ReportCommands/RiskManagement.ps1
|
#requires -Version 5.1 function Script:Write-RiskManagementSyntaxHelp { Write-Host @" Risk Management Report Command Syntax Description: This command provides risk management reports from Keeper's RMD (Risk Management Dashboard) APIs. Actions (-Action): enterprise-stat Enterprise-wide login and record stats (default) enterprise-stat-details Per-user login and record details security-alerts-summary Security alerts summary with 30-day trends security-alerts-detail Detailed per-user breakdown for a specific alert event security-benchmarks-get Get security benchmark statuses security-benchmarks-set Set security benchmark statuses Options: -Action <action> Action to perform (default: enterprise-stat) -AuditEventType <name> Audit event type name or numeric ID (for security-alerts-detail) -BenchmarkFields <list> Benchmark fields to set as 'NAME:STATUS' pairs (for security-benchmarks-set) -Format <format> Output format: table (default), json, csv -Output <path> Write report to file -SyntaxHelp Display this help text Audit Event Types (-AuditEventType): Accepts an event name or numeric ID. Use 'security-alerts-summary' to see available types. Docs: https://docs.keeper.io/en/enterprise-guide/event-reporting Benchmark Fields (-BenchmarkFields): Format: NAME:STATUS. Use 'security-benchmarks-get' to see current values. Valid benchmark names: SB_DEPLOY_ACROSS_ENTIRE_ORGANIZATION SB_ENFORCE_STRONG_MASTER_PASSWORD SB_PREVENT_INSTALLATION_OF_UNTRUSTED_EXTENSIONS SB_ENSURE_TWO_FACTOR_AUTHENTICATION_FOR_END_USERS SB_ENABLE_ACCOUNT_TRANSFER_POLICY SB_CONFIGURE_IP_ALLOWLISTING SB_REDUCE_ADMINISTRATOR_PRIVILEGE SB_CREATE_ALERTS SB_ENSURE_OUTSIDE_SSO_ADMINISTRATOR_EXISTS SB_DISABLE_BROWSER_PASSWORD_MANAGERS SB_LOCK_DOWN_SSO_PROVIDER SB_DISABLE_ACCOUNT_RECOVERY SB_CREATE_AT_LEAST_TWO_KEEPER_ADMINISTRATORS SB_ENFORCE_LEAST_PRIVILEGE_POLICY SB_ENSURE_TWO_FACTOR_AUTHENTICATION_ADMIN_USERS Valid statuses: RESOLVED, IGNORED, UNRESOLVED Examples: Get-KeeperRiskManagementReport Enterprise-wide login/record stats Get-KeeperRiskManagementReport -Action enterprise-stat-details Per-user login details Get-KeeperRiskManagementReport -Action security-alerts-summary Security alerts summary with trends Get-KeeperRiskManagementReport -Action security-alerts-detail -AuditEventType "bw_record_high_risk" Details for a specific alert type by name Get-KeeperRiskManagementReport -Action security-alerts-detail -AuditEventType 1001 Details for a specific alert type by numeric ID Get-KeeperRiskManagementReport -Action security-benchmarks-get Security benchmark statuses Get-KeeperRiskManagementReport -Action security-benchmarks-set -BenchmarkFields "SB_ENFORCE_STRONG_MASTER_PASSWORD:RESOLVED" Set a benchmark status "@ } function Script:Write-RiskManagementOutput { param( [Parameter(Mandatory = $true)] [AllowEmptyCollection()] [object[]] $Rows, [Parameter(Mandatory = $true)] [ValidateSet('table', 'json', 'csv')] [string] $Format, [Parameter()] [string] $Output, [Parameter()] [string] $Title ) if ($null -eq $Rows -or $Rows.Count -eq 0) { if ($Title) { Write-Host "" Write-Host $Title } Write-Host "No results." return } switch ($Format) { 'json' { $jsonText = $Rows | ConvertTo-Json -Depth 5 if ($Output) { Set-Content -Path $Output -Value $jsonText -Encoding utf8 Write-Host "Output written to $Output" return } return $jsonText } 'csv' { $csvText = ($Rows | ConvertTo-Csv -NoTypeInformation) if ($Output) { Set-Content -Path $Output -Value $csvText -Encoding utf8 