPt`gry?`ZZXf5U(ebef(>_cJw;A=$?wYskF|PT%1^
z5HU+Mrgt=bS}(bX%}lAt)>(-WYj@QfW=>G&^FzdRPE_mK5|+;m30>93Mhm05!om)4
zniz;?p>KBARc=UMfd;`A_Qad|^7xfee<=XYUc;oJkBD#?y+k;?a|<y1tR0A+N8RnR
ze3gJ%&&EP}o2`n<?uTTXWZQ7mBhj#)_jC$($X$rPViZez+fjrVHM>gRV$<1W&8p5K
zp9OX2s53>k4?f5k2Q?>#Yi-;VH?Y86B8K$XbVU)$U21`cr0}GXHrB?+XEe6_)LSjK
zEKUwvaNcaqV}PYce!1_xYp}Ek2q@9dDUA}?Rh}n_y4vT(XaWjsAE(C1()7ISMd(0k
zJ?D3~&+{*Yxr0>=&uD6-ydE7G*~L0}lm3!_$#jci9;?Aq4^^r{N;TaQ+C6Nkdoq)<
zvi-0&wC*%)Ll(o(w?DLgW^8|!yL-a0u$|nR!;YYf-6|~ZzrOg?oI=0yh;{cxMXtzZ
z5Hqp~1)j#i?JP10b24;d>-(q|Cq0zd2a_d3un`yWvHXT7DJH(9PILYS8jVOy3ddIG
zRZg!9;@0K^pkxs&bZ9dgoER*wbj^Jtxu*E3<-yGnOP9L1__%pZ8snmCR+eCmP1RuV
z046gq*68>Gy}=D1vs19!emS?;2r;$Be=I;PGqnEPsHugV#IjMcjYX*OV&x4HNlf39
zW(=Pj)v|gOuTCA%gvYa}Of(grlbIe&a50qnAWpp^^C(1mGeUrSQm`ok2i+#gQf~bc
zCvQ}yLOy%MR`2u>5<+GRW?FI}!%-x&fu9GcSx#>ZHRcxdTXel^4lW-+?6ZbLVJA@C
zxBf-<85hl-yD1rUnr$gmaE3PT&WuJ$!XCHIRw9%V`r8#^g8$2dw~1Jr>-YudG56&B
zSK8q-#r<P8+(5OK+;FvW?lkaCiqha)j&+d}itZ*snlk67Nwemzm2q-A<fVp;Rh%Zw
z+w&su%AG3xrN}VV#fR3JpHj0D>SAX1;SeZ!Ci$;14!KX+q56bPjc}Fr(*l0_(%7To
zcEpFQk{jL#QzHnZ_vPc%pTtaMd@p+~wXr<RkL>msbw5Hm*ToyX!9bc2Hw1CMn2fQK
z{D~tO=L+|WHOi>!goU8g@Ww<z^HVOJG1S$b0p7LdTh8N2w53@nCah8#!xzccT*_KX
zNA53(5m}DLsRyACWF%-qnpOsRt{^QaY#Xl?Qj~6HI0JN~8G+W&BLs=$5N{~TSe-1P
zwTU!HY)5jg{E7_~ExeE#9);j7hRq;Ms`6X~d9|C=*$CZ-0IF_{pZ&Qv-hh~+%EXy*
zdV=$1R0N{C&)0%}#|Po+avBN}&xI81b9`@z(faqCdM~@Mv~#R*zi)T_tpym0bLq%@
zv+h8i&$)(fn735MEXJiWw(~OkaW1v@>)~RVsFNBF4U=Y5M*`dxTvA=_noFOgtOhfZ
zR9jZo`{wPpSi=q-i0(&5KG7JC`aFto5UrOWNdBDK;K8v{ZuJU&p;fQL^$0NQ4^0cH
z6u^r}4R1@dfJ^S&8#_xdZO+FhOaLX7q;qA*_<7(iH)!Rb51uOgT2Rtmdjv;WkX*IE
zUs<6ot;5>Z^wT)Gb0+3A;YAcKkug6k%>Wcby#%=NZj<h0exqc&EvR3@WQwBJWMG4g
zWv-FI(x)r#x2`7GDYyo^bSCfACM4HI>=?y3k?Fsk^y~XFf$A8ejPy&djdWuE7CSZb
z_O_pD+OvR)2wbPH?chYVN8EVr(YC(D9{OrDibNEg!d+$tC8HrST{-J)_NsgO43_x;
z9L36R{h5;?;5hVts7sIU9d4DRiln#G0k%Gam#RVQWy(okPO&d_#uPqe0^`VXO$r%n
z3{NfxGah3E8D}GoKjkW(+f%IGQ_-PnL4l{uq|`b&z@(EeqZCT;Fn?&3H!FHvQ~!&!
z<{&B0{Edb*rQG5|tdF!-L)F3f{HZK2t?v1E4n4Y}4wfFh(>O&KV&zC#8Yj@^pv2QJ
z@%25nsITh<Q)5Ft%hJMz>7(ra8tUoORJGusT&#AjJCR#Z^|geo?0lku5k**GM)b?>
z7KIXYq67c>{P1UT(mGHh)>{!ehH5v*Er({@=!!_VJrBGhG*yX<bXQ)b3aH;Q!RK!q
zRUy*s8&!PpHGg=){_cv;3d)Y|k7Vr5SF3J3@sF1KC_#ez%i2;(kl_CD%8io$`NrO$
zRBu@3xg{l0;B?)E|MkTpekRx9(N}Ai(Y~sZ*Rcf~&y^3Kt{aqG{O}9eCf%0qkMo#*
zAnJd3f_mV>v-s}N!rJxh21dJo2{J9o?Sn~E7~WcPTN?{G4H~Ks;zxtbU9hjG9q$nC
zGc>B}GT3r>(HeG{(r~@EueJoKHRADQ(!SBb9nFoW)Wzm!Nr`8iUw?EZv!5>ads=@X
z_ijKAeD(oYUhYXyt8gNe8oYQ<zu!?t-I#UX-e@>X>_cU5(B7I4{;TB%3({0O{ObCY
zZhK=ITB{bgc?YVj>6%9fdo{}72tX<1e94Q3gx!RG%+u$BwGcS*Z@<UKGTR%d9A}l%
zK+e4c9s8Q@gL&YK&^E)nL5|v6wk+%6iAdjD1<8Ua@8`FzQt`l+Ilcs!pO%TcB`fgd
z#A=FC`io6R;SnJ1uE(c+x?hMy0u~>K7EWTkxkCrH1ajqbqGp~J*z8Eo*P|*9l%~{9
zjIJ&c;mW%2$V0rD5*5MtivMi0kJ7HE>pt6CKTN8YJyP3;Z*Y-KIyBFn7qB(_t_bJO
z$k4+N1~~U#MTe;xR$j%a(wqw@u}!+m|C%zpy6;Pxye9LZb<)@)0gpmASogdz|7uT&
zPt7jx`kWylBAb>77kZVO*%-Ih*-#z~Jrxk==0_&Ej~-6^2n`i>*e{{yfVy8nz7q1r
zGhNtG4bwpP*y#QDM>B0464db<ZNcqm;dN)~8nNN29$dk1GXf7UIFDfPP5$b>0@4UC
zNAeRPUc)}JAh$+NX98)t(L3I#S9&Up>ohAz;rO_SQKLbt!g|#4;ZuOIa_|JnLTrmZ
z_j7ZIm_6^zov0kRGz>lQLknj8Is{1h&=xn*jman8BNs96S2Ma(9-H*YbnCN0XZiai
zX&Ms*m}q^2x92zDPuIM_;>s;%4~Wk+<fUhD59nv=cjGnXXU-{_7v3i-Q~VxS9u{no
zKd^$IUR-=h({?O=ow;^+L2n<UXjJxrsp=bzVNZw)>SZ}Psw^!7FRi7I4}+4c;){wF
ztjX*16H0(<P->(Zi`-zxW60eZWysHFE>V0y-n=TK_lzu^HG0MOE-F>hT1_Usy&dsx
zbkJLSAti$$s|V9pT0amPW$tjZLe=dx+)|TmxRY=xpeM%5iMhp#YRP<2Cm80Hwrbn#
zk5r$2(lwKDph#!6DPW6f!iAbcdL(}CO`Q7XrBJ;@8`J}bR&<%7+=4@LQ5b12_41*q
zn60~yTQwbeS>8$ye5^L6-A8+iTenhcpWQ^)^D6o-gOmc_A_1<<H?BJ{AM>Vs@Q;{R
z5(fBB<&uL#aH_x2lp0MoO459JIYCeM`;_mW$1re(r%xu7#FYV(`?BTso`DAS-X2*g
z)Q-qEq^HCd^e$$?JHOp$ND_f>O-<K<#LX~48Q}9WsDPBbjb^1!ELqwZ*I%&_&qVw^
z=kE`5koh+Y1%-^z7_Sm$7yFQk%?56(BKNt#CD!IptDbA7X&seHfCUvBFMsUx{I?Mk
z8_OT$dmR7(m8UlN7(af<i&2{{sb`DRt0hxjLRBm*-WXRVW}&<O(B+}Z;%o8G?^4t7
zI`dVu=fkE31i>`TcEFQc(~R?`^NdmNq+pBWp_?ojX{wHWY^enIjd*nl<57bNs|WMR
z53GE0Jwy~t`oe3guR@^`ZjH+D%3c*+@Hy}GSk`ZQKedHv5IoG*G^_2C;66|OVJ+kG
zj8<ofaxDaTHhbiY&d3Y%FKbpGq)hrRjn0XSV)f)5yJ6vXcG$?UU^Q6{h&$Fqq?V-6
z)Tw}McF1h0p&#ngndxlG??3lW*nGKBXFCq}5v26nUnnfIwCT5-t8P)3w|vN}#<6v^
zMJ*I2>ceD;{5Z~O{q#%Yi0J|Att>l?AR9}PmbmNH#(2`*(uIT*v3LENWDQzp4}<v9
zSR_m!JdK_cEx`inatUu??Yob2t9g(~G*1LH#r+?$o};C$9jCO<f0D!a)76GA;H{0%
zOUy@#KWO)B42aG5T%Zz*EU%n3cXL}}Y_fYnz3a9%F8<Q@0<RH<_|t_ITf+`jTKTLR
zC2Upunuyp+9Abu(Cv71uvG+aAD}CwduUZV=0GDZH{k0lbr?nz%;gcSr;IViUSWTwP
zo#s)Cx^~;)d;$5PI}NOBgoJ}G2KKxt^MV^s+Y``Hk&o=q>lQIvIWWxUOrl)U(Fo8(
ziEvj!{5MjoUC+9`5WC-y!E9;EleSBbH+M|p0(&!V6*D%BX0Hoq98>NHaH<QCt0HKm
zJ?|p7>LED#VSiwQ)8E)>>?p$GglhK|eiIFK^yOwDo1!gTYB2xP{Ywg*S77j=gxueG
z#U{)tJ{tRp+-UC2E}m;W8Y;4(?dN(SOt%Rumz*lhc9`}f+cT2VIF!Y<dc8jD&3P?%
zl!1}m8$~FiqEK<}0UPmLG*tR)=y_#JwqKi4xpnrN6{`oALf*u2%JPmb-R%#)vUnd1
z&5qX8<-Gl?6||EzQzVx@_&wCsCYqW(a~me^VE3&I7uSodYzzzzy5r=1a6#GZanUF7
zA?`<qEyvzSwCucJXsE()UdQmYF^UTN*I>uUNM*vCuR`pQQdd7GY)IrS^lFune=xh)
zRM8Sqkxz6xBzy6Zm+ePM8j3Tsxb%?>%^ZC2#ODGI9?7r4lj3qAlT+LeXO&&|r7ZVC
z%h96%+<@R9x$7_B=3eDSApG4xUC21&vv^_&qo!whXsN!BU`1573-mHHed+5jugzi4
zJ&9v*h41m-kA%hRK8ab+xMhyY=8?agkvS9h_MK=g3mwx#i$NBZ2mlDk191{4Eok_O
zVQr^JH7-KGI`X>?=y&Pu3Q_vPaVYh^me=xxvJXnX!AUVIgPHDMlkJe-!IqDDnQXfj
zyq8V-OKv7LK6M;?YTGR~lA%qAn~+mwmdNyw#_VVp^kg!s%FTFmOVYe`iYoKDCH#!N
zi>*^`C6sMO*cen9z>WVYnGLkU7%;xU-kIwfg|O0z&3#rEiGRF7Zj@v<(>1<2xEMLp
z-W!%wcCk+HU75DHCkQe6iv-}`%>kd>+^_}9z5UOG-FBgjnb1-yzYr@bidlW}OY(8?
z+0O&~^OPraM`QhI7JiR61tA@s9fAFk6F!G5+XA{1C5}HqPN4zl+z5e)hzuw*_-`;y
z??!+m82^D{4#YbtGX66f%Ickc0M9HDH*nk8{sXCHxJGJ~{t2la=DtR1`S{tFuD>BL
zOu4`qz+dP-xL<(BY7p%gBJt<4i;$FR<bh#I=}g-HIr!@&2<_%3S?&h55rwI?{kv(y
zz;x@SQ&lKcliKSer+(u<7IiC8e@+wo<0Z($tKI+L==-08*OG0~%3$_{wx!8ypnZ4k
zY$u~Wjo-F)X;K=Bo@e35dfn48`_B%;n%!X4&FyVE@yYWevYAhARQhvGp~9bJkH62B
zmVG)VplrSpYrfdu#haR)rTC+=K*XzdZ{bgmr)B363IBHEzSWHO$eum_A@G%Wi~Q4b
z1QPA*Jp@lsSNM;2k7I42O)V6VGk3pz^}4gAOz2z-=2BXVpU+y)=E}<VsuqTtbfc(g
z_^G#eb2n?(N54la^wuq&sMxA33<8j)|1i?DgU$lWvr3~xoN<T4S5!nuI}3qxnM-px
z3gO_4yu08nUm~Zq-k3PqiwwobQSn{ty0CJ4s?{97J^rglpdyU&?}?z4u7(~vuq9oJ
zy_hSsL~p;(V}56QXS=G4^X!Y$Qog1Q`gp<voXaaF=S#-Mle-r6WWuZLM(pks*y86X
z*a1REi7UH#u<zZfG+)Chw$}2b!5e;s+0p!R!u)PQiRbn@kX*by*L;LH=Xor2{^){a
zeBP!@Zzxv$R>{IKnDHk0uY*N1Pspi!t|%zCbUSUISs3>`;SEK8)Vw;quw&2I*!puu
z0_Zx!@3HT_n$y#XZ;{YR6L(&u5GdruvrQweh%`=tmRpbcv#cm}1jeHzW#LBqDwASC
zJ$bC~gS*cCv2Q-Gsja@h1e)UMA%3w?0=qjQ1}~aGwaAi^S{;W7crUi(cug7C_pY8@
zh(IrtT+?42y^SMa_v1kJr)H+k)z?U?jfm}G73(s32e1$8ZOZ^Kqztk%BHb=LH|l3U
zTw2aG;6tz}Bw<uT#^=TJ;I+jVEJ^Wm6Ghk=xv4`S7#^!K6HGAc55x*5q-g2dInG8u
z8+MMmgFBGN%Ntxtz7oAYL1Jrp7JKDUO76b%aOPM~=B}E2V{qO_euo_~W#g}$5ZU=1
zXxjK-hh~gQ#GrottMkG)Tg(&put76|PRBJ>gZXRuuqq)VL6Oe;A*18Hx@A4sgd|YS
zjS5CR{wNWtE_c0ZHhZ8=5m33pQ>cBrtbk-U`kN+WD;ATcP4e)C2KkSNR!_M}r;zPG
zo3-v@Wsk&9!3H-p{OycLUW2{qI355_bv3?W!V^OlEG=ZDBFTJ~nheC5k*k+{iKn<u
zwbq|JA4M656FRpCZjY#CC}X9=B-UU}<^^`rTg`<u#zEpGt-<JERjo#3Y4vMW-To|n
z@jS*UeUYtrO`Ev5yQ=y5&2d$PxfANT>Hcw3_j_P<9Vom#FG@9_Db91f&gh1VNe#N0
zK2icYziN6gS_~kE>vYPFr|$agyg{NSn7GK*lxMNAn3#hyZv04H%H2|^d!1q)8>Z@g
zxlRq3yvRC=DFhh3_sI(7DjcNp{Olg9Zt<>Sy9M16r*Cx<Y%p4VZ-_7_5Zn>|-eRqb
zbjE<Ob8-uP=<t?+l=_2ZT6TW!#WSu#87OxEanYd2986_{gRnNP8*KXSoW3Fp4sRYe
z@Uc_&m>4JJB)O=TN(l}EEY^>u-qYF_=6D6J<mcxGnTYfC%k#%@NRRY)LGgpp-EkVc
z$y+MwQpUVSs@x00L}}mgcyo7cF<M0_Ur@&rIyMgu!O}Hfy#ZV5?`YxT#qJ#S_=8*`
z%@@qHInNf3@?gmx$L7~n4VeSvR2g=nOm}_Hg+)*X421bB65xw2qCXr{L-7UzAy)@n
zNpm9fzs9#M<pI24MqRn|&Ary$=p3%|a=;65g5UK>m2bJB%$&Gx$hR>M9gr5X+zf|z
z8PZ;{NZ5ZfP~<Md-D`3ojyah!0IC`c-r@P`o7>NjPSuPip5dhwR4eV`B{C>43e@)}
z58vp~M;`@1vFx$TLHWnh(o;a;#I6I+(GTj?GYrwe6nagti2YU)7q&_&cA{|b1_$}_
zhj8GYesf5+8$b!{V%+xLRPv~a%xH4+zdvV#lUbX+e<E+K-{ES`9`3uj<?wGD5~V&L
znt`TYDHbud%exWdC@{!McLKxZIT$q1MVA~0x4FY-Q33(Dah)Z;*!<0zYlh)g)&`>c
zD)JLuZ?um~R%6Y#C>323Lf_hd&nh;$5jlt8Op9V;gc$gkK3iOTa_ObmG=ZlcpfXO?
zi0)VR?L<!qw+j1LIJa~u3-gDgg<rA~H)nTC=Cno=w6_|{E`I6bwv@>x0g4%c?Rk2D
zgH1)c%my~U=ffyH%_h6eW4CPG&x~A?<t01(Bs~yAR;*WuFv|knoK^0-poZX3;1DKK
z2u|ziCW0k8P3CHuY3sC|o<}^i8{_+zA;u?O%k<12sPfC4Fi%wyJB_OiWMWy3_NR!l
zSX0gn)a2FWmUAm$3-h&hMp(1F$lujvEXZ!JijFliYHN_Y<vLzPP|9+fI%D4!4lP?l
ze*lZg;map^eM;CRgv?P14INw!b#u8<QkWi=sW~ecO^{j5-qS^X+UBIrjn>bP=r(wx
zQ468@1K;uotmV-IL+hTIz|NULV?X6s=^gH#>usv)MGS*#C)g&a%N5%$)_#Gq8FEA4
z;Fyx^ZRoq^PWDUEG&wa!ydCOF_*mx$TNrHq>Kn~YBOgvw?z3$fpt>mJ`elhK)XCfN
z*X&QpA>KK<^680YdhBMvQ~MZg#&RrV{A!esFhp|&B=Z6$2|WoxORvOsC9IFHW#`Ff
zc<H;D#iGadSl2>uH06kIdso_~_c=ZQvasYq|7<UgG1UM(Kp$(ZWc~PJugMt62>6^c
zLO?;sGzQQlRAU%CJT|K65wQ>iSKi=e*@S+mNGKA?t!Uz-RPnFpR97^0#ma0ZLOAXt
z!O{RqjSBltf@S<o`2qJUU7II2jxFz;HZq&SAh`-p<kT=fo84T1d2mb)hgC!f3CNCR
zk%8L+r6nR81@n0fKw-04bA>0nVjR8$f&gVZQASODG`q$JB~t6#9PyZH+?xU1bf6O(
zM0rsmM&&{Ag(FIk$CzTzEYFi1Vu5iQpz%XsGa^<o;m`{Jh~_Bs#ymwhM$N1k&r?cM
zbb_VdYcg4W8Ee_WRXb*p`uZ{N;VqlGtXt(`+ma>@IB3kNoOPuB&BKvgq3!qSFxKWQ
zs>aeKT^<W638Zp<Ami``kffQU3b)Dx7pDH2Xs2i9NZ)ZnTY#gQn_@fJQAW<UC`oP%
zIJh?2E~KLbCu5XUh&pQ`(QPx{%LL<}MK`dSsSM}Mu)KC?IJ;rOsoiux300bXHZr@V
zQct8yegl$W^EWuN=9eco$85{v<mSms7pTtiq*f-AnaLItaq-mmeEJ-0mx{R0Vm(NN
zB?k5^eiyvlrTPeyfPHPfcwJSDoA4|lIgRo;Ml0EK{Nz5o=XQRA3B{&;Ylw<tq57N-
zq=9p5l7{F$*^f`SRD=nF%JE%m1B>~<aSV0AVuho?<nV@srp*~b=MAr;BpS6)p9Y;V
zzunaeJ^71w=&1Cy{WInc??{3*Qv_6I!l2Oz2LhROX^u|-=~L4GIb~!NWf+$L_qiai
zqfjxEP_S4jqD|w#sTM=8=UCPW;n1uzsmU`Ja|+GC64rOk!^R0wh1BlRW!Aw&sL!N!
zEwzbDdOR8>7f~RB!#v23)5H$olZUyx>njyefu(8m!F<yp)*Du;1h_Fm7*-N2HKF?1
zPXj_S^aK>R`-?pJZqr<`)wAggA+2OEJg3HS2#&4BXL1Zz!O<y_aGH<5J`KY=_e>ud
z6uYJ<ST5=iB&f`wsLSdabE<PAKF*X0Y=4=2oI=~^mS-e}ukec{`n9C<wD%gUy`1-$
z(f9}v#|DXW`$Zl)7`97Cz!CE!%}9+JXO(ll*#j$6_6=_BpnmLqdfO#Xt&;!Cr)61(
z$1AmBgLH^6w#qm(J{<OXEWaGgs~i|e4U|#F#6xCj@i?_*9O$88l9KultR@&6N0&Z#
z^X_3)P7s$kXn2upBu&Y3yfDu#c>WP6{26f*yGzUCCX&>}g9vP{MjXXWg=UFi4>KDz
zV{K9bm5*PP-5)K&$)RVWyMKFu7o)FAI)j)mh)4}E1Ej-@E-PYaQ|<?1XdlGcoh&*(
z6kNs3u)rLWtm(vKo~^wVetWR<N@XheA!}IYz<%<l0G4&igJ;Wk+vCGAWMk^pgWV8J
zG$FG=2P7*st<eufhaI!X1<V46q`s@c&jU>}$W7}xo>LvIVmbB59B>vvkigG#$T39F
z6LoY_e+YD&7NiYgHUs&9vuj2$Q+t#U?}b*qrMo7~|FY+V7e@H$ROcMr1;1#ZAAknR
ziFiA?#5$?bnFlL{F7fNNe=Ja4%!(3-%)~lJ+}N3K^8)6v_&GrakW8i`Z+%3iDj!4z
z>7gh4Ejjo`tog9O+A-J87>ij9DdZ5<<C^=iAsq;yS$^0v&>N)6>AWmSbMANWnh3W^
zgTIDDhicVqW#z7v2{jJwBWi=@X2EV|HVM7N_L(x(SSQ(-Lh9lT-@Yo5aBX4+COSvm
zI(rRj9Jed94Netq@c~!_3s%O(`$UpwQVz;7wEFonQ67Q2G5jGV0Vp3x0|rs1Ki!r5
z7Tyq6??V$TjbOwJJ&6J9)Erk4;^*m<d2z{+?wP#>Yn>64L2kbIK5yB0zGX@peBn6=
z3hsdJ=ni`F;b%Ix<o>8<1S5%N1<rnwg8MOMWgH4SJyvg+e)ie1&?WvUP?P<5YjpmY
z6)zDNr}m}~svDcPaUw3iUnqOshwo2+<4_N9EQOJWNSl5AuJ%_F$v2i6J$?L8(`ml~
z;Q<<Jb(ltlfo_1`CQxI9J?anB($5TkO@WuZSt?c2D@oI35G*~hp)t1fa+@rALXk6f
zA{t%m4zp<JPJO)k=xsBF+<GdxHVA#gmKo{{*==uH1IF~2r^E-OLq{#og<h}~nWMG@
zv^RY1uuiK_VEVplB&5P^xwT^-H?C$oo}!|IY^Fd~7->{0EimQaI0OKBzEN`6F^WUF
zB$!~P8qtIIN`~z5p~ju}5`xo1toRVx`4P=J?^QbE3f7K+GEQb^`GwT^w&0^zbP9X{
z$r!AYVd`?kDqkM-9cLeAT>s-aa<GabwE-ci%s17@Kh)7I$c9PQ<d<`Y#b#1_J-<h6
z(D>W1wR&<z+7W6H+ySv`3~AAYlQ4X07(VayTO@i~l&rJAP-|tk1W+Z=`0F!07}`Vm
z$(64rL8Bq2RNpV9_QL!2@5#LTTElg^euq>(GVZN*P{ol2+!?z;f#S(G+`7bop(Z@@
zj}?5?oBDwzUPHQ;wv@F1T>molZA5S}eD)jH8_6~;+R_axVq3xB#u+eKM;YphYq<Hk
zQych<G<=I(kI3m@^b2^z%g+d82!K(je(SVL0wyI385<wk`;o`Wjr%Io+!5O`d^|k$
z3zYhSrZ;Iy1G)>_%f|hiIbV*Q%D~(cdz10(tgf)Zrp7&U*X&Jh1NfZBP1hTt_cJTy
z_kD$*JN?!IL`YT+*ro)U!a2WAMy(gh)OCptVPZE(<t5d>`#h95Jgyqrn|c9(b3UhP
zN}%h30k!(#I?rukU3)&>+-kEM%&CYz)kKW#$_MB=D`I4oy5<EIK~|RNA<g7&EfE*=
ziVk+6o(W6%ZUzs<C!)BvTOc10FnllrS>r2F{4jGLRfl$5zE2#JshhkOtLt#^XR*}i
zLCPMp!sOG2Yw^Kvx>NJP<Xo~1d>38)fX0BQD`#<hW;Sb<TSPch))hD3P<-88H@G5P
z)S*^!9l&nqj~*K#H#YvhWPIUY&skW0<x6-W<^=z<fB=X~sJw4noC>db?ID}PW7T)}
z)UeOn%{X0a$hNj^&)*$mvfRAHx;SMVD)kF+6I=LMO+0)=Khq<k5#eCA<+^{vXloVD
zl9Rv`&BWB~?F8gRzqwHvKxF+upB=Ns@;NkM6xYlj5~{GCJNk;!R(p--v!3G1qLND1
z-kNP&tY^b0xeXOI^RY~Jq=vR$+90YoA`*un_J4{hk9nGH2;G%zo4I4JTRCP+<-v|n
z?`Sk<Lw7WCahP#Ik1ANOsoCn8qfJp56X>$D7lY>%+)f=FRBd6>SDvV2kclNbPdMDC
zt;hgr=Stcg3xAZMY)gB(@^N~SbY+W{J*rNHa1|}!|HFL5E3=a0n2B4NG0P`C{Z33p
zB(Jp)UO$fgWKiG^u==7nImjgmUH)&p9`GVFt(hfyq2h3}zCrzt69x5!VGt$m^C~L{
z7;8uV1^p;_OuWHLG24yJ+jx|yw+Y=)*N<VL1@p)i^(vg_mrU2kQGTciC&;chx_8mr
zm<Y&S%n-E#6z1;L18&5a(PEGl9aUasid!Lp1_)Y4UPS{GKYm*<WTr7nn31;B{coDu
z&~fKY)_&+0ZWR;h6_U-yl=DKgfxX|FV4qh%VI?XL%}VCa^g9VNumrM-*s9gU;G20&
zTPgJN@!ct+jdAb;z>K?5R>aAz0ys|pv(ji}xdP{_lWg>3EX_rL@00v9e&{vv=zII8
zT8Bdi^zc}>T>^mb2tg*klhy7Wo>anVj?1_fe}aVboA2Gd2lgiZ8S^~ao}HBfAu<b>
z0~Fry9y9m`BojI%D|<X1D-JnSb}NJR*UEzUHW!#FkV1P6a5`}Ay@1iU>WfASD-qQc
zrB8@0b-j&os;hOrg&nIRZ66aG`bX&dUwdR7P5JrRsX)2%y-A?GJ{rI7*!lV&I(E?Y
znM5!1H<Tx4KYe2I&gR)Fy-s_3|1TBspNq5)`Usn!MD+K6sRQ3oOX-E(Y-2e1OER;=
zF(!Sf@)!B|mqw2Nfyn_({=ab&u+G==NYAr&Z{;L#{JUg4S<`EQd<!beKKkxLhnwUl
zy4oU0`{#<=KVI@5+l;Q?|NrxY(u3B3mDqLXbAWYWikx14GTR2u3GlZHT+(7nAN`uN
z<Npm@|FshxkaqZ=J_+|I^R-;uKHi>%B)RQC2eyZOJdT++w|#;`cUofYT13u+fU81w
z?X~8QRpP-p8xi+EJ-b@vK3&nmrRSu_iOwQ3kFWccf78c*hy87B^^|-APWna9FLJfr
zckCd0Vsn}21lyNzv$|uucKFJUK9wieHKnmt8qT^(yu{ZmHXqCG80oN~|H=b(x>T<%
z5I+)iU=RKuhM_VLq&0Q9nQYSGqSLet>1-8-XC1HBxpk;sdr7XTPyq<aw2-Us`6Bg0
z=>)0<hpVaCghab{XT0$aF(4)(faSjy?}Wb9m^(XnSC?&EY6+m9*DpJq_dOSDOn@Ip
z!jIxIQ?|!DVw^DQJxHzuNHqDpwYIwkPQFZ_>p|MF#oGe2Vw&;<y?=NMRwQ&g8_EiM
z-uv&Fkw0{GKK`|HO;~=aeqD!dY2`!*OUf^q;Xcmy9F87)L+~ce!~h2G7b@$eUatL&
zRFg}sA1d)`=Y$U~JcG*4@pHNY+uVN*jQ2)o@c9l6-Cara`uz>yoEijY$x(}@7z1_^
zUoqEGk%<O?z6|Fw*;}m!+rZHRT}%{37iMHqh(22XLHsIegzq4F(4dnn$beX5hb8>1
z4v&BhV-UPIaHyKKSh3!L>zoq+o3expqX8UIcfE_8)=JntJqPm((O(z&u6f>Rj<%>P
z+K)X<&Xv0mI5AJge2`|@g$fYZerdgEvi3@=m5p5F1>IEtA{xd$&WKNCIb<Asp0xU_
zJl_+UW|Kj&6qw^2srNp+6qo3B9dsIB`hT$-UGf8B|2Z$5<EA7WlsC9`1{NESL8%+w
zq;uci@Ua(s<&fJU(I{aNrd~qVVrg=Q=GxmH5yefk7Z=>|wEYj}^Uxzs<q5Lc<8{XJ
z9|>BvU@P+-0E}2hPpyW4+DX%e_=sfadFVp1VDx$-B8w&1D7lRFd_<B5;%aAcLRrt@
zsc%ssM~FJRBpi)W1<vn|&S64?3)321%iZK-hc|CMuplCIL2AyUuG2~#9$J){cek4u
z?3LK6qY9~sYEBeNc*fht+k9(wH|x{EJ(0{CL~Luf8=vYHeEhY{#!z>Nh!u=jBF_ij
zkyFCk%v>K!2|icj`@8v~Y`ek^$@I`#hsGCT&Q6!x1vf(9i^>8O=*?=@{P+t2NI{DK
z`@wALPCq0%WGI({GYVLZOuYi0s?|X0lEqxB$MBZp-j{J`o0r2Z^ocb*);qhe51sq>
zey)WTt7N6`iTNGIfk)@z43>@m3GQE)!c+QUT1f%BN13<__2jeVPER=z?9wF{rN8nx
z8)0sj;mvIx-C8@nk)F+bcRxNUjbzV<1W4>jB%(&mD0fZ@T!<sJ5tg$IfakO)x=nh1
zqpZ0$Uu4rNIyvfc3eQ6f>+dFs{HLCMD(`&L71c6eQu>&FO<eK1cU*X-pK~(+_li@w
zhqwwi+D;e3%+kx%_i+LM9c^BhnOh<c4G#Jko~W7A4qC9)O5)({5y-C<_E_4NrdzmZ
zv~Jnz3&p0m#Xgq-g;qcM_Mj(Yfj1T*E$x8|<TXyT3gPT}<FDEBJp`a4?&r$vPCxp8
zOOZw|HRPBIJq%6ZGAbmO6M!%x2EUE&9+{)A1`mdgx%gZ~P|z*^T$0zGcV0h!lt?77
z&hef^BOE>_gaPs1LKUI<MNrUkNdhVGN0)s)_hkrqCuhv-=_nG`xbs6*u<dkowv(os
zK0Pg@GCDjdpfsS4$0fwAVbC%S#{%J7PeJ%rh8297eOO(F9G<^}(dBnS8Zrl7)hsyI
zsXj3BWY6BLe<peV(}G>u+Z4%r<vuvmK+$(vUJDTv!~C@*q+QMk@w)FVddj5LKAtPw
z3l*u2TOL#x8WIn6VMPJbO^1$K$7%};Pv;9&;NE!lZi+94iGV<N;Vsnzm%V#cF{PSk
zgzg-ZDwM8VZvrb~P+2^YhN6F(Yx&*;U7j1qBA;5TuX+4vpxOZUb{|*ExS(At2g@8{
zLf#p#?^OLGHMs-3&%2lp32|@P78Bnl6vkyY>nR`!Hnq+!U99s<x_*$@$6T;aQ>Qo@
z*F$ZIhZ^H6c}vkI0=6k0N;zP0k)JRDX7D}mo-Ck>Qx&c49;K=484GYpop2qXeiMp0
zP0ke!Rf~N(0V<D}6wE57IC3F`d>(*9OYFmg$pfFgx0);E`Pq?8U-qY!tn*$boA!l9
z$keehdgKxiRq78fnRmV0{`|s=sO$N~(7|1v9Y-dq;I~%DS4Yt%b!bQP?4Hon{Rdyq
zH8xp7b4+PUeG$0HOtD<%Ng2G>vE(tXFWTsiISo+fz6TjO>kPi1$hT?u@bpLwKq1bh
z34iJ=3*Cq?q-X-wMsYIYj34`QQ+R6}PLq@1jx)Vl!oWmdVpJ<~=^y}M{IxV*M}*;N
z*)*fS={)IX6S%cn=YqRo|3D>jNQlb6hQ~i70(Y4pA-Bd%aC3P`$m5{@v+mP?#>KDZ
z6u^~593LD6l=&N7JuJuxGr$snLEM0B#7Zxa4ZgYwR;q1=2vZ@_{}%NiQqCIir9qNr
zDW&DTMfc+XV1oBSl<C;VK;~L!%p&P2;bVH~#f#!IcSxMc!N`PA7_z{9WA{WPdDC24
z^C3k#P`^jB9y|-uFINe=%`6*Y&<a3-x7J^~mc*#6?sdzXp(=e-ZZ*5fp_v&A@F3zY
za?*+zcyg`?xUNeA(GvQ1m?=Va30{R)_+kSL5fe%lZwgezwZWh7!(0e}p`8c)hRx*Z
zv2MV6hKYGYbyYzYCQ;ShF^Fyf3!9|DL+;z^NJIRdDl7IH!9j@a!kA_jSopliptuGQ
zG1<rODuB~xv}9=IBcoSM@o}W7+H>BVidKVx2SD0fiN%O6Z(q?&MC5(D@$9UqEUt{#
z18DM6fFA9>x|}p<`L;QKX4iVfz(Py<kt>I+Up%vQiuD?$ULrU*YH{usA#*a3no%`e
zyx$xvIAG)LVtU2NZp7IA@23=dIoCxDWnPVJ|L6)LTy)cffPUpFLH+-hRKPs`O)5Nc
zx%LDhgcOmF(Vt25N$bAXbG1cpI21ioz$t83BJ2g0hI9o!mU^2Nh6vhzroP^e@I@I6
zyPH{%6Q0?GKyYH6ZLkK6^rIIZEdDRr8NTtyi)@|*CEff@B|OrRqXPqZhE&9V<P!*|
zCRCCo+f+gg0Mvc73$VhWp|9v>7VkZt4R$?PhV{8X11LF;dCJkk!<fA*rtBrKU(|J-
z?|^m*aBW_gLwATw4StY)h-6|>{-!MTm1rn+;{~;W({F_;=*QvTJsJ(1_G&)78d&PG
z6utD2BiVbc-@jyNPgY9>jA--ZxoF`6u_s6UPH>UJggT!~PqljvWXGCvA}+s1&Gxqi
zBwTi=1;}M$;xC(HWYVj|Ec$Kr{SAnR4qwo<Ukmx8>Vktc1*GwD&#qqEiN5y~A+DdB
zH6SEw=f$#$MM9D}82p9_dnY+74qc1TaHBfmCB!}3Uk@$I+0t*@hA8Hf88yF{xu6DI
z;KEl?;$qMAA{=r#4FoleRx9FU3siAm2GTb4!W;aA(QA^uGqe(9v2(Og&P?TRToJo0
z^jZ}-SDdn5Sh9dVIQ>Z<r2UIN=!Ou~l@)jmsmB9?mw}61a7B**496xEZn-0j3De*s
z52e4nbX-Wsl%y(+oJBXHH6Iw93N<bk+Z;S@NqiR<=H0@fFo@2oA_#Q0DzzX)1>Eu}
z;FiBvIFTYc_bU3Cj?fjUnC}wrOvL?b^t%%Nqm`=c@{+aj80<v=0KQ01hLhJ}dPSWl
z4R=V_so481eTa^K7SzkYe=4(5w#fZLBQwsdmc4c8J(Pt>QZHe%Sdoc9N|uc--5~RT
zft}8?+!lmXhz$((^-F{R;9KUEWSh5-Q=Ga^KqHIn@+0*LBc*@)5AO3yAjbX0e{f<X
zP9^cvcMzZ++bAp_1qQ>PoIuyyT!kfy7_Bwc8x$2r*q~6Ya%EguGhs^{%KY-H;0~Bl
z!~F2U44z=+2M~~a@`b+fEJRZ-DCyd3Q95+tMd63$10v#p(E=c#s0!g>+5yc$!bD<R
zKsVLWPBimv|F;RoGYh5qEs{B=eoN-HCCNO4=Q(D|7gn0F<D^zWuISJ2bB0tS!|2Jz
z=;07HI`Zh`Z&3x+uoQtw&X+xxLdHcbbcW>5<${`GOhhTynuo)pak(RAuX)rFCwK;#
z$1@xI8lKd%mvr7buWr0(4{KDLb3hB!Lz=oAmq%XU4FEUNHPj#Z6Y5_J7tLe@&FoQ&
zLIT=TPjtz>=-Y;4UISMvLe+<r<QA*2CHz0!1KB>fG*^u%jLb^eEXzDPm59X6r~=GN
zDV=H!j#dE9Z<NfxS#rXvW6u7l!k9L!XXsTlki6CzFL^Kyf_d;Ykd6F6L*1y!T)nco
zLlpu*Ti{i>bcLEFZ?4P0m_cp3;zvWrp1}E%rfBBtG6$mr8*wTIug$5+301=%Le0Jx
zCUZwHl7ADfn3afYMN;NWtdg!k+CP;K{R%7qE)P@`7PQbLkCn2jd#Aot_+d6|OSoAu
zwDDIv1EYYDtVns9)_YYsjg5I1AIx^v{J10l`zNXtZy;|BV6)Q|D{Ccrs_3dDz&n&U
zKCG-r?^%2s<Ikya!UFy~bkY8Tk9N`~d%hA0u~Qi;&TduN**&+8;iNpYcRUEBpHqZ1
z-9Cs$ts3J`g;c6_rK@S5`4Lk(L(UGwipWO~qYG@-J9BJX`M>kUK2yO@b@}Nqk4+gc
zRZ|E1g6)^UJxy`HsqZ`5AG-y$u}$$VV3u9Wql>-rPPma&KiKsrM}X|Mx<dkF^Xj75
zM9IM}<uAbe<Zoae76JEqh+~Q!e({*~W3+vxlfskPdW8AQjVB8c6W_Q>t4Mql5ZB0%
z4AQi~<F)_q5E)uMYUl&k3m)%NLI&aWCmK(JULWe#EpRW8*)6|M97Oy*-vMET_b%$e
z#!l8wCsh_yT<<gFspu|tX6MADZPlkwd#~sC%kIF14>mF%v|OUjo%pNEg>n61(T2Ua
z*Y&n~x(7X~I&-NqOf`omC+n{sZPL#TTlvcT?5jsW5mzd<*}<@ZuO*w<KkZ8jjQaUd
ztWOU!7nvla)@rh}HAKdPKabw^UM()dQw0ysL<{Re1V2JMN0vtt=a|ENH5PI`x#YBq
zk5)3@OkE8Xc==amWenNB=<iI<=ifzsBZ{tZtXT=XvicpYd=$uDt{uWkeFV2c@e#(}
zzu|;vIR>*bhc)LFrPL-X#)O&x{CzA-dH+NpPIol82h(ru#96&F5mnYBDu+^4j@*;H
zXhETYr?c_Ky=})R5B1G`%t(RYAf$-Y*!2O6VtCu!(>A?OygVBaMIi4uJ-8ekq&gGw
z$POW-nuksgREwoBSx>cWncYcs!+b3ojhuE?0Y=>a_l5tce-{4ZtApKEH3CB#rQ6eC
zv&ernlz1J01i}Sn_0o2#bMBQ@_Qmr&=3VpK=i_3Jo=BF(-Ld#rz603e$%poF!yzMw
zbPDW8yN5;WvWYnLY%^DJPTr}%U>z|*`n5TfHvaE2CJtg1=)EeyTg>|T`z8RtUz1hf
ztz0MQ{0vV2Kcn?;L{4?tcycX}L}fDrrh@#LI3JE$P$=*-;1~=7Vt@|rcni`MMg#$T
z1mYGB4L4PzjD6SInxqol?PHX0|AQtS#GO&Ps-Em_+vxbrNG>i>cz5DWRt<2vo?PdE
zT(UHGixx+@{{*%8Ki#9ubQ0nFXN<1N%k4N0?+bEWixV=H?>@=p>7H5L(eUua;nJYP
z#aD_=Z`fA6vLV2%Q;x<vGMp536h$T)!)Db77h}E#Z{26C8LV^2Un1XT)&1OVgpZTH
zwDeDnBw%|CAa96pypKGP;^$xRLdgXo&W3-EApE!g00gweUi~=5b3NW>L(^w^d}eiB
zj`HI_l%oJCwV@M?%NBgYM7#-Yemn42#jghY;(zi<{14^}?(e^z1SE0K54Xjcyk9cW
z|D_#;Qb5-0I*Z6cd|WZ)Cuj0s+EK1wa>pm;p9mn+vHy7RDznK8(`sGuTj&mdOaJ9c
z?c}`aYQvG^`I7K(^8;qCh~DSLlCz75*tvB$5W?C0{As1=n8Yed2Blhg3T$)HCqtw%
zg80@i(Nd-9)rN8i-qDa^B_dEJrwn+_?u4@3MMZoi*A46N(jDIke8uug<XEex!D9@q
zCnN<ElN>U1_f()F?yfohUf|z)bFyD95tB+&$%2O^n&$5%D11Ej<WhlaOV`E*m5#q=
z-?aCI+>S9azvFY=`@s_dm!SU(%`iFC>VScn6MOA1k--r!p!*Y2j>%0%DiD(`ao_-w
z%Z8X1|60y&U@C<K;p7PuyFSIF56}PFrru|5z90~Cdl(WAu1;>)uci${ThK$o0+cv?
zGLVj(vN9CR<DI4Nk*h`}&`TeDLPBaG2EMh@TafrAV(WkUR3J7MVj%qZu?C9Gm+6w-
z)P$rwH8ni4-o$95JUn%RFIrvgeq?MPg8cZm7GN1^YV3L15OU>6Y%b&5*rAJlk1E^g
zn8als9>#Y$9wtIsb64C`u)Z~mLxAB6G+zhF{Ff6P&#kSdCUTBwsxG{~!?(C{d|B{t
z%RqE0u`%*!o@D5m9o628nt}p>wbDm&F-v!2Ux+7$hvIM#3s?y3WO+<KbUxEiv?sr~
z*0}ur@&GtX_O$5q>k5PTmoOnUeHO?`;YM8(45`XXQ=Vt0h3a6O4j(f7u#%*P-Y)iu
zbX`hDOiU_YrqVph5r{hyu*4_CeTOUhm+J;_V~QWG6&JEsrm{NhEdh-cJ5N08$@K-2
zaMK2sCQ(|rCrTeN#Td1O7>Z<k*WwciQwZJC;1ptYS*v#<nkD2Gf+;ON+E*P{l}y9X
z&O6SNE(1mbh)OOPwBD@!^#+n2C_WDE@JY6`&0UnC=nZxGzsP&*sHoSzZ}e6~q-7+f
zq@=rBX$1*Eq!EzLp`=IY96*q6B&54Ta+F58g`v9#7+}s1w|npVdG3AIde(a1bJls+
z`3KN7bH(?%zV-RWh3g_Xo;mUoTKMYqet;))`4zd?+K26gNO&*F;6X*@!(z<x5(eq^
zXU_Oe>E>}1RYD}B1eWV{K!cMgKo9<LLC=$t*ZD<_gur+VpER|KS0+=r&IBHqmvrp%
z=H&C~8kMkhZisK)r(E?)w$v&EQ{%0D%IdTEP+vho0=4PNy0<`$>YT)#blIoph}C*i
ztpjE@fx>29q@~~ONPMZ0#Lo3PZmB)mxzDlXg%-s}L^|-8Ai8EDx@mXJ5JUg|!GRm9
z=`o{CmywBZpBZ)!7L-=pD9Nz)AaHLhG4K^*fvWpk%EzomLrgj{k8?X5XcrDH5(-s6
z#s^fLFG`o1tZM3U=^C+5Zd{09FxSeo{n7BKXaeXFEkb$}20p%YXpsTSf_z%YFlN2T
zDH*!*H#r$tqF!I%PK&xdA`b_9oo7AJr!GEr5Rqf^@j~_NS867eekEShcv~bE2_#b8
zy20^*o3y$0#(30`p7FxtKDl1Y%43Q`Xl!<;8wdlsoc%+chTBva$5d0}A%aF2%uSr*
z6+Zi%wda)cHNIU(Mq<USsa412-Gz`*{;e`AI7~?2ETH-=HL?Hs=^341x~z7aFvUCs
z6yFCtuu!fWZC#VaW>5X&<+#zS=OV6@vm3{a?d98Vgo{3{m9d%%uRbo4n{IoVP#iGS
zb+PZ(<ZYm4DP&udwfs$!O;InRiY})tX^_S?Hxi(t<W^!m5lLUpq_|<>^#ac4l~<X|
zeG;GTotu0Dn^?5^&lM177fRBHA&wfFp?V5^Pm+dx6-AeB*VqyW!#(+KI;vi{_H=ve
zwTj1D%@%9>q4vxuhU_JDS{-9S?m3?<Y7RKJ+8)B<`$>kgC^sJxl%IiT?&ZjIxQlJJ
z{%cj#?eGO7jQh#&+lK2s5|w2B^qE=HzaqOleb&sbVN3_A3Q7h}gl5(fKT`4B^6bR0
zE6>?JBF(Xsq~H3FulPK8AR(JL=8N`B2SpWGL4g4@?_AV!X}|4cAd(f-V4vV&xaK!f
zHYT)v4KaB8HF=F+u##}Rhm8%3{Ol@_2RH+^(+z?7eQ$9cwn=ro%Hi{qAI4U(Gd97@
zTMl(ULMz1mjwFN+)ME*~!jJu4vC#)>ctt**3Qo~BG*j?$&%7UWBqkixUeS_Bu)7K$
z?lSq-vZznihBoyz++?tP^uulAXLt?ljKdU*I?u%}zlm*c@QG`GN2^77bE`CC-v2G(
zq^YqnBS3-LqF6@kNJ8usdr>D=4lQ<}C?Tb(`_X}Vg+zIR7w>f1qkx<`5efla2e*E%
zJQ9C)*oWt=9CfqrgmL_?2l4&VCMZ6W7jsc-M}%C}ju<C;>{IQW*fuS~JZQ&h8Y`^M
zCKNIK<U;&PzIxAXqR4x}k1QV&@0im(1vKpN&6^BcGdP$kR{I_Ac6sUUUS``c;Q5@%
zZ#ND|(YnDW1M|L@Uv)_<w!qtC2ib#$icT_PEhHjWudScG&8m!nlivHSCK`gZ!jI_&
z*0Ld?8f!<x9ZOM7Yuj9s>3**g8NpwE+^(#rs7H=O`FyteS=xe`o>jz#y^&lQrK^cv
zS&zkFF43Kpc%UGjP@1-27~GKzPr=J==YHoz?5J4qrbb6q+kv=oqHhCrUPKwdl|DI*
zs_R>I)Dx*7!p;@iP4?=>Dtz_okbCtmk{{36E|7(uN70CVW=%&yCI{|27CPH6oj$<B
zeW0$PqgZa;(mH4wEJf?e$dQO$Zry*EG<=0iw>X~-OsNYidjB#(QKG9LaWR2Z0M`j%
zL(>)Q&vMPvTcT&~!lBTQO0W<6om{q%mZDWQHteHQf%)dgEhUU1bkt_{%BjDYx-H<v
za(88ZpQ8L{P#`)j(0ReBjOD1vBwbBAbR=<Oaz{f!sAeyfW9HrNwMzm~BVOYX#RSzC
zHepPCUlU0_{*~>or@MX4;dC#bolw2_9Gt41Zl*vQwjb{_FpzEWEs+4qvouJ(S;mnX
zAmacle^_&kt)82eZS>Q8kQEgk#F5iEV==ETF2k%AG%hr_wI~F=X(V`~Q!#|DrF7lR
zSc&^m0>7voC`jZ}bp{4J&F*`$naHBC>K*>-XzdXX3tq2lij#<t20m4<GOaimkJg++
zZu3UAXiiAATggs^IQJ!i?!M@>qF}0Qx8msh5G$NeWI>SV2>P_@q@a#3WNy0Lq3256
z@L5PkuK(+7tasfT4%i|;wAE&CTJ2t8HCBCMF98{GV2E0w5fk`Q8TMfZ=kpg{`p3|7
z>xcfcIBE(?b8f_%@guzLT-?mqpT-x>$orl)4BtLV<deC$(hFpw2c2g2=>$|%NKwo;
zJ#<>*ls~-oN+`~m<X>>_?#3y4>GZZ*$Ea8gW6puZ_Bb?XEhi1jk;Vk?F{A0t_d1@9
z+^;{UC>oE^;_vF6aXUhK>#Ix}Z*x@sY+sEw3$Wl8th_(oldZMl)i%If2+k-XY<xgb
zS_pW~#Mr0t?K-X?%S{Qo9fdD&+I-~z|1q6_S;{c(SC}2k{@!(OtK0P)e}E4L$}F{N
zT1Pj|Ex5tYg&r5?4lIOVud<|29aLved=lFmmH|jR9!~};S*S2-XFp=Obo$0)T&*Lw
zUbgGUwk%i?b#GqCpbg&g<7uP!P~Y9i92rf1100<}Ix+pJcgZ<r+CtC|Uw><&_m&Fc
zCQqlLaf7#!tlPkeh(e(7te_)Fxe#@=pFf4lSigt+ne~XgO)hj0`tIJ{3G5aOboMPT
zMEQE^u!$Ofcy-lV41Z_$q^2G#(4Whtrv-h=Ze(<AmpMSYS!LnNy|9#PM=?RCpKD^K
z(nRHLV1llzt^4A#Vc&UQcc`kOR|d7_iu#+_nbGupVvN3gUP%D(;i#h($~Z5JiK_8=
zQNCE6-jyW#>h3pr(<$xsaklPR{}qL~bbO~3?FCL+;U7ni9GJkley$)4?A*`94#~8G
z_nYj4#bYK?WK36v2__`@H`HSjDDzBlE?cud=Zlr!QXfM-$c;)^TCAcx(Rs)bAd_=+
z+DzKmJ6l2nJVQ}=&ZJpCNEM=mD;<K)FhF9*;7B*<$rtVSE%Br!st#ZM<m-f|rk6Jk
zBI4N@?4D_-#}!#hEgxJ>5If{&M7A!?;-bJ{%akAW-1885*yb$obNvksfx~Z+Cz6~}
zH+b;r{VI!|NKAl!@@td0i}>*`<do`}{bpgTg+!|lwz!5(j24+F^nm^}+Mh+PPF#nd
zhHahi8bOUaqDXTM;9s!{k$Zf)lo-sRA~`d4V=GOb6DSj!VMZQHY7ULl7bcwYu5u!H
zvD#t=)U-S+^gVq6ld1a!0CAb<S0Uk`LZT_=fvpMSPfkyXK0);gJ!w|z<fK-fBCP4%
z%-7deJRSx(#RZC(b{yF@dA?{ejMTZ<(H7f2N+oS1s{cg1Y}Q#n&%uIQzbdtzL=6ow
z(ow>}ey3NMwQSOty0jPYT%NhMoI1O6+avQ8%u>@X&xTOQe&Jy9)l%G4r;3`T#D<Q7
ze;18-Db^?RA9F3!ao;{E0r&c$>~`P9yPiM-lE^Cp1QbOOVVBeSgshyh6?LYlS76)O
zzo)Hm=N(0mglR`kEK?6fW~_sO3XjUvy+4&BMj{Uy_V{O$iR+j;RkMIsSBi(D5#|6#
zhc4%n1v~S)gc2v6BbzwrKc-&)5cQ%de-K}k!$t3YmP)XgkY5%>`W6V~99#s_Ij&O3
zC}TS5O%87_k_&@Q7eCfhOfhF4y!ryzRRoqo;xB0y4=#u{ZD+e@$vY%DxjC(bxsB3;
z{9FYI0LJh1{peSSG=F-mI2pvFGNDnXV^po<@Q69Mp0XfHXi-yv)SI0?*J$b~tXiH}
z_6#AmenK<n$=7@e*yWsgHpj?aT04q&grI?&{bvU4V)K@qE(F~O?%^X@_8>L}y%x|h
zWmQVc78Aom$NeahY8;_IrFGxeitxzjO|R?gSeI`Cx)c}@m`I8|-MW+oNsRBvNMl42
z*;SrST}nl!avP#C>Yi>y$0yBNr?u*YYGLdk-guLOb}8eiXe`XU3GgmdDxp`xrCxQZ
zGjT&m-?A-$lFrbHj>ib?qq?SO2?o#dPT<A#ps)gGS(XjTF|RxlwhLlqL0)s7n#5|c
ze^UmhwPpH*b%x;j<u2kQ+?w1CvahPsADDB<JNDdVOA>Z_?E7vD6ISrxRlZn--MTtn
z`%)&aj;j0P{v)OLWn>Bbl2lGecDd;g7OmcjC^5--H6?V`+D&G1j+|JJq<9n{Su1%4
z+VtG<Hp;Ul(fp+%{}hmUWT4FnA1b7m;I0r6=;k&pr2CKr)ozyUUa9N{(aBK^uyz_A
zzWCL~2keZR9!y)bOK$acV2*x`fs|J~uTD34|A!MidTXR?Q--Lo+gpoB6iuDZ?9Fa>
zHWM$26bbp=2p$Yecj5%aim0RvgHaw{YBMJq=W-n(!_kVp+b-Xc*cgVRKjNjN#8GoL
z13@$lRM7;yT!Jg=dOW&Ojl&18ccZZ}VTOAB?xN)u*Ep5~3<!R~7;}#9iqB(OabS??
zI7`ZWIbQEaO_R317QbddHNe%^1?;~T@LMWKCPY5B{<LNDfw|X+sk~h;Dq!^U81&=|
zF^)*SW+}>u-G5-ja4)aZNbQFen{MTUdNbA@=x5P!eux}OOXY=d$a8Dq3f^%ewRWq|
zlx+S}I`{M;8!JNkZ949FjW6R&o*FOM_JALKzlserqKd2?WM%0Gr$#)`EoT8&!*7SJ
zI+aWm?ym}X52}dwe}})$^{7ls)CISRIdDIZoY{`P@d+kVmoA!849(xQ>q%$XBRNF3
z>h9ZVc%dXZ7Nm?fld_pA<KX+<LbckjMm|rSTH1U+qI$9X$kEI@i3W_sNZ2YdnV7LR
z8jC}K_rBr9lGnh$x>5?{Zk740fm4bLg6emH&-i>jnMt9c=@DwNX$dCY`TB*F{X8;|
zlj~6ONsJ;h!PZMvvGZKO=6v+0&8gaYTG_XqFraTH7NY-58ACvQDY^lb0=JedCXOYG
zq!l0D`1;5OPxA!AZo%w`u<5ePMmO~wox+qL0RisgNZBJgY?9{%fQPE4?TCjV07Fpg
zh3hE@ah$&U@?+B#ELMJ=L=LMZz)6dfbU0{rV4DOJ$M=kuvkHaia~PJB2{`oQscez)
zbr|_eNi|!nWVo#42&ZcPy#7=IZNlwYewx=uR0rYDCy4|)qVn?_vEq@$A|$Ew+kf)3
zCC^yI5@3Z8Ok@*#b)+RNC45*ua1Q6S^ix?-4N+I{2h6gsS(NhNFG^R>2gNOi>J6pa
zx1?w(3YE12g~UyRQ+`;h6d){U0a5EADZM0c$QehAY$qs!qEy%x%81BEkS($%g4YiD
z_YB9}gqm*}@W9UwWf>bJbc9t|EMkVO$Sy`B;yKf@83&tV_w54FVFzOXz;J_oiFo81
z*)18%G%DSS1RMw7+5T)WyYEErRt))}MUMzYNs;5#T`bJM(dy=O8Zh<i!Yx(1`aoXu
z0r+GWD^pQbR?}(_&GUQ2AlisO(T5tLyhOa|Pi`r%1^d2`q?Xz1ZtBR%e9na9!MOj#
zA1KA0GFZzpwiQJFFjT=>Rd6<zpo9VC4o`1K>CC^MDBl`kCieke3fl&6PpF2+X_xR)
zQFZ2YxE7J7#)%xy)`z7%{Dq}_e_qQY)d;Gw4@`g62KKs%rQZN%(A*H-2_r<JltzIe
zrOpk0K$BZJvTu+#tGfQ?H&V9T2h~#$BmE?ml>>-vE&vHSBANuvQ+cs;JLKkNdi$%3
z2|=^{{t09QzUr(xHFA1ytW-x~wsMgf|E-@06gXeEJIL}KH&X7GWCwUjwfZuz3nRDI
zgf1ffd61gwYN*4TsR%q>?A^;De_ce9s?&sL?e0}@1BSq4Lz=ty{h7(3`v6YG2LrDg
zXEm;i>D1cFD>^<*dhl_$iHDLs8Id8rhvjj}L@NX>y+LdL0}ov8BPJq3zI#OeNLIG%
zDddF^lmhk!0O9`wbR+<t`{6FXM!9&$R##Wk{(=iJZ{R|u-!%Q0kU;*C!09GQ`<X!2
zFSrmG(!$2#Ue7HX6KS;2(9i&h;1wZ93fN7*o&VP$&;Qf$T?QQNg=d|*!`w0w|E2T)
zFI<|qC5H6aq<`@b_D$yfuN{p3e*|p*ublEQFFECdu=aLZ0QHRo<YHufAQGXbrRBe#
zFqzRxOd$_7DFaGz{v$R3M6lKqw5n>R10^TD#sf}I@x&~x<rNDNX;tE~)@$m=qvK0c
zG12%Iy1KSf)P2t-p=r(%QV7Ad;Rah#osT0!DN&)TpEfMqQG*tPyxDnU2xDLPnblul
zEcf4a3qW3%n%coWMuPrMe(Owd@&YoOxH{;>Lidnk8e;zBb+dP;-&9uCQby}z8eyoP
znD3R=V=B2m8TjYLCcjl%lHnZ_?l$l-06hH%<Nd;{OE*=LlP}rmHdVdLDb@;0;HLxl
zL%XKT!wx8)A;TC|3VD)#v&pz7aVdgDGY=6Ft7$J0Z@NjK6F)p(O-mu_`SE`ZLeQGK
zen#s(rM^n01UFw|9rm<HZ>%_aE$ThD5s5UXyBv7a`Z!Yvdi5~$z%9;tYX1=jWsOPK
zdevy=+JL^ZZr^&JXb9tXMSVp~TOONF^YNfIpBHZ_<RgH}7>)nTn4c#BA&d&@BSOht
zn5f73N9VMHlof?bH1*p^c5^yU?e|kKDoiAxoQ7hs-T|ws$DIvvIGBvX;(gv}+Kxj@
zdT)N|A?%PRe+fRqqFJTzx%c`QDoau!076X^&$D{xs``<;14RCpfCK#ZEvY3}%JB0p
zArBuR!>l@5Ov#0CG`p4v=tpCXlXwu(H`c4WJCtHkxZOf6Uc(_Jk(wStlyt<BEfCW)
zZPxzRZ^E2dcr?@GfvlbPK!Ef{;<{+~7k3y{qGNo#eJ;BCM!UyY3HQ{AlCG`i#qw$;
z6RS{A2U2C}V`9La^X}T&fg61GBPH16=nPb;YAF%&%E)NeT&;CtNjym^6mWHSVk3}s
zKAuctb-I;zQ49S-84F%jJ}XQNhtFAuZQzFEe*93*WX>#E(NTU{;{$jN!Sj&7Bezk=
zt-g2r%gM@6llOnx1uWe^JFadpIPwt!vh6hyIp6f;6(InF@amK@{<>8&`0>>~qFSZ}
zP!lbEQD=uzG<a+7j(7p4-n?|P{jlsXSd@21Babge#RoE2n#mV5^v;hI&brE3!tK?u
zZfDW%lOvWM6(2F|P)Or6j|YDmdQdE%I%=2e6|;w{kBd7BKA#y~vuyR-wgVGiw*8)X
z%=&=p1&u6#O$$i3$2`2;Pet|x-$F6zhWJrm6Cg`~dgytfnng=T8_2=X$GtkP6{lVr
zK5K6#hNQvldXx?*aeaGP=<e;`ypb(+<&d6Qeyj25xte87M#VCPYiXk24a7>zvta_1
z-*wmkFi%`$hiIIrw^sTGQvl}7EW$Daq8RAr<)U3+)Oxs=R<Y)o@Ml@f{gi;d{u_9y
zU8e>g+h9Y$2*@A0cB_^${_O1!f5_OVLI}i90_rOW>yd(QG!rh4n86D3PN4Xn0t!Sa
z5NzoiLqi}`6>wSylLBSQ<iVMJw+qL7D|}-nR}P(aE2Y~0+B~0hyOw`zijymqtn@&*
zLo5O0S~bXJgN@!-6gpORVwk`~M2U+g>1l9oF6PY4FfVtMwn_6mM5L<Q-2fj3KK|>Z
z+s7Bnrm(D6gtwKo!`BlJw5l1Y&5ndW7f^RH-k@lD(CzS*1R{Qn%8#x~&WS_}$as?q
zP~aD4b0ZGX(9v^VE`H;?#5NKkJk~Tn%mbfhTX4UVr|Ii14#va&;S@_N2y{=ZGsuY|
zwWQ7r(F*GLL>x<@)Zv@RdtVrWh8L@)>gpi;m~~OhwTxobSEZa~yc|EVarKwGl?vKD
z^9G*7T|Cvk0r0T^0BQZ>(tS#zAlc-|tWG^>hjs4LY=?9r7K1Q^1s3!FK9ntARdUwQ
zLBcKdCVIm{3hKyEGke57=v#5sn|j?q8u<O0JOGM>jox$daQdF7MVR>tB7s{8S|Skc
z0?$m?UO4SL0ih$WH3$v&p#-htkucztciqlIyZny1G5M*SBD#l<P2rimW6`+j)rK54
z$4UR!ec;&Z2a_uBrp&M_Cj3Q<2i0C`Md%U~-|Ww~wUpry5Z(Vf;4CPX%f-<m{hHs0
zu}u_!3bO%$25jX#|HgSvS^yw&+*ZEl_t=UOFE(F2JA%<@GCEL}7hu!|?>c-RJ3#pF
zU2@XP&C9b*8=@bD;6kTBQ~`7%V6-2u+kT7Ro-G&T`NZOAE8tWPCZV{W_nmLr1l@Wt
zK@l+JMcCWkUN?wE(6%rEI==}n{VyR$@&PdH&U2th0&wsagO#;{s`}VcIP!hRbf9R@
zpvWdW>RrEda$?YOBT$0PTehhn-1q5RsL7o1$4gC<r`yKsDWz)MOS0_VZ1k~Q4(SZ7
zKliLdynryVx3FpU!aEW$ye>P+frH_0&pmNx!vt_OO5zuDr2)XvTjs^XPZ@g|E64is
z%)?QBK~4FlUw_*SA}n%j^m0ki;;tfo(M(;q*S;v4rMqSVK1Yz8`<28j@`|0@THuj;
z|Gk9@?xjCu8^M{nz-fI-1ve18h$Y<a$Pxy;avePBtda1bvK6jaZMBaZ@-*Db%;YO&
z#M?4e?cSRCZtU~f%%6c+6%aMZH$=K`AI;UlH56t=ujRcU7y1<Q1sx3t$u?>zDOjlV
zKIFUL;!THw?%^wINzcGW+w0S|92o=3ZEE(F2_NW9`{SF)fqYkRfDCEwV@lb?dcq(<
zPI>21oWAGNp(Cc6v6Old-=C9a38wqiA5u7nI04Wxp9~Pa-FS}eC^#U=_nGt0T!8m-
zn9|FuURpp{ft?#Ky0lGp$=6k_ml>=TTlKJad|ReuDzt)bLn{vW*Xp2yuqyrG@+%H2
z;U5xNds%Vur==Z5`If;ct+xVipJc@mkULD<v<3971gB(mE$4SBh-+aLjsd~D1L(q<
zBF*r-W+1^&mYptp^-bGqHWT-28quzDl_d#Qz9!<mVZxUHLZ`w@Z-@Gq)11q;2a>&L
z`cPt*a_WO)hbzToNk_Lc<@lZ$wDQ#n*Tfa@8T>k*WL|n1vfp7%A);&s)bKvK+%<-U
zBQt}sK2|8>g0mw9n*SgE)u`H{EKR0bRj|Pb;*$@tM%*%dA3CN?J!<}D3K~=Q*{93E
z^qB;nIUDsE>vbQlklsu5!g|8SRqS87f{74x6C*=yVWlqTL~v#Mu8*~zI-Pm@UsR`?
z-zcPZ9Uz$GDUiQloGE*pq!O)b{9(*0puXt-R3dql2Ou(etz5lX=qV!Yhw<`CulPL9
zrd4(;KO=OS<kb}b?L0piRTps?mh-K};Z7kO^`KYKrmOq7#eR4)LXv`|{WU+8^4`tc
z&wtu1c(GX1Z>w|yC0uUOMb^JNaWXU|8v(vF|3CSCfWSqP0Z$xNH{h+rSqnL>ib3_8
zeA|KOx3v#x*00)kVBiA^PSHZ6FsG!A4E+$8yGuuk$1o<cCa1(yM&_Z&t^)<yO)23&
z_^KDqJ%I~a3U@pyko<(%rg2;0K^WkTGD=ptyc|67ce`16-QfdGF>Vz<io=IW{CAQU
z&0jfC7~Zr}|L^|hjoDit<;KMlAfpIaU~iz=VXLfV3{B!^8sUpdD$>Y%d2S9A@)-X&
zU){*4$lD<(FszQMGw)ER`gYfa0wcZU;NGdp%mJ72XPzZWKKsVt5>4ufLGba-%eDV7
zzpb@3<>J>0a>^Rw+4D@y+Fkz4)e?l=9Fo8V-=@q({OICQO?f5_klSJbg%5Sfyc_;I
zgN8o)CWA&`@2TfJ(eW8j!A@a#(**G!W?^SxIo*3A@C5L`{jQT7D1@PHH)(VKkPee=
zVtj?#x?r-lww85PvKcab0HuR*C;X#7GHBzh#0CsG3;+<ZXp`N6cL|Azu)Xj1f|rG$
zM8Ac{Go^n|9s55mSL%Por8N7WZ}vGU;KT>lW|;(g{g<w~A)V#>sht_r)_6DdSJ}Y}
zDbfFqu=KG-3&|`{{bOpGHZ3@~Mf{)B*<_aPdwc$KR#`|V&Bf_IXR?7pq>p$0DWNPd
zkpUF6KJ(8>Y>M=F!?pjMI2Wftk!2tGPa@=hxG|J(gY%SQiUb&Ef~7^SdIRg(rcT#{
z&?j%45XHF2XLiB95x>)g&HkRN3z1>a*ZO{jpZIcgI1mCfMy>nSczLvzexNQdx>+=F
z@EU&pel<|x&hN}quFAj3)q?J_@nfaVw)!VE1SNWXT5HgBBgoPu>7F$Me?Yc&x+Jf!
z1xK~n6_oUdqh{}i`2M*7fwL?V;~PK$z!eS-yN<Xg98eNi*kSi6ACMnUEV(fLCc78*
z=EeiqepPdXtW2=``I2y2P3_VVTpsNsIj!1n%(bKM?rVVcbaZVy2=Au4IcF1+wDK)^
zDRT^*Endb4<Xdf1lqXo&R+q=#<M~beC0*50O+CDeHeU3BvBMwlmvaZFU6?1U+<A%F
zb!3)nUnC2fX#Xg9zqgm5`|!o}YFuK@8?xTMAM4C4EL1i0buMoi=H1}zO0K7?SeJ+p
zr*9JRkt1}%PIwsCj07<YdYD&Z<3M}fKj4Q_-oIxpeDQjJ>6}*#GA>QC+I3`}FQAX9
zV8{2I^x9tT?s%yoepr`pO-;=kLkYjI&x*Rb<ZQ&)z<)=g=08#mT~RvqnpVZV{?5+Z
z%Rt(zWfmtlv0q77Vg#e8<ynfT<#IpeAgsCe4@%=BF@h(1cXgq@PF_BsGMEoo7o0yV
zh_$GLNUoQD-%|R0bI%ME?jXM=-eyz{=mhq!)#@XjCJCY19@Ns4dh33DDGW@#cVq|<
zful|D^4GKpiW$6$+4g5-*g0;9el<4wc{l8s1*NX@?nU!wcaZ$<sUg4lOcE<3%??ZL
z0}H)?{X9-s7ifF%m7bJMxfa`Gle^Q`(|3LB@lV)V0NSpAwi%)lbA|<113Jl_%BoWW
z{PX{0<h_8-%HP8PN7LCl2_`$qDK5qhBWA~%yoT1VfP%XwW_c?0e4Fp^RPtQ_#`j<3
zR-qX_*_>uAhg`j6(-rYQfvL_(V6_H$fq<UzLt%5V==wF7&C>H(m~yF9-MQ~22{}ya
z?leUGY-hNy_y`*_lSG#rC(wBE_JyK{QO`I{?_2zJd$4v=_|R6k#Y>c>ps95F2wxvE
z+6x;S(;aXY&42T6SEN){W3M@-Ak=8&;^b^@^F-l=XkejXDXi3|nNZt&;E{QhB+cS$
zo$b2C{s!xVgHjm$MTdAR6-hm)FsdvQaG`PZ@iv?5__0GKoCv-|l_gh1MMvLi_WZV4
znK?p^=5@bYHkaWnz@IX=2<Pov9NT03bx*aJV)+_NKKzlb=xpAMNmKZyY|QuI!(8qn
zv{@|73{1J^TPr4$A$L5CXlU>OoB!V~!LjqZ^CIQat~xMW!+r_QyLGU2#w$I0O#>Yq
zGe+XtkBh4+oE_E4X_OH@c+4hi^k|&@5m2!EnC|#4U1;UWw=dM^ehk0XS`sz1kuhT0
zwxR`e_#>$W)_7;gy0*itQaGU^I<q(M%ie;3=ytZZn7v?IMsFZVqZ2i;N`TD$xTnAe
z-;PS#<D8<AHwOgxi(RtN&+C0a3@*c+eFzR`Q+wr46P>P<(}CYLL<v1oQdoadJ6)=M
zw^F3Tsz}oLzIG5^dzlD&ATRTo%jE`*9V%N#!L4#v*NO%_Q3~VF@?}WiGQz|{E8l%x
z=Gd=Oq#f_8IRk$xX<aSeodj?|y;<?#7SWd|3!Y6QrrPXU3G$2Wq^Gie&GW%F&3GcI
zRDl!^HpAwyLJY{2gzv69i>x0{F_j3?!0MwcdOj$pqX8sm13svam-MgWX(cYRjm#0#
zCwaV&8tbUgU~$bBECYd0^Q7eh@kE+$O+8K~k%WWtWvis5%(>bVik(s!fH3-`b@(@d
zV^gI_8x!0VB(`ojRRhI?q#jE59~-#ezLYnbO-G?2+@`i7z6q>n^g6tq*LolYNy9Cd
z^_OZl{WADrz*1mZfox}HVZ){2`sy>YE=C8J`t9w<enCI#NCedJa6Di>>h|A0d>3%|
zHTbsUC~2k9&=w_f?65_hW>ni*xl+Vg_+;O$C$O2SYwGSG@?`$u+btZX5^fqsMf}u(
z10g*D>SRpesk`egB5&87x!#gw&!4YRVPV2NmDUNP+31%SooEOSbT1`a95{Kk6z;wF
zQ{t#8I8S-6ib&Ifs1ZaUD*IAm&_uI#t&YO_K-+yuf(PA^uro}Z%UwV?%*;uq2iCVH
zy+43=!ws)rh2;dXS?nRtI}|4+-qAh|rw#(cAs;YXLpyVClY5ldca$QjD?5^db}vpY
z<#m5-E*O1uWr-`%3K(aMM50<xzMHV=mt)0LsYh2`ypt$>og$S*CG0(-?+GwWZ(uK*
zp{_8Fh<L?|7iEZPN@@!ikv#my=KR57X>+cu`SCCVPw~*o;~~>JA`qF#x>JgT#mtLu
z<6F@tR=#ud*p0<ha(;M$Et0Kcg$#lH(0K#V?HZ5KV{aD9U30zLH9&K{*bXz+z^CS<
z3BL~6sz+_)?NJK15MDcvv&UPKi4L>c?C-I-%>(bZw{1wbY|CbBxmMOQdwEXGYilJi
zJiG;ZwrrucSuLd6DFpP}v>r6vFXeV}ZEkL$eMR<!opdudwupW=SAY!XW~Iwe;|tTW
ziMP^uy;9{#TNlP?&J8xB`AARTI+2liyhYe5oq8;<yL{ViY`dRlQ%4MX!L{i!w3aaR
zwzgybtrT>Aqx^XMk#77geNAo(bNAz{@9Rt|7qz92A1Ix?D4X&ewzhX9^i!Tmhe@^D
zNyQ!cJUP5!+a^wW%{Lc${aVf~Bl5)wtzdL)%x8a^UJKYEyCur$V+};0i(ef2g~o2-
zGcjns2r0S_5yyiwT9hBFkbtvKb-faEyIL=MAwT=1PXs1v7bk$D7Iay2$UYVI^0vVA
z;rF?{G{~3PSoi?FknyMC{A{4_*2&po8ri2c{GUoI4`AM7WFT}Ov9%{27gcB>&sfJ^
z8Z+3a=nRct++p>py$f7}gMp8x7S{F%_vS1@Q1gkfGWDs4S~~n<f+JZCKee|g#9;L8
zR@Crog&R8L1@+o!>vA6hP#ar(R)?mIDyn_8ijORFLX@L@ypYPl<HAdLcChY_9RW~>
zi=gyc85KPg`oT>8LT){U<Jg>aoUUV~9U?$_LRNy|RAZdCvFDmlk%Ir@?s#^u<>7{~
z16i`{v6S)9(nmGX9^74$2peBDNj;jy4GAcUx2_6PfROyIna*VB$+w|KgF7R3jvQ!B
zO!OCN$s?=7h1Z4;GFlARe^z{%3^gL%Jy{1-!O<7(G%U=~#(|y~uN#qHiX9UCLd$ub
zWt{S4t{`>e4DgPa|2!E<EKJY5K`UNBvW+mGjX@~7q$6ufgNy=+XV`z84kNU~pMhj}
z9093u3PyF^DQa0hLrfGhzVTX?xEz9{GcsxM+=81^e3eE%pg=_)oK3`j{D2f~1Wxzn
z5H>d|va_=(QS~<N5ax2{fb5L3LDSyh;o%Qy9F2g)1z@CD>;Y;$&n>4Eyi-a^!8%k<
z@vNmtS^vGO4E&fAKb0wm^M6f+C2iAi?2jYb#ti%@05R)L>=?e1Z|Rr@66*tKZ$nTS
z_1@!2_P`;SmEObFTfHNdS0GAOKKf^h0qjGv;^G@YnnK8`>H|k->9-Rd8_IgVt-%Hg
zIO%FC7}J|Rz*{oyYJ6|&m0Swtp~`~m@0*$BCk#IeD^HQ?fwuIhdiMkTn`dnW&@v1L
zv+Rk}JbD7Hw?44tB|coYm2!uA^vI!3SDe#nutVAgRmOjD0|&iNp&vLOTN~<6QXL!k
z+buZAivn7-RVTIr%e=-$iP%weM^Hx|_=R`WfghC5EdfSBM!FEywD*GOl_BOh>X0N@
z67is62j79oQS6#Or+vi-AOD&d4mmeGo4$TPm8RI)3Z;(3oJM`!tZF{{arowEO+1L(
zNQxHg(rw_w_{iAC%jY<;1Uu^+o5$9vQiLGa2NhyedK+W-kTl6NAga&jUKi-^NyF{-
zygUfwo^CT{mmKW;>I#BReE>+W@_V`p`MjQhPAF?61Z~D19p-)ryW2q72Y{HP_^%X%
z@Vtb`q|#)!0T4g@LR~?~?4a&?c1EhbSi^}qMjl{@#%r&PDAfgWN2Rip)<@8ZH<MCX
zwNz6Bwb8%s=6^LuoTng%iJmkEd908Cj_cY4Zm@4J|HJMG@*vCykT9|X>cxuwWEWAa
z5J80Z-Z2Ew?H7#B!bG3}#1<<(M<L3tS@#1khGgd^Dj^sXkQ-ze))ciaEcBP|^B>0N
z#zIb^u0=YHc!lF7(w;$ZK3vEIqZG|z0#tWfXreY9H<v;mMbv96hd>h$!n@W}o^n9;
z@Ouj5?B?05>q|bF4n1i}bsb**a<;!@t|w<pP#g80&PfC<TrN*4Yfl3^4|$SQp>MVY
z7}t|VJnMHMb4(;gBtQ-)0q^D@GdUES$g`)qEeCTSKyHve(^s*$2tOYPaK}ob9Q6F!
zO^+%_I-<CN1v%<`y8H*r@`y2g%;%UqoE*X0cecYx86b0|vhMNngETf|MN=UhRvPaG
z-BO{-J_!-ra%G{vK&i0PD+^zHyN_{lOE_}wo}ezv;js}5R9~g>w~D;>UXzx-vWI|)
z9$(TDtX;VcnB>gNhqR)KNgya)&W4@T(yEf5Bp_E8ozfuu>Jw#jUlGa{t>%ZGrNxun
zh3z|8acCq(RoN0SFt}<F3v-fk4MZN!Z&4x2F+Q$gh-Xp{*F3#2jz#EC7EM4svTuo;
zT&^zqbTc@F4F%ls7><S4SwZ9sX)>?Js!)YCV`0bcE<N2*0sbCpim4;$+B*WH$>B_R
zpRzOW>-uxhH+{>Wi{*Dv>ou_Fu=;Y1huC`R<^+5aPrKV=(!<lpo<%Nh;QW|@JoE%e
z@3mRq+1Xh@H5!cm7>B4SCO5we4%5MVt&m?S8ftsBunSoAqW#l;FsZC}ouyfE*8kly
zR#y-^(Jnma9BM{zjOR6lRoSM)J=WBn`9Hz?J~W?=NC;v$f}7|4k1*x~b~WJlwrUCj
zIw|u|$mi_zqmX3D&Qh4l*Kk`%*U4T{o!6sbuv)Kr#QJ8F-_gu`SEkcSodE;`(Fc*$
zS?1(2dd8uH+!H0(;+${m$d!Yk0?IN-KsCnebLIla?9H21&L=|s276}>%FPD&(yrV}
zU3Vi5kzXb@G6mnZS+Gzq#zwTjRMAXoZh7bjUYyuZaTP4Y4eJ`tqF%X?iBKME%K^qn
zF6An~&b7h%3U7WA(yx_XX;c=DY#DvyX@Bc6rY>+XUTDVEaquc4&<37SdUu7ko7S1;
zLo~0*eswyUVYYT!v7gaoX{-gHna++w30hBiVg4TRrKGlw!ry8q$j6Y8$JOc5Ua3dH
z0e2`2k(NW!c_W2;n7IT14~gAHVE6Yll|@AX0HWjLKmB`7`fW*ZZ&^s!=ECLO18fpJ
zc1PMcigWDKohz)@&z0(sZuu_S(ZXOcTEsl~qO~;Yu-EX>_0fl!xqeR)-qF&l%Pvlc
z9|ML`+0`-OY5GI(Mu(OKg#T76sU#lUhx^t8l3l3{zZT?tTRrLm*GG7s+mG(>YpR;t
z^%9l`O<O=%WS9crsc_75v=f0!n}p0*>LAaek;a0i=gwBcKOL1nc4^}H<+bZB-N^I*
z=3O3GDM6kr+Y`SzDflF<82)4#Lex<qcpDCj=%_O+>CAzZo_Sizu+i6jt0{~6Neid-
zrWu~`Pr7(K=?U0RwO{h`SKPqOcgQzioERA9$&Ujv@w<Og?ocA-Er3qI0~>$Qsk<er
z?9=5fURt{Q!oFmCD;=lmXeAWxB+PqP=)|}1CZ+WsVTY^@reh$F2;=YTPESwYHc;TI
z)syo);IEZ3tEr{xzAi;~Ny%FED(JFcuOJ3x*8K99<yh!zj!8f$G?U8K0DnCDQxeco
z`3Va)rrMu=JYcj9<n0h<-F~HDGv7o;9L6x2{-w@;(zsl!%v90iA02rwn&IH>SFJng
zQ)O-w!lYpw+53mJ1`RkSY7(v`iP<FpbmGH{OEROS5d8eNXHXWE@s$K*J(2T>pZ^oY
zc9qAf_h@Y}Iw>jC^jYEUnpP9L`tZ{w6}v=j0E@Vts{PR0*0#7K9u$!?WN#2syT<sY
zJLTLbEH(XoZTz+2Hmg0=DS}^s@6Oe~K@tnT9@R@c0EBe+>T9Ch!iXz*NnHG0dclVb
zIH+a@$}eBO)cIVA0L1gXA`ANie<?9+g^rGDT-HWb(%rxyItC22eQfb>*h~_&AL;|?
zTy%XONp=6o6f^h>0I1DK>yZeQe}Q}UB|Ac@FFW_Hm(Qie6UPyA?H?>RR0QA)+QXUE
z{$%eovbNcmW#`GdW^ulzYyh^xDDv2KSsP^Xxwx1J$S(sj(Efc~4($qxTDzp-VKeND
zTYM2|PyuqgIX;tvk2$x#<3=+j=zhfg)fLo_6DUsooo)7<0KlZ*XJr}35#0V0>TE$j
zS-8GJ{oLLd1Q%x!;``*wdv3*KP%FitrghVQw&9=D=@|I(=1Ia@uaGDJqY9R3o4u)s
zz8U{75OWF8()K6`%)O?g^s{XU?%8JPn(FnK;j@>9S0@w_NJBKxytY3CiFgJ?xR<&A
zsOazL`~Mzx`X4pUf1{lLQEL4EASet94A`SzDqbh0P5+}sYcNw;T{;5@*8UFU=Tjtn
z^XxhhgLINJHnvlc>tiQSdjppI`#Aos7@HQ0ZP)ytRw^U&q3h}&k@DYj{U>$}B0wib
z{2T83H$`Z(zApLv4JQ9v;k68**6iRvopVU=?J(p&!twv(%^0xfE5@_K0ASdmc*$BL
zxg?6d<ds*1`V=gx?ybA3<559^=y|x@s&8{Eon1WPLzyY+fPyDG=Jk=8szl$sKdz?(
z4-Et5y{M<n36NX0)@%Tm;-W6k%^jl6&({Ve;dxNkQSDNAY4?#yQu6Dr+3)o?qt)Mx
zrYB`iU<x5DxLuyUA`z&_#Q9;CG32`bS3u&7WHd)H9$qu%3%R`7JDXYX0HAHBCb#Qw
z`kOy4i)%?xXUGLr^Xf<3;HiY=)mPl_4j)GJp<6@bXE~Uwf-5AkUS&7m3@oMp2=Ocn
zvimCw>KgszIK;$ldcIo_{re5Ft}>&0aDI?&^6}T=_FnOj6kSn*8$S;bZeOY8Kis)u
zLvSBA-0PHhc04G46H(}D%`hmgE3y+4r*Ad~7+d6Vz5A;^{rr7Sr?%+@f?7o^)3zCa
zNW=4kj?~hn@xycfzA38_B486ZgXt$x%LZbQK&z2Y+~4~Pjd!K|S`)Fyuc3ANFW0eF
zubDI=PJQB#q#mi^r+-h4l3F^i+%2E*Av0$YFh)#}A8hnvRo#Vi`#(y=3VG8kH&|po
zRPh$uCLV%w;TCWkP)&6EGo~23vECtYMhV2gRH?&S-cR$CWgxxD89giNp7ULuWL<~0
z(f8`F40!k#H%&Z;Dit$<0BN)9B?rAn18hF>u1#azJu(s!8h9aE9c4J|zVBxidf)vE
zu|f&I)!;;n6ut)$K<f3&3zH$3k}Dg%lzc|5qV9oa(@D2(LQ&}To|lGRV?d$cs|h>W
zJ<i7c>zX+sRcG8h6yq&>wkuvX72kBHk7(E-!$eU)u{fE9`}-457J~Eg$ZL(TAJCs`
z@lwG1tsXmPx(Z@j8&sZDSRol=(ED^i9rSqVi%2IjZh2={ihuo!O7NM?Qw__ESU0_!
zmAo+fV<o*a5bYm^a!NjM_CDk?F;&g=a%bSkUQ57t`%7Z-BilL;2lU6S2gLK!`wTw!
zA8lo>I(pDoZOA@_P-KS$bgpB`&=3saj4re_MfYGxi-#{Pz@Eo1E!~Am;Q07hI$t?>
zpjTld+8%bofUGeCQ6Cb}oW9Ab8r)pSWGW(NA@_|n@OmsWdXQ2hxZ4p&a7Io?p5K)-
zC3It^m2w2O6WPulJ!DremfNacAZ5%3%NDSAAR9J(Ui3946h>D9w={ZKHT@-lPk~QB
zAJ1o=LTQrtLCA6waVGE0Jw<=l*yJrVTq<RJm=gJh$~aZh;2I|x$XOzgAc|?v=JvLu
z)wDauiBI-zW_MlG9<eMMRqmp<rEpE0h4_%j$50@n+&v5Z4$q3*MWetXLam~zS_<JM
z?+HO4`o1D|13LMOE)ON}5_O_H^-Xs=AN&hq?d^-e2mC`x51l+X@7h<SH+>a1rdGW;
z{y0?4Yt|*5Mna4rXj9HUb>8Q$i&u?y*q~qiAkNn#$oL$;s=}QucbCZBf4|UKd5zZF
zml^?_9GqZ60*<(!Dr3Y|k#$fjuPkDa$wl3jYDNoL_{v`FmnhPa0}FfK=2JY8Qd77Q
zgsl8dB=&Ab<tbi+j+}wK{0*gKybf*o3kp+5$FjcAow+-4ElO8M-50*$Of`qv-iFsq
z^h#+p&tj;Ks-lAzJRatZRp%EL25vY~;n^;H;M}~SQ)b=<pQaTZx44-=u6=Vj-dg&r
zy^f~+sRXJOCVJm%E$KTqcNHl0%^-8&pueugt1p%`Szj@q<*22d23Fame8RgH=QTR^
z1(|T^twqM~vM+GOl7jb5eye)_ls6w<8Ic`zZ@Py3{o2CFT!5z)jT&Xq+E_nueWb5R
zK&RznY8#r*+1k<z`YjNf*MehGSyET;$T^xwLV}CyndXv1-PNLp0%0^@Pnum9N#6};
zktGw_Ox#Gh%Q*G?T~e)y<`LG6)JC*)Y8CmVb|Iz6knW<-`1`W@$s>E#9nI}Z^qeWU
z#jY$>+y@E+Y@N+`jllCZj#wl->fD@<A5JGw3N`RgcNh+%p{9FYDTIS}8+O($>))?l
zOBti5je0;9pzVlJ!JSMy^+?WfdFkZiMD>BqgYzT{ix_D300SrNpzE|cK~NBHB-@P6
zrx%<+C0bfYkdxjVbe5o?^h1u;cu~hI;dL1FI{oz{Iu_7(81}(;&yWNvBFr66SXBLx
z_o*C9i`({<6Gh=Kf!;R9F^3&8)mVbdLeHYS-Hx1br9md)5~b6N0JwKWtsqs5vFpzn
zBgh_|m!}vdE6ISSxmusx<wY}7-2~#udQw;rbO1o5^QGB@$yv1Jht4J_kAfrDH!D$l
z=u~{E?ayub1a|s6oAMD3nGju@j@lVGmv^s$SDgdP>Q3_%Bt5s+vz&&RY9yPMl2?Mb
zHAs3vK&1Hf+^Hn5@!Ew<U$Q7U0r$b=zBYQ2S3?A4jxKHH+{;N+!o_?q7C=>dJ3iWW
zbCY?`U1Y9+M*8)?LN<|`K)RL#4Ftn10DqfYbeF8$>4jKskmz+51-Bppx$*+Vg$vdP
zKm%bZ(GYya@q*~G)Avn|o$<bJ?a(j?VnBJ~4to|*Tq7ikBoRw9zR6Z(0J`d?lZP}{
z4zjNu?EaiU$$`vyJOX}uJUE^dafXnP{xY%_aI+DkauXCcv)IECl9DbOb#jkgO8G2g
zUvC!-Tsi|y6QPsvvPU=Tl94Wqkm;Ny`X=O!8<|=Idwqo?atOR3B@sC}Jfab*G7h7o
z6$4Et$k+%Ogl2Ei=^F?_(oo-!9r9e1z`dKbfcXe}39K@hW@*fs3uA>S5fYlwx@W@q
zQ(A;54K-?U5A?d`|5A-jQZ&P+)Sf%uIsQ6wZr+A@f<YXj9u3nDi*pJ}p`jf;N^}K#
z<Jr58kC!^=2+}KvS!-9@HFP5z>?7%fSwIKc)mK{$@2t=tTheh`E7I&%&kT>8+*{av
z;V-a?7F#1^cXW1$kx-Hvv1~#Fbczgau$Po}?9=F*)(M3Tv`Tsje2mn0x-|487irkG
z64e*UEiKdl>T(<>G~b)q8q$;#7uPnm+M|+B{fz7o8TXToX}LL%9*Q(ftHxK~p3c|s
z0@v;dSQ%7RMtc<yQ|h}OS1oi7^A86re3y;!AXhgNt5Rd#e`ds<L^ays%tBe&o?YHH
znO~B3n@mleo7sw8;=G0c_?mN7ZD!t9l1ZS<F5O=uo&u=Jee>Lgc0QrjSV7(7!G3bf
zq49t`m%EnX$d~G&Kt|)W+K7(JdAV3BBo0YSbBHJY!(k2GP-*7MO#Mr;%?q9;L8|Eh
zPqiKAR#?Cu4Xqdv$tc3N!G!fbw;&Nf=W(Y!9S$C1IpgtDEST#y7?ME@inj(^fcZ4j
zUQ(NTG7EHdE_T?LF2=L~upB>+PhfVygsOKf!HakHS&y91X|u+cj;_7GeXW74Cz*)u
z)g_1Faz`tOX>N7creI;Nd8@lo2&{~Y%=hZBl#T2NOK>Q`j`xLZdYS`0*(35Bn@Ctq
zXj4xkPR_hu(C4;#V&yhQxLsyYxlCXkbgfJqbt_!oaDoC2!8e>^B2dsnF!|S!X`Q?u
zPpe^}3lKZkz6`g?Py`}BKqe;7r2(>91qT-skU8ZUe;kp>hU+|DmF+SaVTPG^<xXQ!
zcnji9ccly4jTm<Z=35l?6+D^qlLw|F&h4#ds+(HXvM&~q&KTc8EcA6T<~=tmD1PTf
z{B7>T+5Xg|#w3CYwVD1j2xSBBUyDu_suBVbJo8l3nF-EqoY?P*lacWkZMO4~Kt-Ph
zQ7-I$J>HkuW-F3a@1^6LYYzFLN2j#ugPi|Dlt4%oq0Q{6=1@t6uu=qDyx@B*yn`~G
z{)-{b3>BQ;x!i?~=$1*GQQ1n&?a85%{oo75XNLes=y>70L)vFwFU%_GIW_E6?*J$5
zgoQr}SrD(j9n(HRyY^w^Vn#8V;6VscJ?{Fh)z|O*(ZOzr+d3)ZBgT68wx}zyE1#ei
zLBDdZ7p8zY7t^Te9A_wnjE^5Oc!|-7kFe$RvJbXaDC&Bahg0p<NO{x_FSFdkNFb3Q
zPsSqG^J%5y)XsM?K=n5#kfa6sRj01oaemFsSD;TTcvo+@F+Qb?aH4SN>uK6N6)Iio
zNKh#1w<Q+&QxUgF89y(;#9RZ4TD6LU6<?@ghv;*;>zE_imu*7i{Y6Y@4(9O7jwaFd
zJh|FU>OFBnyk~S@Gd5UP-lwJtN}af{8wuxJh>+`SM2C7qJehfnv&z4ejk%;d2vZWM
zZ7^9-FCoN)0*Iz9Y#L@mG4jS~rRIEe!?y^^9XRc37J%u<JH+P6&)yo*Yo=_@MCQ+2
zyH41mcFT!|2Ifjy*4&+vm8+we9OeXto8?az%oh!2w>M=LJeQ8yb1dF9_J8%+zw0^>
zA+uC|VU(u6z7r|+>Je7Rd$WwvsIyDVw106C>5(5U#bFvsqV3}#@d5Ei_d?nhl2%Gt
zEl|q|??2;V09Do)x=e92=sK3y*ta?&fUIwL`H@cH8caVqz-`U@N0g3Qxr+epJi97n
zq7ZV|_BD1$OxkJkycgBEt7vWz<I*?%HRLB+y6%n2i+pj&#FbGPxcNd}X0Z01*MQ;P
zg)nN`RSBPZ=^U#?1$5;E7}36R?g3Km^JJ>2l6nC<a%5@wR+346k^>hI{r<V&E#+GG
zLw#Hyk4;N&E1JwgRn*QTnY<0VOTB*A_|#DDa#q&{%Bm8Ssh<*{bF%PGrTD$8-Q$w_
zqSjlC@$$wEyDSYmL}y%bS8rClk}phxCkDEMh?H9)iW?cQX_VRhpA!>_fJ}XF7*?|S
zuu8;yvrq1A!<yYVg<jvghKLgu5goD8(&nGyFn)R#yPvDLjJ2Ekj^noWUDc6G+|RZW
zp24qqBi$`opIEuk3lLRhA;%5+up?oNf_e~0FUeLWE(9OlHg&y5H1}<3^U(IG(3sQ`
zHUdS$`sbx<7z72?x%!)<O+-zik8o|-+Bba&_0^*|Uq>rSAP;%A7;^U6_zk(6!w#W@
zlJ*C8Cvy{zJ{uVsS*e*;{5_f4W-9qOV4o$ocTSa^1y_x2-S`AP)rk1`uwoxj^(s_H
z*-$K%^A`ljSTZ(H>p!v55R<6ajEw2c9zzgSM@>4J{FFG!5vp?$Un1!iE)geKNeC6Q
zA7nof*sR%WiFobxeq+%(dSrd)51AP=<7s)bt%#|T78Q~C2d`7C9Q5rMFuYuvtMkT<
z8w5ZjB&G7*^00kV*=D#4?&4n}a+WNC#>mRDdk^<hF!EBA9*2d#Wbw*V5=~OFOTbS@
zL2SS3mx-!3+vI{>E%+Sls3^8-%ly^vdPc7+h+BGxnl@TzDAdkVyu}NUmHSh{D$ig8
zMS2>uj?)tMUoe(yXMG?u?1bCTV4+=TNWb9yFA2wu>YICzlfew=pn&u?tm#bb@aL$G
zg-K0z`$`M$w{!i^BjzrW=_m!jKFB$9Frt4f+XYA2?_K*Wi5!Un#rK~yr+YsYs0I)f
zKBt>DdU=cW7Atr3?H4=G!ZxrJtQs3TBiQrqn}=u-L_gwxRY_Br@YbY>U(-a30se{9
zwWIFjr#~61*+;IJfBAindQ*13vYPeD<6xspIDwZ`lvGI4?6Sq}S>j@!(?E(>`kwol
zTi}S>5<@fCRp#}YpkZtIKx@)b+HQHN*!nXAL&SZBC$e3hnDm-9#~~Hwq9-e&$&Y8K
zN6M)$L(<C6&Q-3J)0<4@N)#s~btlc5>c|vi`eA~7vKoBmjf#}~hm=%5CgRov&@kZ#
zB<AG(0dX#uvGrUL8>c#>IP@>;VNtuhXd#|^sMG0CckbXxFCV9s*N=?W>a~WJx=K<S
zkcSIW9_NFOTf2$W61j`Dj$2Nfk?A&~x!_^D@x;D&JDyT`<hNN4J{1&wF*IDh?8_%v
z2r0AENjH4>GE6c9(%>dt8za7Y`_a4E(m`sq5R|sQp3d-2bv~KG>}17W0-1u>%0`k?
z;X>P-dwuN_;~=DV=+-B{oJ0Q9iS6l7yF4V};p>8ObA{I*nfuLh`IEO_XSd1?8cuut
zU+rA^H(Tq!K2;q~wI|n9MTw(Y3spr!O-)WIs;yEX)YR6I_DE5b7-Bl7s)jV$9&>|M
z5g|#bc?d-*nwS$L;T+l^A!<w$BH!qDxc5)EYu&ro+H1diz59LE-p}XxJfF`m`(-Uo
zzy<h8P<4%9Iy>uAq4qR%P-)bFWcgPNbv-}vks;r15&<0=th^<VJ@TttO^B7uW*3Ft
zwc+3mQB0m5{h%i=)HEhcT)j#<e%QUvkR3NmGrKTMG>U&`#&fLmFx;E+z%h6-TAy)P
zD?J1axnquG>KT-G6f#tUOZ}Q6cdm(6ZHn=tJ+Af1VZ@#!8s<=@RpKKw=&h{%LtnQd
zi_$ir&)8~xS~N8@ZJ>`%<TPSvwWog*j0`|WVm%Uh4UPjrrfeFhOu&5akTg}$V65$1
zsp~4D)y{Ya-7}FLYG)X51*JtOvP$jC>#POCZiC)N2BwDo5r({Y*LFszX+@a$RAX!Y
z`zmN%RTK!M74f|pi?^)qtoIWT3%?m>JmLK<T7Cm0&Tme_gzLi@j{KU665@@MU(n`(
z>dO*2e5v3LjlJa8u*j>$+EKAAYmGgMipv)=+<iT(oG*qgvv)f9Uo6@Nzr?R|lYnv8
z2eudZ8{5}83QMe}Yh`flYDT&etUfB_ta`ACA2-6;I3uUtGW*=#lsAI&v31TT$r+Ai
z`m+N7$)BGP^jujj*@R$xts7=iIr}RW_-w#yl!Xv;5qhaPX{{$c2ZD*HLt2YgN*?;C
z2gqwDEr4`A@-p`$fL!JmFUZ;NyYs=Dfl|JF--7-8%j?)>(Uj9`Z7tuicPcHRKKftw
zBu%Az2K?2HCCQ^bddTa~by3~>LSuC*{UlS=($H>n4)EDIjw${HT;o}@IL91e%Aq%d
z=G@x;XkJ?#v67a9MYI%>&P9%Yy9tdBymZCd?z3JnY_y4zneDn%G1Pk{YmS{fIzt+*
zN(;dT9mF;1)d}8}Jb9X_`u_dijWFYk^Cov#!R399k0^-L?`lIA?#h>5VNq4RM5Zr)
z65YteKKXq7%ImVJVOT^pg$?SP%&+t5XHy^@k?4?XmE%T1!X?{GW|=7!pe)WaZ-6$4
za847l_TxAAz9_7qZA*6z%uI9Qm%}h<@s4>#nJ?p@ZaQR!XIM`(qvVmlRrd82j@|0c
zQQDilSE34?)>%Igae@3e&Y$L16C^k}(X>pRBp?z==N_CddXA<qb*ikB5&76kyED1I
z6K{zn*_!4a;rytWB7R$OTmwr?YR49qQ6QSPS#U-e7HHMW<*G~lh{Ht!61zCn=oyBz
zoQ1K)GZwrhWNqebzy+VPc_EB@)CgM*LtIpUSnpH@>OgenIbhiqpu7v{bjbyyDeuzv
z#x}gE*7l_9QtGehK=z3x{MRvDNieiG_wvaTtpSoG2xq)C+uYpp_4PJ68XvBf`i6b3
z5IgdmFgK9_OMFC_yR!wkW2d<i*yDAmzHd&Z+`^n_)4|CbhPR%+WTCKrAl%5PY-7yd
zze5}PHwiX3e$lZt>l;FWa}25pDp?;-aHQ>nMnpoC!}6<$(SklexrHTh{S)ZYmZ$3y
zX>{n7PS{I{nBB)iU%u$pMm+`Sni-b~7HNes#cU=A`2gv|)5(yyt<AJ7sBR-b!xCSW
zf^axx3mOlzQ6wjDVtUX^-A&LX67241&I_(_F((KIO(EH87t>bQ3PFTFNoU>!__j95
zH*Ps>s@=#1<BDTDyIZiwU=MNE%bNC6qMFgllKgcS+DABENmIr2NEBj8lk66`GHns$
zWpGqmk#{f`=&W8Z(UhRi+MEV-iH19*JjmvV_9O|3R_!MJsmB2yk(Mt<b_JFWd2Q{d
zis_WF0hm%YRbFuR3vB<E1c!TYD-5v<oUvOEy?S$X{BIZ@ISx>1Qy6EaF&FKU`m!J$
zRF!Yr#>N>9m3>Gf;k@T%F&`|PAGsvj**#zE6P+m-Yx^ngPMlGPiv9gvJDYnfNv$ic
zEX9#wPIXpyv?Lk|mQ$qpt~W;I2nU-38@8Sp&9wfTg~y!k4kTzwcpJE?gFQCd+mxU?
z`54_;pf>6pUvg8}o!LwMEiU92ZiS1=`TLbehSR!_Un>B=3WzV4wP)U)B9eHhBhdr3
zlrE6}QDn8cGF|n6lrCc2{YuY6c7wo9-;~M-niBscynTvULEU-Ved<(ZZte}E;S#5)
zlBYi@i!QL@=Xq1cLkMX(`AvSYi1(jr+YHd6xn&0`&^IKmfW&+^ID`4$C(;QFbY7wj
zZI$^*+5Tz{#zmC;xq>^Kw5G<^|3eBNbdTPcvajD=#v!SB^iJcL=M|WH`G+rCy!gOy
z4}|e;Y`{U4X}+;i$z}m}`@7S{$Y|B6h8Z%WG2j3Xyp#A1t-90PL)Gc6Ug-x5QvS$2
zJ16pF#F4xD8=)u&@S&RXTjoJ+4u-FjRm%%@=(HkaG46x7qk@qBhWx}X+UzIWn9&=s
z-_*IX*nVD*fI0oI%9_ix)-bH2L{4-im}5*U$oSATw@}I6+|>r9%KgXFH)`=@{0)EC
zU-kiN@G&@;e%y(SkGZqYA~FRIu6G(8-AVi8t-S-xocy+BDXS{3!1J$NM6+h}TqdF&
zu2Cg2n>egxQjl*r7wi$`G!~xxuo4Mj9of@w!e%b3(nvSao(N$dcWl@=AZoy30`Ac%
zS+ufK*PP`qaTd54U}YyF37^jR>S`K3-{F*u7g6A(#?r7r3Z6vxbD%|Z`|E@3Ggq0c
zibLf<MO_Q2A3YK6a`w_q2CB&6k0`<%ZzWlukl5w<j$crmkDy*F-+>FZDbc3>)Xb_l
zY=BWPl1qYKV*RYPq;f9$vTh}{^XIiqY&YuueJ*U9x)Jru3fXO6MLH=a>-fA&ABt68
zTGZEvfO;cZ*e?Z{=-jPOp2gzD`$wXeYp*$BQ~YE3(Z5Op+R3@#MKX#nN4ZLnWw?Y>
zvoGL?m`L&T7~tKIk6Pf_U>S}Ku5vTu=|<pY<Dbg*U4)*1{c>%2Z`*)N$m^@Zreuhe
zuI`kzMpgCwV%gZ8nd_jPjz0q2LL;d(zbjZXt!a6yREBT|oB2=EbIhgZM>r$Ft~2XT
z&^@(9GGJ3BfI3d8K7dMyJAj<?7gDT+Yi-~3T<b)?lrJCFsup@PW^FZAzUetc7SUSY
zA6DJ3wAnz}$u%1}?dzIs>kT%QmfNCyPjmZNV$<?rVBL$s<}e;T_<e)yNcm)f%D~me
z_|s=jWVBn~<tKLOtNLe(C?lz&#UDj;Ls&d)F-a*rmP(y%^4~8<(hcHnA>HEk$!!*-
z<paq$3}y@rVOhNroA1<|0#hd=y{2;#yON3Y)co&tw|^~E_<BcB-m@|82X<R<6rF!l
zh;3y@V`F-f;p1N^>h%+Z5byadNL8<ne_P%S%Wb?$h14OkIWIA6)(5N$-ISJ#ptaMZ
zm%-hx40)Fij-q}=P%F5?127s)&Qn$!Y#a(HDJ3D`tJT!nv3}STUS@;`%x4_b`Z_of
zs8Q8~;=X#Qo$<B3YB5{VdoVA+c;kn)nBb%Q?~JnjcZ@q9%S<nZ<g--hp5h0C+fN=!
z!hIloee8CL7uaCGREo&oPUG(g^er(3HTcRYuvP#fIJlbDF0fX(L}0ekf7$=_>fIJ(
z=F}k@2`{`tg9ewdpbd+&2F~LLwKlUQ4dYh0)cGWc6adRo;Eb1m?+Mtix$;M2>QQTt
zyI-GpI!f_zMkd{^-z9ACnp{#pB@T+)Y#tc)`+9a_x#06gI3Q6P3T<h=XtkAJ4~mbq
z)vM3Sm}8R$aANEQI}V(LYwmc<*foO0sFaQ`a0zW&th)<_kvWV1LxbM0E^I*mcn$;8
z2qmh->t2gflB<J{$o)W}(DR=t+x6N1M)@4^9~AfTp%*P=-p?5csi{a94r3`if!zvh
zBYLR}EkbXaDk*stc8xdYr^)1D9T2BghT6n+zPk_o3$qsZ?+^Q+Cuwz-kcA~ZMS~L)
z|BVT>w_LrKQh-`bh!Y7BDsf_~OUcuA1;-=<k#K{)PQSi`R*$ODB1!$oIRjp@qcn~!
zx3}2bUU87TV}!Ka`Y{C~i<swhy2Q(!oU8aUic>Z$4WM)V54Q}2r~gv(Da8EWm~h7Z
xAUP5`W;U1e_>xY4_wI+|cK<*4Uqb?4e5$$H?|gr)&TeQfUvjh|UcB}DKLC2BWY+)y

