From 92c0b5176770b57c372f4ede0a00d850a840c9a0 Mon Sep 17 00:00:00 2001
From: Roberto Rodriguez <rrodri0622@gmail.com>
Date: Mon, 7 Sep 2020 23:30:45 -0400
Subject: [PATCH] updated docs bug CDM entities

---
 .../.doctrees/cdm/entities/host.doctree       | Bin 16308 -> 0 bytes
 docs/_build/.doctrees/environment.pickle      | Bin 92082 -> 90671 bytes
 docs/_build/.jupyter_cache/global.db          | Bin 28672 -> 28672 bytes
 .../_build/html/_sources/cdm/entities/host.md |  18 -
 .../html/attack/windows/ds_mapping_table.html |   5 +
 docs/_build/html/attack/windows/intro.html    |   5 +
 docs/_build/html/cdm/entities/alert.html      | 183 ++++++++-
 docs/_build/html/cdm/entities/any.html        | 183 ++++++++-
 .../_build/html/cdm/entities/certificate.html | 183 ++++++++-
 docs/_build/html/cdm/entities/cloud.html      | 183 ++++++++-
 .../_build/html/cdm/entities/destination.html | 183 ++++++++-
 .../html/cdm/entities/destination_nat.html    | 183 ++++++++-
 docs/_build/html/cdm/entities/device.html     | 183 ++++++++-
 docs/_build/html/cdm/entities/dns.html        | 183 ++++++++-
 docs/_build/html/cdm/entities/etl.html        | 183 ++++++++-
 docs/_build/html/cdm/entities/event.html      | 183 ++++++++-
 docs/_build/html/cdm/entities/file.html       | 183 ++++++++-
 docs/_build/html/cdm/entities/geo.html        | 183 ++++++++-
 docs/_build/html/cdm/entities/group.html      | 183 ++++++++-
 docs/_build/html/cdm/entities/hash.html       | 183 ++++++++-
 docs/_build/html/cdm/entities/host.html       | 363 ------------------
 docs/_build/html/cdm/entities/http.html       | 183 ++++++++-
 docs/_build/html/cdm/entities/ip.html         | 183 ++++++++-
 docs/_build/html/cdm/entities/kerberos.html   | 183 ++++++++-
 docs/_build/html/cdm/entities/logon.html      | 183 ++++++++-
 docs/_build/html/cdm/entities/mac.html        | 183 ++++++++-
 docs/_build/html/cdm/entities/meta.html       | 183 ++++++++-
 docs/_build/html/cdm/entities/module.html     | 183 ++++++++-
 docs/_build/html/cdm/entities/network.html    | 183 ++++++++-
 docs/_build/html/cdm/entities/pipe.html       | 183 ++++++++-
 docs/_build/html/cdm/entities/port.html       | 183 ++++++++-
 docs/_build/html/cdm/entities/process.html    | 183 ++++++++-
 docs/_build/html/cdm/entities/registry.html   | 183 ++++++++-
 docs/_build/html/cdm/entities/rule.html       | 183 ++++++++-
 docs/_build/html/cdm/entities/source.html     | 183 ++++++++-
 docs/_build/html/cdm/entities/source_nat.html | 183 ++++++++-
 docs/_build/html/cdm/entities/target.html     | 183 ++++++++-
 docs/_build/html/cdm/entities/tls.html        | 183 ++++++++-
 docs/_build/html/cdm/entities/url.html        | 183 ++++++++-
 docs/_build/html/cdm/entities/user.html       | 183 ++++++++-
 docs/_build/html/cdm/entities/user_agent.html | 183 ++++++++-
 .../html/cdm/guidelines/data_types.html       |   5 +
 .../domain_or_hostname_or_fqdn.html           |   9 +-
 .../html/cdm/guidelines/entity_structure.html |   5 +
 docs/_build/html/cdm/guidelines/intro.html    |   5 +
 .../html/cdm/guidelines/table_structure.html  |   5 +
 docs/_build/html/cdm/intro.html               |   5 +
 docs/_build/html/cdm/tables/intro.html        |   9 +-
 .../html/cdm/tables/network_session.html      |   5 +
 docs/_build/html/cdm/tables/processes.html    |   5 +
 .../authoring_data_dictionaries.html          |   5 +
 docs/_build/html/dd/guidelines/intro.html     |   5 +
 docs/_build/html/dd/intro.html                |   5 +
 docs/_build/html/ddm/intro.html               |   5 +
 .../attack/windows/ds_mapping_techniques.html |   5 +
 .../html/reports/ds_mapping_techniques.log    |  37 --
 docs/_build/html/searchindex.js               |   2 +-
 57 files changed, 6273 insertions(+), 457 deletions(-)
 delete mode 100644 docs/_build/.doctrees/cdm/entities/host.doctree
 delete mode 100644 docs/_build/html/_sources/cdm/entities/host.md
 delete mode 100644 docs/_build/html/cdm/entities/host.html
 delete mode 100644 docs/_build/html/reports/ds_mapping_techniques.log

diff --git a/docs/_build/.doctrees/cdm/entities/host.doctree b/docs/_build/.doctrees/cdm/entities/host.doctree
deleted file mode 100644
index a98d326fd6a3b656d9b0187019a1d3901580e9b3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 16308
zcmds8eTXDS72mttkK5bZxi2>glS|sD$zE<}=e}~eT@t+8+xw6udnES}5)DmHcg=Lq
z^>oj5SKscc!HXL7q!LjlplCn@!5|2V1R~}SMgIu|RPY}`!61SP{vik=Nc>gxbanUi
z>|W2!?)Y)A$MmcBUe$Z`-mj{w>)jfD<+TqFiGQqMxOzY>+n;q@gZM4BlM@=mp{=j9
z4!zKNzBSFpJ#EEz15YO{HUtjcv~0s8PV2drImE_%qEpLtB)>Ugj+$f7wWiTHLM>{O
zL=zh}U7xmiJDP{DkX7DMoBCo)bZCyWpV??rLqA~O8&ov5OQY1YDgnhf`M7pihL16@
zG2PaDA4L2fakNJGYo`%3<A;i-U-w9r^8{>+YBk=}G7D_jwj9!0+QvpB6VH~f`o#0g
z`da0<x1xE*ky?4N?G(R!!J-#~O8L^|%jcdb!&l%l8f6U9q89PX+`8F@(K3tXL{Nc=
z<1j(1d0Nv<df~BiHzA@_En*wK68OYWsH+&HioqxiLN!C9nxa+QfGV28l`5`>_M4VY
zW<&2yvHq0A&hAeSES)vCnLEsfm(4@Vm?!gIOpbXUCRoAW1Ni$O{vL$m&1rMSJhTK>
z^DuW17lV^_g>e?g&7O$BcAbf*T*S;&iWJ+BVl0}c?=+4A#xc?!$Kzt6MyOUvg=!eZ
zn8Hz7^W31Bn7=r{$8^{Bn?%nvuImNlk87`31~pq3PS1sD$UXB6JaR2`B)oHIX$Yfw
zHgZIJEbDpp|4}Cg50hv{*0V!whv%+j=mKw$Ro+^r$t*>VWW&oM@j3oXwIAXrYBv_m