Write-Host "Output written to $Output" return } return $csvText } default { if ($Output) { $tableText = @($Rows | Format-Table -Property * -AutoSize | Out-String -Width 8192) $content = @() if ($Title) { $content += $Title; $content += '' } $content += $tableText Set-Content -Path $Output -Value $content -Encoding utf8 Write-Host "Output written to $Output" return } if ($Title) { Write-Host "" Write-Host $Title } $Rows | Format-Table -Property * -AutoSize | Out-String -Width 8192 } } } $Script:ArrowUp = [char]0x2191 # ↑ $Script:ArrowDown = [char]0x2193 # ↓ $Script:ArrowUpRight = [char]0x2197 # ↗ $Script:ArrowDownRight = [char]0x2198 # ↘ $Script:ValidBenchmarkNames = @( 'SB_DEPLOY_ACROSS_ENTIRE_ORGANIZATION', 'SB_PREVENT_INSTALLATION_OF_UNTRUSTED_EXTENSIONS', 'SB_ENABLE_ACCOUNT_TRANSFER_POLICY', 'SB_REDUCE_ADMINISTRATOR_PRIVILEGE', 'SB_ENSURE_OUTSIDE_SSO_ADMINISTRATOR_EXISTS', 'SB_LOCK_DOWN_SSO_PROVIDER', 'SB_CREATE_AT_LEAST_TWO_KEEPER_ADMINISTRATORS', 'SB_ENSURE_TWO_FACTOR_AUTHENTICATION_ADMIN_USERS', 'SB_ENFORCE_STRONG_MASTER_PASSWORD', 'SB_ENSURE_TWO_FACTOR_AUTHENTICATION_FOR_END_USERS', 'SB_CONFIGURE_IP_ALLOWLISTING', 'SB_CREATE_ALERTS', 'SB_DISABLE_BROWSER_PASSWORD_MANAGERS', 'SB_DISABLE_ACCOUNT_RECOVERY', 'SB_ENFORCE_LEAST_PRIVILEGE_POLICY' ) $Script:ValidBenchmarkStatuses = @('RESOLVED', 'IGNORED', 'UNRESOLVED') function Script:Get-TrendIndicator { param( [int] $Current, [int] $Previous ) if ($Current -ne $Previous) { if ($Previous -gt 0 -and $Current -gt 0) { $rate = ($Current - $Previous) / $Previous if ($rate -gt 0) { return "[ $ArrowUpRight ]" } else { return "[ $ArrowDownRight ]" } } elseif ($Previous -gt 0) { return "[ $ArrowUp]" } else { return "[$ArrowDown ]" } } return '[ - ]' } function Get-KeeperRiskManagementReport { <# .SYNOPSIS Generate risk management reports from Keeper's RMD APIs. .DESCRIPTION This command provides risk management reports from Keeper's Risk Management Dashboard. Alias: risk-report .PARAMETER Action Action to perform: enterprise-stat Enterprise-wide login and record stats (default) enterprise-stat-details Per-user login and record details security-alerts-summary Security alerts summary with 30-day trends security-alerts-detail Per-user breakdown for a specific alert event security-benchmarks-get Get security benchmark statuses security-benchmarks-set Set security benchmark statuses .PARAMETER AuditEventType Audit event type name (e.g. "bw_record_high_risk") or numeric ID. Required for security-alerts-detail. Use 'security-alerts-summary' to see available types. .PARAMETER BenchmarkFields Benchmark fields to set as 'NAME:STATUS' pairs. Required for security-benchmarks-set. Use 'security-benchmarks-get' to see current values. Statuses: RESOLVED, IGNORED, UNRESOLVED. .PARAMETER Format Output format: table (default), json, csv. .PARAMETER Output File path to write the report output to. .PARAMETER SyntaxHelp Display detailed syntax help. .EXAMPLE Get-KeeperRiskManagementReport Enterprise-wide login/record stats. .EXAMPLE Get-KeeperRiskManagementReport -Action enterprise-stat-details Per-user login details. .EXAMPLE Get-KeeperRiskManagementReport -Action security-alerts-summary Security alerts summary with 30-day trends. .EXAMPLE Get-KeeperRiskManagementReport -Action security-alerts-detail -AuditEventType "bw_record_high_risk" Details for a specific alert type. .EXAMPLE Get-KeeperRiskManagementReport -Action security-benchmarks-get Security benchmark statuses. #> [CmdletBinding()] param( [Parameter(Position = 