literal 119629
zcmZs?Wl$YK6E=GAgS)#!kl?}H-7UCt2=4Cg?(PJ4cXua1a6fqPU^nmk-nw<`tFLP2
zPwz9cy*)io_wM#YDl1AMBM=|}003keX>nBm04nWY*8oEPlf+;@vI79DTwdzhE~>`v
zWDZXD7S=z^$y_`g%*o6>tStZlkByof>m*{H#@tU+Y<qZzX>Alq_DkWZHFpR0WU-ZV
z%cRH)nkHs;N;HQjc0ioNiT`Ka`Nw(R#}s4fv1)D2y()j7s*(Uwuhqxh`CZ$~{fAGV
z*X`~3l8~S~kN>;aE~W3o%U8qM6MI6RJpXrL1;hL~At85H-(KM5xv1f1f9OtK1>gC3
z-L;J&Zq(jghwppaxuMXvMf>=>htK+6=2zF-zE3_48dJ+!++ajn-TSw7m-OeC&)v^N
zAu&du<oI{rq@Db|os-#jpO>}6-1oZ(|LI&(!yWX`9E6jpwQnhX$EWAcQ~tgmz9KX8
z*OZOdUx)HPSwu5Fo(%hDwtBj@yakoMsT!9>y?Rw#)B70S#_CaxJeh{>q<&iV)?T}x
zxF4Y7qHl^j|MBKI$H};~nP^4sa@*dS!V#0-3z^&@uSVOkWLljcGFfDzd2c2BGVqI;
z%cLnn_we9`9mo6W^4f2Tz<qnv9rnOvRO#)Y?X?Z{)6nlz@6@2QHj^fKev`IeL}!Qv
zi|2j99UZO9&^c@8t#{{&wz|)czCICn{B0%{j>ylCnYHPCvgUc8=%x1}`7VF4zO#?H
zAItH2+K3SY!jRE|;n)U<-5*hio<A@yCU1-ZF~#%4IsKRTm%=a{7kj_5jo0mjp%c@B
zP~k&u6KakW!~t3QWFbyYC#%B@OqL|M+K!_<sYvQnJ=sbLJWfz`<*_cPrsk1X_ebTC
zrmk(x1DDq+I&iAz9_)4A6F;B;mrn9_zson8VLX~?k!QZTZjo=AD9BLLJz4d$rgs#D
z&u-E`U4P52>)P=mL6$bxXR@+9*Kd@1&93|G_`6-t<s+Y8(IfVXP_c!-#FdcLOm9(H
zMCp_7gVyqM`|7n^#x50ug*YP><-P_wSz)lrF`*GD7SG7^ld#I6@G>I<_a+uAMMhkx
z&n2x}AH@^t!LifdzNqid*AypMou8zM&InsthadQD{*fCb@hba>302C@-~*UncBhma
zqfNm0e=fVWQ{(WCVF@uLS}8byAxU$0k&Hnjc+%TP?6_5^W)m!&vgjsr_6I4%N*lFJ
zn{ef=nY#mBi--Mn>-e&FStrwneG}0j+IzdyW|XyJZ6iKE#x#tx{r&hALrvALHD{K%
zyku3g)N7NPtzNq`l#H7##QIOqn5zJhd$A#>es8i$-r}B@UjqCFCENXqBH0Z#zg=j+
z>$=UE%C5gAax^qz>fr?Wm8*N5bzARS7E*Y(1=+MVHy??g;M}VFZnU=7_?B*fQ;uP7
z3MH0tm>h>1Q}3Fq4~=9GmxaTupD+LW_F$<Uv-7>$*QM5zq%iW3r3Z9;Pk35df0X8i
z>s<)A$Sg_2Ef5`Rtg~kA@WfNk<5szXP1eJ&KWBhV*V0id<GL(l0anE=_Q!#PqwGaR
zQ4!gbxU>^_Yo=4W)oCi?y!N;z*h*_pZgA&VRmCN%={6O`oPjs<?hpH=czz|ObF%Ri
ziO`(bGAGsEWTbB?XI(rPf{bO%4~>;$3G-wHEMkWcc+PFk$F*r|k0oA8?$-*|ssy2A
z#|fDMjpdsRhn&?k$7?{Nf?uoafh@_=w|Tbdm4wEs{Y|36oKK|yuHIat9VUEMCv`u_
zZ?l5(5;V3&`9G6#b7_fP)k<)wiUi9e`12~Ey|Fpal!RIiKbUJj&#sM4W29RG5_T1G
za209WDqB*5?{ze*wtmqE=KPJ-%yda`Qj@mP(-_sZ;Xr6xSJ;KqI;IF#ep%5IG!9Z$
zH&m@wSC#((Yw`tsV_IxIusa^^xx`J9+4ra4Uu497h^HibhAy2^{ia-AHzM=2#kxtT
z>B0y&e>D=vL!a&UO<s34$AY7n!+C+0vL&spIG?Xbm(zF%7}zm$Hg5IzX+7{Fv9K64
zwVMgxrsVr?Ns?3_1Xji*>Ex{kvwC`k7NG2PJkzguZ!Shl!Tnea^YGs3E^7J>uQ~0^
zrRQ_}UDj6+g~nrvgNH7>NP!p3;sWc8;k3Yh)D>XPs!quqM6y|Qw54dfSDCnQx+ne=
z!4*ro+zQ+Z)ujCT&JquL=E5w(u5#dP0raLi>ryZhYeXrlhji$R)!O*Q`WGG<-k3Sm
zRt1V5V9^zL8u@x-Y*C2n{y3&!<upw%e{-FPxt*(P)MqF#)%su+d%2e!6dc7Z3ZWli
z+T7W3=18LGHkG`1_x9<apn1%yodOI}H&4uRI!$oOuTY4cOvnRbbP4WEIc33AH^m!v
z1MR>}KCAJL0BgB#lJ)Zy({5s5*JOTqXTU7JLFM7d1`otF>k$`b$a<ABjCjDFlABJb
zw4xf<i-$PBhBDpCf(+PmG9;-tyqVc2$itpW{oH&ebbg#YemN{y;(#ciE(%ULd|xC1
zkn*%ye#oqpo<Y-Y9_UN1-}epGFp{gDwcTn$x{pwW5WbyUkT7;aed_}R>t$qd{+4$&
zDU@865eBWZJjyb`f5GUUF|D!%uPB~<*u~qwWcQs4@mUY08)6>kAQ3E_JxKF5b(>Yv
zyGweU{MHIC$Go45YvP9M4wyo7dtN_a;K;7}IIn{s?*fobQXPD^%cac0sSTcTV2p{V
zEab9-yJuKJh*pY{?hvP&;>RJ}LrT%L5FH3@3BUvf(B^pa)RK^?hkd6Q<{n2VIdh+F
zzK$rwGs+-qD4QBe8xL9*NVghPtm-qFE6Tx29&F#sy80%gMHvXQl?XaW5)dAd*sDgF
za0zR~lcTy_4Jf>F0))5B#7+Q3vH3FFZStRNWc`lE*;m=%KLj#bXT?R0p0zyq0x|7O
zs6Cy+sBrt{VT_!*rv<KpN$)tnVxxC+*~vXs$2}C^NKYV{80`|Y^bq07uyDph{|Zma
zU@2&_(vC>v%?N@r>33I&iL7Xar@q{wiT`^xk|-t~?@z~nz)P`T0H%l<&XnS_L09C)
zb1DY~2)j(_Eke^r0O`sxS_u!)eg_U*#5B66rZk@kgfdny7ETjdzkJ8blnfK~OJ~DE
zrT_uHKgl!BPY(w?n=RMU`3A6&&A@{imq5tM{O*vRS;t7bnu<XQm9Px2MonKrjye{^
zO;xAp$dBLXR}6I3vAYo(3V(bu^vpAQ6GOW?R1oUD40dXa203Kb&kVy-q2>P(5$_YH
zWieyI3#-~$d_N7Zr!Q5=-Qn0eGre{gJ?;!p=^&e>LI;ORKl(Z0D!@v;>ATQ91dot2
zj;%t+*DF#niU%S|{2`<ZyrJ>Vlw&IxaHm^~E)5FQ0Ae~qk3neo2Acz^qK0*Je6m8R
zJxh^l5-IRI@M#@JhJY}z57`Ub)R2Nm{;>o;#eyp7yZrLo34Z*xl*p;dz#_y2HRp(^
z^+59y?^(<^#zjjk?Li>UO-ARU{(v`ggpk9M+E{~ecm%ZJExiPsk~o-^+?^2GKO)AJ
zByo@v91C}RLfH+x)*R|4rw9x2@y1AV5vMfHaxV)Av7z($mBddoqQbg+GkZg=#05*8
zjbk!WN95~*ewEr_ooKVew3&rfC2<V4S1MA}xH^(TvURYB0zRh)%YvXpXXc1=&4p3t
zckhhC;!qRqXCCvJXFdgmJ~vUj423Rzhf0*4&3ySP2NL&>W0gkiJR+eY2=lt79#uj8
zt?4q!N{;6o_x0j9E7sgplwxrAD1VAVk$FAbP@9&<tC~)zh+*%B-BVHEQvsLuTI4ie
zxa=LWC-f*(P&q++sLG?^e*%ynG^CZmQJ#uh6;6ieX_vL3Y-<tqzYU(co>d@LL*&gV
zA+oBGC>-bIchQ4-MXo&ri~6Yb$UGgXG~F$4qyZv(tx&<<@QU}KQA;U{AW;fRR(+rb
zP%NEi9SO&b7k#tfGp$Unya<#jImvUq2@a&*@j~^$G0BpK2vmiu@>w;}m*9e6MNUPk
zLQ%5r5g9!ij(phLhtXG2sxaW7l?{Uk3>?pl_b$PMYNl%Fv13SC7(;L|6I82mm4+=k
z8nM!@RxohTA#o8y_uc*Os1nNm3%J)>;Y!b@JnvqHDnw#VJLc9=IKPzRfbaq{J+lEn
zs!ne~#39{=-aPn@Sqg1BNYW<%h3q)7KI|)*`c(qvxZ?_-6+A-vy1S!ll|xv7S@3l~
zwRX=j@tUopDM3>zS$5tq(g8apRu5rd%G{QzLfD^7GsnrL!@5YCm?=Y<PFUk6<2CMC
z%rTg@L`~(nya2Ca<WLy(O}@3jNgc!3qb10zAN9yj3{84idtb9jdeKCCug4`f!IzX&
zguqH3)>D)jT^a>Hh2f8~_GlbDOa>4=4e7d#phQN3O<QuVJ3vaD6h~YfuI4%+Gx|J$
ziPjV!Ld6PG;~i|cM?XYG1#5!yZ13^9yT^gMzagV>qyfX?oML{UbZfcC>qlw+96L=X
zljNjF6YG<D2>V;*x5jybvziW;1*Inq<f4&Fdo%SuPQA4g`?M&wNx+F%yVpc<f(f3b
zyDef2b{i&sL=ms6HoY=5)E-=sXAqfxDnv#7PF~=#+D}zln@c#DH3w5OjQ&RAi3qg;
zt>ht*zwjWcce65Ft}Z=!!roM1TBMK{gSi+`&KHiT^TSG@;8*u_JZ+8eS38XZ$s<|G
z!cog~tuW?_k#+NnuY=h8le<pyix^AlrBRJgOM(HBUp=l+iTdS!)DUSx!%^$gt->U(
z;!GqW7whH30FaO8t3u}52Ad;hCf#qAO7N@&Z|F&YTWEx9Q%O!L3_hi3_%(+j&rHc|
zv18_wbTNrU&Q}bs$bwdh#BSNT0VP+w(qYrlyC=4eg{GMemfB)Hwn=vL!s^CqAqzDD
z^RS|Hah)j!-|izP#bxqquqlza>H84Q;5GMdkpPfd0lkrCmLwwWggGJf(19WXs@Y=a
zw8|WqaUU6-{SU!|K(qVJm!dd|mY&M|a?c6~;Hv3c{lL5LaOg<DqeluBxiuL|4Us*E
zM#8C%)=w3r6Esk_N8uk~&~V+-q;dQ{m5fVSas|}|-M$q3l?r_#s5}8q#*?4!&5X(}
zsDod%AyAhCcT9C0wezY*(rqT@**7smLJ~WcW!vi#%c?lwAm#&FrdyVxK#3p$T(!Tc
zsa{q@rBrZ{coJ4H1aU1PU|qRMm7l52tb_un!eeYig&`Y2P4ApU6TXA<=ae90F6_Gm
zZHXLnKXS-p_(f=o_#GPyUUMrS6(BO_x@gBGQozWClPE#~m0fSVLog6{<2ogMtZG6V
zq;skf-HNlcpzHWQoMvOiP@g{%RV-Df26=nYo#^(u$&X>+MZA8WXvSphbvDEGlP-&n
zMvEBKBkslo`~0q9VyWgYnlJur&ozoe4>S`VGnZt6WCK2QKLjF9YU&t%<YrSE5&agm
zRx{Q%s(=cD2)dDJr%sU!m+l_q$%Mo3E_PvKMzh@xxtGQT2gzBVcwj;f7Sl0%W<Zou
zW7yXXN?Rl?iG=^C%%)&!ys9)4P*ZrEL9n2tA^Kfp1CXxhuAP(}X^!7$c_pA(H+G<t
zh*c9o`SXT2O<_z=#gqqK6Qk}7S(K3a;`KXNBZwyhBP=GQ7mZ#PwjH_S99NMbaOA1z
z7NCNs)&+B5wl;4QkxD{!%%_Ifiq{=6Smrk%IJo`P1@99Z(tg;a6}JzF;3%S1AMP||
z!35?52%#CHjb2r)ZrpvDA)_Jkl#-IF?mVF0k_U+>GqrBmrTl4e14P?f$MFV6m#IDl
zL}VkP|E^}?yAgcgdl=_X2VCA3s(9yEdG&|x2G}Yhx?qyU254BW9@f*d+ddp}nNr<m
z;eGe6Aj1p3kN8c7KgcA#07$x1R-Dk&pvGbxjQXKWgd*C`)IDyc6r6B?cB7?0Bg6S~
zQAj6eFZB(@NTGt6X?AMg_-r7DqySF1oe+e42YstbLC0*OyUz)2BS%+&)ad>tM%(Hx
zKt}wHvITgCfX)QR=oUGp9(A!v1Zbp!9!2)#CM=>qz)e(aC#$ip*_B?V*;uxls!EBl
z9?<?POwGZLV*>c3rz~q>RMvRVi^@4(x=#`9?`nrFPHr-t&^y>^S|(X+z@MXUiWn~@
zSdf->aEQFGl#}Dqj%$g$9F0`HROCj#ag7L%gYB37Tj`3Vs_=cMpW<x3P9x_BsYWfj
zp;DgdZ;C5wSK%NYNm309t?zO_1AgeiK2lA2E{YG3<7MFtssu_fCq-sav#7zAn484J
zNL!7Zm6Xq0ib0zp2q&fibrI18D3jq`aeGlr{WdR@Jv0is(=s+fSba0mkt6R!e}K9~
zrf{*378+vnkySfJbHw|~qE+)ALUKTR*%S6}ta_2aA1f=yx_n7e{lSI4Am6DNdnWcz
zhftN@>gWkB_)h~ycB=NTO0baTin3^Dwit63QVTvpMvaq6>})E|QXq(REUYYk1`AB~
zmYeIc@t0*H6yh{R-LG@g@OLmml$G6&S`7!|!|WQMiVW1vp(79NKg^Sn!skXm7;BUJ
zunWaO8JdC!hfs7qzF5Y%J`uo_??*ILe^R~=(W!C6EEhl*ic*}*v-7CH{Bc*gwG^a(
zC`G36%&eXXscBiA<+qdm-P|tk84|g`NGdcygkDb`&W<)UjWb8;Vt6k}vau@m8fyM8
z6rLd^d-I@W$f01QV{&LPPg!z7+m>kKRi@+2x%ojt?NLT_aJJ{mGAv+nNE^vA&sn@t
z>B6gFHuI8e%`wR%f;j`roE&xxA89f-1f3(i<6|OdM_p9KkZYheD1YIu!$q}5tND=9
zCjUf9muWBWhmc>Ea|wWOl-y_U(a-{akxU{4$)WJ^N7TD8Z3N1vkp#Z`Q*YTD1|9a(
zcx24hp+jms5v@VL)gzicJ(ymz4k&rs%=QUf)*)_OqyFS#6dzvedwaax!TtNni;8^v
zb8_I`7g^7BX=lwCTl$sc#`+MyLMd^wYAjSM6uzH=Ch-I!StZ8mo~4$bL!JDZt-JN8
z?XZFCuE*^rF_g#JT+S_j_l6ovqGPC`f{okdPYwK9bQ^{z6k-Kx2{PlwyiN!tCX0%S
z6$}DaNDtPcvOi!+YQ7!!tm$b0L4EELuiKh9qOP}W&063<Pu(@|4?Nu(r9P90EDBfi
zCLO@dOKzFcDiT}4ZHG6)|J+-dDdLc3Vlv}!V17NRP0c$JfD6h(2nB?{U45U*0>7N{
zzdW|L5VAi{Ny#cb`6L)l`QuEXy8(2u4otr*OU?_}@k?v{v_VFUmY>=vUhz7^lKXB!
zL$q2XdcS)$ZwAmEG_XZ+MW`GiUp)Gb45>?+ozauXpd)^^yOz*wHI`f!JRfiu13Mad
z)2=7LIm6T)(~@YnM<C&a5;ebFxc1j~Ua^r8vmh+0^EhgCdpWp(1|l?o&`NCI<FZNC
zpqQX#2W6u$>h|@NYe!I<7!5rfb;U0XPm-Vg-{Q-=_xl?gqoNlcR;{K)5kT&`_757t
zX&(sp9~Tcpp6x&`h5QlPWfTkEN5|B|-m3@$?qISa)LGp(WXYyjp$4bA3{gsLTd=o<
zSW`mWP1_C)RV~PU@52!$t|j^dOW#mTg<&mjN1P}oS2O@7uL;iU+3<;rqZd+6_!W=H
zm1l2#Qqp@RrkvZ4&Royx=&5HwIu1dk`2OGwuk(X>=829Pgj)ZN63%{U&}az1u$*8e
zAjc}}JfbL{6XFM6V43fA$R<o<8?vMs-eem(jk9#F=;`bE{`AZ_#gxOyj4&2GkN@Yl
zutuR`XM((*2N}V)G57cP0i|Xk(q&pw>X+#3w^VbM6HQpw0RhWjgbGm|%Zljozon_G
z{5)EeluasK>U?`DYM^s4c26-<3loqnur(U?0J{xjKRm2B^F!u38*!2oh3ip!m72o=
zs&^uqcR0$2i-PL>mB1t_+5N#w41r`(87DH`?S6!m3g43=PJV0X8hAMrm0n#adMJJ{
z0Zb}F^dHi5<#su~t%cPamh!BAgRd7VeB|HOWPi3c(Q^o|PWE&t#*iW~0*e!!H_pc~
z7D#Mj4mOgY$F^&C!s=k#`MHeF*@LRFs~t+XS7`Qpumv$qXhgm6*bk|>5l>;O5Bv_T
z%-o`E|Hxa(cWUCh$x759TAdb;1|o1P6W?r;pLr|T7s3uP70>o3QrMs;spv|;{OYC|
z-$ltl{umpEl1K6XdwkQx9}t}Z8fK}>wPb;U<1~wz75QOvkZB!aF;!<R9#B%&yRlYX
zjZX~q?=3_{>=S{fhms2cL@KBCvan{`Rzbv2N|N64z9L{AT059hJwLZ{;q}Iuk$tq+
z85pDR{qe3~fR2iBV#J?yy{?>$I9#v)nx-aW;0rDC?_?tDRbI^`mIz%?ALwr3qx*tF
z#;w_zf5M;0bD6g`nHTN=kGg;=v0nbEI$Gvm63i@ZBpu$LZ2G4KKkR17q~@(4PaN+o
z<fjgWgv~Eg4QX+wyy{kRSKxL?jszZ<D7*h-8!QFzARjGzxOY*Wq&n1WBGlV}>;QUT
z+dhIcaOUc&*@DVzg{HGtpH)VE&1&2VQzoPbxDd9mnLI(aQB=FQS2+V*mAXt2t}Wp&
z3T`?}RTaOanB2xC?>)1%E(sQS@cIJjp;&G-)4@uX0A;_&drjdMz)ZpZ22W8)z5tnj
zBFklo&*-y!0;xQgN^t3p?wN=$bONTk8m?PnxYUI+L{3SM^v~Opv|GqZeUz4A8I|TU
z-u2-OZ;l6AHIABIPGRP`>HL{`bac8ww{a|2a8bnM_n>bQ7u9XjIr{n6nl%-vM<=z0
zy?n|$GMi1Piul)%$5Ry^H&$S=Qpkk8h>xS@!s>UI0kK~qH8^E<K%UQ*1SUK%6Ea);
zU)u0qLQ7Gn*2_d{2|g-H+wf0JOC1%$;q%t1I(F;e5&33_Q(?&solDheHg;GAY&%VU
z8hk@}zXE-t8`0IlwQ0y{1HQrwN~<{~Sl~&Bx|T)aJ{F2R-xJWseD1X@&dhRtB+*tG
z@{1}-Rl(*r0+$G8bob?IF1rQ}wOA~cuaRBf@U$w_B4sXuTdOmE1PQQS%loUG&6Oz3
zXLzem!Qelwk1`r=X6W`Cr7Z$V5VY*U_GFIL-0E~o9PATu*(Yc1^gd>^R+X{8N$WWo
z&-~lkja$OnB&?ZR?DNtJE(%h~=JY)FznZ<4rxoe(K0qpWA1R&DUz)<Yz^|!`N!{BO
z{#<Mgeh-_**;lh60+aS7QES=ShJH^$B2WcM@KJ+Xcr{|><UDKAIL4q<lK9BmlVSz}
zkSlGlXu0d0-teW`S(G{p<J!d4xkRy7LpQfu@$&K;f-w6TnfV86z&M?N8s5eNV`W$c
zO=SzTW!PZxYq#Zw?g@*0{Ghl&J<f}YWKo7-H0ap}ZzS+N4keO?<$TQ&WtVPO$zUXQ
zJ?%-e*(tQoDf}>S0DG`%s}2hA=T2=_iYfTW?tW`P@#kmMf-16fknC(O(r>bOk%j!%
z4|&ZcqV+l+@9*62nDrGiUjo-tg#+RK$j}ESpr>g#1qqP<tqe5}QXcD%?SBwk-CgQk
zYj%a%hjCfnxP(#IM6-&DE>Fc<>y&-8kH@$UR<(vkBDd#-EU=i;jk-`!wsd*`dBG|h
zU&Cux@I8B3LfmF2n)17L@slVa>m_M6U|9Vk{-I!|IL|e`N^|O*@%y3%?WW(};`g;0
zlrq`cYhitdt7sc&N($m+kNkVV79i@)d%tCl5eJvCS?KdjOA*%RRET{*R4Ly!%&=pl
zHQ7Fd0S*3{lbbT+9)|**(f2lnb=XQ5ml4o#BViLMj|wsmo<!Y2UmbBBF4g7Bm~AR9
zXdR{tcD!V7u3=_}wn*Lt0sULBdNteEtob`Tfw;IE73dk#J@TLm+zN60W9tn9K~T89
zXAq08=I|HFv~I~S*HyK0XzlR9#2$v^4&(6+#d#zC$8c31L!>~%KiF{9X9G&Rz8#b<
zQN7TX4e{f-fy=frz`h#?O$-8D0sc(N32>&HGG#?E6uQP2Pq?J3cY^0?5rK`yc?0^n
zvvE&XS`1f4T5w9WT!K)2=Z^etv~qq#Mi-~Zq0pD+;jgC}gdop(Ig-TL`8?iV__LZr
zAxWiLwgR9bk#bb9y8U*!q11`eat!%R&CYH%5r*_@g|&WNXc5Yk>|-IsBr^}>Sj1Kc
z9V0mOSZaR%u}MF*u$r1=+s^ucOxnW9FtySFnP1Kn`N7U)fR@eP@Dc{gCD5-RmRDtb
zo)N}3OA>r6kd+tQB1MFP&(-^FkopzRg~&}LHX_E}BUe;o>w|2U26-8y|DrIgw(Ha^
z-qCu0bsd6vf71|-h;?VPS?P^ZUgj-QB~G_P$Vo&;HU4CdSs3x|L74@cJFKuYBJXw4
z&uV_#|9c_<fZp>^(#>lo>Z@qTGl6<?C;t}ON>F4022mNdj<n3CLcc1DfW^FL(-u`*
zQkFx6f8Vt4tS&@%DuvAlcYmbORL*6`z<miOG&-Vl^Wwq4WRc%M^;O0rFmr#gEZw@M
zE`EcTzf0wZ^jd&_*P)1~uNXAyIX6EN76&bVp|0Tgx)?V3M{pi8B}hHwG4kJ^iCo=?
z<rs(=T1L9z`4w}ECQ#QU7Z!n&TuoMFrR^A3g&0AA&#j(q`cH(Oj*8G++JR-ctSJ^w
zdNQC_sS7+$C&Rwi=!$F=>0&fYvP{T#7Give^t^e|0Kbj?7S(5z#9dlN;s8_KjjUiH
z1>Wp8TM%PA3-T(&^mfMAXWj7b`E|MjB-0>z_&~eKbaoX`SrEm^3azusF)*96x!gJ3
z$gzZf0M3;;$(fz|>wN|2TJ@ZFWyj^%D!(ev0gJ`6pQ^wuy-##Cn00%D8^-uvBh#R!
znU0HHW5IpIw?;*IMIw0|SN;L+Zcn`o!j_IX<5E$eJ1u;B>?%Ls-})kdZuI<Et`8W*
zN8?jTK^3%XfSAjKNg2Y9CWOtXUfh51Gr4{=ST>-cm?TKov4)KvE;LPfX1o}&nX$0*
z&fb$@I<1?45A7#jo%ZC)ta6@QsZ0HAk5tQ`se)8z9W|&xw1q$zK8T)q-~y-?oI3vT
z+KKu>mY7I^fmvC5<Xpn%dSqxiI+2>B;|0yUzYL0m7DXW&<TWUda;4KVM}LgPH#x>U
zRu%YoG=WUsHEO<(8w%A18&sfsAVW);V>&!EzYWmp3XjyO<oF)Lz#Xt5h~C7=`ziF3
z-Y|e_T{vToR4PEfk%0cd9xe`cN%=uD)T$)H0c9v1=oh9Ri+o3gEtnao<7!G-Kh^Ud
zck0#W0rYurqB;UWkX$W-Jwsd)<*dz8zZW8YMO4sW5^uHZJ_KCo<4okQ;b0d-HqLS}
zr9AJ9OF4)q`Z+5l+E>s&DB*_QYXU$bZ2UKA%0*OFTI@Y>;oYJ3cKtrZs)xenOud;_
z@48@RTkrB2IZqKEUigA{lS@t=Z_9?_>b$o^+EnFK<XYx7t882(bghHfge6y0mhZkJ
zhkz(3I&vc3a?wXSM6HgR_dB)nS^kN^hs>nr3H_-XV=>>oJVqB=H%Y2kc)$M5NUMD%
zmQ%Djq}G&dLsfO>Y8nz&zK$=nJ_r@~f!5{bM5-6g(2ChaazXDl9qHe(A2_!POKCBr
z6&SRY?NV{yt|HYBDg_u-IXfY<_r5xRm$9`tWT8uw(M|d7@lHY4Uzp1^Iyj$rac%;~
zcmQgqkf?!4$?q5W{-!Iiz981ahoUe*Npwm71vV2xnbx&Z;e0SGQrW5j|7S|E9Jlkm
z6VtO^znz#zg<A$>DizMxH{wi7Io+F?@3bEUm{{<5yAWFIkQ}+2;ong(LJKI401U>A
zb^|u-p&3#@@$l26zwE9CXkliLD>8M|@N^-L2NGdE%^G$y0a^lJVeJxOJkLO@cD`;R
zno(KRE;m0oi=<f#E;Yi5Cgl1GL~wvX-2nN6mhe00YHKITq^vRA{z@tYSo%Ezy!<Py
zLWCH^H|p>^P<Kf;?(y#z<~FcZf8xMcKr^S!;slP;dcl`iL<qYQHMDel+h|Mf%sQ~+
z2K_;#5mk#LnQFo*u7+u-H^o|oqSJR|*WXsMg2El(dVFw!vSEy({wx>({=zZ7fv{rT
z7WchBBtso#d04ucy)f9pi(K@JA??0;bE{vCdgov1;|Z1Ah?!GF66yo>0SmEc<Crj`
zLy$f##DEz+PHyFxY_3<U1<}=4!h1yCu1qtv`UPp+Qqk+dfalppYhpkcq<Edb0Gq=g
zBqp9i)J9HB7{BDDRgDD}4Z5DX7R+DSa=qrYf0=Ryc>dTJ;88_u*k4wos0U4NR7TQt
zDIH&tVc4RYu#Bw?x7Wx^=G(NNdLk$H<S7!r5MbA+7Cv{SPJ)#?e?A701`5`;wS2J~
zL~OKm$c$Q&)h|n1#`#6lA45v9879vpNisNeq<86{?OefKLC8+}Fc|C}0p?^c{DlHV
zSsuSpTb5S7TV2)@9@b5l#pClDmISkfk{IVtAwlPMrQY%tWP*g{t3f$-9#cjYm!;fr
zTenc88VHiRX5r0)$$<Sur_&;TuI#?e`?vauL|7^eb75hzgdK`EW_V@<)=*9ibJChA
zZZM`mO`oXF#_`OIgSE7%$%`n#!Tvy$HCI3Wx#@U2ZTt3CM`aLPsWv{gC)fc$w_Jy+
zU`9r;@)I^7w)C=51Vkl+BY!)KUG+v3(Xh6<?btV299$c-L7>tHdm2I75)i#G7z{)f
zlv+<BgS_SHvs<<qisfR`-BYP*>KCvH@n}}5pmf*m9>sScZ|S#THS(>Iq5c%m%LulV
zP*S93C@bo$*n%%DBFGic4Y#=n6I@+Sw<If%6Dkt!&&O%T<L%yfc<C*|Y+FsN1K(){
zldUT+6c_O5)IAo~5f-7!Kmt6beg@QS2tW&IUYQA2YwRUHw|-wpXhdAj$f{p%3*8)<
zI{0M{yg_6?eIqu@U9t40BXXHvTa4;aRCM6nlPHng*3Wc(h;h9%>9sX`hM*U(A<s;~
z#!t@prWb5K5}uHqp;QxO<lOkW)}LS9@`uUsF|D9N?%v?{Mx`3+7mKp%${KyV>K=x6
zA?5{Alw(8oWx-&D{EwC!o16UaHqHyL>1bDN+Ti|O`<>iW+mrVp``lS9#qork4Q|(V
zi>L+s%xs!aV`asq2J(H_$;oCSEHApbI-K2RDI(ISX%`alKNa%R3yBn~GLj%B+6R&f
zs4SToBfNbj{qviFD_f1}Zi4K(G)tFL`XHQ}^@V7h+B6UixFUP#g1uf=7_RlDBA6vn
z>ISx`d3f&PfP%ol>DXZT1+i5qo+C;XNdx1`Nv)<2ybM9Ha#V{VsP0>dDg`y94<OBg
zkSVpzfh33^Sb3Qwj=1XdS_m$l?B;5VwiX~DT42SzG2kl?`Wj$;Ms&H&WW!V)=nd4n
ziFx@L_da#*ZaROSxQVl)aJ&)4S^;e|j|5P%He1%;??bA=W4+M|>TODpX+#l{WQ;4h
zJR-6u=#ZHG5gsq_c5Tj@Sh`hE$A>Oifq0PW7SxnhJ)s=UAS0JaW$LPF9zK#MF4UVh
z|H>^yoII>b5295Hqm=;-pP$mD(=>PyC#=EpsR2zo<Nt08fxCPOY%1NLr<CDhVSc3t
zxUks;H5>IR!an$}Xvn`QY&tR*;^J3bgmq8w;e>E_|AgDc+`lBtGcG5HsEj)et`li2
z3U{B5Ntq7{`kt>ao`A$9Nb74Lu(wk7*7WeJxKgL!tZ!d%L(+uE1CcWrWa}WGiz8<L
z!?C#Y%W}PIfAJdYk7tXkTVe4rzr-Xf^?K*Y8s!2wUzO%_D=;4EwVVBQp7Qh@<B`VQ
zIeV8JZAnD6!IvVM0i^mW1u5T)Q~cbbF8y+!WgXcU=r^gueJr98#M_F}>~@35Al-RB
zT!IeXe_xc4fnO8t{i-O*0{f?|qflp|)*`Xbe7n;nq%{Q>%8*-s9?YaHXOq;yrXVbk
z*R~okQ78TB;j^9Tv0o7K_+0<_dKb(X{ijh}h+!c7yK4T`G9g98`!aogu5y<+L<4Yj
zcn!!3qXOboLlrbfj0rDRNU-Iey7?PqP8r;4wqv7d7Dw3Ra7la+Oe`Q2vAVbpgT|C!
zteKX*Ox>FotXljMxz=nqcyU}Lpb>@LRh#ZP{@T{jW}Cx>H?;f}ITg!`@L7z&i~v5~
zu8_ohe}abtY4J_Ig)IOmukDH4c32fA)by7FKXJnr9rRkWw4OjIwk%g)n>#?4RDJH!
zsYu#U`H26ZR(XknYA*rj`hY>7+i*jb@CYIBqo#}l<FJ>RqNN`-er&eGr9{k4z?7%T
zU^GD1qE}89%q6O3mHE}u2s%EVW($ldsa^?XRq5?sy<OiUYDt%ju^y1$sX3t{kCoZh
zvd)yqK4Lr2>~|m}MTgH%aimPB92@0ZB_J>^s%|LAY}gXV{L&p;=8J<s;1J`I$%_-n
zDiMDQtbU|vbc2Vm*bxtX+k0Cp$@6~urdWzfI5_c)+cF2xLp)8E`6f>%O@LOZmF*~V
zlG&*+_7-|_nf}{%-HC*_YLT_7<^aHpJap4ii{=;v9-r?N^_6nop6Y2==|oXjt(p}u
z;mkJB72ilO4qKqQzIVcmIS<)h5nn0chS+TnYAxv85Dkh`E8ioir3Ra!E|mxlDl8|4
zV0a(aZR3Y^QN>>Kd4zp$Lic|!e%krGcz$a0E-PMusdLOSSPZ<Xn`iT^&?iVqGx#WF
zx~pZ^2gzn=G2rqBjG-3u-8WV?yqaS4oYPJ4I^@1>SDNs~N4!d0Qa$`-Nn}0wv=*1E
zlZ8wuXdsD;Y6zB;qJ43#ARU#ka4N+jLpt;ddvQS$`>Jg-<XTynk%08Yb{$?>iityq
z)*NyLVN~P~ECuAn_(d%{zV2HrZ&q}2Fva#nupIu|%ie2svH^H)p;u&i3H*yap;q71
z)-5W$^zwKCqUhY^{zmoh69?t6md&D`+&N@DRDJ)N7GX$T>ED{U_bJON&hGy5T)A@C
zusFJtwpsas)3aKY_TKaHfAJctw~oOi1zBPcEd8x6j$-=uFQYPJE_rb4r)OV<f%dqx
zLT`}4{mZH*#pKQ3v}Ztuv+fffq-j)P6|0_aE5ms|POooGTRu)dPMH>a&6>c-i>A+x
zfUAp?yX!{$yWh<<YM&s($K7usrFUMN``?C2HEVD*BafJzFV{8Hc)1mX@6PpJ%5=0p
zG|W1@N)0=yQDaEiX3v>W^uN+p^4|YNNs)RQMQ>)#<Xjm4mK?8D9_^M&hyN)QLr*%t
zl0%Dz`Q}OSlbDTgu&g~Pqa{$y3^~h_(RF9$8esvxM{8aaf<717#hyAW9|u27IcVFE
zrKQ!`G4&-D@fjj6|3xecPH$Ek?3d6=WumY02Yg3L7o0O$o~~6V-Y;}ps0vZ@v$kuh
z1kUx{=KL}aVajjzfr|tV%GKV9gtFv?li2Y7pw01TqY$M(+^&$=Q(4>0DbY80wnSas
z$1>IMyS4KI<yD5@<`Qb2<Y1J7GX(;T=tr*xVAV^J-veaG{p{VT*~xOEp{*Dh|L+o$
zvBM;<(2&1L+b^ISjt_5zcX#Tej|%$e!^=^3r55N}Ej3})r85aqGO1zqvc^-rSq<EQ
z`PZ~oyR(l@OO{+XwK=IZzRKpnf>~n@KxO8A+Lvm8sP<P@ax<yCI3&<<5;qRWDB*dh
z;!6B7$6M^Shx>10?>2kFVT9<sj<2+$y_|3_AoEm`_>X9g91>AaM?p{SPqvd;j4p0L
zRV37)Y>2xD6HH~IGf5ixBvS=7L&PfB!lM?H)vOKA;@Q^bCt1v%m~(cN+<QG4d&p+^
z4Shy@D7887IbE0`jzWwtC{Ff1zf_bWxA_YcyOSJF^R9<?tyi$gL>_Hgl)nDz4oeW*
zyh>dmuIjl1D)F%nlVIG&Q<7c(5QQ}ffu?Bxh;cu>Q)3=?ytMVlCwN8?h)ekbf!MH<
z{md*eT5LSp{D^a3h5t}2VTSjIQXc%{++6R;w!g)`u<#q3x)_*mc;v~BurY-6{bRSB
z?{zNz^VZjpwB0b@YT)UuJbw^$O66TDyFyMw%<+&$0ez&yT+voo<l2CnSs7Uu{oZp@
zom%OZUWH2y-V)5>Rq<4N-O`cI(@FeY44XxX1Tweg6(@&$;AN6UC(*{quEZRY3RhPC
z*x*{-+xV4m$V(garXm-T_K<FXRv}TExFp3TMa=t|LcIXlGQ5FCz>It7VW)`L4t8BW
z#~*iUVQ)L~yV`N-kA0<_%{H)9ZXW9wu9xF&sNjT4Qu(Sj&D*btlcZuYQSxBZ4eYS4
zh^8np4rA%LhLJDRGOQ@2{={jmB0iJ5|4J!JrqokY@{^LPed|FnEwtR@t80u`ADKC8
zD&gOCcl_na#nv|^_gU|dZ`l%4vJpraPT=Sd4E5MaFSTqhg|4`_B7?$vN}0&(g<9f{
zxo@WL+o-*1I0BEZauyZjYlHLN9Vl$NwpiaS(OK!`e6vyxR#+$UrOXs@@QTtYPJK(K
zJseVcw<Qu?QC62bA>0Bq!I#p!BAfX<uS9^hhew>Z72}r&1B_x^*;56Wr9wM$FIW7x
ztmPP}d0q{_v5c}+>Eh0zdJJ+?-=78(CDkC%4g@xS5Cbyb)<~RBdfXUCy!kvNoE1__
zLEEVPQZ2Q+Q;AGZQjXN@K3Kfk03BBA+(B}fk6KNmxsdp|t+jY)lZyWj*oJbcmpQ5s
zN}!3L=IigRtxpI#5;fPSia_^&2Pxnkq;;GD0A|YnbO?`9A-8`*I2RcO3AjTj0#q2N
zRodTM000?4MqEVQW8<R7GlxjZ^Yc^vL14@I;=<QjtDH%v)o0>g3qZz$^clhiLJuZ>
zJroS!rXqsy%b*Mi0gzLXM^3~8AO`UjgTFEw@+O$CH=4_BtZef=xjfx#XzU1ixwj;_
zSz2m!El&Dve_gNJTEEHym*-{vb$L*m6Ju^aRTV~q7SY6y4B6vmCWlrCBm+9}VkrcW
z0fYXvf)I&+SO3#e>i;YFC&R$`uK-#EKKg$kGCE`Q|AC;X8UHit{|{0gr1*aa%4+|g
zp#RJ4{~zdovrh-3LB{^m#fg_K3&2xnX(KxR<>J@+*^1{kw>gm}4!fS@ACxAh3hz>Y
zVHq46?zn&VqBBm^7_Q1CaGaIItO?OB2?0btoXf0Yl0l#3T}z=Crzn5PEz+Zhfaveg
zc56D|{-@u+N5Y9cS;3)(z>-Kk#C|d+7vJ?3<>-EPZRKsPy75(VV6BS`NubhE(Qx_m
zizo#RMH~<Sn1z9;wV}vPY_ev`Uf`;k<FLfcOey=~<Iv9L(9OnTrgZ2tYc3SzLl6CB
z#3@;ISC4V6^CIQvnt*5;wvLJe@SoBCnUEIG<9Gr#o+<=LzL@z#>M3gpw;@fX8$%RS
z>+G|e`TPXSx4ONOZ4EN$h^yh1pc%f|U0}HhOjxSH+8mZG>sqV!z54a9$`4&MgiKEu
zOTxxGcB;+d+rJuvhjMRTCK(FI01VZZp$3_7=W(vmy7g^T(GX*0#&sor&P;~quv!!)
z57es(A=l+&y(}Fbf#ia954|E5BK}7X%j!7$Z=7u{t}X&6W9a{NfyQNgT)+h=RANE4
z&RuhIWOQY~+5JwzXU|#x<3~2XrE5G|kSYZ<I^-hGZzt0eM7z`O)1c#$N@<Lv9A}gi
z4AB6`g$;_oYg9iqt}{(X^igq`w>RK}s<J%aIV)vH{Prt<hZ6E`e`IIpdwltv3Lo`<
zoN7qCwc<6wNo%F>HqkqF-#v32zBK=@YbLM<H;g-0Rk|!8)WD;Qa+@l)G*&q8c2t_k
zh;ez^)o!Ch0>pu*R;h+}i=1CQ{gm9bzC>{Y#v6z6>NW~VSvKL{$Ygc0%&X2)Xk;Q8
zTB*Y%f4)AU8oDdQQ!PyRps^ifUD`Zek>Y!MJpUyYNdIB|e!0`Wd(ubr0d|ig=D8ZX
zZVAC#*EtZKZ~Nb3GE^gmRHVuM(@2(sR0&*bDy7n1v6NRlL_SaBY{*wA4xGonEnB<q
zc|1Db)Rmu$=f=&69+HZVznBv6s<^pV>C%fOif>Rpg|(fnSkqg5>(r{&-%LNds;3Lp
zM@8LnQp=}8*Et?x)AMq?ZWx%z-}1dEvsnv4_n(>K>b^+(u>U+A@AG{hHw#p#8&5JP
zkzTI*pQ+5z;Q+hbD=bJ@68eQlJ)lw!%JhZ9@uDL#@|@e;HIC1PO)kUs!u8tFoM<vL
zp)T(mJ|UjoYa@D-#fwcgz<&E~`@rt_snXSq|EYeq`_<_gNC_vZMc~!>e67`76%vRQ
z)orifjrT{OkD%u)tT*tWR9*J<a?RHB<6+CN{UFl*!$CXE{9XrIByUTa$(Gm(#w;}<
zpXhr~f`*2|H;nq<j%guiI1-qqLvld-mZY=P(?w93`ncmPn5Y2c)osw5Wn1(ms;V-k
z;pm1GKo&K;^AM-d_C8>qR>?*V9e(|OcpCm;_xa7Ao0kpUK?EK`_MlV=f<h692oR<>
z*6X<29yo9P*2Y1Y+5EAaHxXqUAEyyd#Go=+9P#kjOhU?>@?~2BxA_RM_8{yZWH8(7
z+ata==~NeI1D)KMF?*@W6;?QHh;~|O6$lL)U_>RqBnwftBZ~GP(#uH<f!WO|&u*OJ
zD;%}ybSu@P$4z(OmHl<6KFBr;A7FQylEjYQm=c6Gzs3B%72eu+f83(M$AURI^g6oz
z6e;le9=xX-I>w0@g60_WqZ&JK*cD0ot;oF6E>_|2!qDIGQ(W)@EM0rXm6eUbG!u3Z
zQhe~QHVQn7oEtC1xt+z?s1T<AfGvU2(e5C&bm!Jg?8Ejg4-wv)qsT}R{^xn8xsD1J
zPaJ07f9d-lnK$xdq)8aFr6!trdYZxm$vYw&$Zk{y1>LEB_()-e6*9_o){gWs>-J&n
zLblqmeViSvJwBD$_)*Cml71ZZhYQ{PG7B8DhBML8*}-Zo2@zq*ytC^r(@1;BQ*5Cx
zre$KXwqB1}SkJ@iC-J8!w~;I~tJ6<jaD6EhpsW&Aqt{<5N$;t+J{8^@FIX$+QA(_D
zWGq*u7nN?&MIOT3+x<^W(V<r6fN<)i45`qZoZ6%zr$T~St1R-&&wlpX?c|h5oDmOF
z?ZlgdVBU?YImQ+8^kpl>6s2*xy6%4M<?H1Xuf!ND=fcaR5C)LPjX6n_jlb2t#{2)x
zfAs&@LH+%-TYnIiMf32)rSEKRvr>zU#8c`tBTbh?)pIxJ-|@LCKB%lsCHOF4W9a7m
z6Ro~rBd1gfzLX<XHnYrn)2&4p8&4&gY`h9u>puZ!QPUVAfHlnyWKe5f=)u{h%e=8d
z{l!!-R3P`x9NUe{7>{)nBaB=|mC_OBAJvbSW@COn-x30;!<erHSZ<}R{SQxX12A??
z9CaYoC6I@d(*iJVzZ!b(|J?b{HatpvFa77@&$U~oxwha9PHUMo-c8IWLGC2m#SPu*
zIIg?%9n!ZAci2w86uH)BP211alP6@PV^q?gBb?Ufuly&BH^0Rx_B`_rxSeZ-55D{h
z)c;Iu_CoaoOJ}0Fnr;e14y}!aM-U?nLiX25V@Pa^K3Z4`hS(Z>B`FyLVEiv9_@9M)
z80Fygd+pb5^4}h=q6DyY>wh6?VeueQl0OfWf5HBaCQC;i0x0A#jPi3@8}H=&JL-zR
zq&|gxeQI>nSW{C)Ln^51^Je`t`zl!z(*8GUR+h8<;l&1pBnuDk_I!8*LljGb%cVwp
zJay`bH$C!STu#t{gvB5`5efkax9I6IPe1|!uh;b86rzWrMYLONMI$q%$CEh9cK`_`
z@cBMFsbRGh2wM*~r(J@LYlv1vy7e4dSfT*wB&w0W8Hl@(A!sQ8xU)JTUn8?=3-ld7
z>#^YywMtlwQUT&Hv>@5VF`>^xt-g1&FO^<`UGF`cYmaoI2|P=^s<JcUqADp>m)vpD
zL$PGQe|ZWI0}ukR0?Ksm)ngEIYhfgSC)dN)5`sI$nzF+bjW~I+t0@Cj8J{)@C;&x(
z4mdrZO09O<=`fJt@i;qo3j!kIb5uMG5NvYeN$Uc8kaRHRl72T$5c=tAGA-roNA2VR
zzuE;c4Xdf-NMA27-M87TP8*HsNP8}w#4sInk<G-`FvI?>=lN;~+Rqxl3xpRgzkkH^
zkBq8u28}>l_ekYM+$#&}62U9HKWFk>CiHTgri*C)+_~@ymEJwrHXb5kiMHD@Aq|EY
zpLXK3iNOQO>fT$f(z}gn4xm@6KCe)POu7z{q7jExSlM%hU}j+e7rxb}ukvYD-+!V@
z=mCuh*iQ8Rof(EKLG}B)P#%ZX9w5gIdhPjEhpVT|yOLE!muAg2`(w=5@z>9Q($)JQ
zbC;&kvD+M<e`@Mb8@Vzc>WJw5XjNsaImDlB2|?R=;;(Dv)!3N6;Jc$Rm3I*2Ji{Oh
zQ5LPFnjvC$Ud{1(*I{`sH!MI4VjqRc*Hxu*h*GfF0W%H&(M=Q2K~-7uy2f~a{pPo7
z-)^t<^eSO3MBn>&E(8S$ay=axhvw-^^`>ushyX?4jfs9paoZVXRiRPD{BkkSVRh!y
zbRB;cYIutCZ?Dw5-FXJjJn?fkysCUxG1E|?9KAUEQP&hSK7!!GJFyt1>M+ZVd&{j@
zI#a4@+N-}KhG#13Kt8NKB}|vQDaLY$EAlVv9iObi12|M+k7jUKR_vS9GnB5he(-v8
zVT*cjuKnz2$-;z%h%U-}$xxPsFH}#$mQZOCA7qnP(`Z>T`*$+?q<U5Z1K>59#-AM|
zh%oevrdKO^ki`W3L~po(Iz(BPS|-h0V##%gg>xvwHm#H%TL}0@#)1i(ek9~`PBXPg
z7ijPId82eaGl6krc`SlanzG1(FvOB|2apv3F8(h0N6;}I-K28zp^yn@=M*XZ$x`og
zzGwZm{vM$xQvQD*qy3(~KCzN3g(FvU`y79ONKReKe&c`MgKAB+Y-%yXAfhQ|JJ52_
zMCnp1s2HNE&fu41Gh}qql-w_t>}3!7U;_=EiPl=6b}UuKxiR(RTjVRKWRe*FA!#wf
zjKPv7Wm<G*=>H9#^hs2hqD6E$cXcXQor;{9lZ-rH2VAg3I%Xjni^Alp+#QbhSAKS+
zIxW;{9-jy7=0LEF4zg5qD3+=hq|nGSY%QBmtKF{5y!rolZa?3Ej^Os(WAc+wS?09)
zR=bhuZ4tq9;?|<aln$yDI1%(BhXxLCTdH6^=bfuZv&hh|#EP?}HmF+bXo9B-yilM9
z9c{F1<$6xb{Dh1`RWF-9Kd4Gw8eW<dubUXB;`p$m$&S;)M1fB0t28=gdAKOC8{faR
zVUS_-#bB<FrVq6jV11l-1%GWXv^hUs{kJ2$_h!@VKdz;_g)SIlR9J;n7!Qw~*+s4F
zKfNSWObgF`t%%y0%=%1=0tfK&A1|F)zsfkV<xX(5(O2=F+{|>Jsxy?DY`a!Dm%(F-
z4x?a%1!_4TkWpwXB~_NW(EO|bCv8FfH#=v$tZV#{p;?)bt)?G@w&FyeIhivNbH0+(
z|8&eJx#F@VoidjelAFn`KgN7Wn*%a$U~-tf1dY^c$}_AlZkL{q#!y5RB}k|cH}rx=
zY<>%j7CAL2Gasibi^Mu#@wT4->X>Ly@2sTX?Bpn=2mlUj|LJ_lK@>~wecPE!slo`9
z&dKCe$EHRSQ&<clQ^%qPiirj|vo<l)$%QyBW|e;RH|{%;3QbC%>e3X2g;WwyD@(yZ
zGwB3mpb1mG%NYv%&5Une1?>?Uc0Bs~3##6YuP2(vH1OKt?6{B6Thoq8PL8~p=*G#0
z>b2;Btk1{Iz8}9`JokR%5o`=WRos1jnP@OEZv20Ed8??nx-M$7AP^vsU<r`m?jBqU
zcXxMpcTeH&4grEg;qLD4?iSn~y7Il<|5e|1k5QM58i!r`ti9GV=iHPlan?3@aUd!T
zeiiJ-Ohk@s6alrNo7GV0Z8hk^AHrKsw~zU9w8@1qmq%#dJ0%LXg<EQ3$_TQUdKj>9
z@wk0Xj*89QiqDT1=eqKOB?DJSe{w4yB#b6gB!Fe$LXwZE^1C}@3&{pV1DIPf_2iXC
zW$`@shgN&lGNy9vCkTZAo!>AEE85HA5icLMUK-w9<>X0cn7#>f<eeK!G@&HO5yAit
zA`qcwP$vUWy4h2L8ei$@WDA{@bC6HIpIgY1(Izt5d-eLW`$32SNhrk5t+@A$H?-#c
z9#b~y{3_kBKKli5Qx<U{U?W12sP+{XcsH7Rb3FPOA-t0(Xh=L@YTFa``bUcj3D4aE
z;mNtceq7DR!Rz8szhXaYsNvK9X5<6T496a^!)C^Fs0dp3ej-q>Y`*Eg72!x7mO6D+
z-x{LH`gLmIelfTuQEVr{mb6HA0QvU#9pW1Dok!C>Wj4(L*3fP{w~NEW3q35Dkpop4
zAP1}4jop~@4^=7wz`+X({V8#RS;@`qIUd6I&mT7GwS|+=5e&`smr6=twnF7nDL%cQ
zW6$eWu^@173&2B#jaIY}UDIc;+V|D75<Yaw?G2eqVA>8b(McHFzVDC%HgPBjgL013
z&OGWg#)v^L?;9LM>@d8~x0=tS!ytC*G^ts~8g@D}vkS2@)Z|Tcd+I#{A1gNoyp~1T
zt9V1ho?nh4Uuf#>H}0eGJ(sJfiwsbWl>Pl-1|LBHe$pX{g0?ioYpX}Fio{XDe*REi
zn&m?AV17|r0ruWffCFirhK~ac8zY8n?nprj0_83l2*nzAjk%)pk%4-E)&At~;-KEw
zAnHquc2zFOCaRA*ld8}6FYJf*bE>1{s&{4Rk49bswwW62+uD?qiN}F01H#h|`a%s&
zm(hu$Ix-Bc<ItcDBrf{iqp@1fO6nWh^hcOQ$>D-=g~=?N%Wo~yx8eP#>^&EH;$PQP
zY*i)V4!g*&e-YymDlIq*$MQ@>=b9~hRNnI$-@jFzCOca#C9Ktxw%s$PPdfr1@&rFz
z2HPC{m4hevqd+$tHod$K3n1s^8rgEc9J_{4g{<~lgqiLT=>K7fa7;Zu5Xz7eCmSQ@
z#_BPr3l_}v=|$0mQfS4DGA<#35L0Rp^ElVaZxw8OTu#)hmWXo-7!-w3*^&~G;@Z*3
zib`p!z3s(|O{JmG#G`r?11~3vu<oS#@uxR*>cMoES`+3Vl#6iPFD-bzTzlItScc%^
zqLKphpmR6@A#&GL6g2V#9@O1WfUw+$nbHvu3Lv&VA*oCQ41;N7)nuSaevrY48dRo&
zn9ZSr_5Hd=y=OMnyaZ+w&J{1&c&-|01KD~d_0<Ff@Vm*=MLKV+mXvdw8VB>hWpN(}
zL^zJSS8_*vmK&5#Q3(^Csy<qX_cnAg`)#{cut#O|zy5Bw3HCq>QZpIa(wH}-6w8yU
z$E?HA2S5z{RxL~oCFszAGNq>zv%1i#Ed{~`1p#SzKnfOiR$S#ls1I%OC&*qKsW>_y
z0&>uS%&gB#(#sLB4B52S#v9=UT@Jhr71`7QfPbt6p5F_|@YB~@x1>#&`Lhh=?FUxQ
zGg*vQFTzcwtf^!HKN|6xcq%a_D1rrRTb+gE@99O65p!SrP@%hHq@|jpj*mPHj+3H9
z?{L<9%z>mAH&xRgJgwE^PD^@ZnPWGh;hWC4hAzchIMNq=%)<+CJ`p|9C_-vPG(wl^
zA9KjDi-V8-_e?u{qvwAdEQ!b*K#(dkL9P$=TZ7IxeFY;?E)!*Yd5%-FkY#N$5=JWd
zRg0rsWmFd9I$m<NLJ`|Xi1@ru&8huRwMBzBM_09<pfE#uP+BZ5!`eJubPEA6JqOll
zWJCl^;862i)_&%L#RQ=dhM>eq&tO+rv_XOkh-}7Xpw$FcC+*N3xRUzw#;uE@w)3hN
zZ)Djs9yv4u1b}k9B};a%jL2_=NCk}6YiZ3@jX##Vg|5hTEXUQ*B~;FJno1Idiu2m{
zxXZPKmSkU*6Wd=R3lT~2VX{3Z@CgA7>LGaE-0uO{W9w(L!kB;VaBC_3=UTo1x$bfq
zF}CKyZ$A?PI>8CJEe0BtS|P&!cxUyY`DZ|x5hoij>xM(Ps-t&B!BKy1L27Ys^|dhS
zpJ{4NLut4j&VR&0UOPPFXd*g2@u*b{@}5cB7z~+8M@5^Z*^nKeP}_g)DySQ>>i?Z^
z;{6lTo=Cit0~LB%^AK{*oe8tuI@PKtpp6Ft^iW+h2<RA%vBJztGEe94MmT+rS*E%K
zn<{+o7bng}n!v!km_WaFx~DB*M@hp95g%l3T5aZ7*;t8_vZK>unoyEne_!OQAA&G|
z@UqEgJe;??=wSHR<3FDHFn-f;_fqR#hS>$fnr!*^xV1Z$>UDUPpRgxnWk^Oz{$sXD
zekB$n-5JcVPZ4-?`?6Yg%`#!RlcAdF%wc{g)T!!6;oA|k*5&f@EXs36!a1N%UEdA)
zH-r6sMOLa*;WDnPa{T*rLP&;63Mj*VU}EiLi0Y#}ym<*T?i)H8Rr<cd#*t(f7{CIW
ztSnXH-~l-7N`DgUz6c1}dMIyb>bmMn)}RJuFzQe|H3?X|joxu5$xsF$0yp)sSWU<F
zt#Uam57V5M=I_eWS8Tky9@bi-@Y$8VKxd5=E$GbM`RdFrBupX16h?o;C2#$E1-{JC
zEwLLHQxxHO=(R%;Vmnjofk|*Ud%wSjgOA-w&~(<q^~3RKMuUkh8D6P3I)9kItVz(c
zyu`OtUN9CXo1r^>*2x5og*U;HrIi$?(G4*{b;Ba}blzLs#xIN)>@P!l^6a7iR_;fZ
zUxBY!!L&1}RZ~-4-lel*p~jx$oJ$yE1gPMc`u>o?h9fy09=hWa1zLD+I+bij!m`=N
zV*t{}a>(RsIh_nYvQH|Se<$nbu9*KV4W9!ky@@u{==(<q<?IJ63suy65>1maWMm-W
zsoq69RoQn+&j%PdsN6hha?n@FI^thol*wrl?+5MV(^l|+y}(9vP=5x`^FWX&P6LKo
z()?;dCGJ!L<Ghn5s$pN8qf_NWuVRyx$VP2DrNJ<ZYVGOjls=a~%I}i6oRKVie?Q1P
z_c3^cO>0JxCYVJQCTDfJ_uTi;jH>v&wVpnrktn|7rI(mEekuUAp%EakIT*vmt)bme
zU!1RAxGVJcm$CrWTEbBM=&WnzDRTR{a#)}NV?!;hl7JZ5O5C`S^6BgZqTy&2b>NV_
zFMpyGJiI(5raVL|fDG2^f2vd8x+Dt72SoR0i2TppSq8*@ra={IP|iOd&x(NE=wF7-
z>N@Ww1BZ%T)#1hC(loiIrN^8+5TrBe*R<u8Nb?Gqq``&<WFnSe$MqxCjr&iJBGv|^
zGZ5@ple})a0zwg>WGVk+PRcw+8*fOANbN}ofK<CC={ZnphW(!hxYR3WON9)_LJT}y
zr+Fvy?AJl%S4*ZS?B=?Qb+}-j=yJ{U_N~8X1rc3X$k42@6?<1_RbAb%*cx2RGg+8u
zA!KADuBSg_G(s&atQeiNXGjSB9Oa9j0u4@&421;_jWJy@M|vmsqExExr!KvtmsPc<
zR~O><wZsxy4~UU@U#QbjLgEQ$7wiCfEAo9`I5552hUzh_iSWy_S}jhs+ft7r+zMN2
z!Pp+A4XIL*NVuhrJscCFB4>Y3WmD!eA|>MzB-qr4ZvLIWeDc~AcDUGv5TFKu12pp6
zgJE$D@rsG?`#O}A-w{eti@$#KKW29(^Px`7vT*66*eCztr3J<g9Y5n$p3zgOo8v(2
z9RQL@l{WYa`WVn;V*@)xIDm}vn`c*$7N=l;eo0k(fGn-x{-!(~3!AS0$&C=w8!wdc
zY>C<DiN~9yI|+!<ojccyzq>t0jeiMew0Ej>x_|9~bVS;<l#--Gl4ykXCuL%!b?s+H
z;7wi+JGYsjr1~VIcA@1J&6(7Kt=OTC*KXdCX}XQ&)p-l$Qh&{GBlW*W7N=)YBB<e3
zt`l!lkYd-qe^rkSR*x4KZ>B?zRN8ni=4rWK37`569rBZDU#B_IEG<Ju0{wBWy0jv{
zoOouo^|xfYN_A<Wt=Xp74lTNX!K+4xy@a``tghS73k#dqj~_M=y(+roNMZgr&=->^
z9yO6#wYoNHm|Gvz`pW@ZG%zlC&zeAfu?)(}=+sFeKf&zE#T|Fd(%rSqo(tnjRu$Qe
zPItW<)9aL!!@Y--?)JU{@Rx1NtG_%U#yxL{P7uLaOmA$0G(A5>3o;{dPgQl)F7y~C
zy8#i7FnxozsN4MI>*6k}8t2&lzPXF+<8kA<Q4NuspgQe)ba_}EjDG(J%5CXcbdi^I
zEljkQSaq|0=V|$96k2v9{^iS~&F6Zp$+?A<oA&7Qw=1?_Pp(83ZI$=5-87qH2$DP0
zbFbb6y8lrrpXGfySkZB~Ue@Z0PPwV^{0Mw|{DtmbU&J!o_&y+tD-kMGWKIF#g(4bv
z)_|6tsi8eZ+~1B2o~TtglB&NXB2Kj$2_Qw-UO^HN^E934oa(u?rUG49(EStiAS#z6
ziGKc{ct!JZvQHlts>+SpZrCo56{Ei#q}IkA6(qLDSme(R{*qUoX)!rk5H7|b6jH1Y
ztob(d)Q<KQu}Q=RdzsVI;I*0JSFf?y3TLx-MLk~#ETju%%w{g14V{7Lb_(By?0>zj
zD^cZ(q5_%ZUe3>XU!QH;Na9tXHe<aFvmfsZk-6m)3K|mXSg1Q*m+Lwnho$*D!E5U^
z$6Gm4oUsfE;4cakBG9uFz9&!jK34bIEn&a%`gG4InM6n^qm)Tc%m2b{w4Fl0s%i-@
z{9V<=+520jV09S{>qkF$LciHocs?;Sagsj|bB<YR)bZBpQs%l-v#T0(nAlBj68Tn+
z>1Gs3Y4C(jkSkG=3{{WuPdxD;(xyy~8T76fNtTt7x{TToWu|@e6`&|7{FYn*aN%7s
z?kFfxY@DwL(QKHTPyi4T9*MKG)Fz_w$A_oSV5}UsAW`e}*9exS5yHGge)<opk6aB)
z2!z&|Jct=w-=5Vzd)Z1nqd@_}gh)a`sOZonq5G0`w(l2*;aLkCbLMCQt~^Xvp1zM4
zUF6!#u>>#_u%U5Uv9Dv8Sx+Y&yd{<p<aj)9;=;qEa@{JBBVum$qjft5`Q<2Ilg*-8
zpM;h;UOWYXHkQGorIzg_`>d4CvL;gw{vjTj`ysDoKvCQh0lNx@5P$-!1y3|G`_o8m
zNNFH)TreSRNCaqn*#jrdb_0tEQELD*62oEDMbUOlbr;%}C=h8l#t{kJO>{uYtmw*=
zSeztzJvZZULKRLV4n8<=$yX{gG4GZFYw-*fM{4=&7E1LXU9z4spNm_HHhAt*R%u*Y
zODCq<l^~LF<R;YDxn^&T{Q_fqAG5Nc1xk^+KhZ!{oe`5DHRVbKgg@is{XHJjsw5oa
z_$qk@_wE8juci@>D-!@@d;mb9DCNFC)%i;{umaDUv+9#(7lmR*R#11q*r+H$IZm#1
zZTHCZ?#C_X$W2RAQ%V#Gr7lOx6)k!_%SzpHqoAiI`qPd3MnQNGVLVA_RenTXicSkb
z0>F=bp(RdfOzx|5m5c#a2!l`K|KkNHP<1@+^Y5*y8JabC&Lc-dq(cyuhxt#&Bb7v%
zk&>w9&R*50ame`Vg`BpdZeaoI)J_qQNKbV<w+f3nQ#5<nGx>ypE?}0HCBc>${y4|o
zs2FX3phyn#Ln)S0k)LCpy%7lM6Zwh855tFbNwF>8tC@!Gc^^$i8;>TI5|%Ua?z|w^
zPC^0I-*xXL$hN9s-Mm2{KE2T42~it8B@z!yMwWjnZ)Z5tS&`$USKi}dsV!_=-YsZf
zG;w87CWY0XzAlfoCEHk&Z<dxMP_u8m9@%-pVS;kN=JLDrXIFs$f@&cIRMed)Y$yQg
z!IdGBz+n(0u@okumvh@V`8^0vTk5W~@k3ayL^WC<e<tzwf4qG`j{pi{nF9Te`wBeF
zrq_lD0%_-3fQ#0&^SOOX-8d3Q(mePAlCtCZBi|Pfrc|Aio=MKpU0RJySF%f;RFA(x
z@BlH>>XBQQNV~8DA;M@P8OlqGsYTGrO5zlYoKYwv<TQR6H4F%0Bw(m1j6s9~$l?`$
ziDGZl#>gkqb;4zv{mHTN$5t)5?J_OP@B_M~M;X}VZ(~Hvrg8&#2y?BVmTbhyY85yA
z1}X%F4;~>;OgT|lQUstK4}dr9E@xDOb=Ox`*6db~q*)yf%N-1V+mw?qcK5%{H057I
zf#KNbQdZk-B~KkskPLj>jXGB9VMwv9uNk@ing|Q<10^OHx#y$vc~k{~sTbmk_liGb
z=!O(vr`gO-ogG|ck$@90KKi^8vq(p)%1(HhVXOoY@By@<VWF7Ou9yeHXlcm^`9fnT
zx3nI3e-#f*!T`7@*qqkvWqUP)QSrY!`+6*NuC?@&e`+t89K)XO@HtMyRdo@mzInm+
z@OhkE+`m22<(6ySzbZgvt9!fZG6aCo6s{rYJFf6)lta}hwUg-1pwFVUkeCp(8POu6
zHt;?%9y1`|h)^hT)qR~zLw!?Agc-@6Lqm;-8w8Pd{z3B8P-J3#$gD7aJsa(KrbL}O
z!}^LM0CO;B@k$X;ka*UC5<shTn;<dGlmwj?Ml6-$)1zE5&LodDuelwD&qF?%N+V{f
z?F@xdiOb4*WV4=-IXX9gV?wJ)r)-8|zZOHQ2!)b>LRY{YV_!faffZyw$+B}(!CS?p
zy30(=^i$<^h{to|Vi@e&W|)p&Y1!a<!V|NDW7ArK>-YCZB$la^5tD`Eyn_~=%(E0q
zP&HAo{_Mk~BZiA>T103F!b+sxx3X@DX$6y9k*mEvTKX>8f*;xMABa>o;NbYPEdOm-
zA9Qk(?By!P2^wX}<jvi_dbg+IxeU%y@9MJNIxiI^k}3)VE2!5TbC1@z+6bOh$csZ&
zxK(L`L?o3=&fdT#!!H!|S=q9V0*QD=>9h9LD#NGmq(%dYw1taxD%Z0|(*B?rf&>TQ
zF9H-yEMp*Ji@2|7pL8GZE`Z*T_RKjYVNS1icS#Yor@1B*h%H=Y21AI%^E0VhGvxr%
zp+A)3PQ&jA`Qi2v1+{TwW}xm(J7aFlvXAs?Cjv)G0tiLPm>h4cW=8q-<C=iKO8+~{
zsfTAB@7(vXEB0a9U7xzeoyo%Vz(W(YarPfe6VW#Sov^xkeW-j%iT#QutRdBZ4tr{P
zpwoEQ?ea<vDuY4rkZ$lG5Ou~$eZfc~)VR3GVC+6m(?+WXthxhD!6VO08zG>*0DxTB
z$$*4F7^Gj6cIMf>GoKrR4xJG5{%}qloHc|lz*;t9)kct0;($`UU#0_o@Sjjp_BggJ
zyVqK<=h2=)L->WZ4aq-H<mMn1!vI)sG}pAnyZR0rkAo2xez7CYM<jD&pNj})!xH|k
zN?hi&3HqO=r`~i#A4STr6Hw|n5}8{2p=NwLV#&qWW(zwwyMWm==RF|Y<GKpP?jyCh
zv)XdrN=;8fLAI=*lsNj)>Ju*D1gKOtN2DCf0jKQ$#&VRiRSk%hqQdt)-=qEB{fMBB
z0h2>B5=T-MLRoEv<?&TGYDZ*-lokXzW0;QKg8R`C`lJTATx;_cExuM+iO3et?&N*z
zf4HtVf2?_LVZ8AkD2L_OBSF$$AnN}URGS9yJ56R8sTP7?a{bLmNxF+e|1<8Wx0c$z
zMNBUAzfr2Lcfz#X$irrh7zO~55mMb6-3pwvxjr3y7Et~=CsyY66$<cE0V6bS?>(a*
zfnW7FBnyrX4lp3vX8JL#MB)`dc14);1M_c|XgGRPQ4`1QQnZe5kMbDIB298>zM}XD
z6N@%tfFB}Vc0|E&!nEnfH3g1pZGH9T^IwWP@sGbD9?996JuP0W%nRN3W6ig%9#xk*
zO8H)BU<@gxdFs%gI=$>b0<=A@in9<Rl~Up7FBk}frQOTa`w{;f0RPlXm%jsO4?48#
z55SsfMPL|&*Hh-3>JNwzE1pOwy=#r7%l|+S<X(90LIB`kJ0SxVS$`t%nSGKs${qYo
zDJ0LQXx^K0AbKg>OIR5MhT}hMW?6B8!6e|b<9){85rC&qg$Cd?kc|lC3Mrdo36)5&
zB>w$TJ{RyR`_(!b3TnJ*XC7xjS(!y2Yx;#h|B~udIoX8O)?$k<i#@}4`{)zkLU|MZ
zpp_ddfZ%{QB^JPOuFfw1m5>0WP4``dh&M|(R*@~NQ{yr0BXcG>Xq<Ww9*S`Bre@z5
zR5O>JqFvI_6pVtBJO1fuNkKaR@o6@8_)b#O7-3qx$zp*WnQncRP<*#@C%)re6<HM*
zS_n-5D~L|A`uusziPwwO6z~%caPcaq7%D^>YBx?Ks7kB2?E2eo3RYTN5<}qMFu8Wy
zskCQA2C+SbWlUiDp$INCZDt*0JA|VF1N7u?`c=UP0u%`^H(C1ql=%iMWs09VwH4t5
zXntq~3TJ)pWxi1&Eq^pXDA`MmRE*Lt&qGv}PDgEl+}KN*SR{0;g$3wU4oGTX=0_=8
z$3Fh3F#p`{3fBGt*nH!849&<ZnMKyWaLaEX|G+1axJhrbq3R4z_`4*`I5h)t#lAc6
zFGnA-6_-4gJ(aw$G8rO^biAWGTbP?<O)<r^>f1qa3m%1n$M%_I9EkutW`N^aBVBlk
zF<Gs8&XxeYI*~wU`GjT5+ut*a-JZNVdY4Fg?^1M#{qP?|5GgYX8qFSHM0!a(?iHxi
zpqxWRRbi4Im-xzG2E<rZhbSt#XMu~wdw-R`Qx;K3@U-D2E0;Fe*%0FzidGM;i;^Qi
zVK@v#R+~etD%q<n?A)l7)d>t})g)X|E1RD`96$p^$XmVE6G<UA!h{n+I}zzx+Aw_;
zrb=wHec5F9+teD3$ON0~K=x-TKbDHMXdFT6Pi18?A-PWxg1X5LE9bfzrGars@16%$
zmqYLjreFW($k<(F!j=3zp$ScZfwM;h0P$~f&T(FuHA(2x4l3dP4wOKzqTnQrxgWLO
z<76%4ML@roR+)vhBz9+EgZE+|;BSMN7}}8cx*4k12F1jxi5%(h9+h?Cl-4FKvJU1g
z!rNX1C^<RR5=o}#<FL{zDFZ{r7pi{>7ZC4^Uo>K3rewxGqlRxc*HuwIHP>0CHG_4_
zIr+snRMmUwI|iRtPZ$2grIEycko}6cqze#$f;n>$K-qnPHPnwaMNo7{P)JQX9+g)V
zg$GoghM{!ZmpCg_^)uGlVW>VJ@oX*6xgP^ip#_vi@*BsyQ#BC)UKRD9N=L?TViZb_
zL|&oc1VSvDW>=TnwOGyNbhEY<L7kmqP8XAIuBNP?QcF<!-B3{b)#{oP<UUKlh)oke
zJF@Al#E%_<_^M9q2;~JRNTaX=b7Be+M?VoNDcffhPuC@&5$YWm6g0HHb#tBb)W7TH
z?2E3Q4q?02uDMAUlE{k_!DWx)b1UIsU70*Z{|EENc~qDZvGG%76DlbjPD&KZXUz#y
zC9?O1^F4?diK`Ek)BtkDU(;8XNyT}uqfiAT0#~W<MQ0?I=Nw)QCHl0;Rvh-BG9~Lx
zwXh{rW+B^QQ1{h-fV~hEy;;V17=T48xpab`?Qs7A-PZS4#j%60?b9Kjyk9R2q~A~o
z1ILBPsv@x75Tvw~O9Nuo>B?((ZtFK%#gzRR2}cr8E<W@(Ew=gADq$GLuL}{9_(4M)
zx&L_erx54DfBZI$O$I=~#;9TH9*tr^%4}LQ0r-uLAVE5QEZpMIe-*!Tn#p5&waPuu
z)2>>Y5MJu_6J5ojE5Jw|3&UZj{8U>q>Gm>o&mfCYWMB4D7695DQi{(lDQs2s8V2*s
zk$*Yx7eo<3lW)*nz6ys6(+VNo<01uYr}E$Xi;CDZ75i%Y-W_f-t}#d^5`?L#iaL0A
zJno`KqY!|^l&-knd+PvO8QR|Nr9wSBdHk*|qfJHbC?Zw{(>%ONOj4!!>Tl!G(I5Oe
zxmDl;G7j`;Xs)dCe3WT7O6Qh-<YR|64lk%{27D73tY-Q~B6lw>8JJ<Hnyh86A{8td
z75%0B>QCimxmdRpotqsY@QCwn+6pavN`a7#)xpcb%gDgW%^}Mdg6tuFw?{1^{lhq;
z)yvz$05PTEcKph8@Trt~4e6NyEg(VS{jod`btfTigwDou|ImmIAA~B2HJq;77UlSn
zPfGD#CP5k_ObWJBnyY%HzFsn6rQY@Y193Evqv?FAs_j`+d*NJtrrz0cr4VxOLtkvX
z3Ur>{e=gBd#2E>?$F1tbVH$N}x?d+chu)&Wa9$gl0?0c%2!!Z)JuC|x^!<$S);7D{
zB0*8G;SJ(tx|U!bMqado{c_@BsNa+;RMf+il9g#CX(mJl5yI>Kg(oepk-MMxv8uAb
zH`qRH$bNFowRQT?1a~|-uWzzZBuM#neXUp1^`du?iNpQ}!42(tr`Wnn=)$f0_Wchx
zNi=ATRmHlV8~C~yfiw}lgKF(9)GI5Q?FO0yQKvlCr?jtYN4{^-aQFCEl%Fki^vKYf
z!CMQk|990wKgJT4FT}XOXc`xSuZk<K*)RoE#!=?`8x_%n1x4{N$Nwlpog&+A&IR>8
z)hUf;V(!2L3KFNC^H9@q@Y%QLR^4teYlkBEThq9>-K6ZkI8UGnphz$;B`whp#~Gy|
z2!vX5@uT#UzrVbNW^b@z1-4o|+xnaarY{_4(DSS&C_Kr&b1<+gVL;P$G<shb+~DeR
z6_qHAA#dD{OWJl=TiRj^$rHdZ^ebSv-%4_}UxXernQO}*wtq0Rd}dn1MG#0N_?m}K
zlbO(Qza#p7YxyCL1_4U`>rxbPBf}V|gvxH(5Kb#o7*g%{Al?H$YJyVG%kHAUb@R`f
zU#9JeHS8=W0qOoS<oaYaW97FWs1XRGv?Jr=<{>2eHYl99*Yl!j6KqIN;m&@LC=se)
zK{6@=vZB%Xuz`(>r=|p7Mj|e~G~bWUmi(#dX{)uQpm16`5<;qTDJ+P+_cN47gvFCS
z6IcC~Hu$APy*HI(_&JHk(!xUAIL+h?1`R<lE?;9TJeR_!h4L2ZrkFUf-Nt(ac1)mi
zPqPNt>PQfhbk~~&2(gIdy}j9`)>%D&JlP(j-Elv73l6Sm{38foWvn<;PJihB=4`EM
zYw2+->AC*)Bu(!*rJ+s~Cv?xt*-zxN)OXsB|0SAHIZ;~h<*JJ~`)L~;2TdTO5@<++
zB&ZBgg}!At60)1-3xL~2zaz}lDtwM2ChV;%txHpUPl1r)MiR{(h}FQZA7eGe?4N_S
zn@I2%JfTZnwch-f44(f8bvh_hf`*EEPr;{3cBQ8L6!GtPVoYTfVA?59gN{Y1n-6{f
z%;^${Mnz4PpD-$m@({S%`!Fb1Iq0BrpwcZP+-u>n=^1&W1;3?44K|dFQ`#VFKi}&Y
zbwJPi+#F0Yl-c%LHS)a~Y^i|)(~dv7=N4f9bco)BU11|jI#-|6yZ?D!_8iwFgHF1y
zAa1#8XM9p_i<Ir2qt0w4iFG6V%>BYmQA3ur4wU0mr<u;iQgI}mia;8sHivM>!#Nzd
zSYOAis)w4aQ9b=2bh(*xY3t>yXBRP=3eOrw)Spsd9##VJMp5m`cjrPN*ERI0m>>5F
zihx*kMy0}>1L{8gymK0RK~f@T@LCc{aZ|aWm0M-kPFormCpQ7L1(E)bf_#b+nh}r!
zU^7Bk{?Ie)c#&lRH6Xh~aA|o8(i9lV6AvtCc`nu|OG~DR6YEojQHe95pk#>tb37SB
zP`yq9zXn&ck-Ew^;kj7`c<aKbAH)D6Rg&}P-Ynm@bnM&^U03Ic!gcbum%Qhf7==$>
zu{)ha{FE;jXWW>`Uc2?D{Da`;*3u68*U7V~w&*BVSCVHB#V{gy=z8?1C@vdX3tLH7
z*8*HN=&nzX)9pKZQW_iAYWDB(Z%)VuevW7J7Gb$+1?Fj?7Ik5|#Q%XUN5OxPFFaB;
zTOws>=KeT?Wm|Z_iOf=U*rjf@@hYnOx5Ah0!qdz8EcWGVb%p@u*fHF-ww_<2*g(dM
z*UtN$+opWT+k!%rI&74#=`6jIu~I*?X&%k9_qKN$?e!$cWyRHa)STtps{L3h`(i<Z
zDUEEA_l1m)fsBF_*iH^)wcmi-a6amHUP`jsUeIauv1_b;zg+c3{_M^>VG;o<E{ONg
zlq3pU>=GodKSh8-5NvxI&Z_V}KeBz%%TS;K6=~L~LadZQ{wPH8LvC3I?sz^BBSCdq
z7az3Iw<@cuN<ej)l7#U3MYpP>r6{p*lL}Fcp34rxOo_@5MDi5bJDLU69*)l>Ddh$%
z(&R8d5Wec@q?<KYT?WvW<j!-`BlU=ENCEQgoQhl?QeO~l|3(t6FX^}0nI24v?G65x
zgwOx^WlsA+LrFO_mtwxpFn$Z!hm}I|rTg=D=A1tY%lnZ_kfW@_&al3&&&+l%-b72%
zUlSp}lzDC=eYv*kF<h7TA;02Fzj6zPlNDrdNy|h$w%cL_>0?Dy%>ena#27w|XZ`09
zQ0(r$`B>a}?^Q7$au!QcT%O1E<+qldjV2)i_6Uo398wSDKeYp^DyaSfWim>3OF8tn
zra8`kl29MoeTu~VM38k(ZvmT(!c=b1<{cfS-O|RBs8meTcC*i7t$uXbBV0%ZfF~u;
zgCZ=YkU#;=aP<?w4}sSnJ@K(n10a%r@gEZ`2UbI;S~AY%GH{fUt7&!9(Bw~!#M#^s
z--q)%uj63D$V1hXb>P5v>Tix2jvM#i4U>#1!_b7MtPmk=8KOx1b3f;kSiPtU40S&*
z?PRDFOL4|qlZ5HztLg`$gq2t{+o%px8}A*(>BZ61P-yI-x%AVhFtOwtsA5UaFr`YF
zy5jE;ftTytKEyXJ5TkERoN=sgq&M1m&zB2B&}Y+L&=-^~<_~iOAogy5G$OvyVu%F{
zp~r6iH~>w7LiC<D;rVE-M;3=}_fy?a2D&hfL95oK#5Z7=nq`gqgV<61iYu_TLIUAu
zuC6RvU|(?rOorpcHAQ}svAl%oe9nL6Lm7G>GNuLg&LqZGV#w4}!2n1UQ|D$J2|<Zc
zt`+K{#Xs}dlV_L&C`y*sT2zt}ug&-ZQLHo9Xst7A0w1b7BK5Hf%t_NVU}Kn(BBCbn
zCTcd`N7k|*R@({m1o#vcx9fq8FCDy|YnnPUD^o-WP+Fs_c2N13#-YW&+r1SaKt5>l
z0gFjK<n104J^SIsAMz7@6OfZY5<EQ?XEQ~2eYwxsc$;}f=Gj4oh93Oh@8X%IN`qlY
z7_LhLA5cbR$Ax)yLJ~z<8FvJ6?!BE+sH;fL1k|W0)uT3<Xbi2t-9n5s?dP<HGXn5y
zVotX=BVkP6_7^YatLF5Q_UB!s7Y0OwbAx^<Vis~1Cz#u)DmkmO-u1C~7n8gnyd$l(
zS)SbcJa=ol+%fgHaK`&SMOoW=-S)$|MnmS}hxUOm^d^9jJEw&!r)??wWetjAUN6T8
zNq#uJ6!3ic?zrOY#7fpfr|9?-soi@Iadykjq@ipxVEQVm#Cqi+@xM`%!;@qN^7Ibt
zLm4P2-BJZbB$=gJFwPK-jl^TYCIbhb67zb5bgIm#InOilr*j**)4Y4vC|Vtu93qoq
zC>Q6%_Seu_kI|kQSzNz4aC`_=6_1V<Zdhx7PY1H!^{bX|*c%6<#E6^Iw;7*G>NdJ~
zb@MXG@m#q1nAN&GsMRTbwq(H&(MoE95r`ERNS2n=*)Y9zA){+%sL27&t;NQX{18Fn
zqbRwVT#tQ!x|_=008)xG5e7JR5^4Tdd~2u__FobG{LrI?u@N+20c#A((#X)+qjmH=
zK8&dn^wse*p(h7Vh%|}{eyMBPxY}()N@PF|6~_q*qyz=X8AZIZ`f0|~6)>2A$z=Su
z&w@bUZ;G)A&m~g6z7>YLJg4WALaG%Z+ZpFbC7&7T%-BpIZPKd=+4?3d0Y$ziUJd?I
zhwF&Q^*8#zZ8n~swz6r^=C*a5%W(_3GqjCG%ls%z7?%V_K7-1sB_$-{Lh^qS@+HuW
zrKC1|LKK!(ZU+~U&v2IOS_r7aNQOY2)6GD~FND_~uryPQdV~W6_UYlDKs@>@sV@6g
zUd0MN1%l8WN&od4Qke?3004@x;_V^!)b~q96()#vDa3s_!Dva0hAzyHnN=5RCKVG_
zH^>5-xlTcv+FV1tMS%{(k!3)~DojzroM|n=+FVf?ayzK*9!=V{K!Mbn8jJt;Meg#k
zpID}!xE%elO4R@%W7~^~3WVqEbEJzI5^=`)OiTNVa3&Ii;K^6@vg=|JT+VIWr*8e@
zs2)}AX{S?VYfRmg(<6x=L1k15ocRb)5sqk<!cfpKq#y-ofP60x{g2ejY`5xK%Zc5d
zX9sjx5%}0|fhdrOp?X!{0v%tkuxsB-``E)aQ@j26F;@_ZfS+1|?dT2bm!RSUXRpx5
zqs5ms5fr1kG7oLLsr-LgEQlA5rl=nhLDc$H(&bKv6aa~cZ7`M;s1J##>hFBSZE4<A
z*#jlcIvY04Uz;?bKV)f_v%B=&w{bqg7<d<$Hz!JI7T-j;Wv*pQG^vs2CP*k06gOSs
zB}oQ89a()-)?T-Etf41If*t^~yUbm$KIvD3P}Eg!gt~vm7bM1gGZvZ8t`m!U@HV-L
zCAvQQ;%(^b;O)y4uhP7XhHH%=L77j`xC!k5YwI>kr`+vNcrY0|JSjGITi}8HKJa+u
z_QSADfofLOra4wDMP=tc2GVM$bU{RZDN=KUHrnK?+hlR<^HWO5BkLA53fAX;?x_9W
z79c>Ru3usbucEkkWkAYhh{zSQ`vL=>qm&!=FK$+%Q8qE&F2ogVvXwDlg3#k9On86;
z1BtohSC<Wj<x-U7S~xw?9cE~djTbrpt$`coAk|6=G5-;zX(%NWAy!Dm%}>b@Z>$Q#
zA9Ib1M8c<%iKD&=wv4qf>|#xB>&j<Y(fh@GPA6U+8}pd~`{-{*rn=5ZS??lk7fph~
z8iP}hS!Kh4(mXm{0jD4W;m^146#0Ok+nd1(y(Eyt3;XY{e!ayAFaY%&9?cQnDC)mh
z)C&(ySEm0nEF6$hliRDflP6!Cnez70Js0FFZ*xS7T`QCFZu5u-WS3-9q&m}HW>v=5
z*kod6cYR~I9cGET`ub0pfe%om(J&ED=Ck_^nOXN?OC1USi}C)Wvj63OA#4^xOCX>B
z6XX4V$@>1EknsQcqyImW#1nX04I=RTT>l?EoKe-FS%AldoE`5gB9wS$jY`xelpW)1
zI!tvdC)HngLcsXW6|a`iRzQFDPPIBfAfr({KA}m}`c7Yn5KUWU#u4DLo|Y9#p%Ji$