zFZUABMe~d4c}u4N+e3kJCC#>K&b&>kw54@s#Y>p`FQj#tFGoXe&wav#D{D<)SK9>f
zkT4-^ESlf#&4llyyWe6HCKidWdsb5{9BoTdwAi2&8Gia%Z+87;pmy!PtTmc8QLbrr
zAg3rzj4eykVcKtdGwnB<ZyH$_wm3w69%FoQqfR^H`ZEyd#5A7Q71zin>9lz}9rDu~
z<iG@96IH`)XqFSDLW&l<IYl;$^<CSBhI(>zeN0M3$b2{HQ6J8z*}%Y2AA23A7TFd(
z#%4tnSo8s@INuUntSeGta26fq$g8+j1+cD!GbetE-Hqid*eGF_Q{@|-x{G~~AvZdA
zAsPGWE`;II$E1Vux^zxT49=x{%)p_ue2?nZW_7m_Mho`jwnd4j*@=aab?2SR(xvOL
z@D%GGm1gB|MEx1gEp~VHtC67C%A^yf6DMZS(NhsW7w;mIZyD{9WOu~0`nF8hy+F~p
zfTHRRLjqBPBAv++L|FT2*<}v5V%J=(e@aU9<)2Sx)NB$6eO)TfYtdJw#NaGCd<EcB
z4QzW&xe;JXhBq)H0wexP7~vD2(+GQel8Gn0CoxR$52ZWuI`I2aVsH+8@6$^cpE`2n
z=xjIWsXvPmMT<DwkQKY{b=##61p@t2TA9NyNd$U366}H|-4N)lh`&Ds%4XPBBhUeX
zK$Zi{uWC9`Yk`Fmi17WOYnya1>)MQ9{D<^K4yOxz`n#0qD;WQlQL{<-v~PQ_+rEO7
z7@S2HE?oV{Vgy1Cp)0O;U6C`ZteBQ=Dl1z1%&3aJk``b;h2tk(<1bT+M{Wcp#;#4%
z7l+KIsYIAPEM1&8%pQ^wgPW8GKXGhf;rQ`W#~v-6Tv#|+I&o@op>%5T+{x17!rZwd
z3v=h^&dx17FH$ZIfxSoq5%aRk$q)c}LAoS|6O#aWHWJJUkf$U5{s1zY;)4dr@bI@g
zK#Df$;0!>9qQ$x+eUZcI0wAwTiM}G&%&6HUfc%_PoY$hyN{PW)^gaIeD0XVo_+Am6
zAst#DGO4N2Jcv1~JmUt6t~pALQ1N1FTm0C)s%W;YXg4*><_E+|1j;y~Z(_maNR0P%
z<pHayyH3@rDP{0Kpx|w+p*eCH{=t9gu;01$jnu&3x%H|XdYlCRb51YTzbRugZ#2Iu
zB?cGG?|;J5J=b@uRJn*lU9WUaS#B@-XTtdEvZ&+~!g`W}Q%<s2O5T({$l<l*Qu0P5
zm~$z4J>u_gDanH2Rxc$5vDda;U9;7OrbpZCPO@|>>ukZU=MU2O99|Y{$M2;?U$ObS
zjG9eaJN_jV=e6jcQetox9Td|RZ>Jyfl_$=eEolb6X8V3LmG^gWy>shpX})-F@1(F;
zzh_6UZyg7u#NZsW@93%dlPBgMJvM*-`26wX^K(bLz|J~MfSE2W(nkVTj!T<zghvuq
z%8_7BSec3V`-7Eio@_O&>=Lljz#R-bio+yHx|1cTfRbmW!8trDpyX*O(N}z3$*9>R
zDDkD@ycRX3#NaHtkDnuo>56uq;q{UB9gS!X@5C0*>zz0;*G$@(*E6@J#Na%04?cnV
z0d~X}G+SF;Q<hyyl%q$w0Ln(3K$Z2HrOyPkye3V|;glq_d^-}%2`%4>`1^yFY~E}&
zw1giXlCQi8igafC`$Y75`wMAp4z~(id0R^K6>D#0)NB&2{7EX#YtbL2#NaHt#&Jcw
z-treuar0}YjVUt<zoIw8zmJORW@~s!#j7p8oce@cGDDhGJ+~oVUC%$cxUAsyQ&|*W
z$mN&Rtx_L{(N^^U{M$a<>t5>J|G*56wLg$_0lZWb5KcZz_X$Y5zZW}`kXDQYb3)qt
zBL4m$Et|4i4QXRyx8%w#yL^_8WRiryIWO(ZoBC&^L|>_YI-_Qjz)Y2j^IG&VDKR*U
ziX6-?UEXkqv>{JCog1=YidUt1c^wi+iNQH!hjr<47hI5JV1oE9?G||OiX3SU+md+j
zrARO*9=sg!_lF1BsNZTlm=t)>B*aUe$#hVqQ&~p?!so}*@*FM}+nqP0L|@_adPdDA
zA;hnx;=C69N=gjQq7t7o9K%f0wI;q`@@p9-MbmX0$0$u)0;7kzozRrIlsJ~jDHl(D
zuN@Zaf0b^@>&U-IiNQH?-;rbUN6*ZkePsUViTOw7=FiS`!I^cK_z6x{T>4C4(8Nd&
zd#@x0jYWbvF=#mA?+=5rd9~FT6uwj;j^(}I1VuWt{hAfB73;^OwRwZ9EG7C1u9=LQ
zO~RcesW`7i7p27DEIP<{CVUb$+?(8iE1uLlFk*o*q>*{uqDhItxn;EBRxA|3@Vi6l
ziwwyY;6?N(T_8Z>1v%s#MkYbx`A9G)NPIlv?++xhNpLqHv9Zj%*(>nt3$S5cPSjc&
z=C|#yK=R3rZrig$R7vEQa0|#y*OjmlQE`IuIFyxXflWpI)g@f59gFIoxbmP94<}V&
zr$yyk9n?fI*Lb3cs$I;LP!?AD#cHDG4h7rVquCLTX8nu8vO>>1%-ypM<_8`x4^-Qg
zd&_KhL=i=O%WS7lD8<)#)HUvtg^oBR!A&`QnrEY;Ov8_FNf(ycc#Sx?I!#@#g$I=3
z;W8C!I`A+NcB4Y~bv*8BKL(zSr%CGSDlanRt#~heiS4htE_HDDnINOgaFUlxIzdBS
z#pSIAFFY*poBmCeUl@QfK9m(h3bBcxs4EsV)u_l3eYFMJRgW;+BTd(%s!eX<^TE<~
zd?e6p`8dM%kyQ&`q8bhSh-rk47^D)^&|Lu+$Q^hI93Igcpo~)w_XxQ;t<ST9<un7T
z5=VCpUXj4Y16nPeD)|<E-<xh!iRZbVYU1e0CLTP@hpN*S+k;BRw3ZQ}rNs_*v~;Mb
z{~5W?3ZdS33?o;soG+b1|LKMfVYZjs;KNZSTx7$h7Mrv+rxs{60*@Pb-i|_6cEBUL
z>lvy+nurW^gIZ4bVKltb!98LbY7+&d)@sWfWd)vYYD{9=ap96p8bPC}%8-L&1wq{2
zb2Q}jGTS34@UG+Y>5oZGp9F@ht~Piu?Io*C*C%RHQbdVP)ti=Yg~7Q;H7uWBNr55!
z;t2%DqEs*sv)wSpNAQblfoPj-v#C`eyr`8eG)Ys1O$14V9XEJ(b4o=+*F373Vp7`l
z=gZ}lm6h4%8Z}*K*7a&-)S+Sv-t@~YHpL~lMlPXJg6b!v42pz7FMa693Am-;RrQW;
zI3@1p-l!Yu0{vz!LaU-1lQwL0F^<AaqyR6NT-wPFBA^<o%q=;5)o=3Yz0K|sqp=*+
z@bU|hh+FO>1A#n&I%fHZ#M|qyIaFI!O{-?2IL}0w4%;q|@ZEj`#VG2H0O{*P@_={_
zA64;rIP~B_-NeDGj%z?+T4BaG^57-ZyN-g<+oHT$lt8!B{WgNc)h(xrsgCl0KSu;V
zsHFM!l17CXNXa$KmPrVOwkh3qwd*QD(UYyVzgmm&?I6z07HV(V&JYQZdWa&+F)YM2
zRjKCTPLr7Pedq{LK~eJ!-(Y3nrPOSHipr0l1sU3^@?n%mKMJnFKE{dR@9Fx_k)QRS
z^8eoC|NRL61#Fyi@cosj)D}F;qJ23q??ZX85HKeMxA}O$CX*8?`k2%$;1wSv`VA>O
z=_0<+m?S0SLkT#hwNY_x86$%AJsm{JJ)Y7y9`!1O_NVj%KRwC;d#Y1cyJd*&1SCkd
i0uJSoN${l)v<Vf;%ukUgBw0+{E`x(nJ8#2ParWPVUIu6Y

diff --git a/docs/_build/.doctrees/environment.pickle b/docs/_build/.doctrees/environment.pickle
index d41cbb4fda797761cffe6eefe1473ed1603a7f87..d4cc9153c7e503f2fca359c3678029de24176384 100644
GIT binary patch
literal 90671
zcmd6QX_y?<btq_=O(TsoT0pD~ifsuoGk^$SumM>k3DAZmVK5+?>h7AUDs^|Yx~erZ
z$g+(WO#78>V%jF*5ho#b>|l%?FL)y)#+Y~^ar_*|&vERRyyPWuOyZaA<x9T!^E*pb
z-KxIbs=igD@yw5^xl5gU)_c!A_f++pm%Z=IGtN8%|GZJBW|-C4alLxntlQO!UUggE
z>en>Pa%pFz>fzRw`&%blo4uu4t=8J_4VCPoTi5lHS#NnaOx)(^b!VbDSJ+mc(dwnk
zrY9!tVgrFW6T40Krbc1nz@bAs_f5cK&P2X|;3vj?7*5OUbLvF`HLeB<o-EqcDRa8z
zt@H^A%6&VyA;f&pKCaj6W=VI5kb$yRoo;B;I#9E!HaAVk<{fvgtRp_em6kVTxRr9=
zHS`M9uHo8z!M2YEb)%v~-mbZ(U1jhij;_^<M!ulc^R7M%OkI13YI3e&IynR}K0e;^
zR+Y6z75g<@H+XimYP&iOVpd(fKBX05@cv?1a~!h>lorftNv|7?LcUQix4d<R>(-oW
zCnhR$+%j(0fgyuMyR7+LE(*F(-FRJR?8c{Ud%CQT7wt;RTMkqf^wxt7Z@8wpM&7ma
zD6N*ajBl&zdd+rB*RId;xaS8zr%e}-K`0Xk4j<gbq6T(F9w^i`pb{8c(HtNNxWPl`
zwW?O0bIqcYH%l$=jFvZA)s7?6rfgt>&pTtQHw-+iYk6*Li3;w96{`)qqUUQM(Y#p&
z?2E0Yx4z-%`6wF1<<^7VI&1*#b@>72KGd(lded<ly5oxk8M2mytd&annqIGHWwUw|
z__E}=r(50zYI5vGy{Kb--f2utnX`ycU$s#|)qK!ft<M(AjS^z#0#TqMN5GW&*bYEa
zhmA(1;Eb0F@c;Paq5L6WGKhTLC6|nwwYh2`Uo`aM(V7kF;Ixca8rK@v8L!g4VH$f%
zJ8pu~x4g5=3J~v1l<jGI!mk~Nrk3BapgB4z%*H@)w&UoPTHUtvqD$gyc^j=pZ4Mc)
z&+5g7tLFn<1cH|rH9!OuFzCZ&Aax`62JMIEh|~zB-XP(LXaP-8B(Z9|Rt07C?aXx1
z`qmsa^c>9>xmy`IP#mq{8a61-1qbbdUU%)>LAz8pryKfxxf^%j#B)1MJf!!vIcPD!