0)] [ValidateSet('enterprise-stat', 'enterprise-stat-details', 'security-alerts-summary', 'security-alerts-detail', 'security-benchmarks-get', 'security-benchmarks-set')] [string] $Action = 'enterprise-stat', [Parameter()] [string] $AuditEventType, [Parameter()] [string[]] $BenchmarkFields, [Parameter()] [ValidateSet('table', 'json', 'csv')] [string] $Format = 'table', [Parameter()] [string] $Output, [Parameter()] [switch] $SyntaxHelp ) if ($SyntaxHelp) { Write-RiskManagementSyntaxHelp return } try { [Enterprise]$enterprise = getEnterprise } catch { Write-Error "Failed to load enterprise context: $($_.Exception.Message)" -ErrorAction Stop } if ($null -eq $enterprise.enterpriseData) { Write-Warning "Enterprise data is not available." return } $auth = $enterprise.loader.Auth if ($AuditEventType -and $Action -ne 'security-alerts-detail') { Write-Warning "-AuditEventType is only used with 'security-alerts-detail'. Ignoring." } if ($BenchmarkFields -and $Action -ne 'security-benchmarks-set') { Write-Warning "-BenchmarkFields is only used with 'security-benchmarks-set'. Ignoring." } switch ($Action) { 'enterprise-stat' { Write-Verbose "Calling rmd/get_enterprise_stat..." $result = [KeeperSecurity.Enterprise.RiskManagementExtensions]::GetRiskManagementEnterpriseStat( $auth ).GetAwaiter().GetResult() $rows = @( [PSCustomObject]@{ Metric = 'Logged In (Recent)'; Value = $result.UsersLoggedRecent } [PSCustomObject]@{ Metric = 'Has Records'; Value = $result.UsersHasRecords } ) Write-RiskManagementOutput -Rows $rows -Format $Format -Output $Output -Title 'Users Enterprise Stat' } 'enterprise-stat-details' { Write-Verbose "Calling rmd/get_enterprise_stat_details..." $results = [KeeperSecurity.Enterprise.RiskManagementExtensions]::GetRiskManagementEnterpriseStatDetails( $enterprise.enterpriseData, $auth ).GetAwaiter().GetResult() $rows = foreach ($r in $results) { $lastLogin = $null if ($r.LastLoggedInMs -gt 0) { $lastLogin = [DateTimeOffset]::FromUnixTimeMilliseconds($r.LastLoggedInMs).LocalDateTime.ToString('yyyy-MM-dd HH:mm:ss') } [PSCustomObject]@{ Username = $r.Username LastLoggedIn = $lastLogin HasRecords = $r.HasRecords } } Write-RiskManagementOutput -Rows @($rows) -Format $Format -Output $Output -Title 'Enterprise Stat Details' } 'security-alerts-summary' { Write-Verbose "Calling rmd/get_security_alerts_summary..." $results = [KeeperSecurity.Enterprise.RiskManagementExtensions]::GetRiskManagementSecurityAlertsSummary( $auth ).GetAwaiter().GetResult() $rows = foreach ($r in $results) { $eventDisplay = if ($r.EventName) { $r.EventName } else { $r.AuditEventTypeId.ToString() } $row = [PSCustomObject]@{ Event = $eventDisplay EventOccurrences = $r.CurrentCount LastEvents = $r.PreviousCount UniqueUsers = $r.CurrentUserCount LastUsers = $r.PreviousUserCount } if ($Format -ne 'json') { $row | Add-Member -NotePropertyName EventTrend -NotePropertyValue (Get-TrendIndicator -Current $r.CurrentCount -Previous $r.PreviousCount) $row | Add-Member -NotePropertyName UserTrend -NotePropertyValue (Get-TrendIndicator -Current $r.CurrentUserCount -Previous $r.PreviousUserCount) } $row } Write-RiskManagementOutput -Rows @($rows) -Format $Format -Output $Output -Title 'Security Alerts Summary' } 'security-alerts-detail' { if ([string]::IsNullOrEmpty($AuditEventType)) { Write-Error "The -AuditEventType parameter is required for security-alerts-detail." -ErrorAction Stop } $eventTypeId = 0 if ([int]::TryParse($AuditEventType, [ref]$eventTypeId)) { if ($eventTypeId -le 0) { Write-Error "Audit event type ID must be a positive integer. Got: $eventTypeId" -ErrorAction Stop } Write-Verbose "Using numeric event type ID: $eventTypeId" } else { Write-Verbose "Resolving event type name '$AuditEventType'..." $dimensions = [KeeperSecurity.Enterprise.RiskManagementExtensions]::GetAuditEventDimensions( $auth ).GetAwaiter().GetResult() $found = $false foreach ($entry in $dimensions.GetEnumerator()) { if ($entry.Value -eq $AuditEventType) { $eventTypeId = $entry.Key $found = $true break } } if (-not $found) { Write-Error "Unknown audit event type: '$AuditEventType'. Use security-alerts-summary to find valid event names or numeric IDs." -ErrorAction Stop } } Write-Verbose "Calling rmd/get_security_alerts_detail for event type $eventTypeId..." $results = [KeeperSecurity.Enterprise.RiskManagementExtensions]::GetRiskManagementSecurityAlertsDetail( $enterprise.enterpriseData, $auth, $eventTypeId ).GetAwaiter().GetResult() $rows = foreach ($r in $results) { $lastOccurrence = $null if ($r.LastOccurrenceMs -gt 0) { $lastOccurrence = [DateTimeOffset]::FromUnixTimeMilliseconds($r.LastOccurrenceMs).LocalDateTime.ToString('yyyy-MM-dd HH:mm:ss') } [PSCustomObject]@{ Username = $r.Username CurrentCount = $r.CurrentCount PreviousCount = $r.PreviousCount LastOccurrence = $lastOccurrence } } Write-RiskManagementOutput -Rows @($rows) -Format $Format -Output $Output -Title "Security Alerts Detail (Event Type: $AuditEventType)" } 'security-benchmarks-get' { Write-Verbose "Calling rmd/get_security_benchmarks..." $results = [KeeperSecurity.Enterprise.RiskManagementExtensions]::GetRiskManagementSecurityBenchmarks( $auth ).GetAwaiter().GetResult() $rows = foreach ($r in $results) { $lastUpdated = $null if ($r.LastUpdatedMs -gt 0) { $lastUpdated = [DateTimeOffset]::FromUnixTimeMilliseconds($r.LastUpdatedMs).LocalDateTime.ToString('yyyy-MM-dd HH:mm:ss') } [PSCustomObject]@{ Id = $r.BenchmarkName Status = $r.Status LastUpdated = $lastUpdated AutoResolve = $r.AutoResolve } } Write-RiskManagementOutput -Rows @($rows) -Format $Format -Output $Output -Title 'Security Benchmarks' } 'security-benchmarks-set' { if (-not $BenchmarkFields -or $BenchmarkFields.Count -eq 0) { Write-Error "The -BenchmarkFields parameter is required for security-benchmarks-set. Use 'NAME:STATUS' format." -ErrorAction Stop } $updates = [System.Collections.Generic.Dictionary[string, string]]::new() foreach ($field in $BenchmarkFields) { $parts = $field.Split(':', 2) if ($parts.Count -ne 2) { Write-Warning "Skipping invalid field '$field'. Expected format: NAME:STATUS" continue } $name = $parts[0].Trim().ToUpper() $status = $parts[1].Trim().ToUpper() if ($name -notin $Script:ValidBenchmarkNames) { Write-Error "Invalid benchmark name: '$name'. Valid names: $($Script:ValidBenchmarkNames -join ', ')" -ErrorAction Stop } if ($status -notin $Script:ValidBenchmarkStatuses) { Write-Error "Invalid benchmark status: '$status'. Valid statuses: $($Script:ValidBenchmarkStatuses -join ', ')" -ErrorAction Stop } $updates[$name] = $status } if ($updates.Count -eq 0) { Write-Warning "No valid benchmark fields to set." return } Write-Verbose "Calling rmd/set_security_benchmarks..." try { [KeeperSecurity.Enterprise.RiskManagementExtensions]::SetRiskManagementSecurityBenchmarks( $auth, $updates ).GetAwaiter().GetResult() Write-Host "Done" } catch { $msg = if ($_.Exception.InnerException) { $_.Exception.InnerException.Message } else { $_.Exception.Message } Write-Error $msg -ErrorAction Stop } } } } Set-Alias -Name