zeJ%ba<JV@54hbJT$|s?24JGOe+DbLmuSB0rK1U(N31M(cO=n>nvOP-{w};BqPn4wN
zVjKx`gU}Uokg7r1N-(4+B?oaE&(qdiqYnpq@22aQsc?B5Q5N2pqQGZOZ^aIz_s#l_
zhwLs#pe>`G#YX?^;FN(=yT*I>#_K}IB8Ty7?0Nfvw=TBjVQu?@_Z2$*dD>Hc?X%+f
z+p0}=TyyYe-}4XWZ~c=F-b;vhlw-#&50_oT?iP<D8_omxwyHbX+3h>BHt+U6O*9|M
zG0z&^4-z$5Z|Y2@zbgh3*sZSac6RPO<2N2;wSCA!O4vSelhI~$zJ>${?;;gDV4~kw
zT6jHlZK4=cz15DgqTiN)xE^$iPOs^2Td(xyJV*JPm%eX3EBIv@286M#k3H`UhW*Mc
zTr^O7VZg`fY;DHdM7syz`sJ1<^~0lp3KW*ug;hp_T8vK1wJY%M9^ZW~aM*G6M=JHk
zizap=dU!Rp*G?xfzb5!4^4{yo_Fc~u@o9U=#@yQN_4)0s2H)*~+C`_Ss)fa{1OO<p
zFll~jICUFJe>*|feb~k4sZiX~`rV`wNnN7pvm>pV4jud_DwI{L{j&C4U0<uR9NGF8
z0W~7HoA-Dhth7;X>orhXamoax2VDN3;o8182lRMX4elGRI33bX?zlU(_3TQD_{0#J
z1RSEhjkNWA_p~_z9puUXKVATpV+((<<;Gik#M1))vpH{f;^N$P*!~?`o6Abxd;P}1
z+@(9qNxiezgd%x49OW_ndTy>ciji@b@}epBk)+Q3zFG&7qSM+_eR}hF|MYsA=7!60
z5|WHoVGmpD6)pLZD!J>!R9g$4o7qCvhXFEEILtInoqM>3ddHtjR1STkk+vSj*#U@E
z*Vtwwq&(#5qE6b?k4rbCQn@dKgNGOY`&4BFvoQ}^G^vZC6HIu_Mpk&u+#-9w_+Yvs
zW@7giXo54NWP&yqCpsP)beEF32(=>HG25=`*WK(*ENY)@nw(GX&#*eHG<cjgUgkA@
z-~7*|H_5WxPipo8R2bvZtD**NmKL9^nmaE#7uG#j79ce#p>kp`Gy}2A57AHkdC&Yc
za#6tUV?d91ml+H^ELCQjHNkkc-E=Gxk#6U<%PL|Qq0dZwN<(SDBRQSeG(1QCgkl@%
zEnOUxX(4V$L;)MU_bWDd^}25@+#8Fkk$vc^BKCpo$`<Z9FR%L!&b=^<BG;2YB1Tr_
zuDCcFNUsawLl%<)5n4nhyS&OEPQecOeGDLWf9WfWXYx-dao7;O0&f9-D(5je7-aoB
z4_0|Ti_Sl^-rA|Dx>*lr3wQh7OXPDOeXjB=bS{TB*0}2|7Mt}QF_9wZyxD(Tfz?fb
z9LL>O>F9xCPFWa(INC&CL$nHk<ZN}Fg@)qUWr14u=J?cg=X16zkDaT}%^0_ln68@8
z60$A3OX;tqF~$zf*2Uc3NhsU_OGgG~Ymt7ER~dmR+^lhD=L%4OC%PrQ7XuS#2Nwb>
zJFDNT8w<^yY-g>ySB~ucxi5}Y7+C|J$HpY=#Xu&p>EbbHSSnfrr-Bx!8pT(+L_HG3
z0JJ-;V%08UG4M*&H7r-f>g2{;9AlUL>h$1DG|=um`fQ17o6^zC9-gjo+PUxAw(T;E
z_SL%_(k4Mc7yeA;Vy*PO&jfZH$WdlwjvBkXfl{o`Um7af(E(%~_x?Z&tAV!7oVc~-
z>v`;owd$NwmP|%vKLWeqc;XNLeg7(3_nu-qPD9&H_6AoXyWUl>?_(A{{x5L2ZPP6&
zo6hn=stlhR9#8B0I==Tk<};!J_?&=HEk(!om0IU5z#6+ngIPjt`147}eelNf<yn=n
zw?pdE<^IB}!MiUvE(^CQ0$xD7&B2IntK&*gJGizuKoR1*TKApE1hyaWG5)zKOG>kS
zT`XK*1wNn5CwuKu)B7I@VeD=LpH5o9k&$0d-bT-T-@4Ezws)!DHyzKjp0E?nUM9Ir
zY5BtTHF>X6H`3PcycdGsFM!$XLp-^?X(O)dUORQ^Y)*A1Qt&uzYz_}cqIeIFJjghd
zl2_(4iznK<&m9+B*-y&nk{fRYn6}3fe1|e$P9FDxzI$C>xW8iBb)Ppybvo>y9-SCo
zb~>IrRkNHhe;WVPly}x{mhsu-v#Sm%K6%TweZ5GFYTWC@MV>HYmziD-T`$$Wyu#FK
z%C{YE!TYx)Pmm?)jaq4c7+Be6!+EH<_d0xLex&2neY)&;jC5o8rJe0DbKslrq~&w`
zZ;do{E&D<Le*KN-9@|%=`$mA?@A9?BlH|2kZ$Vwlj~Ua0oq6|O_nNM}Dqjv#Dg*Vl
z-VM)RcGAk$-+ha%#v@m|X$QpW4Q5k-DIxGheqji$-zbXtBHaqVB|Tk={zywr`~EuV
zW=U2|qW>|qph&mtB``N2B#e(?18Ku*SB=q}nbn@n&i8%Mb`j;9<h2K{8~5;9%f#6;
z=K{z5vDN|SK|#xNpr|Z7#x;i&#s{Y~5o2xV%c)ky{LexMU7gx>Wh+hFYc_HM-#Ri5
zU2WD#b6Y%DVy!2Wckq9p{vg4)SWH@%Tq!CmrQ%IfT`U&7NNak04eig7+1c7dbQyl~
z0EvhOKR;iv(|j}o4-H43jSsct2I~N<oi0I`xjo)(?l>P0e<W5{=K)W7bqbwp-xsvq
zWf}zHS(NLzvyi_5in?QU==wTR5^(w~i<)AwjH)#X{5JLoQoE5ezJB8r7(7VD;P~P6
zqg+GX@zF@<ZAimgbl@Vb-F}WFk8D2k#cMx_>4~7@VlYHbmp533@W#Sj`6!kLE=);?
ze2(2|y&*iHm=(jto9ZVM(dtI<K#n4Oxq^!K)nr!Qx4Y<XJGjnO#8A&o$TKEbT;F>3
zD&m0D^P1tt^6=7m)y+3%Z#mtZ<$0YjOY5JadA{NCkUIT|88DI$5g9SABvQ5U5;l9$
zP=0#%cH5U#LW7rB>=5jzmj|KRzU#IE2go=gyM8mZzVfublFKA!kE(T?Y6TDAiQm~r
zYrUM6w$nV5BmCOyigCLj?Lv(u@6c+?e-Sy)k~AaJ<nXB|9Q|CS>nxbh#E!R)gKYaA
z8k?W4$d>)G_Bc(E=6M(p$SkU1n=rg3*{vH3l47s6vF@kGEw~b|jy&Ts9BQR#7j{=v
z=e9R%WjE_yiuiEvBlz)`zXZ#`UH3b#Yi-MM^Po$>(f!})T|57=6u+)*_vl^s=nNFc
z$KZD>ZladCQ(C-GYSU8Zt~Vq|KM>u!Zw|K`-@ZP-p@)#Y7kl;5@n<lH6=?6MkP=8<
z<9&7Og6wU1HmZj=H_uVjPmL6su8~k@KQg5|L>I7elT!f}`@%K{u^4oj9@;u>^_Gvy
zUngnYQvby8e${uqp$3>8AOGC6b}*7T%&i;EgS(3QrmeCL(rL?4wLP4Zr01y?T<)3U
zuU7=cW712bthlS%wJ!R0KSt0?wkSJ#2ku~WFpm_Vrb)mLzuHODad-SAUDohKO5(#I
zLWzbSe>1y%SFCe!at?dgGY&UsJw5B}(cIpmMaWi2eBSf*i7{`1H{Vbn`OAp(k%5h%
zf3Wvx`^vUtxdrtz@e1V!!GpH<<w2P?%;2tV_+H{3Vi}tkv+MkH8M>CtOR3o~_e%rp
z7S9kt9c@MfqxrPxiE1>(eW}`J=wHMand~F3yMs6PK%NCcnbn@pOYO?X)L^O}Zx{do
z>0Dnnt^*4$`}9R$;JSh(LHY1kPi6zv51_|ZoVh^|G4o|#7djELca?|fskA9s;mz4*
zwi1;r4i4>?F9>UQL(S+VDuvE-<8EYUJ;JQ(l6&x89MBt`MK!t=Z`HL`6KkZAH~QS@
z4YOdiq+r*WU{^V}L$-5Yjm63NQo{-+5`9Q+hre(H9{6M&gmzsKyW%&}bOx%|G%EcC
zBxpGsE#Cf4txB?dq{@Z$GU;xaEaT9y@*Mi-v3*{=WBJ|@FUN5`^#wGR@#lK^M8#Gp
z?n54i^K8YP-HRz%uzkil{hI53ON}UJvpkjU_DQmrHfNdpA+4AD5E1sP#kIH0#mPdz
zxjVnmPBHNT%lw0`>w<HvwNyvLJWaLd$&z-)IkhCFOf7Xu@-^8!B0!@wJb$0kE2yHw
z`4Vo(d!EiRify!|<B<Szr;n5wYXP|Afl42D{UUcmmv=>`!^JM@w|c268Mm-=J8m3<
zjY;F$r_!r9i|%563fVqd>AQx;ynP3izpBZ#YvsYEkB^@;pT%=^G@ETK=l7!(_DO`I
zFSlCaj7t5jY+b$TT;*{AeD#-Pv^uc_E{EF0ru1Sc>ppepbN6-mH8?B+R6sK0Q}T0B
zPcDkgt;`FP;BV$6;@>9JQqgu!d-K${Q%EIs&kTlUGi%FM8n<zCD0#fPoAaQ^jZE(6
zonz_N5h!tQErUnCNc#{Mb;MVv5MC=--ImVPZ}++`6w;*}4t`T>uNcF-$8tZ<nz43@
z{Km3>7D()qB$}31t7c_0ou;9lH{O)`^wd$Wm)00=6Ga%3cKuhbFqSOrq0SZOiM*1e
zCW-z>kHhlI5q}LP$BhmZx!YN=qgSe{F*=p6ghW`6fj?muqvy-cU0}UpmV{ar#kBmX
z98dSbXpPl*Bmq`nn`%+}dve|N``JUS%TvrBcX?I?K}FB{%0DIkzdd-dnOqW@Zkc*R
z5z&tom@Gya1)eSj2^<$@-Sk%qGIE!XJpi8^W8SZs<H_BAu+7~>W&QQtJw_DSlTU9s
zn_-sfD1OJZiCUe*eV+g`@c?qp#x<dy9?7Lp)xO5R2+bp#?pi>nSY0kQKA^ZN)<W)F
zqrdKD9N6Lv3WoE`*?QR$6s4!A{W=kYiI(eixG&=@R5THFHOy)W$ID=)LbB1%G%eWj
z<=aqQ=glW?LOLz6bAJuR?2+X?N*_at9;eGSjRoPm_*PElK_VKKIiM*%MXaSiB@XWW
zG`k_(7)l4X=XCykw3!DKV3lI6U1tdA>tla7nxjbPBkl%{H2_ea0RT*@YLzfW#K=Jb
z)OdZo6u^hD0FoKgl+HK8&Eq|XlCsYLKO!vir4&(BdlieU4`k2qx>?L)`}{fay4>no
zlnaV(I#4<OIt7V`N<O2xf6`pr+wDfS7K6I<0Dv5Msvihs(Xt&{T1P@%_3_bgv>IQn
zZ$B@c&Axx7IRAr}05mmv>_|7$EmXqLMH@|q5taGy3k-fbDSmksrT(!(fr}<{*2)P0
z3_|79Y`5XMVXjbnNoW<t^!*(Ngm&rqZD~xs@eJfk1kh!@NaO+s(4Kbye1^hj>%{pE
zJR{^(_CeW?Siql7lW+JHsq{gAxL>!eEXjXYa3!`JG}fY~ymS_U;876)epDgu%wRY5
zyNWM6CTq6p4X%A$ispMwD~mnJY0pH_gWtCb=Xcj^v@w}?1MMsW#T{MuF(~W!^sl_g
z$hgl<6}FMG^>QRH^I1hRX@5cej?Z4do=K%*>H3brc5NKn#Aal#1_%ne_H?`+#)jA7
z>%Q?#?W0r1;mmNazUXgrAJ6R7Kc*i+LVqoWWKH$A--5B<PK57#H4Kt;n*U00Fix5S
zcX&An7juDg2fl;j)V7n*nPd2P*KvCVYVB{b@g1}5t=v@M!myJ=6SzED3i(h;6NiW5
zKKu5Rf^qCTMFxtO*<WzO`k(>Yr$fJB^BrjIf<Ur(2P2Huwj-Z>te1;jS>LC923Ykk
zxdA_`(VvkMW{VJ#CVC%|MN%t*|Ke^Ba5!jLx4n}SnTlwLPJO(6>}k0U!@hB<KYwT}
z=0BrZU4!LEcxDs)f+SlhCeJYFE2EvRXr1OoJILj>UuWz{mWF4YF$t=CEtN@0s;hoX
zs<)QQ0{RN)AFpA1+_IV-hcmG$P=vOF1XMh4(-a76xRY*5{(e$^e~Z;iZJ3_d0T;C{
zS;xwVO=O(x4c*`DPUU~Mbp86hq9#X2r(FM8ZC$))s|qS(oShBt(Q1rMVaIm<Tx^Dc
zSN-cS6YzR1Rc^_M@w2Z0NcfvS*x<T^UM97<!6Q}4!}@4gwe7qOk$5(6sbv88Ttc~P
zqP;LDoN3=LQ_roA#IoVrcvmD2rUa{u%$5S(<oRF$C9b=UFWIh?9#DLx&GibOIeklo
z2!0qR?x|W!%&8^~BcbJy+@gfS#e@~;0O;0xK)8l(?Xq#kS2}>*8J{FTBzXA;5$Q9W
zEaJhEP#Rl%#~cm{kB`y&WijQ*n{hP`_2C@mmt+&_4DK)|;}xKWua+=CZc(dXUO$Zl
z;pf(9Q-wIqNBJzZ`=uN%3_&69^<`P43Ucy~O^Ub{82;x%{^z}iC97lU)xJ|JyTDap
zX8>RbF@vD~5^P=C&Teu;C)`$+d$(MDUx3iEr=6Btq3Y#4wD@&bv&P$NKeE<LSMavJ
zF3Dg<yn=q6@gUdH&FYgD^Y?^5kFuYu;EOFEk5x~8ew;ntt4mZK?mO0DrZd_J6b*5;
zjjvx<9QhkWz5bnT*mXbQvt&|=sK0$EzbTN%HE#rgTlJK_Fihi-+ck?T!A2w7u$eru
zRiywsp?>yfo4{UWDnNStBTsRuLquk}R_r*=(-DoOv&FdWlhJD*cK`C~=G9FQ8!a^y
z4^LU<%$oZ+uDzm)4&obczxiif`s6%g>#y{{aMPjEioadOpnL^iS{@gfvHM-mYUf}!
zFi_35*;&|H`uX?Gu6}{YsQye&zdD;u%;}q5c@vL{7F9EY^KG?n>XUMiuhMVLsaPP+
zMk-{dI7lXIs%vPawwmY{4N0r>$M$rTx7uBgTj!R(-M!ZRU%Y))T$|svZE!14+=`Uq
z?kVn2+}+*X9a`MIxVsj2Deg|N0>$0k!p(p0bM|>S_vOCa{PLFdeM_=rt}(|PlUlBr
zuDj+7g66eW(9Y<W-}MeKPp3sRCzpCI?(-QjLp&kgZK~RZ0S<$((S77CP*_Ok4d015
zs1{bGQ@nH-o)>9Y={;<@P0~vXy~ALgCfON*wI@|qo4a?U@0$~&!rcn@g^e5JYpT>e
zVBh}xb+3@0V>Y!XKBvYG$)r<K3NNllecZKF0bc4$^35#?cCahnQKxIjpd~*Qd_BHr
z8?>{ZtFFz@^k!@)>8`1EAMFFry4jav&jgB_)%Yq*e5Q}Q_q$bxn@QWuW3XVm2siIu
z+Mi#Zbv96}%EkoUs;g5t-U+}Sbkm6mV^>#u?g8y*5>|C)Y}tZy2dtQYky2mYQP<d+
zuU}TCNR86TIaG0U>gA>6|7vEIK1EEXyJI~+uks%Wj#d}L#o_RDNSFyvIpG*7Khrgt
zsEr}zcJ#IvSC+Wml=4<wOdW(jn;3KfU%GBjRpxA_DpDz9wQe^iENpK`&ue&|qu!pl
z=mIubc`qua-?y?#bnw<ax!x1+-0x61xtNh>^u8MJG*&yO-;t^!uRr%ujWzrhNJXyX
z_CD-^&(yKxOE<7?hVS<X26|mER+i4Dnx57d{RZ>{!D@omOBW}~`h3Y(i+J>@%;}si
zqx;t1Z5_U>>5Ov0tVl!kS<6S>jMwnG5Ab{qBXW}_B6a9Y^O@xd1<~PvOk9Z?Hfuv|
z9f*z=ZBoH&@3hD(=VvxbzsA_CG%k!Nu_?LJ4N7ag9quQ9n@_^RiD%~Y3D|RnT|Vtm
zkZ21ol650s4u!Q#LsWIm<bxk5J>mq-bj_{pd8~?bjIrtTGR0(_;3@^|I@GM{*0iwt
zpln+iw)^s|sX}&)W@gaXv^aUJ*LHwfM)onf?;bxRW3Cd-B9rEPS~{y!HjozEd-?W+
znzxH2vy5L4^wqvVYP>Bf<PGf=1P#cm;iCs4PRyTv2znO_dLMuV{3wxE*HhEh_6CbA
z-f^|Q>@~`Bw0KD}@~o+lUE)3?4sHl+Y<$XGJE<_4A0b+BCvCKL^9J0=Vh-->ItTXh
z41pjbwb=|V;%Fv={7x#t<iH)x-bkc<7U#$4*22nZ9!{vGHFGFdY8I;5as7E#)O}v(
zhy9LT2fKB@Rkh@Wz?rqjK>RC)w_CWky!`zmk;xSm<o9?ZRlwgT&j;Q=jxKq%l!a4d
zjMcwJ@bJ3PH}@l)YFwZzulw5CJ-e+A2Qa-G@<Fo#Fc}rdPiM6mds{{)C)mf;?wIHP
zK15vwrthG{H=UQduFe4gQQxqL0sS0ztWedBffeQ)-OdJ3>-Elg#gE<9QxnrNr@wkB
zoS}7J97x0L;@9^69^P?*?2~D2?Hp!~h+8l{m@~!5QypBPhtF3g>YHJ3bBBYEi5@`p
z=P<`Rkh7!*IJrO!Ng!sxr``45tcN7kEaJl(GPREq0v)8tfa~*e$-N%wcan_i&Lp$E
zs^_(6-_O}4fzW$o`}hKiKO-(GkiKC?PpvCQ-BY?%H!4XOBLuXzoH?xp+9Lb}^9gLO
ztx3{gdq;&pzff&0n76Nv6YF)Tsn@UsrzJ&r=J3(fxE1+TR`8ntJTk*^#y3}f`#=(h
zw6}Dz{E1WgMGLlC+kyR8p)vzecblUp2#*w~zEr`hA9Gv(Ny5AEQb@7y9ufX2U(SH%
zPh#lX9|R%;Ck7*}PbE!(5+Q}XaoRO?uDz<bQAjh!(Zu@>V+5THbtW|eDU=@(kOqX6
zB0_C`-ZV77c|M^_E0k*{+7?4J(g=w$Ncd#`a-f%2(wb&>n*>h%Jw0*%;@nl!V0Eh<
zgO+EZ?=-L7MSpM_-nOqL?!P<ntDVjQZ^%@eIr^BDZLZ&{Zs^(ixcOrlp8>)KG~}AU
zJe{drfgLFua#Cc0uD=!h;RYU1F|#zjXWAd10NsFUM)|Ya-OSmxqNGmv>@aL02A+l5
zYKB`D5QYibYSZh#lnckp-K6VEB9KV5bwD7Kdr{A5zV9rrspeDD@j500-0r-@MEHAE
zxH%D0TNX^CHx2DhbyT87+UY7+&bnH+1go2<1?n|=XUktKym8(SBRXPo7O>k9vPxo-
z&^kT)xT4KFrA`qyR=tS$f$zW1q)dB3&P4XoWYV*WskM;}hRsXb1gzIV5|4zrZ-=h(
zyu{h^Yt>ePFH7-fj4EbQVGuha7ZlFVFxjl^p6RkS%7q*-P*gVZF~AA0R+S<v^vfL~
z@od|UZDTuE_IZ(}oyoyqns(EWA%Bvn#~%mR75&@xSOWB5EWzT2L-ig<)ne}$&`b<f
zB*f1LCO@~WiL|8ordNZQ{t1WRt7`A@C$oI-M+xS)_?xG>T4s(1F%iTS`2Z>-ap|Jo
z=6M#&+C`B1xb=}gGrUgwK2wd>W_gb@=!e_PI(GezvUR<rhw7}s*s9jnOS75Y()hgQ
zddIJt+{6XmV<WXaoH47RzwG_P?^a86H>NGZ>RRiLDW$LuB>2EXqxw)SF3F!b8rIna
z$(=q5^C#z2p967tzEA~N-Pf*fx|EV`I-~)^28|lD7*h8&z3&5f8L--Ddpu1|sza|w
zZCx^Ge_V`)j%}WI^PEl<DE>X~8gEnN_<DC1%h>eNB2=t+(Pp+z8ov6cN(D+rl;NaZ
zKVpuTw2^P0*XJoqv13y1HpW>zrb@XVEv`OxJbPWF)Mwtq<>T8DhbiwxHIqhQ59@jo
zDIX3)f`QhP+BO$I6SeDapN2CodotG;WGy$l6eC5~)+d}Mz2xoXCOcBxuB@CRXTjUR
ze3MDHhWZho07G(!<Z+HfB?vlgAF13{0e6K}IER9?CHrcj?2MeHsN{avgGk<Aat|>q
z(l7K89m~t7ZEcW4Qy3|stymE3f8nG#C;ocO7v;~XOTU`ra{0$>5EUBG%P4Yd?1(Oi
zdB<hMLRH#>g5>T4pZNCD;C;)uv$|b%Dn&ZUMp>c6{i)PgSVohn>S_i-#$C55-~~ep
z`u5mOBj3Tx$!rIk1OX68Ny3_8G?k%}Y5)lgub@M{)CBZmprh|;&QaqW(4W>1*#5x!
zw6R06vT&tm1OvbPC#!kZNg(I<j2>zc<65`Cw9AyT3Kcx_b;?Yk$7KOk=vSU6wVU8P
zH28~d<=NFI)tJr_3<mmQnh#_AY6$sDYhneOws_YST^@Htz4`BIU4inoEwa>ykpliM
zHeO-80L=3<ex(2;;JC+L7HI-sqEjY3?5>IMsDt)xrMy4SOW2p<Id4WN$mwAGOS})$
zBOQ`%r6H^>0ClCtYotaO#-tB_QO7p@NgcGXad_S7K2-!Xk8Lz3{<NCnbJ~YfOach}
zl!#4y?((u((!l*TvWnaBQox?Bz63hS-t}$ZUq0J)=sN4rr5bPEoY^$+m^-R|!;gBv
zN9tK|5WB_?`|(+Gm+P-{%?pDO&K+ovl;n#@u5D8kIQ}fTbm&{vkIT^UCZOE9O=gg7
zm$=i}bikP8p?hWB{apDEUQn&yKQ_UBjjSMfi-ZWbufkY1x;Jt3SXfMx{R`w4x~?H9
zE%%HQShP~zahT5Flk%sX5o>Wx!?1_Zo>y;o_+o3d)!){~e*KJDU(KS6CD!m`fA`q)
zb<XyUu2lUU?uzsury@-y=Z({kBwH%4a_uE`70)~X8oHvABNbt>=vp&17pd~~;DE}`
z)ePmyYf{Sdd2^2-Q+fxn_}=S_p-Q&9E<`9jxvA&7;gj))b6WQ4Gvz^MiVsI?XFfel
zl}%jGq3^pRLGXpXzuNY>uCFX4R;vU-l@1#^Ze_M0J*BR&73RNR)(%DAI^XLL3XhLD
zPmF20J@fqh+E_vq>bU(J5~|_rtIvYa_^f2=Z9#6_A>5_~+<}Op$5jeF-0DViwL;D8
zhXE@yTmD?89h(VbJj@CU3;OD=ei=TB;e!Zn7A>`FN|tlA0E)pucfE|8RB0UesMAzX
zf~muAmJ|69_&v3zhM?jek71@I8PhXoH`FnrhbDJzB3sOK&F!sM_snX`QTI7JPZs-c
zfqB7indME=xBz`q=kKkxLAExWjQ1XQQnJnG%_i|UX@kh(uVa!&o9BNLz_|(nz8**P
z-M7tL^P;&Fgf>&>g2oMKr8`8VcF(-tq!K#xD-!W%XDy`DYxc=f_=qZDB8g|!yS<;g
zN%-wEh<-9_UVO*7R^Ck#YHmt6J2Um6U(rZoS<Ic?=_&u3==9o*l(#g_tV!y(J)-Gk
z@SS2!Dv<(Wk5U)n`n6j7d7Do)%blpduWbsbtWZ@+S=@dexmT~B^q+y&kYUd3Cs(}z
zq47WtegNQebrq}YS9mw^6yh39JtbuePTj}TCExUFkoe|p>9)B-lR!ibPHw`w3QOgd
ztrI^KU^S5#fnnNI-O(6(v$!M9Ps?bOlZc<2(adR={f!3lk4+kWs+i6Fkde*SFQGzL
zS%oqKG0^Q**Ss}m#*q}-mK%BBwIUvVcVy-FC|j@d2jcN8{#*e`CsIf?C!N7sOsvrh
zy!x69O;t_i`hWFcC=K&(Agb{Mmc?0|rEba(uzAU5GD!AUb0xw8Ae|l&@C{fy1;5ZQ
zUvz)o%&)FpJx4P-pP+YWQBNE-T2WofEg{LFfE<mH4)JHH4tlbwY!X!R4`()HYirTn
za$e2_XH2p6DDs=R!$|2E56LJiAoF9MXJo9BXPuV(%5I8|=?J=OloT$9$+XL33a-Ir
z5y(JqoL;6gdzyU2Z6i+m=GfEL9^fEeW@h6jyc_A(*FYUrnG73pfkjAYdSjdzT3CA=
zlJMVLfK9FDFIFiU3!)U8e`LDaT!(<0`zhlK-gzuf0-upsL6gR&dm6SK8KBHyH}4^z
zu?d1(y1!l=pH_7pGfjVFt`fOZ$5yU7%H|{ROus)33|QKzqSL7IAkDxu<Q%(rnK5fV
zWM(x#e-YjQH>hbNTWDHNz#<*^t4dbdI)FxdL-O?m>XJ)u#`M#yd{Lo1gPFZ^GqO`W
zw8~3w-geBz(+2o{3|hUZ*|$)LI201$gClAs@vOeS>KCW`jN7Gt9br<p?i>Dfn(JOt
z8Uh|O<NkJvyG6%raC)m98Opv=3U1;UXjG2JYIo%Cx!o;yZVT$WLHmGu-8=<vEpI_w
zbwRsE8?fQW)@KVzm!mP9rKy*92I8pNR+K+V69?}X$9&q<(D21sqWMYB37_}N)0bq}
zzL0Buuaj@EOFiuRR_R1b)qml|#!K=h%9ICr6UfK+t@n|hH;70)jCn9ZvQG9oU<&#1
zvrT|icI@^RQFfZ8w=%?a6xpf2&fc@ksL|OGU%1}RG~7}-N7(ziZTxOk`!qful>!?w
z`Vc4OOF34er!y~pj_$D*f03M7?+o|2YIn&{+wI-q^+*(>4Y+xMxXw$n4IcE$SA~p_
zMX~f7y!M~~A#*9IJHZTk!vgj13wsj$qWIVZB&H23_r;wqQ=;V%0QAM?NfJG)3Iv!R
z?jBdm<<~6l*_<qB{u|CW(K!jHmeoqPc%Z3Yo@I#mMlFkf6a<L}LwW(^F;0BLV>G}v
z-Vh4jBmT6rPFt($<MlF>rG3(F<u`a9O+H&dwxjjoqO8rP;1jmJBFU(L-I5drszwS+
zU)5Lc#4=B$z^&IoJGh<}cVg-I9NNWbwudZ+(W<x}DGvOy?4R6<X}A9Sc39`L9FzpS
zlBF4U{EA+`Sx0}fg8E|!*M!6sLI&s>JoIk^)@tcd3;C1kTwITP#D^|eU_Upg2fMz;
z%4alm_3At7)+!zMcK%BHjF?UZ0GRFQ^R5ehn^rp-TJGl6@c(_?*r89!$#}#j7|e{r
z`PI`j^+Hx~zyN=+G%a9UQ2OuY5wcCgeEpcurLdUlIarGDHe=+`{HxO+8StRN&y8bw
z>C?%%Y63|wmwqqx(Z0WzgP$bJ$upt|(k&Vv^odv5dEI00xpLuDV=0btPSgQ}F`?k4
zt~bd5R^GyIjWi=P+vOy`YZ*}ei%oP=-+Q8SeXKiYA@f0oxomRsE2pn`_|4~%=4;a?
z`BNMJanZ{^cfTEYPNg*`hP}->Ag->bDaoDs${4c7y70L)!i77-zkRggf9P|l;HVJ;
zEKFK|*QGB{{eXvuQ7mV;8W6i0kOu|`uy-t2-2lPZl9+cHMe|9;SE{LJ{fFK8W1G$t
zk1#h;_<>ujY~G-emp|`c-WgaD{?>;7PPW%;cn*t{u()yH8JuMX6=eX^Tewe>P=~Sg
zY%gk)-aGBja$@KCQ7I*P&#<M<_?=#AgbdQ__JZ{)%8G%U99fJ_vZTsz0wnxRI)Uwu
zJ7Jq@Uo{;K6?4~bM<426>RXzczw&lGb5T~t)xJBvh?lCBB$x*@v(^^2+A<32&MjY6
z%EqCUP}gKtH&?5zNx4|k)HXFqm^@Jq&nG<7^MYzt)EEAqLZgnkWNP@;_mt*}9?!3M
zrM79QEB2xIN(1?YA<eP&b8l<6={PYJtkt<QOK6v@fJq((*6=Ex<iT0dHT$Kyr9VdT
z1}SiTt!2(WJ#foCJ8COmJ8#?8b8hgqn0l(&_~5jox*yvR6I@s$W}xCao2b_JG1Bva
z`|07F?;y6kwrqAKhNQCnO4?yB;<n1U<9EiOY{s#R87>Mtf7c5yYf_2h4IcHU-3OwD
zgBIWVy4EOLP-v$d!M&U5aZXM4YOD9j8~Sg;0NFZfxA_Pg_^`Kko|oj5p2jwEbQJuM
zvqb%7%+04nqcxaVyw;5}fycqlK4EZBp(wOCG*{+mL7@ERvZ9WjFIDYj;+#>KurBkM
zuGiD!<;+##TS$(t2h|U0D2VxQT`Z#QUGevD&|C6APcXGP)Kh@UIXE2Ry+?f>3SF&m
zxm!O<yv5;FXQ++N;$t;UqYe`<CA=kc6P3G5FGNuIiB-5k$~FI}Op_W=cJa`(7re7}
zVVYSJ3*9(|9#B`tL+0(A))NPL>N6pc>7E4|F`rV6{oO-@Z;!@<31`cTH~?Y@zJM<|
zoj?S@Fg*9yaq+$BP+4S@`>XAa1_D)<!^RRiUVo{hGD*rJUiAQPe)};?17;80lo_jq
zvDL_N;sY9;%4t2;$Cq?cbq(8}ejl66xOC1dneli7Sj)P>%NiFrXT+Es?yi?C3M846
z#)0yMYIH@#A(FAUyj4y*?Dx*yCyEXh`>+N6@8}02cxn3s{C!x|Bu_N8nV%WnQr>bI
zxsM1w^7*&+%tQ^F*W+UY`ts&&7E#^m$L6+O#OF@rb5uQ4hylP#55LATJ_a6g+oGSm
zNoc|9N^bdv(;Mv0*~?T0KYp!c=4+51{P5+4xvxhTdN^KRyC)@%ktvJp_O3m?JRG@#
z>K4f1qe_yd{6JW({F%{N-QZ!SzWpFFmMDImpQmO_MyrEvAoVF}Dn>=G-pNb!Xt!(x
zgIpj}3QnX{Z5#)O8vPTGnoQjO6D9u61qnF+wTl}W!DB6dq{bf9-R*rBeee|++aE<<
zqhCY$JuIDy;6qc7rsS9ApG#XuLS?aj_d&k4s<)nkb<~-{lplDim6d#+9`oM@?>Z@%
zM`5`DfJI)8G{4hdJHPCA28ro6y0D*oRYzD9(4s^v7p||_y$}MJ>{=%;)k^u2ZtU%5
zZ&+u8$OV#+g0;1Doao+XW|0x>W;VdYuiY{)Yl5P@K9Tp^vBekq$hrT_EW9`=2&u&E
zZt%^=MTSThdRUXPI_MFlpl?L9Y&M6OL71Kl@f!VyEl`Np3Rko%uVtM`=-bcysBV2j
zLOT4h_oOWKXeE-}{J%#(fmIo%(%LhhbObys>^!DF@c~Vgepz`ky!&5Oz*O|KL^LPb
z*@3oPA#=n|wq0Jc*(mksF1kG_cS^3dw_TFwyAniG3><V>;+y;oty8;bO-Mw<8B^@j
z&0l_Of()H-mP{R{ZE~rdf_X>({dLe&ZnM?;lU|{nt?dG2AXEg+3>GxCX=Y%JZ7O_4
z^<Y*}{vj!k6b7|#@hCnqp#2zxXqNhV0ak{s7hn}N`L@E#S{=u?iR7LreFexz3?|*w
z3WMm(o$wjZ0N(~|M;?!=bVUIngIEaSJ%)NWbUmsy5<Z{*;YoXOkkQ3v+1_Sa;#Q~%
zKb{tEp><otp9^@x{rH7=tx?E0+VPPdjqRdo_~Y;d*6`Qoji=lxnpxfOFOHHB6<%-x
z;r&?bbo~_2y<Fa{DQs>o&L|K;7z}TpYHmMKbM76J-+UYvbA;!RSNAc@5F3&#A)qYW
zjz;s{K19J#(=zYd;gmUR`Ug6|N1mAGI^oY9j{BBdlx-wu!F;OAXVx<>^6ran_1S%!
z;oxI%)3|h4YzB*aD{wPuxP-k78vt3{+K`>ZZFF>}bezbM8G4{iVJ8+MMD-8td!!$Z
z3iIFm?|(w6{=ag<uh9qg&gFf!k<eDr{>?>i3wQ<ln4rsO0?JYr^UO$n;n6-lt~vDN
z6Mwvgg<S^-1BFO<49>P`{?lf3g8#Jo|B~A3KTP)j6#7Ss<lo)>50m{rg+>gbP%;4j
zv?Lx)7M~On<Mg^@5FoBX#y_5<AfOc>=hb}p=^r6HND1#mt1IT?jLe;#9XROUSPFbW
z@WS4an*r}#H8o7^>^H^b(-*4^c>h%!e}C|mQTzV>w7^UBZ^Jy!_?*26>KxDQ2x@qA
zl1|U7?Z0_S513Jdy8nK8)vt9D1!-xKx5z(&_#Y&cmFLLNA^X6;77V2Bs@La}+8+q$
z=impaL|aQ+WuVoE>S{k)>{z0xaVJrBa=kAf5zkrYpGoPB)(e*Qn3BKpC^vofKaZnx
z%|S>XHks=VkQ50ifpOWHANwHRL#_3=Gi2Ff(4Cdq`O<PuDneq<x6?D~y-uVWwomP+
zD}gVF@@-TPZ_C@>?Ur}g%`#sS_w?Q;{yfYOsi5h#N8{ZVBwDNQ=lx&>YSCT#qgb99
z%6F42lPeH#B4-&nKUWk)D;3m;Fws7jmGT17#>4m{xjKB#Km1PvQ73yAX|PoRdF@wi
zHGoOfNGccrzP}Bd;l-_CKQZ2yd}u&xOjLp`9sTDSif<Oo5!#Q|=T&xU%UKww_wVWz
z)_Vb5Cwio$Gw)9FwE})4&CP<G)^bVD($&V7><Vs=&QTR#0}O=IrRSkJaAn9oh73v|
zTE=BfYC=Z@i;HfyX@Ki6o1Y#_Yl#s6fU8$O137{jS7SS4Z36Yj{y-M*NFV?oP*!8I
zBhitH%~7ZnKjkT(jpz5(%Y$DV`nUc2#kNEP82v2w!~TwJGi||gr9v(k20oEu<#G5f
zcGI4ATxxph8+oF!ID>YSgc@~<wKjl+pK%y9I!5R~7|93k`LJ4Vt)v~8t9jd(fe8a(
zp{iQxa{i#JEohf>x(I2G6XVKr-NeJ@EGAQvmeccE(+T=mH1ycw!C;6(7e1M5DIsCS
z)ak3UO3jB-h6@CNgdKjUj9BxWOMeqO12(hoI>PozdxyP&!2Ri{RLAnk`khUZ!quF^
z+xW|vv$aw$aJ`R>s8F9~%f3mugRgG}A&Z^Avu<Duk*-EE@%ZcU$<7@-AaIy+{-5VP
zo%Mdt6w&e4y^U87W5WU*hdb}&=e|bFRM+M|wHGir$gD0=1{m7CRVyM;PsZ_e(bVq1
zUhP0RFi6G5dv+-Oo}pmoP3Q(!&eH)}Mv45jS#;h1-t5${Iu&;5p<dU+5H;)G%V*pf
z2bS726tLXP$2}|&uJ=axkfAfncR~l!`P$F+X$&K;3#p}c?0xVU{O;JlC7vY6D4gjA
zW7mKN(A9$B@de}C2)S4w=}=e0DEZpvLDcs(8ES+~`O6Z{*M1tPmqHsNQDD^7Vd4UW
zWb}S_zt;1lNWgH^(6DfEP2e|Hk87pFU>G&le`iyRqOmgT%qy<(H1H2nErv35qO7~B
zBTrQVRz|wq<9y>}<XBTU3wATNh5`yy6_fSIE{b5m4h>8GI=<gKrB`X1X$`uPD*0L`
zk&&BgK(%NI(9~7Zw6!H$dh~MA)=sBU&tsGL2^VyAHN>v^RDM*^tEsN{PemDIEL<C|
zcU%#$Zrt=PmKYdhlgyPiP^mQJ0s=D}gqBJ;7vrNp2^DaxoRKZ1XzQR0<?eB0)ClwH
zG@+$zm4p9cxb;XnNJ6g!=@JB<jC@0a1N6G>1_K~R__ciI?zhdrrJu23G7ut1nQqrG
z^YX84ZXf_qdt`NT5QF#qbRvHq`J;mOLFFQ=?rHb=4?3hYwjh)lR{@8IAU-&N8YUL&
zh;KZ3PExzQHXwIZ)$Q52;qlIEXT9BNWZ-Y>QW%kGJ(ZSLiZGkSTRU*bF>^e2|0hQq
zd}pKa+t?LE6+~y?dU_MT-;O8u#n0VdiXCWpJjPjz0@cgzf0j{R_y>Eqdm7BtGxnF;
zd?;g)xd7%hrc9oc&IVp%G}A?*!#&(#pjw}ov3Fk4jpO~28z+U7#SJ2sbK()KvM<rw
zcG1JAs`LbfbkbZM8+^m-0jV3QACJjv77IW#^#{f)yik9tv(N5!Okpzy(*-p$(FJ*F
z1jiw+xS;7g@V?m{aJVCKRK}=FGgGNC>@aWHh?~+_Q|!XcIG1(nM<^_I{hD%<WYSjQ
zcl2^RL5<Y6opexIG!chxOFK1@(5%VnAe>DmV751was{o3Q)GeLh-eHcF`*EP-f%m`
z=r;I7Cv1EDx=VqSytgZ(^Jycj<g3A0%(tA}Pt0@J2d3ud^d{mIlexJRLEBlrHz@#_
zkC_|+;4w&EjPI$hvL^>K${M;KFh*%<=~cG1<|ZbLWA?fu$6M=eRFu`JBxfSoUB*7W
zb(U1M%40(S3^VEaZz;J+wQSk#%=`vlB6D*S6F<QZ!llyJj!)BCCJam)w6U4_D_4nK
zB2rWEedonoARVuj&iO)u^Ep2?s}w#OC9kh~J`5!j5G~+9qxArq>!b?2V6L6i;^#87
zE;^VNbjB({DQ_9;PHWk9#0u28eI`BlRx<3h=dTr|ry19W7>>^m`0G6y!6w>8XOQ|D
zI>YN7dHGUnYM9)R1CR?#?YVM_Kr8Exss{}d+Eho0;$p8{OsqnVf~5n2xclIJESt^e
zq5%kue+*p192$z*A$gCWzduFEQ%=U-&!ts49Ywi>4UvTsy1TuCZCz9~aDMJ>tJrkD
zk#t5yCa6Js;(cQDcx!pJb3iA#0qIJuux7%9)@QjHpmq8`mtx`sI)XgbFdub4;~|@x
z3odv2PRhfz5=g}9(ZDYTHI28Z{oaAUO7oz|`N2;+!(kta_0WqP;OVrFGikCt-2S_|
zLT=RItq9sN>d{j}8jw->GGpZjmAB{^C30f%;#IkY8*e)7fI_|vGtWM+ky_UZ9VA4S
z_>BTORcQd{TN?(g5ji0skcOP=7eiMolR6myvi@g$-3@IuwY0T}!)5Dq?9*sfQ4}>4
z^DqXeCGk-V>#Dj0<*<!DywsDEiw$xs<AlSa*^6Og5Ygm8{UV2k8+`hhU>f~XA~+)Q
zK}wD6FZ3_5R2d9$G1yeI)Wsl(XI2gq<99I>K<*<3)wfAzbvVK$>pBXIAO-*cvdKiJ
zsOy#_z`94n%)=UCkmCX%`&iH)V=FxrM=M6NL1lHr`l~=PauM>Bj6`E?ZEZ{4gg|ka
zJSVtBN$%8Z8vBZ39{<NVqU|lHB#H&PV^1jqOM#4lp$xn7*4HSf)%LdIEa;&~egq$7
zWPSvGct9eYAh@&lS{yhntXejBG?+8sW_pUR5m@5#WCjlyJi_91K<sMU(NDI0YmEl9
z2>WUPMAeMa(Ez=QYMP6m#@*loYtYi48jkCw20SA}Q~}4Wap<uPB=^|f(8+tb@shH8
zlARr_(Dt1471C3?{>({GLMy*bDp-~JXz6=0phHVC>TibcEi^`d^?}u~5d=2*&0aXB
z%R*|oXsbwpqta7Kk_zGanDqCUQ6VsZK<Oq4&<Er;WI(T>B|Ko~BV1nF3WU-~*F^sy
zg!FQ`Jwe}UtN>8V7I3KgQ<BKehKL`1f6N6#Vxe4)eRj9G%-3zVtX2t*0kyaYWm1J_
z_pphmXi!&IR??3vFw-E)<dFV`lgq9U&uCzy99CB)oHym1^EIIgqD7>gft(=#00-03
zr@)1U@<5^yw~ui}b*;K5@AKLmu@^rE*=lPF>MS`3$Ca^T;Af1Vt<+Y!U!lwQlr70+
zzNHN9)!Tw|K?QS-06c)DZqVL=mM&D8>V9QQhXh2Jn=lGKBNZ2rAyEu%pSNdP6DUK^
zF5`t{T2cy%5Q7e)P$c&ZUJBt)eCgxL9%1zH@$4NLVJ&=-*3Ex%%sI>OsHkjPNhk4X
z0RYMXj+LhKofFn4g}=0do|`P3hy=w&-~cUUjjuGBal;Y_whX-UABa!omVIXiKVwZ!
z?mHnb?!w#ryhzZQ0&<iCKByUVah>>@-WDNY8r03WJbF%VnfR`oPrfNRfp@eVuq9+8
z3E7ny?r+i3c8OWMACHSXVoi8XHxWON%dP?a{i+UBGmFq7FJqYJOOf)+D|T-q&Pq=V
zve;uUW`K|=fR+#Nq6p~D=OiPdQ7W}8clX3TenmR*6i=n{!^aoT9qm%p$%6YsPWg&!
zh}+YGgb}Hk-Q>)}rL&sQN_j%q__#D9vg6atC^CtSfEkKW`W-mpo=V!0i3H^BBxNyO
zLLnI^^9naV{fA_oVTUHy8=ve#gQxVDV~VTMD{@>^A(i-4b%b@zD3I|@c8*rN1lB-F
z5v+8va(UxdYQ|h5UO}loZw~&;Szq3t=YPQL0pCxSxoZ(x`|fta&fH1vJ`vNF0054X
zu{eZ<9Kq5`FVsQ?On9b?YHEw{R|^EQJE0v$7E28uvOY2%p*U7bebz{OSDgf0E~kx}
ztOHc<IOPDUTaNjx7h^W9%bzUHwiPX~)sSHV*Mye#k1Hyy2^Kwu8fg<mfPhfPSCscy
zBGjkciOf6W$6fBtQCYM0h}=v8yRpj>{_*{H-ut#g@h3WfhEX6jXk{~c>w3u`rxnc*
z>l|ZP4Dsc=?aOQ1IOt$koparZ-tCxVq#rWkimJ4LKvEXvZ*YLfgES|RM)j7vlc)N~
z!VvK#LRDXMrfOhWK()%-MNdo*xYi(7-~UI~OUImp3T%|jk5tGs{fn%rsG)u!1gzj-
zP|6#@##SrO`ar1#%~V!Yk^17<!|3M5_@`GWfpveSKzU`zMMu>wm2_!g5n`5=%veTM
zOgWFzl_T30G_`P|;n^zGG<5J1YEU3W#pLE<k5tg7HuF`;KZbW_SGMgs8qK%T0D%BC
zeX!X}VD^EGRr-%{Y*nK`AP$&ebV?;qxQSYW)jRZHVY-J<v&@m0Q=hGu?8WRsV>#-M
zqK}qU1Q2hR`@Szf-pS&&iy&AW+97Q`gg&w6_cXj-KLQM9u9hm^*H9TuDySl?j}pzc
z<hfaQTD(NO>THbJPTc$hGlc4H)2(`K$9@>ddo*Ziw8{EoV7M}~OdpF6Dx(s)GTgl8
ztNALnNB_6(T`{?awMzh#(0uWHn$#trac@48D>Yh|z>uJhqdWufhmRWKL1WI3&E^^;
zKE*<^k5YLMBGJ$C4moy}H<~-H>sy*{kkH_4Lkh9?o7G+i)!w1@K=sBD0snBr<ap0z
zTiQ`-uaz-DKJpuuiY?4tX;cZ}u)4U_;$Ik-sp0I?!r_II#KMuCot;~+Fvyt#B`6td
zOvJ^)Eg5j-RH)UUexfi|yuPx@MeQso2y2qj`x(gl+lu7{!qcT-w+4MDL6w_p)y<IB
zE=5ZIl~>FpXs`+mo!LM4>StDkh#{xaTq`t)91S!um(c<XDA@)Fme4J0RACIb^Xf|{
z!A4%Y-0z`m_rvDVjW9P<eXOLXnL(t0W{Lt8(5YD2Uel6rdkYpk*wKvhuEPTIc#?D$
zKf^abe2dl<n%ifqw=!V7n^ZgwsKET^lPB7v;mV9QD5af2GT!WN3Nvctw49hEvFII`
zKXknDrN64nZv^)%0cAf5OFf}!x)r=E#;v%+O?IfffM;4AYuX5UpN@lTOyBy7H*;&C
zwwA-4azZOaPgGLR-cbRjo6K1cds{M-eMnA7?BoNX75%x)S_!4lqFUP5iPe&3WU=4U
zSnWQww3!+l_r)pf)L5fK2Yk}$xl44z*M2uS#*;Lg%)xMA&SbX|8f}qO1K11vxF9n=
zU*L}q!#&WSbv55hWR4xn=#@K^s@}+HKfnX90H`9|<lN+{m3p89<Cav08Z{!LP_jWw
z<^FJhR539X$kjqtK~7F?nqkJVKQXaC+N-+Yao1By#z|iLc&xE;!j~5RMzqaH3UWod
zO(`!gKYIFzPvcwyYQ-3p3gS5GzFkPMvf_q&_)JD09*!RT+6XCRbu?J@OQ<Hh8#U^0
z>RwTCi8*c{g#hgYgQ`_QIEywUg4kNSBpEjioB61FwJ5?ksb6z0t8roB78>yb)@-0T
zkB&+wGdrW(-dN)&TE^|!b!C*irG_7r9!{%R3Xaxhoai?(f+SB?`}F{grw1wa=Cl?G
z;CU$H8jqiP>~^m5Zx{r$*E68+Gx;GBVtde+V551;8o7#9m(t42-cGF`av$$)uE8&-
z@P#mv=c`SXQOsG)m8vvEfL_VR#z%r$$+fVo?jiM*+>DwCJp$(A2vXW_GL=3bH&c8Z
zI&bG>EFz~p&MKcXTe67#V6l+k<uxClVe=INmvKIr37!vYyg)!FzIH+`XL)GS52$9;
zQ{`p8qm}}JueV5Wge5Ye;hp8Gcp#IwD+I4R&T~9ED=n1qG#15QwL)LQQ~vT=k$NH7
z<T*>ihnK^vX`TPHadt{)g`js|AZ%W<%JQ3%7~Cl8LFvEhNvD6#tESnV`XMAl*AMXh
zE3^KM-QC6*+DG6yWsT-q+gyoxXoeaZh9lBa!+`g<2Ooy51UU*%)m|@ASbiu7z;-@@
zsvqkk0QrysHm?K!NJ>jfyPvJ5blE5@b+3w(3p;R-{|iFHU62d#eK~94f$#>z&+&M&
z&ml-%%F??xbI5;TYXf6-J8-Jjo0KxCS%LxJ4GSNPfm8@a_V)U8Ba_OIul$n3$m78*
z-j>JtFXXY#Y$>Pfw{T&7LqovZokk=4Tm#?JZc<NW?Pj6>KVnZ1z%m@>T+fIs9Bb;~
z8*SRR|H^OAXZpX<ynobV|BWjCKZ;ibFnT<>Gu;P5O$KZT-S9s;ezoO*{+<(<M?`iA
zKhl3#={(p(lKSiTWa$p*kncq5Yu}9jtK`1{%GO%GE7*gFO`=&e{_{$`PlI9*2p9s|
zecb&F^KUe8xew<0zqtUA9zhh;|M~e}QXl`uWdEn-{~N6QAK8unbnnT=Nf_&&p+R)+
z*}D3(nJ)OSV$tcv_wb_Bt-Rv6*Tb1xYNtv^G*c1xUG1OTJpYv3Oi{m&b$AxMPy1nV
zRy_%fP*1d_c2N0tq2J}B5(uuW$9p*vkVO#uz0($l&&s!zvP6P`vzDU9>v)2`J=c~=
zO|L`5aV7`vXm;x!ka!G?#AO@Ut6O^=fU!~gFCg}h0WNdefu<FPciXXoo)0i;Rte>O
zv-f+b{##A~lYD`<GEYF^yGb0QK8wTe?c%sbwX??^^{H4Qf?=J^Gr?}xBTzm}0CW^)
z=7_HiU-7sxiEO1Y)4$={2RuQ+i2mt2i10nA_F2FF<eiu=U+ES9&ui{hgY1v*j*ndy
zogs0pYSp^63sV{Mx4H7qi;<zrEyBb-(hmlDOO*V9>Vq`@{W6Q+efRh0$jkSe;4&A#
zEVrAuF(+10vWJL@cY@|mCk<2u3Z)JkrByRwBNbGH$nTyudQoGywfe7HZ^pw9#Mebp
z^dYvO#?jiwPu#vYe=Yz3xu5o(-JN$)oU($U4Sgg+l?B1#|C$9C#o4WHC+hS^6h!w5
zT&CVLScuyaU0Y7Ts7O1XPCV@?f|i;;o*qBMd%i!=!_=3oQt0zZ5wHc{*Oterk<4`G
zI?2EpKIVeg<Mf(qj1WmObi|ON0E(@`^H^BWU1@nK1|xFQe1(njQ>~ZKSeUsFH%9YF
zUE1znZTf%HKilI?eCjY<ClcLSpl)c^uk-!(fGp$7J+>Jo^|?{{DB-s8%k|pNg*ZV0
zqy3x0N7sV7d)KMdEaj%F8{w;5hKHVC``LPT{8k_L8)oNs`og@}XoJ<AoE}mg<T?L<
zlaZ#w;9kOm`KX$B=)LTM?l+KcrJl({a(Nw6{J8J?FO24sEMjn+@B#IwZI!WQvq=!=
ziYAV2lr;F{PCab+mgLlrTq8y%x6y)Qlmf<|lkePJMTOJ)6{}y;h^q+eL+B)tD<@Y3
zE+=<@@8d$?!y6B5^~;C!?dD0*m-}IFZm7u=puptCi`qaxIVx$;YAGzk#G`kO!Spx&
z_qu7ecPn`3tMqP1eX_UfshAUY{a_6CO$9;`AgM`QcE|IXlI%)CbTxq%0<(3RtMmg(
z3A&W$2FizfQg4Z32ASJp)zi_5Z<}64V>3Oxlx#2-C9i97G!vRFRxQ!o_UGH>B4ckZ
zX%+@r&5jj{0sao^&!Bb5z1}<z$vZS8(k&!ZocbXWy31zI!HHPIrPJr#w+Df5E3VH_
zGqwE=n=_%^ZHy+uANL$Ai#kV1{W_>3AA~qA{a@>#&^|4vJAq?a&(_y|d)vPwk@|KS
zJ<odt5Zunv5*ScKDMs-T-j<+yOMI1Gc)EyS)ep;YS%l;vX>35S#pOE5DcYEc_k#|L
zbuKR4%5r>jz1gt2C&jP}6X*ty4mM92ko+BfHKtmGkinStIPi!_2%o;=touDqPiOO1
z87gh11T5&WN)ASwEuHD5DwRQ(sm^tQy0CE?E3eaV1KB9fi}N#HIU#Z@lmLLV{Cb4V
z6*YBuB{~k$&Uagq4PoZtOPm!M4Pqr|NHPE;k4VCgd=T~doH`?o2;4kfexb+N){*=+
zBIf1|be~_t!y)X&1Q-5JWBBh3Oot$=NPd}vbEreSde7*zIV`vhbvnmoSJAW49Su|T
zNNP^(vq?%qk{OAL1mcxK4NH<>cqZv@QpV;6Gzl2*y|L%HD^lbEP-osx0XWC8+3jGd
zdx#zlC)aN-XEGo5{OEG0fb@0J>iuNUm#3C!5!XxEd*2`KztIW^0O8Gkq`<p3!`|1=
z#5+IFF(x$7fc9Y0!2SIVmp7PU0c<Gw<X>?-*tMTUtovu3Rl1|wUlW}rqHBMS*F{zT
z#rZ2!yB_dpjTfigOd~WgH$G0kM?8nJY=Sv#?V_RPh&#OUx;#UMp}XO&?Ij5}Ck{R*
z<JC9HfFOGn_OCzRS(sZb{blF)sXIB@?Spy6D`{3!64a{5?L9)Ur)RI2gJW);E$V54
z>zfY^-PMgCw7i*3;EYOukzc~ilTYMJ16ZU)!o99NpO^4iANdnmPN(6qDF#C0Vu)6z
zhdSZ-rPQ<WAgoHX?NO`}0R0<zP{rZjd<4++-Q4##W!rPa>%6(lDZGeBchdDkhsU`}
zwRvF~3?Rv709bn*n?nol@WbFcyMX?4H(w50@Ya1u&CyvdA`IYTwO~~{8k%a=cn_5l
zS1A_2@hWi(q^WI?{0sfVhmFH@731%G>4v4wy377f4f-T|{U+ZfoZ1{cKsC~wfL_4+
zQG^OimnTD{zLt(R3w@>HV0tH;TO_Yg-w-jB7K*^wODP2j8@Fw!Frx-cAPSr|lACB@
zP~TSFRzc*bOX&%bYv1F;&loHhp)b5GK0YAUkm?C%46%tUev#~sU49>=wdwa_eDkYk
z73(x>;1tmS%$?b#j6N3LfCXmET!Eg}edN4S(5djJitdUl_&}79Iq8qbJe<Kd%dRZu
zd&*x;u=-FMfB_|DF)^7>_qw7x2)x!h9o-^47gn()rVsa_68yjah7D3P%7PfzJg=w%
zJ6d>Ym}mMA0yx~tctb491ai8(G>WUiMK1#rFD+%(FR$oC_OAWC9tLEKH*I3uVxSUH
zSZ0Q+;<l&-(yFgj(1FK#q!gq@ED{sC4~hOa9V==8*!;!&VD=gQeseJI*iw?*=LKmi
zVbHzkqBa14?Bn^`v-4g2+*PEKK`^oDMzIMu5HmiJWWH5nESDovQdic%pVribt?p<t
z1`q1+hlqY;6v@`0(X8+i8U3FwuLH_EJ+3)$KNU5VEFqm?kOVD%2atF8_9>fFd1E(D
z0FAG~_31MurJ<2`wEF?U^J7H!x$C%t+t(KBSINpJJQu{Ca`N`;zt1=bO#(^V+e7F$
z*J-Lh?lW#(L8<(E+JIS`%*~S1O&M6Z`yF=L=g_E*7Sps<L^H*a+u&9qX0#AXRo#g<
zrWegKxl3=e8y^!*Ktm6h%5#3Ld=Qu&Z4JF`5KBnwe83{KR7SI&nWChr0Jt=Gw&Z-5
zmDq`gyn#x5Q`3pUWIW&6Pr)6rGnVU=Ix9Kts})VI=;!1naUVw1`{w&iO8}sR#veR!
znQuEoCyj1yMqCTjuQG{)2HeL#5;*0Ht{-`e&u(ZVlf`{F^Y)VKl4Gg@k3zL|zww@E
zv`kXN_B8f3Sk~1%ro<EFRw~>P_W=SoL^0R9$!eIt&R8qgkph)8TD$J5vb_-aWcFY_
zBUpl)s*(O0EiY_gj0TrH%A@_*A)rqUNK}$X^71oBBmxAU18@3UB!!KJBH_l>ZEFpq
z^;);@KDz?;m(yKfA_}cYCo&ss`<?pUW7-nV^Y~i#-(XPTpU%Z=-&`P?6D(=20DfV|
z!X?|)W~xZ^;2aizL<X*GX@ZQ)M4w5Ilg)RU9frqAZNB*)qBcqF+BC7;)vT^N;{Fy_
zo*!c$a!ACPC!QVmo~x|AN7hhwy6l0m1@p9d)VEB1M>Y*}KV=QEyuSmG*PTBvgo+Ze
zPbbUJE7(nrsI-U4V?x9mN*Oom1a3ykqf!><=!?VHotYG0VZ^Zkc{4}Y$N|bC;pZcv
zO*Wu2yT5W7nQZAk=rtb9aG>*zWEEAX;#<d|eUYw*B9{3Q-)AE2JGYor7D$M=fktJm
zO%s2j%GK?{6A~X}b$T2yYiBZ=3^P1GIPw5k!l(n{Pb;|_jh?o}E7>CPu~cvs_A+Hp
zN!W6{oX4M0*Wy%<?BH3XP%NG;AAIkBcXCGwPE?u2D&%lBZ|ZR><K-6ZMN!Q&I~X)r
z{?3>jj!3BO;RXH@{A2UQ4L$euc8_t~d@}2O%ZdE(F8%ZA)PZtY{}3GKevQod7*mZ!
ztepOBr_Vb23EpIS&tZdZ@k`IX9I0_Vl#S{wqS}4M6D0OBz8ZJZn>Q34z+%|9?Sb_a
zc{(kS_Hs_GwRnycbs%pDvv8jFaAcL8Z+w#l%sSG@<I8US>P3NVtJ(C`>vzU2%HP~%
z{3$M<mtSR$+cU>)4pZJhnSBD_MX`mC`hnXon1Jh!3k7p^zlYHRxN&84F2suoFt)s6
za*Ojr*tnpkhbDav*xuPN;Bc%EevmnbXsT*Nv&q&<8%matx}*TtE4bhnU(f;jcj1kH
zzQdBJJde5oF*1^GV_e4?dCr~id86%-ea%3EmniDz)^yZUpi3{Fimt4kwB)Jgda~P~
z|2slz)X{hb=mdS(Pk>Hox%~$LK?of{@tg;fhwJwmacnt4u>94J?U)lZbxc6sMg!U(
zU?(xefKc9_f)!aW16em!ul5s^J2%Ut0IDHMB1UB31YB}g$aL%Tb=iMsqv1?H;>L4;
z4z$Hmc@@`v4EHY%NtJZ4v0BYUB97V)oyITZZY^05b_|CW3cHRWLO1vfFm3Ygp1z)u
zD#)s(i>N{7Fi29boj<wDKCMky%wWelW*%>3^;JMqrR!jd@4E{SVB&!=&x%yau;~D*
z^Rxh1ML=M_;KLROnj5fC;&3Ca!y_Q;$ugYiT)_{v>bv5d`Q>4d*ABwY_^zJb2x9r2
zGz^=5-`xfX88yO$BsMSX&JUB(vdYaWu0#U38%Fnl4{&s*N1y;T7n}8K9)2Q4G(bIM
z0GVKxUsd1oS{)<Y5gnS@CqAVjOE`d?(|P%5p~#;V09S{E;<MJzD-7V>6k+)WvpGY9
z_X&aox+;nM=4rS4;4W+DwrH}CO%Z2Ug95ERbl~eF!PCtUTK;@ndsK%<iYgWWU@JG8
z!#LL&MF#-b{RX2bb&GHj3!wmJ9Ip{fJ}RlXO7q;<DUcBFo@1GG65e-asuaNk6fee>
z1#Q(PiiC&VL0GUK0YYC%-4w$s`n4>gP)xM}txD}JLR<nt)9@^j&Xa@d9dwJZfzNZZ
zD92>^)L1pQhiR)rXvv>vlh!NQ4~Wicnf@efao)a36)q1-;;%RK<n#IT*T`rCEWbh6
z@6DETH11azj@wEE0|Sc9#?u`>(u)8`D!+NMEy+T~Xg(ezO-tZe*`kb&_<KXO-^bgd
zG6Vhqs~`dUX<2+hcUU4u5Wnp;l=sWz>-*`tk1Ezdw;&ij9*Ir&JB21zNM2wd977Oe
zD^9iMNpacTNd2!y+w}#Ks=+VXHfIWJ6^$V8D)r+by-dBHWv1EUaqn`Fs7+I2q<zR_
zF(zE2u-r10(09{#+2Bo5UD&qcROJ0P?brO#35uKa1E~$K>xluoq&DNlQ6F=1wkxX>
z`Vd<Cx_)gYS<uX;`;;^}L+w0A&xlJ_I)3VB^76Q3j#6ozjbE*EBB+zsiF0wKXa>>W
zG~c{hg{#NLr};D8^e6e7idhM`$y1H!{9g|zNg+APj0o5Wp7uLh3ljHxE0|R>(-P24
z6Yfn)Fj!qExOp4yK71hyHA)*w_y#qs6Mo=H9#gT0pf)Bw_IPxzjDh2RM>65WSNFk2
ziS*@flZn_aTZB>gLF>!b3wUdbJ4f^9xkM!Kcf2ZXj4FQcq<rz}2-Z_)Jynod+R&XB
zTX`*q!NGWex)rVJ@zl(h9N!yK+nEWqOr3x}vILV_|GF`}PuxX*7GRz|Tfe%BzsC2q
z7EEe46qm^H$YyhQV|Y5a*vRR|>EWtk11GL$g4G&$W^cwHkaM{_T6L)sr1<yPhSE08
zk)BT7NT)5mQRayK0*><KdCFZ|qZ<XwE&@#Hlv2{agpK33Ka#r5sVih2$PKt^YBY4~
zZu&;w!j(>YhRR0zZ^+OkjPmUXU>Zr?Xqy)fdA?h^46ulix0QCx@Vd`$np|kad@fAR
zCt7d$az50iqAPT`tLcF5kuJ7>bVj*5%^@h>a0PDI_R7I8!IPw;%wdxpvYBmuZ#neu
z#=RzCD|jVY%w57xA-rgLWkbG?PY_y`io#4t-W!Y5(MM_2SfCQqJdyh4!D$wQg>($B
zv6;B~xRGa!jt(<V)w7B?D6CQ<NIj^<x9-^J_Jxj`ZL_=7j-9fX$+*sw-{5Mad<feH
zY%53ERJ6R7T5{t=4EJUlzotzHt$=<bR|yt5zW)9LEL<oe+9zV7KAq;~ZnGmcS{koZ
z3Pj@H!{pHbJ(f_q;c<l^6;4@}AP642`_!RoL@dmzwQt`zJvcZkD90)lzdcY3o{YQ2
zU1CG96LZk|dPtd5McIIiNT{#h4KLM>XMj8uD}$)6n}^Ymk4RaW=lhFKJrR&5UPT6N
zrt*%X;x2qSAcK(9?}rGem@=CsmO-?$+(S@WOFGuC^{dTe*-ZSezj;<sR8#5Bf4kh?
zCB;--4e#){tI_zUi7F#HBRr4E5+a5fbdnAoCdQd)+FhTcGl=e<uLWE5L|m*7o?lBu
zE}u(&E>o{a@e0uRjx&vybawgIsJa}z4$l4Qtm?;3NTzVOf$TJ;{h#(Sx_++tX0hHM
zx_l%`OH0Has+`iJ>&$Z73YH*z09R4pUjOZl2T#PxA&hC0`ox|%y?Nz0++CC?Bk@`(
z$u9h${}Q2zp`(6&Kut}4<ABO7CYD-Jf-NKW<QB-`x*hfV{Ju=>A(YKIbj+*Z#4UtM
z(khemPkrVu)y^Ec4Q{tMLY32Yx|igjhOkx3+6<!U6L&%o+go033n9J0&?+Y5=xdkG
zMyKY55P?;|67nvFi}4pR!o?7*%~!wviidd_F(Zr(1-n*eMg~?HNjTu-R5EPX$V9PM
zaq5f56UVf1viCT#m!DQ9luE?=@>Rm;YxVw|_Nr_f!EaVzl^o7^+JK8^^f_i{F$uMt
z&|OAO3qDD2HmVrV@*aGIirzw^f~DfT)ML(PsB>K>|D(5=)17tSuIb-}zG75v=`|;)
zY#;hBA1o+Xz=i*Zy|)aCv)lH4NeCf8fZz@Z?ykW@;}+aKxHRsP;O@{k!QI`12X}WG
zXxv?I=UwZ)_pH6w*>%qObWhc;daAoxo@qUq%<-H5F~)I&@A)QrP7YrsPv*PU*1T`@
zmRDM+Jrc0};*rS5d)&W#DuqK_gr)?LJRjQvnyXizIEA*jtXIF0JTLYt!MoTz=<n6*
zac55C<YLQ)WaM^J^dYvjf2pV#zsRWB=?`#XnbN}-V2d9;lDKoc>BP`z64mTe>EVk;
zb9<^Iok{5HK=*<SsCdYVOvaoiy4AiW@d0M(mTbJN%YF9LtnJv?DmZy!0RJA)V=BH3
zZz(*elFt#dw7rZE3zrq0Vk0x{?|pN#t67pgzGnoW-EJ-$d`cEH!AXn`+m)0>n9-X`
zBDZ(RcVh~V%wj>9Sf#(JeLl{Z+#zF%_K+?*ObPsKtsqvHXvFWOCBPxgZyfoXR5d3<
zsYDrssN!~4oTz3god686m{${YeeSFA6T2O<qVsNXPZcR^hERv&&faQjHJm6vsHwLg
zNUzLBS!NU%6h3^DopG5vxF)jJR74{^q$0sA<>^vQ<JS~IJCjs;ZH!)}&EnPj1<r@&
zB5k58?6H7BA{ZH;-caY;^M-+<ZrLPy%)oCX(H}mD=h1w!RD<|qB%_laqEwWC0DsZ;
zX2*IikXP#-;@7^5pqeHHq*&dE_wV1i3m6PIGIig9@5<mc-{>lVaXN_E@@KTzfUOFO
z?qzosGW}?HgP~GGJfzvsbfSn!X9#rJ;_weaGFtJ>t2z(eG+1lU$wNCzJhb5pP8=m5
zDs>gG8wfj2$&AEYK1ndy+scJA@`Dl(CW$o4sb|~j7Uc6h9O(hmK>$h2_xVmE?4CLS
z@v_~mGsA(NTrSF>JNU>DxlodB%*@BStCOIrS5r708O(I+KNb)f1wx~l1G>}z<oE(o
zXz2O4jQ3HT5`a|}>78(dbEGgSiQsQx^4D9Y!_TmUWKqEyt@@==J)-1i@4`+^kd1rY
zC%+Mm8Fk?>r4rL)h2{QW1Ch6`4_G!Q-F4#eu+gDjgDPLEZgQC`JibvgB(`Qx9pXtd
zCgfnEQQi0y^ByHBwvjt_fY(`5g#RG-@Kn+P625olR+sK#D`!fsmiZCdA2ei?NV#xS
zljgg(dI@g1fXl8}f5~S*3iPN-w-5w0MJ2F5Yz8=BQX$LRUZH<1nhnn_%Q5~%KhZAQ
zHA>d=srOTqW{0>#2a2*SxinpBY7#DwHYxf8ppR-qrO~3Uk9al{cP=<d-3Oi&9j>=W
z{1g(I!KGNh5UNHbsIbFhDruEepuWj-KQmY0@d=unhWhZ`n!>B&ML%&ay`5cMzdrR$
z4QD0>;Cct))|mKMc%-Yd^7j)50l!nrxBQ=y_-5MAu=X3m_lJukv0aC(y@r6Pc>9X0
z<;yNDc3*!RICtEQu$5#e7!EHq8K}uT9{NXIXy_KSr6n|9e`OT!NncK;4UO{hTA^2C
z-Kzyf<<ZKke25VcyvS7A+yp_>rn!5_?<pz0m7d_rv?=g!YzhGn6t?FsSGH8%8QEAr
zAIqA1dJebd?!B*|<L~h5UxjYZ$SPSZA^ldKkMXxy70j(-SKYIh;giQ50-Ppvf+k=L
zQ>xO)O{YA;Ja4<o8GxcL$Z6fw`F=71oi*{fRU}zq_ULVi&uR><9{S5Dge6>9E8giN
zKd(S%oADNt!;lH3!SiMAi##B(y45R_RzA_C!zlb^m?Ff-0+9oZO%+AvFnZlHHg*=(
zEKKUK@N&d(7Or)k9egQDr8FgXea@5ZX>h;Oc7|lyRzuSn)2NjPNl3lHJ_GdWHI(Mu
z229};^fbnvCGLY5NQkI6KR=wO|8~`F8e+1uQQTMVvl_=XCV4*BmT4VU0?dU+jdQyI
z7k~HmGHA06CA_zoS<s=uTfhS3?nzQ@Kk6l&Wmg@ZHWBM|HjFe|`}F2K_TcQD&zY7z
z@de6=MeKtvD`*U^ZSkbj^)?zGdv;`Z-0W%+%REM6-tYVRElozT*AG|g$z#$O>ggRn
zUp<^`yPUqiOKV%|koP>gii(eHl~i&+`*x42v<dsokEY-;%1zWvsT;`YWfdNl*~WL}
zG@DB|veZ#jHOgP;6B>BCR)a*Srvaig#w$M@K9<FUs{^DrP}2%l-zj+uYj-_hXvle-
zji32QQIUnIk5F43jaa78hBZ&iSrpYhJz97Xp&<~#BO?)V^~w7#z@kd?jhbI~HhVP$
z%Q(>-l;qJc{)jwMJhZ5CGZG!VbI*R5%F0LwV@?1W;S9kyhYnGdi$8^r8-NGn688dx
zG(yra?69tzBOh<Nn21(&a~@pq!~s`MbuJ@`yea4-IuKz$_|H{xa--MI=@EE*Y(28e
z+aI)l@7m33tB__l)Ae<fZs0S0pd(~mKWYFlAzN~_T9hwcnrt^Tq&`D1cdO}oCrZ|o
zu^?BkU|@d58C#zGTEsZOIe%|)<~sinQqS0S)0fz6PkK?-LNnmx@r6(~vKp0;*4FU1
zRVAig)5FTZ;_}WTEn%09`iiLck>3XcXgTYWRc`)Bv5WIRZTLS%I6h2HB((<6aiS^s
zeFi<yH-HDe+x!?!Rpo`du3@9LwhR7qO9<}zFFr@YI-|GqS@!&7s=>})$Jc`3H*)C=
z8-uN_%4so^C+BnqnAlJ$v-?td3chIpiedb(f!><u(Iej0ydV251QB(0RaM4^6gF}?
zdLW?^hKBRvdIQ06foq1F1q9FQyT!vVVY6TL%t@)#w9Y;n0B*mZA^vcPA}&Ey#X|e5
z;JG~MrZM^8!(C!tahy2=#;A*`a&3nC`(o!0-;xoOpjT#ou^}n6!7!KQBU%k>MMZb8
z#Jh5`BRgeF3M!U`w4_k^Aj~CWgct#@&&D2`M%#^7t*Vyyy^QMNV*q{xwn|;#KMQz7
zbE9+HwwQjU;-$@uhy=Y2Cb;s?<G((AfA`l%|N8W=U(|8!(SyVW_ZI4Od?$l5L-=k2
zWA?VtLa=QAXsNlM(BKLSOUDZH9`m2mNr+8IC6hHt;y>5*&zk?Wu7AGz4^@8n31t*8
z<4fOI_q2v$AH{A5zfG>rw~OVp+1K6rG~`*ZYbwv+7l;1U`nHVP>*Kqiuo?&Wn;9(&
z3pZ&I5ib!gf~vZzI^*EBqN<qp4H!<RA6S#w+1bgDXF4<`LywA!Q432p9meJ|Xll)n
zuM$k`?Q0WIuxPvB!%;E0T`oR&)ffNOsPPt6N~R-j^Ru+($H=1gpi~xwns$$!+SxvX
zB-`!RSyWTr2soyYgaPR|wetG?;(7%YP*s7Z+o0mq_0IBgGg$m2n(o5BbvJ@Ke`w@#
zq!@a{3hmn^W58w;3J_8(%RgF?CM(%HV@kCr_F3u3>0)PPhqb+XTkQ5;-A(1Bgqpqm
z+GN}G=={Lz?eo&n{k&6tNq%|5G<->@0#vC8v#XPij6FMd!~SdbrDflx;756#N&to_
z+~kHZs3NuFc7oBkSf_=;!(7!&u-F2_T6Km%>o}3?X-tfG^VB}xYyImFjH$0ijRo!Y
zTo>Pt?v?<6gr=FWS@rt-V9dyL>(amHZ$_zmdwKcj<oJNqJTLkpzkdYyZl7T1hYbVG
z^{NnoaygrmTCtinaG+xAp_toCt|SCUB>C5`S4<;zjC>Z_C8cy!ta=btYs^C_yUTs9
zmf&|t<Y7r{Y?D5@4Gk?hXF;fO3B{^6EPnmNVNqeH*f9!Td#9r-9TvA4R+GZSSRiIz
z?a}k*Nj=u~-;ISnla?$$LNX}_P}&|=i$eSAJo9_{<q=|AYFe}CPqtPsjnu-;5LxC|
z-2T=Az`)2;cCIq0t(8_fx{`1K&dWODg!LP&{XbQ8#@M95H_zZR28kmhBJ^ARmP;Bj
zUy|)DTdfRZE9QKUQK7=eY-Wwa-F-ClsgHtyheMttU?$TO_|j1HM1jA#dxI^8&MhFZ
zOp;OL$7i@Kfu>eUYsrNs_JJ9AH~Eh9Bz2l$ZR@L9*CN~xE7W@GPzhJlEZ;Fjn+3a{
z0CpDhZ9<YAgbIq#B!R#Ip4gQnJxTQBTIY7b%=G6o_*CZ%_DE0TyHFZKcFjvl7}qZb
z{#Upg7>8@mz;W&qFw<weHvqsDx?PHVgn41*;<!Ez8s>3NwrzUhZQjm!Sv}X;O(d{%
zKHj0?smn0H%+hx}Bskcf&7ykbDSu{N=mrIJCLL?&EBdriG@G%M*y=bkJDo#&+_{V+
zK&N>AP?bJd+Vxl(eiS6N5WHv9yhe4FnS*8Zyn6J&v;|39Z34eIR)<XazL9rih%%p8
z?JFG)ll9nTW}Vbhx978d3CNzL!-=9n#bjwm6DDQX`qKr{eV)2~i{owh=jXhZwvmU`
zBUQ<~4Lr$|*6Mk7X27OzvD0AeotKW$2QN<H>I0R&BA#CFmMVKK1NfS#JSEWz6f#m$
zk)y1OtEX>VXa-qI;VwU;zNUiK*b~GuGfU9iqt1^RRjZ#36lt53$1mGFHEd!ciSQ1e
z-pm>LQp!iir*pfN&GajfW>`iZ^7UWzfWO1S@D(w44L&`Iz-qk=P)6Q*7l&>9XdrBN
zUyt!wEw&OGXx3*n)dPCo)c8<@BBX)quR3rIl%D7xW>p;H4dIw%&F>M}sOGfi1g~q>
zMgy?!MznEnd^@JoH=K-lf;v_ojLaF((7-I-y4o`SE-g#&QON{cRFiAz8`BFxOrQH?
z*m4<Hy#gLzQtJJA?83XU{kG`wq<!wrOOTFhz(!y4=qtu}YuT>0kTVKrrX>UC;-PUI
zGct5WF$N&sjk?bzia59!8w`frI>PzqVPMg;?pv3JwjGhJ8WZ5|OPNlF!lb<AA)_7p
z!Hhd8I`g-UE6wy|JCG!GL2JnjIq~tA<LdGhiC@gv8FMe?1vuZ(6U%MoO&CBdY+cFH
zykpCmWLl{p6@7JfH@WEjpP@!irm`21=O!|E2ZIpp*V*9BY~QWp_XP^+cbdrxUu6N|
zkonuYseV^!Jl%@XvE>I@lbD!byr<Dojb;(ryLel?%$f_ot}`v8TM?efm<{_x*PQ*H
zxjic7x`<Td$jGQv^sQ~Fw-Nh?S#5X=+k9wnPgg^8$z&SYIN5x7Gplt=-g!TH>|U@0
z29-9cw~+VK$n^3usq>uMiom1qV4l?Z3mDrcEEwszls#SJ!#b}!ANLcl<K}=a1E^RB
zgR;6Sx7pmo0^>2kR<Pie`g5!SafY2f%$6#}+l(awZ|gz2YmC7VHH?|%RyE0K62|>;
zd2s_cgNs;`YMja0G8yfwy;tckmP3ZGaY@nTHJfO4b?aR&9wbXR^Kc}=s+6*^U%_dk
zJ@4+_`XA_K5Ba)fGBFk{-bPs7)~;I)ssNvjo2u3CH}~WHW8iqz$muoCBD}YjZ*j;0
zfb(4y%N$Wq$7(I<-AYuHxfgbsRH)fKiU=;>6WsIdeeR35wTgR)>F{Ke_xqXW$BDs9
zbln>-DbJ3P3cwb%VF-5y2_KtrKZs^(yT`#39HC>V5y+i^aXb7#?FCtiBmXnwD-Yu|
zhaApjfZ*h~rm~z$77s`uFx<!6qvo81S8)vma_y6nqGWwl;r{w=S>*&E&FIr+E_(i8
z4w}bFWXPnUhz<9GtlYwg>?Cr~sR0FkCXTp6RuU2VC(jhJ+4MY{pGt;@>Hy?-7nlPJ
z)^s>jWskSyY!2J!<`Hec&J?T(t5r1`x>%)2xicS&8L!_Qo+<JM_x01YIdJZKmsmrT
z&AN*14W1g4OGQ-S&u7vmceMwyI*wv6yA@U%$sou(CR9D>Rq<nkxL@~B|50TUx@_(q
zM>L)3u*|4&zKs`lwi$s_B@b>G{lFg4n{vy4KsQxUOElz+#m-<=seBoyIwgpTN@s8E
zI$AiTMsPLfz52AbXq{}4@!R8^9(dGAga?rty1FO8xuJ{NZ8McU`>4u77d!G`0g3Uo
zZ@V6hYKa#-&;-i*IP2x7kg;N?(QOwUUapqfN7CO*<48%+f<CbPV9Uu9UCTAuS{^^3
zld8U^uDMlE>Y|YC{|x!{{Doh>Rp2H_+FkXShLm)Zz%+{w%TJ^=1nd?GTm@wuV*s~g
z2>bcJArRka`mWP}mxoy8<LjGLFfltk%WGZr_U}<St?!zZIbGZo{bxEzS)Zq}$@ial
z+3an0ueR?V5(eYo-im$9WVOsaE12#`XPi_ulVYOgf`+PI&a^ERXu9e5wY-Dl;wB}1
zKF_+$tivV^qqIChD}&?~_N`LUE~cl%IEdtQ#Q4~oYGS_>?Ald7w4L0F&LlieS_IY#
zo~$K1ABOg+m(5`l-{~5oOD-qZw-p`y`Rh~RpW)I`80vFPo>?t9`Pkw9><l_w7Hj3c
z$oqPEM_diWy2V7WNzI>!(%9Oo1iU$|f_ZN)-keN1@<IWZOAt;XMecEUi;8Bn%U;*m
zLK9((#PJ^EW#r1`&3qzUz<a#B@IUaHYS1FJ<%_v49?5KVxJCtZ1zs@Zj9VxK-s>5e
z7zLC6e~9_Hr7ij<8VxUGxX<28x)JPVm_n7t2bT#BCqx@!#uD_t+=&A8_*cG94qwTW
zjs%AotB2js!&eZIk%A=OPg!j4k+dXId%C}gYXF1laTd>$IDOK<dGbn8Smyv`O^a9?
zZ{Vt9<{>}D?4uM_>>#dDRrB_g%U#nGd<bFR5WvJKE8m#K$h;~8Ax^UJd$4PI`Bi}v
z_+&q^^DtBke^rOkIIr6{_epqV`Qf)>HZ7Yt3Wz256KRd^%46zME9VWo&23@f-V`7I
zvauqQyu3KA>#3ykD&Ex_m?y5z)tPt>=*SUhdr4b>J^VuX`QFQ<K3b4r!pkN<r(uF%
zj{<Yb2o!i??ymW*Q)yl~qlNVz+=brAt*~Ll3_LERNJ-g+5t)bp9G509Ee@%7sYE_M
z)qS#s^H8NCLVc&|4+j?+E|((E^3i%^mXDNmn|kiBZTUWjz;r8bMJ9ElMba4M{odH&
zyyMT(D_TNva*tx(AAghcxkfO0QA_lkd2<-zJ;7(TgX7~b(@7@ey6CK12TfE}iJpU(
zFkmJEdyA#gUWqpHZ`^s-0*BZ-$r+TA-{=!;U5`Adb<*BaeLxpkL0w$y$UMuad0xRG
zk{)|udl_tc9Dd)wM}Wi3e-aKe9<@+yFDS@^mh5Bs`x9xkGDn`e#b5<&ZWe~#d*=r6
zvSzOM7&hfm44n!(b{?sv$MwV&|GdpB<+ITukLe`CIhBQi_i6moVjj>$+Zka~m5F=s
zUTrg%W8GvZVUg+N9N5OD#|w2%SH<aW;V+r6gyHyQofArotov73?p^`9W8rB;I2iP#
zM;yqKuzW-*YB%pszY%XvT+XpmhAgL>ua-`*uv30od?@PpNTjE!ZkQN}NW6TjCutiz
ztev8^xU)Eg{!#@d6WJ=W>?~rm7@(@X!&mv6FJq{OA*5l`C}a+M+FB(*-t#qiNT(9~
z__d<-g>qDX8}bIP4qtbR0+_7!*>$lcvor#|h(j!k@ASEVBc`FkpPk4jHs*G)_r@a`
zHAe|_wrGhT8yVklDexnzqv30X^$h`@uY!{9B`t5|bB@m;kMq6uC<hxIIy#!)=sSHl
z=$1{&spxA0sKR1zG?8`<eWtR)`}8rw6h7h<w4nOve8nkHas54qIr|Jz!*iuw>Bxtv
z%ce`Q;R>AM1OD~(W+0{bq<rp(cd<5?6fiF@Kz%v&Ziwv_coU~D;tVqkV3-*^VL$m&
zUQVI16N5g1B#lmahngtC*R?}I36PM*C$oc~n%d=HQ_3OX)5qLL=*6G<K8WyZcE-?`
zS=ksGZrO%N9Ae;Qva4+r&p5li<{fh&KSw~g#=d#tQd8Z>$$y7{6wTW6+gCh@=F96`
z6ae54*}c@A2tiQzWDrxqn0_>3Od>dE(g61lt~+&YScPR8wQbvJCk=@}QRT~Q+!A#e
zkrzj#_j%OJ4jwQ{@+H$ag5;HqemfxQCofIn{X8#dE91Dic}A*py+=wHRoS}VL(?{P
z=$|a?Cz{>aIdR6;7J(BsI71bshb=4P4!(ma`inmrvk2V7ql|d9J75@L`BB7ffN>~V
ze_<2yXvk@gZqS1Z-6X3JQA57j{)+GEjgeWcno5CJtHb4vB=^qYBf^~(Ef3cDyp#$J
z!72oFkB2V7UV`D3=V<LYub1oKqiouTC)(adR0-4^>T0h3^5OZN8I^%Ybaq$>vj*{e
zyK!M5|Bh0=4wyE5t0m@Sq9Tsex?SJC-7xari3X^4+#(AAl%v!<i~uvPmYOQ{a+{gL
z!+d;dN}{<6RZLwx-7CX`2j#6+zh&TXSuQls5f1!h<Zfhml1L5+4sE}4r0VTw(7+kP