z=9XP?*%g<8kxiHFf>s8dKnZ{vUadCGOrScA&sEB;hPT|&-3Cp8ppkmjA&W<GuJvaJ
z*PaHO@--@)Gm3U?E~x9T%sFnp3ep}9IEmH{%wZ59O}B0q#tUWvrVi*8Kqdp#jnVza
zT4SBD-q>KAWt?qnGp;m#(b#HS^`LRJagFh6<9g!;<3?k<@fu?XR8JZ^ja|lW<0j)~
z;}&C&vDesV>^Ba0tMnSoAVtT?Pnl(y6psL(NKmn=l~iR#I;~`74;0;70dq<j6o?q%
ztvFDJxk)cgnnkw-bMHam%(C&igR2TmJ8r#EbQ{plbK=tR3RpeyV+{Gx$NJtfrW@W$
zHXoP>z~o$-v-=$$2lV9-|Cf6it{z}z022W1GN;F>YPqWwP?ZJ_<DII8igrmKE0pab
zaC&I3>9}Tf8e1CP`l!tEj*jG@u6<^l8!pX_yV`W#fW-smmRiHjmCWPgVDM!wM%u>`
z+Vgh9jRD|t6hdN;JdRAmM;{9-!308mC$=p^0fYI%^ic;B9PqhFvk<Q7%W7I3<g;c{
zbF~}_4n(QdP0$Hr4mA5D*bze*D3vA{h(phD?OLdvZUAp!{)6eK!zcp6mUv$_YLG*|
z1Y_q*(Xkz^p*N!F?XW8qyP6{`_kk?S?dS~_OO+1zt;6b5BN(Ca!nWSv!<g<II0nAv
zwt)129~ZRsC8g`!bz@ssqSu|P0h1#Dx3u@ND;g|jc0F&{j$74WfrJ02j+Lq{n9CzF
z7{vz(RS;Vz5kx4A_tnZUn?`Y19RsCR=c0{g#~O?9s5xa8HCK;ziVsjM+l^ARISvE-
zF)&08buQZJyx2gIPT&H>&|TZs5f;N3GI4TBu=Ymy9dFd#a<nl{hJGAf<H)mXVgr*Y
zL|WsJr*%8}XdLo%-G&7v@@yQkp*hAWTEX{=wvNQGGGlG)V{J$EIxM7ij305taCwdi
zB~DaDD@I3-V_nf*E!r9vQ^hVdU`mS6Ohy_ia8-9_?E2AYhdB6}S&Kd1)@sL9Iu0Bh
zo}%u==#F!yu1~}2P>(5oe1Liz_HpWXfs7)5R*duh0(weCcD4Gn9@Dot^WAccfOsQ%
zc@f^maR(2#9&L@|hOK#UBT?65GYpMD6I{~#LfrOy`n-<Ma_1m7{0_dPVbO)n4QiVn
zpY_*G>aM@kw@v(F8Xhc(d0&ez8Edy6KK$|>dw9t>L_RvNX_1+89k}FL@#w@1Y^v;;
zB-$=)>s@m471$Bu3PuD)89N@j&J(A2N-r8!^BC+mkaS$~ydmBr;qFT;+QYOv%lo@q
z#2=RNz)u+-r`Ai!Cjd7tXkqW9<(*%v>)aS|Ukq@O%j_n@W|cwt-U)c3<Gx?QUJe&p
z#><UY7@LhP4X^LGRz{o=k$!&%0gl+MbKs=IR%9uJ6I%P<(L#sQdKH8k@PBYTy=CZ5
zVvE-gyK$1Zu{G%7_16Ip*rmYkDXd%W+9ho+S~EyB`KgNA+8=ZSpE&r}TLCT}tZLv*
z)XA&u=d#n%!Y*gC$CwXd0OSJW@(LTe6Lr{mo*X|Bw4FQwj{eD3@T@fs<X97U2?)y@
z#o&K$#5Zoe3hpMT1vq03cWUgKF$Z>nVXswwFL1mtasq4&n$U$0{`ZDU`jplvyZO2e
zv!$T$Y}|@YLEHdWP1w@Z!CVd4(>tvP!)I4xAD(An$*jcM&WG(qg?8AeqOd`p0++p7
z)bmaaV-3v^$gpGBGkNyX98r(k59<aNt2Y`dQpiq_u8(<0m$ycA6LFGopj9qxM9bhu
zIJ`qU(hA{^1Wow@L~k%&6E>|ps_V5pM4YO?=?H$X>uS_M=V5OXHUdOnUfu>^3x-f;
z!JN>g%tKe)vquIUf*ng<ubHp}M)*#(pzZP6QQ{^Bv%r<fPn9)5MaW@Q4S20V%%nuV
z9E1&Oa{`s&D#Xwn;5!E4TKo5-Wvu49$oBFiv_QjfMXO?b!=d<#P=|r4>DJ8R(YaQW
z`mOTId2_mofrKOUIP4EY4y^U}R<IL*|MDfh2D{=tX9n$tX;{Jk-U#fzj68G$Zy~Rh
z%R&vjHPoaZ1NH^mG=bHM;5o3h2tS5k<;sKYn^SX<+7(y};RJ9fohZX2%TWZf0}OSK
zH9&WxoF0u-=QXkon2C-}>Vn<tqFww*1y5pwfw|L^vBc6^nm0gkO0>@-FwHFm?t|w~
z8&|y%vS%f2qcOHZ^M`dEngvOV8iHAF_l*M-a6Q9YhV?WB4p9%VT$p#PkK>Gj7kqY9
zv_ztcVYB}rMN4SFuw?~3=*LQ6?hODkmH~~RgnE^S#L+ks09chx#{lOb@|+(efZzp3
zRE&Kg$PpR}wtcWcnldq_*Waift=cmY$c&ByQ6nVrxhRPP^f+uA{rbQ-nYJPZYg=1F
zE^{qy;v%&^;&nX?VT2Dbb`Y=xi}b@AL7VY<<Ia!@=5!FBYwzkY-yr(qo5<1th{vR1
z3pnq>vcd-(i1+}_Q%G|_8zTi%O`fA*5mQ=6?5JpdQ+~!Qp-GBonO2&Q!M($%hgro9
zce@xVfQgeEAQeb|H35fBRIzSSjJi!0-0p{+8W{SB%W4fhKT|g`WP*zdtdm0!jWh3q
zNR?I&QNWN?I603{<cPGpeNM-)RnQOPQo;Wa!^Lnr5LtKgu<eFLFVe^{LXOafYXF9}
zg2yrR75;yhad-It5#yfV|6m9gcAS1R5RLma6Ah;hkyCISCdy`E0%D-x$ZQ+GdIBQe
z`WP&WM=7=%MB*Ybz6sdyBe0ftqZ$wq5)>e=>Jfw=K@<;O*W-f$0T@aYPv4;Sv^W5n
z@M+gW{<7FPT2H~&$f~-Y#0%#bZoW~22#5||40&;ZFTv492PPFb0wA|2XyHe}rvV*=
z=u{b03Kl|ioPr)4q~}!@++2ty(dytgW0W-P%5l!9r365H1+10fWPn@*FwuA$N-fXs
z8(3J-24^s=xHEnmo&|_@jL(LB8BrV^W{4`E#Grp0z+xP5Dhgt(p|<<l8$D<cZ48%Y
z2t<-6Y=L5ETYw_F8={R*5^w?l!I4wHCKeI}?*sybD|eK^%g90O9R~qdS!gi0P<EvT
zMvKqGfxtzPCc9dm15XRs=69kvVe3I}W294EufUY=_kdO1TOVnp*^(y_Zv^YdIFvr_
z9G`}xq)5+TBLmS)4AF)@XAWGvRwHCFi;H(PdEu%rCs$pl6d&$^lL+?j=3#XN=R`1#
zRgzsO^o{(JA8*NcPJr+ggAW74^;Z%aw?`b~Kp7YX|1c5Olsc}@Tgk!jkDhR^Q{n{$
zP>g9E90P<TGa&NGz}LqZeLdo6kpf(q$0;7_h0cS^=^7TSN_=i|S8#GvELAOMoI-ox
z@Yd-FaYBQRID0x1{!<fIj9)$eixcG6yW^H~18-kneOSL^Z2P`LWBc~)&EIr*-(I^8
z{|TOv$BBb>;K!-}A%FG5$$QD&o57>GdrK=a3kBUurUUzmIr89^+<h1JI}+&^g7Y`l
zLNFr`enD-<Jpzg!RI=Z%BIj*&(2k1+MK2$;?pVU^+i=j<K>wy0){h4D;Go(5>7Q^N
z&Iwz^EXQFWbU;HV;;f(>&7*KAT6KWIux5K3cipykZ*KqgeLHin+PQE0&3kX$J~?@C
z=b=N_w?Y)wi>LYc8%$P%)8BP_x9{J5+xFe?=-$0ImQ6fEjyyJuGMoidnMRkx8>p2)
z>`=oSlM!x(EfAmiBe!Xb><#fkI*wgMcp&i%4~~he4R9>nmPV>R!~<YJGT0<>4a8nR
znQ5x$U5<AyH{kTj|5acE4X2>xMy2ZSk9>5o%PdUt!M155_jm1D8G^mwhH%^oH}SkN
zTgM&Rml(p(hZ*tDmQ)c}aIe?$W7LGJ7VMT_uS!jD`cG^vgMW-?yZ%OR16M~@yTCDx
zJ_YQioPgk|)oA^6QXJp-L5@M#fI9<_4uM%Cs_Q!JVPU!4b7p&sYgTlaCw&e?9>Mr5
zZjJUVZ+`?&`fX@=kQ&YwqxcO1J8#K77x@w%1d01=dZ;{otUR!>;J8u_FgNySd(I5h