risk-report -Value Get-KeeperRiskManagementReport # SIG # Begin signature block # MIInvgYJKoZIhvcNAQcCoIInrzCCJ6sCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDqihxmdmH+I7zf # VYXqozP7pXWqCe6jxnxMHfwDM/aYqqCCITswggWNMIIEdaADAgECAhAOmxiO+dAt # 5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNV # BAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEwMDAwMDBa # Fw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy # dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD # ZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC # ggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3E # MB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKy # unWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsF # xl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU1 # 5zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB # MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObUR # WBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6 # nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxB # YKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5S # UUd0viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+x # q4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjggE6MIIB # NjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/57qYrhwP # TzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8BAf8EBAMC # AYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp # Y2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0 # aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENB # LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEBAHCgv0Nc # Vec4X6CjdBs9thbX979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0aFPQTSnov # Lbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNEm0Mh65Zy # oUi0mcudT6cGAxN3J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZqaVSwuKFW # juyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPF # mCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9FcrBjDTZ9z # twGpn1eqXijiuZQwggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0GCSqG # SIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx # GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRy # dXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTlaMGkx # CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UEAxM4 # RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEzODQg # MjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C0Cit # eLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce2vnS # 1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0daE6ZM # swEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6TSXBC # Mo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoAFdE3 # /hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7OhD26j # q22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM1bL5 # OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z8ujo # 7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05huzU # tw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNYmtwm # KwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP/2NP # TLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0TAQH/ # BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYDVR0j # BBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMGA1Ud # JQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0 # cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0 # cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNVHR8E # PDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVz # dGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATANBgkq # hkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95RysQDK # r2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HLIvda # qpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5BtfQ/g+ # lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnhOE7a # brs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIhdXNS # y0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV9zeK # iwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/jwVYb # KyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYHKi8Q # xAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmCXBVm # zGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l/aCn # HwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZWeE4w # gga0MIIEnKADAgECAhANx6xXBf8hmS5AQyIMOkmGMA0GCSqGSIb3DQEBCwUAMGIx # CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 # dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBH # NDAeFw0yNTA1MDcwMDAwMDBaFw0zODAxMTQyMzU5NTlaMGkxCzAJBgNVBAYTAlVT # MRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UEAxM4RGlnaUNlcnQgVHJ1 # c3RlZCBHNCBUaW1lU3RhbXBpbmcgUlNBNDA5NiBTSEEyNTYgMjAyNSBDQTEwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC0eDHTCphBcr48RsAcrHXbo0Zo # dLRRF51NrY0NlLWZloMsVO1DahGPNRcybEKq+RuwOnPhof6pvF4uGjwjqNjfEvUi # 6wuim5bap+0lgloM2zX4kftn5B1IpYzTqpyFQ/4Bt0mAxAHeHYNnQxqXmRinvuNg # xVBdJkf77S2uPoCj7GH8BLuxBG5AvftBdsOECS1UkxBvMgEdgkFiDNYiOTx4OtiF # cMSkqTtF2hfQz3zQSku2Ws3IfDReb6e3mmdglTcaarps0wjUjsZvkgFkriK9tUKJ # m/s80FiocSk1VYLZlDwFt+cVFBURJg6zMUjZa/zbCclF83bRVFLeGkuAhHiGPMvS # GmhgaTzVyhYn4p0+8y9oHRaQT/aofEnS5xLrfxnGpTXiUOeSLsJygoLPp66bkDX1 # ZlAeSpQl92QOMeRxykvq6gbylsXQskBBBnGy3tW/AMOMCZIVNSaz7BX8VtYGqLt9 # MmeOreGPRdtBx3yGOP+rx3rKWDEJlIqLXvJWnY0v5ydPpOjL6s36czwzsucuoKs7 # Yk/ehb//Wx+5kMqIMRvUBDx6z1ev+7psNOdgJMoiwOrUG2ZdSoQbU2rMkpLiQ6bG # RinZbI4OLu9BMIFm1UUl9VnePs6BaaeEWvjJSjNm2qA+sdFUeEY0qVjPKOWug/G6 # X5uAiynM7Bu2ayBjUwIDAQABo4IBXTCCAVkwEgYDVR0TAQH/BAgwBgEB/wIBADAd # BgNVHQ4EFgQU729TSunkBnx6yuKQVvYv1Ensy04wHwYDVR0jBBgwFoAU7NfjgtJx # XWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUF # BwMIMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln # aWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5j # b20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNVHR8EPDA6MDigNqA0hjJo # dHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNy # bDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEwDQYJKoZIhvcNAQEL # BQADggIBABfO+xaAHP4HPRF2cTC9vgvItTSmf83Qh8WIGjB/T8ObXAZz8OjuhUxj # aaFdleMM0lBryPTQM2qEJPe36zwbSI/mS83afsl3YTj+IQhQE7jU/kXjjytJgnn0 # hvrV6hqWGd3rLAUt6vJy9lMDPjTLxLgXf9r5nWMQwr8Myb9rEVKChHyfpzee5kH0 # F8HABBgr0UdqirZ7bowe9Vj2AIMD8liyrukZ2iA/wdG2th9y1IsA0QF8dTXqvcnT # mpfeQh35k5zOCPmSNq1UH410ANVko43+Cdmu4y81hjajV/gxdEkMx1NKU4uHQcKf # ZxAvBAKqMVuqte69M9J6A47OvgRaPs+2ykgcGV00TYr2Lr3ty9qIijanrUR3anzE # wlvzZiiyfTPjLbnFRsjsYg39OlV8cipDoq7+qNNjqFzeGxcytL5TTLL4ZaoBdqbh # OhZ3ZRDUphPvSRmMThi0vw9vODRzW6AxnJll38F0cuJG7uEBYTptMSbhdhGQDpOX # gpIUsWTjd6xpR6oaQf/DJbg3s6KCLPAlZ66RzIg9sC+NJpud/v4+7RWsWCiKi9EO # LLHfMR2ZyJ/+xhCx9yHbxtl5TPau1j/1MIDpMPx0LckTetiSuEtQvLsNz3Qbp7wG # WqbIiOWCnb5WqxL3/BAPvIXKUjPSxyZsq8WhbaM2tszWkPZPubdcMIIG7TCCBNWg # AwIBAgIQCoDvGEuN8QWC0cR2p5V0aDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQG # EwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0 # IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYgU0hBMjU2IDIwMjUgQ0Ex # MB4XDTI1MDYwNDAwMDAwMFoXDTM2MDkwMzIzNTk1OVowYzELMAkGA1UEBhMCVVMx # FzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBTSEEy # NTYgUlNBNDA5NiBUaW1lc3RhbXAgUmVzcG9uZGVyIDIwMjUgMTCCAiIwDQYJKoZI # hvcNAQEBBQADggIPADCCAgoCggIBANBGrC0Sxp7Q6q5gVrMrV7pvUf+GcAoB38o3 # zBlCMGMyqJnfFNZx+wvA69HFTBdwbHwBSOeLpvPnZ8ZN+vo8dE2/pPvOx/Vj8Tch # TySA2R4QKpVD7dvNZh6wW2R6kSu9RJt/4QhguSssp3qome7MrxVyfQO9sMx6ZAWj # FDYOzDi8SOhPUWlLnh00Cll8pjrUcCV3K3E0zz09ldQ//nBZZREr4h/GI6Dxb2Uo # yrN0ijtUDVHRXdmncOOMA3CoB/iUSROUINDT98oksouTMYFOnHoRh6+86Ltc5zjP # KHW5KqCvpSduSwhwUmotuQhcg9tw2YD3w6ySSSu+3qU8DD+nigNJFmt6LAHvH3KS # uNLoZLc1Hf2JNMVL4Q1OpbybpMe46YceNA0LfNsnqcnpJeItK/DhKbPxTTuGoX7w # JNdoRORVbPR1VVnDuSeHVZlc4seAO+6d2sC26/PQPdP51ho1zBp+xUIZkpSFA8vW # doUoHLWnqWU3dCCyFG1roSrgHjSHlq8xymLnjCbSLZ49kPmk8iyyizNDIXj//cOg # rY7rlRyTlaCCfw7aSUROwnu7zER6EaJ+AliL7ojTdS5PWPsWeupWs7NpChUk555K # 096V1hE0yZIXe+giAwW00aHzrDchIc2bQhpp0IoKRR7YufAkprxMiXAJQ1XCmnCf # gPf8+3mnAgMBAAGjggGVMIIBkTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTkO/zy # Me39/dfzkXFjGVBDz2GM6DAfBgNVHSMEGDAWgBTvb1NK6eQGfHrK4pBW9i/USezL # TjAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwgZUGCCsG # AQUFBwEBBIGIMIGFMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j # b20wXQYIKwYBBQUHMAKGUWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp # Q2VydFRydXN0ZWRHNFRpbWVTdGFtcGluZ1JTQTQwOTZTSEEyNTYyMDI1Q0ExLmNy # dDBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln # aUNlcnRUcnVzdGVkRzRUaW1lU3RhbXBpbmdSU0E0MDk2U0hBMjU2MjAyNUNBMS5j # cmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEB # CwUAA4ICAQBlKq3xHCcEua5gQezRCESeY0ByIfjk9iJP2zWLpQq1b4URGnwWBdEZ # D9gBq9fNaNmFj6Eh8/YmRDfxT7C0k8FUFqNh+tshgb4O6Lgjg8K8elC4+oWCqnU/ # ML9lFfim8/9yJmZSe2F8AQ/UdKFOtj7YMTmqPO9mzskgiC3QYIUP2S3HQvHG1FDu # +WUqW4daIqToXFE/JQ/EABgfZXLWU0ziTN6R3ygQBHMUBaB5bdrPbF6MRYs03h4o # bEMnxYOX8VBRKe1uNnzQVTeLni2nHkX/QqvXnNb+YkDFkxUGtMTaiLR9wjxUxu2h # ECZpqyU1d0IbX6Wq8/gVutDojBIFeRlqAcuEVT0cKsb+zJNEsuEB7O7/cuvTQasn # M9AWcIQfVjnzrvwiCZ85EE8LUkqRhoS3Y50OHgaY7T/lwd6UArb+BOVAkg2oOvol # /DJgddJ35XTxfUlQ+8Hggt8l2Yv7roancJIFcbojBcxlRcGG0LIhp6GvReQGgMgY # xQbV1S3CrWqZzBt1R9xJgKf47CdxVRd/ndUlQ05oxYy2zRWVFjF7mcr4C34Mj3oc # CVccAvlKV9jEnstrniLvUxxVZE/rptb7IRE2lskKPIJgbaP5t2nGj/ULLi49xTcB # ZU8atufk+EMF/cWuiC7POGT75qaL6vdCvHlshtjdNXOCIUjsarfNZzCCB0kwggUx # oAMCAQICEAe0P3SLJmcoVNrErUyxTt0wDQYJKoZIhvcNAQELBQAwaTELMAkGA1UE # BhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYDVQQDEzhEaWdpQ2Vy # dCBUcnVzdGVkIEc0IENvZGUgU2lnbmluZyBSU0E0MDk2IFNIQTM4NCAyMDIxIENB # MTAeFw0yNTEyMzEwMDAwMDBaFw0yOTAxMDIyMzU5NTlaMIHRMRMwEQYLKwYBBAGC # NzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMR0wGwYDVQQPDBRQ # cml2YXRlIE9yZ2FuaXphdGlvbjEQMA4GA1UEBRMHMzQwNzk4NTELMAkGA1UEBhMC # VVMxETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdDaGljYWdvMR0wGwYDVQQK # ExRLZWVwZXIgU2VjdXJpdHkgSW5jLjEdMBsGA1UEAxMUS2VlcGVyIFNlY3VyaXR5 # IEluYy4wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCUcNMoSVmxAi0a # vG+StFJMNFFTUIOo3HdBZ+0gqA1XpNgUx11vB1vCZrvFsD9m5oA58tdp4gZN3LmQ # aMvCl2ANUT7MilI02Hf1RWlygBzon6iE0GpU3lgRrwrk1dhtLpGsR6dbMKUUHprc # vKpXk90/VN+vhzY1uik1tCTxkDCPu/AYJg7m9+tR2KqvMuYMaMLhii66eWUAGsBC # h/uZxjkGoJF6qZ0DgFd7rW7VYljbfYSNPeZNGTDgB0J/wOsKl0mn612DTseIvAKt # 4vra/FLFukyEyStnfQ8lWYDcLLCMCjNVrzGipmT5E2iyx7Y1RZCIpNwVogp3Ixbk # Gbq5A/41YNOLLd4cFewyB2F037RevBCRsUODZEt1qBf7Jbu3DiYo1G+zTj9E0R1s # FzyijcfdsTm6X5ble+yCJeGkX5XgsyPnZpyz/FX9Fr0N9pMPGWwW2PKyHEnSytXm # 0Dxdq2P4mA4CBUxq7YoV26L2PF6QEh9BQdXTPcnLysUv7SI/a0ECAwEAAaOCAgIw # ggH+MB8GA1UdIwQYMBaAFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB0GA1UdDgQWBBRG # 4H6CH8pvNX632bsdnrda4MtJLDA9BgNVHSAENjA0MDIGBWeBDAEDMCkwJwYIKwYB # BQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMC # B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwgbUGA1UdHwSBrTCBqjBToFGgT4ZNaHR0 # cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25p # bmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5jcmwwU6BRoE+GTWh0dHA6Ly9jcmw0LmRp # Z2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNI # QTM4NDIwMjFDQTEuY3JsMIGUBggrBgEFBQcBAQSBhzCBhDAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFwGCCsGAQUFBzAChlBodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JT # QTQwOTZTSEEzODQyMDIxQ0ExLmNydDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUA # A4ICAQA1Wlq0WzJa3N6DgjgBU7nagIJBab1prPARXZreX1MOv9VjnS5o0CrfQLr6 # z3bmWHw7xT8dt6bcSwRixqvPJtv4q8Rvo80O3eUMvMxQzqmi7z1zf+HG+/3G4F+2 # IYegvPc8Ui151XCV9rjA8tvFWRLRMX0ZRxY1zfT027HMw0iYL20z44+Cky//FAnL # iRwoNDGiRkZiHbB9YOftPAYNMG3gm1z3zOW5RdfKPrqvMuijE+dfyLIAA6Immpzu # FMH+Wgn8NnSlot9b4YKycaqqdjd7wXDjPub/oQ7VShuCSBWj+UNOTVh0vcZGackc # H1DLVgwp2dcKlxJiQKtkHT/T6LloY6LTe6+8wkVkr8EAv1W+q/+M1a4Ao+ykFbIA # 2LBEmA9qdgoLtenAYIiEg+48SjMPgyBbVPE3bhL1vIqjEIxYCfdmi6wx33oYX7HB # +bJ7zitHw4GgtpfPV8y8QRZImKmeDOKyXjQPDmQM/Eglm/Ns0GzBkVXM8h6UI34b # WZrHz9sbLSE20m5Svmxftvw5zju+I3WsmS/stNfWlOkwU0niUgwPHaz21kjXEA5A # g+aqv26wodqZcnGOlChoWDvSJ8KKgdOFbeAYKAMp1NY7iWV315zpGH19RipCR1NH # 0ND8iIubk3WGNf2rzEfqlOi3h2ywqVkU6AKXHdO5JV4otSKKEDGCBdkwggXVAgEB # MH0waTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYD # VQQDEzhEaWdpQ2VydCBUcnVzdGVkIEc0IENvZGUgU2lnbmluZyBSU0E0MDk2IFNI # QTM4NCAyMDIxIENBMQIQB7Q/dIsmZyhU2sStTLFO3TANBglghkgBZQMEAgEFAKCB # hDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEE # AYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJ # BDEiBCD3J+iaESIGoDi5xEgi/6x7MAmnK7ptbUwfiM4uQE432DANBgkqhkiG9w0B # AQEFAASCAYA7yXwar6c9stbss7NNgCx4SjqJCRG/Tpn1LRbE5+JdmVSMl7SHa3W7 # TdesCmE2e1DAJBcJqezCXjWuIEd9uRg3zyBGnkwA527xTyrfIKLw6zaf1e7K4vla # VKF2yb8OYYt11wwP37pE1RbrddVd2NJiJFiHg5IbSZF2YSNxTuhw6EzThLRfycje # dXZYOCf/vF2cyJI0tD9js8uuivFJNJ7ih0SpV7vAXU6CCXTE6rQA8grFS7KvPOWF # oiV05q/jsDi34FIB7016BWKgaEwdEASZFv12FQjWTyYbE1KVaSR5cQoTAroigSNd # RO4GnN1TUHxcHkrruwYUEyeQzGItG5JAxTREvWj/lOY8lN5xkW8RvsoS2+pPZ7Jz # qjR/U+5m0H99dQ7ic78CMKXR84R9VxYeJJX+mv/oB/CheVPyZ/YD2QNllYERoUbe # isfodgoCX/k9WcuZNkCaR1CQ8jtU7AAjMp0SL331nZQHw5+9BY3gfZY8WC2cKU0O # qqqWrCUsyy6hggMmMIIDIgYJKoZIhvcNAQkGMYIDEzCCAw8CAQEwfTBpMQswCQYD # VQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lD # ZXJ0IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYgU0hBMjU2IDIwMjUg # Q0ExAhAKgO8YS43xBYLRxHanlXRoMA0GCWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcN # AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjYwNTA1MTgxNzEyWjAv # BgkqhkiG9w0BCQQxIgQgY3B39JJpkbpnOuPWaKMhKfO24N7YoRABwkr/R+X8uogw # DQYJKoZIhvcNAQEBBQAEggIABNut1l9QOBmP5YT44rl+totf4fAaPK6fYVEFgmcn # RXc2pZjKzjSyx+tW8rsm/2aoycUbMZTyLOagIvlKi6BjsGQ4OacDrArNC6HleGbn # MKbZ441PqFuhTtCXwCpUsNZhF/bruDkHsxyQGTSicdx8vuQpKR13w5IkbdEC+Gy0 # 3lnJctTEAuKcBFrVSNac1UwjkcFKGR82JitFLt09rGSRowlp8stp+HL7nwD1PLoi # yID1lHaY3/5aXvj+u1pIPnpraWR66XEy5BDLF5HXNhOjgAk8WmrIWEYfpeyq7Vhz # ksGZ1GXShbYFMKIYPA7GoAh/kCrRJEg+KG0ZdO0g2pQCCHwgLtr9FJU33DVFGTdV # mzvugtsTn1dy5fhT18YTFva2bqTTtlSIAySLx9tpn2rE+5Hwdm75EPLVVAZhnzP3 # WNd1dP+wOIf0lX3FWMLxHQ6vWq0SIZs8z4MRT4DvMyx0LGDV20fHdbTxIwpaaHJM # q4LWei/OhIqsJyUipf9gM9ojf7Zr/xdGMi9zadx9OUlsoJHV7gDGI7Xr66ejPTVV # WODkrgn/n2EPUqumhK+CwFV/7kmMBr3o72dZkYFC8B1SSYeBwL6+kW0LwImVETGK # 9F5phXmnQ1LRVng1NNAth31PmUUxsqh+Z9NC11rfsYGKt0TLeJ37vSV+aTxSZwh7 # 9h4= # SIG # End signature block |