z4XcrRDb2vT{!pN)A=SQcS;fNWeSJPXrx91q4t$~9E-IIwFBy3_YdyXKsa9ZG%iN25
zuZ@Zw$DGlbu*)XerN?l`?#@o!tS$QZ{Z_mjDOjTUWMi}G%391s!*$4bI6$RuRDW*7
zDPZT^wNI_9cCWOL1226m=v~%{k^K~*k$V2wwJ$Ln$Z5T?xdWgq&FD-*Hg*$NnnKm7
zx<_Kun10}begf9j!+}V>b?OWm*`uljIJyssdp<sD&?#>I*~tn%o^d5pc($A=K>usn
z*AE^faA=W#qvx-9-2F8sMp}(|v|1Yz7N*r`l1PU)U0l<m$Xd<2D?st!a_kfl<>AwB
z*|Rr@=so{L#DEVupt;qUspsN%G=1}3prZYHheI|&RL6n}8fV(uyRJPl*gw)Q5H6Ac
zOx1b#BZz_+!v3JY(yj%_Z;rp3nZyJM^*hrz*Uh(9k>;HRy-!(#$@~lVjqX;Rd0aP%
zt6PtMyjf~+dV=UT-@cJ-nxsp~X9uITm_t=XC+#lhdp?i@p!j~3f$wv(SMufWVpREc
z_DsQi3g#TpiOjmoql*PfXavq1AvV{q#{qhuTie8LPFN#@_YW*iQW#v=DN<UX0l82e
z4b#)oj*dQiG`X1sr#23KYK)!$mo^mx08VP*J{sK|x*t`!zx`SQhUntY+PKbWH|&iJ
z0)bElK{IZw7Mi2hQB<6eHrF3Gq9-8iq5sf+fv-y*73v|Z=*&z)#wE|zzD^Q`@f8{-
z!Mk&I^+z4mEYlX=^yXRR4TiOj`$+`UZ3VES<)RdOaP80CN@z^Nt-Rh7y`WFiZhzAf
zSJyOhr^4;OQrR5#xCpNy>CYh8D7)8aI~y9$Exze!3<uA3!k;Ay3yn|VT5UzV;hW3J
zS*V37LAKKF$W95|2$cm){~X;G7&>z0{HgWxB7a8ih?3xA*EK@xweNWjk`%ky_tkwP
z90A$J@2oJtMDW&s&D-t-4OKc1!|*DXoAw}1l#js^Dyq`?R82cJ`v0LpLj($6AkPgB
zjY7<SU{E<P2gj(K98vBEDx9%<-iDLY#J9yKj01~{^Yg6N=v)Qm71BRv61Ch^mMTfi
zNFEX&4&Mkocv?GWiCPv`u*bxel(|MTlY0Jg4ftugQTI2oasOW;j*HoPP~<37vDoVL
zke-qvxc=jKdfIBWndlEqB<+I6c@{dEG^?$;z{wDZoAFo^x2)SP82i>cs#iE+_7|3<
zM2B|b7fDP*tXjDk(bt)NxSYRO<NpHc`v>^@*DsC-h(9_phNy=xULkQSeout*#_uNI
zi?64OSKG@xhS5~@6efDbvgA8sUe`jWCX`_-U(xu5{6U5=|60<&rHlWzO1M{2e{OG+
zrHpH@qaOhJSIAHvMI2eOFVd-ny|`!<i{*%_lx6*s2_8sVo@Dqma`U>_>b2$NCpNIN
zPjfleplK0kX$8)w;u8$m@+!cieu|S65fRzceJV-Foi8uG|K3b1aN~KD{0~q}NhPke
z_caUptKACyaNt6nFfI8f(6lr@pNx#d9xEC;N!s^l#EWA-Xfc(uv?dHhP-Fby&Uys0
zwR6@@Ze@oO-jZ?)0u?7bkK%*^dJb#g=tvo__a#abD^q{iYOrDRvdmg3?an`bL`CY1
zgHz}7#cA;4;6l8zwwH6PO)lGvE*Egsni0&aZR1}Nm7sRj9{L4r2~_o-W$airUGG>a
zkJ2%1w%B)<_Npw#4S<7=@#@TizJZsQJgn7IM~Sx!{;sB$3b&o=M<Qa!yXLzvk|V|Z
z#X7BOkV(LGPBG_%iAr15wvF4=i`CXA6ejTncoZyd7G#b<k9|59Hu>3%4q1S5vR0c}
zgt29)#K!zW-@U#H+Fz)DpcrznzfX^xJ{;IambD@>&z(`xZa};{8*6xiTr0f&S;-~O
zedapxQL4QnbP7_N;>r?_@SgB=k`U6B(^oh6=WM~rW=5>D98<i)yCy8SQm8tZhmGt>
z+}#7}i|TXBtWjjq?nflxeSL}J+h&Z8)@>eEjhcHhHpA`>1V33U!ei(x+4OrJPjx(&
zRknybM2q)Q45NT*TFWm%;Y_TI`yS_nB*qMV4pvr|yD<XKy2rz1UMKBNrG)+XFhAuf
z=UcY-Q?U|JPQZZ@?N=_W?+)uDn8`W0CuJ{$8Z^7NPYZ=VZ6qNtAk^?!w-hzb0KzuI
zi;=r~EU{4EYc9c!+CJC^+YN}xjVQ?)Tv4qpy;xiLgaoSEUM5crCHTlI@+Hb5ql8^z
z@LR*#M~jCO&}@dP7^BMhpJhPvsk3a6$gkD0@k=v>NolrF`&+k4rzY2PI7tt!sX?52
zaJJ)}AM~?>{avtWZ|S!aiQuIG7;&njX9k50vxvA4raUEdiYu((?NX|qDaGe@ukwEI
z^0#pxpCTFJ?w<s&h35W`L8RZD_x}hYA4aq&#SBP%J)IR5Pxr7i)H2FfiuoHD?g-J`
z`fX5=fe!L}KU`vIFC#KHtC`}*gGl6)2`LAk79@HSAdqE}X-rXB>|~_tojGTM*k{5r
z{fmU98$D+9?Sozc61g;NM{bV(NhHgd=Pjx*d2|JRML;y+2+qm}nEO(9Ij=gIm-VpE
zT*~(3J-y==m1R&4iC>YdLhmK|A2{T&mCS1Q+y^wDlck7+>yt1LoB+2sO**anRW9Sv
z=a{VPaW_!#Z*P`gAuO)DgmY<nA;A(#`5Z_ZYV|q6czYu_+P}fgOCJwNDDz^a;rjYs
z61TDU=3_cn+p3`lM3*@ArORuA?3GuUR-3^m1<km`xaQyzc;Y)q+2GswQY1=;YbR1t
z!$Z9g!`F~T>nA3$d1b+&b|<VQ#HCCTDpzx<sfJXZrk&>Js?1qd!~<%ARA!@DTzNFS
zq0u9?d{fW`0Ps45bf-?O3-%i+Yy7q`k;Ix_Ar&cl&`4M&6dgJkbIb1a8tv_AY#&dM
zc=CxzVS<`X9o^4^s4i9KsJ2!!z9{XT9Jy#`<DPWut!j>2`%;7iwM4g+mQbQIhX+8e
zIu7>WlKu1OmW}j~o@>+s<(l8JWEg?<l8JYijNRJqCk?ib^=A0c4p_WxhKIibUDOg~
z7Gq0c&DXZ}Jr<F5d~?9y{5Nh*vBEi@J<Nb&Q%AdjFn@$1IBRAcIEe(b0(`|Ix0XiU
zPSOtp2MsM-L7`6Dlod9FKKLdiyApu<A7?gNccEK3*bYXaE9x|!V@JpxoZDCr2-`g+
zAr>~PCFJ|4I8K$Z3hE}xmluvwcdIF~gPtaj+5Ttfq@=1bl?IaB#x!fv-ZyO(h=gRI
zjt1&z3UpCQa?w*kD-WN&)Ds)Q-k`P&c3G(uBO1#ni;;a;x@U_7U|MVyOH8&_K_sN1
z<$Wf-VJWC+9pbxq%+*!>-j0vzH2Fs1ezbu~(lrtiVz98Pj`R$h?u3jUA?MEJ9Z%!%
zkdi>hNiqx9(@_JhFsKr42;+4)JXc4@<wyd7Gbl70T`$aWSAz@l4ZV5|Y0Ah0t+A-R
z)FREZe3&YQXyb?GPv2FljE!|O$XfY4+o0FmKo3HXD!(%|Nh5EHtd<5`iUZ%G_SoQH
zf4{@!6r@s#55V+KX82(oXCAX^`FiHOiAS_%n)CWayHsU;Qjw68{`kRCI{c$LhX=MW
ziG4Z>(ldWN#6eXX9@WBGP>BPI%^ht}M3R6Qpj;8{EKLr`j!zdVM=SXJ)ooS+fSnN>
z%ylt4M}!+?F1`7>Hb@C|#mr@G{VXOU|55LPIG?^XhRu%fCOW~hwr+jHX_12*El&Il
zGUfaSQte9nsCe70Tj5ppBq2u9x#VWjl`!K&@fqq%DMg6#WRA^mS`*RGQ0Ia_Tx}P)
zmARap*!x1`o)$ii{Hj#yzhF-Yw6kp2Wv??yJFTZMp%KSY>)Tnu?gyAlCnl!q1Ay1M
z1?I$68{BMAjUGUegvMMhp}rN%J}&@2Wt$?8M4qS}H>UFb!q!hS0hH;%dC<C8+)?F>
zpcRctM<b!*puHl%<r;|`XNS|FdPS{ZODIp@tvTH<;Ch6M)+A$yyUA0|HR~%rXFfOX
zCRKFkD9yI6oa~_t0Nj`Ag$r*??Vx~$$XSaDwEJ)`JZ6#q34~bvfi!>XGlOm3>5C#<
zm*<z-kqWP@?`tU%tPv<5ZW!n<ZmAJuahnZZLUOs$+6W@+Z2-_+@zPDLb^e=qQF`nO
z2;C~L)0hl^^1{@TmZq1%ISCnU!aA(p+(}pvZ>v60K|O;WwW{`y5Ym`VK$)0kb6Lbl
z)#qFxwyRUq!&itnJs#77uTjHoV!m@lAZA14J&&mhKV8Lh;OKC3OGBDC?OANJa1O-X
zh~X9-+)w{t296zgMPJbF=zbEJPBqQf{0W9n2G?NQ+dI_s3A5c<k${v`I^iUOp#1Ua
z@v{*AXAT?6b4&U6##<2^FYY=UeriLtf24o{#drIa&{iK5qpVncBt24b06PVy1=h(3
z3i%(^)KX~1-gz`=>&IWA#K&B_lnD{DP;q|ARnXx+8(HHjbr);{U}78OK{}*K(btkk
zo?F3FWX42+Q5zUvC;}h#!ahsU|IJ(qO6`loG|v%`Et(4pOeMbas-@{I(ph$bPw;bT
zreYzsZWlx{<9ZE1caC{7PZR3&rI_=*V?U~D`>@*ZlHgDIL8wmu5ZGDKo}S%c@7LiI
zuYCBGGVNfIu&<Z}jp99X{>7%~oIwHkVIO{M&DDAQolmlLFHj9=beauM7=YG|-;cb1
zoo?~6W6fnyv~+JbLNogx$cb6hyQMjm|1+5zv%JbD^&-6_QgV8s!4G6e#6(ai68-rD
z8kirFE{aHdd&LSSfxe~W?@#kus~^zkW0ll$W~gc|j-a~E!Qp*&z+wcjw)CbCLW<P-
z40NpAyz8N0YPR(Ltf;@2UKgw$r7tR>?w`pUlOz8XTFbE3@OtmjM9bT~8n%lhI|L-L
zAqqzHlPZLZZagO&$+{S}nsa?01Uh{R?>OvUd0UFWJ&nAkv~G<)g^O52EMoM5_3tzx
zVPwgzMg<(-oS<V_yionWN;M2}v#H+16)bX%x;-)Ee6A_Zfm^lLT037d32csUpu1V2
zBqdb~T6o&w8Y^`NtR~esbeAXHE+7y<YFgzyc<7vtva}<Ed7Ic&Fi9Tnn>EV6O`0>2
zNULNNe<bzt-VrS5>1C3R^}M{!m@Ftj`L~cF#tj7xJ)n;sxlOM|wL^&RU9fWFzWrz+
z@#d1jzatf^nqhoYOmf6?mvoI;c647tq$V-u(m6M`j}%(o;xXlV_w<ZKX|zag{ytzb
zEdbu;M}y%8b-Y6y;uH&5P5kPqA5K9K!%gE1(&kw|MXgZhe=Clvs)nv2Gy9f6-6>^_
z={#pe>9Qk;+QC7v#4fj)`g$XaH@XMr?x&D`o)H1{h7;_VB1U7cI`&?Q@hY8A9R^Nd
zsRWOnJYf1U<NlDa;GKcbf;2&gX{Lw&%v)sp4lk`BvB{eaiC3Dhf8zbZ0KRR)@!mVV
z#$V|e;wCMwC~32-U!I6JJN}G{&o>_8WN%;JaPZA&m`!B4M+c=dAe`8AM1_L1xW({s
z2*3Pn_{~Q2D_{qOySaMHhKj>VJ{Mg_+sdV2fe=WCCQ|n)zc>j88EU!7CziFrTFRH|
z{bnod1sj}DEjC}S5@_uYh730x=abJJAsDS%u>Y+Euyf@Z6tFG)74oU3Q_*w#*oDf{
zA@!of_FapC6V6>7>KFe%b`DkV4jQ9`g^^$L)pz#EBWZD?bL{eY004Pk`?zK~axBOJ
z$#J!Iv1sL+U;A?td=M_Q9T~x|P=-bN6?jd)6VcAGLC@RgAT}>-a_iFz=;gyh(!F>z
zPmCStVt?!#X!PHrB0J~(k75XE+I$Bm%kAA-_=W8)6Y5$71X_K%n>*82P6)M&_H-2%
z1lO=fMr-z&>Ay@fD@GXq60K0$+t*>CqKo;X;#Pd%zS*t%+i?2nqSGAz@aX?L@)#OR
z-i~PJoSWoeaK^Bt!UA46F_}3bnfc1RnD#HbUFhWhH-`T|&2{-G@y8z;|84*OxBdTr
zf&Jg&69^SL%<oQ+c|Eo*Cu=>ddL5{{$zLB#Kok6Z7v%fjRUA=jVwx&j<5KFDxayBD
zGTH_%fkeWkIqfYnED%cs?^d6IN)OWPwZ1uH;kxCI9<iHMRu;DExtY7>bkYB>^vJ`O
zH2h}kRwCrni|c)P`kscnhVta1=qD?%&f;)wS&^3JbNlBCvUci%+9h}lQS#QBubrke
z4Ts!cNmG()?ITgAo|G`*!k=o=X0VEEl1U8viLDvvC^HhzZ;l-Ji6NAJ&kxeZ=eTd7
zCUi3jS!w^fO#PQ@AHO~~5}%2Ij~_{kLBUg=7BV6MGl6egf`8glVFw%ldYL$aZ0g!V
zI$S)Bdh^pfh+41d09qLSasWVlszTffaFvw>@!`W(O<b(6e8unPbH^jqqbBPCNbql7
zXAd*iR1YcC);Q%X;3Fo;E6ZQt(RFZ(S>YH8-OKp|A<sYasV%C1Ygcl0)GtL}Ld@V&
zE0)_|d}FBfn6B?^H*0@(7x5&Pt4(D-emj#SMU)AB7klISr(;4~Z@vp^@)xvg=KGwM
zeJ7yhLEkhq<Cvd44JVJ78>UTcC$$rv`D{G!*j~;OERgz9!-SLaWWzEzxZ~!iPwL^O
zcjz?<VMn|iR-3yb$T|J@SC8FRX~4G*-1Qz@KF3JQ(Fy<nx_?XwD5YCcV2-%lL1Nsp
zTd|J5LXA@#$a`%B_8GDdb3FX54^+m7`Ln~Z_jwurHS1FyLe`$SZ|JI@8&N^*x|P{L
zOYpUtF==>V4l3ZP`cEn(D>^G5l=SsH8rijwovoCE`+jfDA?nf`E32+>4I@6$Z}hwk
zddYtTLud%(p-FSP2&mB^zrQAeoIZN_WMu?P5OOkk%lS79Cv33i;Y8&Xm?pG{`<$M=
zr%}+}&zRU7Ajufl(#eeW@IaK!>u6ZB3o&d(^>MQlZa_%<pXi5NNA`>=-lsbv8}jw{
zb+Gae>kXc}U*&ZVu5=W;k<J=DE+-{ttsa-tC)ZMFz)!Xh%-qxxG`|t=@0Ue5x2NzE
zbGja14bNYifSPq;|D&KsIrVI=?>`E9xS!eocLY896gic{g}acw`13Z7)cCvMTTuis
z1prV=YS0~PJE+(WdOY^f!{QcW^Z_b-lqL_AkqBM)nZJIX<XT(t4n_6gH&2OY?^m29
zo=KU3SACqJUE`)OG9ndikRuucy5I?D^r$l_b&kQ+tpNRv@itxM*4a*SF4KYXv8RM%
z7~O`SmGq`G<~~mB=DL8zlUW-oG@1-A40MDZdBa|7*uT@N<ooo?)%M~+dQH2@z@><q
z_N-1KD8ora_?IsSUG_q2g`z5XL2mlyORbrTqCZj=!E1FaE!CZEp01(pIp}4n-`HP;
z!;9;az`mn~-s};k0G&PibWkeA{d=^m=~w8Rvspaf{3>;f4pT4V`-FO<g>v8g0OZ6_
z?@5c&E!SsnnWEw5><L}o2Em%(+;&B%&?zbFr`2|%QGkV4(`U$fVuk%YR1*l;qQycR
z+q)FYsmk8XJqM#Em_`7;ZG;57vH`tTew-!MlQRl=a9@o_INu->lkAxfzHpov40aLl
zVD#JZ>6+c=%e4fO8=g}?doGqwi7p~~?Ntmip`<a8CE_Y|+HFT(Iv8V#8Hq|>Z)Dby
z$4I$PBWv`QN+?VmPlu-w;6Ft?#_>*7-wKLG#i9KnAw>oE`E(WwxJ)&R9#=$LYGZ51
zvFS^}IHv8Gw8FjaeeEjiO5}~!DTZ^ghEua@CfdMs!-ti__jJh;zYf?($T$g2DFcmz
zCHBcEMv5jA8@`m+eif-{&AkK{b>onstNIYzd@VUYcNjBCSJS$>S!OgqiZ!HwE3%9%
zS%SPBt1@6c-kd8Yra=6UIua4SAdNR(G6gy!5SqN|DTa~nO2)?uXlQ#i-Yjne<WqUI
z8RLHEX4vBy4WDRm#iM{?uHl`AKD6fnR7@fX8I5*Hq20rxm~Tm`?t{jz_A3EOT6+S&
zRs{w9Fptx-_TT(TGnE;)3AnW3UTj87z(@wJP1Pr(>*G|Zw`Nqho=o$zp(PJzmKEh<
zHq0Av0ssvRi}^GEaD)^yaI5C)nY>3T8UmHwes#+Yc0i5Lcp4CwM1;3ILU`@wsHj+Y
zwr;X5Y6S1{00=~7*-BHnDsBCTq+`{dxCrXz_%?!gAU6{uO5=K>k0K6MUCwLoa+Qcz
zzR=B41jaS#kHGQ~bL^hR^C%ZuJ5)tLz@>fn@RvKF#j?!STn6soZ-VZZtL85FibQj$
z3GC{nd@*AnyE8VcLe#t<1XwKD={tDOgKU}X{r%mNskwA5`NfS*6FtoV5jEM-iRKSJ
zLpdvdiJWHJ&D0K{`jxkP2sM3|)L04#K;F)l`sCJMAU^o{JxMo}ztsD?4s54*b@FGU
ze(}KHTJnzD$~bjf82HnU3i4yoFfQfX9kr=-?&o|Y<_xaC%Y{=|8Qf4nTx*?go}3=?
z)%^IoOamvIh-fmQxhhEM8YG4qLvan=Z@<p5lM~SZ2lD^+vHP=nN%9w{7BONKpP#ER
zFm3&N`9vU}`!5AtmQuUrpEhen*T7Y0jKt<LlDRZPWT(v1qWfd_mG&H2Y1%LT*TI!u
zI=u@yaF}SB>=a)q(T1?5)aaE@L9AnV46VO?7JdEae|D12itdmQQ*O`DGN2`gw|>RE
zE%=CvaG{Lln{XdM^QG%`?t7N%^$CN}XqX~cG?rC|RgK)AzIse-&(OD+MJ19*E1hJ%
zJ@yAeqX(HJILGV%Qy0M|HeJ8dZ{N7yn0FxtPnRLDeV*O2Q$PlncsxsL$nT5w$pFp!
z7!WBS{HGis%SC269O@E>L}q$&f4H<dvnHcm4AgroiDb0ULAp31Eja=HL0bJ4-C1fa
zwYM)Fi_949$Ts09Yh(%tv*a{d;w`+4q&DHe77=gRr;-CG5FSZPh&m<0S}*5!b-XZ+
zJmxS9ze+Z~nLK~{JS6<=c{#irY$^_SD*$18M~3weH!Zu-10dc^vI-HyY2wm-;u<I0
zbY81Y(+MXUTGQv@W3CQ2lNqw}zO-}#=iZ(%xq0r)ZKuT{jUr3bZF|7-KzdR3?fl%_
zh&@G|oX4Gd@wqY_+TI1*3l9aOw?^z%PQy*S0Kb!MRJa~Xj(K(XL3mFLpdqsTW%ijM
zeApp4nws6jeD^7(?jBB4SSYtk1>_)h^<fQ#peBK&<}9QJLsk5&c`{S6gIj$vPNOy>
z4u>kr@}7Tbyb&u4K(QBcAV=U~#IW0H8GZI;UtH$#F{v(<JhJuK-uXTdh{&V+b9o!Y
z%|+uxYs6^=J;3sDW2DsGp~<%7r>@I0yUCBx)?V)7sL>wyshYl$5F4W-48W)RGmvHf
zmE@pG{0DKYYuePIpVNa4TJpZ)teUiv_G_Z0y!jc!i@wnKiz@(N<fLb8)GqYHHK?uj
zUo;11<X$9^m_I3CQeN?$nM8YRfKY%H6HhJSWZC!4i!CNYM6w|}<rhCYVbj&As7yUt
z<T(5OCoV=~G9OUzPOr7HL4kDyx*T)X?ltF2OR_Hxh>i;ho4Yf>;!w8<sO^3FZDEnO
z^1A0ffX`2pkNDa<yG;6|ttziP?YHNFjg<XL#)lwK&LM0NVj3<h0e!F9vA0V#X9G_M
zVo)W4s!NRC!$-g$mkL+K|565U>&e|91d%OCUzFwCJ;?O1{cj(m|MoHZZy%%oYkZ7$
zmU0B=&qE=wND!~8EpVwODd>Bl#uTZaC%-8Dm^t)BrsH!4@bI|`cdV*vB1ioG)}x87
z;kxZ%w(5NLrh0X(|Bof3)pIHqLF)jimvOpDb^On|fZDmzm&=~JIB`i0IX&CWl1sAU
zeH6jXNR2y%*O~2(OK_3F0Pi>x!50XO4@t6wdVI$1#NG}+wuCQbp9~T2q}KlEX>&C+
ze|<qFb(!eYYnWXP-!`rCb`68QQvsXcEiE4^zh5>>??ep!$X3`<9ZNX0QKIlM(IXe4
z)0tDJ>Qh6tWNWEM3m2JXT2;?}{jAejf8W3qgbT9Tn&z9qgdXg)J+0+mgUo_+*0gXX
z*Ka@C`MBnzoCn*HiE39BAN~koZkG0Fu#&aDlYXcQFJ!MMObiZ2PT`Q>DCY6e2iZfO
zFVb9w_iyx&^_zW|6@JYN4r%Db>?by@cx6njxp8@8D%sjL*h9FIK_iS-@|?Iar=wrs
zGV_+J!9pQshLeLl0{rS><YN`;c;LJ-nU(sB;8`{s<H=f-j!!X>se91qh$-D1{OapS
zSsA$u)ORlnEjN{v$F)9>4TC+bAB82fsTdFtrG647iog~B%*M{5J{ZiiUDzoKbF$NE
zRhB9fAXb&Gn->3;$5_fa11!bal_ybi%%Y!F`TDBlREYWw+>(DvC97HB;K$_P4ng!$
z@seYyCOwdk1Z&V%hREvO7F(wI;S=rZt#vMeg3Ctk<FAPtmGw_c)#g>VplUklHCd1k
zu8hD*`ZD-N?>E;QbQpa$;E*0_Y0~{L)3gBnUd2nz@GE(NG0*dqL!7NHpIJBSog>%!
z5vkEfiFQG`&?O^BT<Om;F4ytbPh94SN~2n{?np4-oqu>WUvwwVxsKdZfnW1ImPyht
z!=#k+@i{a=M3%v6{IUaiQ4c&W_op}g=cTV;e$pQpR2k&9N?QeZ30wKj^@-0?;!vmR
z-h&o3<D0YI!K7uQ-rnELuQ_pWHNPFNyhMuRn9g{bo$ec;?U+~p!j@k#JO?xzfPLY&
zY!^3iDzZCGm~hK18-RtmxrITM93v-c<WtNZSZ-z0gSv}~26Rg?0L5;jvCd(sD%fDK
zYTGWT9J={N^O3Ju(?q&g8e{q49cZ~>u&5*#8o8$_Zp>sWa=JMje@KAhROhPLNA^a}
z3SQCsVVE{uy&D{^^9yOJZCa??r4-5U2?&rG5paiqDw(E?7fdatm&29@78bi|n%wcn
z@R<+>Vxd_Iq!9u*UUu9j3TH=)f#$obrZ(3c!u1Ui?OH}lae4@oJl0#*7EQn2mT-PF
zdY-e+|9J0Ss^9iw!8Y9E9n3Pg<ETl{JLt*%X7va({pGpEEn;sCc2{dGe*Vpyh~T$!
zRso{jR%mDMu0L8JNq_bga}f9D2w35b5Sm{U=;ku)BKwNC?WR^Me^Z?6jXAxloZ>S+
z7q7w<Ym*@-GQznqqN4v*r-HMWRn93VrOwF-=PD)i1OrbfK9girnw8bD!3MTeZV1MF
zh{_u;HKTl(-$!Sp?N?k`Gc%RiLO49$mz+6uMbd=(W|tSL6yB$U0M2_|25aq$o<rct
zs*f)P0U#{v)?<q5;CB0y|AS)7QwN3X&OM&|p_NqGp$Bq$?^4#zSm`9I$kK1uOtN~c
z#FJ`Q<6+ODq634yg$mXV7AJmkLSMBW037#~o2UJHbyA+N;-}8yu(8$3P{gT%G9FFX
z$+f%+3i~lXJ^vv8H~GhdIO63<px@b^G_g5DW8ZSOXB?nuOh&U<H41|O61I!Y*=&fS
zcChdtHLeF32UOg0Je0p<Wa<+n+?|W?%#<3RCQhr2!i;LMdA(Fw8>t>KeeAp+z4ZOu
zJM!%C_EQG!>-*|^JjHk0A73{UdTz#Mzozgkhlb6X)ZXfRN9fO2UtERv%lBhAq4<kX
zw`a_Ee|+ch1;A_lVsn)5AL+SA=Ox(I={}(SJgOH^_}WOPb-p)Ja55<sN(A?lVcL$&
z5(C~^La#H=`tdQa$l2dRTdMVFphup7Yzm`j_;w7j5s$<ez?q>S`Q=Ge+im0NSAY($
z+jDL1iUF47f!r)K9f_Cv<gpu;BuQE+e5D<7L@45!E%uq)+nw_L(9Q9^jFo)r9qR>x
zA~{_bLc^*0(T1b5VjB{Tjwi#5pZ(B4aM5uek`}u>8Gf2lgx*dSgi(J_sx@N6BoG+L
zdl0;OHUCf+&46r+zJOj@f86I5kX<P}Z?wt|3v-$`abN`Tc=vr`nY-evb}841_Un_~
z1O=cJO{`HZ)?Fx=XC`0g%R2Fs+_V*H=r;~g)BShL#5v-;CG9$EWlZ!BDNh;|#77nR
zj~1Y3`Ti5)A4sZJ%!2kiszEg1l`<Ip(w1Qx!MWOvv<ZEwDv#rf`lYANJaM-p9ar@A
zX&6)=Pfrqk^7s49U$hJu9#wmoC@Tt1WWtx??TZzfExh9CUcp>npmPn7rwq68ZgNr3
z6&EG-+`7GnskGIBO1ohYQH~|%Q|yx8>FqC-wT;gT4qrriPLaG=<~(v<&F<u?a~X?$
zIb8Gy*DkRxc)o)9P7WQuciuB<0|*55p6<Gk$LIW8m<u2--`MG$_GtO-TE${+A(nWV
z*3K6p%g$qfD8t;XQ|uv5jNU7&N8jA9E>~hNI99SKTF3IrkgZvM>F=avu8&-5{&4}J
zQ7`e?g_M4CHsQ|Ixb}>%)g$X{b*r>u&Nld7_1hDE*!ob``9>IhyvsIs>;%;_xp|^L
zKfvIJIQohpGXkjct5hmT?`fK6y30+n5l1aWXP&vbp2g!rkw?OhpJ4><G-*$qn(5|w
z@(WzhDHDklkL}jM3zNAzFOMKKqXEKIcSyXyAXMJ&p(@?hW)tuLGqDwE2;QGxtB81d
zTAW{_BBnNcAE73P#f9pu-O*sD19LOdNrb?=&E=1@Bh7rlM|X6WYYlOHdsXDW<`pZA
z>behx@9l%P#Zh!AeE=uI;_!6LoEa#exV?I3pnuDLR20>4JP+z`EStwP{cL^S26pao
z+jBs%l9idKVXD?VRoGNScm;zp5ps5MCv`W<kgCKaysOPcY!j_uL{DRnDevN#w6n`R
zVwc^~eb;br?t_(dPIu}rcdcG6TwA-w1s5*~KKzV$h+)~`6BBTkWU&!>)Lc=xw~%OU
zX^^1~w8H=7G4jqDV`~YWaEN_!<h@tHy4hg;v?mArdhN$aNtb(lRRtYb*|{}tnz8(J
zQW2u>mm%*-hoZiHqa!fW8Q}`rhT~`K&#FlOtyTjQUR@XoJCZlt^%gt)a^#>+Nb(Jg
z|HJ0H;(J$3Rdaq>t{H6NI2?Q3tmoGk^^E*Z)v-I@bA}j~b0tHPP+@*0yJy*Ugm?cq
zVOv5dMoM_1P?v^aok_#d-epOT%_hgde9Zb1lc=VurKVx4ZkMIN%&Yu)SfY!?3TdcX
zUdtwNTT?ypz?5^6i!b`?b2#qcO-vcmrwSrPOcpY0x|%^GtaYp{;ny(g?r<JLy))+m
zWefYQ!@zhK+W4!(Q)l}xK2MjQ?y4r;Q_N?J8I9L+5wi4up5PLiep^sY-1Zl?tAa+I
zY70elt^|Lk|Ne4x7Org!TUIi_U)WgMA60H@x+P=EY*VR}$<PZQX`PD~XkI)T=W`$O
zh(G0^3j@Qf{Ee7fBY&1d8Di{dhaq!;_?q---Y1u+U9-$G+bLloNNz^ap*t7b-?7u`
z$IfNv6c@YfVsi-|{EHh-Lm%}d%Fzy5T_3Yb?y;SR;GN3j3K^~`*Hc+9@By*Xu$!%2
zYyBdmP8x-1F4=I(Wo7KX-6NF9u8mF1Ox$-T+d*xoB1(2BxJj#kzQe8UXJa_rx^&N%
z3?;{Ny&PVuEwo=>-*BkBY1WqQXX?_{X$rhJNb3`_95L@UWB&dlD>*Vs$)OrOSX9*?
z{803A@>D)%Obq$>S|8@U4D5)LH;jYOhmO`jSm9qXTwn8U=E8(NV1hophVx)U%s8_k
zjNFE)EgtnKGqd2(Zj9a(q2PCY3m5w_V*kQN(}@_yY6tC&Ej@2fGj}2^oj_-CWLX$2
zOmyS(8V%mxT7X#npDm&b0~chuR(6BP*EB|r+<XRg9nUg~VtW#Y3+AQm>VuS{mt++<
z-^DBAp<#U%3ShL2z*AoQ1qmR=ur`S3uwCvO(irtk`t=#~o)3Dkh8T%wz}(~CGk6Bk
zU`^&3G)J6ioqnf;NCJkNtvfEF|A)A<434AO(sYZNEhdXB%VLYEB}*2AZ80;W#n>WC
zvRD=~vs%o|U@<c@GxN5;@7~#oyF0V95wo!o{iC8QDl021D=X`L&U^A6Chg$^Q(6la
zX4AdBSBtum_BW@J^3Tho9i3+2L*CW_!s!oaF1&&5zPnQApQo7aHMAC^#h38T?}Z|Z
zcbs;i%D~_1?l#2;IFN24l?@Ig#yA`9nK+Eq1(uw?kKqVh91^6ph@0M((KTa&5S0y%
z0Ym`QTe3qp2P6Xg@?KB;+3M#F0~kOx!AtWska}M93n2{P`>1KF_u_!QAG=+|6seCA
z*&<2$=E45v?)nKH7J2LE#8yWy9zb=>K%KGjb)Xokcmpb~8NAm@6yV{aV@n~4j4luk
zGc5Q=$4l5-+8-aXZPKW6Pd%^FR6*>LrEWW{U-tug)7ex&**<TOtpGBS-`3s(KyU(z
z7dbWTu*h(*3B0@-h;SYm`y=7ykbdeR<-D#tJXv!98M$V}7nBVx`E&$@HCB11b1jDQ
z=36<pStdj1pB1N_brGz~#b!$l7jWf8Gs#cX#msEtmI~<UnfXzm&d;MVTj7hZ$I@lu
z=$noepUGx@3qd-hZl&=2*H9n<tL%&Fsjk7<#ZfNv%dFoPk99e*wKqI9b}e#MBmfLR
z(HASAqWK<>Vp7JBf7zArIV+TghKUIqz~XV6^9Im<*Pf!^k)orM>9O0oO-B+@L$qMw
z=jRQNzV=u<fJa}{hgR1+tZmYUk_2qLBaoqU+Wm1Zi4)(<Dds$=`>;IjCS`K_BOX*n
zn3*}iOzB3}qlmvt&e!a9nHOp&{E!Ex$)4UX>Ba_%Ov<t^f1dPPj7oU_1-N%&>SKqi
z;WWhLgexeU&hrpnEBY1-n>56z*dtq?Dn)G2+aboQ+>f65X!))9R}}1-(T$6V8{C^!
z2HIaEsOT4Qs8uqdMVctsg*f9_hD+U_LzMeaTZNPzMG!_>$#z&7dR9t>Z=6JzzcOcM
z7A5USnj|1p(&TuS=Cn3eZtB04ZWDdU`MB$QVpjB7CQL5$GK)=6K(jY=Eew>Ok>G@$
zz`-Xm@J0ue<k_C$1LM0_@R8ydqD)UJ5gx_#Zm#94w6fF6H1UTd%nO9aL|;KFCf13Y
zJP#f1*;#KWi0(OpA=JR5;S{iH_U6VP^ygNoNkGSmA)M6|9X9m6KAh)~2CKK~2nka8
zAoiptcMETP_Sp%?3tdnrDky}`>u*+-Be|CgC5H=D?~B?nOBKXa(2vBm{_!n4RSB%f
zMX$7tTQpKtbKX&{J{?1a-@R(Pm9sBDK9_fDy=+jSEK;=rC&QYWxG1N2wD^YA`i8ej
ztBUu;HpAx8^6*ES*Q(P-imMd4%?jdu7K<<ygLwT&R7oh(o5jofn-M5BYN6K*Yd9rO
zCq}QAg*n%WerTT`tHJeifFjXBfQDV|uWNNe{2f*`p$6DCaz33qMGFOE{DaSf8ymiP
z$agm*pDOQ+fVI5K8It~+s%w1i?!5DDPm=LDnol0h&zf}5h>^Rfg5)+TMQkTOs7><>
zLMk(|OdgT<$&v{+hhnq~w%zYt9{>6^-P}3$b=qcH4j&Y>Yg6S!qo)B^JfWC`0rVyq
zkRk+W-Jt;)>ldyxSR~1qtX&ERq&J?H<zJm4$=-?eePm}x;w#fw50!_`t`c$TZWuFf
z(&wc%e=%osGUo@M>C^!E$GZ3|ODs9n;!|f?qi8ssD`FTQ8mrrIa>J@3>e3@d*?|DB
zqIk&WsN&@N6CVpMG5N+UVX-Z}Qn9{ABE2bpm70m)xpG%EofHT)$F0#^;OS5+p)Gw3
zgvdDoORLcM`{AlE)Hz;v?n_3*7sJs&?nGKvT@zw`a|ium^2<@?5mQ8;miDU%8`d*h
ztt3#SlNMgvoI#}!3&)*+S~=!em4zNR+3GVI1_BhS!vUL}huNHa#W-2?eNLFf!Kt{d
zd2DH4Gb{kJ7V6u$yfk3V{c}HbeU?29s&_3*e#)6n6>urKa#!IbWVUw%-(H=FTS=}|
ztl7b;I(<(2ZQA+C!FTZ`g6uw3`H!Hac<@)}hozMdcw~a(ACK>o`u4YRUPt9W((2oO
zZa>s6o%B5BM>;iTA;Ckz3+GBTX&W>j@fur&C7(M!Xs%0aW!&$2q&<O5gG;ufu<S>x
zuom%ez9xM)3bpLh)*#DQ0hf}>@RUG#2Q0Pp2jH?s9y*s+Lbs^9@+w7^utE!6pU0s7
z>M35Pqe@uxk4K)0^!#$3on3L`a*;0+YT4ggJ#8p$pmpDGc;D0E4qF@Nr7%(da6BCJ
zByg^y+`J?hi1fn{DP$<s$P&M&0cuI0ZWHEmPXfIIN>RF}a3%iwtOuLotleumpmf9>
zWJ9osaqi1OY@FC9dl4pi23Mfeecap)VDTqRkAi#`GU)Mim?`1k&{rOWinO}qslL$B
zg=k<m@%UL3KbkCLPS$i4a)S2TwLdy-`_^Mf%7J;CRMIT0?Q6cHrBY33Nhw^{nF}|%
zSS=CnJaJeI2dL@37r?xA#iIR=7u}9CszWN+X1_t^oI%RtKm(Wbp3t^Nh;1uJ!1*GY
z5Lsh><C-tNvhkvMNG1>i24MPIAm>+c_|lE*n`##IY1|$a%qGL4KtE6T_AKLOItrJw
znVr!_H%TJvyb>u!;=TG(fwanqkjRpih8V+Xe-nGK!P8mQVd6OM{c1q(@0mUnCodOE
zZ-sPDW~wme5bYMW2|RToN2T3KnF!}(E=iOnj2<cQHs2&&lrBen#5<Ej-k&Tgx5u#a
z17{qP-)h^Jl(gpS9u+xI0BG~>3iY@8`p!c%YRh44Jgf33-|a*3j!Ohr#(^wFhrQo=
zXDZTH&23-+Y127$Csoi|uygKfX7i(!+IEe{-CEvpwK-bDicw)rO6hN!=2yz|=?Zg5
zGr+_%htef5VnetB2AbNh*P{tm6V&T1?qO6W1`FKoUoEx5W>UIHvZCu6wU#Oc%J%Ww
zh$E^QuhYdw<`O7>WCzjpl+@F{<)?VNgq9Xxd8qOLdeYl$V`l(V*VO<&5_nC_n3KyU
zu)Ah)m{|$vJ=H_ui9H=C@jZS@UTZcPA{thL1DJyKUM%P>h~CEC9?+9}wtKltrSB+-
zXk3t=z8<IDGg~+(cS$OTQ{@$9Z#4oZPE*6G9P`mr-jCaPNJ<QO`0O}{;=G+gaTlOD
z;f;f$@Ox?L4X>l_gW2DBrZ4WfWL@!Z^IF~%JhHF=uq=UMsxyxh>b7l!dz;#f^<=$2
z*)(fi?wz`p7?Iw`-hQ}0-}!WLC~X?^c`jhG&<-3Mi6qIY+|FqplYeWxbMPHO91(Jc
zs@|tiD9OIijz%;XT*F&`+$ueC_a-<%TEXC)VEnb0KuYSP-`4QV3Dptu!1%{TqWmVN
zRghLVAG<Ij#npsMPZU8HQ5sWMIF&Zx&sbtIck-9@Q5_yCn>Za-;E^-3#s=5NWI?~P
zccIN(KVe|0{4j<0dLH)IyO3sPo^voQh;1Lg+<I<=e#rn8Q1dwrB~)~~_@rL1ZDQ{^
zpk+4~352F|10P`4qf|@lb86}*3MT7TZJ;a`D{i7)pkB&gA5~GAn_K;qdJsb}g%LCH
z4|j$ud8&RqxErU$h8@32-fbvN(x?*$DLo=pb|3jeer-8L;XRwk6p)%QPpv#7c)H!4
zt(Iq{lL42SUIEIE?25Ql43LZS(`G19#(y3ekd8;uSvno()#}O}^dCPho-%h-ogV+H
zbR^;Z=agRJD+|Bs2@k!MK-%TFcz?=8)bkUC6ad-yyCh6u0zIrhMPiDn{`r@}kEN6H
z?+vW~;D8@@iO##&bBhMYVz5i{h_|qQO;DZ705GpG*zHt%(>}c1L1FSOiYPPgzu)_S
z@`DuVuM_;&&-8y?wSPU}Ws;#B7BMq(&ZRU^2WP`@kZzKz{~BxO)kGVU;rV)cSi`<r
z^-pX3IglCO$7@Jf%AL|khogk%sm}4~6^g?Dkw{<$;qT@dlm1y<_i+z7nBKw+aGp~7
zDk4&g4F2(VTkZ+=_p%A&;T)`+qPUeDEF=yUZ@?qYo%N_=ka=6a#!G|SXf^W_UUhy|
zYT;MWW@J-A@i?vo7f9&PQgker(DQ((t0YWd0j=ULM;CC~*uXu<Y5)9IZZ$E3M92;L
zbK3;Us(cRJHE^K!mP91Yh%oQOO5MDoF`aVWoa#&ywAh3woXl)#rbd20cxZc{Wxvv|
z7nGb8L{I3xU8mMTeA-<iy+y=jRG7N5T)QITF5fDk)Q7|$R~o)3mq$%fvR*!i7zU)o
zy6$*ziQk|6OnD&6paY(sUTS<6EHqOuK?n0fviw0h1;pE%^TiOe?cprEctRO4wqul|
z&{QWrgpIpvDjONi1`U`!e%0!>?@ZZWdIc)yKzZjaiP%vJ3t@8lgcz&g=I3rJ*#U%f
z2JQxEKvwmu{Yk_rG@lYow&#>(su9Bia$;SNq?3_w9$ZV8@5*D@fUXlShJpT}q-;(M
zP+JiTtiFYtchAMb)L9;&7K4@N<@b^mKa^_XYY{ZnBoDWxvgKAiR{=B128FXOK*)30
zq#;9~kIQVO#0u%zkVx{R575hSjuw5Zz3Q>OnCwcQ+ke5J|Dp_D%_^L5cp6qTCPx6o
zbM^R@u)l<Om(scNt5cTOX*H<qSh{()Jk67{#i)Y(JlC<giVp?NY>OM$^W$#xnDYEp
z?jVb;O@vjXbV_?f(7t<+(__;U-Ux6c#^#DRD7rbzU_4Z<ddfQ28~r&ruwXax3|rf6
zWB4TKhxvnPXS?_V<N+K*xf0PHXbo9zY_lU7EboroBA2*a4TTT!8)Jsd;L09BDOT2m
zPM$`6Q=H3gpp`jy6IvyZ&7Auic!`S1e4dDlA}6yVL(XHpHVZ-*WP#f{7>7@p!!H=c
zc^YVyIq?wFFr=eHg58_4{Tr;Y2Q5<zDP}s=4!X0;On;uU2`&~GAQn==;pXWi{!S#0
z#y3?^@Eo)4z=jf^Wy$-QE4_(VyF)fqIFmsB2{8;Ch6As*4uh+`_Vus>V+O}cgIsYW
z%;9HMbWtl8$%C=xM5iq%&*M{zu=rOczL5iejF<A$Z$IwKSg~yeSN%ery@orJTrR%8
zs%l-n7c8sUA_KHPSMJ=_5#7?BgWzQ<nDvy-Pc#uJ6wnz3G=9631V-H0Vj{k43g|6C
zq8u32A)2v5Ibhm0FX#bhKX-F__zX5rM`{-z1mrdBX(AmGMwfSLP?lp!>~@!UE~1$-
zI)OwHuaOEgH4eM*Zt`DVpDjG3E7|Vvl(a9OZE=p(H9qW$t=K06o`MX@?O@EnW-AUE
zY;B#@&c{_wXW2irZPWGF?}*k<UIrGWtrRe1c}e&@KLP**ttMQ@X7_s3Eus)yftW}D
zj(B&fXP~ca9aat3qV9P7U0&IC@@&WI_i{4oY0vN49At=T>_BQ^rC1$ZsBo?}J@Q$(
z)`EgueQ!bkzOS#$;E`Uq;EOM4D&wW1f9`emPzBB_TK$l*H&<@9PoTn=91T+0Yo!;8
z=;r4NQfmOb$b(PZ;xZAcwTZx;OYk#ix^~#i<`Vuq==?*K69#x^P0#4kL?_~Purm@H
zt*^fM<uILfF-Nk~{g%j<-1Q#KL^=pMjtM=gk%tGVBmpJe@|QDlaaxA)Z)Gt!UL-_0
z6%7w%&nGu=oTM-d2}9LieeA61TdE}=1TQ7zdRQuvC?M%eSi6SR4&GCrq|IG)+y|VD
zM#<S54t71K+`;ylD%}$n-kV=qqIaD3e7@&JDiJDE)_TzqRW_TfDwQT8yB&dM4mLD1
zI>8dHEppvc8FfyqGaN}Sl{djkS1Acx1O>VF!nGQ@LwDjpcP_8N(KUJIuJ)00zDRc^
z8CZIOkdv(H+hp85%BYIM@9|smW)`Fd!;#L;@a9nKc~1$e#O#$aArqBVGE=sz7e$iW
z<l&oSj|Zm~!1AnYC2E%lpuA?u>o=!27iAGIa%(##8|T0)(dnfo9>+ZMZ~s?m`d_)!
zx^cwmEhQ6IC#SNFebzxJ)Um-+TcEz!&q7PJw@btL>%Yh%={+oKX!6kq+2rEN<-R35
zHy=u&Qo%Nkcqj;SDuYjm9{6d|Urj@XLcXQ}Ka6sx=@^w$45L(ExqEFA>1-@+nk@qR
zf6vJ45p#-#q+4nE@*o9$3wQ8THy5jwBZ(#;=S-0UdfeW(>W|S`5T{Q<L*5HeLVRH5
z<qzP4>r+UTb9o)NRRAs*^q(5HUXJ5}er&544!tfwM3D$w63_T@PJtnTm&LTl!q{gI
zg$%rl)l^7EiH8|Bnq#UhD}8a_{I_b@<fpE5ndLk2*R|>)@?3AAycMpXbY97jX6)rM
zN_MVJ4B&VH1>bNsVCXxa<&^PQ0L2#}VKnRp57WC3XpF9FZ6?FFzl)hT&|5$9o>p<V
z0@ldL*C_TAb711drPvdbop+LXb?|VVJng?DUu~}rOY<nJVgPC!*A9qJ@z;Lk7QQwd
zLhp`!=PETE?MOjJ7wVCe=VU^6>=)pjiknVZf!K@NKXTi~5ufwp1w!7vfZizV!s^|i
z#`)f}hUjmr;M_2aw1ns5W$}=5!yl%sZ@g?C?nv7B{l3>#F0R^n9lzSa1J*)moj5zt
zAFoeZkS)%g-bbc&Kna;8W-{)@o>S?Sb;yRnQ@&B)Z`pC`ljxOk%#GXKqTvJ`o1OeF
z0{~J^<ft%fYqv&q2-mUR`(HHEKkM*!L-jdb?XPp!KBf!y8FH!kd~$4A;FoGU5aX~o
zJYaGQ`cv6#Nj`9CA>DK7rOtdyKnz{4JLm$e^&m((NUqlce@m6m2_ljuJhg@c7%Uq(
zJ>sh+xFdY;#c@A*&CPRG0JorwUXgCBM?{=Pgx>O~tLv3~W;4JSg%7@OHw~5>!0kaJ
z0eJhj)0$7)d8uHLUnO01Dg;NzvID$ZR*~l?0JM>e9p;DDDJt)giT$v=9vraXFr%F;
z1N6IS8?x8MPGO<O80qXt02FV|Kg~ChfA}X3bn}u&r_31apk<=_@U?T7NJ*3ycW1b}
zkm=1NxxXL6%24wsoTy*l1-}~Maq)K%;{?LCD^8LCKB<0BsfaXgS9wdhwyVwXx`h9y
z3Hnv#x8B!s0U>DWZ0zK`f0prT(`{Gf(}Q5ossQvFQtD9!<hGe{8GT*Jv2`May9ugU
z#gHW)Aw&a=b&@VRuDUg~4COBVLa)Vh0+<8Fh?4<g!aDWeCXl6FM2CDrE{-*#w{bt8
zJyvu;I`;(a&1TKZ*Y~TfdV@DqQs9iR#Z_losJl-U=TJ-jQ>2G4_1o>DBQ}m61aJ$N
zl8Ynzs0Rv2ZN#MaxI$&wJ~@6*r70g^-v+h{Xw&{=yrnI&w>wPJGom)@*=%c|Okq&;
zc*=hx%0bxdWKbQwPajwDU}`5;!hTZqBbZr1P+M4YF8OA-$`ac5Et07o_r&fkLaWU3
zp21{ic{>%-My}dhVZ<<|<1y=jGM0csO2>#rgx_VGM|o{EcUC%3%9bvT*9ZiMI2Q3F
zydz6^i=DZrjp^5*TlWVbp_z?!wFC9tdb6gsYWDOp9dDuz+7vr7;K+pe!bktU^)lAH
z@spOD+iIlz$G7~yFlyhBbJs>16XX^0etFray|6$95byv1BP`|%(+SBcU?HL!%YeY@
zw{)j-+hm_t53|}QTt%PceWX11CaU1vp}qZ(Mb)*{th9_e^m_coI*z{5K>>8vn;C#J
zu_FQr&BxI(%+}a?qlfx*e<2!oPmQYvW=sk{F;QPo&h*skOXkZBM$Pa+(=kTg^z5Qt
z%jF+w+~jT%DjcU=`$rX#g}DdEl6&#td3U`x$4!$kuR`(qs76!noV(a%w=y18PNaK`
z1N9nFjf2T=7QiQLfDn&DMvLmK>#uUhSoJ`MoVDZ-6C2oW>z5^+GUZs67%h5+Z&leB
z?{!P_$WxNad98I=04&?IBP)nul}7GU!v7OqR2U^0@Bm7rCM$T@YlxUMCC)RW@P=X;
zv&=C{M?YA@d8^}6Ijl4|1l{_##XJuc{I+F4Q1<XuBGtf00KB!O=@5E-+PeR{gAb_6
zZ)`v^hj%%Dk%9t*LN2z;3IRbN;qs6^=5(o!-+vP#Yr2R1!W?Ud@>o@#*B8C6U!SR;
zKRj~&G%1cxo~&>*g0LC=j>*+3^dzoh>eJ{SWf~^5oLM{oZc{-<R_DuN0YBsQ*~RtE
zW!OUV`-_DaMzh?K>@)5R=?JTEK^n|6AG3@go~F2Rb1RjfD)J8};-^8=;?Y}0CQRtd
zENj1QVtybd42GqG#|j-&Vgs>-6K{4)Wu!$iz6uGo6iQcrZAW-eJ0ZIM`+^{YR%>o%
znC`g*?$~((M5$fCYb-b4a6X18wUeR-$*oP-pLs#pLEA*WxXil9F-y>E3v!z5OsZ4#
z2Vu!ABi8ZjFE{iNP=G6|bSqH%qMqYp3J>kQ%ca<FeE)HNN}p0?1j<4M6ED$;el6HW
zatFL9@7!@HkCFqolk+yuX0xAJagbL7yW3%R%|s)7Qq6aCt+#ryv%I{`*i*iK*H!h+
z)gb@pRU@Idse~k3jD$P=0pDURK20?6AXX$Nn2sM10CZLH?#hCB`v5uAZ}fBto=3Iu
z*%g&0`S&3?+G_o#Mq{T`RGcunVYkUh*e9baU9?d?BT}$`C!nC2%y(@-cFZ3=F412<
z$6=gID|1cJ2A;n%(AZPriNiLZZ1Wz^jwI;(?9uP&JkMK!UNz#_72LD&#W-?uTv?P^
zjk{WZ#<_(gWty?;4{X?-HzmWb-Cy9@-l(Z`38OsB3&(sMRDSr*H5p8h&8S0E`x%+>
zVu^P~>Ifo<9te{Hs#!=PPG16k9%v{DJfoQFQqkda1;b*A0w^w0*2V1@d6jBPaoc-s
z)MD5avW*clM^k!yo(@DzhBw6`Pbz{~M`VH^?YF&Yr7jmDr&e-kd0hKl^S#EVboz67
zu{am%M2EtMwevh=sNxiXCy)2K?AwmAB<z~NGR<aQ&QI})3WF^~*tiT++hmHifQ$x*
zPXb)VqEAiVZvxW3qXr}6uyV=8IB6VAmZF$n+7$^Kf@fw;JWHxl@!67#6}GMkx?&yB
zbgJal9Y3pO9s-AaA#!vy<FCm(K(`_@c>vsw(>|#&!C%dtaWg}HYD!Kp?YQ~g;Bao#
zrlt-GFls*W=2p#z3HnIjtoq1AjhScJX@f~fT4SQr_(Om1a?zLIWlNj6$r!`N$WP*V
zuAsteK;2F!;-j6O6dMpoLIY7ccS)lxrj&5=toRgqq03zf%{<hu4pJj)$0iEEyy@@S
z=3oI1qAzustd-a2zRTof;K%K$PXyG`s)nun15V#kh})O#`GDMN80|IQ?aZBm6L?qZ
z)7w7?)p|(LN<At*Bl1HO_{>9VM3BwK!rxl#eA3G)ar7F>S8(8>YY>z!G8>S_sPd~?
zr=9O)5z~>1;dCOjt;o&F8&xb0FHw(r+`Sq{IE2YJUHh}FXN}&i4!X>QO?ID_ep2Tv
zr7qKtPNQYZ`#GF1)N>7q-xfo}UZ2b>p`~5XrBN-&JA?v2z^8rpp@&QTGEUBeU2kG5
zXeOuT+V6a`oJ9~nqRyC9tvOc7UiYrm==f)Z;FI_3O$@M(O`^QyY4f>lneEl;*t*Jb
z9C5(^9||R!O|^jhTAXm#3eHhil+#Zo>JmP+S9@h4nH!X~Ri<LSwCmV~p~Xrr`PAl<
zyVQ=Eci%B`9N-4>@YSn*W;U8Ps;oxtk@zmnAgbk)CPCW&R4u=NI@r&_D#u3%Vd^Vv
z#$h`}N&CpBuX;Kf;)4?eLI1I8nD|5}*lrH1gloeRg6W2ywt5`@S2Wr~M^~oo*}~oL
zg)Mv%JxJW#C({_>OE!3FQa1QQPE^HT%lOJe0idH}Jb+6UlfkRz%<C;2-z`#qa>;Uu
z*vw-WM4xjjB$)Q+F=v1g&hDa*>n4~vb0BmgIY)M4C3yEA>4su!rcHl7r$O`e0b-*5
zF5Dq^{4n+^j-s}E4sbAUpS2#`E-qZpkZmhzgmj!~F2R$y?165pp7Z~r6ERG-_#z~<
z%og$SVN1k;Dy8j|R`$qn*Scxv#Ee>>zRGb}5H`~|#<F=|&d98KSuQ%zexRy650%0`
zVBU~otMybHNylp8e?p_9srHQ%8xCVbcGVL=U}>KK01$nguLcUZa^Li`E(Ck@oTr%Q
z?W%JcPosaO^XZ#NSbcC0f>Y*~D`Of4X8kU)fGba|GdMj`7ma=IQL89q=U}y7c(rN7
zexhbt{r^ZAJqROz6JPFE@A00dC47AeldI^Tu>jwI<6xsh<*DL(X&MB8GVoG>O>pI*
zA*trp-Ah53(sI>J9RxHZZm>_@ogU`1uTJs*--}~hT|!kD{H+M1Y#uMOgiRatgssj;
zad(b`2Q#E4baSbuH3rVAR(6n8E=gEnyphqz>Cki8p;ZQDV`+L_&E6n5#c|p_nPpbi
z-x?m6U&>}aY7zC_hA(2#7Jem}D>8>Y7<Sedl&W58y>y7ELA`n?IP<%<pJy{$RB(is
zf7;=zsH};s8+MIPz{4&TNQo=2^Z6y_6+=J|mX@Kj?rA{@ljE|98%`vhT4mcTwzSNj
z;~#Z|sBQuW;Ds;0XpEVujhUZllpGnzR1h<@5udLoe{S_j9h&8-fg58$(eM0x!;LXy
zZz4S)1Vff9JiP>O2sv8)s{Z-oJ`Q1b889hMNxdxhkpAN11WE%JrEw5^GD!DfLV=dv
z44u32s8cp6Ch$HF7fNWBg(YKT@JY-yUs!DvTT>~G^7(hJx)z%VBr3?h5bu4EZh0=!
ze-O+9nw|KPDWvlKBh|A<Se#iNB+f+#tbPZr*QYuOzpVxdNJMEbV8Y!;6sK)2;Uj9f
zIT1XY?E3i{fct!PwhocH%Zngzdk#4S^B_!FyOH504WG3y5<Bp-eo&RSigdycwUCpa
zBj=r}%US^`?>0nkQPK(uDaW+FI&*RnStt>Sj45J4Evyf%MEjWSk^D&9<bE6YBF3;q
zM9df0K7+4is0G6R%*TT$3LQDuAK9n%4qh$E|99+0P=VG(9WQ?0CRUxO$5(WLJGOlK
zrgph&WF!n6K19)&Y*kCRfe~6Yfo0om*u_pLfKL-1QBAeF))gN;4p*^#A}}oLU0a|M
zga~ldS)VR@34y2el*C2;(i+`x{5|U}2y<K1?6OOXo6i_vyZfXc(xYxI3qx-`gh^+o
z<)s??XnG!Pi?WhqmHcPzYZQmVe`n%<1({!F%8S&&*~zfAj|o~~%Sk(1xegYUZY>5U
zWd%PmfX@U@v6ka}o3MoiE@lF{hgA{&p&x$aU=S`EU94E<7b-Sdqx4i+%#WRuMa3lo
z05G|EqAg1rO^Az5!tr(*B^jz5^8!>+ObT%#TC=tTxE`z49|I6BlnBosLu8KA_3?oi
z@T5iK1tqx@4n^MmWh^bikOyagQ1Izgr)?Y+^m2s^8vJJe!L!cQTlLfXbOZ*>A5K6a
z2z%kz)lv2P%4|smQ#(R7;(_8TIL}5Yw<GEB2$znm@ob&(H?Mt=h<rz@0ypOPXoLWz
z;#T|XTpf%2c=Ii$j1yXz2F~Z0^tK#Q2dBs{E)IbxUiD?a{)ymk8(9*qAS`*CCRGMI
z4mv;47QE_)i>N<Vt8Jwx$FtsM463I!8qHtAFAGa$-l=vtt-;(N93M31y;V*BHd^`i
z`#H7-c1~C~t=lp-?Hbmc768JV(EcEjDQS@t3V%b#t=iG-4FB<>()X>tb2JK~)TU5?
zgWwOpdxDxosk2*MZ#J{<^DGxOZwAGqZ_8O(>FdN6e6>p&owy4RXS!jAm=FU)W1h12
zHdt&<rqy3$B{vW1xM(kKEenn!t)$s7JV@)zudN$!XR}J0BJ=ApKiK2S22A+;{GnHR
zvWQd}yKWJcW$DuZZmhJqEi|v)Ro`eUjvWfs{QMEWY{rS0u=&PNEU$#YxUWO$4>!XP
ze<58-=a9AhmeJYr7a(fxIASKTrn}<5h21}$z=2CVPsc5P4VuSF!^Av+S5+!DNBEl(
zK|at3Ld*YRLZ*Hlt>uWBdJ3S1cQ=Aue2{s?6qLsQEg$+<2=jjgN?m&Am&Q2%KY<cE
zA_@c4ANZxs9vS$c3u+#`GJ}v1%DA%W19R);m-H$266K#tq-g&J^U|t6Mu5y90>9vB
z4KaDGT`%pIg>=-4Ulj(u;WXY)-}uB>97)>Jl>$G<l$ALTHMJ4b&^eVC-Avqg)6<)^
zXqrv!FP;*&FPJl26OH!0#_BqUAc+)j<d*!w01#EHMKy?c<~qHaTY33RLHdyef3lPQ
z>9LGyzgJamou;)92M3g2p2$LB+tr8`lq~M3<nA&S=UA-fIeu5Z+ht^A#k1=P{fBVA
zkP8QX!oRdr#(n$??CtejoZmaPMN|zlc8!!BB`oA=l#N<ABm+uTiEqd_OzS=KlYzso
zF)B6E3N%#*5x1{Pv~5n~_FjBK;-{7k(;x4mv^$IR>Hp@C#XdwRi;F*rbr)Z+*ANba
zYD+L6B6?%jyrj}9F*=Bi$!xtIsL-0Bok>+tWDGG9d(GVzbUe-e`*|L}Yk^mBscTI7
zthyZrV9itQ@=+t~G5QXu48wRt^VhfrX^>}=8ha}%t6o}|tAJ-ofVd8g0e5M`3d?vY
zTMsae8=ju)S8dXcECTN(y^Q;;c15*DU&t(?^R3E?HgDzyNtNu%3_$lTZMnK{<9k%>
zW}s^bq@M=<i|h?<OrtCytc?BUBM0p}IgOVdOWsz>@oH_bNrX*^x5X+uM9ZTL9vJ11
zQs_W!VG`zN<JAvHuA2HLu_REj{o@jCIh`hT=Xc!CN1k(}@bRJxHu=lxop}=9)sUbI
zM{IQ;$O!S&7F;}$x8C;2b1VP^7RY$(I=!A$>L}T@xuUiv3Q3<nB#`x6nFGV*TUYYn
zI~H4KhJ4j{w^TS3pT4C6f41e6_Y@r*<}nRAbasd8?xUalPbGuxa$aA?^Cr!gsIY{y
znL2>xUti}8k8XKxlsZ;(X52z-3n#B_zZ9>DcYSVB2E}^)rnd1qLgNAapm-J<Jhmof
z{4bFM+rzf^e(eHtU7pm<^3sy+3|v5WjokfZtN@3IWo&$j54eT>kKyz|-t|_e4beOK
z{FEwpbLP@=q;V!G40@?qoTo0cu>@jC4ypHfewM|`%N$p(awIR~c!~I#{2;|NTmH5I
zU6CYw)BW3*UXIr8y1vO;P*h||ZYQT@C?3Y+bL0uDbV|nT0jxbXb~efWQ}tA+Wh(bO
zR-h$!+b>jmCi5A6It_=?7&yRM+xemdSJp|V<h@U}3AkOP)@X8Lg?Z)OT`HU~I!2OC
z`?w$GgR7pOL&C`s-SMN%1VesGUGX&}_2)74qr>h`#<KII>o2`<E_WKys`XIpTCOfT
z)}ue``*_@wqNK@hQ|DHGwh6|WK+;_qsbPemQEhAK(;uPe<1}*uD>)m4=C3B&re?CH
z&_n@iZ$Ry{ZQ?hVDLAHJo|Z>dA9R5El;2%@@b|XpSU6Mw_(|UYX*i+vqfT2U4aU=L
z@jY4MbZ&2lir6lw_8kVqCIiDyEfDRnb|De;&i-=5gAo9DgX^?|pD(2IvfLbF;C~JH
zs)112dhQ8@u9oz$ezYDHNKki>Lb+SeZXLn<GoZ<q#vOe}@jKvyTvVm4ZGrU3cv43^
zM{@&%rU-tZ1CN<wo;=Ge`n#Qp9pl-oWYk1#e7uhwk9(=5yzZYxk)$f=je8`{+6ni?
zafJ6w%uJ^1*d0zWF#o%)J}}t9bZOf5O$G$qd5!Xr1#z&GTW{E%w^RTCIp=&VM2$t0
zJ24p-SgB0@)8N`w6P~rXaAm1*gQiy=?hXbuO#7SAN)wpNf2!}*sQ<M6pj8yF5BJ;#
zp}rj$b#BF?5^+A{Y(J<*{Z;#9jW&ZG67RkQjJ$-Yg^ZA5B^5cJKU_PWzI<VKewanE
zx@u8hsNV^iUtMW=g_Y(E#1lEc&HFNQJ}82Co9p!GC4Dw@&6YMdAEQ2hOT-&eCo)Vf
zlWP=E8+i^Cx1?uSH98+ixR+OW?VPC6G4eDx(2?MVEei}n{(f+Ix7BXMD*Yoz*jEWZ
zy+scfH}4B1AOSw7O<G5KD-EFy5d#THW;vEQToa!uQuJP)T0B0zUt$ov3ji>ria^u^
zjG$j@)sCVjZ-O`A(S<6HqP3#H7h<;s09s%N=ZDMfpLRuRgKLb1;1sBoI^%~IgT>zB
z1uS(#U%(z-F*mw5X7JruK5HoE7hEWi+Va!otSC>QHxoj7eNKT8Qo4mAZYn!IA@{Vu
z{zLY!v-adfE>mG_>=T5dp^X4NhN%e~HR?9*T<?HffgdFj02z*9C`>=NK0;zMcn>&A
z=;|Nazx9S`kdd8@q=7B-3$Gs~DzX99{*5C%uoSG94Ji>)$^Na(UGM5_!vcel&VL~y
zDT5oIV)>=#Q2~A~c}J;dLbSnarjDYXJLga4@ZJgM-^2_z31g|Jbh=}Wp9(*^c)fAX
zoBHruM;N-Vz^+Yxt4PMN{5<qmkDnViWHttFbb7}&SZyTWdD~-7+4M_L@Uu+8$GTi?
zxQJZVw(DDLlwy|@ZAhfz=SU3%P<Y-8hM3<N;vXa1tn(qtV5_m$3|RaTOxL!M`#O2v
zB);a0OFR^jvfv<}@^NJu8PMA}cywd`7n;a>)3gh;X<8=Nbc>l?@u!87LpwX`>$`;#
z>&!r>s>Yq^v=M#Mzi@jP>8_Wh%O}bO&xkibJc@$Mw$U;WH(wK#r$S{`Qm|xbIxPTz
zGK)*R37xUF7VcL<7$0<&+q%4fV)fj`fBKv2`MiyDz(&EwN-o$@!I-+cRF+$=i7|Q@
z9{`Y`<g^M|Qvt=Ml<N)V?>dg0+5}^;yase!qNa~-9|gZY7s&>z+fFqaF~L^j9my$9
z*@fxQ_KR72!i^o8zNMpRqt8c%Ld>#>nC;gad=5HDS!y&<C6rV@zq2Vtq(#9cf29-s
zCJSG-OmJ-Y5NuQoOiKAiANF{Zu`xIm5s!&~lLr#Ppz`4p9nd_i9GS8QW${P~p>#z8
z+XT;y4#dcl@dDt;Br!!`A2N3-H9Ljrth7BHUn2+p&BhbiCV84b<C}%^nxhlmB~@uT
zDURh^R2GH9c_h&$Iik~M%L?~4;U4nF00X^NXS#>ozZ8l_l3S@ASbEMXen))0$c%vz
zzW}R437r`itf`xCB;9p?xeV+HBJPqAUxmcZQ2xH4l0+hof~+HM<G|<94)H-X$VVo{
zdCEyDtRo%nF091Ztkwfxx~etBK4=i{FYTHVZRvhS3{y0ajLddv%<f_r|7jME^GrI@
zHvQ!h+#aLjL+jAldj7-Atjz}beRS`<<C{6!8P8Wr6nhOz6lcp>kf`ivt)&LaWw+ZV
z;(j#;Bucrzj)ptVEGL=pL9Syw#tH(*(c8^F<wT!cbrfeo6z<YCTlq9uKG6VP0OTY7
za~yg9Z)MK0#v~i`K@_4U=CD>LN}XY7mVqo@boTg<D8#BP6I^Ap&@@;8%##qRf`d&n
zwcKm=Wkn4a8SUS${tqZai;Y)P{ZdIV;Y>~6qu<f!0|5Y&1OJa%#6SO6_9K|u%$Tau
z&5T>H^^-|J1Dy&WQSdcqJ9c_T36Dfs)AY>{dMtL{R^7jlpRUFS^NS~E<NeX}#tw9T
zq(M7IhCzXCWg-`*zq~q5G*fAJz)DAots0SF$~?AlF;}yZG<iau;A2^dE@9Y%Xu`j0
z{nb{UX;k3=2}RO0hxl@|x=piahQsWzbnrH<2zLnWlEtgO;PPYJx0S-LGgSb9<}{(G
z4`fZ8DLiB2!|qFA8FBKq2UCa<sU@zo?DwDq^VUjW0?h&MgPnDO`G<ofq%qu-Aqhd9
zY@;MIEu)*+BD_{1i7WmjctHXzVJaoQ>SXaLqAtbA#=hg{EtPZU2;G$Bt2(^4<B+~5
zmatR2I}iQiD3LzLytyl_+p5;nG<|W+(@?C1$c%=)rP%vJgUOHjCo^<|HrmYZnGB%r
zuq%G;zDa$W-5Wu2g=Km3Nfy_KNoDeUkx50Rbp44ppLI;#K8J+}Rae*aQYSA|7=YMK
zN#A+?JoS3(Ih!vKVUG#L0)Wr+IXTGfhZ-MW-@^B9Nb>w{-g!_D>HxIIq;tDdu@A%@
zV<EwPvPGi!TF#ZdMo5g!69+R^#CuwkRXF{9T{svcwpzE;5=+VbJ4o4<9xzozka;<h
zE8Wcelxz9xND}@tBW{fGn@LzbDA-S!09Z+EJO&f?>%5u`oZ^GIMs5Hgh#m>vE$}_x
zm1gv=xWxQMjHd`21^O4&<1)eMm~RW?%fc+uc+m0A@s)mXP<{|O2@}=~>d5Q;_yrwS
z$C9$M=cDy|URMaZSMBC1pl^D3&*oTX*7=1RKm+(57Pj10!Y1h8_|B{myzPe_oRb$U
z<os!QzN%9dJVD@_7mPRt?d_xN>`=SoV1z$cs7<l1r;m^sX!j<hL}>m|6y1Ym!W)yQ
z;lI~{10>c^3;hLI@urcge83=i(_T{m^u)ikOu5k&|9-OWgc-p*PX2yosEBMlaJ_({
zaTs+P)kG2iy4Ss+la1i-f)4cD?}O5Ev$TJr^YO-zfsq}Wukll|XyR>-ns63$`vMt2
zsa0x#mq|oK2yVf4m{9f&752EiHQ`m*--O>!qBrwvKp7cH(|7>EhZK6v{9j{V9!HT?
z)&Bx@-h~l9{t!@?G=pA2jLM2np~aFup~bB_IjVoRVtWYj!hNhwJ)Hr6T6??oZSuu|
zrP-pf4)}7oWbx>guFNa%glWA-PQ>6M1W}kiI|zK?W?Zh>W&}4z+0dH@f4HbB?!0Xl
zM}7S>_URf(28D#c0#H{4=->b>K$d(}mfcyE_p1#yuE>1`B>^`?6ciagFn6sbl|8`+
zwp}H*RkQP_zIhQ$KzN1V<$GO^iEf&*u<_-O37(&-(<bJh0aQmJx~KRR-a4Rz<c+6;
z4Ue}b9x-^2d0-<S<@~yfUuTKXmo8$_KUO1>@`hqmmd1VCz;l%bmQ)qs1i<sz<TR<(
z;377~r}!k!GJk4zr^2<OCztI4ZoGPB^;u*Hm$vlrQ!;jPaG@!HLpn6Eb?tvdemv!%
z`ZeN!Q+beVbg;gKBBoU8&r*o<O|>5iK;eXg!#K?g4<LwxdjV4t7qI1;NC{)XCyiq?
zmiBgrT1}@y1tM#ZALjNi-L^^n2^UwIc90oERmm#$g?anOkMm+|bSotD^~7hy17s!X
zUs@&WaMr-^jCUU`)dQ!MUMKbsdrloW)1mF<&&HH5uMRbvG}x1##LPJKlM0t$hu2KB
z;k{~-)o&AOyZw3^oDaD9@2gQqC$(T>cifrIQuC06z`0Nl;luO^?<#&azPtRkBg2ko
z!A)waSDM`YQNx7yfgvSVj{iX_of#ERJJW{8T(0MIgsUbWS@@n`H*=T9{|8AZ>RUgt
z;_y#33}l7Syku;^1m#6xd}Z0E($o}oP@}2kq;p-GME;k~aowN#Jtzs#G<AUbS{(c^
z6uj$Tw@u@+szsyvw&wu@006XTqCtM<q`C|=d8xiU-wFH0j7-JeY3Fyypa$q58z|Hl
z+T#;}zA|#8H@&E`FcB>an<nGcki!Yjtf+wcY)uAZ*+1X;J3_hF-!^e|!lMpx-h+Z)
zv<fYMh-u170}sFNgPameZCa%5pvT;1J^^6SXLtQ?BMxhgqb##44whs?{Wt2s_kUY)
zqAbP>iyTV;oSuVODTzcJB8Z?J2J|fza$bwpuR#tGvZ1!dQg3QJn8|G>?bICx4ocfi
z*6Y94_QnGr^+pk;d0nL7_*WDuyko0=renZ`<~5fF{RkM`jSW%hd$;$|-n>CYB+J*o
zap}hgbO3uiQ^9U;aiACe$jTT__@{4rlsmma6V}qlCR!v4I*YjG^<sEJWrd||xAG;!
zgN4YECF(lq_cbF<+C!F=a*?wJE-Dio9>Y>*(^y9SrQm7T@`i$jkX+00l?mYD!n^Os
zy%G@T-FvEwGfu9><du)JIi-hEuYP1gLg2%br#?^2UBw3ceJyEyd@f_{8E<Nd+PR>9
z;6z60??U9@pjVL}Pob5O-;p&4w`E>04UAq}Nb?v&LS_b;O(p7RDlR2+`OBbGA1w8z
zZg9`X1BOtD<o1Yb-UYrFbSwOV()bUdREI7DDUzMvDG29G@$+f6S^Ezx3U=Qx8VDF~
zdHC$5ci7M}X>9FOF$MIvAid1VGs+ql`)Fdlruf1Qfs)1~=y1HnmUX)8cUKx#@ZP7D
zNtY(`j0tll5I*j0v7kL+Ema{&UYn?aV#ydEn&6%mHrHDIbHb0_z>x1|;ez{50HyAL
z85)3n>qM5bI50@F%{~@)Z+c*|FxWB-3s4l1Z|Kcnd@M)UvBcD@m=S*E9xPoFTGJOT
zXryl_&6!v7PJ`%h;LE!~W^~UEZHs#@nlSL{O3Lq5oL8fsL6A~Bi$q-c?<KX~|D5xl
zCNak$`XIc3IUSbKGEdPA9x1fTjk_4^uWtWS%gs>9{vTh7uISVg?)kcM#_S9(iHt%F
zP-7PEVZx`y@Mr+emOLs&+0m(tU*(p;UadZ01Z$ru_u5`Bu3b$A`U}68<I~efUlFct
z6LX74;a~wUu{k2Pr+9_X0L885qjMRh3M5|n=6J{O^z%FFe#CHPm6Ycz7f(inu~7iJ
zrc%X#?fnc0TK7O|tLY0ai!RYueGFopDm#lD#=Yqxi=WYrPC3@*UyKbG2K1dsG~q0>
z#a!3-R@a}^CcE+Aiqga<705#oGvl@04<nqbF+vX-ZDT4Nk9J=L-EYaJyHjs5p1O>D
zWq!S-t__OH$k0S?)Ku1mQw$a@h^@4H6K++@RNK=C`DSn7R|n^+4^UNJlvk=3eJMt`
z+8YhV8-S_#P@-A%z5b1_H>WC&GW_sc)Tp4l#~<IL!L`+5z_Ly9s0Je-TeRyg-)f@f
z=?OFd-T8sRgxtm*cthqQuM9NK%x{ugg5TSdnp=J+!{WSyE?J>b!Va11yUAPH$hey2
zCdRKUjT`8`PNb*lSME>3IiFPTjrOwF*<*bSbClA;Npy7CaLPwn1P-~sjCwrO=3e16
zyya9w7T=5x;iElG6JiLIjWC?NDxf+w^dm>yi&#J#kZvQtxxR^eWoHG9El=MIWw(@B
zeg!7*KKGaz=OoT6;$%kxt+f;M%s9+(QVyZh`!$sS-le<`Hj9aA2;FwZGWTns6>wDm
zdzpD7_N(nJn6I&IC}kLf_Pf<pUQzT`D{x{nY)-UD0YNV2y;@qgAf@-JLnF3^^_Yzx
zoox7ro{w++#wI_qv(m_VS385CEY25MDt3=o@6K94TEl>(MGS2H#_)!u))Siz{>iye
zK$yCQ&h6S^^T@@@(?H@U&t}J%rw7y|YOLCO2Pt@GD+x_uSp0;zyrN0T#D)(`9gx`4
zOu@Jg1^!=C?SMm0bYY#r(FTVhU|uT>fQ)V+(JKza%RW5!a;m$;ScI2Y*AMiryl5g+
zAeXRSgo^!JpQ@Q1HK!<*U)s<cg--8rezgD&$~?$|6TN){Va|76c`5y-gLm4Cz#{^@
z?nC*@+b14{Yn$yesE$7*B1!djaWOwB5iMGHXsBoT_H@alCL+VVnA*ZrS63q8jB!}Z
zt29n(n!g{+8`#eteRd0%8EI)NX<}QWoO{x`2xW{HpghT=ou=@#6xxTco!(KT|CjG&
zth>>v#N(WDbv=N<c9_vP@ilI+s7YIJAIvNBiw2L83Xjn}ttj}5stBYSW8G2<UTdE2
zkEi7skH^Q7j~Kd2w11;LOkq=fy4a#Kt{LrSMQ+>KY^9=|ka*;-RaLNJQF&1`gk?rT
zm=dONoA^p_&}y(_d(n&Xf1d>>+hss!cSA!>@AwMZn$8ar7`+TwxAs<=hAhk0FnK{N
zu3A*%7?YS~g8c9If<|=3q5r@I3cr7Ndno<^e*VoB^iOuv`Il$uZ`;fN_JFWX0_ndz
zMnUhekycmVSP43ZOHii--qXhxH6C8SrbZS0qapq-l6_s0{&Eg~M<E}btyp7mrQe)f
z;J}l;R|XXg6%FaF*Egaw6XNp#H9rYz2WRInm&?=WRY1z-KVt!?d%~5c`y7@H2BmqK
zl`NDFPMU~VHi?i;?3VcR?|6v6kQ!i(TK+{{|J<6MK1&jySw(2py{Gssx5;D&-P41A
z$Oo87wUoO$Zhied0!T%A`z%9)R(T7-yuVvYiw&#@@vD!2=rA##4)8dWGX&1&Hs3x4
zeKWbV{3kjw)o*BcHk+GGtPQu_Rq4&hync{ouH%;VA4yKi$xeFbG<Uu;Qjxr+bUdpr
zTlUzu?1kQ6_B?f@f>3a#MLNqTmOja*s`SSr@TYGP6;_ltxi>@AJ__D?awZ#(yOz00
z2C}83YTGN=?`dTF8HtJXra;Jvo1zk_(t6A7jezOQv(Z~y4$$&yw`*Pn;dz19^Ve^;
zZw1S$w$K6X%NMnEbr!d@XG`@|!$*Yw22Ls(=SxeOj<d1cx>k0(#t98!2WyunWU7v&
zD=_j2b+^SPlxA!1g>*dqd2H1CmC^THSfjr?rCl5h6i)B%krMtHPLhXqT6%xt)N{I3
z1^?kD&B~=`j^8V5aKG>Se$oH9_51^I9eRI(#YO{?*MTT_)R=@>>7aBmf$!lb?0w@9
z)}=(;w}DHxh%Lnl1LhD+W>lTl_WqF$F`*@3#qsmyFwD=W+K^oE4*^S8SZVt0`+d55
z<YmJdPa9FchDGH14CUX<&w^^oYKN*JAFmhVYFBLAQG$o|j_(y$D@lB_S5$d*Bt9xC
zonWceHe2!65Uncitem@3s?GPt$is);Gf8*GF*;P@A|ux37Jj&uR<kzP-BdvQar@41
z{;Q77yob7vJGHRs1kD`6aIlVgO&7X>@mZT4ivlrm?vRqWz(yx?l385p0nwM&{nE5K
zVmnx(;SLzmYZzYjDU;<#m$+&4x;~<kuoRuDClB}*J?3oP%$COEDjS)X8X27|3bDB$
z;j`2h|Dr*qlF=tVj#!s_?(?LBZP}d1H9mgH-QQN<$gZ3#W8`c6E#{I6NMUiD>yw}W
z6Eucl#A;8^h0PkMJbZ82Ef3|u%gGVbl?Du<yY*+x*jcU0a%Y-k<nPc|Dj8+Qu9o++
z9nII~8xo>n0VsexGMm2Abn$JHFO23CJ9pxKechd2&nn833E*CH^H=8QWa37y9`<V!
z%a@J%JC;w=g;O{mItH;O?o6E?X&WGGbnuK6`T^-l60!u0Pyv9`Q7<%GeQ9L5o$B)D
z`xlA{tK=Xpaw814%N<V}2HbL&F@A(UfS`~dYR3N97<Do~V>sn`Hsz<e2*BIAb-Lr{
zlp6~SjltIThMt)Iy4ctQ=rM6IA{CQ-=g4Z?vS#7QB^ZvLYvo0vgk5VA{cGB^_L0qc
zPX{7jV&bD!Ai9~v)X!*ZlW$ToSb(_z^6$4KF}k~qH?^j`ExU6@xPU1-#B(2x4l-IW
z^CUoKdbfh+&GKbz!&Olf|CtUDiYc+iXki>*Y#USy!~mpZw`fxTh_1dpz?4+jnbEq3
ztU3Aq!_gpf?aE2>qHBL2vJI4w2o-muxVwv*3CA)KUstUne(W?FXqky+E{JhHIZmM;
z`nQ^--BGa6<5IR`_NbMI0wEtf6K<iMJh8jfCmqR<(Oie&Qqft{k31iKdpX^V6F)mT
zA)#!>8>&2fhVYc}+iWC?E5$~_p6ho9=QxOL(dozLrDS7M4|{MgpOgvZnKg&G`ijCN
zl3!)x;Q;{c;4PbpG1k60Cx9-wXU%PCzZ_V0B%)3mCH{P6$b!cOM`+nKuX|}wg*mCN
z0*x$8;w_%tl<aj&NvMNWO_Twj&eCN~ehF6_Br8-AF{6;G>Qk^yw_ivdjN%rkj06}A
zJ$O|sU&+9BHp*(kKXhA-pGtC1<XTudoDi#1V#Gj_Drzuf=Am%DB-|Vrd<mk@$}NOi
zh9`)Pf}il^$`FaV4xVPZrnU3zRfc%ka*QOTNJy4a5ngZ@6CZ~^+Fu)_uURfuACcRv
zg8XQRMSteq8IK~38P*7{H&58T>L6(~eE<tofH`vAOx^3w!9I;R3Th2`(t<MzHX3@a
zH}o@Nu-sQy%nW>wMmu$oSXd;BHV!O3?OG9SuW@&!ZYdoEsE+r+quSd6aD@u9<Rvga
z+sK!MAS5MXn+Y3xulH0?Q2qmAY(N8wWLyz<bXt;g2t>}PL5Y!q(V~X-RpP`;jqDFj
zRs-}GeQ}cZ{B3HBep$JVB_plm*_)Z7-aBQZF~G|QXgW?jd99=31b_MxBD2S|b!#LJ
z5PrMS@vE0bm|p{SispZ?_m)9*eS5a(#z_cn!6mr6TX6S{26u<x4#7RRyKf-4yA#~q
z3GVK2_y3$e=k@8nUH$HdTlK15QxxmN-fOS9VDejYjxl~?h^@>p%9ztbf*@D((0ba)
z`5MG@os`v$^><<VXR+S(&#h9`sfD+RP9UyExA!i~0SmNuj)Fg+Mo)*&Yom>I=57Ob
zBOZhnl<5FpKi8Hw1m$&SGLi~$YenNPsFH5zOBDT?vC8b72*6mm_^MfQl>XzK2(@d^
zn%WAzNf04@b=ARLG_W&5RESCXv5=9q2DA+DLt#wlKs~XcCDV{rO3ilX>r8?r#<G?|
zw&4Df4DAuVSaTBtdc6y&HXCm0$U;NY(8_u)q*Gs4fxC7eDMa;W;K0gJ8?MawJ$kfM
z!{Gb=LI5UIus0bg{-p9M`v8&?QGIVS8222x%e9n}yhW41UYOBETVO)vC*iRv#%&|)
zO^}JHR%WJP$!k4jrxxMM_+Bxbehenw7-M<fzKBCo7%Mj5Q)Xe(^U{2Zqm~?4)a#ji
zoxAIK7cgvPG7$?X1DL<>Zs`EL-AV$o8hUU&%focPCK0Y;64i4*sz&s-$QeXK12o$4
zJ2h!6hGmy=+PRg~Xd^>od{U7C1JPE7`E8rum&cn<50gVT6VITQ5$O2>_SS|LUt&7@
zO=l7GmeNoTRTBxZn@P^NcI%{ZyWjvn={DMoxGVQY`kGQ~va{5e+S|F8Wn2*hSQ)we
z#+C?P&sxT6U>z0*fOpVNy6fnSR{Gi<Qa_LEd|(vIsEC6gb$#VA0VsWw5>lO?>z3n7
z#(vwpU?O~xVhFiUX74u6J=uwgGpR4w2wt>b$*R;?Ud|6YL_|``F8tjg`N)+(B`N)y
zggf|b_rP#%{?wrmcTYfVV67Lna#!>vH)4+rf`Cn?rQLHgB0+=m8Yv9|iF-5+5$VQA