zVkJH#Sk63M>wv_{Ixon9Ct(eMX@+y*8eqCvouUMXc8v`NrF|9bgr0&2y$cUi^&AkQ
z=ORvY&Yps0g$~bQZQN%%cmk(Yfn83hxTC>HvZAgInjq#CmwwRDQPD!&1>N2NW<g*m
zhXuPn08j-AAr5br0e-_*Iegv?bh~Jvo8|Ri^6IfSUcB{QG0Ci?UR8YtiH07_8dV68
zgmchZYQ_jtxco(T;)no^;YST(D`T)38kz-<36^EojRpeFD%NW3dC9?<;K?=Ar<8}N
zDjbtTl0s~LT!*a`6YJ7pJ;(y|Loe503a*yG%@R9zZ!m16S$=I;4En-^zTf(;Khduf
z%_aRf1k$E4hV3oat7D)9VYjnIH-E$+Ea07ax#+e^bfb)pj^i9Hpp#UBWAxB2#srAf
z0t9r#bAXOO(A$E*U%dS+@hnHj0z+<wglrUDDwt#g*)aJsEDA8Gh;br3b6_%siJ}C&
z_#$qE1HMJj<lt;u`-m8aw}IXYe+sw>#3sl+SM<ZveTcDEA&&?n5};H9qX_@QZXBnB
zbv3|ggMdZkgGa|s&j@XfAhl}3FdME3+uh)i2**OW{LGs0nV>;Dl@kMjcY^r|kTip7
zL9nZFZ5#IXJdv#im0~TGgG+00dW$!DgFId0u>sAz<a$z{&U*>bj#G5tzD7KtW3YKg
zBaw$+?Ke?inPSG`v0=ZB<67SGDs0z|3+HZKw7G+aXE=r%Ow`uPaMpf#Wa_qF0R^#F
zvNl68^vJC(vC<{@+*Z8!&a`zY7RDkqm>?5OYM3Y!{twAB!T;WdAW0`ki8=~FWr*>f
z#IuiJeZ1vo@aGLfd=vuakY`8>AY@l!CKm>C!0n<q0VddmkS}P59K`!!WvxPf101bz
z974>z=Sz=Z;snH)AsPcZkM8hh)Gs`ghq-9tc(pX{KQhi}j2$=inXQ(C6BX%v(ACn8
zYaAhhLkpb2Cs4^?X`}7e1njl8!juhdT;{wj{@<$Uun`-ghsbvc3gCO2Rq(fisr#G&
zeLoIS*N-(!;1JG4-mV^Z7yd)Ap@0p>w(%<`f(n?Epi=1C*=?ig5W_C{vtF>l3S|(D
zj9}uVv?DmT4H_tTL6=i38`av;Y09PxI^1~AW#d<lUncMhHOe0o7uhPD#EXNM3){xR
zt+`okfKS`r6?3^l_O9cUF<ABa+{jO7U9OdDh8B)*U50b<<#_SA&}bCAl}s>cDJ))l
z&cuy1=GOW(I7!tt+}!t3E(FHuuLT%z+{h`!p)b^btM3&BxwpoEF=)UknKuBF6CXys
z2Nd;G=fGZ<teyBlH=crf@uUUL)9?}xY9WviOPQ&`!Aq<Lvq2z<HauEpjA(7a9Gf6T
zp>251nee(Es(bOnc$}Hr2gYQPHUR!{A!ZDCozty?<gPd~{9G)BtSe6;1ql=+%0fS>
z!%NDFYU3E^2YHEkS6-Ks`ZyA>W?}-6ck2A1HYrdx35277nn<2lBt^?pJ<D$!0JfU2
zKaVFqMU$skx1^kjHYk)+(^f~BD6F~u<G#$}dPYe^Z3<3vZoFF!6KC4Q>Sv;Okt~Zg
zK$s)eW*smWP>xL-EI)4A_B<vMwJ|4>@CBi~n3~}t0TGBW6|qg7IG?Spl2fc8rWn=N
zFwLh89n2AH>l)@tJ=7>z+hNkfwSTog@9{PbqG32^p50z)z-tC@H1A^LS?!G`o*ckJ
z3~j-S7$G!x&jPCblwf#Q0y6=faSlpD!^SpPk<}Yo{bc0uF${;b_AK$%w>`!FMW^xM
z0K8MR<CdV>ShwezhPTe&#o(b3EEOD@hphY2SUp6~AokjXlmI3H{3gs@aq%pPov78k
zF4JNK2av!k$lQl%K|7k)f$DM|Hkx>t5Bt0a;pGH4@<*4HeTH1%GtA7)j59SDx|)D_
zU;=tN6L7qVPlP!Ruxxq5^{HY6#(4n@^1jDS-JK#B=>FjI*gN+8DoXMdfn)11t%I<*
z(QYL_i#f~42n-=PjY7P3$beLI*fv3o38E+72J+59wwO$b3G`Lm5|n_{wb9e+Ac@6~
z1R6`NdtuO~w=xJSg9zYUj`mrQF^(tX`QV7W;SGRe%CB>P=30lBo^i(R?ce>*vmd|W
z?XR$=!_v0j`JVNruyo~zU$ADw(p6jTvZ`U}>KmW8^ssczd6!sk2unBK=UQf1+WzdM
zWrU?2`@V0zB`oc<ud`kkmUh4E4(m`@x~2NN)?Hy~@4wAhcZa3@eP6QPEJ{B-({jSn
zfoK2DIvJK;`|X3)y<zEKdD6NqEFBuY#d@nK{mT>9>%-D*?>DRyVd-_d{@AL8rQ5eX
zVim*E9evMRcZ8+a|LLz<R#-an#XGG=Si0w}XIXP$NqhPqtoy@KamzvLm?(YagVudv
zsq!1&wvL3Q>Ywbgj)$ejz3;LPhNa_A{+Z>5rP;^6YE{D0i8oJMcZQ`mT=G8as3?7X
z&MJhZHy<ciQ(@^Xw{EjuD@vcAvPxm;ZI^!2x?Pk${W7Z_mfk*gjdg2SdgzneEjui=
zUidRh3rmk&xW&3hl)N8XZxp3}InSC2OTT>cm#utQdi22St#VlUK;tTSa|w>=@o=MB
zr0n&3y%oMEjG5)|Is&J3z{~?P{8F5hA8x(9br7n}D!sJ=$p}vXMC)U4p@x-kOrmQL
zYAVlYb583$&=pr<bPfEjABC>)iWI}gX9y=;ABK1r=hSpq-gch2*guM(Xw${l<}SXK
z_I9~#7hjsYI51+Y=UEJE(Nz{T+b)KgQ<ysjFk9XqpST$9zGC8*laA)$ffM1A@cIxQ
zWFs(tQikSjC!t8Q4#pkm6&4%?rcdlwfru|ArehUt=w`<RkT^z!V*#dqfDP$Vv*<qP
zb$n1f5x!bihV3)8`8W~X0;!APuzmb0AhF?ieKcXx;y`niw+g0K481tuhk<JV5jN_9
zFPQLaiGy`*#&<4YgECMw-~~fC=7RmO^(7L}VIUP1V6Dg^h4m+Qm|hckdyAl0FJRY>
zJ-j~7vTIq-L!U-L^M)ePN0jzb6QW#4V9QQ1c?wBF?1K{TpmqSVL`0zg=>&8Na0FgH
z>4#TKunBT52sF*d)|cUbrj4+IFvTB04UqG7xOx4zgC79ds-V3Q%)?sikD-(GL%0B@
z*0<n}v;Mc?4gkKxx9{@pdwlyo-5S;p;2z+CD?tJtu(1Tm$FcD17>AbtMiv}!{Yk)K
zDY~CAK2Qyh|DPGh#}zMO{1s70K88oEh4C3!mW>~{<|g2?oHtZ4O#C{=VM9h7aHUVc
z0j6E?R!0nzSPSFx3mNf2Un2pZkqAEY0!a)fsg?1%A|qbt^(5fc=WkbI=meFF#f=%U
zKyNDni>0{ZiJ?F>JpTTS<D-9<G(Lt};^SitkAHW@@zJA97=Jm(jA9u0b&P|R5eM{R
z6L8=+>|!Wz6=N`)5d-v{6EIkcai<spRKw#xka2wU))U5G&YScY27Vpm(8`Dd?hz7j
zSVnP@7z$j)7(AX41KgJ+Vu0a|HVm+eG5ADA3~(=$fWg2{JU&DJIfjL(W=x*Vhzah)
z5-?c;udl^$zzQDy#f+olzAs_)fiUP3!$DLtCV!R@6WntqV6vQp$}u$jI>zDeGU9+c
z-2@yU`@I+!2G#KR|1abCxVKIie;EZoV=Uk*#$eg<Y<?B)=MymK^W)nw9D+*5Vl*Qb
z7)MCJqCYryh@lbIG9I~%cwhu00gq)AGmjy`RgA%SMhq}&l86BYtJ^TZD#qYd88N^}
zO#%k^;u}S|V@QOxjK?h*@xT~S0v-clBs+$PsAf#=$cPEXrxGw(M#m8`EVzm>n97I&
z#>5gZ=<}lhF&u(Q#=^~r1;*kMuoz-2<gG@ufw6f@Mr<$^n1D^6e}og~iC@WBJd_a&
zj6o(~u@nz$V<=D!kN<&;<73n_X?#5IijR*qJpPjz$HzEp!uZSR5HN-SS1|@($cO>P
zb`vldLJa(uyJL7n8yK6fX2b?#%SqT!B<?VM0wa!1q=B*d(~Q_)Y&!v)OD5@bDtFw;
z?RxFxe!SlVFOTK+Lu4*@GrXHhIhuT07sFQNL8j)fGg5=G`2=cKlMg?aI~0DkB!;ux
z%$WUiM$GV>AOW+X-QkyF;>H+lU~JCl%jVPJIYk0CBNYGb#wMwi@miG;FFY|xz-#zs
z{8SGndE)7COm^`m#^}6^7~!c+0!DqrskR9`sAMcI$%qA>7A0UY(*C)K7;B_f#_O7l
zc;UHK0$zi@C)mDej?^<QyE5W}r)CMbTu9UBBpgVA?!b%Zx$X4jG(7Df+l#AHVsFO#
za7MiGd@lj-=mZcGYqWu}DP+V3&leN0iJMsrpLi2vRLh7Fo^j4EMsLiB5uURqV6>dR
z(HGYzzmB=$WyAqbcN1{f<e!A)cH;M$9DF&^|LDtM@nw~m_<DMR@qaWM{_rW6vJJ`c
z_#(47%%l@UKIFp_I!d^(@SKd2Ei62-qC^V|&x$C?!om|9O0cl-tb~#)EIgf{#0m>f
z2q>w-!dN{eR9F}_r(_BXW7m{OVPOoJk|->U=28NMg)vo1p0F^sNr@8{#uzDS!onCI
zB}`ZtZ=+-h3*%jsC}CmLiIOBNjQ>!AgoSY!N{+BF7D9;;7Dgi|DZ;|203}3NxI3q0
z2n+Yeln7zr{*;m+EZiqj0)&NoHA;T4aGykp4;JoKDCxn%T>~XNSm?h~vV(<wG$lG%
z=)+QygN6PhB{*2<dr@+Og}x3YHdyFqP*Q`1D?24LSh%86GJ}Py8YMDVxQ<W~gN3s=
zB`{bxFH-V?g>w=mE?77hP||{hHb@Bz7Fq%&23Vw1@EHmGv}%xx!)Meh3Jv&>BEM%E
zo@}?B{?cLgAijy3hc`7VUAn<nXgDPo5~utF^EJU+tZ<I4P1m)W(dAjjWiZTl>eh|U
zp*x<HN3G5JCaN<XM?VWJP&*37v<!YP0+ONn0Ha3TY;i)s5Wky3=jO&%|J?c+WHOEQ
zdF8Qu5T6Y}d@3!7-w8oHl@`R4^dQd>AA|opCIWo2OT%XCb6r}j-|g1WJ*mL@KcN7B
z1W(V005RVT(kJLG!EOTl8|ASi0sa+%u)6Z^X=sP!3;vFEH!bfycS2-{5Pkiy8qq72
zM_QZrCugHS09lEuImQpP;1j@p;u2=_&}V9_)%{=uqj1q7RY{xW@0Re}Dg8x_zy7h`
zTZUf<g$%_$_@*hOOM!i@^db2bO>cl--h)iUJs>V##PC&q=sN`2HiAB%^Gje%_;5CT
zWewitQ2fGf+ZWO(iJ3kQyA0oWXzf|XhW)d&dVwazAXqPS^|Tma*ng1)3&<d*%$lx>
zIq!zuAxp>lm(Z+V4RV_gvqqwl%=%j8u_Uv;nm}|n>u%gjJ1Y)t7jKzHS2i!&z?yZp
zGIgC-IEj<qicOJhGoK}5wR^qtxDr=imllLDibH8Z2-9TQW-`qyvtR+HNeO2QXPQ#-
znsp}n(&WUvPnnd?>VzaE8RmPH$C6a&Jp^J=8s?{!sq2xG35NMQ%Hv90eJU*oVVECH
z3qlws%Qll?dRedl!=y~ig)_`p?q+n}w?;w({Rd@|I;$0umSmuRuRNBdN`Ffr7Nvm>
z!^aWl!v~Q#nP8xU%Hv90?Mn+n80gZpAcTRkY%>|?U#HbD!~zVIQj-_XKs%&4Tjz(S
zxl@^?olO&oN;1vYD32v6(G3J*QJQ8+nYtc1nP8fl^0*RL?@0?nnC4w+K?u`i*=91$
zS7pHhOp`M97tS<eIsUP=b8Bdzzp6}9XSG7ok__}w<*_7HdW1kMN&|gHnYtc1nP8xw
zR~}d5>eFdK2m}38S`flOS+<!Bw3P)5Fi?7hW#J4|df_Ezq^}H(^xu@p>a1EwUXqdi
zv+`JyI{kz|EJ`C?H#k2IuEfa%BVD6BuEf<<X+a1hU6B@qFjAInCL?_*t%msyF1^pS
za7G%u1{Sl;-JxynQ|4)B+eE68Z1Wc7u_P_pO&}JfZI+d(>yeWQwrMJlD{*xyEeK(o
z#k3%VZL(}L+2&*xEMNhpw;UJFHl;Tvt=mGw{E#v!oz)3RN;1sHmB*4)=+_9uqBP9s
zm8t8IlL?0TCFOA?u0ER<gfPr6rUfAklVzL9Fdxf;1sEp1{=0yN+5RfARSXUDr^=*s
zRwpDW$uR#@c`QkV{+&Q9O2a&FXnwp|iIWM2xlwssiK`pZf)IweHZ2HYm@L~&hWW2)
zHO%*B>Am=cGt3U}*jvX!)4WZYrJYR^iAplfgUVw`N_2ogEK1XKm8t8IlL@AIOnF?1
ztJSn1glQg43qqJC%Qll~?#+S)teNz=h=nsv`O_2Dn?lR{m@+M$^$BT8vdkxx$C7mD
z!vtbcTIP$&)b+^81k3!I^0*RLUq}l=Smu}0f)JL;vdv_fAIyRUSSEc&W#KGS`Xr0>
zuFx=-ub3Yn3`t5d%q7ZWNh<U+;{2jC%wJHZuCrlEoJ=sxi<HNexOzca5W+CeO$$O8
zCd)RHVg6S}!=&#EEu3L?_*Rki-$T<pqRi6H3WY=^ndY6!V@XPMJAqh~ruhbC>U!j4
zf@#hvk1KKYcv=v`G@Y~{glV#DGnwY$ELgyrNuS+XIMb9r;br}HXqlf;rlqq!Ax%k^
z`AOxmBpv!VfmoE5`6tTM^~lKt%lww|xDr?YC@lzKncqkYLRcotHj`yOnFR~5O!^$%
zLRx0~r|qoIhL*W<cz)bjq$$ZVhm^;Xbf}*|EK19~RGGTYmML*E!7{ffk1KKY<!M0(
z%iNR}gs@DOZ6?cHmIVv2O!`dY!da&Hwqq>W;47hZ>dN$V)+wYb$vO+lV@Z0HClKAO
zb19@ccYLQd&Fh{-Q~Y($_>b`LH?r{!&-f1v;diUCw)@Y*U~3!}f7@ApD)N0}f_dtn
zzrp7_{%j65#F4~L1Ix8|%7(RZ<oGkXSRenz7W$DR83=xFRtCafft7*KmsvYh<C=oi
z($6_zW&8(U!Vh|4Qyg{v!Y0<o$;Yo=Vr`rt`W7Wt$C>DVAQBts*Q?+aS^AJ__*+pj
zB>IYChid$ep$sSZ-XONbNejOKD8r&p@?muxS^q^{Y>59@Rpirk@>Bjt<FFylDEzpa
zT#FxA!`e9e=tF2&9UnOIb+XQ{Hop_h+Vb%7ZoE8%m-phOg_rl^<(KjDC|(}J%LnlC
z>v(w_FCWCqZ{g)5czFUZPvYe%ynF&LpTx_j@$xiYK8Ket;N=;-Jd2m#$IEkgc^)q>
z;N`1$`8r-+gv-z4)obfQnAE&U#n-N5KZq2*bZuP(u!2{vPXIw`@8<aPu~<=gKF+kF
z-kk*tSW)S7!wa{fwtu?V`gXXM{+lu-o!3&NC}}PIXXUY^we%+hqWfC<b9~==-AYx>
z?2(fRp6(juaV4&<N((}Gx+~Ix5O&G3&19D^rPVOR0_>7L#JzBKDZbtv^K}0*w9b9X
zT<xq=NLP||-l9B~q({36#G<s$vNCl&ax%d>P33VVu1=)|A*{2Q7KE@)mTe~MoXmm+
zSSNj)e&MXM!-wvzpM<9QA!TAZD-;ryWSWmFk0mM5uMvnvX`0U~Q`aLW6HN0<%Hv90
zeKsu!VVYk|3qqJC%Qll~K9&UwFirZ+hJ`at>GvP3pN59{Q)N;*s}quxWSIY{JeH(F
z|4twlrD2}8YJNOgiIWM2xlwssiK`pZf)IweHZ2HYm@L~&hWW2)HO%*DYoNvI%9Z-7
zeew^ZSS#?;mh=gs+mt!l*)ox)B+ERgJeH(G2MB~Z^A_OSUam5AJ#sR^GLI>bD{-}&
z7KE_OqiI11%VgPRvdq0%uz)3#e&lE2mdxO{fnqz&jiGIROqrU_8iiCP+2#|<V@X={
zVFIxzZSzHC>U!j4f^B|Hd0dIBFQf$_Z1c-$K?vJq*=DlM4`#svY?FTaYT;}%{K2f4
zalRrn&gCQX<A@<yNyfQEc`Qkden#A1l*aiB%G7l>PKlEV#(9zQxDr<{NDD$3=ecP?