zL2MBY=3}D!<CmKc91RGFSrbVn*mrw&)9j=PdQRKCM@wAgWMv$7n&Xv^EX)k1``uQ?
zT}6wS!hp9P`jvv{qZjX$okogG<xpWTabZ!cZIzoXcs`x`2h6Ql@j&>!CkwqLCOq6u
zU1sm0(rz0Cctm$JHVo2J(nf=0JIV0dy58KowxF=GzPilSB+LfvgQyJbSBuE87FYx#
z*DzkcS~8pxub~)n{xQeh1p|zSv?9vJU$U%>_y-3(qQ}@2j;|{}&Abht|E}ypUDPu8
zEj~5n-AI`u%UN?mU!`3z_qGt}Y*S5eQoZJC;vBG2Lm%n<rL5j#+CoMFOs>=tYXsZo
zE}I_>?B@UGRldTc^E;hJ(Vjc3E6*D+4R3M2H5TVE!9z1gEYJ>R)N~-@Zv~|)&v|=t
z?R+2UYF1L0|3mv3&;lxn4JwLA4I2AoUTRf{NSts10l$wq5>!8^Qafy`q-rIyRUIkp
z;*&$E*H|$kpIKg{p<jCS!wQ2M^%?+J%+jUuSmP4ad(MT$?@^;ii5)1IWdB}|kc-2U
zRJxXSkm%(;kQ>p-5P}LIQyo^m9>&8hV<bw#th>O5;X&d5Z3lEJ_>!2O)U*@-XQC4I
z>*dr}Bj2wl<$UgRtyOKxy56@v)iEj^R;UkwP3cIuK?aLR!3Np(v{8JRhlD3`s<)K0
z-EOwiQEz_|MQTV}7^i~A?07t-e|b|haBiXenNZIFTf4W4DUBskva(!(W&^9qnEJxr
z7;g2jt$-E71JjWODu^%SUm05BBS;yqS3r1)z(#PYR>NN8NsTl@4iL<@l=U$_-{X6?
zE$5eNnlvWNRt&e@1O%OACqIWi#dKtpU9}7ka6qaiD-;p&=@l2OPywCqIIoZh^@KhN
zq>2AUxIBUITAUSTS#qo-=X%c!uF4+3Wx<&HJ`uCBWrtZ%o&pLoTf4x-Fh@x*oWJSW
zc7DvCTJ7A!?7%|eM?;?D2Ap-ctXxdfng-CJ;^w;pH&j=AC=C9}MW1iTebf+%9~N5A
z5~<=Y$F1&)2_9{lMofnTTY@q+bsa9Exw-Vcx`H?f;K2|zxyqe)*LUMgaK%x>3Kf8u
zlbc@prkh5G0=?h7bbCmIR5TXtNoko)1enC69M?tsRI8ujpMT+<zx}fHUHNHOZ|Ua{
z3!R_x`n@)-9HN|cmC#UtWq7CPQ(6^?jf$EBC4g<n!hh{oV(u@PcN!w!JLBD5b^@6U
z>mWt1{9;b}WC^A#BfNY7fGnEKyo5RLWKpI4bJeOpwS33$r)1>*ZijO>&;(gQ@~unb
z=CkDM)^rw2FcXE}CK>?x>(7C%m#<+-lo+T^?Rn=bu8vc`X8=V$q*>xhYa0@&w&lg}
z$f!ghfS-*8&Vx<nTXQF?)UgdY?N4~AEo;=0j~L$kv~`GA6jA5asNm@BNyYH>@%eI4
zn_nvbh9H-uH9g7)n?6GZRsJ^$34zblLhy%nKfH6Sj}9d#Zw*&$a=SCM742*)C}4Nh
zp`sII^e?gl-M&11ZVFBUfVU33$iRRW=+EvIjmu*VK5kpNumB#m_f;QkG`e0hu<_gK
z)R90`^MJ?nP(>v#q>8h(l~eQ%A15-lS@G^vcP<dF@w^h?7hMy1n#vxKhdTCg@PLC=
zjWvTBVz#iZPem@^>Jt>P$9fDD=wxyJK*dV{`M@+>qm4H~iRziREe^@f)?KEYEA1!A
z`OBP)r7e!d&q*!lo5G|Hu@VfLBwDnOIo}@tNHv=oNPldD@q+Z=;lV?A;LD-f{oLC9
zSp^kI1}YHrqprokwAV3e8N*O1wPWX{;w{(93POTwKfiAC?NaygVMFHEi7zL3t?z>3
z@&^HN0H0X@1OfH6_rpqJYh!zl4c%jP&94#`!3eyzdwRncxG%zzF*tE(o}M27<~|;(
zuz;NQVwvikkxG@oGa21fN~UhDC>shesgerQv;<u1#zcDRrq36{t8fuHPC`J=rR+az
zF^glOcPjEfYAM?Pn735kaRxW>q?@0eJ~(XT{xBlk(!lk;xb>>dS*(tN<m<pzm`KB}
zPPa9MF(<85fg#2fBpx`n<9`&478t$V5iw*a!F)+}cobX{z=(>{UR&6FW)M4KLpcI<
zxF|0@C(AtG;x9ukJD0eQR2gV*u}VS2!RV~Fb<uA6fQ0bsr9-|$hfZIq_@l2|t<eC!
zIzHt<5o8X?!GU#S74?242tp&t&9%6Vr;BjXWXc|S`L;5ny6{a!#sMGe#wE)6!k%od
zehvzXnZ)VtT8GPSGWm6?nB~@OEWUi0`twtYhM|j_*Q^)K^-S+>fX_=V^ZrZ>n#;i(
z`7jNRVlw^<6|>44oQ=6wp|LwhTn7*MVS8Fj@WvMuw<ih9=jLz58-gsoTNRb{!i`q;
zmOmP8uEbUi!jnefk$Q?2Fye*NMk>U;3hH+A*`(!=D|R`5++KW)5HsOqBa49oKods7
z%R#P13Nv)7(N~rv+!Ks1dphF&sg1@6^)>u`=tv+MTp_5_8L*)~=s$9qHs|<u#^Ydc
z;LH#HgVDP_-v|(>t=%r&dFpMP@HohG7NyflD0EPPL&E4}xSk~2;rA5f5fLHpVbF3I
zsCja!1zWo*y+jJGCYL^jSAB?#ydnL5ZLTjpjumXJiHF%|`X+gqkt72JeE}T;p`EBx
zvRq9=6CRrhDxlvB60P`d6rG(1K_{LSY~p9O&ohx^Yi{j5fXuCIeojXAm5j^}WlVeX
zYYhR7dj$x+Yt;ytLZDNe^TB^*8*{yFS;WkllO}dN_7c^_DXiR|b7QRDOn?9c(gJRD
z8(P=OwybCJJb!IA+<c0kzs7&SAGd}8ER6T}%E3FSh#Ao$j3tk&SGZBK$S0=Gbd6si
zU!#|NpZP-vVAG*fqzltPf2GK12T@pi_5KjOnL{^$+T&TR>7#Y+{Gy7XzM%4n#0Bx<
zo(xkj``0x4F2|qU*$0^go0i1KsNwD1P%-0tI=jgo9jU?1TPp&~XjLHSNjp;_UAoCQ
z2udYEmBUy&-P0}<5f$_?dYTklT?gev)1(17wV3_(fgO;o%(ni}%Me<7wTdu%HaUbz
zpPHN|v`wpHAY(>kp{BYw`yejbxsc&d1PZD`)WS2B@V<ALyJ#oaD-ZvuZic}YE1w$+
zVGI=4Wo4RO>Zw9r5Dl?nK}gf^_gwVQ%iBKaC!s&kV($fP_;frxk6@5|hmZbL4-=i?
z_F|5E`PU+cSwxw|bv#ny=*Q`P+#cPkr5(uH_Xhp7<d;#}{I?pnuzTw)RKRE4&s+II
zgNdg}46NL4?J`goDr(vtF}u?iBI0fvXp8g6GA*9U);(}KEmnqDMY$f=>1G~(nUjI^
zZ33Ol;$T96w13p6;}kd{gdA;^^GxMLhl+HL!4QgSrhKdkrv*gLo!fUF$uAryacEB7
zTm2*9C^3{xbJ8pJe3vRb!nnBUPe@Bs(;5ye%sV{?oF~p|UfR=F<7L`A?w<LbC0-5Z
zM`#byJGwK@N!4!j!yh*9nlsO{+hDp}02@ZlW}z@8iB~cfhnoHER%7Tg&|MG{&djf!
z!Av)BMj<4+Edm1)*sp6}wpSr=jg?v%rU6a{PsIhQxKvTva#hmq-9DO0XA2N%;M_R_
zIgPHg1AT^)#Hi#MWfK!4XPq3oSyl#LT|(3@ayA0h-uls)n0?wO4ru2~AvBz37mHaq
zva*D1x#7>x#m(aB!;8%J)soK4&MA1c4=#piT-$!Gc~DQfWr<>^%?~Gq3>DkP+XCXa
zm*c<S5fo`b-{Xy&X#h=4cF45eU&t7~N>?T1U7ZvUUgIs2oPwXt)^gRWrnh(AUO9L&
zEO!|#vLX{u<aaEns8)?38h%<No!_~@mP@!fTgDzmL2QO*%RKs8Y2eA|gJ}0Wii)R~
zge;Jj^#Gm<{MRkKzRkI9#XvUP5A~VB?~d)Q2mr3t!`ck*w$n$jr<j!HV@gmKxQyWC
z<kK3srZaV~rt*^Y+tyE?*vK77RkxcBCaa~nAC3|5!`?Bz9#T`J3+UMI%SXIf%R2I6
zlgwxo&$7pAhEUqNwp5+=w(Y-<7Tak{3&tWC#uwVN2{bo3UY&jD`>}W<$srfRb0shS
z;P3ZVvX;|!^K77JXZNUp4h2}#$wX#bejbM14Je(_%P<vBOO<11#y#BG3&KfK%jf8B
zX1GWl1)GZ<fb!oPG7l}9w?<R0x}V$B%@8eg=bXsjcFxpYoqSWd(~0Camk;ECl)t^b
z3kLD3BUJzL7E`L>3-c8PbRIg9H>~Dtz^kO;1H(;(;B$*j%nhZ}02b#@kn`J(28I(W
zotIml&n;;XY>h-@eNF_9|HMEcaO)d7&bk-eGk4n`6IlaZ+>WUpZ*kb9NUg6A6F!}R
z{jUPy8JOthfW`4FgU(x@{{rRFhc>ARB`x*+obljtD|h$5@t6{+Y(M~FFm^`;M?yNe
z2dCXFx7BJ%G7*`21kg2r76Vz+pH_2G(@KoW*|^ct^H7BqOv9-Sy3DiadT~)zBCEdd
z80`-5z6h#}8`qh5RoW1_d_vfEE`9WT%P4(n{Qlsl{}=EsR}SV8RK`YwrASQow$Gkj
z&uW(?Ci&Ik*x8tv$YdXqO!EaL6bdb~{s0O3jMJnZo_|bAHZ&E~Hffb9yKbBUSP?|Z
z4)GZ$sC{e)b`UBj^#2KY>$IwMxW%5^i$pf<VbzZMj+o5pRA%1*2`GlpB9c%elK2&X
z{gmZ@-M+aY`Kh3NXZx$G#^meWUBO@7S765C-+=n+1Zm&{o)x1mO-9r46b<mYUnXeF
zt{g}M)R_DIPiwJ_FLwQXcKtm1KwsLw+P3~875-zR$3NMH|7bP#4|d_dI^p2)GC`1O
zq_L)F`4Hycn}~smf$fgPyPVNgs#eETtYQ-w|NhmdjP7V?@HoJO`9Hnle>wp-h&kzR
z1P;0!8Cpjt^|H?yeyk)H>a{uz(0SqbotGR~s%r4>=%Ai>wY_S_(PDW5Q;o)k_V_sg
zkJ(rA$W(AW$3+u*%VXP|;Mhj2g^!gyI6K3=+}og(3MZ%l#T>Q_CM7%Rg62W9Yp(42
z1MC>%f12FoFC96ucm_zbmi|dxg~u#$c}*MQh+V%%pE-;d1*kmSB47hyi)y(p?Hv00
zCYiw(kBV9PjNa+2tnU2NQ%7@fnT5f81+Md(?s}r*nScgLrHuReBYOV$-cmWu-M{e=
z-yNT4sw!D+2zJIRBfp9q-zMwYI;4Hf<YbqUV3#|o+8N6<;{08<Tv?x{dmq#KjvuG@
zT)I?=q`1|}^UF0-pxCVHZ;g9kzA%hk*~q~4-VMt7-uLX)nqw^QTK6^%#f*!$eXnS5
zvQhlQNMvv%H`o#Cwgkij>hU~3^_(n!9ueBMd}`?oyOuR#-BxOS%FR3b>Z5D+n*iX~
zx@%)+w{WJg+3X;ZwghHR{!Umu89CSL=;$m<e7Om3p9slk9fD7?X)R1OT}n12l4tE2
zjw&eoWpnM{@$%7ey)Lc-fAZ3hV(Wx&cP>$-Y+{O+<*!o0nL6ef^*6%R6ccO>hT>lF
zZR>c`*ot;@8Ya8Xc<31pwFhRp-eA1}Z1lj6kv+zx3!2qwWOltl{&3}-`eiScE<a)4
zjPQ49!JsY{iSFkPFaP+=fGEEvZ^M=6{d71aavN+JbvVz(EBGX};p-WdE6kSP<*)1E
z@Q#g`_FpT0>OJ|^l-JDbwbF%bmT)GGW5<00CVGk{(c9ro<S0ej(Kwzz@W+;08%a|`
z4R|G!8;oG_EP?HrSEf}H!RTCL_4OrnV7DiFk9A39qqRUqS0*OOjTgoLB@)B-^)C|R
z^;`MPR%V)Xn^%ULY<t_`Wi(TP<DUj9yBg`FxTbSA%q`6N9eOim&LJ>)kseg@XLc*{
zCZ0UfW^q2#jt9+%@$bw<O`)2PHmh+8m)i)(p;z9~%~a&g&LcanqcW$6N=&2CLMyr;
zp~Bjwlt+W|XAE>ahBxPtZN}&b<l5XT6_x2);CAT40r3_WY?NV!$_H;XE+(=4VK6$e
zp8bxyEy{+KG0J6sV~yA(*=VDC`QVZI++MBPb+oqro)=Qde;!8R;C_D{`PmLqkQ*f}
z;gi&Hv&%Jp@LT$sQTlaw>hfnmPP(1*<ga!kiekCfp`nrfnaIALsGQs9JJv?H&OU+B
zrIj>|JNttnHQTn=SbSD6cQ9eeIDasr1?~cYX1-rRA(;N@)(pB$^)1U3qh=NZ=;Qf-
zO#~EwWHv6Y<Q?8*86^V&ip9izaP!cf8RZ?aP)xw=!6Zee3H80{GU=->-$&>s<M|{D
z3BAvW_e)QF0Q=~>@3Eicr`O9w$mCMBU3bBW4>=`OjL1tKt=G2u<V3V>FaX4;%>%;I
zEtAYSr(=s`7#II;dF$Wnbs5rFLgUhLM(WVZ`-ByE-jh@VoQc&&o64~?l=aoc(l?29
z58tF0PPCk&DB|;fyqK90wNG_^_}0_&K)#eHfQsh5{7jxZHFeD}fH}Vf2O(_!?LUzg
zi+BH-v`|+-@urUJloA=lH(G)4^M06HZ>8X^;NTWq_o4na;K^FKyD0~7-cLnyWYlXn
z-|SP<U?cU{7*gV#yBC0s{#Bv&-FiR5v*WJrb`RVHqUM|r1CJ1)cNvvpf9c{E-gchY
zi)7+&;*n0OnS}GOKjSv_JGL@5dH!xR;GcxWCyy2!q%KE<OH!Kg`-=ReB3LIpeN|~(
zNrZL3V98_5GMyuZKQE)(<Dn=XzrcHPI5^jR|94TDJ)hdqZ?76Mcq<(A&x0$jM1R4M
zxzrs?j;8FIrwUw^b*t~{Kl016@A`htCmiM8PvUgqmhe6&BwDrH81dhN(_YLv4Q)jI
zL=-4{YHIaNeO6||epcOSqoeMb@cy~QZdVs8zi~!EiOhRA0orQ(<Z*tT;<0~t?nV?n
zbHC6yBPH>-eR;e7QussBBBk}GacMZ~VX1qg1^}SaDpblgDMm`HVPZ6elUm-C3iGr4
z$++=PNF>%i6Qed^cb)348UApoiR^1bVR<c7)k@akn=h|nE$&U-5Hti6F@H53fCS}I
zUvh?pB#R#MC@v3-i<8%3K>#6al|C4(qY<u<GV+wtvQ%CDFtm*Dt-7xtEyEzWM7{&K
zn>t)qYA|<%B0JIdL!tySk63C`;jTWCLMEJ01!UO<zkUhx3Lr?0Q>b)C5=2(E?u9eS
z1=)S<05A2@YYWTeHs4xpzB>-?qN2Vrpn(aS-Q<qZA&?~$K)6luNxZ7D;-@~fn8{x~
zA6mG68Yt<6!bI;(v>uB8&;t11=z-Z@$Td|b77?{oI*qrf;>r&Yq{=b$Kl{Cuciw;7
zN@-#pH%$AhW+}W~w1uBzHQ3e{=ZC@_6@~Yx)WpwWWI3Ru{b|7wd#!-*Hb_lXGuubD
z^gaDunFQBa`*;YkXw)x$jZk*L9Y4zAum|avTRZz*a0S;<zU)w{+VlLoK%LiwkD`0U
z2{)QPCg8M_uMHsw8QFPqMoq&ghJA{5XgZ*EJD-Cx+tNX!k$N;104Ph|;glhlOO@iy
z=cF9A3_`t}V!VdvT6B=JPQd;qzk&m1v(Ql6roDwcbA!w#+wgGG-!B^%BR#fg!7U4!
zpy?e_&OU<T3^ggJ2LK>$H{F$Pf6goQGj{Fi%r#AGBd3Jt;V%RGJs7wu?$-Pbokq=h
zVx*O(;Vi%L5zlQCMC%dG56Z7&l>kdjm;%MF<B3v8z>m+%I+y)9b6KJ`^0qsb8lR=U
zbGLPtf1p4xA@WV2D<gm9=nG!C^Xi|TCzO-5vk!fule-fe9?TW}s(jSgNpXt;EhPju
z7H4}-_&`cNKh_pt>L-HM2WDr$Q())c2#ES#2?L|n$<0S=O&0?@HcFi@!jEE<9nS<i
znbpQ~d-NlZ?0OUf{U>~GU}tfRR$=%qy(W|NS*6TQJI|N-0+o+SLrFHYr%q)QpELwo
zw<jB%W77pXx;#1w4hP|O9|H;YRdM@En>u~tWFP?Dsf~TDyC)qOnx>cZ)AUz6h*^p$
zmj<H^$T6x8-bR96D>%=!By3AKain;c-|&vPIp!U$i`=!ceN9sC)O{3uV4}O`Kgw`~
zN1wIwLzuM0n%McTkyhMwnwDEdoa)D%cF>mLttQzRl;deu*v!SZiwklh|9^;W@P<k0
zxD!F-3aro~CXJHHwfbX;ZI~jzUgTnxr+&4I6T<M;QY8lXsYop|Mr&tY-r=R8Hrb<x
zaUgWl*9x49jaIeQ+KyI;6YLa+j=IJwV`l!e(#=HoY#fkf8C>95#i=xxtq8Z%EXDa0
zua5LP{GdY=kE8SOgu40eeq}vS<fovX0}FrI36>bUde-RBP?<9NKwK9J<x}gduTD9z
zo(4~bHBO%WA{n~*K%U{&JvBL<2Z9F^+egvQJ{kp3XFWkOsU93%qe3ZTwYyuNFqgNm
zn!{zZ@n{J%S5C#-elCe~h<P#w6*&249&xRO(h_Hqz2L~;o(Y_iG6Tg_lkq$puD<rD
zQGLmbgYvLSN{<c|^`v~#z2;hLizHj^vA`>$z>8LgnfWZBuVQTJ(RVrk3b!guju^oK
zWQo#kE(TM+@wVBCB0<#sL>b5Or)ey`hh$jMnCkPmiOSDSXj#pfGZzw3Y3cO%0T0oI
z9nlmxwnF{>?DD>p)vFZ&Fb5#6$==>i8~Y!e+F#-4_;RIi@SbIsc>4f^)HAp|*_lRv
z7{EsN+((69hm1%aCi|LLk&ILUq}?~{D%jZBz=m}s$RO%Bv_q?&;5s?Y{!G9maWRZb
zt6Fdi)=Sw7btg#`T`%Ona0OIJ1mMCmrnuklw~Hj}a0N7NI-o*|_8e64rXXoAZ={6X
zkT^n4zDr;ZWQKrF1`xylV1qR!MW<JwB0caB+h{!B%Zo3DkbM>9i^^;1jA2>RP(URl
z6;Oo$tV~ZYs|O-|?x@!ixh41_%u7PW$aaSrY*DTz96Dy~{)t=Iya4)HXlZsPHs`p%
zVMREAyD?{dSxfHIa3w50ZF1M9;D<}`8)kb%dI<1(+m#Rm>->S~O3SW3-RAY8M+6bz
zWd7Ft%0Q+OJi!70G=W|0o_g5l<Hc>g*HBYHM%wv~`1{T7O<cV6F-S-iJWbxdFaW0n
z6YGg`9E>P)HFH6=0vzwAe-Z)02>%rk04E@LJ4SC8hADy0@+Y&?Lu!ov3nH3UgkQ((
zbR&GCaQ}BPVTc6UY?uE?0+91Q<rJrr003K6Y(gb8l4W?N9DEBUawJ%ZhrHt(M?}Mo
zSoVRA0@4U)MCXYy@9lqv-&|EjvQGI;9|*C_VZobi<KTk6bzMk6S~g)K1i<|KP?_%F
z>KG&UIZl1=gKU+WQM!~QytyfatqaiAJ}AJ)e#CrAylic<Ww%EJjP$ggrIN`aWLo63
z{5ouwHRmX+eD1F8SUA|<tG?18e5?8Si+)_t#qE85><}}sR}Wv#qELDaQ^t)=tX^4_
zRt!}>7uDd}EvF?HIyZl@&h>kB{)1GOpwyb8%LO@Po@)c!0zcjN=2PRtu0a=NkZCw`
z1Hv~N1JJJ<7dP@inH`SDD)-Xok0Iymy{;Mu`^PjmW~t`xL1<)14K0Wwp_zT6A<AM<
zfH9`7bdn=azi>rTGB&mfpCgm6j&k(<4jMV0Kk2tNw<JMUp18OYIJ1r0<31e-`-qls
zpS@{RVix#*gEAoJCc8L!`2;Kl5+4t@uD*66Or=~ON_^mTdPg%!{8S=?<dcv>ojrso
zSC&9GAwI3Xj~&q9-O!s|tT>JT+pn1R!g~MWYpGX@nkz8iqo}twj$fTKmj96%X4ZF<
zwAB`zpl?1ETDnTq=g-6o>*+JZ+0F$*FX%Gz*~i2z)~|<81h7`@91Me2Y7>vG$9+M$
z*yoX0Hg&6~GtYQ%N53W-HlCkM7s4D{nAg5>dt8ZqRnRuj?3t1{5@QPaZfTCv#P}27
zEH(8(?r{lGU<;2lF=Sj#F;Gt5xBxpgT>?twdjpg4$Z`oW$F)TGe%&`*Vn0f*Pm7=v
z;kjs_l2YV}D!C0aBbj9)p5qG!qCWE#8yyrM?}B@SlZeqVtItrZuqP$S2T~G<K=XA-
z<hWDC-&Vj(z#d^)&&dG~j2!$bR^`PWxT~V96)(&wIx?mzU&a`*?a}rZ|Mj6Fa1Qi@
zgk_X&GJShCyM#Q93AK=2m$l!uZ*PhKXmVj7v=z=tr@__MH1BZgu<YlJbpVZKz`6wc
zreq5xrc;<f<Qy9M8%p)19dK@)0ND+8@UY18Dzm8Ym=-8?u-N`L5WT`Z%8U~1;oi~b
zHlGTSu~?8a&^O@5T;)S@xxIdP+;H#-?A|(_p$M2&%dZ>i2PUI>u9K{Q%un78g-ReE
z67ntw`qr2GhaDLeTSdO8*BR?tLWWg31<_}E7icP_s_fvQzUn#-q=K+|ILvKQ2yWK~
zf%(oB2RWKZ6OR)NS46up{H=|*!_6Q}yn-pYnsO@|;S*||;{jb6`aB2{wo;t9xMoLF
zK4olc!DKeGEj3RSljr>G0|{q>nYz8WewjA2>qtP?WEVUU49_p?MyJ%@-N!n(e%Uq4
zSKf5V@^~yg&q-YkJ{r?&@rLLE2h(e9Mh3VbaA<i^qqhNa;m3J#NmmMRbXmQy4>|p#
z6FPuxpMu<SUNq2pxjq`fQf%%JL(?T53t$;TSscJ-*vmlubpczqtsMT+?T2<n9pWIm
zVBwd7-0ITvp9J(#n3U+O43R#)x@P^2<n-rlE$ms1oKF$MX3xJE{43ec*mcZsA{O#8
z0JhmHk8i)V0oHIA{7Ig{U_hF>Ga)GpxY|0;S1k&_zxakd^KJz%;@ju^dAsn~$jfPJ
zgP(MqAm=Mq{V^$`5O$HTv~;2WbkiJkSpxP+vdN(jWDYkkHO_n>OnDg6-Vd!MH*R{M
z8b|amgfEN;B@u9OLqqj4`2xh6g)i31;<kDsn^Xbf%-gC1(f$!)por4m)s+55^!P4R
zxHfcx$$PB|I?IWEL8>VW@IBo#Plvj?h=E6`l$cI70)*)5_x98{#3OO|p!}l{BhgHd
zKWn2ade#hV*bW+fXJ!&^p-$`E4;Tr6n=&~hB0`D}7C-Y2FxFOO4=UvyPcW+eC>*cj
zy3fd&a9<ZL{w23z=EC=vt1AQ`gx5O>9Du`5<cZ8jO-oceIio{q3+3cQeqxJGk;3a3
zQm|N|meyYJfuFj8v#70ZdQ`^l?0~t-_fSEBdFkfx2d}HvjhRu}N;7=w08inWss%w-
z)7oKA1M;<2_Vb#?M#HRQ$TyU9x}f~a-~E~3ppF+Ip?DWgD#llz#f25^x0ybGkgNJW
zRMcHZ&DTf$qZ{nv)L2tf6}d?96r9VRPcmgn>6_oMA7uAHkN~H-Dc_ax8$RMBR-<9K
z^K0Eq_5yd{OyWaKtKQnwtI3|V50}4HJ|{4f?EW^E(5{a`Ig`gePxSW{*&8avOVLbX
zh2Ny8k#u~%boD2&gC&g!y2>=Pq~`*56;>xAy65^^6!ON(!rZ5v=2v2pqT`gZ!{axK
zan`6Y_{oy`TW92s@ngF4vC0gbKZDv5zbhwlq|gk~6^f1R7lQl9MeY49EI>S&38@jT
zKZ(IWt1nYPu^VxzKg7HZeqcvZw&P)nx2!iDfKNGr^&LNVC+WXv5CES#5lLMX2$Anz
z^T|q7mbqs*Dkc%{{Ni1fJANwZvc183k@+tT_TKrUW6{yZ@D|jMzhWxbs?Qo571&wv
zD1uT_BU;ZlnkOuYzTRs{%};i9{bbtGPK$bj7E1)V$EiD`#9L5oog)Z;S=x>p-?prf
zUh{5*8m0SGQRLVL7L7OK#4xrA1pLF%C(QX&>v3DGqZg5RJ576(<()nm=-Tcxt?ryc
zEJLRyPN#Lp2gJ;-3I?OgxnYTQ?_FT%e8b=?xKSbgj;ISHAN)_GR+$C}2F%;tO6|9Q
zNtCIMVKZU|cUG(Y8(v)f<!??yJ~3^W=$)A0Y>w9o{lB~Ep!@?D|4#`S|52v@54ie2
zogjXh&^g}!Kfw9_0O$XI0M3~^Go#;-r2Ypy|L?$aLRO{dC#1)So$X%hl9$<p8|y?a
zQUM-GuIR7%pZ8UTvoVomr<z${0e<)UoxxnFQ81LONcjBPPz+#=zdB!s?%xIezC+Ol
zm<bo>@46;YgDk@4+r97>{0p{Oy_3E(-qwz~%qn<L0H^B;q~&_o(LZ&iL^$rvZfUU^
zO{jG~8$Nq?o5_nI+~CH%5kjPEgY$tEqTkHmMCYsWJHx1sa`J{Ac@)P^#3>TQu;enW
z?8nAs%>*<RXh6dj+$uj@P?vi|JAIn`Ik$@@48ZxLu$R7E)!^@=5jKFzt-JLHv3oBQ
zhISAc@=LOUpNy$Zs>@A~5;!=00t&Ei&WQbclkBveM|3)&*;%~<4FCxL_}qcG_`gTa
zt?J05o{&x<12Pxm+AX*f>HIPh$p(MH*G=$iaX$Txm@yjcDkKHUTN+KY=2aH-?<==}
zeUq%%Qt>hW2=YE3L_u)#(M9UT=^UbybQ^snxp_G<#aKu$8B`!1mGx;TYxWQ_TFJ+L
zfYUUQY`16Mz%Sz<wRz*z;s1J5DEUT#NZ=T00|&U<QujPhJE>d#^WyegXpeI~)|M2&
z2{D^#COz8jb(`mpu5B<C3T;Rtv8KB5{F$qzLF;#QCga)T^2~fX5(GeFE((j7j?Ska
z9F*R_0zq@tp^n6x0F!iR6K<?&x|#h2cbA~!;Lp&)kc^e*UiWb2JPTIzcpfvDQ~7^1
z{>LT%qVcC+@#wcqenRIKtZiZ?4a~9v?{2%h*W5P+r{bD7=vdVS=cfl6<VM~u@75$V
zYLuMJ!|m=eH09Ku(Z^}&@81(Q4~~leuJJ$McN(aKJsKA<*-c}3)lg`+3EEw%)WAdC
zoSX@(Iyp&B-MDiiB`bdgFP+_&klbIz&Vi`3-UQIl`BVa)iFjBA@;bhCNce9)_E52&
zgnUV@l9D-io$oJ_rNpYZdkkcnplw+X%XNAzK-VmTA`PNbEIhp0l7^Ew1+A?q1X-ED
z68$4den0o<NRk8-JvgKUyqm*O>9nCfJ^`FGn6<obL@$=Z^3$_?1$>fJphFOX7v=jr
zT_+oA7U9=YVD9;3@}WXZ2<WG+DxA_7IM^^0A%7J9sk|*GWf`pP_olz55tDog;1|l$
zTzxSvV>uwW67$NjqQ>$gj?@Hq+)r(eW25F6OW?2#pA51m4skBVQa|2k?O$9I_j7nD
zVu7BDHlHP+tGKm?m!Z!(SFpfM4v9{Ml@)-4;GUO`O7u8j_DNELN!{Yz$$t3uXe1xJ
z2Hqb19t1rjS3(x~`JYFhpKsB<InAY=8w9Un^jUH!!baeE_}_`~Wm!i0QV{^b<H{qi
z)>fn36-8jRVf)DA<Q4z(*WLP>eMvtcpzi(Zg27LKZ}zXva1{T%XeF@>@>zJya)uYE
z-(anXNdgj3t{c5Um&j&9aT>XvK~;t+-Y3yH3I{M6WUp4zwdb}mTfMuH5xtPUhd2!a
zYsIf^jji7XHw;;if-0@$LY+X;F%hdMt{LC8$PqW80Fp^|>(v?R*CvMFMjI3+%1+kT
z@lOj|gS%6)@w@g;qJ3P~Of>_ztaoTUA$b_j!;;yn=r_nDZ^7LzB|way!Vr~$FdqT%
zhUPH~*a2#uX!YF9QJsbcWWRSW-fAdP=n}kNlxoV8ZdOq6Y*(%^WwbrnnA^Kaj%wMK
zu&Iec&|suWH<T6F?z_)_5=%nzm?t@T-gjYBSKICputDL+5sMSBS<VxA()0*WDVB_m
zR1ye$#9Il1oiH1zLGaAyKEy>GX5_gfxaB2Oi?-{xy)o>R1LOX*J0N`vzXD$vuInUd
zCNo#j_Ev$?$eW1ec8lDrk<8<~?HQ{e5~~1muuiJxW(_g++&0w9Rb*B|@4ei>a(rLk
zM+`oSG4kjC3q+e}bta0=6X68QqW+!TNJrZm&eQr{M{{kn!5YD6ZOGE5EbD~*so7mJ
z3#OaJ31LoLg_D6uZap@xQXj%PId~ByUu=TO&Y?0}QAWvHL%s4-$clJP*z0%rm%}CC
zSOVy5r57hz8+JUZ<vXcfH((Md7DdOVGfHP|DkP&rYXis)L>A(z)L<y*&q@QjMC57V
zeT*@|sJVvXe{8YQaXB((?}wC0#Qv5q8I}SE=(@WRo;s%Ox~V6!>>{zAgG9BE{iyRr
zy%nX`>58LX8@)Y_ae~X~av_Kw98DpuX{qZjVsyLPTk`|!El&t8k8-^tJld(?`wW_^
zSKP}ZJE?g_qej#t5>D``{%4n_3btWzA^&fr@~;FjG>ycJ>oJ2fj%8`oKpoq(lQ@q}
z3B#pQR%bTA7sd*ph|Fc_>VUld$}cQV%Lidp2!K}7p>c|Quzl#_#m7c2Z#`XBaHn>Y
zlSt!Pm=>%PVyVX>zpM}D`wbwHZoi{u8|W&aX6+>l3oXznInpPT-+|$2f4^3q4y97Q
zemg!n6Af)6w%>ugh>@B`=+IgX+SWSU-Tn^iM~RBS)vy)zj&yFvOZx9*?p^;*=AMlA
zPnkQ)zsTGtwDIS)poO5!4@^Ow$rK2pb|LZmfY;vcx+RBm(bH=vK+AUDQklO2)+bhb
zj1D{148d>m(w#4~+6bD#Fp9&^K30XLxnYP{@a~Fom&uZP=o|$$!!&2mez4s1RV(!@
zv-O*LyE`9JdfP;jOf)vH;KhBcjW7UyeX-Dp{WbYWxTj+=+;b5SBLpeif67Mfw{-CF
z@1u*KWQ9F6?G!$B#LN;goKhRX8$rS|{LM<})2Jwg)|)k+A|}-nay%~P%DoXC)SaVR
zZ;iLa2f#>=pA~N4ZMa-4;cO{#j2f%kl@NRsXSaYN$E_3Dfk*Xe!=(N=eMw`38hXH0
z8N}c)In#rJa2u-kr*9%Mex`u2%n;C59mvSGdF@kEZNat+MJND4ny+mq!iS`-T5#{<
znYnXghkev-L9Di(D|FEjSZa<x=x$5MFfKomA0SeOWV@jU0U$8JSz)z;75kEg89ilV
zTHe5+0$Czs5muZA8-xWbbkjxzr@B;KF;)EFML0QzQSIhRm9L28<#Uv-y^cm3O<_F5
z>w6oQrY(+32IgYDOAGB#X@bIc!vi6y)T7xKP}fNc3%azsD07PQYpeYxpu&}F@{w^*
z*J1=P|IYwwpTV(-=!<vMRL?eo_BizhJMf~&?yCrVR5l59bz?HXZ?9Ow1OQm}Y{5Wi
zdEpT|==hW94vAhqw`hun2AQVmm##BM@NFxHXq82)ZpxCg&bIji#Y6ezmnX%C8DTTr
zl3!LHzcNzCj*fjU%Fq9*D&>4hA)RyuRuR`R1nZs7jvg>u7uXUiTBXX4{b+=8U`aYy
zmma8MF1pA^SYk`{^?-`wH1pdD6-Ac5#Vn!;oE|B$hnbAyS}$qxihL5>baiF|DAh3X
z6f#*l1w`9Up!;EKx=BvJTKA}<XUlW!f&lC3u|;}7lR`^37dkAU!nPO1kdk>SS9J;?
z#QN#NH1vruhcp5H0~k~u)S4eUuWBwz+UBC0<fllo|GON0m>KqVY<_9Nb*t^`DIj0L
z<mfVuQZrE{2e)Rv@8sg4<WY66IAjFwl|j^KyqJjmWb#!e0mzcW!2O_PSmY(#S-JXv
z6DaS}9s&+X`{EVX3mr*5lApgnRjgvX^B9W|h;p<rM)l{)YVIl=OaZ|)->qlBK9+xh
z+0NGZ{`3tl*5FuS;e2y9(_!;_o9S&vXRG|T&mNcKV0vI=O`yHgA?NJL`nkQ*&Lxwp
z7;k1QF`rTo<E9QXi5%a%Ko{DPsyG<d{~7XwVlqbNWJ31ZCVB^nvipHGjMyTyxVQ&u
zvpX9Txfy~;LwVFkLss7cH~Eo52uQady?zzL463IZn3(-T^1x}VYvDY#X68YKDFD_N
zg<h7fTE|Q?8BVqaft?V1>N;1nIASz3q0l}03*sfD#5T3L5Bg`-G^5eKR3-zvY%V|A
z>7M4+wzS4d?hie{^R|f2ccq{2Ewg4L0f7~ubA9FpO$wcJ`OMdxZ_M_uQpfH{UPxvQ
z06(k!?JWxEmeRcH#GpNy{W7&Sbe!VhQ44)D=e^J9|Ih+FggkywZMOK11xRDSqDm4i
z5A#7E*9D?;bQpXkeL4!Ofp8?S)y(hc4Q|W8^*wBnYXlp|X|~~4hgv7>9%gOv3=^+K
z5(F$%I+t)O151zWeiGWyY{h}MLrTg^Ki9feJw>cT6@m5%Sj|mGS~s4c?gkp%XCuyB
z*iDu20X%e1D{Pe{ZxZ7{&;h395+>#$2F)$H&`4A9p1YWh=2#_HoLA7+rSsaXMzCe?
zHKMRN{;5TQ@mU5=%q+~x1o@a|)7-l1(%S*$lakILTSc?+CEEEC-xmNA8&i*je>Ck1
zy^iVk3y);j&EoO~FQSpcnc&Ea4)UrBq9mvLg2h1O7N><}I$4q1J<f@n2F8<I)$V2Z
z!*MbMq%yUk$^!CiTS&jX)dJD6w9ub&t@93FD@u4WNk?p_A%#va|2X{=w_YSCKX~ei
zNX8@~RIo2gY}j(!E_MoJW8=6bsL3y^-ZnNI2%556JT8A|DA>(ZZydP36ZchmwANF_
z{J*RMrv&_a75K~h-5LL{Lyvc;2fV?7McC)>4xhGJV2t61gc4FY+sI2XO$Cun-4%Jo
zoNqQO>Uc~{EC;Q$q>AaHO{e<Pih`3PMXhupMZ4XJa;$SUe?qj@Y!H0|3b85rFI;!;
zWUSt|PTaTN-(RokKA+T{JBjThd)4`<?41@d)OCcY&n#4Ij%5f?Tw-Q5OV-=;4`ky7
zOKNM*hGU(Z5b<#g$i#Paq%xW|!#!Mu?(jZ6YUbnF^43#3SUh>-_SI#q)OaMi57+H)
zWc7jFqZjY4OR1G?+AEDVat%IJ!^!%33hhLt*;KY=fk*&;D<!2JPPqqZ<nMeVGs<f_
zy{zowq}vx_?ZP3SK7JoO@#o#;5M^>GyG$PuO&lOU|91av8-KWyyr1DaD?P1_a=PKM
zk@OImf7^^#{vZRDs0+3$dYDI2!nZ>{xEXHZ(b}Vz!@L$$lI(~3jf2+rdQR75mq**x
zrD)aUUOX<>TQ+IUDlN^ZEP$J^pX~}_O*Fpsoy%+D_756T5VIPdY*KihqZlk@?4no~
zI(!Dc20h!ro!ih{#T-dfsJ}>yBQPv9vUueEO&oX%W5|u{pqI*szj2(j1&qIZ^-ZFd
zK6)dEcYbsFpf_y+T9)fr7>w{RJ+mLXKknfEW{mX|mBF&yu5Tqz4dGM=`cj4-lLLPI
zRvc|@4mlF*Dh9$?P6^=u2(&WQ*3&YXMN4JCOB!Xijkb@(J489MVbqV8GUN7Ku5xsB
zR`d4R<?HiwRib^og_xBiEq6Iyj(Ry%7}aJ8QUI!dl(*Koyq$RP0vD4_f!fvxgt+CU
zTw9w>?%7*bpT`U!(2O>0C@C9w`&I3FL%|-=*~2$>GwC;MXcaPa?cUHpp#(>s2owOo
z$J7*U-AXf)X`+FZJ|eukJV3Afa2T>m#HqXCHkoJVf*4G|Irdl>i(fo`ziIEU4*&oT
zG%!8d<Ao+=KcaFy&#NY=rqFYMnswq%4a^n-PB+hJ%wH{|aHAU1)o)>u7?3WnJ>@ej
z)Chm6W!0HGv7024>3cMVab208RY^WK1TBCC+@V$AkDaW3dts$DeVE)!s(KigW!%48
zoj+tXYxM@Ef2cXxss?}Sl!BUiz-bTwr*cfIdEmkAy}k&h$7?wIvEtmBB2W}8F9VNG
zOf2oetf=@sY04p6!isJAW`kurJ5^V;;482d?0^H7G=Y~yV(V$O`lv^Kpa$&79&pwk
z06<Fj*Ux`F5dZz9e?9!m8--}kt`?eC*H#r<<sl?KPND<W0F#J{bMjhqadEV#_y(0p
zNe$Cfe2Vr30Dg!`MDWYNQ$wb|4FZ5-0P)u)|Mh?h_VEUP{mbEB-=Sp?14e-WLK4?k
zR~gxCv?U5T$;oCCb$Y4=+}?X9!}Z4z;cO+At|c^o8>*Ar^pnT+{<ysS7+qQQLD?8q
zdc}ZCy12*U?LjxidLb$A{W_fiYx>32)yamS;czW$i&VHx1&EVbm(`5m*V}1<SbiBb
zYpmZ!?@T&6&KLof<+)S39A6bsED#1vaYfhbkDu(tCpFXPX)9^Y44Bez<M8rNv%5sM
zb0MH{b)0A~*t>k!VlunSfQe{v2HM$=rL;Ug4ZLE#Msb>%;JCi3e*MI2n|4tcd!m-^
z&QuoO{P+1l`o&~yUDvt2X6&(k`0U$Z>Q5#0Cmy9+v6*lT6@PGV>k~Ar(=~{LhF|k-
zRd7V0iM*3zIu-Ny*FdL^dr{485@8p}5aX|3Cy$y;KoC2-4Pq60|H3RJcG1)FZ&ZcA
zX%3}zu^C@q1NtzNwHi~nv5%*sz>56eO?T5Y0S#w*E<UKy4qpg_+fQMv({;_p1Z@^u
zTc7Mdpekw3-}<&0Xx55;{%u!U{f{YZ?>m<gC7$0u-($V_(N)?#l(XNuL)ZMfgN<ah
z8aA)$FY<wz1wEaGpL*06nvHVtX|in>rXj)K2Nk~aJgPi)a^lvD7DWIn8EW7ER$>TA
zN$FO}8_qW$K0rOgN|N(0C3m{pydlwBf@iF2qCVpCi%emXX)=)i&##{!o$ku(y`921
z1aw%Mo79f4@+87Z^O*5!U?^sSofFN{W$U=oJx<qjZQrBYEGE-1pHhy^kP|!G%4s%a
zpW+wZ<M%Ectj)rL*ESDo;l|e<ewPoqSV-fuvq^@k1cZhLb_WpM?dWh9wpa@@x4<?^
zBzx7^)+l&#;N10?;q8Ai++l<Eo9~66C{_>>Jgo4|BYA5jL_IhO3$<Kb<A6S(ZRcKa
z=1AhB)9Mo0(o*zLeBar{vt!YArKj~4oLL@q^ewO-la2NZ4XshW9hSe&i{@l<?Xuf0
z*EC9hhBR(;a=!P~^}21J%RU>Epa&F_0A4WJfsY_oO?S>$6Fq9pV>^0_I8|%HGrX7K
zakUoFCf<BY`kE6t)_K^epQ&fr0wY+n#TxxJHT9I~sop0zv|bI^sHle^U%qcMQiK!~
zXhQV+ev%dnEosT_xi3gq;Q!4R6Mi=z<<bpAP90Yc?*qH3HMVKfj<cHA1Cw4ODot7%
zx#0*=(LR@l6-gJW4QDx%r4hjtIZ@*VuWJ|T_T3~54;6#c!59-eNe*-+)1=>A3CDi$
z&t03Ih*^(|=mB0qs=610jd+~Y^`@kxp7%q=S<l)|Rmne{U<O$`Hf~OTmx+qnDybC9
z#XWm6pMdhN2VJa}6LL?v4KA++`NE3IH~8#lGVXmkmiuY`aC>=dn?K!Vntr#WjmRmp
zJe(y4PaO+iJZ$pYKdF^_@69$w!?|9ps1s(3e~Jmu&o|<?lnVF04cy~380**^TO6#~
z_0&-t^^$!$3|H-Ze{i;3J6*eAgFg6W3A&oV;z&i%-aT!gUwxc^IcnKbm-^-ZL$P}P
z8_WK}_>a?Flwry|!rYl}3n?=DFUF-Z)g!}Pb}bzkP9pAWKe&91$0?`vYLZZ$gClsH
z;=`a%E<P~V`R=6KwRJLw@ShN|hBTw2UXq%1Jb!01vG#Htx3cqb_#x<Ymi`XEi~1pC
zJcFF`T>E+c#J8itwv+qlQ8UIvc`BOx{Y}bf_}ypyQ=7do_QG`O*B<{`-E=J7X4f@5
zguRMI7jn1d9^b&LA!Ztbv(e3~3flFw*9n;Oq73Y4SufiXqZN6P=gmOQJ-JPScf;Rp
z+%g;|oX8J@Wwn3C17}cjv=6(l;~wr}AE2eZAjuh~1b7J@=9e}y^wzAdX&pSCT62vn
zO3JCfkdj7+?rQ064yD>!5!UX{R_L$4$S)PmaO%GMS66Clno*yU8PTu(aRa$pucqXZ
z=jGYmBN6eCPsaN+A91`?ODg};tKTU|4gF=SBbIfnOUQY!62H$EWZdDgYw7OZT<CQ_
zu={wHxGQSRjE<Trx5uEFJA-F7w&*q(kt1VyIm^XBgl;R)_A+y$VoJ(WciGt{1=07#
zWj9O*&-LX=!apc<IB^9@Hk5GhP+rvy+&4pW6_(qhlHHM*rYR>X)*8?0#^CMPgTlDW
z;Nr@M2+>l33o32ROVV*CtnAU+5h+i<F0=dPukp)UJPLn#g8<Vio#Gn8Lv-B9dqef<
z$hIsjlx7TXoqC7PA?ke2-T-Xq>S@15){|C=F&DF_3QP?hGeVCw^P|K(72LQ`)^L6^
zM&&2DEYQ2N<E6-MKIk>q={RzepFhV5xh}IO6uO_<E_LW%i2pc!eT=PIdS|PKimEfl
zr9p`Gdhlo6NB2xOtHVe4<SL^fGdQcgU9y(3v&DyCgd6B@VQ$CBLC|XfKN*Eqo?DXR
zLh7&N^;%P`qfe4~dpT8YH&p3@-&j?>W1RJXHDPn%*@R{hCQGh1hNuFmafQ9M&YaxQ
z+{w|OCg7GIiK}cKCZ^)*`Yg{fw5Ib*QlDakpxpa*=&4!idVQtoRTVh#ra=ERF|8RJ
z%|!{&+T@_JIIKw?guVt{z01Bo<^RdP9^*oU*p%;qpJ1e-Vj-hq`MGN$A!^)=rJ*sD
zf_F{3Q0se=Fc_=1(vyCwj`zlhtFZo33r>BgU0cV|6ztKlc-lO*64b3hjophZy}LU5
zp^G?!jAB5fk>-ed75BvXEi+`F=tvB=eqdcefLfP<PMP4*eT4G7<7vLgv4^VJSG_XW
z(a-CG$=z-%lm3UTv!$Yvf3TP5^Bkjo$e70cTkWe?9?`jiuUDP1^YDB&YmL0cV&qRb
zo3^9GJz-S$yIZTFqB{s>-*KQ^Y_n%pFklTR2kel(-ItoX#0U2F>(VbkPLz6hS5I&*
zjH2JhdfZZt@vHnmHd^+Zh+WVn8L@sbeXsZe2fihp4IJfcL+63_HV2!1u^mpqxe6Sd
zZifT>m|9+m#pw-Sp08IHwFAK(&8?4O(dnH0(=Yq$g2VKtxi?dRsh0+ZBoj+AxCFZv
z<LVZnB{i#~sKH3^*AC}DunTYS1)TRHRNy@8y-_EM^^8Rm_(~{I1&QfsSV)IA5Y>-Q
zri)>9fM@*Uge<HEIoYkXt?!$u6QZ@(wc|RBl`NMpPf}~{cYOCbO7AHg86+I7Hr}~3
zj@shx53`z=u>xmj+nd#4j7TO#8?m~gYuA4jMvse^C+J|f`&sK(3o%_xO&hUYc29(I
zyy#YA-lu+9H?JRjWPDtTSj0V*ICVj<DH<WmcDB1kx*MJq&6s<w9WxgzraU`w>cbt>
zB&4JR4u-{#W3{&Yq<UGYFK5LHa_L;)G(Ns-OgY_wC*SuJpqOesuY0?_*2}e>V7KBf
zrrdh;E#7@H+SFV|yTqV;Y7*Os_aSZigzK|PpX+FZV=z<w`<m}?+neY<2YE+kG=iP;
zmP){IOu620*4?PeyU#|ZT}N8+>do2zYVIqe;%M47lRzLOI0TpA!QI^@!5MUb;O_1T
zt|1eGyE|mi!GjJG+}+(>2X=VQ`|a81+dcbd|LmDLr@LpWyQ-_Yy6U>_>#jQ?4q$#C
zlZiy5lu;{^U^ix^L|^ZB1yvt!_6?axDE+OYln+<fTlfFkbr5R*!D4uMU-(HaK3_`X
z`6YS(e}#P>V&9H_%wx89mG?NX-~fmcn_U)NB3wQ`CEzyo4%U>p${%77P7FW3O{V_g
zA~29!^X@HZv3pS}CxeDYYeb&Rmrw0$#)};!$K@vRDNxYhQbn5@P(@mbyT>}HPfgXe
zqIZQFyXlSRt8Z}#r6D~tWEc&NwE~Fv?2d9C6%1IQQ`g(&<)RXp`KxV;BgXTPb)Q9!
zW^0btr(q6h`NcNG?4eAS)lUM70Cv`AaB);ghW=d$dF{2dXBOUJCxsluyzVj|Aj1sW
ztupE(S>JjCg@Dkrm#$v%B)cY57orJzXjx2dYYj;@d*IjpG$a@M2hTXR%`A4mmOngD
zspmN%*}Efb^BpQFsg9R29T+aT`%rp&+}RK+(9$O7IA9ut4D-W4XNPCLfDe?tB895{
zuV}2|iO87M(&`zC%`>~n7Y<YgtNsIZET4f`Rx*JZtK(I9@yB8|JzEWzrqLNPcX#0#
z^rMQvsmf1Tqn1rx0Ed;8HB8aA?XG0=%~k77`6wAJbxrwK1!1Y-RIyv=Q8gac<8|=q
zGUYSi5rf{H50@paN~Y>{tO;_qq|LkN6%MBzUIFZAd#l2r@UMG*i7`A(^#A`z?C2$^
zh%R#E$gehULjnGVDb3F>=X#5QOF}QE{K6GMjQ1-G5)KOdM*bV(`Vap4H}Lw;(Z8Ts
z*83~ciHbpUs+`BF-%chn7e|{=x0S4^!|pF!`jDhHm*L01>vR#lLqq7?&lM&$a|K>&
z;f2vGWh`M+toK*d%a+eaO&WtjfpH;W>00>BXFW|H-@sFT=%|Z*tYQlgJr?mZ<E|r$
z>$Bt}QrW*Uwy=QW^SutapsJF-dN(Klib{c}uEA$z9ln*X4!lG3_VRL<x`)Hyaf_h}
zU{h<6T#&V>BbNI@5|*(;M7ME8y6TI=Uh`_5@`My3L1l+Fr`Tw*XDDY0eYm^a8ct77
zv)3_Z7!*tZs913%N88!-f1|=2K$4E+uea|Q7^n_-3a1|)5{vX(p|q_uX#Flkc4iZX
zq$5kV+?MFjRKw%?dqMtBlZJM9hdbqxhzN~V|93O<dXv;06!-^e2WfF3kiR;0pwjiK
zlz%wDy?x@u!MzeRER5H0QLSg)YdS?X|FD$eK-c#4*k&52mnbO6&z!{RGZZLYbQ|>E
zh?JD1=<$>Oi1@+50R(tt=&&7uV!~Kq82dE8OpP5OM=fC_81nNccCBvu&z~HtqwIqI
zOY<ytIdoZcS;SeyVy1az4XG};dZ`;)lxx?7gn}FwTQlCCo8trMDG@W0OApqMDx<sQ
z_Z|WFd!-W+k%u@0UjvtG(VL6#&TM3D65nEwGF3wS{kkLHBOs%94FKpUu_KVsNg&4E
zktGU#8t2N8|GHC0XbNc{%~;~zah>#eh=ZY@MPgkt4Jp?&9#$PGHr}Ja!*OM1=_>;X
ziC3A!(7qAE)7yvOV8qyrisvgFj^T`;ji6;oCb630WxYKtL#T8MVV_aT{{5Scni|n<
zr<odC-pJ>#j+C;PvKX%z?+dZumU&DYKJaNdn(Tl>gFc`2(R|#Uqf@iMUW`vuO|Cj^
zC7=(Fw%37Q#kzY<LqVH>P8>XMDCj>I1?Ig7zMn#?v9eL87opc&K({0OML$rTFCXDt
zAbhP-uAL!q8nsR>C19pdB|uAW&~Z4X{N}|XUq>BtJJFD>{@pFu8Nn$;Rh^FHe&@rW
zKHp;xUB=omzQYW=$=HGjbFJ#h=#Q6z<{J+}od~iu2!=)pm5RK**m%%Ss?kRZg`W*7
zR5;JNdg`f4es#a4buvmLnB0}ohp!^^6A}_Y!9i3tUPb6Nws=Je*jwYG1+zaz=5rK7
z5Y}m^VnGFrzZ&xhkn~?=G0M#Fd~dhDw$rX&CBVW$J0->JK_d}$>$oA-qOW}1D-Gn~
zy3s0RF>S_W3u@)NKUKMiGMD-AYZmAgtsP&^A(u~paohs|O1h_T6r{^Svf{p&p1z|&
zLcjtE*x3<v)AT4<H@!Z`7YJq%)Mx%4<4{S5S0S}DN`5P6swQdO$b)pe*jU}qN!Vrz
zTz9dD?3B*p-mV?=&TWQqUS;yBM@YE!yqTYp>qGN7UEhU;qsl5{&h9<g+d<u%&}JW<
z!)q7Y?d!vIT<~YA50-uImxahGS9?lIN~V{+r;TgN3|rP-D*T>hs9<83Dbp*}Ak3=@
zO(aTJ$W}2eMFYwZ;mlvq{LKO|sEum~tSM|bsUfH?>Q59$snhd>rlx0<bIal2L8EH>
zxum`8G-at1dQH}i^HH%t;^_$`DkZf@YaG$kv?Agx_Ny|GdXxlEU(&&a>t#7SSVg%?
zUg?AYDHau|yQjO)+9#OD&Z~-rR=i9tuhb2mb1Eh)_k<gU3=uK;vLk^TLkK0aUU^IL
zOV2EU7wR4mS0D=(6<(ALhMzTOSnE}qBA^7VOKt<KW>=#2({+C&Unze=enU|tp4T!y
za>6xUQ#M+g2#1^w-(_FmrzRP+XdEy%XOVD2fRb2aHK1OFCS`+Pfa7F_617gl`<Z&A
zcnsG{q4p}&f<V%}|IF1X4OsYD%L=WwrK+`!L4Ev}b?s3>VV)jGS=Wz}32Y8qk8b1n
zN#NZ1Xrpj>nF;s$C-HQij=IwkLM7Xz^Vjev$3R4&tXpu2Cu>j1HtlhuD&1lr#7KSG
z7AV+yl=9SlzoevlG1*$Z30(et`c72$-j$pME1nz(8_S8kPG_R906EM|a4)wp&#`%S
zOw&lMhZy3F{)h!MWgMMYp>T6^%f?y^`CVR44lI`{f&l=43x2CV2P>-((}nn*M4CeJ
zT0b@+ix!JKz?|6BZCt;0m%f;RmWM*VhoEX)ZM;S!(HfOOS|LS~D3gG3wPalVJp)2t
zO0z+J={h!k54%*JdO=>Ei^*DCo-s$!xVpOfM|OJ6&+s#NczM|6dwz%)0`?(N6Av+t
zmF#EQ4FWpZ(ejN}AEv~jnOG>k8||T+r9f8W^n)0L(<7pkBRPw3iz9#GqICAI#~I7V
zC;Ti>QNY<m1&PO}l(F@$W3N*KgLI4K6gAnBL>KvMTzB01Cw|#R%FF%aL~?7S1lWB^
z;m<-USAf3frPbDVw{}huC(BIwKwHki&CMU*#Fl;KS1q3Z_xq>MktTA53W`edX7Kk^
z7x*2HE4+0r?|inbrJYL@uv33fo4J<MOiY+60JZBgG>a!_sNpLL6HP>J;D)IE{9qA|
ziuAL0-FU4F)v9_Nx48K8d7L$2#7vgPzFhRR&Y}|Q>I98&3!<I&xaq@Td<PZ2Y8Cnz
zXgZ|jd|zTVJf#H>zt+(wPIP?~?U<aj%5{5G*icvzPS{_lHw?<~%qMdzE5Vu{c4N`E
zNR}GePIl6u*dBYfrh>mcw^GjNM2Gp@Xf1}P%+zy&dGs>#f&>e~rPSSb`up9?1T*m#
zgKUh;bx!@4S61S@yx=XasRPilEAror;Z@$+yhK3--aeky)i}l)WNOSZ$gr4%L$H%I
z($mXxL$zMW+cpC`90|cfEHY|OV@4|U0P3jNxX1>0-y^1LVz-SnA?n%wrBF-FV!&cV
zz(SP(@204;v$~W)O0qz(#$U$<RH}r2Yp7yM6V_2DUm72+X3i&Nbwc}QeWoaod>2}n
zT4BF^Gb$xjR7`v%p$uhgymPItlWm&DUp8Z}=;+as8YIdwv%=CYxR;_Dd#72~*bE=P
z8RKM;d*Mh&_B4ENEeS#(e;BB(bABv<rc28HISw(k!hFLC3{M`O4?cC4Nw1jTcF&s=
z>XS1uA*ii->?_*zSe`|)0;T~w*rKJ#@aecej_>=t*CHZjT*b!HqD<tlcC+)?RM>DX
zmV)2Ha}vf;^U{<>q)s-|kv+$gCh`P5<$DSI#bTa^bdUF57h>H4e-YT;`j~`r6GRIT
zFLFWD?IDXF%VL6amw=ppZxV}!ODn(MJ#6~%a~ZuMUHsuoyH}1QpDPq@*<Zp<SS6o%
zJQ3qll?MS52zZKRAtwq6$z1NrD$ccqnPigq++UVzHK%c1n=Tc5y)&fCiSsJV6ZaF*
zZR+`E_w?t1Cs;gRBf_k99Pzp7QWMJKpwHz*jfSj#!U0AEuTHh{?M&$Y<nr%jO^}1k
zD&nZX{7`kvr?M1uW-gGi8aNQJv=|Z#7^hgY<nz^vKhwssO?1RK8cLLLX$~nWsqf{n
z^HO8wOMoiI_N)sPu(j+hg|>d)9sMzb0G&E}-zToB*`baU*CN5k$&g}2-Cuh|g;{?P
z%0eXJ5rI=kY_LCdEo?3Qnpi4c<+G_3_$f!6DUxTbX6+{RH-<EV032L%`A#=$+*+Q=
z!S^TjCjzw+H|kYv?wCPf=qFuCI|t69@%L}@6||ndbQw!V#S(|L>WMt@i^B4_s$v*3
zF=-DzG>`8FV_j8nlsQei_^&0B+H1F4a)q+A4g$52my2H59|{01FtW2}zEClUx)dx>
zm9@z(`jK{o29KTLSXlKJ?c(5zo_o%KRoBC!)7UoqM*V^nuQrxm%cc%){i%DhJlvbZ
z{UkM(B|=`VfB46I)|MMXfqWGH_#xF=-%3cY-vp@<t6%E?Q~g&H=Fi$7pFekQdn?NF
zJrCr%@eF$T3d-`zaXob1pBe_2!sBipQJcEE6yl4m7<ASVvEnId20tjvDg0ntXk^5!
z1<OtpzN}z!a%x8GK6E|W7~!2JCSV~%wezhXb8TsRKq_qTPfAb8+30~sFzG@~l#6fF
z9#!+@#!PI-!TbXo&&ENSyO{nJbPU;5{!a4#BNq<^DhdByAHBWIo4fzg0tERvjK8@q
z;E9QeS*~Fw2032H%6>mK;A|01m-li?I_Rr>Yp=VS0h^q$C8>jj*=Wi3n}RrI;X5uf
zSKK`F`WltF*kuaE@1fKzwm)#`I87OArGV_6lUBr{j8i<mMLlv|ijUF)wRN|nZ!5I_
zau;bZH%ppzsd?D~CDa0=HD>pw?1S&wFezeUj5MrvOF}y<r--P};GH?DQM|ON6N>>H
zOu>zAWihdqjUPoQ8AtcZ?wvAXwD!V9vJ{iK+~Q4H7QiZ^n7p6ca&oTV9TC(Mjaeun
zJk@?G3$QP@u(!>tTbq#Q+yJ?1uen)}&TFz$e=%Z3bwIko_m+fvEG)ce`v*UHD?h!;
z4A+!*Fb&f^8$}tj>X7@o?~7D6HWdxuHEpNG!%!S#WwkHb<iwyDNY3w5^`BF|xARj{
zu|b9pYPM8WPJLoX^DTqFd8#I7NDdA~Z%=}hMIQdNFD+@BG{ud%c?JR)+>Dcf9bA|L
zW@<qS#kAN1X3-4HiZ&l8gLs(r0oU!sPWjHo;>ntVii(8_>ehOZ%xBsWEW*;D@~K@^
zfpXpW3OTLmB|825sXbJrAf@<n9!J805aQKVBlu)X(!Fj@<*7A<!p{BhK|5UmRMFb`
zW}w$N|5tiSiN?MwQo2&98iReZ-8&3(Wy{?WPL2lcRQLt=QQ<=)C}FYV^p_k>o_%jY
zG?Pq@dO<;PjX=6)d_u{DyfIO$vRSW^dQlBL)ARzBJ?gVLolDeCcy;RrwL6~U<*{>A
zz-NKhZb<36#VSP*c-xg?$o&1$=<dy96(4z!kkN!{U8_VH{{<Is<+0%j2SqB^z_WD2
zGy>ESDus6XTeU%vZ!ct0G9^?SnSqt>W?-5w_$h_cVCF2;K4s9FD(7VcieKo{c7E-*
zfs6}!(VI+u(UF^BviCpTm*<ofI%s7=B7--#>&O`KknY~}$xxDGtjD&IOrXD67kCqL
zeOBCOUJcL^{(&Dm&QR?Z{ZPQFBoCi5m#Dp`1NG2$5v!>uu+p(;F~tpZUsBNnt$-5I
zl-yoUMC{QTEQ!Uxm^TxGrPT8B3o9mx!UxQ#$FvEtoFXQyigyLlzd@q4@e(l^X*sw&
zs1`(l^0v|1fPi$L3N99dloIXMBnT>1JhXSh%3~&tON3oS5tPuVnN7vgDVKMqjTo#n
zilr-b5iRr_ku9Z4D7_2Y%Ql*tyJ=REA$~v(R31|f4-KQ^n<EY?kyDz+f)A{;JpL5F
z7-M2q8PpRBiNZm>IBWZO;hRoXxYB3FA=y_sx{AxRP@0}XdfYyn_fp0YLL#R;%EZw^
zESl*lRX};53{y-DsCYb85k8eKm!g$KehrB|2$V4OaN-3OS;+UrYii!?RlBv^U$k^;
zVhs9iq&pifn<xBAbCXLV1sn-}`26uL+6Cm+D)&q0iMSvRhsWp27St)QbX6bCvHlES
zMtIRpqKARM@a4*^Gjit0X{A5JTj4`uKSl*?d%idzgZ^W~(TBIB+&-5jT`wgl8J4c+
zY8vPR@QAEV!Wsk%TmzTy8Xakmcel--;;AMp9aid>{i8Uu)l-GMoRyYl+dPMI=v>1x
z91WYk{euH4ZkMme>Eq&R!R3Zh<+b<A``1@+D2eKXvB$mq=*_#c^(@9X+FHi{?#J8t
zxr_XEORIYR!L0%f#o=HI3+t3z{}D!vkg7vtyn;FLaCEm9bmCUwZSg&WB2z?S+Z>Od
zFOz>O4)<p0H@J=1@9{CtdGiOcTG?<^o4z;LDGHWomgz9l2rUW-5ZznmJ&Hg7k*DYr
zXTJy--O0D&|8(sB1YdKAK1e`M5j!HuW~6vrJ)YWbci$V{CQ8LNu(MYfBb^*<?57+k
z-&z0onLVu>M6L=rHPBcLC2%$U+BdpLZ?&p)T-2hIl)gDB&<AL0p56LRWXCbk(~B#A
zbw5BkoI^w1a}ALw<s^VaOW~zr&Yy8hb&U<3oA>}DfKzB0m@BlGqSQ8&>g%HRP+NNl
zFEY)65Z09vtIgg>z?H|mdHoz^h?1|#ZkM0~k?z*|dR%I%pyP_zubeow(n){+pYux8
zaGb9U!C3st81o58Fs+24Lek{Oj(*<aE%8<FCJga+0KZv5f7yiMJ^jzs-+IG&v~dk*
z8&jQbhAu|e3CLNY>2w_ug^v1$mu*ilRyc>y>5#5!X14kCc-?ju$#8*q5$wME4@aYt
zJuQf04})pPw!wU|uX36DUG7Sec>_Fu$HX{wk@<fA6EGwC$lutInKx-!^YI1&->5XE
zCnY6?O!#ELnzX2($9tdK^hl$JVl!A4+I-f}h=PLR@9$3udJ}SptDvB8c7Cp|rbgoR
zVCa7jtK<#O_?q$6{;T~9sf+DQ9rn&Jo@%j&leQ(l8^goK@^K3`gU1!=nRobaA0E6<
z5tTkVL5nNOgaW`TmG#x@+byb~s)>n-jt&WpTAb6<Q~JsxYiJ@P{C*H!5nK_p!RGo;
zk643fU3JxOTl~9I-2N%B$KfLR5^M0ly2*#SAo%IO;tdwT76DB)?o6D-G>5JN#*M_@
zue@J1zHAid)zZj|2r$2cGgm=yip|@-w;q+7=n$?@(JIq{|0mu~4taBLaTNiaOjdxo
zffHl@==2(cpZU64-OK3#?!<Q!iM2XV<u%1;iuJx=hW{O2Hu@r0$K32}%jHtPKZUqS
zsOZ7={-E2RZtA(1cFTTNNDUqA8po^f@ZdlN6HfAp1>4oXv9Yl5IGdP_D?AyMk!`<W
zg#Ye3jvM?e3HfjGmH&uY{w-hm&(XhCECc^d#gaw;Oq+hSK)`(|@X3&wzF}+#>&n{7
ziZP}G;q^Z<mlwlGBi&#A;eg>x<v$9Ve{cSk!T+%&H63I$FTS#Lnpb0~2I$N{*r~j)
z&(;MTRd6iR+btU%*#ovSV98KrY*2bSsr8sUXf>N}I%^h(fsqa$&cUvrmw6s521L{s
z)=Tw5st!(Zk?W0Wweu*ZO;?S!Ctp`KpR&AlmfcRtte=(?Y4xR}i0YOQ{~BJVX`|v8
z&Lngo;cq0Hsp9F6{Iw#tjp^_5aFep3PE2`^DaTwi(gdQe#s5yU)<~Or7G>6JeQ_)j
zUiv73!-O}G?6iuKW^HXvc^Bfkqs_F{@k(r(-Tv<zaDA6CyB>4Goc!w-<<+ycnx);w
zU{CM+7#~x_w_{f>hZN+78(NkLEiEmH^~Vr)QXh%z^Os`Nqos+JRIwJ-lUcZqg>ZWZ
z^!j)+O05P4To*)9MYfFiqcbx~hYPP=SJLn3=u*L}T99|{?p>SCs$q4RHc3x!%fEoN
zN&O@!-~~w>vp+}fe*`w{!0fge9qP&SNG>17JbGTQy_?<PcjS#m_Q=%tZ)_a%z6Z<>
z4WX>Rg0BchA_pgfzg8qk&E*pgR_YO*?@KEC-<)zC_k>Jy)IYhN5nU1yk$ZUoI{IVH
zS-Hyft`OCj{*W@#KeAOeZhA!8Y9YHMgOA9!_NUb!Ay+qX_OB+;;M93mDb0+#HPq7j
ztfb$mfjxassQ`A;X%@LdN<L`e5`Mv-S+PK&>_4`?rFl{4|KJ+8wo)8u6W`^56$L{u
zi~aimebeSc;Qpz8*vHon9h`suRPUby=|d2zT00H#x!Az2zngzug}(S2R>6;><!CVf
z`1pp-RRwbUxs<)O>K9F#=;HbbhS$8p-jHqer1!vGLX=P2Lb{=7<iHvqijP7EvebPO
ztTsHi$x~=~gBi`)1+q_D!d0l0DDXPiyME!E8@cYFztn!l<0aKu)DPL$Y~dDgOV3wK
zALY5x)X%)j-L88<iQ55sTbz5R$-_uZKU%e280gl&cpojBJRDtmGN(#1bU!{sDD(O@
zNd$OaQ{bd3Zn>9fN5$iY``kO<kaW;pIugGE?dN8*P`vUnzFfh?0!s!Db!MPpEMzpD
zl{M7*IFm(^;qCQMmdY23WVo$O>%ZrspUU*OZZf79PWLK{9KUCkp6OWVWB|$9U?qfy
zPgXDQ$SLFLC~hV?bGTgFP3vSvqOD~MKKE7Z17S<3`?-E}Sbz$yvrJ3NSvtifxzBgM
zv)QY~zPd9)ftfV0kHh1yWPdl5tC<QaTwy*TM%Y8S&(aatbcV67^Qbd7bf~++!F30|
z0xPH0u))dBmr8y7vvb{K)&b|UpPoLLSYFp>?qzoj`sMwVXBbB${3G%c1JKm)Ug)r_
zCETr@Vp~F5<)cW=^D}o8|HbZbLJ6n9hIeSvL_${Byj7-!jFN$UI-ty|$!h%lbVYKn
zG}Bgn&8HM9;yCr#O+4HLeX8$a0T(92e=|7##Do`}3<PhtUg%#e3bMzr8ha6Eq}1|m
z98T1SIfnOY|Hyba<!#$|pO6e+Pr0a%bueQ=Yvc@JH8?t^FTiCxcH8`c@oRX|#YjeH
zS{ObCyIFo*x&NKxz`bPNGUsswpdc|JTHty!F>J_2k;HH|sVgtJv#WN!Z_Xj}$*0P5
zs^laMO)oZ`kq6}=msXVbKKWZkt;Z6#$C$!Uj@^JsTKG=y*o<_DGE=I!pvcp$Ty_TH
z%b-l1lfB^3<gOkUAI%CF$2u@seg#L^s>k%scWU~Pv3@ua2W!_QKtXBg&d1&;KVs11
z{k`my-_kx+*Upvx*AKsks|d2=S|0`s-@3mi+*4xosh@rtoxkn~@e;*NudZugM&@OG
z`CfCkG<=V;3`~8!Gm3Mo#ZVGKb3lm65&%(#aRo*C=5w6a6g1D7nmHjx%L#Z&LGaUO
zTlsUt!_oaxeZ#|hEoL~^@A))v$pBkGhS7K}0M4hCJsc8#zJ(@#91C~*q2K+`*Sj3m
zXO%mjg*y>0pvwCZ{q+Iv3E^^>9P9>1PWOKJO(P*T0>Xr)F0o{y<qbLGT6%r(a1X4;
zVy-Hk8{r*>qRZv`f;>Mpk_%bm0q=4juS_99TQ}KMB^?|sef?{1f{*+`xyZMZM;X!{
zkH0y#f%0Cp@tYfaq&z#T{yB}Kn`@%2x2J*EJ4S&~$?%he866jv!#tmjnhRm5^N%b~
zY}*m!DGji~%&FRDD_$!H_D$P+Psx?P5u<+H_1}wry$8DZd9EFJV(^N@XUyH-7Svnp
zir(z;2T*2a$6hEc)$rz0ngjh<1{YyrQ=6-|2z;hg>kSU(gLgn;Hvb;Rh;M=Y3+2Rd
z+bkdTpW35drs2I?<Majo*>VUFxU9_kl2aAE2z?#29JO+6+o&{fuU;>4RJd<7*L=DB
zx@k|@?|P|fdP}q7!L+s6A45@A#Ly`9^zQDKB8_9Sz$|JRr~<a`jPm1;Nwq9fUahM&
z6uBFFV8!!H8af8vZQV(e-`dK*_4trebuqnF(SJ!QdY{hjpSFfzNZ01^NCXNv^kYOX
zPpj8_k1gu6+exNm-cqolttm}|<k5r}CY$Ti2zneiR-#Sh;?H4{JQ{7Tze-ePt)z=i
zv6HqFoWW}ul49bWZj2i$;;-?$Mk&?i`BKB$S)xWR>iQ*di0In$Hx7u!=C~CH_vVDH
zK`_>=Y%Jb@p&k<?c??$8x%PYV0klDlgGeK^No0{JOBgD*ZbO6?h9kDc05le{W=He(
zzD)jEdYuVToER!uz8CAlUYd+f+8DF2n*Bh_i>{9tlz36&1r)1$XKyKy(Zk9FNZG|f
z?JP<p9D8q_tI-e2jD@*rv%v9Z%?Qaa5s*arwZ&+i%lK*;nM*qat-HjqV$I4+J~A_a
zCwlxp?VcXa#{wV<xuJcFq@TO#V#$^oO7~8o8))BVTvxx233~U=v`Zw6&RMl4M!tFX
zLZ7L<&LRhVo(!j_=FeC$lm7;^s(P*%AHtnGUH?Sqv*NW~B^#gGz6Rf}y|C))G<iG*
zC;hqmJMA&n+=|9{eK?({F61>Hn>;)i_2G<^z2LZD*n^b8&$WyZ3q&vLR5asuLO=*L
z&#m&yv>U>K(o`y-u3}<cqFvVwdhbRlh86IT*0!*>&-I#2P__4^x|_FB$9(*>9KS7K
zZ7wRlIdmu7HuyMEJMM9&r+(Lf1+r-?t{m=7Ydkt%9F|f(E7I%VO}y#9X?;}%lD+tJ
zUO@H)#ZN_7)F)flm~I`M+OWoIJ&iKQxcWf(HuIrlCOx99V4L<b>VrV)-L28y)6{&m
zOcOS!#^HA_m*0>_L1X#^Nn6%6!DEL@CxXp2yO6bp54jUWRQmxFBWJC&Nx@zyWvXfe
zCPmrC9Ow6Wce?I9pnfcL)Drx=*P4O#uaNi91`*z_mf&Ac#eAV`d>Q5Fm@nbsauefy
zB{%Gxr5_!W5^HOUqBprI1*FuPDtfil62FrmlHf&YD}7f|im`~7-TB>PqyZ{KE;asS
zZa@0R$ROqzNJWGs5)lqH!UB6LrdlRUs<j=@l`U($r~Y-@gauc7VLpY%czFpVx6Y==
z8NMIk<L}tR6)@H&4-F5O)$rUbndDX=n;R&$zxJM7Y}$JmEyEV??K*YF@S&u{P=*J@
zAsP4^OR#Rpi*2)sh(=CCSydS7WCNF;e^rXv?n_?tZ;gNd*FWdd6&zBT?D&eV<#KVR
zqb!#{EOvV%qyN@y{VX%!=CJ(IA*KSh)5NqrKiqnI3sKNB=Sa4pqrMnm&3&Uqd3qvy
z@89YVB~Jmb3r9plJ<NgUo);j0bSYCcGZNl=B_f<LKFu{8*ze&xa_1q{&r$<Tdpw@e
z2kRSlP(w%I`s*~$n}=2@SqETlJgj&yT@^+YmI}O=Motpt_bxI1DZ4n}@~4wSJWiiz
z1=gn=u%-IhmGgcL3u_?>u}g$3uT9gMat+raonZ@66z6bGrDG)<0oZz9>pyt16i9x>
z0*f7(z*41Xf6Rc?sNr`|loWC8r0REVH)31qwFT5#Pn!c^q9im_Ya2Op!Ri3l;%Hzl
zLQ>DhI>o8$-$~q^z9^%G;3*v00AbU&N1L<iT_^T&ktJOGvay*{z~Z7hI2}I6K4b&f
z0A$`1hz>V}f1P@`U{xa`E4LX5$5OS2tLNNB_D}jA)|^}V6l(Qcn3x@~IbIuN#KcA>
zWgL}N>mZ|pYU&d$l&?d>j2oO)P0S=-2@{bMuTx<?`m5<FJi4u>Qk^*+`hLTNLy5)&
zcbEYF{ARW|hZUnuvh_@+3T*l=b&+eCj<Sc2(p(56f4*Nb`zb*0$!%yS&)-xaQ|S2e
z_@njR-+D@4AR<YQ$$sYS7Y;(3c_&itg5|q-K~Ao9x~NN8ck=Q3=m4&yUKtH1MTdgG
ziNvsiB?v`b*wWNqrxW4D&esiqs2}}DCS1|xk0Voj5}$Y)2Onp`!x3Nk$3c7XPx|sI
zxn_x+kut|kkr7!)ICdGMrP64LOYRN7e_hN2+EQ|WVtNZ$$8q3m4RTvSCxez94GY7z
z%Tu2=w?!Ee4sSc8e4X0ZSs!eAEDeFN_2<=^<|Iug`DY~t)ES2WFiX?!hKpv+=N+kn
zXl%(+tQn7;Bu9^gNo}XyU=CTom1$u8DFrH4GDAstKZe8Y!AXpVBNqUN-TrI_j1C89
z<gm-&zJ6!d_}~HLusTdh=KTKjCgl-HRRkFy_U|Nkqxq7{ANS*!u(0?YkGAj!v@=xK
zkv*%dSxW%qxuru-ck7k9wA9vJA3!)^(s`nwy89lKb`pc})?-{DZz0lwzk>o<cZ&)n
z*$##cz@v4k0*1JFSN_P2wA4BVHl9abXg1E4IK2Dq7^Bo7v<^+y9WL3A+n$EgA=%&9
z`53hW-nt03T_;M2AM}T)ckUa6D7frV8XP{MAjJ|wjBbZ_UqA7#c2r2lzZ{oAo?yW~
zd2M@^e)8yp1GFb9!REbgLcjDetHuggp@La~jfpS)SFs%Q{5Z<*eV=&lO{j7>?2==M
zcyu-0WB6En-C+p4@$rBk<*PKcHDbzXORtnnbZiw<tnYAe6|YC)mGfAel<Gn;3>a(T
z6=^9>5PDjFyB@qVWf1gvsAnc_^}OdkgPnzlUEC`T-<&&0SG0Kho!v+Vs?)W(Rowfg
zcDhCXxXxG%GhxyU@B&YsM|Hbg<9cC&ddCx2ed}Q}tGU}gF{j&D&<M#1&b{JQf8M-L
zcv0KhsSnLmp+2&hgl;Jv>arLguVH(9Ud;h6_+#*#Thnm3{H1~|^xaFwYQ}RtOq->0
zQs1h1URCvR3b?CuHh;5jT*ROA%vmu4w|DkxtL6wNdhMLF8hR-UFAak_jj*Uld3k0|
zdm^0#?rGq{R5;Qzn?W`kH|r+)7G^PS^t0;SYj13b=NnronYf4<MV16z_Y*C^;&p<x
z!zzY1SLD-OMoXAJ3kmzRzY#=v@$lexcKZPU3b<G^ZL1TyqLnOHQgs>+ORWaVLhrZ;
zc`9JBQ`b-#DUFkR2Mde4>CNsyQGb5rml0}(p)y0qf<=T+Qimic>O;d&1-^DwKfA$0
z6mDKiJE|(L-azRB;WkowQqB^0mT$Wgtk4SX^O2c~Z>l(k1OZ>3dO8B%zU_(*92(|k
z+liy|@y1q_+PUUc3TIC+(7Ef(53H--#N*&osnw5<SKnjxSoe|#?m`NFy(gQnHg)+T
zgn%S%Ak@^9C#C#|E_KC3Sz0V_TcgX|W$Z*0s6N^KPAeR!H!z9LRHe)8p^j17ZEXf7
zLUv<Lc^5Ki*IXGC*UL(&7FQ3mE&krySDhH{CZ;YC)S=&~nJEqzXqnDj%^k(yPYTpM
z&ca>MlSU;w{eZWo41aHLq588Mu!}e&bW^H;hQDUhkAprLNuoWm>b{=mXUy9U*1^Ij
zAn}UIW8FIN&%7rRO1MSTY$Hm&e(-6{u)0<~lLU9AgMByZo%7@0ET?^g1CLa{b-AbG
z%YdilK|mGO=;0N-!Yl5Umkj=9ihwgqMYfwZn74&wDm|qpOf$q!6Q&cB&7=1jAqn8y
zw)uhPOn=2AR~I$=O}5$ak0%c5$VWQW)~5pF)h53D-LuQK{FZCHOoMZ57Ex9sMMX=-
zTHlKKEaqbwzCWG&y}l99(o)e>$@_@ex--C@kU-8-i;1OU^BFIyZlz>RqhZQhHfGjG
zTIMEguy;U+oV{mRngK(w`u@*QP3da82r6_*4WL@lQiLTHgW^%i7w;}MaB+3{CCyXA
z@6y*iyAPaL|0BHDV26eJ(rZ$BSd0#j|II=g5Y|ir*yb3%Af1AS091e6+PLr9U3JR$
zI+mq0s}mt(g>^fd+6zwCVGR$=$8)%Rw-U+~_9__T3_~|ys}qoK_k8>_^e*k|QU>bq
zXnT%eqDyul)s+(!Wk#D2rN=h-aQ*@-+y6)?p<5g7C!ra4aVnmX-Z=aW#b4Rp*SL)9
zBdR`K52M_plPzBMWni}?^ZBZZ-9SPr75%u9OsFWuCl<PgD<40YZN=GyA1_|7KKYz?
zi~iI!upzqOTg?rF9L)R2FsIVv^R_GooXuhQs__KeFCyR9#8W#uon9V`o;fVl69?P5
z4bT4;Z5?LuEpZ$Oz;~c$bMg&>GAE1rWo3c=luph+kqzmjKOE6@(|%KaD#U*}5BZ|>
z389h~=CRIPVUkdmH%V@*({^JKmv#LoVtDxS_L#Bl{8oyGGS**hi1)r#j&({ig`Z`~
zFE_*R-Z+h*EqR2SfU(ZkuXzQuLfG@J5~g{prMG_h{pZ$0Qfge`dF&S<WYNbYA9M4e
zQv@$>94C_WU}3*IL;)-;=-{Ux0e3g6&3o23PHDkwS))`re%85I;~sJvr|k=V^DgCX
z(;=5+JhXRz+D(=nhCX~B>8xC~^m@EPC`XH#`;-$ZA0X`OdL2t^LtOc8{tu1s#ZC!A
z+cE4eIDY*jE^?pjg>a)_<>sYM^h|e2zj{V_5s!|}_vpgq@Ke=Vt(7W|cL5JhTiRQv
zIPkSmlfu_`dLdrO!S4ip62b4@Hl!~1;QiyF+D>@A(g_N*pTudsv(-NqX+IqMr3pUS
zeabMB{rh;l1}gWx)2xEUZ}VnQ<g9GRiALhM&GzqIGbh#ba2*d|kXh9cbT7B?t+$Cd
z9QfI(_&7jrngUu*3={c9naKPxwhs0AT=wAhnDyDLm~CC{jX&-)sXqg6n7g|bjUyP_
zWOdA<f+}p=mPCbiLzAh}J0kv41)K(3w^Tm+z-1Ax83m+X%-<dA>=%fFzYW@3F;~xi
zmg+i&^)81+sMK6JGOwo|*O0*wgl<UuoUVo{)ihYZPlUmla|eyz=GJdpr?s{L)3Hr+
zx&xJPsxS!n!|>(v)aiqsk6+ON_UYK(uwf%>sz2tyTmf{3?EM#)ix4Zp>-WC^DdDVF
z$C<x3ZVT_7Y?ByA%=n{8hy|RP_Flm0vynqdCWVnl#N5X?o|4V8$c#HrsQRJ0@8ciB
zW7M>7CU0NVk0LzN#JO{pWyQtfq$?~F6WVA<2zw)N4mH%~4q>6!y4LjqB?PXC-VtB{
zemptf@5cGEMZMrfTl#Dvc;RN58-@QaubpBjno;59U`ZKd3C^I(z{jcmnOctkom~KG
zS4VnDaWOq(OQXrK|F4`F_oLa$2H!qoFr0*CjOxy5@U_}r`YxQ!_7;u<p_#LE&HxLB
z%js?dkyjSaw6bEBn`S8>patmCAm*o&>h@q7OGYqj6<3zF@a`7wdB|<B)C%XWcToU3
zsuc~syUmSkf^-=0>dR7ui&&Suds@meU%YsUE-xjn;b7MGBa6M0{ObI2>%YkGf13h+
z)cI`2cu?JiL=$u7csPj4A|vA>h8N9QHak)TY%jq`(+#nnM`3AgLBXcD!l4WyH@wNO
zf`O;gO+Vt}Qsd*I1pdJIEmZ$u?f+5!KARTc0^t9-`Nx$OE>?b)ng7@3-zhAU^;N<T
zSdM71FQpEj6J@Rc`USMI0{J!7KdYBtjAZ{mdbyrHfnQsO&B=f9dcK^zw31YX#FxPT
E0e9kYr2qf`


From fe1aaff4291396a8ed9cbafaecc8d5fb6faa70cf Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 31 Mar 2020 14:28:08 -0600
Subject: [PATCH 172/183] update documentation

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 31bb721a5..048abb692 100644
--- a/README.md
+++ b/README.md
@@ -1333,7 +1333,7 @@ This editor provides the following controls:
 * 📥 **Import** - clear the list and replace it with the contents of an uploaded `net-map.json` file
 * 📤 **Export** - format and download the list as a `net-map.json` file
 * 💾 **Save Mappings** - format and store `net-map.json` in the Malcolm directory (replacing the existing `net-map.json` file)
-* 🔁 **Restart Logstash** - restart log ingestion, parsing and enrichment (e.g., restart Logstash)
+* 🔁 **Restart Logstash** - restart log ingestion, parsing and enrichment
 
 ![Host and Subnet Name Mapping Editor](./docs/images/screenshots/malcolm_name_map_ui.png)
 

From cc62138f3a53de774329ac064a61114c01cdeacf Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 31 Mar 2020 16:17:32 -0600
Subject: [PATCH 173/183] remove unused variable

---
 scripts/control.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/scripts/control.py b/scripts/control.py
index caf7fa687..f6ec0df0d 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -25,8 +25,6 @@
 PY3 = (sys.version_info.major >= 3)
 pyPlatform = platform.system()
 
-ansiEscape = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])')
-
 args = None
 dockerBin = None
 dockerComposeBin = None

From d6d46e9182f423eb94e5a4a784b3699e8149f653 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 1 Apr 2020 07:28:54 -0600
Subject: [PATCH 174/183] documentation updates

---
 README.md    | 8 ++++----
 cidr-map.txt | 2 ++
 host-map.txt | 2 ++
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 048abb692..23a370527 100644
--- a/README.md
+++ b/README.md
@@ -406,7 +406,7 @@ total 2.0G
 If you have obtained pre-packaged installation files to install Malcolm on a non-networked machine via an internal network share or on a USB key, you likely have the following files:
 
 * `malcolm_YYYYMMDD_HHNNSS_xxxxxxx.README.txt` - This readme file contains a minimal set up instructions for extracting the contents of the other tarballs and running the Malcolm appliance.
-* `malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` - This tarball contains the configuration files and directory configuration used by an instance of Malcolm. It can be extracted via `tar -xf malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` upon which a directory will be created (named similarly to the tarball) containing the directories and configuration files. Alternately, `install.py` can accept this filename as an argument and handle its extraction and initial configuration for you.
+* `malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` - This tarball contains the configuration files and directory configuration used by an instance of Malcolm. It can be extracted via `tar -xf malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` upon which a directory will be created (named similarly to the tarball) containing the directories and configuration files. Alternatively, `install.py` can accept this filename as an argument and handle its extraction and initial configuration for you.
 * `malcolm_YYYYMMDD_HHNNSS_xxxxxxx_images.tar.gz` - This tarball contains the Docker images used by Malcolm. It can be imported manually via `docker load -i malcolm_YYYYMMDD_HHNNSS_xxxxxxx_images.tar.gz`
 * `install.py` - This install script can load the Docker images and extract Malcolm configuration files from the aforementioned tarballs and do some initial configuration for you.
 