z2;*egW-`wI%4nSQdvFV9obqqWS-%)s<`HF%cGf4PDakVLR31yxq1y?>qO{C6C{x!X
zClf4lPI+93tH;xV5SHnr1tBbxWt+(|4`;ywmQDJd#D%oX_TOBzc7&Gs8D&~J>l4zH
zWSO5-9!t`pj}wSRX_<ebOkIzhOt8#vDUU00^^ekm5SICkv>=3KvTQS1=95{l0L!G`
z4_!FR41aYr=Fq-2G|rW)=f|N%vXYE*NO>$tjrs}1qBPD+m8t7&oDwG!jB|_fxDr=i
zo)&~K&P{1S2;*egW-`uYS+D@(q#xB?IO7z*#2d5Dd}y7zGCiGj3h7F+&Vuq-k{;y=
z#G<s$w<%NCBPSEA^M2)VC9b|PEeK(qC(?ot*2%KXWSw_s!2+z4erS5(tW*BcYO4}j
z=I<)g(pjI7rX<V!g7R3B4t<tDEK1A#b7ks!<Ya<neouK^iK~B_7KE_OZ>I$zER$uM
z$ud8k1q-lD`T_QZv&`Vvq++Y)iO@FJubCg87O6_I%~9pCBrO^t5R1|_uT-Y4vu#S8
zOt8(%mB*F1I-VAUu+6P$K?vJq*=DlM;Vf8yZ5{zFR#&dnc?Uz0_e5g$*$nNoqD)a|
ztwPF@?9);nOVXri0-?^r1;{?|l&R~HlL_|OR32C2>H}#(2>X0%S`flMS+<$%vy=r3
zu+QTQYoC4ot6DMJd?d8ZuP9T~S)-7uB-?yWc`Qkbevd#bO56NvW$Jq5WP)w}rSiBE
zSAUomgs{!;rv)KwlVzL9HlN9Y1=!}ng|*G4__k!sFh3L;=J})Z<J2NaNrrij@>r4z
zokbuPrD48GnYzw~DRDBvFkh)WuEf==(t;3%xh*XSVVEr2Ooq8G3l?CQ?gASozOWoK
z%uj`e*-$2>vpOM3NrqWh9!pXon?Ni|!)z&2*CQtr4D*+i$CbGH?zA9;Vg9$YAcSGE
zY%>{VISUqGn3aV!%w_b=fS6@|DYVQ#RHmh~J|Rs>micw%u_PV(0|K!qE%PO1>U!j4
zf@S_ld0dIBf0Gu3u*|<o3qn{X%Qll`KA!~(u*^Fb)-s18pY4d*=Ql(9eA(LhacPmV
zB>TKrc`QkjE+i0((mp4Zsq1W?5+@VvbG!1m5?8NJ3qsiEb!kBe`()W>vd{CfU;*}d
zbb;-2QggN3;klaLw&namXrCvQDeA0MNLiA7-lsg4q)9UbVgc>*pgyJ7^=h$=gWgc2
zf#0`#OqseKISKYz7g+c#c?LeA!Q=jl^0*RL-=7wQu+N9nf)Mt}vdv_lZWb)SJ_`$L
zpO;M970s;Xjyt(subteF_nU0T&F$AJdhX^*t*lqzJ7St^+ST~Z^v9w7en*+&&RU0*
zC)w}+P##Otv~LoKuJ*gx>h?*Y)Mr(rJM2ouuI487DYFWnWV7L;c2Qr&>(qfQ>tB`W
z?UA?M+D%2mYOEB&O0w*KQXXI8_dllPciMxkWvIw;26Gj&bp5*daR()J^_Fj%I##N-
zBqok3k0>#5BrOOrJq{CyuG*cJ+XFaVRAIJ=b6iw2*I%hjK(C5CxXB1GkT`#p@~9H$
zx1|Mf+Bx6HQ+J&2K_zqjh%)lMa=m|3i53o7+wW8!Q{wsUX+gB}JjF^boB^J=Qh*Rx
z{Fvvyd0$c1@0`_eZFX|@RBn5vU`{tocP_38UHY(Myi1wGy(-3rO}dZUm_0S7g}6z!
z`A%gNBt3Ztf#|xFcb)4}ujE6o(TYd$6S37&oY~O^=I~R><n_wo6`KkI3yG~CRUTJj
z>qkz_*3;l24IL`#RjqE?xy#%58fjp@ep8vg-udeISd3jRPirqKk1O%@Yp3RGS9MLh
zG@m1wm%FuY7r>X#?W$`PvpOB;@~Jv9*Z;3F^}TZa+)aY(WAKGx#ByxP$5PVne^ACl
zlEUAo1tF&OzfB85EH11InHHB92#c;-lYWv5)#i%0ng}bsqQz>FTYtKI=@mjPu8@uK
zeC2T^H8_VrsIMK_jq!?JjZyB%T;HxteF|f|BH0+PSH?q<!gXmu2xGh^EeK(ZtPAsC
zj440}EO^;X0YdQNL)j-L_Ng*qak{+TRi}tYdF_pCDothO=+#t4HktA0n6y?spggu@
z9&aTOT_>s2;E8RB^Eh{);g-#6+vdJoC+7JR%5?Y2^RwD`K4$yaNxc8CG7b{&KbV&H
zX;+AZxYak5N$QoY%Ql&%4j%7Ul?Rk~_?5IE#FX|Ni=o>VIxVwBd@2@+71gZEKT#$?
zh3OqUo0pUal$idbv>;A9(}UntjO9TkGkooa)8$d3mT!|?$<@jON(^6_7Q|_1_yujV
z`7Tp0mvTYy=-Rk@pVXNJbhR?Ey;{Tt?X&w7VmlUulVs6dsf>ywy35moXct`yhe>#T
zyws!sA+Y$3(=$z;)uup!>clmtYcE!r>F!K^-#LXd=<i6&`YxRR!R>o|`##-z)t$53
zb*H=5l)7Wn1qn%Ow6q}F<&{F@LTlJLOaVe*!Jc{w5CRK6PE7$qVDVzwLq@~`j?AY(
zRl54f^B*5sy%T>}Yc6-ltv8BpqaJsTt^WuQ#-CJHlg{dn^d%jP|F-g2l2-o~f#}M}
z?wgIYKG>+w$nNLj9Xjxo@(pEjdt@z~i$lHxi1*az;$KxBUt;%H(t;3%^BhZTzJ230
zKHGQBx_Z@-(-k_jvs8YfOj55>84aYO3!Hq8iZrB`l!upu@}smM7ECDHUAJx)8g6?w
zSRj;0I}2s)S@YvjOS6y{3Plq*NkUnzJiH{7m1#k=3nj%WB^ElK9#eo2So~&M?eZ78
z*DmZrH?+H9mUImN#PgM`{xI`zud--5TRc*hw8Y)4JeH(My9h+rCC-}HUuGqm;=jy#
zA^zYYoYnhWo#3S=?}VNN{w(DMZJk^V&cxdKY;5aOf-Kv-OIfxEVoQ57<!a>ZdOpaN
z!T%{+sq=4L9s@>M4qh5~nSsmC?^h*vrTA6J2$MViu4Dm7%J{pItWB9_gdJJ10N1y)
zurtEQVbsNLp6~i_TKIKkvN}%-NM6#k@T<yWNz=lk1fuJ-F#n$K8s=kH$G1Z}FXq3e
zOl*&gg~goanNz#H&nOQs@%r;=L5OAaX%^RfyS<%%hTId?EP}sMCZJal46>7J!gA}g
zP58Edp**U@`5&YO(a!l4GoEmx*w#{j5Li5tmJr{Kx;@pTnRb^ud~?;U+a(AUNICSI
z!U^-dvsG84&Ps)(B~6$cmB*4)X+v5NLWpbAg7Ae{PbI|ENilsiW4HOimxuD(txQd4
z`5{$F@|#p1OOoGq0?~EBn_oYeXo~y6^!xO*-Z&Hfugb%uho0*>=(+kWRo$Jj>qqmB
z?qC!G+I4T(tQN}+d}jf&Ut337o2@d?VpZYt^K(#NlfpsuY3%Hr9!V==G0(DyGtINt
zXTbuT(_0tTL`T~7C3?(g-4NR9Bg$lTwpAoA$yQs+V@bC9O9Z03t<JX_G!%&-MLFn2
z8`u?kTA8{YIhpW2@TZi=mALwev>?O^_OY}egpsmrGa2c-vtR*6YA>vj4vOhMs$AB-
z&^&*lOi*W~Lc)^F^Cji6Bt`lWfmoF0xoYG5IF%A76U=jk^0*RL2hxHN=D9pA2w|Qq
z+f3&9H)%D@cXPFcHO~v_b^S?`HY-|vF1Nkm8g?Dt7|2mDICk!D-4z<`Ze?b7Hd-V%
z$!I5)$CA`*JAvqGw5KiL18-{;?JAtAx$&KZ=LdYE?YzWJDHGcxW5a+CyrmW5<TFZy
z9g51sOT4}}EeK)CM_63*?&*m5TTHLLp-2OZ;hoAv^eToGn{YG3uZ7EDpLZyaEAjtr
zX+iYN|J0l6!OkfZUZkGc|CBNfy|RC3lQ?{lwEv^Z!%E!$2!ZH2({#;FNgHh%Ipk{9
zl2$L7_sJh^@T68|?>Cj{?3KN%fxU5jBqqP8Jh;T<ucZYcRQ!dsAcVKTqR!+kBusRv
z4Q=>9eOjw_REc;K>%-5KnbE60tlVTrF_Dzvzm!Lol;J-J#KKwJ@WGwiC-?2l?V^ZO
zbW`KSo0zw`bLPh>mpmnJC48etD^>I{j*UsYJzsfbiMQvZ1tARWth6A6p|OPL!O&8G
z5LmDenF561#r0{m-QOJCv#^_kuK6HlxDU{krQ3PtK+2N#0R`o;Bz?{ki0*U6yyk-t
zO_4Y_q-m5&(QFVc*lXn}oud@&!tg-wftDu4zO8ox`kFUT(Pm3}%{5xL{0#oQ{-Rc+
zv!?ytvgxv2Xf?e)!z`8bYU@F7r5``{E1KRwwNWX+_r*%BJ-~6ue1y2VT`kW+-=VrT
z16!3kj(;TZO_%gTxcx%7csmuN-f?0(2fk0Fm8q~xmT4xtygLgP5L0_&D!WYU@}1&<
zaV9j(Pbrhs*)Wl`B*XlK@>r5#ek?5rF}XgG7KA^!&MX!ozC9G;50y#kEJP$NNr>N9
z9!nD9|4a))2=O~<LHI(<pGt`HALdzp;LxF+`(nWa>)}v*gXhkV>xV=oiLXz2EJ=Jz
z(}ED<JA**X`zCk!Zd+^n2@B7!V<&s7GU}ZTMdGyAw`rQj_PHe@Wt)|Ulo<Z9v>;A9
z!`Hy)V=TSscFFwnI<&JO4k(k<s~|=<!ATP0G<J#r&R*r=C86A$7Q|^6%K9CRI(!!v
zg`&9)=i1!%a?Q|UlaJS>4-3apCaqWDtlv~*+(0;p+n7eENk&ss#z2x!B`t{4E}wP2
z(Kxx=96Ugg*9Nb17naT=%7pbU9p7}Eu?Au`W;>2v2^@SerL~kXkfifVX+fNJ=?or(
zeNLk;eN{P9&vN*pG6}uPVF&^?0S=OBd`@{-iTR&N3*xjhzmJa<<8xI|$!z~$%E<T1
z_Wn)0(Uukd&y~lNc>cY#AbRF`>LBoFuwLNjh)vhk>uraSojR~EmY#Q-JXib-vA<H_
z=ZJl*Bx5*3d3;GQKPAC*4fSlE-<(Hs93!!w&HKFph<{MfgYq2Lc8G>_NpQRbh_^0<
z%PA5Zy*2TJdkopkYxIYLK|x^2x&q~4{Qx&tA|7<LVmzoV0<@D=?OYP|X_v+z=9vm{
zP(o_^J3}O>QS3<XX#r0oPppn4ss?a6rKjG6(z^vOd-1X#E~k`Z@U3wC*@S&IyeM`$
z<#-sdX_upQ9pZTrMELd`SU8dF_XbN5iF62dnt;|Rf}P&FN!^9*03-_M$QDjJ^XyYI
z@2-Vp-a2>%7d{F*F=JLs_KeWe4t#uD0w33IKYaM*JN7UW5BV<AX`D;md1^M6qHIhN
z)fItZUI9{oXkVIBfbhdn<x_>Dx`s(oulSp8XLZQ!JdP<xIoHnl!ab}PjjDO90n0@6
z#M1hWFj(~zilv}g-vX3RLYn=z;SS$N`3~Q{%eNlB)q*4^1*<-)JeIV)e}q7sVtJqM
z<e|0jWgNTi;>K>TS*XLui`#hVb?m{~{D;Z}cXn<i=6dV!LpY4rSUJSYXP4O8eO(y=
ziQ|8e7KAXT=UHg;Et*&E)?E^euk4`vdc9UR9X$stgs=CxDZ8Ev?4wrJTqsv!#^7au
z!(#p?Wft`+=4&@iGmT>~@sAacjtLsa1dU@r)0n>`jD<8x%J7fMXiCcP<Fp`7yE04!
z%0S_lVE)4c)||ih&Q;LOLPN&HiMR?VKh1()fBtEjJiW_8!BfyC5I@p0=F>A4&_jtJ
z@-BB&897PZBWXdLc5&zSX|)>4Qmk;e?9l?4+iOq9*E=t{I}7xc$^`dn$ro*^Fvd~4
zb?q@7m+Y}JVk{Z#Rm#{%65N&+#A%n{#)#zp_nRNS-k06YlWn3qJJN4#EZU7lc0`%N
zUPZQkQ)G%|IhmynV!Bfq14&G`rv-7^#kAqD2Ai#-lRK4+)(4$B3Fv-h+Ikfbe#?N6
z^R1|(bl#{uyd<3yX+fNJ>0G_NnzL)@2sR+Kd=95T@C)nqalP{j$Wzco7sXe<)KJ(0
zKcvi_UIl#BCapRap>GT(OrO5aD<ab;&!mqlqbMoCucZait^_H!mCS42|D*sRu=r3~
zAC5P-4R6G?i+M;V%fre=+acUH9)|tjo-?g!zP$-=ORQPGRr#j#?G1c0`DXC#Eqr?&
z-wyHZF23E(w>R_6;oC{R-HW#~t=qWtR=&NSZzuRx<6Dt$cks>PTZ3<Ne7m1-$M|+1
z-;VI@INuKP&E*^ZlsAxxzjF&W{9#hK;Sa{`8KtjP?pbEx*P#GG{KCzir51j-0ZRC)
zJlycjVt4@GyMr5M`tIqsFnti(FaZm0n8E`$j5F^Uuy7x^XQ1J&LJ2r}k#qW-*2xxE
zO_|e?s@2fTt?PQ;&jrMOn@K|WKK*J;@Ee7TZXpw~>Yc+-<>BSsczFmf@5M_CFYm|8
zFXQD=ygY`N58&n3@$xucK8Tm!!pleS@&sO<#LH87`2=1*iI-2~<!QWp4liH8%QJX+
z7B9b#m*?>EJYHVF%UAL8b-cU?7oFIOD0ljR6|ol^#U}%Zs}R<pOiJP=wucdSt3&kG
z!a$^jQ8c~bt)^V-yldy{dZA&KOT<cK;d=lMD*Z#mOHo2zVhMTs5HVGhkh`LUY!)Tt
zw<sawMF}M!N+=3ZLYasX3P+SsN}`0~5+#(ID4_sF2_-2?C{j^E*@_YhS(H%PqJ&}>
zC6vD?p(2P9YJ@1EYKRi*h$x}5h!SdzD53g@66%pCp+bogYL+OWiir~Hnkb>ti4rOu
zme95zqR*#^5`ITbl<<RUqJ;X0B{cts=vx+|gqn#ZH2;T4GqHqr{}3Gti4y9nDB+QV
zDB;<IDB&T5D4{-!5-N6BYIrL#gBbLiCJd+bo|d;JNEnXQ4)M<c;yx5jz&o=@w|={T
zIXXDQSliEpN$QM-H&`^Z>a_0YE_d;Z(Jli;)Bnv`faO03&-s-!udNJ9V0lwm)9{uS
zYc&G7qHf!6-kGZu>~hO`5P0SF9pci%tu6OsA6hlx&;dThS9K5657gk>Bdc5;e$qp8
z^;<Rg{V4}(hJ%{zb=ZgP_g0kjVi_9!^y>bSU8JAB-0zK;&Otre+VlqVMFVC8NYR1p
zX>Vm-tJ>8aq6YGWF^U>t%yNj<>a&C$^U4cP5D{ZsNnxtONd<1WlEMvFQn=wt3O8Iy
z;f5<I+;Am@8?K~q!<7_nxRSyRS5mm)N(whzN#TYoDco=+g&VG<aN|XQR#GV8N(whz
zN#TYoDco=+g&VG<aKn`pZn%=d4OddQ;YtcOTuI@ED=FM?C50QVq;SKP6mGbZ!VOna
zxZz3)H(W{KhAS!Da3zHsevuSzXl-!Al@xBclEMv532wNO!VOnaxZz3)H#8-<;YtcO
zTuI@E76mt4Ng>z0;VrRvS<GF4GV=N%sM5es&YTpAysV-@(mjgC@3hj;oV<RlLHfau
zqtKcpvnGkGNfK+4z?vklCW)&_(rS{hnk1_xiK<DGYLcLuB&Q~csYz05l8~Atqb7-{
zNfK(3fSM$qCW)s>(rJ=#nk1VhiKa=CX_8=?B$p<MrAbn0l2Do?lO~CzNfK$2K$;|v
zCW)g-(rA(}nk0)RiK0o8Xp$hBB!?!6p-EC`k`S6CgC>cfNfKx_g4x1)6U-Wd#nv2&
zBWU%O)*YHfd<lqp$EBs%TLGJ%X`9}MAldnn>MLsn9a2aEvNtfTSK0EccL8)`tGCjr
z8D@2MylfXWhzNRX@`vkM)q$x2P8T7oYj&>nFi8E~(Ayiym$m!m@~+=OhZbX<*AFoD
zx(0{0%Wo#5c3bzitoI`Lb=Jdhvs!R@2b?e$-qC_LIP4N*0Qk;f{Ekb;R_h_?wmJHs
zH@uHDG1mp|V-dK0j;_^<M$38}DmwyOafo{4Zq=ssmW1PP3Rn$1!-4lgLbegFe1<*H
zvL1!5?Z`tl4(yNq0PMbkB>>(_Y3RiK<wdP%;J;oUOr{VD!+*!CwyPIx`=~R~cCJ}+
z@_x81FJdsTDmest_YI%_75sY??6=RX08NkuvBDQ-!!<!1tMN5GoU?C(<1hTq0muth
zg!i-xUVo{~Z_ZhtLt<7=+B4O%t(EWzhr4;B@GXRCv#OQz1U}!Wn~3lrt`qdu4whEH
zij=2!>Ss|oy$$*-eY2{RuNLz9tX|C5VB(;~^lYtMwr6zF;xwkF%vl%@)?mXhrXKQ!