@@ -773,7 +773,7 @@ You can also use `docker stats` to monitor the resource utilization of running c
 
 ### <a name="StopAndRestart"></a>Stopping and restarting Malcolm
 
-You can run `./scripts/stop` to stop the docker containers and remove their virtual network. Alternately, `./scripts/restart` will restart an instance of Malcolm. Because the data on disk is stored on the host in docker volumes, doing these operations will not result in loss of data. 
+You can run `./scripts/stop` to stop the docker containers and remove their virtual network. Alternatively, `./scripts/restart` will restart an instance of Malcolm. Because the data on disk is stored on the host in docker volumes, doing these operations will not result in loss of data. 
 
 Malcolm can be configured to be automatically restarted when the Docker system daemon restart (for example, on system reboot). This behavior depends on the [value](https://docs.docker.com/config/containers/start-containers-automatically/) of the [`restart:`](https://docs.docker.com/compose/compose-file/#restart) setting for each service in the `docker-compose.yml` file. This value can be set by running [`./scripts/install.py --configure`](#ConfigAndTuning) and answering "yes" to "`Restart Malcolm upon system or Docker daemon restart?`."
 
@@ -874,7 +874,7 @@ To do this, you'll need to configure Malcolm's local Filebeat log forwarder so t
 $ mv -f ./docker-compose-standalone-zeek-live.yml ./docker-compose.yml
 ```
 
-Alternately, you can run the `start` script (and the other control scripts) like this, without modifying your original `docker-compose.yml` file:
+Alternatively, you can run the `start` script (and the other control scripts) like this, without modifying your original `docker-compose.yml` file:
 ```
 $ ./scripts/start -f ./docker-compose-standalone-zeek-live.yml
 ```
@@ -1678,7 +1678,7 @@ Enter installation path for Malcolm [/home/user/Downloads/malcolm]: /home/user/M
 Malcolm runtime files extracted to /home/user/Malcolm
 ```
 
-Alternately, **if you are configuring Malcolm from within a git working copy**, `install.py` will now exit. Run `install.py` again like you did at the beginning of the example, only remove the `sudo` and add `--configure` to run `install.py` in "configuration only" mode. 
+Alternatively, **if you are configuring Malcolm from within a git working copy**, `install.py` will now exit. Run `install.py` again like you did at the beginning of the example, only remove the `sudo` and add `--configure` to run `install.py` in "configuration only" mode. 
 ```
 user@host:~/Malcolm$ python3 scripts/install.py --configure
 ```
diff --git a/cidr-map.txt b/cidr-map.txt
index 5ca134e3f..e4417cff2 100644
--- a/cidr-map.txt
+++ b/cidr-map.txt
@@ -10,3 +10,5 @@
 #   required tag (optional): only check match and apply segment name if the event
 #                            contains this tag
 #
+#  Alternatively, as of Malcolm v2.0 there is a web UI editor for defining subnet
+#  to segment name maps, located at https://<Malcolm IP>/name-map-ui.
\ No newline at end of file
diff --git a/host-map.txt b/host-map.txt
index 0cdd628e0..3e30e5a5e 100644
--- a/host-map.txt
+++ b/host-map.txt
@@ -10,3 +10,5 @@
 #   required tag (optional): only check match and apply host name if the event
 #                            contains this tag
 #
+#  Alternatively, as of Malcolm v2.0 there is a web UI editor for defining address
+#  to host name maps, located at https://<Malcolm IP>/name-map-ui.
\ No newline at end of file

From 1946d7731ac3bca154c1f9fed0f731f52cab19e9 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 1 Apr 2020 13:17:00 -0600
Subject: [PATCH 175/183] use fonts-symbola instead of fonts-noto-color-emoji

---
 malcolm-iso/config/package-lists/desktopmanager.list.chroot | 2 +-
 sensor-iso/config/package-lists/desktopmanager.list.chroot  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/malcolm-iso/config/package-lists/desktopmanager.list.chroot b/malcolm-iso/config/package-lists/desktopmanager.list.chroot
index 0c481d516..7a1dc55c2 100644
--- a/malcolm-iso/config/package-lists/desktopmanager.list.chroot
+++ b/malcolm-iso/config/package-lists/desktopmanager.list.chroot
@@ -1,6 +1,6 @@
 arandr
 dconf-cli
-fonts-noto-color-emoji
+fonts-symbola
 libnotify-bin
 lightdm
 lxde
diff --git a/sensor-iso/config/package-lists/desktopmanager.list.chroot b/sensor-iso/config/package-lists/desktopmanager.list.chroot
index 0c481d516..7a1dc55c2 100644
--- a/sensor-iso/config/package-lists/desktopmanager.list.chroot
+++ b/sensor-iso/config/package-lists/desktopmanager.list.chroot
@@ -1,6 +1,6 @@
 arandr
 dconf-cli
-fonts-noto-color-emoji
+fonts-symbola
 libnotify-bin
 lightdm
 lxde

From 80b88d54a690653fd8ab8dc12b8182ed3c510e12 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Thu, 2 Apr 2020 15:28:22 -0600
Subject: [PATCH 176/183] re-enable swimlane visualization

---
 Dockerfiles/kibana.Dockerfile | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
index cf7bdd350..a837f6d3f 100644
--- a/Dockerfiles/kibana.Dockerfile
+++ b/Dockerfiles/kibana.Dockerfile
@@ -47,13 +47,12 @@ ADD kibana/kibana-offline-maps.yml /opt/kibana/config/kibana-offline-maps.yml
 ADD kibana/supervisord.conf /etc/supervisord.conf
 ADD kibana/dashboards /opt/kibana/dashboards
 ADD kibana/maps /opt/maps
-# ADD https://github.com/bitsensor/elastalert-kibana-plugin/releases/download/1.1.0/elastalert-kibana-plugin-1.1.0-7.5.0.zip /tmp/elastalert-kibana-plugin.zip
 ADD https://github.com/gwintzer/kibana-comments-app-plugin/releases/download/7.4.0/kibana-comments-app-plugin-7.4.0-latest.zip /tmp/kibana-comments.zip
-
+ADD https://github.com/prelert/kibana-swimlane-vis/releases/download/v7.6.0/prelert_swimlane_vis-7.6.0.zip /tmp/kibana-swimlane.zip
 
 # todo: these extra plugins are kind of gutted right now with 7.5.x, need to fix
 
-# ADD https://github.com/prelert/kibana-swimlane-vis/releases/download/v7.5.2/prelert_swimlane_vis-7.5.2.zip /tmp/kibana-swimlane.zip
+# ADD https://github.com/bitsensor/elastalert-kibana-plugin/releases/download/1.1.0/elastalert-kibana-plugin-1.1.0-7.5.0.zip /tmp/elastalert-kibana-plugin.zip
 
 # see https://github.com/walterra/kibana-milestones-vis/issues/9
 # ADD https://github.com/walterra/kibana-milestones-vis/releases/download/v7.1.1/kibana-milestones-vis-7.1.1.zip /tmp/kibana-milestones.zip
@@ -89,16 +88,16 @@ RUN chmod 755 /data/*.sh /data/*.py && \
       zip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
       cd /usr/share/kibana/plugins && \
       /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-comments.zip --allow-root && \
-      rm -rf /tmp/kibana-comments.zip /tmp/kibana
-    # && \ cd /tmp && \
-    # echo "Installing Swimlanes visualization..." && \
-      # unzip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
-      # sed -i "s/7\.5\.2/7\.6\.1/g" kibana/prelert_swimlane_vis/package.json && \
-      # zip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
-      # cd /usr/share/kibana/plugins && \
-      # /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
-      # bash -c "find /usr/share/kibana/plugins/prelert_swimlane_vis/ -type f -exec chmod 644 '{}' \;" && \
-      # rm -rf /tmp/kibana-swimlane.zip /tmp/kibana && \
+      rm -rf /tmp/kibana-comments.zip /tmp/kibana && \
+    cd /tmp && \
+    echo "Installing Swimlanes visualization..." && \
+      unzip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
+      sed -i "s/7\.6\.0/7\.6\.1/g" kibana/prelert_swimlane_vis/package.json && \
+      zip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
+      cd /usr/share/kibana/plugins && \
+      /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
+      bash -c "find /usr/share/kibana/plugins/prelert_swimlane_vis/ -type f -exec chmod 644 '{}' \;" && \
+      rm -rf /tmp/kibana-swimlane.zip /tmp/kibana
     # cd /tmp && \
     # echo "Installing Milestones visualization..." && \
       # unzip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \

From b38ddb7f0d4c5b03e6f8ccad58a656644e113b19 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Sat, 4 Apr 2020 13:37:55 -0600
Subject: [PATCH 177/183] update elasticsearch to 7.6.2; also, fix issue #119

---
 Dockerfiles/filebeat.Dockerfile               |  2 +-
 Dockerfiles/kibana.Dockerfile                 | 30 ++++++++++---------
 Dockerfiles/logstash.Dockerfile               | 27 +++++++++--------
 README.md                                     |  4 +--
 docker-compose-standalone-zeek-live.yml       |  2 +-
 docker-compose-standalone.yml                 |  2 +-
 docker-compose.yml                            |  2 +-
 .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json |  4 +--
 .../05e3e000-f118-11e9-acda-83a8e29e1a24.json |  4 +--
 .../078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json |  4 +--
 .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json |  4 +--
 .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json |  4 +--
 .../0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json |  4 +--
 .../0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json |  4 +--
 .../11be6381-beef-40a7-bdce-88c5398392fc.json |  4 +--
 .../11ddd980-e388-11e9-b568-cf17de8e860c.json |  4 +--
 .../152f29dc-51a2-4f53-93e9-6e92765567b8.json |  4 +--
 .../1ce42250-3f99-11e9-a58e-8bdedb0915e8.json |  4 +--
 .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json |  4 +--
 .../29a1b290-eb98-11e9-a384-0fcf32210194.json |  4 +--
 .../2bec1490-eb94-11e9-a384-0fcf32210194.json |  4 +--
 .../2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json |  4 +--
 .../2d98bb8e-214c-4374-837b-20e1bcd63a5e.json |  4 +--
 .../32587740-ef88-11e9-b38a-2db3ee640e88.json |  4 +--
 .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json |  2 +-
 .../37041ee1-79c0-4684-a436-3173b0e89876.json |  4 +--
 .../39abfe30-3f99-11e9-a58e-8bdedb0915e8.json |  4 +--
 .../42e831b9-41a9-4f35-8b7d-e1566d368773.json |  4 +--
 .../432af556-c5c0-4cc3-8166-b274b4e3a406.json |  4 +--
 .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json |  4 +--
 .../4e5f106e-c60a-4226-8f64-d534abb912ab.json |  4 +--
 .../50ced171-1b10-4c3f-8b67-2db9635661a6.json |  4 +--
 .../543118a9-02d7-43fe-b669-b8652177fc37.json |  4 +--
 .../55e332d0-3f99-11e9-a58e-8bdedb0915e8.json |  4 +--
 .../60d78fbd-471c-4f59-a9e3-189b33a13644.json |  4 +--
 .../665d1610-523d-11e9-a30e-e3576242f3ed.json |  4 +--
 .../76f2f912-80da-44cd-ab66-6a73c8344cc3.json |  4 +--
 .../77fc9960-3f99-11e9-a58e-8bdedb0915e8.json |  4 +--
 .../7f41913f-cba8-43f5-82a8-241b7ead03e0.json |  4 +--
 .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json |  4 +--
 .../82da3101-2a9c-4ae2-bb61-d447a3fbe673.json |  4 +--
 .../870a5862-6c26-4a08-99fd-0c06cda85ba3.json |  4 +--
 .../87a32f90-ef58-11e9-974e-9d600036d105.json |  4 +--
 .../87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json |  4 +--
 .../92985909-dc29-4533-9e80-d3182a0ecf1d.json |  4 +--
 .../95479950-41f2-11ea-88fa-7151df485405.json |  4 +--
 .../9ee51f94-3316-4fc5-bd89-93a52af69714.json |  4 +--
 .../a16110b0-3f99-11e9-a58e-8bdedb0915e8.json |  4 +--
 .../a7514350-eba6-11e9-a384-0fcf32210194.json |  4 +--
 .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json |  4 +--
 .../ae79b7d1-4281-4095-b2f6-fa7eafda9970.json |  4 +--
 .../af5df620-eeb6-11e9-bdef-65a192b7f586.json |  4 +--
 .../b50c8d17-6ed3-4de6-aed4-5181032810b2.json |  4 +--
 .../b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json |  4 +--
 .../bb827f8e-639e-468c-93c8-9f5bc132eb8f.json |  4 +--
 .../bed185a0-ef82-11e9-b38a-2db3ee640e88.json |  4 +--
 .../caef3ade-d289-4d05-a511-149f3e97f238.json |  4 +--
 .../d41fe630-3f98-11e9-a58e-8bdedb0915e8.json |  4 +--
 .../d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json |  4 +--
 .../e09a4b86-29b5-4256-bb3b-802ac9f90404.json |  4 +--
 .../e76d05c0-eb9f-11e9-a384-0fcf32210194.json |  4 +--
 .../ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json |  4 +--
 .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json |  4 +--
 .../f394057d-1b16-4174-b994-7045f423a416.json |  4 +--
 .../f77bf097-18a8-465c-b634-eb2acc7a4f26.json |  4 +--
 .../fa141950-ef89-11e9-b38a-2db3ee640e88.json |  4 +--
 .../server/routes/elastalert.js               | 27 +++++++++++++++++
 kibana/kibana-offline-maps.yml                |  4 +--
 kibana/kibana-standard.yml                    |  4 +--
 .../hooks/normal/0910-agg-build.hook.chroot   |  2 +-
 .../Auditbeat-auditd-overview-custom.json     |  2 +-
 .../Filebeat-syslog-custom.json               |  2 +-
 .../docker-compose.yml                        |  2 +-
 sensor-iso/beats/Dockerfile                   |  2 +-
 sensor-iso/beats/beat-build.sh                |  2 +-
 .../normal/0910-sensor-build.hook.chroot      |  2 +-
 .../Auditbeat-auditd-overview-custom.json     |  2 +-
 .../Filebeat-syslog-custom.json               |  2 +-
 sensor-iso/docs/Notes.md                      |  2 +-
 .../heatbeat/protologbeat.template.json       |  2 +-
 80 files changed, 195 insertions(+), 165 deletions(-)
 create mode 100644 kibana/elastalert-kibana-plugin/server/routes/elastalert.js

diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile
index 0847d4b0b..46634cd36 100644
--- a/Dockerfiles/filebeat.Dockerfile
+++ b/Dockerfiles/filebeat.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/beats/filebeat-oss:7.6.1
+FROM docker.elastic.co/beats/filebeat-oss:7.6.2
 
 # Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
index a837f6d3f..1fc3af2c6 100644
--- a/Dockerfiles/kibana.Dockerfile
+++ b/Dockerfiles/kibana.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/kibana/kibana-oss:7.6.1
+FROM docker.elastic.co/kibana/kibana-oss:7.6.2
 
 # Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
@@ -49,11 +49,11 @@ ADD kibana/dashboards /opt/kibana/dashboards
 ADD kibana/maps /opt/maps
 ADD https://github.com/gwintzer/kibana-comments-app-plugin/releases/download/7.4.0/kibana-comments-app-plugin-7.4.0-latest.zip /tmp/kibana-comments.zip
 ADD https://github.com/prelert/kibana-swimlane-vis/releases/download/v7.6.0/prelert_swimlane_vis-7.6.0.zip /tmp/kibana-swimlane.zip
+ADD https://github.com/bitsensor/elastalert-kibana-plugin/releases/download/1.1.0/elastalert-kibana-plugin-1.1.0-7.5.0.zip /tmp/elastalert-kibana-plugin.zip
+ADD kibana/elastalert-kibana-plugin/server/routes/elastalert.js /tmp/elastalert-server-routes.js
 
 # todo: these extra plugins are kind of gutted right now with 7.5.x, need to fix
 
-# ADD https://github.com/bitsensor/elastalert-kibana-plugin/releases/download/1.1.0/elastalert-kibana-plugin-1.1.0-7.5.0.zip /tmp/elastalert-kibana-plugin.zip
-
 # see https://github.com/walterra/kibana-milestones-vis/issues/9
 # ADD https://github.com/walterra/kibana-milestones-vis/releases/download/v7.1.1/kibana-milestones-vis-7.1.1.zip /tmp/kibana-milestones.zip
 
@@ -73,18 +73,20 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     chmod 400 /opt/maps/* && \
     mkdir -p /var/log/supervisor && \
     (echo -e "*/2 * * * * su -c /data/kibana-create-moloch-sessions-index.sh kibana >/dev/null 2>&1\n0 * * * * su -c /data/kibana_index_refresh.py kibana >/dev/null 2>&1\n" | crontab -) && \
-    # cd /tmp && \
-    # echo "Installing ElastAlert plugin..." && \
-      # unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
-      # sed -i "s/7\.5\.0/7\.6\.1/g" kibana/elastalert-kibana-plugin/package.json && \
-      # zip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
-      # cd /usr/share/kibana/plugins && \
-      # /usr/share/kibana/bin/kibana-plugin install file:///tmp/elastalert-kibana-plugin.zip --allow-root && \
-      # rm -rf /tmp/elastalert-kibana-plugin.zip /tmp/kibana && \
+    cd /tmp && \
+    echo "Installing ElastAlert plugin..." && \
+      unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
+      sed -i "s/7\.5\.0/7\.6\.2/g" kibana/elastalert-kibana-plugin/package.json && \
+      mkdir -p kibana/elastalert-kibana-plugin/server/routes/ && \
+      cp /tmp/elastalert-server-routes.js kibana/elastalert-kibana-plugin/server/routes/elastalert.js && \
+      zip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json kibana/elastalert-kibana-plugin/server/routes/elastalert.js && \
+      cd /usr/share/kibana/plugins && \
+      /usr/share/kibana/bin/kibana-plugin install file:///tmp/elastalert-kibana-plugin.zip --allow-root && \
+      rm -rf /tmp/elastalert-kibana-plugin.zip /tmp/elastalert.js /tmp/kibana && \
     cd /tmp && \
     echo "Installing Comments visualization..." && \
       unzip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
-      sed -i "s/7\.4\.0/7\.6\.1/g" kibana/kibana-comments-app-plugin/package.json && \
+      sed -i "s/7\.4\.0/7\.6\.2/g" kibana/kibana-comments-app-plugin/package.json && \
       zip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
       cd /usr/share/kibana/plugins && \
       /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-comments.zip --allow-root && \
@@ -92,7 +94,7 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     cd /tmp && \
     echo "Installing Swimlanes visualization..." && \
       unzip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
-      sed -i "s/7\.6\.0/7\.6\.1/g" kibana/prelert_swimlane_vis/package.json && \
+      sed -i "s/7\.6\.0/7\.6\.2/g" kibana/prelert_swimlane_vis/package.json && \
       zip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
       cd /usr/share/kibana/plugins && \
       /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
@@ -101,7 +103,7 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     # cd /tmp && \
     # echo "Installing Milestones visualization..." && \
       # unzip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
-      # sed -i "s/7\.1\.1/7\.6\.1/g" kibana/kibana-milestones-vis/package.json && \
+      # sed -i "s/7\.1\.1/7\.6\.2/g" kibana/kibana-milestones-vis/package.json && \
       # zip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
       # cd /usr/share/kibana/plugins && \
       # /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-milestones.zip --allow-root && \
diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile
index d84a53bdb..61d866e79 100644
--- a/Dockerfiles/logstash.Dockerfile
+++ b/Dockerfiles/logstash.Dockerfile
@@ -10,18 +10,6 @@ LABEL org.opencontainers.image.vendor='Idaho National Laboratory'
 LABEL org.opencontainers.image.title='malcolmnetsec/logstash-oss'
 LABEL org.opencontainers.image.description='Malcolm container providing Logstash (the Apache-licensed variant)'
 
-ARG LOGSTASH_ENRICHMENT_PIPELINE=enrichment
-ARG LOGSTASH_PARSE_PIPELINE_ADDRESSES=zeek-parse
-ARG LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_INTERNAL=internal-es
-ARG LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_EXTERNAL=external-es
-ARG LOGSTASH_ELASTICSEARCH_OUTPUT_PIPELINE_ADDRESSES=internal-es,external-es
-
-ENV LOGSTASH_ENRICHMENT_PIPELINE $LOGSTASH_ENRICHMENT_PIPELINE
-ENV LOGSTASH_PARSE_PIPELINE_ADDRESSES $LOGSTASH_PARSE_PIPELINE_ADDRESSES
-ENV LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_INTERNAL $LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_INTERNAL
-ENV LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_EXTERNAL $LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_EXTERNAL
-ENV LOGSTASH_ELASTICSEARCH_OUTPUT_PIPELINE_ADDRESSES $LOGSTASH_ELASTICSEARCH_OUTPUT_PIPELINE_ADDRESSES
-
 RUN yum install -y epel-release && \
     yum update -y && \
     yum install -y java-1.8.0-openjdk-devel git curl wget tar which \
@@ -39,7 +27,20 @@ RUN /bin/bash -lc "command curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -
     git clone --depth 1 https://github.com/mmguero/logstash-filter-ieee_oui.git /opt/logstash-filter-ieee_oui && \
     /bin/bash -lc "cd /opt/logstash-filter-ieee_oui && bundle install && gem build logstash-filter-ieee_oui.gemspec && bundle info logstash-filter-ieee_oui"
 
-FROM docker.elastic.co/logstash/logstash-oss:7.6.1
+FROM docker.elastic.co/logstash/logstash-oss:7.6.2
+
+ARG LOGSTASH_ENRICHMENT_PIPELINE=enrichment
+ARG LOGSTASH_PARSE_PIPELINE_ADDRESSES=zeek-parse
+ARG LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_INTERNAL=internal-es
+ARG LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_EXTERNAL=external-es
+ARG LOGSTASH_ELASTICSEARCH_OUTPUT_PIPELINE_ADDRESSES=internal-es,external-es
+
+ENV LOGSTASH_ENRICHMENT_PIPELINE $LOGSTASH_ENRICHMENT_PIPELINE
+ENV LOGSTASH_PARSE_PIPELINE_ADDRESSES $LOGSTASH_PARSE_PIPELINE_ADDRESSES
+ENV LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_INTERNAL $LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_INTERNAL
+ENV LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_EXTERNAL $LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_EXTERNAL
+ENV LOGSTASH_ELASTICSEARCH_OUTPUT_PIPELINE_ADDRESSES $LOGSTASH_ELASTICSEARCH_OUTPUT_PIPELINE_ADDRESSES
+
 USER root
 
 COPY --from=build /opt/logstash-filter-ieee_oui /opt/logstash-filter-ieee_oui
diff --git a/README.md b/README.md
index 23a370527..e3b6d863d 100644
--- a/README.md
+++ b/README.md
@@ -144,7 +144,7 @@ malcolmnetsec/elastalert                            2.0.0               xxxxxxxx
 malcolmnetsec/htadmin                               2.0.0               xxxxxxxxxxxx        31 minutes ago      256MB
 malcolmnetsec/freq                                  2.0.0               xxxxxxxxxxxx        32 minutes ago      188MB
 malcolmnetsec/name-map-ui                           2.0.0               xxxxxxxxxxxx        35 minutes ago      20MB
-docker.elastic.co/elasticsearch/elasticsearch-oss   7.6.1               xxxxxxxxxxxx        5 weeks ago         825MB
+docker.elastic.co/elasticsearch/elasticsearch-oss   7.6.2               xxxxxxxxxxxx        5 weeks ago         825MB
 ```
 
 You must run [`auth_setup`](#AuthSetup) prior to running `docker-compose pull`. You should also ensure your system configuration and `docker-compose.yml` settings are tuned by running `./scripts/install.py` or `./scripts/install.py --configure` (see [System configuration and tuning](#ConfigAndTuning)).
@@ -1803,7 +1803,7 @@ malcolmnetsec/filebeat-oss                          2.0.0               xxxxxxxx
 malcolmnetsec/elastalert                            2.0.0               xxxxxxxxxxxx        11 days ago         276MB
 malcolmnetsec/freq                                  2.0.0               xxxxxxxxxxxx        11 days ago         188MB
 malcolmnetsec/name-map-ui                           2.0.0               xxxxxxxxxxxx        35 minutes ago      20MB
-docker.elastic.co/elasticsearch/elasticsearch-oss   7.6.1               xxxxxxxxxxxx        5 weeks ago         769MB
+docker.elastic.co/elasticsearch/elasticsearch-oss   7.6.2               xxxxxxxxxxxx        5 weeks ago         769MB
 ```
 
 Finally, we can start Malcolm. When Malcolm starts it will stream informational and debug messages to the console. If you wish, you can safely close the console or use `Ctrl+C` to stop these messages; Malcolm will continue running in the background.
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
index 731b0be6d..73ee1f26e 100644
--- a/docker-compose-standalone-zeek-live.yml
+++ b/docker-compose-standalone-zeek-live.yml
@@ -96,7 +96,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.1
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.2
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 5f954438d..38a280567 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -96,7 +96,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.1
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.2
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/docker-compose.yml b/docker-compose.yml
index 6bdec3756..c1d7f376b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -96,7 +96,7 @@ x-pcap-capture-variables: &pcap-capture-variables
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.1
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.2
     restart: "no"
     hostname: elasticsearch
     environment:
diff --git a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
index 72977b57a..d03881149 100644
--- a/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
+++ b/kibana/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "024062a6-48d6-498f-a91a-3bf2da3a3cd3",
@@ -10,7 +10,7 @@
         "title": "X.509",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":17,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":8,\"w\":23,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":28,\"w\":23,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":28,\"w\":17,\"h\":20,\"i\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\"},\"panelIndex\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":86,\"w\":48,\"h\":39,\"i\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\"},\"panelIndex\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":17,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":25,\"y\":8,\"w\":23,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":25,\"y\":28,\"w\":23,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":28,\"w\":17,\"h\":20,\"i\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\"},\"panelIndex\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":86,\"w\":48,\"h\":39,\"i\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\"},\"panelIndex\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
index b8f47497c..633b2cfc5 100644
--- a/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
+++ b/kibana/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "05e3e000-f118-11e9-acda-83a8e29e1a24",
@@ -10,7 +10,7 @@
         "title": "LDAP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":18,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":27,\"w\":25,\"h\":27,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":25,\"y\":27,\"w\":23,\"h\":27,\"i\":\"9\"},\"version\":\"7.6.1\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":18,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":27,\"w\":25,\"h\":27,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":25,\"y\":27,\"w\":23,\"h\":27,\"i\":\"9\"},\"version\":\"7.6.2\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
index 311e133c4..b3d27d4d0 100644
--- a/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
+++ b/kibana/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b",
@@ -10,7 +10,7 @@
         "title": "FTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":47,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":47,\"w\":16,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":16,\"h\":21,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":37,\"i\":\"8a83e818-c814-4c25-8740-932d60d2457d\"},\"panelIndex\":\"8a83e818-c814-4c25-8740-932d60d2457d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":20,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":47,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":32,\"y\":47,\"w\":16,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":27,\"w\":16,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":47,\"w\":16,\"h\":21,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":37,\"i\":\"8a83e818-c814-4c25-8740-932d60d2457d\"},\"panelIndex\":\"8a83e818-c814-4c25-8740-932d60d2457d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index bf8cf69d0..4313edb07 100644
--- a/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/kibana/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "0a490422-0ce9-44bf-9a2d-19329ddde8c3",
@@ -10,7 +10,7 @@
         "title": "PE",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":43,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":16,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":24,\"w\":20,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":24,\"w\":20,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":43,\"w\":48,\"h\":39,\"i\":\"7a770e13-2143-46e8-8e54-ae3cf477c4c4\"},\"panelIndex\":\"7a770e13-2143-46e8-8e54-ae3cf477c4c4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":43,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":16,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":16,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":24,\"w\":20,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":24,\"w\":20,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":43,\"w\":48,\"h\":39,\"i\":\"7a770e13-2143-46e8-8e54-ae3cf477c4c4\"},\"panelIndex\":\"7a770e13-2143-46e8-8e54-ae3cf477c4c4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index 619d7523a..14af99a28 100644
--- a/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/kibana/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "0ad3d7c2-3441-485e-9dfe-dbb22e84e576",
@@ -10,7 +10,7 @@
         "title": "Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":26,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":26,\"w\":36,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":11,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":11,\"h\":8,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":26,\"w\":12,\"h\":18,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":19,\"y\":8,\"w\":13,\"h\":18,\"i\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\"},\"panelIndex\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":18,\"i\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\"},\"panelIndex\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":27,\"i\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\"},\"panelIndex\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":26,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":26,\"w\":36,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":11,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":11,\"h\":8,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":36,\"y\":26,\"w\":12,\"h\":18,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":19,\"y\":8,\"w\":13,\"h\":18,\"i\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\"},\"panelIndex\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":18,\"i\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\"},\"panelIndex\":\"e25371b4-5477-4d3f-9f68-df3399d1ef6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":27,\"i\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\"},\"panelIndex\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
index 6e1b687e5..e43b08ee1 100644
--- a/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
+++ b/kibana/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Top Connection Duration",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"2e33c0bf-ffb8-408b-ab32-0c6539074ea6\"},\"panelIndex\":\"2e33c0bf-ffb8-408b-ab32-0c6539074ea6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"92ba4d29-ba43-4806-b545-79f60788c795\"},\"panelIndex\":\"92ba4d29-ba43-4806-b545-79f60788c795\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"2e33c0bf-ffb8-408b-ab32-0c6539074ea6\"},\"panelIndex\":\"2e33c0bf-ffb8-408b-ab32-0c6539074ea6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"92ba4d29-ba43-4806-b545-79f60788c795\"},\"panelIndex\":\"92ba4d29-ba43-4806-b545-79f60788c795\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
index c554e0977..598fe93ec 100644
--- a/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
+++ b/kibana/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa",
@@ -10,7 +10,7 @@
         "title": "SIP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":63,\"w\":17,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":17,\"y\":63,\"w\":17,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":8,\"w\":12,\"h\":16,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":44,\"w\":23,\"h\":19,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":44,\"w\":25,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":24,\"w\":23,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":16,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":16,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":34,\"y\":63,\"w\":14,\"h\":19,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":24,\"w\":17,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":82,\"w\":48,\"h\":32,\"i\":\"986e38d3-b2fb-44cb-b4b3-efaa2d46ff62\"},\"panelIndex\":\"986e38d3-b2fb-44cb-b4b3-efaa2d46ff62\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":63,\"w\":17,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":17,\"y\":63,\"w\":17,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":20,\"y\":8,\"w\":12,\"h\":16,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":44,\"w\":23,\"h\":19,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":23,\"y\":44,\"w\":25,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":25,\"y\":24,\"w\":23,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":16,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":16,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":34,\"y\":63,\"w\":14,\"h\":19,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":24,\"w\":17,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":82,\"w\":48,\"h\":32,\"i\":\"986e38d3-b2fb-44cb-b4b3-efaa2d46ff62\"},\"panelIndex\":\"986e38d3-b2fb-44cb-b4b3-efaa2d46ff62\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
index 36aeec114..9e69559de 100644
--- a/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
+++ b/kibana/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "11be6381-beef-40a7-bdce-88c5398392fc",
@@ -10,7 +10,7 @@
         "title": "Tunnels",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":31,\"y\":8,\"w\":17,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":48,\"w\":18,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":18,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":23,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":28,\"w\":40,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":48,\"w\":12,\"h\":19,\"i\":\"bf1d77e6-2814-479a-8abc-6854aaba0d6d\"},\"panelIndex\":\"bf1d77e6-2814-479a-8abc-6854aaba0d6d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":36,\"i\":\"4c91cf0e-8f00-4682-88e9-e7a4da9cb818\"},\"panelIndex\":\"4c91cf0e-8f00-4682-88e9-e7a4da9cb818\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":31,\"y\":8,\"w\":17,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":18,\"y\":48,\"w\":18,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":48,\"w\":18,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":23,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":28,\"w\":40,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":36,\"y\":48,\"w\":12,\"h\":19,\"i\":\"bf1d77e6-2814-479a-8abc-6854aaba0d6d\"},\"panelIndex\":\"bf1d77e6-2814-479a-8abc-6854aaba0d6d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":36,\"i\":\"4c91cf0e-8f00-4682-88e9-e7a4da9cb818\"},\"panelIndex\":\"4c91cf0e-8f00-4682-88e9-e7a4da9cb818\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
index 83b796fb5..924a764d4 100644
--- a/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
+++ b/kibana/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "11ddd980-e388-11e9-b568-cf17de8e860c",
@@ -10,7 +10,7 @@
         "title": "QUIC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":36,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":9,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":23,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":9,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":20,\"h\":21,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":9,\"w\":20,\"h\":21,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":30,\"w\":20,\"h\":19,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":30,\"w\":20,\"h\":19,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":19,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":36,\"w\":8,\"h\":13,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":36,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":9,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":23,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":9,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":9,\"w\":20,\"h\":21,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":9,\"w\":20,\"h\":21,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":30,\"w\":20,\"h\":19,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":30,\"w\":20,\"h\":19,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":19,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":36,\"w\":8,\"h\":13,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
index edd75c1a0..8057cd32d 100644
--- a/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
+++ b/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "152f29dc-51a2-4f53-93e9-6e92765567b8",
@@ -10,7 +10,7 @@
         "title": "Modbus",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":53,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":20,\"x\":8,\"y\":33},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":13,\"i\":\"13\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"13\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":73},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"15\",\"w\":17,\"x\":8,\"y\":13},\"panelIndex\":\"15\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":23,\"x\":25,\"y\":13},\"panelIndex\":\"16\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17\",\"w\":20,\"x\":28,\"y\":33},\"panelIndex\":\"17\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"18\",\"w\":27,\"x\":0,\"y\":53},\"panelIndex\":\"18\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"19\",\"w\":21,\"x\":27,\"y\":53},\"panelIndex\":\"19\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":53,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":20,\"x\":8,\"y\":33},\"panelIndex\":\"11\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":13,\"i\":\"13\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"13\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":73},\"panelIndex\":\"14\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"15\",\"w\":17,\"x\":8,\"y\":13},\"panelIndex\":\"15\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":23,\"x\":25,\"y\":13},\"panelIndex\":\"16\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17\",\"w\":20,\"x\":28,\"y\":33},\"panelIndex\":\"17\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"18\",\"w\":27,\"x\":0,\"y\":53},\"panelIndex\":\"18\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"19\",\"w\":21,\"x\":27,\"y\":53},\"panelIndex\":\"19\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index 02aea1dae..8cabf76fe 100644
--- a/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "1ce42250-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Sum of Total Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"5cf06729-4907-4824-a561-a3c50a23136c\"},\"panelIndex\":\"5cf06729-4907-4824-a561-a3c50a23136c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"b397c221-819d-4fdd-b3e1-3a424d643ef0\"},\"panelIndex\":\"b397c221-819d-4fdd-b3e1-3a424d643ef0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"5cf06729-4907-4824-a561-a3c50a23136c\"},\"panelIndex\":\"5cf06729-4907-4824-a561-a3c50a23136c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"b397c221-819d-4fdd-b3e1-3a424d643ef0\"},\"panelIndex\":\"b397c221-819d-4fdd-b3e1-3a424d643ef0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
index 2afcf586b..baf63c89c 100644
--- a/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
+++ b/kibana/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "1fff49f6-0199-4a0f-820b-721aff9ff1f1",
@@ -10,7 +10,7 @@
         "title": "Weird",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":66,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":47,\"w\":40,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":35,\"i\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\"},\"panelIndex\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":66,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":47,\"w\":40,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":35,\"i\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\"},\"panelIndex\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
index 4cafbce18..855e956eb 100644
--- a/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "29a1b290-eb98-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "EtherNet/IP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":15,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":77,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":15,\"w\":18,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":15,\"w\":22,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":31,\"y\":34,\"w\":17,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":31,\"h\":22,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":56,\"w\":13,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":56,\"w\":18,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":31,\"y\":56,\"w\":17,\"h\":21,\"i\":\"5c779394-cda6-4315-9bac-00c25d6c08a2\"},\"panelIndex\":\"5c779394-cda6-4315-9bac-00c25d6c08a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":15,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":77,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":30,\"y\":15,\"w\":18,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":15,\"w\":22,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":31,\"y\":34,\"w\":17,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":34,\"w\":31,\"h\":22,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":56,\"w\":13,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":13,\"y\":56,\"w\":18,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":31,\"y\":56,\"w\":17,\"h\":21,\"i\":\"5c779394-cda6-4315-9bac-00c25d6c08a2\"},\"panelIndex\":\"5c779394-cda6-4315-9bac-00c25d6c08a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
index 1af4b0891..17a3da557 100644
--- a/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "2bec1490-eb94-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "BACnet",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":73,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":25,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":25,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":25,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":53,\"w\":40,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":20,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":33,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":73,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":25,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":25,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":25,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":53,\"w\":40,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":20,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":33,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
index 6f53de2ac..9b43021bf 100644
--- a/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
+++ b/kibana/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "2cf94cd0-ecab-40a5-95a7-8419f3a39cd9",
@@ -10,7 +10,7 @@
         "title": "DNS",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":60,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":40,\"w\":20,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":40,\"w\":20,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":12,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":79,\"w\":48,\"h\":18,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":12,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":31,\"y\":60,\"w\":17,\"h\":19,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":20,\"w\":12,\"h\":20,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":20,\"w\":12,\"h\":20,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":20,\"w\":16,\"h\":20,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":60,\"w\":31,\"h\":19,\"i\":\"df0ca665-47a8-45ea-b2a1-739badb538dc\"},\"panelIndex\":\"df0ca665-47a8-45ea-b2a1-739badb538dc\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"asc\"}}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":97,\"w\":48,\"h\":41,\"i\":\"0b6ca6c5-38c1-4811-b40d-d1cd8229bb1f\"},\"panelIndex\":\"0b6ca6c5-38c1-4811-b40d-d1cd8229bb1f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":60,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":40,\"w\":20,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":40,\"w\":20,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":12,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":79,\"w\":48,\"h\":18,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":12,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":31,\"y\":60,\"w\":17,\"h\":19,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":20,\"y\":20,\"w\":12,\"h\":20,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":20,\"w\":12,\"h\":20,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":32,\"y\":20,\"w\":16,\"h\":20,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":60,\"w\":31,\"h\":19,\"i\":\"df0ca665-47a8-45ea-b2a1-739badb538dc\"},\"panelIndex\":\"df0ca665-47a8-45ea-b2a1-739badb538dc\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"asc\"}}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":97,\"w\":48,\"h\":41,\"i\":\"0b6ca6c5-38c1-4811-b40d-d1cd8229bb1f\"},\"panelIndex\":\"0b6ca6c5-38c1-4811-b40d-d1cd8229bb1f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
index d1f925c53..cf817918d 100644
--- a/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
+++ b/kibana/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "2d98bb8e-214c-4374-837b-20e1bcd63a5e",
@@ -10,7 +10,7 @@
         "title": "DHCP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":49,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":28,\"w\":14,\"h\":21,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":28,\"w\":14,\"h\":21,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":32,\"i\":\"6c78964f-d1c8-4790-bda7-8802a7ea8986\"},\"panelIndex\":\"6c78964f-d1c8-4790-bda7-8802a7ea8986\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":49,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":22,\"y\":28,\"w\":14,\"h\":21,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":28,\"w\":14,\"h\":21,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":32,\"i\":\"6c78964f-d1c8-4790-bda7-8802a7ea8986\"},\"panelIndex\":\"6c78964f-d1c8-4790-bda7-8802a7ea8986\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
index 89ae73fac..8bb872f9b 100644
--- a/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "32587740-ef88-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream - RPC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":29,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"7\"},\"version\":\"7.6.1\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":29,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":19,\"i\":\"7\"},\"version\":\"7.6.2\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
index 23a08f30e..2704a75fb 100644
--- a/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
+++ b/kibana/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "36ed695f-edcc-47c1-b0ec-50d20c93ce0f",
diff --git a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
index 20be6d583..4f69a93fe 100644
--- a/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
+++ b/kibana/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "37041ee1-79c0-4684-a436-3173b0e89876",
@@ -10,7 +10,7 @@
         "title": "HTTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":58,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":19,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":90,\"w\":24,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":90,\"w\":24,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":130,\"w\":48,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":58,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":58,\"w\":24,\"h\":20,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":20,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":150,\"w\":48,\"h\":22,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":78,\"w\":48,\"h\":12,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":19,\"w\":20,\"h\":20,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":19,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"vis\":{\"colors\":{\"Count\":\"#629E51\"}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":7,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":39,\"w\":40,\"h\":19,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":7,\"w\":8,\"h\":12,\"i\":\"70661228-52d4-4ecf-a5a4-139d0ecdd662\"},\"panelIndex\":\"70661228-52d4-4ecf-a5a4-139d0ecdd662\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":172,\"w\":48,\"h\":42,\"i\":\"7337ff11-23e0-4f6e-981f-a043f15e60cf\"},\"panelIndex\":\"7337ff11-23e0-4f6e-981f-a043f15e60cf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":58,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":19,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":90,\"w\":24,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":90,\"w\":24,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":130,\"w\":48,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":58,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":58,\"w\":24,\"h\":20,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":20,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":150,\"w\":48,\"h\":22,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":78,\"w\":48,\"h\":12,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":19,\"w\":20,\"h\":20,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":19,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"vis\":{\"colors\":{\"Count\":\"#629E51\"}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":7,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":39,\"w\":40,\"h\":19,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":7,\"w\":8,\"h\":12,\"i\":\"70661228-52d4-4ecf-a5a4-139d0ecdd662\"},\"panelIndex\":\"70661228-52d4-4ecf-a5a4-139d0ecdd662\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":172,\"w\":48,\"h\":42,\"i\":\"7337ff11-23e0-4f6e-981f-a043f15e60cf\"},\"panelIndex\":\"7337ff11-23e0-4f6e-981f-a043f15e60cf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index 728ff9fea..c35f56924 100644
--- a/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "39abfe30-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Top Connection Duration (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"2ed3d708-31cc-4504-87da-63a315c76e76\"},\"panelIndex\":\"2ed3d708-31cc-4504-87da-63a315c76e76\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"35ff09b6-1039-4b4e-9469-296245630598\"},\"panelIndex\":\"35ff09b6-1039-4b4e-9469-296245630598\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"2ed3d708-31cc-4504-87da-63a315c76e76\"},\"panelIndex\":\"2ed3d708-31cc-4504-87da-63a315c76e76\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"35ff09b6-1039-4b4e-9469-296245630598\"},\"panelIndex\":\"35ff09b6-1039-4b4e-9469-296245630598\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 4abc42f87..5666edf9c 100644
--- a/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/kibana/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "42e831b9-41a9-4f35-8b7d-e1566d368773",
@@ -10,7 +10,7 @@
         "title": "SMB",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":13,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":21,\"y\":13,\"w\":12,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":32,\"w\":20,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":32,\"w\":20,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":70,\"w\":48,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":13,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":32,\"w\":8,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":13,\"w\":13,\"h\":19,\"i\":\"c9b45e56-7e2e-4949-ad5f-05504515cc70\"},\"panelIndex\":\"c9b45e56-7e2e-4949-ad5f-05504515cc70\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":13,\"w\":15,\"h\":19,\"i\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\"},\"panelIndex\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":42,\"i\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\"},\"panelIndex\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":13,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":21,\"y\":13,\"w\":12,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":32,\"w\":20,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":32,\"w\":20,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":70,\"w\":48,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":13,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":32,\"w\":8,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":13,\"w\":13,\"h\":19,\"i\":\"c9b45e56-7e2e-4949-ad5f-05504515cc70\"},\"panelIndex\":\"c9b45e56-7e2e-4949-ad5f-05504515cc70\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":33,\"y\":13,\"w\":15,\"h\":19,\"i\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\"},\"panelIndex\":\"67e0e34e-49ae-46da-a9a3-83ca7676bee0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":42,\"i\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\"},\"panelIndex\":\"cf75e7f0-cce1-449c-a40d-15e8fa40325d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
index 3e0dede3e..1d6ebd658 100644
--- a/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
+++ b/kibana/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "432af556-c5c0-4cc3-8166-b274b4e3a406",
@@ -10,7 +10,7 @@
         "title": "DCE/RPC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":69,\"w\":24,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":69,\"w\":24,\"h\":21,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":41,\"i\":\"b3cbd28a-4659-4e23-bf69-106fad9d565c\"},\"panelIndex\":\"b3cbd28a-4659-4e23-bf69-106fad9d565c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":28,\"w\":20,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":21,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":21,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":69,\"w\":24,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":69,\"w\":24,\"h\":21,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":41,\"i\":\"b3cbd28a-4659-4e23-bf69-106fad9d565c\"},\"panelIndex\":\"b3cbd28a-4659-4e23-bf69-106fad9d565c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
index 0bb1c5685..5bbed629a 100644
--- a/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
+++ b/kibana/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "4a4bde20-4760-11ea-949c-bbb5a9feecbf",
@@ -10,7 +10,7 @@
         "title": "ICS/IoT Security Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":34,\"i\":\"02fde066-221d-4262-ae35-742f7bb8933c\"},\"panelIndex\":\"02fde066-221d-4262-ae35-742f7bb8933c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":16,\"i\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\"},\"panelIndex\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":16,\"w\":32,\"h\":18,\"i\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\"},\"panelIndex\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":11,\"i\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\"},\"panelIndex\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":16,\"h\":18,\"i\":\"f339fb9a-7660-4b97-9245-14116c969ec9\"},\"panelIndex\":\"f339fb9a-7660-4b97-9245-14116c969ec9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":34,\"w\":20,\"h\":37,\"i\":\"ab1a666c-19f2-4954-81b7-18554a95818f\"},\"panelIndex\":\"ab1a666c-19f2-4954-81b7-18554a95818f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":18,\"i\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\"},\"panelIndex\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":52,\"w\":16,\"h\":19,\"i\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\"},\"panelIndex\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":52,\"w\":12,\"h\":19,\"i\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\"},\"panelIndex\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":27,\"i\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\"},\"panelIndex\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":34,\"i\":\"02fde066-221d-4262-ae35-742f7bb8933c\"},\"panelIndex\":\"02fde066-221d-4262-ae35-742f7bb8933c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":16,\"i\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\"},\"panelIndex\":\"d94eb348-e32a-4aa9-a987-4c5b39b4b08a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":16,\"w\":32,\"h\":18,\"i\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\"},\"panelIndex\":\"ed7f0280-cb4d-4c30-95e0-e160269de2fb\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":11,\"i\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\"},\"panelIndex\":\"7077f7b2-0f10-4d3d-ad63-9611144c1edb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":34,\"w\":16,\"h\":18,\"i\":\"f339fb9a-7660-4b97-9245-14116c969ec9\"},\"panelIndex\":\"f339fb9a-7660-4b97-9245-14116c969ec9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":34,\"w\":20,\"h\":37,\"i\":\"ab1a666c-19f2-4954-81b7-18554a95818f\"},\"panelIndex\":\"ab1a666c-19f2-4954-81b7-18554a95818f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":18,\"i\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\"},\"panelIndex\":\"a56f7751-0030-44e1-8e62-3fb1018f4a7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":52,\"w\":16,\"h\":19,\"i\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\"},\"panelIndex\":\"218c8873-ec71-4a2c-9c8d-5fa62afa2de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":36,\"y\":52,\"w\":12,\"h\":19,\"i\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\"},\"panelIndex\":\"14a8b2bb-ca81-42a5-90aa-e70b5bd81d89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":27,\"i\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\"},\"panelIndex\":\"26e11cb0-ce55-4980-9fba-be104eda38a7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
index 41362ed08..f6334c8ed 100644
--- a/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
+++ b/kibana/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "4e5f106e-c60a-4226-8f64-d534abb912ab",
@@ -10,7 +10,7 @@
         "title": "SNMP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":21,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":37,\"y\":8,\"w\":11,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":21,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":8,\"w\":15,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":39,\"i\":\"3c17aeed-cffb-4aaf-a3b3-710de42d206c\"},\"panelIndex\":\"3c17aeed-cffb-4aaf-a3b3-710de42d206c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":21,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":21,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":37,\"y\":8,\"w\":11,\"h\":19,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":19,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":21,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":22,\"y\":8,\"w\":15,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":39,\"i\":\"3c17aeed-cffb-4aaf-a3b3-710de42d206c\"},\"panelIndex\":\"3c17aeed-cffb-4aaf-a3b3-710de42d206c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
index 1a3995d52..f8751aa08 100644
--- a/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
+++ b/kibana/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "50ced171-1b10-4c3f-8b67-2db9635661a6",
@@ -10,7 +10,7 @@
         "title": "MySQL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":24,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true},\"legendOpen\":false},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":24,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":9,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":15,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":24,\"w\":48,\"h\":32,\"i\":\"04e96790-2a76-4656-956b-bdf780792c40\"},\"panelIndex\":\"04e96790-2a76-4656-956b-bdf780792c40\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":26,\"i\":\"27a5666b-5633-4982-b276-ecafa4a38b74\"},\"panelIndex\":\"27a5666b-5633-4982-b276-ecafa4a38b74\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":24,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true},\"legendOpen\":false},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":24,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":9,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":15,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":24,\"w\":48,\"h\":32,\"i\":\"04e96790-2a76-4656-956b-bdf780792c40\"},\"panelIndex\":\"04e96790-2a76-4656-956b-bdf780792c40\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":26,\"i\":\"27a5666b-5633-4982-b276-ecafa4a38b74\"},\"panelIndex\":\"27a5666b-5633-4982-b276-ecafa4a38b74\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
index 99f823f37..4800d81b4 100644
--- a/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
+++ b/kibana/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "543118a9-02d7-43fe-b669-b8652177fc37",
@@ -10,7 +10,7 @@
         "title": "NTLM",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":23,\"w\":16,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":12,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":27,\"w\":12,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":47,\"w\":16,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":47,\"w\":16,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":24,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":15,\"i\":\"810e5272-b5cd-4e76-b0cf-32cc7a3f57e8\"},\"panelIndex\":\"810e5272-b5cd-4e76-b0cf-32cc7a3f57e8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":40,\"i\":\"cac38fd6-65a1-4041-83e4-f95e0d136537\"},\"panelIndex\":\"cac38fd6-65a1-4041-83e4-f95e0d136537\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek_ntlm.host\",\"zeek_ntlm.domain\",\"zeek_ntlm.server_nb_computer\",\"zeek_ntlm.server_dns_computer\",\"zeek_ntlm.server_tree\",\"zeek.uid\"]},\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":32,\"y\":23,\"w\":16,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":27,\"w\":12,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":20,\"y\":27,\"w\":12,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":47,\"w\":16,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":47,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":32,\"y\":47,\"w\":16,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":24,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":15,\"i\":\"810e5272-b5cd-4e76-b0cf-32cc7a3f57e8\"},\"panelIndex\":\"810e5272-b5cd-4e76-b0cf-32cc7a3f57e8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":40,\"i\":\"cac38fd6-65a1-4041-83e4-f95e0d136537\"},\"panelIndex\":\"cac38fd6-65a1-4041-83e4-f95e0d136537\",\"embeddableConfig\":{\"columns\":[\"srcIp\",\"dstIp\",\"dstPort\",\"zeek_ntlm.host\",\"zeek_ntlm.domain\",\"zeek_ntlm.server_nb_computer\",\"zeek_ntlm.server_dns_computer\",\"zeek_ntlm.server_tree\",\"zeek.uid\"]},\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index b94093517..04781d79e 100644
--- a/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "55e332d0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Originator Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
index 4bedebbdf..ef1b780e4 100644
--- a/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
+++ b/kibana/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "60d78fbd-471c-4f59-a9e3-189b33a13644",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Sum of Total Bytes",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":39,\"h\":50,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"185e3f31-3f18-4df8-93c1-617c0323f051\"},\"panelIndex\":\"185e3f31-3f18-4df8-93c1-617c0323f051\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"887a57e9-3078-4fe1-9ea9-0ee63abe554f\"},\"panelIndex\":\"887a57e9-3078-4fe1-9ea9-0ee63abe554f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":39,\"h\":50,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"185e3f31-3f18-4df8-93c1-617c0323f051\"},\"panelIndex\":\"185e3f31-3f18-4df8-93c1-617c0323f051\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"887a57e9-3078-4fe1-9ea9-0ee63abe554f\"},\"panelIndex\":\"887a57e9-3078-4fe1-9ea9-0ee63abe554f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
index fa3c29b45..89547d7a6 100644
--- a/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
+++ b/kibana/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "665d1610-523d-11e9-a30e-e3576242f3ed",
@@ -10,7 +10,7 @@
         "title": "Signatures",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":32,\"w\":48,\"h\":48,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":32,\"w\":48,\"h\":48,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
index 470165134..dd0de2a58 100644
--- a/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
+++ b/kibana/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "76f2f912-80da-44cd-ab66-6a73c8344cc3",
@@ -10,7 +10,7 @@
         "title": "IRC",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":27,\"w\":12,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":12,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":27,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":37,\"i\":\"d32001ad-b1a2-4fde-8feb-c06e3a7b1f91\"},\"panelIndex\":\"d32001ad-b1a2-4fde-8feb-c06e3a7b1f91\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":20,\"y\":27,\"w\":12,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":27,\"w\":12,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":32,\"y\":27,\"w\":16,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":37,\"i\":\"d32001ad-b1a2-4fde-8feb-c06e3a7b1f91\"},\"panelIndex\":\"d32001ad-b1a2-4fde-8feb-c06e3a7b1f91\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index 201c22c12..00bf1ba9d 100644
--- a/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "77fc9960-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Responder Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"18ef74a3-0457-4cdd-acdc-2c0d967c4b7c\"},\"panelIndex\":\"18ef74a3-0457-4cdd-acdc-2c0d967c4b7c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"bf8d1e0a-e6dd-4ea2-8466-220565d99081\"},\"panelIndex\":\"bf8d1e0a-e6dd-4ea2-8466-220565d99081\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"18ef74a3-0457-4cdd-acdc-2c0d967c4b7c\"},\"panelIndex\":\"18ef74a3-0457-4cdd-acdc-2c0d967c4b7c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"bf8d1e0a-e6dd-4ea2-8466-220565d99081\"},\"panelIndex\":\"bf8d1e0a-e6dd-4ea2-8466-220565d99081\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
index 56ca70d20..403b2de17 100644
--- a/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
+++ b/kibana/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "7f41913f-cba8-43f5-82a8-241b7ead03e0",
@@ -10,7 +10,7 @@
         "title": "RDP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":40,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":15,\"x\":0,\"y\":40},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":16,\"x\":15,\"y\":40},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":12,\"i\":\"7\",\"w\":11,\"x\":37,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"9\",\"w\":17,\"x\":31,\"y\":40},\"panelIndex\":\"9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":12,\"i\":\"10\",\"w\":15,\"x\":8,\"y\":8},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":12,\"i\":\"11\",\"w\":14,\"x\":23,\"y\":8},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":20},\"panelIndex\":\"12\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"14\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17548109-6b40-41e7-997f-17290b9759ac\",\"w\":20,\"x\":28,\"y\":20},\"panelIndex\":\"17548109-6b40-41e7-997f-17290b9759ac\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":36,\"i\":\"c76b082d-e205-42f7-8c7a-46be60fccb19\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"c76b082d-e205-42f7-8c7a-46be60fccb19\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":40,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":15,\"x\":0,\"y\":40},\"panelIndex\":\"5\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":16,\"x\":15,\"y\":40},\"panelIndex\":\"6\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":12,\"i\":\"7\",\"w\":11,\"x\":37,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"9\",\"w\":17,\"x\":31,\"y\":40},\"panelIndex\":\"9\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":12,\"i\":\"10\",\"w\":15,\"x\":8,\"y\":8},\"panelIndex\":\"10\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":12,\"i\":\"11\",\"w\":14,\"x\":23,\"y\":8},\"panelIndex\":\"11\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":20},\"panelIndex\":\"12\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"14\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"14\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"17548109-6b40-41e7-997f-17290b9759ac\",\"w\":20,\"x\":28,\"y\":20},\"panelIndex\":\"17548109-6b40-41e7-997f-17290b9759ac\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":36,\"i\":\"c76b082d-e205-42f7-8c7a-46be60fccb19\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"c76b082d-e205-42f7-8c7a-46be60fccb19\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_11\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index 4d70a4000..0e881b37d 100644
--- a/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb",
@@ -10,7 +10,7 @@
         "title": "SSL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":30,\"x\":0,\"y\":64},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":11,\"x\":37,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"9\",\"w\":13,\"x\":0,\"y\":103},\"panelIndex\":\"9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"10\",\"w\":9,\"x\":27,\"y\":103},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":14,\"x\":13,\"y\":103},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":29,\"x\":19,\"y\":45},\"panelIndex\":\"12\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":16,\"x\":8,\"y\":8},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":19,\"x\":0,\"y\":45},\"panelIndex\":\"19\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"20\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"20\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"gridData\":{\"h\":18,\"i\":\"21\",\"w\":38,\"x\":10,\"y\":27},\"panelIndex\":\"21\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"22\",\"w\":24,\"x\":0,\"y\":83},\"panelIndex\":\"22\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"23\",\"w\":24,\"x\":24,\"y\":83},\"panelIndex\":\"23\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"w\":13,\"x\":24,\"y\":8},\"panelIndex\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"w\":10,\"x\":0,\"y\":27},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":19,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"w\":18,\"x\":30,\"y\":64},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_16\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"w\":12,\"x\":36,\"y\":103},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"w\":48,\"x\":0,\"y\":122},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_18\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":30,\"x\":0,\"y\":64},\"panelIndex\":\"6\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":11,\"x\":37,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"9\",\"w\":13,\"x\":0,\"y\":103},\"panelIndex\":\"9\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"10\",\"w\":9,\"x\":27,\"y\":103},\"panelIndex\":\"10\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":14,\"x\":13,\"y\":103},\"panelIndex\":\"11\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":29,\"x\":19,\"y\":45},\"panelIndex\":\"12\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":16,\"x\":8,\"y\":8},\"panelIndex\":\"14\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":19,\"x\":0,\"y\":45},\"panelIndex\":\"19\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"20\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"20\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"gridData\":{\"h\":18,\"i\":\"21\",\"w\":38,\"x\":10,\"y\":27},\"panelIndex\":\"21\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"22\",\"w\":24,\"x\":0,\"y\":83},\"panelIndex\":\"22\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"23\",\"w\":24,\"x\":24,\"y\":83},\"panelIndex\":\"23\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"w\":13,\"x\":24,\"y\":8},\"panelIndex\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"w\":10,\"x\":0,\"y\":27},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":19,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"w\":18,\"x\":30,\"y\":64},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_16\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"w\":12,\"x\":36,\"y\":103},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"w\":48,\"x\":0,\"y\":122},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_18\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
index a128764a8..f837e057b 100644
--- a/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
+++ b/kibana/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "82da3101-2a9c-4ae2-bb61-d447a3fbe673",
@@ -10,7 +10,7 @@
         "title": "Kerberos",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":25,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":25,\"w\":19,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":17,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":19,\"y\":25,\"w\":19,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":15,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":45,\"w\":24,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":45,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":65,\"w\":28,\"h\":25,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":8,\"w\":13,\"h\":17,\"i\":\"7d02cf7a-cad4-4b2c-822d-a255de92ce23\"},\"panelIndex\":\"7d02cf7a-cad4-4b2c-822d-a255de92ce23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":38,\"y\":25,\"w\":10,\"h\":20,\"i\":\"defd333f-2642-4357-822f-9fa6f09a9356\"},\"panelIndex\":\"defd333f-2642-4357-822f-9fa6f09a9356\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":65,\"w\":20,\"h\":25,\"i\":\"6f759830-50a0-41d2-a383-b8e307be3ba3\"},\"panelIndex\":\"6f759830-50a0-41d2-a383-b8e307be3ba3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":30,\"i\":\"f0a6a77c-c3fe-48e1-aa26-870211f54ecf\"},\"panelIndex\":\"f0a6a77c-c3fe-48e1-aa26-870211f54ecf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":25,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":25,\"w\":19,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":17,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":19,\"y\":25,\"w\":19,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":15,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":45,\"w\":24,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":45,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":65,\"w\":28,\"h\":25,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":13,\"h\":17,\"i\":\"7d02cf7a-cad4-4b2c-822d-a255de92ce23\"},\"panelIndex\":\"7d02cf7a-cad4-4b2c-822d-a255de92ce23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":38,\"y\":25,\"w\":10,\"h\":20,\"i\":\"defd333f-2642-4357-822f-9fa6f09a9356\"},\"panelIndex\":\"defd333f-2642-4357-822f-9fa6f09a9356\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":65,\"w\":20,\"h\":25,\"i\":\"6f759830-50a0-41d2-a383-b8e307be3ba3\"},\"panelIndex\":\"6f759830-50a0-41d2-a383-b8e307be3ba3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":90,\"w\":48,\"h\":30,\"i\":\"f0a6a77c-c3fe-48e1-aa26-870211f54ecf\"},\"panelIndex\":\"f0a6a77c-c3fe-48e1-aa26-870211f54ecf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
index 610c37af6..32553570d 100644
--- a/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
+++ b/kibana/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "870a5862-6c26-4a08-99fd-0c06cda85ba3",
@@ -10,7 +10,7 @@
         "title": "DNP3",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":37,\"i\":\"20bab908-6058-4f9a-819b-de9011dd65b0\"},\"panelIndex\":\"20bab908-6058-4f9a-819b-de9011dd65b0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":47,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":37,\"i\":\"20bab908-6058-4f9a-819b-de9011dd65b0\"},\"panelIndex\":\"20bab908-6058-4f9a-819b-de9011dd65b0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
index 048fd4394..b34b173cc 100644
--- a/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
+++ b/kibana/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "87a32f90-ef58-11e9-974e-9d600036d105",
@@ -10,7 +10,7 @@
         "title": "MQTT",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":33,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":33,\"w\":17,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"x\":16,\"y\":53,\"w\":32,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":25,\"i\":\"12\"},\"version\":\"7.6.1\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":33,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":33,\"w\":17,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":32,\"y\":33,\"w\":16,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":21,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"x\":16,\"y\":53,\"w\":32,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":0,\"y\":74,\"w\":48,\"h\":25,\"i\":\"12\"},\"version\":\"7.6.2\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
index 2588a1e1f..08643b886 100644
--- a/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
+++ b/kibana/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "87d990cc-9e0b-41e5-b8fe-b10ae1da0c85",
@@ -10,7 +10,7 @@
         "title": "Software",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":36,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":36,\"i\":\"f99c68bd-2da6-41d5-bbd1-45f85e79526c\"},\"panelIndex\":\"f99c68bd-2da6-41d5-bbd1-45f85e79526c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":36,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":36,\"i\":\"f99c68bd-2da6-41d5-bbd1-45f85e79526c\"},\"panelIndex\":\"f99c68bd-2da6-41d5-bbd1-45f85e79526c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
index 59be11bd5..7f1b6e1d7 100644
--- a/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
+++ b/kibana/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "92985909-dc29-4533-9e80-d3182a0ecf1d",
@@ -10,7 +10,7 @@
         "title": "Syslog",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":34,\"w\":12,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":34,\"w\":12,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":34,\"w\":12,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":13,\"h\":26,\"i\":\"d1325585-cce1-46f1-acfd-59d64a8be83a\"},\"panelIndex\":\"d1325585-cce1-46f1-acfd-59d64a8be83a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":21,\"y\":8,\"w\":27,\"h\":26,\"i\":\"2abd9c38-fd1e-44fa-b391-ead499a92787\"},\"panelIndex\":\"2abd9c38-fd1e-44fa-b391-ead499a92787\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":20,\"i\":\"13e3b050-3d67-4745-a182-b462852a67ef\"},\"panelIndex\":\"13e3b050-3d67-4745-a182-b462852a67ef\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":44,\"i\":\"59631e23-e452-40a9-a9dd-7d432278d35f\"},\"panelIndex\":\"59631e23-e452-40a9-a9dd-7d432278d35f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":34,\"w\":12,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":12,\"y\":34,\"w\":12,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":34,\"w\":12,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":13,\"h\":26,\"i\":\"d1325585-cce1-46f1-acfd-59d64a8be83a\"},\"panelIndex\":\"d1325585-cce1-46f1-acfd-59d64a8be83a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":21,\"y\":8,\"w\":27,\"h\":26,\"i\":\"2abd9c38-fd1e-44fa-b391-ead499a92787\"},\"panelIndex\":\"2abd9c38-fd1e-44fa-b391-ead499a92787\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":36,\"y\":34,\"w\":12,\"h\":20,\"i\":\"13e3b050-3d67-4745-a182-b462852a67ef\"},\"panelIndex\":\"13e3b050-3d67-4745-a182-b462852a67ef\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":44,\"i\":\"59631e23-e452-40a9-a9dd-7d432278d35f\"},\"panelIndex\":\"59631e23-e452-40a9-a9dd-7d432278d35f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index b3bd61c48..d2881f878 100644
--- a/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/kibana/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "95479950-41f2-11ea-88fa-7151df485405",
@@ -10,7 +10,7 @@
         "title": "Security Overview",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":12,\"h\":23,\"i\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\"},\"panelIndex\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":0,\"w\":15,\"h\":23,\"i\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\"},\"panelIndex\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":35,\"y\":0,\"w\":13,\"h\":23,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\"},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":15,\"h\":18,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\"},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":15,\"y\":23,\"w\":15,\"h\":38,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\"},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":23,\"w\":9,\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\"},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":39,\"y\":23,\"w\":9,\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\"},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":41,\"w\":15,\"h\":20,\"i\":\"071a1c98-695f-4708-92c9-2c950e515131\"},\"panelIndex\":\"071a1c98-695f-4708-92c9-2c950e515131\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":41,\"w\":18,\"h\":20,\"i\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\"},\"panelIndex\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":61,\"w\":48,\"h\":19,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\"},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":12,\"h\":23,\"i\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\"},\"panelIndex\":\"320b8bf0-6567-4d0b-b7d1-7402baf830d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":20,\"y\":0,\"w\":15,\"h\":23,\"i\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\"},\"panelIndex\":\"8f421b7e-8ea9-4d52-a165-8e2a4fa78fd0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":35,\"y\":0,\"w\":13,\"h\":23,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\"},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":15,\"h\":18,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\"},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":15,\"y\":23,\"w\":15,\"h\":38,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\"},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":30,\"y\":23,\"w\":9,\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\"},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":39,\"y\":23,\"w\":9,\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\"},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":41,\"w\":15,\"h\":20,\"i\":\"071a1c98-695f-4708-92c9-2c950e515131\"},\"panelIndex\":\"071a1c98-695f-4708-92c9-2c950e515131\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":30,\"y\":41,\"w\":18,\"h\":20,\"i\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\"},\"panelIndex\":\"a5c3b5c2-37c3-488d-81ab-d74a89d4be84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":61,\"w\":48,\"h\":19,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\"},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
index b8153d2da..35687e791 100644
--- a/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
+++ b/kibana/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "9ee51f94-3316-4fc5-bd89-93a52af69714",
@@ -10,7 +10,7 @@
         "title": "Files",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":43,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":24,\"w\":20,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":43,\"w\":16,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":43,\"w\":16,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":16,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":43,\"w\":16,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":24,\"w\":20,\"h\":19,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":63,\"w\":48,\"h\":35,\"i\":\"8e4863be-7d69-4354-9eb4-4e30a7c983d6\"},\"panelIndex\":\"8e4863be-7d69-4354-9eb4-4e30a7c983d6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":43,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":24,\"w\":20,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":32,\"y\":43,\"w\":16,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":43,\"w\":16,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":16,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":43,\"w\":16,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":24,\"w\":20,\"h\":19,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":63,\"w\":48,\"h\":35,\"i\":\"8e4863be-7d69-4354-9eb4-4e30a7c983d6\"},\"panelIndex\":\"8e4863be-7d69-4354-9eb4-4e30a7c983d6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index 22f83dc52..3e14a580b 100644
--- a/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "a16110b0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Sum of Total Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"95f9b964-c2a2-416b-9903-8b969247e1ab\"},\"panelIndex\":\"95f9b964-c2a2-416b-9903-8b969247e1ab\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"7f315dd1-7809-49af-bed1-edfa12322240\"},\"panelIndex\":\"7f315dd1-7809-49af-bed1-edfa12322240\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"95f9b964-c2a2-416b-9903-8b969247e1ab\"},\"panelIndex\":\"95f9b964-c2a2-416b-9903-8b969247e1ab\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"7f315dd1-7809-49af-bed1-edfa12322240\"},\"panelIndex\":\"7f315dd1-7809-49af-bed1-edfa12322240\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
index 5fd716138..34f71b5f5 100644
--- a/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "a7514350-eba6-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "PROFINET",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":69,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":69,\"w\":48,\"h\":34,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":50,\"w\":19,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":27,\"y\":50,\"w\":21,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":33,\"w\":19,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":27,\"y\":33,\"w\":21,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":69,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":69,\"w\":48,\"h\":34,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":50,\"w\":19,\"h\":19,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":27,\"y\":50,\"w\":21,\"h\":19,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":19,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":33,\"w\":19,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":27,\"y\":33,\"w\":21,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index 7481515fb..dacb3098a 100644
--- a/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/kibana/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4",
@@ -10,7 +10,7 @@
         "title": "Connections",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"h\":24,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":61},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":16,\"x\":0,\"y\":131},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":21,\"i\":\"9\",\"w\":16,\"x\":16,\"y\":131},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":192},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":192},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":192},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":25,\"i\":\"19\",\"w\":25,\"x\":23,\"y\":106},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":29,\"i\":\"21\",\"w\":19,\"x\":29,\"y\":8},\"panelIndex\":\"21\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":23,\"i\":\"22\",\"w\":17,\"x\":16,\"y\":83},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":23,\"i\":\"23\",\"w\":15,\"x\":33,\"y\":83},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":23,\"i\":\"24\",\"w\":16,\"x\":0,\"y\":83},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":13,\"i\":\"26\",\"w\":8,\"x\":0,\"y\":24},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":8,\"i\":\"29\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":25,\"i\":\"30\",\"w\":23,\"x\":0,\"y\":106},\"panelIndex\":\"30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":21,\"i\":\"31\",\"w\":16,\"x\":32,\"y\":131},\"panelIndex\":\"31\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"32\",\"w\":24,\"x\":0,\"y\":172},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"33\",\"w\":24,\"x\":24,\"y\":172},\"panelIndex\":\"33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_18\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"34\",\"w\":24,\"x\":0,\"y\":152},\"panelIndex\":\"34\",\"embeddableConfig\":{},\"panelRefName\":\"panel_19\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":20,\"i\":\"35\",\"w\":24,\"x\":24,\"y\":152},\"panelIndex\":\"35\",\"embeddableConfig\":{},\"panelRefName\":\"panel_20\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":24,\"i\":\"36\",\"w\":24,\"x\":0,\"y\":37},\"panelIndex\":\"36\",\"embeddableConfig\":{},\"panelRefName\":\"panel_21\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":24,\"i\":\"37\",\"w\":24,\"x\":24,\"y\":37},\"panelIndex\":\"37\",\"embeddableConfig\":{},\"panelRefName\":\"panel_22\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":29,\"i\":\"38\",\"w\":12,\"x\":17,\"y\":8},\"panelIndex\":\"38\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"legendOpen\":true},\"panelRefName\":\"panel_23\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":29,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"w\":9,\"x\":8,\"y\":8},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"embeddableConfig\":{},\"panelRefName\":\"panel_24\"},{\"version\":\"7.6.1\",\"gridData\":{\"h\":37,\"i\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"w\":48,\"x\":0,\"y\":212},\"panelIndex\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_25\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"h\":24,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":61},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":16,\"x\":0,\"y\":131},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":21,\"i\":\"9\",\"w\":16,\"x\":16,\"y\":131},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":192},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":192},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":192},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":25,\"i\":\"19\",\"w\":25,\"x\":23,\"y\":106},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":29,\"i\":\"21\",\"w\":19,\"x\":29,\"y\":8},\"panelIndex\":\"21\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":23,\"i\":\"22\",\"w\":17,\"x\":16,\"y\":83},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":23,\"i\":\"23\",\"w\":15,\"x\":33,\"y\":83},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":23,\"i\":\"24\",\"w\":16,\"x\":0,\"y\":83},\"panelIndex\":\"24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":13,\"i\":\"26\",\"w\":8,\"x\":0,\"y\":24},\"panelIndex\":\"26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":8,\"i\":\"29\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":25,\"i\":\"30\",\"w\":23,\"x\":0,\"y\":106},\"panelIndex\":\"30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":21,\"i\":\"31\",\"w\":16,\"x\":32,\"y\":131},\"panelIndex\":\"31\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":20,\"i\":\"32\",\"w\":24,\"x\":0,\"y\":172},\"panelIndex\":\"32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":20,\"i\":\"33\",\"w\":24,\"x\":24,\"y\":172},\"panelIndex\":\"33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_18\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":20,\"i\":\"34\",\"w\":24,\"x\":0,\"y\":152},\"panelIndex\":\"34\",\"embeddableConfig\":{},\"panelRefName\":\"panel_19\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":20,\"i\":\"35\",\"w\":24,\"x\":24,\"y\":152},\"panelIndex\":\"35\",\"embeddableConfig\":{},\"panelRefName\":\"panel_20\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":24,\"i\":\"36\",\"w\":24,\"x\":0,\"y\":37},\"panelIndex\":\"36\",\"embeddableConfig\":{},\"panelRefName\":\"panel_21\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":24,\"i\":\"37\",\"w\":24,\"x\":24,\"y\":37},\"panelIndex\":\"37\",\"embeddableConfig\":{},\"panelRefName\":\"panel_22\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":29,\"i\":\"38\",\"w\":12,\"x\":17,\"y\":8},\"panelIndex\":\"38\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"legendOpen\":true},\"panelRefName\":\"panel_23\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":29,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"w\":9,\"x\":8,\"y\":8},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"embeddableConfig\":{},\"panelRefName\":\"panel_24\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":37,\"i\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"w\":48,\"x\":0,\"y\":212},\"panelIndex\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_25\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
index 0be48aa86..ea73c10b9 100644
--- a/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
+++ b/kibana/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "ae79b7d1-4281-4095-b2f6-fa7eafda9970",
@@ -10,7 +10,7 @@
         "title": "RADIUS",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":49,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":22,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":49,\"w\":24,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":49,\"w\":24,\"h\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":22,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":35,\"i\":\"1422b8a5-559d-4c37-91aa-cc36a293ddff\"},\"panelIndex\":\"1422b8a5-559d-4c37-91aa-cc36a293ddff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":49,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":27,\"w\":14,\"h\":22,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":22,\"y\":27,\"w\":14,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":49,\"w\":24,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":49,\"w\":24,\"h\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":22,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":35,\"i\":\"1422b8a5-559d-4c37-91aa-cc36a293ddff\"},\"panelIndex\":\"1422b8a5-559d-4c37-91aa-cc36a293ddff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
index dfad011eb..a9c09b080 100644
--- a/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
+++ b/kibana/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "af5df620-eeb6-11e9-bdef-65a192b7f586",
@@ -10,7 +10,7 @@
         "title": "NTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":29,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":28,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":8,\"w\":21,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":28,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":20,\"i\":\"13\"},\"version\":\"7.6.1\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":29,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":28,\"w\":24,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":27,\"y\":8,\"w\":21,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":28,\"w\":24,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":48,\"w\":24,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":20,\"i\":\"13\"},\"version\":\"7.6.2\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
index dea52cbfe..62aec75ea 100644
--- a/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
+++ b/kibana/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "b50c8d17-6ed3-4de6-aed4-5181032810b2",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Originator Bytes",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"5a871ebe-5904-4f52-ab3a-e3da4846933d\"},\"panelIndex\":\"5a871ebe-5904-4f52-ab3a-e3da4846933d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"3b635110-907e-457a-bfdf-b86a667a8483\"},\"panelIndex\":\"3b635110-907e-457a-bfdf-b86a667a8483\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"5a871ebe-5904-4f52-ab3a-e3da4846933d\"},\"panelIndex\":\"5a871ebe-5904-4f52-ab3a-e3da4846933d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"3b635110-907e-457a-bfdf-b86a667a8483\"},\"panelIndex\":\"3b635110-907e-457a-bfdf-b86a667a8483\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index dce2c25ea..8f6324f4e 100644
--- a/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "b9f247c0-3f99-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Top Connection Duration (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"c96be8c5-f3a1-4d01-a747-66cc2d298318\"},\"panelIndex\":\"c96be8c5-f3a1-4d01-a747-66cc2d298318\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"266c822f-c268-4e47-a53e-90b6ecf74660\"},\"panelIndex\":\"266c822f-c268-4e47-a53e-90b6ecf74660\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"c96be8c5-f3a1-4d01-a747-66cc2d298318\"},\"panelIndex\":\"c96be8c5-f3a1-4d01-a747-66cc2d298318\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"266c822f-c268-4e47-a53e-90b6ecf74660\"},\"panelIndex\":\"266c822f-c268-4e47-a53e-90b6ecf74660\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
index 185b2d3d3..94fb63ec2 100644
--- a/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
+++ b/kibana/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "bb827f8e-639e-468c-93c8-9f5bc132eb8f",
@@ -10,7 +10,7 @@
         "title": "SMTP",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":40,\"x\":8,\"y\":23},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"7\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"9\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"10\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"11\",\"w\":10,\"x\":28,\"y\":8},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":13,\"x\":0,\"y\":65},\"panelIndex\":\"13\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"14\",\"w\":13,\"x\":13,\"y\":65},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":22,\"x\":26,\"y\":65},\"panelIndex\":\"16\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"19\",\"w\":8,\"x\":0,\"y\":29},\"panelIndex\":\"19\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"20\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"20\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"633e2c8c-ef8e-48b1-b0a4-546a5adff4e4\",\"w\":10,\"x\":38,\"y\":8},\"panelIndex\":\"633e2c8c-ef8e-48b1-b0a4-546a5adff4e4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":40,\"i\":\"10319c5c-00bb-41a9-bbab-010e21fd4dfb\",\"w\":48,\"x\":0,\"y\":85},\"panelIndex\":\"10319c5c-00bb-41a9-bbab-010e21fd4dfb\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_13\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":40,\"x\":8,\"y\":23},\"panelIndex\":\"6\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"7\",\"w\":20,\"x\":8,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"9\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"9\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"10\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"10\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"11\",\"w\":10,\"x\":28,\"y\":8},\"panelIndex\":\"11\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":13,\"x\":0,\"y\":65},\"panelIndex\":\"13\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"14\",\"w\":13,\"x\":13,\"y\":65},\"panelIndex\":\"14\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":22,\"x\":26,\"y\":65},\"panelIndex\":\"16\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"19\",\"w\":8,\"x\":0,\"y\":29},\"panelIndex\":\"19\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"20\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"20\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"633e2c8c-ef8e-48b1-b0a4-546a5adff4e4\",\"w\":10,\"x\":38,\"y\":8},\"panelIndex\":\"633e2c8c-ef8e-48b1-b0a4-546a5adff4e4\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":40,\"i\":\"10319c5c-00bb-41a9-bbab-010e21fd4dfb\",\"w\":48,\"x\":0,\"y\":85},\"panelIndex\":\"10319c5c-00bb-41a9-bbab-010e21fd4dfb\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
index 65bce743f..111b2b3ef 100644
--- a/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "bed185a0-ef82-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":7,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":0,\"w\":33,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":11,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":35,\"y\":14,\"w\":13,\"h\":20,\"i\":\"7\"},\"version\":\"7.6.1\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":34,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":7,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":0,\"w\":33,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":16,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":14,\"w\":11,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":35,\"y\":14,\"w\":13,\"h\":20,\"i\":\"7\"},\"version\":\"7.6.2\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
index 5257ba03e..39c63f76b 100644
--- a/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
+++ b/kibana/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "caef3ade-d289-4d05-a511-149f3e97f238",
@@ -10,7 +10,7 @@
         "title": "SSH",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":30,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":30,\"w\":17,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":17,\"y\":30,\"w\":17,\"h\":22,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":34,\"y\":30,\"w\":14,\"h\":22,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":52,\"w\":18,\"h\":21,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":8,\"w\":28,\"h\":22,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":22,\"i\":\"1becdc6f-a3f4-46f7-b5b0-72a67a679e0f\"},\"panelIndex\":\"1becdc6f-a3f4-46f7-b5b0-72a67a679e0f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":52,\"w\":15,\"h\":21,\"i\":\"68d1576b-a947-46f9-a99d-b951a09a95c7\"},\"panelIndex\":\"68d1576b-a947-46f9-a99d-b951a09a95c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":52,\"w\":15,\"h\":21,\"i\":\"4a419bd4-4f84-446b-b269-1f6f1c2c27fe\"},\"panelIndex\":\"4a419bd4-4f84-446b-b269-1f6f1c2c27fe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":73,\"w\":24,\"h\":21,\"i\":\"db42e16c-0961-4dda-a58a-dd44b5197bcf\"},\"panelIndex\":\"db42e16c-0961-4dda-a58a-dd44b5197bcf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":73,\"w\":24,\"h\":21,\"i\":\"26424c79-7bf6-45f0-bf5c-ca687818490b\"},\"panelIndex\":\"26424c79-7bf6-45f0-bf5c-ca687818490b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":94,\"w\":48,\"h\":36,\"i\":\"4afc3dad-4ba2-4e21-9f31-87453145b668\"},\"panelIndex\":\"4afc3dad-4ba2-4e21-9f31-87453145b668\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":30,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":30,\"w\":17,\"h\":22,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":17,\"y\":30,\"w\":17,\"h\":22,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":34,\"y\":30,\"w\":14,\"h\":22,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":52,\"w\":18,\"h\":21,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":20,\"y\":8,\"w\":28,\"h\":22,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":22,\"i\":\"1becdc6f-a3f4-46f7-b5b0-72a67a679e0f\"},\"panelIndex\":\"1becdc6f-a3f4-46f7-b5b0-72a67a679e0f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":18,\"y\":52,\"w\":15,\"h\":21,\"i\":\"68d1576b-a947-46f9-a99d-b951a09a95c7\"},\"panelIndex\":\"68d1576b-a947-46f9-a99d-b951a09a95c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":33,\"y\":52,\"w\":15,\"h\":21,\"i\":\"4a419bd4-4f84-446b-b269-1f6f1c2c27fe\"},\"panelIndex\":\"4a419bd4-4f84-446b-b269-1f6f1c2c27fe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":73,\"w\":24,\"h\":21,\"i\":\"db42e16c-0961-4dda-a58a-dd44b5197bcf\"},\"panelIndex\":\"db42e16c-0961-4dda-a58a-dd44b5197bcf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":73,\"w\":24,\"h\":21,\"i\":\"26424c79-7bf6-45f0-bf5c-ca687818490b\"},\"panelIndex\":\"26424c79-7bf6-45f0-bf5c-ca687818490b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":94,\"w\":48,\"h\":36,\"i\":\"4afc3dad-4ba2-4e21-9f31-87453145b668\"},\"panelIndex\":\"4afc3dad-4ba2-4e21-9f31-87453145b668\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index 8e7ee927b..cdff68619 100644
--- a/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "d41fe630-3f98-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Originator Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"aa2d7102-11ce-426c-9979-82d5bd6d6d3b\"},\"panelIndex\":\"aa2d7102-11ce-426c-9979-82d5bd6d6d3b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"8519445c-b38a-4d86-bff3-e42b2b231ca4\"},\"panelIndex\":\"8519445c-b38a-4d86-bff3-e42b2b231ca4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"aa2d7102-11ce-426c-9979-82d5bd6d6d3b\"},\"panelIndex\":\"aa2d7102-11ce-426c-9979-82d5bd6d6d3b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"8519445c-b38a-4d86-bff3-e42b2b231ca4\"},\"panelIndex\":\"8519445c-b38a-4d86-bff3-e42b2b231ca4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
index b1c94180d..2af3415c3 100644
--- a/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
+++ b/kibana/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "d4fd6afd-15cb-42bf-8a25-03dd8e59b327",
@@ -10,7 +10,7 @@
         "title": "Connections - Destination - Responder Bytes",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"d4b659f9-f6be-441e-a6c4-ea4acab7619d\"},\"panelIndex\":\"d4b659f9-f6be-441e-a6c4-ea4acab7619d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"a23bbf3d-6744-4dc7-a46a-50f450b6bff4\"},\"panelIndex\":\"a23bbf3d-6744-4dc7-a46a-50f450b6bff4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"d4b659f9-f6be-441e-a6c4-ea4acab7619d\"},\"panelIndex\":\"d4b659f9-f6be-441e-a6c4-ea4acab7619d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"a23bbf3d-6744-4dc7-a46a-50f450b6bff4\"},\"panelIndex\":\"a23bbf3d-6744-4dc7-a46a-50f450b6bff4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
index b678b9f8e..55ce598cc 100644
--- a/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
+++ b/kibana/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "e09a4b86-29b5-4256-bb3b-802ac9f90404",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Top Connection Duration",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"03359f20-178f-4878-b423-ec2b347e5d9a\"},\"panelIndex\":\"03359f20-178f-4878-b423-ec2b347e5d9a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"e854052a-b93b-4de5-8ae3-46cef99a54ce\"},\"panelIndex\":\"e854052a-b93b-4de5-8ae3-46cef99a54ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"03359f20-178f-4878-b423-ec2b347e5d9a\"},\"panelIndex\":\"03359f20-178f-4878-b423-ec2b347e5d9a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"e854052a-b93b-4de5-8ae3-46cef99a54ce\"},\"panelIndex\":\"e854052a-b93b-4de5-8ae3-46cef99a54ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
index 9efe8f0d7..0b5e17bda 100644
--- a/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
+++ b/kibana/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "e76d05c0-eb9f-11e9-a384-0fcf32210194",
@@ -10,7 +10,7 @@
         "title": "S7comm",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":51,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":34,\"w\":20,\"h\":17,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":20,\"h\":17,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":14,\"w\":20,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":51,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":34,\"w\":20,\"h\":17,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":34,\"w\":20,\"h\":17,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":14,\"w\":20,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":14,\"w\":20,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":51,\"w\":24,\"h\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":51,\"w\":24,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index 990d2b133..44b86efc3 100644
--- a/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/kibana/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "ed8a6640-3f98-11e9-a58e-8bdedb0915e8",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Responder Bytes (region map)",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.1\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
+        "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":40,\"i\":\"3\"},\"version\":\"7.6.2\",\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[0,0],\"mapZoom\":3},\"panelRefName\":\"panel_1\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
index e1d65e8b1..58252c53d 100644
--- a/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
+++ b/kibana/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "f1f09567-fc7f-450b-a341-19d2f2bb468b",
@@ -10,7 +10,7 @@
         "title": "Notices",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"5\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":0,\"y\":30},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"8\",\"w\":13,\"x\":13,\"y\":30},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":17,\"x\":8,\"y\":11},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":67},\"panelIndex\":\"12\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":67},\"panelIndex\":\"13\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":11,\"x\":25,\"y\":11},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"15\",\"w\":48,\"x\":0,\"y\":49},\"panelIndex\":\"15\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":86},\"panelIndex\":\"17\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"18\",\"w\":22,\"x\":26,\"y\":30},\"panelIndex\":\"18\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":12,\"x\":36,\"y\":11},\"panelIndex\":\"19\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_12\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"5\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"5\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":0,\"y\":30},\"panelIndex\":\"7\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"8\",\"w\":13,\"x\":13,\"y\":30},\"panelIndex\":\"8\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":17,\"x\":8,\"y\":11},\"panelIndex\":\"11\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":67},\"panelIndex\":\"12\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":67},\"panelIndex\":\"13\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":11,\"x\":25,\"y\":11},\"panelIndex\":\"14\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"15\",\"w\":48,\"x\":0,\"y\":49},\"panelIndex\":\"15\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":86},\"panelIndex\":\"17\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"18\",\"w\":22,\"x\":26,\"y\":30},\"panelIndex\":\"18\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":12,\"x\":36,\"y\":11},\"panelIndex\":\"19\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_12\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
index 11858d6d8..b5454a926 100644
--- a/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
+++ b/kibana/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "f394057d-1b16-4174-b994-7045f423a416",
@@ -10,7 +10,7 @@
         "title": "Connections - Source - Sum of Total Bytes",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"0a22cd88-c236-4994-9b27-db3f5b731d7f\"},\"panelIndex\":\"0a22cd88-c236-4994-9b27-db3f5b731d7f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"4a3f5963-08e0-4206-aede-70e943fed585\"},\"panelIndex\":\"4a3f5963-08e0-4206-aede-70e943fed585\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":50,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":8,\"h\":15,\"i\":\"0a22cd88-c236-4994-9b27-db3f5b731d7f\"},\"panelIndex\":\"0a22cd88-c236-4994-9b27-db3f5b731d7f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":38,\"w\":8,\"h\":12,\"i\":\"4a3f5963-08e0-4206-aede-70e943fed585\"},\"panelIndex\":\"4a3f5963-08e0-4206-aede-70e943fed585\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
index 8522b7b45..d0df9464a 100644
--- a/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
+++ b/kibana/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "f77bf097-18a8-465c-b634-eb2acc7a4f26",
@@ -10,7 +10,7 @@
         "title": "RFB",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"legendOpen\":true,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":21,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":18,\"x\":0,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":48},\"panelIndex\":\"11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":48},\"panelIndex\":\"12\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":48},\"panelIndex\":\"13\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"14\",\"w\":15,\"x\":33,\"y\":27},\"panelIndex\":\"14\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"15\",\"w\":15,\"x\":18,\"y\":27},\"panelIndex\":\"15\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"16\",\"w\":14,\"x\":34,\"y\":8},\"panelIndex\":\"16\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"17\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":38,\"i\":\"2e466042-c74a-4549-9419-847d918823ae\",\"w\":48,\"x\":0,\"y\":70},\"panelIndex\":\"2e466042-c74a-4549-9419-847d918823ae\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_12\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"legendOpen\":true,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":21,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":18,\"x\":0,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":48},\"panelIndex\":\"11\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":48},\"panelIndex\":\"12\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":48},\"panelIndex\":\"13\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"14\",\"w\":15,\"x\":33,\"y\":27},\"panelIndex\":\"14\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"15\",\"w\":15,\"x\":18,\"y\":27},\"panelIndex\":\"15\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"16\",\"w\":14,\"x\":34,\"y\":8},\"panelIndex\":\"16\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"17\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":38,\"i\":\"2e466042-c74a-4549-9419-847d918823ae\",\"w\":48,\"x\":0,\"y\":70},\"panelIndex\":\"2e466042-c74a-4549-9419-847d918823ae\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_12\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
index d0ff3b51e..bb574a9ce 100644
--- a/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
+++ b/kibana/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "fa141950-ef89-11e9-b38a-2db3ee640e88",
@@ -10,7 +10,7 @@
         "title": "Tabular Data Stream - SQL",
         "hits": 0,
         "description": "",
-        "panelsJSON": "[{\"gridData\":{\"h\":47,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"2\",\"w\":48,\"x\":0,\"y\":47},\"panelIndex\":\"2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":11,\"x\":21,\"y\":8},\"panelIndex\":\"6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":40,\"x\":8,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"}]",
+        "panelsJSON": "[{\"gridData\":{\"h\":47,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"2\",\"w\":48,\"x\":0,\"y\":47},\"panelIndex\":\"2\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"5\",\"w\":13,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"6\",\"w\":11,\"x\":21,\"y\":8},\"panelIndex\":\"6\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"7\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":40,\"x\":8,\"y\":27},\"panelIndex\":\"8\",\"version\":\"7.6.2\",\"panelRefName\":\"panel_7\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
diff --git a/kibana/elastalert-kibana-plugin/server/routes/elastalert.js b/kibana/elastalert-kibana-plugin/server/routes/elastalert.js
new file mode 100644
index 000000000..1e97abcaf
--- /dev/null
+++ b/kibana/elastalert-kibana-plugin/server/routes/elastalert.js
@@ -0,0 +1,27 @@
+export default function(server, options) {
+  const baseUri = `http${options.serverSsl ? 's' : ''}://${options.serverHost}:${options.serverPort}`;
+
+  // Route every request to the ElastAlert API
+  const handler = {
+    proxy: {
+      mapUri: request => {
+        return { uri: `${baseUri}/${request.params.path || ''}` };
+      }
+    }
+  };
+
+  ['GET', 'POST', 'DELETE'].forEach(method => {
+     server.route({
+       path: '/api/elastalert/{path*}',
+       method,
+       handler,
+       config:
+         method === 'GET'
+           ? undefined
+           : {
+               validate: { payload: null },
+               payload: { parse: false },
+             },
+      });
+  });
+}
diff --git a/kibana/kibana-offline-maps.yml b/kibana/kibana-offline-maps.yml
index eb33b1bf4..b40344f29 100644
--- a/kibana/kibana-offline-maps.yml
+++ b/kibana/kibana-offline-maps.yml
@@ -8,8 +8,8 @@ server.rewriteBasePath: true
 elasticsearch.hosts: ["${ELASTICSEARCH_URL}"]
 elasticsearch.requestTimeout: 180000
 kibana.defaultAppId: "dashboard/${KIBANA_DEFAULT_DASHBOARD}"
-# elastalert-kibana-plugin.serverHost: elastalert
-# elastalert-kibana-plugin.serverPort: 3030
+elastalert-kibana-plugin.serverHost: elastalert
+elastalert-kibana-plugin.serverPort: 3030
 
 # offline region map
 map.regionmap:
diff --git a/kibana/kibana-standard.yml b/kibana/kibana-standard.yml
index 40385bff3..e6699ce38 100644
--- a/kibana/kibana-standard.yml
+++ b/kibana/kibana-standard.yml
@@ -8,6 +8,6 @@ server.rewriteBasePath: true
 elasticsearch.hosts: ["${ELASTICSEARCH_URL}"]
 elasticsearch.requestTimeout: 180000
 kibana.defaultAppId: "dashboard/${KIBANA_DEFAULT_DASHBOARD}"
-# elastalert-kibana-plugin.serverHost: elastalert
-# elastalert-kibana-plugin.serverPort: 3030
+elastalert-kibana-plugin.serverHost: elastalert
+elastalert-kibana-plugin.serverPort: 3030
 
diff --git a/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot b/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
index 46435a12f..1a5544982 100755
--- a/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-BEATS_VER="7.6.1"
+BEATS_VER="7.6.2"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json b/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
index 362473026..1bb9304f7 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
+++ b/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "072befc0-ffba-11e8-a854-ad7782ef6a55",
diff --git a/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json b/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
index 7fe50ce71..ba4da7d03 100644
--- a/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
+++ b/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "1ca59220-ffb0-11e8-a854-ad7782ef6a55",
diff --git a/moloch/moloch_regression_test_harness/docker-compose.yml b/moloch/moloch_regression_test_harness/docker-compose.yml
index e48948bf0..3e1372328 100644
--- a/moloch/moloch_regression_test_harness/docker-compose.yml
+++ b/moloch/moloch_regression_test_harness/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3.7'
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.1
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.2
     restart: "no"
     environment:
       logger.level : 'INFO'
diff --git a/sensor-iso/beats/Dockerfile b/sensor-iso/beats/Dockerfile
index 4f6305c91..8e490c04f 100644
--- a/sensor-iso/beats/Dockerfile
+++ b/sensor-iso/beats/Dockerfile
@@ -28,7 +28,7 @@ RUN apt-get update && apt-get install -y \
     bash -c "curl https://glide.sh/get | bash"
 
 ENV BEATS=metricbeat
-ENV BEATS_VERSION=7.6.1
+ENV BEATS_VERSION=7.6.2
 
 ADD ./build.sh /build.sh
 RUN [ "chmod", "+x", "/build.sh" ]
diff --git a/sensor-iso/beats/beat-build.sh b/sensor-iso/beats/beat-build.sh
index f62f40848..6a9532d21 100755
--- a/sensor-iso/beats/beat-build.sh
+++ b/sensor-iso/beats/beat-build.sh
@@ -2,7 +2,7 @@
 
 # Copyright (c) 2018 Battelle Energy Alliance, LLC.  All rights reserved.
 
-VERSION="7.6.1"
+VERSION="7.6.2"
 THIRD_PARTY_BRANCH="master"
 while getopts b:v:t: opts; do
    case ${opts} in
diff --git a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
index 00a772f64..067c9ba55 100755
--- a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
+++ b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -11,7 +11,7 @@ ZEEK_PATCH_URLS=(
   # nothing here for now
 )
 
-BEATS_VER="7.6.1"
+BEATS_VER="7.6.2"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json b/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
index 362473026..1bb9304f7 100644
--- a/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
+++ b/sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "072befc0-ffba-11e8-a854-ad7782ef6a55",
diff --git a/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json b/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
index 7fe50ce71..ba4da7d03 100644
--- a/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
+++ b/sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.6.1",
+  "version": "7.6.2",
   "objects": [
     {
       "id": "1ca59220-ffb0-11e8-a854-ad7782ef6a55",
diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
index dbdc3a653..7fd44f637 100644
--- a/sensor-iso/docs/Notes.md
+++ b/sensor-iso/docs/Notes.md
@@ -1763,7 +1763,7 @@ The Elastic Stack's [Beats](https://www.elastic.co/products/beats) platform is a
 
 set -e
 
-BEATS_VER="7.6.1"
+BEATS_VER="7.6.2"
 BEATS_OSS="-oss"
 BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
 BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
diff --git a/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json b/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
index b9dddb182..dacd12f90 100644
--- a/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
+++ b/sensor-iso/interface/sensor_ctl/heatbeat/protologbeat.template.json
@@ -2,7 +2,7 @@
   "index_patterns": ["protologbeat-*"],
   "mappings": {
     "_meta": {
-      "version": "7.6.1"
+      "version": "7.6.2"
     },
     "dynamic_templates": [{
       "strings_as_keyword": {

From 733ba5a07a86560e08c2e93fd616d240156f4f26 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Mon, 6 Apr 2020 14:44:11 -0600
Subject: [PATCH 178/183] use default theme in elastalert kibana editor

---
 Dockerfiles/kibana.Dockerfile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
index 1fc3af2c6..ea7a1691c 100644
--- a/Dockerfiles/kibana.Dockerfile
+++ b/Dockerfiles/kibana.Dockerfile
@@ -75,11 +75,15 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     (echo -e "*/2 * * * * su -c /data/kibana-create-moloch-sessions-index.sh kibana >/dev/null 2>&1\n0 * * * * su -c /data/kibana_index_refresh.py kibana >/dev/null 2>&1\n" | crontab -) && \
     cd /tmp && \
     echo "Installing ElastAlert plugin..." && \
-      unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json && \
+      unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json kibana/elastalert-kibana-plugin/public/components/main/main.js && \
       sed -i "s/7\.5\.0/7\.6\.2/g" kibana/elastalert-kibana-plugin/package.json && \
+      sed -i "s/^import.*eui_theme_light.css.*$//" kibana/elastalert-kibana-plugin/public/components/main/main.js && \
       mkdir -p kibana/elastalert-kibana-plugin/server/routes/ && \
       cp /tmp/elastalert-server-routes.js kibana/elastalert-kibana-plugin/server/routes/elastalert.js && \
-      zip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json kibana/elastalert-kibana-plugin/server/routes/elastalert.js && \
+      zip elastalert-kibana-plugin.zip \
+          kibana/elastalert-kibana-plugin/package.json \
+          kibana/elastalert-kibana-plugin/public/components/main/main.js \
+          kibana/elastalert-kibana-plugin/server/routes/elastalert.js && \
       cd /usr/share/kibana/plugins && \
       /usr/share/kibana/bin/kibana-plugin install file:///tmp/elastalert-kibana-plugin.zip --allow-root && \
       rm -rf /tmp/elastalert-kibana-plugin.zip /tmp/elastalert.js /tmp/kibana && \

From 8d85cb097755e8e3974b5cd8705c43b6cff0f47f Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 7 Apr 2020 08:24:06 -0600
Subject: [PATCH 179/183] update kibana plugin version

---
 Dockerfiles/kibana.Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
index ea7a1691c..20aefd3f9 100644
--- a/Dockerfiles/kibana.Dockerfile
+++ b/Dockerfiles/kibana.Dockerfile
@@ -48,7 +48,7 @@ ADD kibana/supervisord.conf /etc/supervisord.conf
 ADD kibana/dashboards /opt/kibana/dashboards
 ADD kibana/maps /opt/maps
 ADD https://github.com/gwintzer/kibana-comments-app-plugin/releases/download/7.4.0/kibana-comments-app-plugin-7.4.0-latest.zip /tmp/kibana-comments.zip
-ADD https://github.com/prelert/kibana-swimlane-vis/releases/download/v7.6.0/prelert_swimlane_vis-7.6.0.zip /tmp/kibana-swimlane.zip
+ADD https://github.com/prelert/kibana-swimlane-vis/releases/download/v7.6.2/prelert_swimlane_vis-7.6.2.zip /tmp/kibana-swimlane.zip
 ADD https://github.com/bitsensor/elastalert-kibana-plugin/releases/download/1.1.0/elastalert-kibana-plugin-1.1.0-7.5.0.zip /tmp/elastalert-kibana-plugin.zip
 ADD kibana/elastalert-kibana-plugin/server/routes/elastalert.js /tmp/elastalert-server-routes.js
 
@@ -98,7 +98,7 @@ RUN chmod 755 /data/*.sh /data/*.py && \
     cd /tmp && \
     echo "Installing Swimlanes visualization..." && \
       unzip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
-      sed -i "s/7\.6\.0/7\.6\.2/g" kibana/prelert_swimlane_vis/package.json && \
+      sed -i "s/7\.6\.2/7\.6\.2/g" kibana/prelert_swimlane_vis/package.json && \
       zip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
       cd /usr/share/kibana/plugins && \
       /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \

From acc90c3a31981ee2ef4719c9e8dcb1e661408563 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 7 Apr 2020 08:24:32 -0600
Subject: [PATCH 180/183] add user to vboxsf group for using shared folders

---
 malcolm-iso/config/includes.binary/install/preseed_base.cfg | 2 +-
 malcolm-iso/config/includes.chroot/etc/live/config.conf     | 2 +-
 sensor-iso/config/includes.binary/install/preseed_base.cfg  | 2 +-
 sensor-iso/config/includes.chroot/etc/live/config.conf      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/malcolm-iso/config/includes.binary/install/preseed_base.cfg b/malcolm-iso/config/includes.binary/install/preseed_base.cfg
index ba51b4b7d..411f8bac2 100644
--- a/malcolm-iso/config/includes.binary/install/preseed_base.cfg
+++ b/malcolm-iso/config/includes.binary/install/preseed_base.cfg
@@ -18,7 +18,7 @@ d-i localepurge/remove_no note
 
 # d-i passwd/username string analyst
 # d-i passwd/user-fullname string analyst
-d-i passwd/user-default-groups string audio cdrom video netdev plugdev docker
+d-i passwd/user-default-groups string audio cdrom video netdev plugdev docker vboxsf
 d-i passwd/root-login boolean true
 
 # crypted passwords via: mkpasswd -m sha-512 -S $(pwgen -ns 16 1) <password>
diff --git a/malcolm-iso/config/includes.chroot/etc/live/config.conf b/malcolm-iso/config/includes.chroot/etc/live/config.conf
index 14d9e9b90..5400a4626 100644
--- a/malcolm-iso/config/includes.chroot/etc/live/config.conf
+++ b/malcolm-iso/config/includes.chroot/etc/live/config.conf
@@ -2,5 +2,5 @@ LIVE_LOCALES="en_US.UTF-8"
 LIVE_HOSTNAME="malcolm-live"
 LIVE_USERNAME="analyst"
 LIVE_USER_FULLNAME="Malcolm Live Analyst"
-LIVE_USER_DEFAULT_GROUPS="adm audio cdrom disk docker netdev plugdev sudo video"
+LIVE_USER_DEFAULT_GROUPS="adm audio cdrom disk docker netdev plugdev sudo video vboxsf"
 
diff --git a/sensor-iso/config/includes.binary/install/preseed_base.cfg b/sensor-iso/config/includes.binary/install/preseed_base.cfg
index b6aa69a7b..f4219cfe9 100644
--- a/sensor-iso/config/includes.binary/install/preseed_base.cfg
+++ b/sensor-iso/config/includes.binary/install/preseed_base.cfg
@@ -19,7 +19,7 @@ d-i clock-setup/ntp-server string 0.debian.pool.ntp.org
 
 d-i passwd/username string sensor
 d-i passwd/user-fullname string sensor
-d-i passwd/user-default-groups string audio cdrom video netdev plugdev
+d-i passwd/user-default-groups string audio cdrom video netdev plugdev vboxsf
 d-i passwd/root-login boolean true
 
 # crypted passwords via: mkpasswd -m sha-512 -S $(pwgen -ns 16 1) <password>
diff --git a/sensor-iso/config/includes.chroot/etc/live/config.conf b/sensor-iso/config/includes.chroot/etc/live/config.conf
index e6d47621d..0542d48fe 100644
--- a/sensor-iso/config/includes.chroot/etc/live/config.conf
+++ b/sensor-iso/config/includes.chroot/etc/live/config.conf
@@ -2,4 +2,4 @@ LIVE_LOCALES="en_US.UTF-8"
 LIVE_HOSTNAME="sensor-live"
 LIVE_USERNAME="sensor"
 LIVE_USER_FULLNAME="sensor"
-LIVE_USER_DEFAULT_GROUPS="adm audio cdrom disk netdev plugdev sudo video"
+LIVE_USER_DEFAULT_GROUPS="adm audio cdrom disk netdev plugdev sudo video vboxsf"

From ac8c4a24f9273415e702b1f9b6107ededca5e00b Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Tue, 7 Apr 2020 14:27:17 -0600
Subject: [PATCH 181/183] the 'run a separate instance of Zeek locally' use
 case isn't really a big enough use case to have a whole separate
 docker-compose file for it; especially with the ISO and live capture methods.

---
 README.md                               |  19 --
 docker-compose-standalone-zeek-live.yml | 427 ------------------------
 malcolm-iso/build.sh                    |   1 -
 scripts/malcolm_appliance_packager.sh   |   1 -
 4 files changed, 448 deletions(-)
 delete mode 100644 docker-compose-standalone-zeek-live.yml

diff --git a/README.md b/README.md
index e3b6d863d..debc950d3 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,6 @@ In short, Malcolm provides an easily deployable network analysis tool suite for
     * [Capturing traffic on local network interfaces](#LocalPCAP)
     * [Using a network sensor appliance](#Hedgehog)
     * [Manually forwarding Zeek logs from an external source](#ZeekForward)
-    * [Monitoring a local Zeek instance](#LiveZeek) 
 * [Moloch](#Moloch)
     * [Zeek log integration](#MolochZeek)
         - [Correlating Zeek logs and Moloch sessions](#ZeekMolochFlowCorrelation)
@@ -309,7 +308,6 @@ and the following files of special note:
 * `net-map.json` - an alternative to `cidr-map.txt` and `host-map.txt`, mapping hosts and network segments to their names in a JSON-formatted file
 * `docker-compose.yml` - the configuration file used by `docker-compose` to build, start, and stop an instance of the Malcolm appliance
 * `docker-compose-standalone.yml` - similar to `docker-compose.yml`, only used for the ["packaged"](#Packager) installation of Malcolm
-* `docker-compose-standalone-zeek-live.yml` - identical to `docker-compose-standalone.yml`, only Filebeat is configured to monitor local live Zeek logs (ie., being actively written to on the same host running Malcolm)
 
 ### <a name="Build"></a>Building from source
 
@@ -864,23 +862,6 @@ output.logstash:
   ssl.verification_mode: "none"
 ```
 
-### <a name="LiveZeek"></a>Monitoring a local Zeek instance
-
-Another option for analyzing live network data is to run an external local copy of Zeek (ie., not within Malcolm) so that the log files it creates are seen by Malcolm and automatically processed as they are written to a local directory on the same host.
-
-To do this, you'll need to configure Malcolm's local Filebeat log forwarder so that it will continue to look for changes to Zeek logs that are actively being written to even once it reaches the end of the file. You can do this by replacing `docker-compose.yml` with `docker-compose-standalone-zeek-live.yml` before starting Malcolm:
-
-```
-$ mv -f ./docker-compose-standalone-zeek-live.yml ./docker-compose.yml
-```
-
-Alternatively, you can run the `start` script (and the other control scripts) like this, without modifying your original `docker-compose.yml` file:
-```
-$ ./scripts/start -f ./docker-compose-standalone-zeek-live.yml
-```
-
-Once Malcolm has been [started](#Starting), `cd` into `./zeek-logs/current/` and run `bro` from inside that directory.
-
 ## <a name="Moloch"></a>Moloch
 
 The Moloch interface will be accessible over HTTPS on port 443 at the docker hosts IP address (e.g., [https://localhost](https://localhost) if you are connecting locally).
diff --git a/docker-compose-standalone-zeek-live.yml b/docker-compose-standalone-zeek-live.yml
deleted file mode 100644
index 73ee1f26e..000000000
--- a/docker-compose-standalone-zeek-live.yml
+++ /dev/null
@@ -1,427 +0,0 @@
-# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
-
-version: '3.7'
-
-################################################################################
-# Commonly tweaked configuration options
-#-------------------------------------------------------------------------------
-x-auth-variables: &auth-variables
-  # authentication method: encrypted HTTP basic authentication ('true') vs LDAP ('false')
-  NGINX_BASIC_AUTH : 'true'
-  # NGINX LDAP (NGINX_BASIC_AUTH=false) can support LDAP, LDAPS, or LDAP+StartTLS.
-  #   For StartTLS, set NGINX_LDAP_TLS_STUNNEL=true to issue the StartTLS command
-  #   and use stunnel to tunnel the connection.
-  NGINX_LDAP_TLS_STUNNEL : 'false'
-  # When NGINX_LDAP_TLS_STUNNEL=true, which protocol to use when initiating the
-  # "extendedReq(1) LDAP_START_TLS_OID" command: winldap or openldap
-  NGINX_LDAP_TLS_STUNNEL_PROTOCOL : 'winldap'
-
-x-nginx-variables: &nginx-variables
-  # Whether or not to write nginx's access.log and error.log to Elasticsearch
-  NGINX_LOG_ACCESS_AND_ERRORS : 'false'
-
-x-moloch-variables: &moloch-variables
-  MANAGE_PCAP_FILES : 'false'
-  MOLOCH_ANALYZE_PCAP_THREADS : 1
-  MAXMIND_GEOIP_DB_LICENSE_KEY : '0'
-
-x-zeek-variables: &zeek-variables
-  ZEEK_AUTO_ANALYZE_PCAP_FILES : 'true'
-  ZEEK_AUTO_ANALYZE_PCAP_THREADS : 1
-  ZEEK_EXTRACTOR_MODE : 'none'
-  EXTRACTED_FILE_IGNORE_EXISTING : 'false'
-  EXTRACTED_FILE_PRESERVATION : 'quarantined'
-  EXTRACTED_FILE_MIN_BYTES : 64
-  EXTRACTED_FILE_MAX_BYTES : 134217728
-  VTOT_API2_KEY : '0'
-  VTOT_REQUESTS_PER_MINUTE : 4
-  EXTRACTED_FILE_ENABLE_CLAMAV : 'false'
-  EXTRACTED_FILE_ENABLE_FRESHCLAM : 'false'
-  EXTRACTED_FILE_PIPELINE_DEBUG : 'false'
-  EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA : 'false'
-
-x-logstash-variables: &logstash-variables
-  LOGSTASH_OUI_LOOKUP  : 'true'
-  LOGSTASH_REVERSE_DNS : 'false'
-  # ES_EXTERNAL_HOSTS : '10.0.0.123:9200'
-  # ES_EXTERNAL_SSL : 'true'
-  # ES_EXTERNAL_SSL_CERTIFICATE_VERIFICATION : 'false'
-  # For security, ES_EXTERNAL_USER and ES_EXTERNAL_PASSWORD should be stored in Logstash keystore using ./scripts/auth_setup
-  #   See also volume mount for logstash.keystore below.
-  # ES_EXTERNAL_USER : 'janedoe'
-  # ES_EXTERNAL_PASSWORD : 'secret'
-
-x-kibana-variables: &kibana-variables
-  KIBANA_OFFLINE_REGION_MAPS : 'true'
-
-x-curator-variables: &curator-variables
-  # get index dates from actual date index was created (creation_date) vs. extracted from index name (name)
-  CURATOR_TIME_SOURCE : 'name'
-  # for managing automatic closing of older Elasticsearch indices (to conserve memory)
-  CURATOR_CLOSE_UNITS : years
-  CURATOR_CLOSE_COUNT : 10
-  # for managing automatic deleting of older Elasticsearch indices (to reduce disk consumption)
-  CURATOR_DELETE_UNITS : years
-  CURATOR_DELETE_COUNT : 99
-  # for managing automatic deleting of Elasticsearch indices based on cumulative size (to reduce disk consumption)
-  CURATOR_DELETE_GIGS : 1000000
-  # for managing automatic snapshots of Elasticsearch indices
-  CURATOR_SNAPSHOT_DISABLED : 'True'
-  # name of Elasticsearch snapshot repository under path.repo
-  CURATOR_SNAPSHOT_REPO : 'logs'
-  # controls compression of Elasticsearch snapshots managed by the curator
-  CURATOR_SNAPSHOT_COMPRESSED : 'false'
-
-x-common-upload-variables: &common-upload-variables
-  AUTO_TAG : 'true'
-  PCAP_PIPELINE_DEBUG : 'false'
-  PCAP_PIPELINE_DEBUG_EXTRA : 'false'
-  PCAP_PIPELINE_IGNORE_PREEXISTING : 'false'
-  PCAP_MONITOR_HOST : 'pcap-monitor'
-
-x-common-lookup-variables: &common-lookup-variables
-  FREQ_LOOKUP : 'false'
-
-x-common-beats-variables: &common-beats-variables
-  BEATS_SSL : 'false'
-
-x-pcap-capture-variables: &pcap-capture-variables
-  PCAP_ENABLE_NETSNIFF : 'false'
-  PCAP_ENABLE_TCPDUMP : 'false'
-  PCAP_IFACE : 'eth0'
-  PCAP_ROTATE_MEGABYTES : 1024
-  PCAP_ROTATE_MINUTES : 10
-  PCAP_FILTER : ''
-################################################################################
-
-services:
-  elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.2
-    restart: "no"
-    hostname: elasticsearch
-    environment:
-      logger.level : 'WARN'
-      bootstrap.memory_lock : 'true'
-      ES_JAVA_OPTS : '-Xms4g -Xmx4g -Xss256k -Djava.security.egd=file:/dev/./urandom'
-      VIRTUAL_HOST : 'es.malcolm.local'
-      discovery.type : 'single-node'
-      # cluster.initial_master_nodes : 'elasticsearch'
-      cluster.routing.allocation.disk.threshold_enabled : 'false'
-      cluster.routing.allocation.node_initial_primaries_recoveries : 8
-      path.repo : '/opt/elasticsearch/backup'
-    expose:
-      - 9200
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-    cap_add:
-      - IPC_LOCK
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9200"]
-        interval: 30s
-        timeout: 15s
-        retries: 3
-        start_period: 180s
-    volumes:
-      - ./elasticsearch:/usr/share/elasticsearch/data:delegated
-      - ./elasticsearch-backup:/opt/elasticsearch/backup:delegated
-  kibana:
-    image: malcolmnetsec/kibana-oss:2.0.0
-    restart: "no"
-    hostname: kibana
-    environment:
-      << : *kibana-variables
-      ELASTICSEARCH_URL : 'http://elasticsearch:9200'
-      VIRTUAL_HOST : 'kibana.malcolm.local'
-      CREATE_ES_MOLOCH_SESSION_INDEX : 'true'
-      MOLOCH_INDEX_PATTERN : 'sessions2-*'
-      MOLOCH_INDEX_PATTERN_ID : 'sessions2-*'
-      MOLOCH_INDEX_TIME_FIELD : 'firstPacket'
-    depends_on:
-      - elasticsearch
-    expose:
-      - 5601
-      - 28991
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:5601/kibana/api/status"]
-        interval: 30s
-        timeout: 15s
-        retries: 3
-        start_period: 200s
-  elastalert:
-    image: malcolmnetsec/elastalert:2.0.0
-    restart: "no"
-    hostname: elastalert
-    environment:
-      ELASTICSEARCH_URL : 'http://elasticsearch:9200'
-      ES_HOST : 'elasticsearch'
-      ES_PORT : 9200
-      VIRTUAL_HOST : 'elastalert.malcolm.local'
-    depends_on:
-      - elasticsearch
-    expose:
-      - 3030
-      - 3333
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:3030"]
-        interval: 30s
-        timeout: 15s
-        retries: 3
-        start_period: 200s
-    volumes:
-      - ./elastalert/config/elastalert.yaml:/opt/elastalert/config.yaml
-      - ./elastalert/config/smtp-auth.yaml:/opt/elastalert/smtp-auth.yaml:ro
-      - ./elastalert/config/config.json:/opt/elastalert-server/config/config.json
-      - ./elastalert/rules/:/opt/elastalert/rules/
-  curator:
-    image: malcolmnetsec/curator:2.0.0
-    restart: "no"
-    hostname: curator
-    environment:
-      << : *curator-variables
-      ES_HOST : 'elasticsearch'
-      ES_PORT : 9200
-    depends_on:
-      - elasticsearch
-  logstash:
-    image: malcolmnetsec/logstash-oss:2.0.0
-    restart: "no"
-    hostname: logstash
-    environment:
-      << : *logstash-variables
-      << : *common-beats-variables
-      << : *common-lookup-variables
-      ES_HOSTS : 'elasticsearch:9200'
-      LS_JAVA_OPTS : '-Xms2g -Xmx2g -Djava.security.egd=file:/dev/./urandom'
-    depends_on:
-      - elasticsearch
-    expose:
-      - 5044
-      - 9001
-      - 9600
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9600"]
-        interval: 30s
-        timeout: 15s
-        retries: 3
-        start_period: 600s
-    volumes:
-      # - ./logstash/certs/logstash.keystore:/usr/share/logstash/config/logstash.keystore:ro
-      - ./logstash/certs/ca.crt:/certs/ca.crt:ro
-      - ./logstash/certs/server.crt:/certs/server.crt:ro
-      - ./logstash/certs/server.key:/certs/server.key:ro
-      - ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
-      - ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
-      - ./net-map.json:/usr/share/logstash/config/net-map.json:ro
-  filebeat:
-    image: malcolmnetsec/filebeat-oss:2.0.0
-    restart: "no"
-    hostname: filebeat
-    environment:
-      << : *nginx-variables
-      << : *common-upload-variables
-      << : *common-beats-variables
-      FILEBEAT_LOG_PATH : '/data/zeek/current'
-      FILEBEAT_NGINX_LOG_PATH : '/data/nginx'
-      FILEBEAT_LOG_CLEANUP_MINUTES : 180
-      FILEBEAT_ZIP_CLEANUP_MINUTES : 360
-      FILEBEAT_SCAN_FREQUENCY : '10s'
-      FILEBEAT_CLEAN_INACTIVE : '180m'
-      FILEBEAT_IGNORE_OLDER : '120m'
-      FILEBEAT_CLOSE_INACTIVE : '90m'
-      FILEBEAT_CLOSE_RENAMED : 'false'
-      FILEBEAT_CLOSE_REMOVED : 'true'
-      FILEBEAT_CLOSE_EOF : 'false'
-      FILEBEAT_CLEAN_REMOVED : 'true'
-    depends_on:
-      - logstash
-    volumes:
-      - nginx-log-path:/data/nginx:ro
-      - ./zeek-logs:/data/zeek
-      - ./filebeat/certs/ca.crt:/certs/ca.crt:ro
-      - ./filebeat/certs/client.crt:/certs/client.crt:ro
-      - ./filebeat/certs/client.key:/certs/client.key:ro
-  moloch:
-    image: malcolmnetsec/moloch:2.0.0
-    restart: "no"
-    hostname: moloch
-    env_file:
-      - ./auth.env
-    environment:
-      << : *common-upload-variables
-      << : *moloch-variables
-      MOLOCH_VERSION : '2.2.3'
-      VIRTUAL_HOST : 'moloch.malcolm.local'
-      ES_HOST : 'elasticsearch'
-      ES_PORT : 9200
-      ES_MAX_SHARDS_PER_NODE : 2500
-      VIEWER : 'on'
-      WISE : 'on'
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-    depends_on:
-      - elasticsearch
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8005/_ns_/nstest.html"]
-        interval: 90s
-        timeout: 30s
-        retries: 3
-        start_period: 180s
-    expose:
-      - 8000
-      - 8005
-      - 8081
-    volumes:
-      - ./pcap:/data/pcap
-      - ./moloch-logs:/data/moloch/logs
-      - ./moloch-raw:/data/moloch/raw
-  zeek:
-    image: malcolmnetsec/zeek:2.0.0
-    restart: "no"
-    hostname: zeek
-    environment:
-      << : *common-upload-variables
-      << : *zeek-variables
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-    depends_on:
-      - elasticsearch
-    volumes:
-      - ./pcap:/pcap
-      - ./zeek-logs/upload:/zeek/upload
-      - ./zeek-logs/extract_files:/zeek/extract_files
-  file-monitor:
-    image: malcolmnetsec/file-monitor:2.0.0
-    restart: "no"
-    hostname: filemon
-    environment:
-      << : *zeek-variables
-    expose:
-      - 3310
-    volumes:
-      - ./zeek-logs/extract_files:/data/zeek/extract_files
-      - ./zeek-logs/current:/data/zeek/logs
-  pcap-capture:
-    image: malcolmnetsec/pcap-capture:2.0.0
-    restart: "no"
-    network_mode: host
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-    cap_add:
-      - IPC_LOCK
-      - NET_ADMIN
-      - NET_RAW
-      - SYS_ADMIN
-    environment:
-      << : *pcap-capture-variables
-    volumes:
-      - ./pcap/upload:/pcap
-  pcap-monitor:
-    image: malcolmnetsec/pcap-monitor:2.0.0
-    restart: "no"
-    hostname: pcapmon
-    environment:
-      << : *common-upload-variables
-      ELASTICSEARCH_URL : 'http://elasticsearch:9200'
-    depends_on:
-      - elasticsearch
-    expose:
-      - 30441
-    volumes:
-      - ./zeek-logs:/zeek
-      - ./pcap:/pcap
-  upload:
-    image: malcolmnetsec/file-upload:2.0.0
-    restart: "no"
-    hostname: upload
-    env_file:
-      - ./auth.env
-    environment:
-      SITE_NAME : 'Capture File and Log Archive Upload'
-      VIRTUAL_HOST : 'upload.malcolm.local'
-    depends_on:
-      - moloch
-    expose:
-      - 80
-    ports:
-      - 127.0.0.1:8022:22
-    volumes:
-      - ./pcap/upload:/var/www/upload/server/php/chroot/files
-  htadmin:
-    image: malcolmnetsec/htadmin:2.0.0
-    restart: "no"
-    hostname: htadmin
-    environment:
-      << : *auth-variables
-      VIRTUAL_HOST : 'htadmin.malcolm.local'
-    expose:
-      - 80
-    volumes:
-      - ./htadmin/config.ini:/var/www/htadmin/config/config.ini:rw
-      - ./htadmin/metadata:/var/www/htadmin/config/metadata:rw
-      - ./nginx/htpasswd:/var/www/htadmin/config/htpasswd:rw
-  freq:
-    image: malcolmnetsec/freq:2.0.0
-    restart: "no"
-    hostname: freq
-    environment:
-      << : *common-lookup-variables
-      VIRTUAL_HOST : 'freq.malcolm.local'
-    expose:
-      - 10004
-  name-map-ui:
-    image: malcolmnetsec/name-map-ui:2.0.0
-    restart: "no"
-    hostname: name-map-ui
-    environment:
-      VIRTUAL_HOST : 'name-map-ui.malcolm.local'
-    expose:
-      - 8080
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8080/fpm-ping"]
-        interval: 60s
-        timeout: 15s
-        retries: 3
-        start_period: 90s
-    volumes:
-      - ./cidr-map.txt:/var/www/html/maps/cidr-map.txt:ro
-      - ./host-map.txt:/var/www/html/maps/host-map.txt:ro
-      - ./net-map.json:/var/www/html/maps/net-map.json:rw
-  nginx-proxy:
-    image: malcolmnetsec/nginx-proxy:2.0.0
-    restart: "no"
-    hostname: nginx-proxy
-    environment:
-      << : *auth-variables
-      << : *nginx-variables
-    depends_on:
-      - moloch
-      - kibana
-      - upload
-      - htadmin
-      - name-map-ui
-    ports:
-      - "443:443"
-      - "488:488"
-      - "3030:3030"
-      - "5601:5601"
-      - "8443:8443"
-      - "9200:9200"
-      - "9600:9600"
-    volumes:
-      - nginx-log-path:/var/log/nginx:rw
-      - ./nginx/nginx_ldap.conf:/etc/nginx/nginx_ldap.conf:ro
-      - ./nginx/htpasswd:/etc/nginx/.htpasswd:ro
-      - ./nginx/certs:/etc/nginx/certs:ro
-      - ./nginx/certs/dhparam.pem:/etc/nginx/dhparam/dhparam.pem:ro
-
-# shared named volume so filebeat can access nginx access logs
-volumes:
-  nginx-log-path:
diff --git a/malcolm-iso/build.sh b/malcolm-iso/build.sh
index f19f78883..479f89a09 100755
--- a/malcolm-iso/build.sh
+++ b/malcolm-iso/build.sh
@@ -116,7 +116,6 @@ if [ -d "$WORKDIR" ]; then
   YML_IMAGE_VERSION="$(grep -P "^\s+image:\s*malcolm" ./docker-compose-standalone.yml | awk '{print $2}' | cut -d':' -f2 | uniq -c | sort -nr | awk '{print $2}' | head -n 1)"
   [[ -n $YML_IMAGE_VERSION ]] && IMAGE_VERSION="$YML_IMAGE_VERSION"
   cp ./docker-compose-standalone.yml "$MALCOLM_DEST_DIR/docker-compose.yml"
-  cp ./docker-compose-standalone-zeek-live.yml "$MALCOLM_DEST_DIR/docker-compose-zeek-live.yml"
   cp ./cidr-map.txt "$MALCOLM_DEST_DIR/"
   cp ./host-map.txt "$MALCOLM_DEST_DIR/"
   cp ./net-map.json "$MALCOLM_DEST_DIR/"
diff --git a/scripts/malcolm_appliance_packager.sh b/scripts/malcolm_appliance_packager.sh
index 9be66ee87..a9a37868a 100755
--- a/scripts/malcolm_appliance_packager.sh
+++ b/scripts/malcolm_appliance_packager.sh
@@ -80,7 +80,6 @@ if mkdir "$DESTDIR"; then
   mkdir $VERBOSE -p "$DESTDIR/zeek-logs/extract_files/"
   mkdir $VERBOSE -p "$DESTDIR/scripts/"
   cp $VERBOSE ./docker-compose-standalone.yml "$DESTDIR/docker-compose.yml"
-  cp $VERBOSE ./docker-compose-standalone-zeek-live.yml "$DESTDIR/docker-compose-zeek-live.yml"
   cp $VERBOSE ./auth.env "$DESTDIR/"
   cp $VERBOSE ./cidr-map.txt "$DESTDIR/"
   cp $VERBOSE ./host-map.txt "$DESTDIR/"

From 626ee7fe1db3b75a7636a410f50d0e684f0ea924 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 8 Apr 2020 08:36:30 -0600
Subject: [PATCH 182/183] ensure all services have a health check

---
 docker-compose-standalone.yml | 130 +++++++++++++++++++++++++---------
 docker-compose.yml            | 130 +++++++++++++++++++++++++---------
 2 files changed, 190 insertions(+), 70 deletions(-)

diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
index 38a280567..924ce3cb9 100644
--- a/docker-compose-standalone.yml
+++ b/docker-compose-standalone.yml
@@ -117,15 +117,15 @@ services:
         hard: -1
     cap_add:
       - IPC_LOCK
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9200"]
-        interval: 30s
-        timeout: 15s
-        retries: 3
-        start_period: 180s
     volumes:
       - ./elasticsearch:/usr/share/elasticsearch/data:delegated
       - ./elasticsearch-backup:/opt/elasticsearch/backup:delegated
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9200"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 180s
   kibana:
     image: malcolmnetsec/kibana-oss:2.0.0
     restart: "no"
@@ -144,11 +144,11 @@ services:
       - 5601
       - 28991
     healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:5601/kibana/api/status"]
-        interval: 30s
-        timeout: 15s
-        retries: 3
-        start_period: 200s
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:5601/kibana/api/status"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 210s
   elastalert:
     image: malcolmnetsec/elastalert:2.0.0
     restart: "no"
@@ -163,17 +163,17 @@ services:
     expose:
       - 3030
       - 3333
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:3030"]
-        interval: 30s
-        timeout: 15s
-        retries: 3
-        start_period: 200s
     volumes:
       - ./elastalert/config/elastalert.yaml:/opt/elastalert/config.yaml
       - ./elastalert/config/smtp-auth.yaml:/opt/elastalert/smtp-auth.yaml:ro
       - ./elastalert/config/config.json:/opt/elastalert-server/config/config.json
       - ./elastalert/rules/:/opt/elastalert/rules/
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:3030"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 210s
   curator:
     image: malcolmnetsec/curator:2.0.0
     restart: "no"
@@ -184,6 +184,12 @@ services:
       ES_PORT : 9200
     depends_on:
       - elasticsearch
+    healthcheck:
+      test: ["CMD", "pidof", "cron"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 30s
   logstash:
     image: malcolmnetsec/logstash-oss:2.0.0
     restart: "no"
@@ -200,12 +206,6 @@ services:
       - 5044
       - 9001
       - 9600
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9600"]
-        interval: 30s
-        timeout: 15s
-        retries: 3
-        start_period: 600s
     volumes:
       # - ./logstash/certs/logstash.keystore:/usr/share/logstash/config/logstash.keystore:ro
       - ./logstash/certs/ca.crt:/certs/ca.crt:ro
@@ -214,6 +214,12 @@ services:
       - ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
       - ./net-map.json:/usr/share/logstash/config/net-map.json:ro
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9600"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 600s
   filebeat:
     image: malcolmnetsec/filebeat-oss:2.0.0
     restart: "no"
@@ -242,6 +248,12 @@ services:
       - ./filebeat/certs/ca.crt:/certs/ca.crt:ro
       - ./filebeat/certs/client.crt:/certs/client.crt:ro
       - ./filebeat/certs/client.key:/certs/client.key:ro
+    healthcheck:
+      test: ["CMD", "supervisorctl", "status", "filebeat"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   moloch:
     image: malcolmnetsec/moloch:2.0.0
     restart: "no"
@@ -264,12 +276,6 @@ services:
         hard: -1
     depends_on:
       - elasticsearch
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8005/_ns_/nstest.html"]
-        interval: 90s
-        timeout: 30s
-        retries: 3
-        start_period: 180s
     expose:
       - 8000
       - 8005
@@ -278,6 +284,12 @@ services:
       - ./pcap:/data/pcap
       - ./moloch-logs:/data/moloch/logs
       - ./moloch-raw:/data/moloch/raw
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8005/_ns_/nstest.html"]
+      interval: 90s
+      timeout: 30s
+      retries: 3
+      start_period: 210s
   zeek:
     image: malcolmnetsec/zeek:2.0.0
     restart: "no"
@@ -295,6 +307,12 @@ services:
       - ./pcap:/pcap
       - ./zeek-logs/upload:/zeek/upload
       - ./zeek-logs/extract_files:/zeek/extract_files
+    healthcheck:
+      test: ["CMD", "supervisorctl", "status", "pcap-zeek"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   file-monitor:
     image: malcolmnetsec/file-monitor:2.0.0
     restart: "no"
@@ -306,6 +324,12 @@ services:
     volumes:
       - ./zeek-logs/extract_files:/data/zeek/extract_files
       - ./zeek-logs/current:/data/zeek/logs
+    healthcheck:
+      test: ["CMD", "supervisorctl", "status", "watcher", "scanner", "logger"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   pcap-capture:
     image: malcolmnetsec/pcap-capture:2.0.0
     restart: "no"
@@ -323,6 +347,12 @@ services:
       << : *pcap-capture-variables
     volumes:
       - ./pcap/upload:/pcap
+    healthcheck:
+      test: ["CMD", "supervisorctl", "status"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   pcap-monitor:
     image: malcolmnetsec/pcap-monitor:2.0.0
     restart: "no"
@@ -337,6 +367,12 @@ services:
     volumes:
       - ./zeek-logs:/zeek
       - ./pcap:/pcap
+    healthcheck:
+      test: ["CMD", "supervisorctl", "status", "watch-upload", "pcap-publisher"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 90s
   upload:
     image: malcolmnetsec/file-upload:2.0.0
     restart: "no"
@@ -354,6 +390,12 @@ services:
       - 127.0.0.1:8022:22
     volumes:
       - ./pcap/upload:/var/www/upload/server/php/chroot/files
+    healthcheck:
+      test: ["CMD", "wget", "-qO-", "http://localhost"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   htadmin:
     image: malcolmnetsec/htadmin:2.0.0
     restart: "no"
@@ -367,6 +409,12 @@ services:
       - ./htadmin/config.ini:/var/www/htadmin/config/config.ini:rw
       - ./htadmin/metadata:/var/www/htadmin/config/metadata:rw
       - ./nginx/htpasswd:/var/www/htadmin/config/htpasswd:rw
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   freq:
     image: malcolmnetsec/freq:2.0.0
     restart: "no"
@@ -376,6 +424,12 @@ services:
       VIRTUAL_HOST : 'freq.malcolm.local'
     expose:
       - 10004
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:10004"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   name-map-ui:
     image: malcolmnetsec/name-map-ui:2.0.0
     restart: "no"
@@ -384,16 +438,16 @@ services:
       VIRTUAL_HOST : 'name-map-ui.malcolm.local'
     expose:
       - 8080
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8080/fpm-ping"]
-        interval: 60s
-        timeout: 15s
-        retries: 3
-        start_period: 90s
     volumes:
       - ./cidr-map.txt:/var/www/html/maps/cidr-map.txt:ro
       - ./host-map.txt:/var/www/html/maps/host-map.txt:ro
       - ./net-map.json:/var/www/html/maps/net-map.json:rw
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8080/fpm-ping"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   nginx-proxy:
     image: malcolmnetsec/nginx-proxy:2.0.0
     restart: "no"
@@ -421,6 +475,12 @@ services:
       - ./nginx/htpasswd:/etc/nginx/.htpasswd:ro
       - ./nginx/certs:/etc/nginx/certs:ro
       - ./nginx/certs/dhparam.pem:/etc/nginx/dhparam/dhparam.pem:ro
+    healthcheck:
+      test: ["CMD", "curl", "--insecure", "--silent", "https://localhost:443"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 120s
 
 # shared named volume so filebeat can access nginx access logs
 volumes:
diff --git a/docker-compose.yml b/docker-compose.yml
index c1d7f376b..2350af786 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -117,15 +117,15 @@ services:
         hard: -1
     cap_add:
       - IPC_LOCK
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9200"]
-        interval: 30s
-        timeout: 15s
-        retries: 3
-        start_period: 180s
     volumes:
       - ./elasticsearch:/usr/share/elasticsearch/data:delegated
       - ./elasticsearch-backup:/opt/elasticsearch/backup:delegated
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9200"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 180s
   kibana:
     build:
       context: .
@@ -147,11 +147,11 @@ services:
       - 5601
       - 28991
     healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:5601/kibana/api/status"]
-        interval: 30s
-        timeout: 15s
-        retries: 3
-        start_period: 200s
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:5601/kibana/api/status"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 210s
   elastalert:
     build:
       context: .
@@ -169,17 +169,17 @@ services:
     expose:
       - 3030
       - 3333
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:3030"]
-        interval: 30s
-        timeout: 15s
-        retries: 3
-        start_period: 200s
     volumes:
       - ./elastalert/config/elastalert.yaml:/opt/elastalert/config.yaml
       - ./elastalert/config/smtp-auth.yaml:/opt/elastalert/smtp-auth.yaml:ro
       - ./elastalert/config/config.json:/opt/elastalert-server/config/config.json
       - ./elastalert/rules/:/opt/elastalert/rules/
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:3030"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 210s
   curator:
     build:
       context: .
@@ -195,6 +195,12 @@ services:
       - elasticsearch
     volumes:
       - ./curator/config/action_file.yml:/config/action_file.yml
+    healthcheck:
+      test: ["CMD", "pidof", "cron"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 30s
   logstash:
     build:
       context: .
@@ -214,12 +220,6 @@ services:
       - 5044
       - 9001
       - 9600
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9600"]
-        interval: 30s
-        timeout: 15s
-        retries: 3
-        start_period: 600s
     volumes:
       - ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro
       - ./logstash/pipelines:/usr/share/logstash/malcolm-pipelines.available:ro
@@ -230,6 +230,12 @@ services:
       - ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
       - ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
       - ./net-map.json:/usr/share/logstash/config/net-map.json:ro
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:9600"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 600s
   filebeat:
     build:
       context: .
@@ -262,6 +268,12 @@ services:
       - ./filebeat/certs/client.crt:/certs/client.crt:ro
       - ./filebeat/certs/client.key:/certs/client.key:ro
       - ./filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
+    healthcheck:
+      test: ["CMD", "supervisorctl", "status", "filebeat"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   moloch:
     build:
       context: .
@@ -287,12 +299,6 @@ services:
         hard: -1
     depends_on:
       - elasticsearch
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8005/_ns_/nstest.html"]
-        interval: 90s
-        timeout: 30s
-        retries: 3
-        start_period: 180s
     expose:
       - 8000
       - 8005
@@ -304,6 +310,12 @@ services:
       - ./moloch/etc/config.ini:/data/moloch/etc/config.ini:ro
       - ./moloch/etc/user_settings.json:/data/moloch/etc/user_settings.json:ro
       - ./moloch/wise/source.zeeklogs.js:/data/moloch/wiseService/source.zeeklogs.js:ro
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8005/_ns_/nstest.html"]
+      interval: 90s
+      timeout: 30s
+      retries: 3
+      start_period: 210s
   zeek:
     build:
       context: .
@@ -325,6 +337,12 @@ services:
       - ./zeek-logs/upload:/zeek/upload
       - ./zeek-logs/extract_files:/zeek/extract_files
       - ./zeek/config/local.zeek:/opt/zeek/share/zeek/site/local.zeek:ro
+    healthcheck:
+      test: ["CMD", "supervisorctl", "status", "pcap-zeek"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   file-monitor:
     build:
       context: .
@@ -339,6 +357,12 @@ services:
     volumes:
       - ./zeek-logs/extract_files:/data/zeek/extract_files
       - ./zeek-logs/current:/data/zeek/logs
+    healthcheck:
+      test: ["CMD", "supervisorctl", "status", "watcher", "scanner", "logger"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   pcap-capture:
     build:
       context: .
@@ -359,6 +383,12 @@ services:
       << : *pcap-capture-variables
     volumes:
       - ./pcap/upload:/pcap
+    healthcheck:
+      test: ["CMD", "supervisorctl", "status"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   pcap-monitor:
     build:
       context: .
@@ -376,6 +406,12 @@ services:
     volumes:
       - ./zeek-logs:/zeek
       - ./pcap:/pcap
+    healthcheck:
+      test: ["CMD", "supervisorctl", "status", "watch-upload", "pcap-publisher"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 90s
   upload:
     build:
       context: .
@@ -396,6 +432,12 @@ services:
       - 127.0.0.1:8022:22
     volumes:
       - ./pcap/upload:/var/www/upload/server/php/chroot/files
+    healthcheck:
+      test: ["CMD", "wget", "-qO-", "http://localhost"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   htadmin:
     image: malcolmnetsec/htadmin:2.0.0
     build:
@@ -412,6 +454,12 @@ services:
       - ./htadmin/config.ini:/var/www/htadmin/config/config.ini:rw
       - ./htadmin/metadata:/var/www/htadmin/config/metadata:rw
       - ./nginx/htpasswd:/var/www/htadmin/config/htpasswd:rw
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   freq:
     image: malcolmnetsec/freq:2.0.0
     build:
@@ -424,6 +472,12 @@ services:
       VIRTUAL_HOST : 'freq.malcolm.local'
     expose:
       - 10004
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:10004"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   name-map-ui:
     image: malcolmnetsec/name-map-ui:2.0.0
     build:
@@ -435,16 +489,16 @@ services:
       VIRTUAL_HOST : 'name-map-ui.malcolm.local'
     expose:
       - 8080
-    healthcheck:
-        test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8080/fpm-ping"]
-        interval: 60s
-        timeout: 15s
-        retries: 3
-        start_period: 90s
     volumes:
       - ./cidr-map.txt:/var/www/html/maps/cidr-map.txt:ro
       - ./host-map.txt:/var/www/html/maps/host-map.txt:ro
       - ./net-map.json:/var/www/html/maps/net-map.json:rw
+    healthcheck:
+      test: ["CMD", "curl", "--silent", "--fail", "http://localhost:8080/fpm-ping"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 60s
   nginx-proxy:
     build:
       context: .
@@ -476,6 +530,12 @@ services:
       - ./nginx/htpasswd:/etc/nginx/.htpasswd:ro
       - ./nginx/certs:/etc/nginx/certs:ro
       - ./nginx/certs/dhparam.pem:/etc/nginx/dhparam/dhparam.pem:ro
+    healthcheck:
+      test: ["CMD", "curl", "--insecure", "--silent", "https://localhost:443"]
+      interval: 30s
+      timeout: 15s
+      retries: 3
+      start_period: 120s
 
 # shared named volume so filebeat can access nginx access logs
 volumes:

From ee73ae998d4f62fc5386352ed9d1d0490dab7307 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Wed, 8 Apr 2020 08:57:06 -0600
Subject: [PATCH 183/183] reduce verbosity of health checks in logs

---
 scripts/control.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/control.py b/scripts/control.py
index f6ec0df0d..d52eb7ce1 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -49,7 +49,7 @@ def logs():
   global dockerBin
   global dockerComposeBin
 
-  # noisy logs
+  # noisy logs (a lot of it is NGINX logs from health checks)
   ignoreRegEx = re.compile(r"""
     .+(
         deprecated
@@ -71,6 +71,7 @@ def logs():
       | POST\s+HTTP/[\d\.].+\b200\b
       | POST\s+/server/php/\s+HTTP/\d+\.\d+"\s+\d+\s+\d+.*:8443/
       | curl.+localhost.+GET\s+/api/status\s+200
+      | \b1.+GET\s+/\s+.+401.+curl
     )
   """, re.VERBOSE | re.IGNORECASE)