z3ueL9XY<S`?;Iuv!NYf;$GLIbZ(P2ExEU;R-T*W+O@PKo9!h1?o~~=4-Y|sq1WZoW
zXW{bp)<F<J9+p(S#MRyk8y4vC+8o|m-q3-1311RA1ciqoNC4eez%~!|dPVp#RHU*|
f@P?4A0MALqY>+&;&lBTTqc#V}H9nX|Vf_CCCi+M`

literal 92082
zcmdUYd!QUueK2|4XC6221Q1w~f`M@NMo>UdNXShBh9sB-0U<22yL0c%WOrvXGn?EC
zMo|i8+fh)~+G^kJXR9rWTHjTas`x@td|R#B_R~JBsQqdmU-kPvX6DReZ)VTT&F%f}
zAA9bcbLMw`&vSm~cYZT-@8UO{amIo(@XuXkH#NO6Ra6_tbjxhi)rQk?S6tW9Yt@~h
zs)suly|Qznv)NswG@G4$?r_ztIF_nbb*tlEJ9e|JTJ~6Fx_p^+T(PQKC&$LkN(+J6
zW4m?d`c`>t|G|Sh_m07B_E@Qm;Kzy{47=m@+g61@73Dy|ofWe&p-*<)Wga2^b^i`-
z2rwTqkExcWS5=z`8LTOd$(Ayy0yWE<)02d3$#$k|D&j+2>A1t1Q?HdAO|3)iO0F%H
zP4kFfw@P#<nN3GG8w`HLRu!wFmCA}$a?~kc>gt13Q*bohE+B|vvDk5!*OXQR`?Va$
zzjsx`bW|EdZ#b$op;Tb-fl5uWZM_1Nmi0zewX{~b)Us+Fca7#aP5Y{`vHCQ(6io{l
zGE^~Zir3|QzYEnBEtRn=PMYRqO)XZ;ddKYpD$8o;WXoOJR2;43m?e}}$6d_Da!YNR
zw(gkLG>?0Z4|Gy@02zcbw*Sz9T`X!~SLlYar2v({*t%i^Nx%&rx}-Fe+O(rr?2=yX
zxMy_SRSo4BGHt>HCV0Hlwzx}yhn7;}#*V1qZdkEGGwW)p2@);o4ZyzAX}fD%wpt3K
zL0s;fbk|@5Xs^RJF!!N;CD!Y<-BN8&B*>7}BxI#pEj3lEuGI9#5#Y<h$KTs=*HM#g
zwycVZ^(DJCF`-W(Lj8?a9aZzByF#6+)LK=<&H<u8MGk{0^|Kv-qz-AVdf6^k%kY13
z{9x%IFd0O?=HiQsdULu_E>$$Oa-?a3I@lfU`Px<5)!GYGcPWiMp&Zje={xRvy$;0N
zV>NTq9P?_6(A4odmK9qig*np~oN3!?y=j?-T5(8x9rsM5)tpAgt5a&F<)|fJ7lGiu
ziUNp$0{VUU8c02pdxQ4FeMD-AQg?{(M6`gWFp^kRY&JkyJv-AKw7!*xG_^qUMd2n!
z4iraeIhqNIbM67NtXhs)IAB&SeX^zAUD&n*C!Skq;vv0nPD6_ZHn;fFt(R^EBb%(5
zWu*o>ff4{Uyh3i88AEj{PS<OlmfL5mPK%~M&`7mmlf|PrS9`OAV@`ric^VbW85OfR
z?bi*|r){Uy0BJAvIf>Q|%wZ59O~=y9#j;+8sRMfXkjX$*ZPh+)wYElEtF6=4Ya6u7
zwC8Hi)3#`rpVY3<uGC(rU87yAZPT`E*J(STdR*J7?b3E@*K0RuFVgmCH)?yeecFC^
zx!Qyoq+;8p3B3lB;$h$u2`W;xjH--Kr)8|{zM{KJU{0xl0udwJCHpOyo7C#KUU51w
z_Z|SwEG}9$t|~C?I999Tw4j~m#6`tASUvG$6#3E5`rgqdTkbM8AD9Th<Q$r_2W%b(
z^yMJ`SGWLI53n+T34nI#lSQiPbCfcw(%>O1scN`lR@KpR&8z^Yhi}wvM{i7GOUqpw
zmRZSGksQ>u_Y}F|l0wl@CQBMD9x%5wTTY>>A1i{v*Z4BjKAO^AGFwgr0AGh8r1mJ`
z$TWQTwxAMBAkcSW+hP<jm@iBp7MS3m$3>cja7|y_R4kCs%5lX}3Me=brDExz6WTOr
z_6e{fhA>#Ijxi9M?&I3kP&?TI-oX3^(@&RC1cZyCec7l%4y7uLU8;u1ww0FJ3Zu8f
ztk=y(fw0^QvaH3?8>&?6UGQ6j)u%=<MB{m}-r&RN&NMg%p5}Idbe|vR#`==db?<s+
ztSiy$OgDkaA%GXfdzp0w7BkZ-X{PNo6j<Qk|B0j3MhE8dkPKGgjf5(Qt(yo!6h`|h
zHJDAqIIM_(QX13Y#to6i3f!ts=oQ6L!=0i7RBC3c8g7ol0DlY&Q9+#xcY0Q2pin1p
z0V3$Gj&+2^FoH~!oGPrnA$~_2Ri_qijFO=qL)SQT@5;!)WD23yDC9}i4Br}sJZYJ*
zpoH#?Le>;pJ4Gw_e&N=U2v&NeZEd9Oh-$$?YDV}GMGTkch)|+L)s;$k<S5p4)ltH&
zQ8CrcY73^M5Y1$yfdV&F=eTJd33rHsZ|cp+?Xgxfs?t&5;P6ybJ3@DqGnP6DtAiC$
z{OABy4Erc`yg-JLUmxMTw}75fksZaFR3rKpWxi935D;xdFE7N~DDL3lTH)3xZrEA^
zHxhL{GQ-daG{L3KFT`!Hr^oB)EO!=i!|UKl8WvsH+@Q9p(OG}ZxaxRIeQe?v)9_GL
z%==1s$ymMp(4h-=?BONjAo=LLriEtCHQ<sfl_O)vVN+!uPowR;SnsM`s>6;LS1=+d
z%-CY!I**;=F14aH^rNufK+<u^bBB44gu5@XXfLJRS;^boBL1+9`+myOBDG#ZJ^{FK
zehYgi9rv83rE+7)ebK;0uCbd8n^gwoc_-kB7Cpa&y&S&iXcubF);4PwwcP$=N)2&F
zL<YPa1UO<hO@osTTaiT&PU!4=bq5_z;{_0E!2iMVbQhyLi7oB`?8Zsr+7`cuJ757G
zuuFm6Q&89Em{nyuTr)&9rHQ)J+2?lypV<G`T>>s1tZLv*Smf0X@U`7hf-W1_V=VbG
z0CItGd4&z#Jr?XdPZaO*+fLjAj{b>`f3Hyla*Q$j@d+zw75{&C#4~QS0q!QK1vq0Z
zXJYiqQ5$xGL9gXrFL1mtasq7ho6v>#|96*G)d{6lb4r#8v!$SL18zkpAZ~!GCTwXe
zFjo!s^mgZDaPJE2!}BaGne|B9Ik3H`(+(R|6gJ2c;IcO=YRPV5tf3tMS!!$M@e+G!
zwy4MLhjA^7)m;@RQov4-u7`O*m%CDQ6LFGYpydv1L~Gzj*t|nK+zH^1_)VoUL~k%&
z6ErP5qN>djM4TGH=@5Rf>uNPY=V5OXGy+6VUhX<z3x-gpz?{&fEJ0V?vxf#9h8;^u
zZR)TDhWJjkpzYDxRm4pUW`QeHny4v&ijc$dCh%H;m`Rm<IS3mxrv)lY8xTXYf$tcE
z>+IWyma&5CLfgv|&;kuh>q-OT8#cvXggOj1bf>9Tj!bvj)Ni?WUD78T7)Urwx5NH0
z;J|8cZv{I6_^(t|o3Jb1v%qiHbj|SpcSm6NrInx?cnc+^RugLAuB0aQD6r4prU|T;
z`1gUWh4?WHD_03@U!Rx`)h@wW2q%C;X@?meT8=`HZD6Q#v<12w=Jcvibx9%HfSKs%
zxGLDaCfvn~RPZD=<eNK984C@iqqu_<r$qZa4Aa~q;68Z%v~g8i0ehCwHX36qG=CUZ
zqgjx&sKKA*c5fS`fa@9VVyveraF}|4<-)vUyaQ(x{K0!yiIz}QF=+N~q-Y5Z7_=;*
z8@*Tw%)LH9#?q$|lu&K(kT@Dg0syO;ZfoEigzoc#1Q5L7h>Es1069WK!L|=JNE157
z^afguBMtL-2r{E%L(~XKd^}9zAl(kzMz7vCPNuDb!P?G60hhU!HgTa^4{=KkLKwjf
zj2#3l!6LozhTo>$roA+vf;sKS=i*&m<{LzRJQG>u196!&Yysz8SXOX@4G|xpc>-zn
zX=9{dswr_4EM!V+h#hssYbqVrt7wwqUZ$1iV{q><>Y+Dq!yOkR1u$`P1EhTEuOQ&C
ziK<vS#i(Pl;C3(U)WXn5R8}kL{^OR8Aro9wV4WO>Xq<jGM5>fpfC7f3g2{P=B1fd%
z@i`sCR(?N>OZopp3>U-gK&0iAVA~CgUZ{~{gdCv{)&LA``L|=}EBOC*?T+C8!`hwx
z|NamT>^Qw>AR6~|V=dc)$SF7uV>P`z1~E`@WG*XSF$NKDbrhDxBNSWpBXOY^-xzH8
z5m?9FCI>`>1O<r8dj#P{5XFsG_jsdE0EQC9-Pg+9Ee=4&JlfTOzbtl+)>E)Gw5qNp
z@xnQVQ))FK0-}N!LtdQkOK`N&hDimE0LU%!TliM+X+Q@dI#mOef`t$rC%*>=>3Nj}
zHy2__v^sdr7$pt5a-1`4DLxQS0h={A86Xz{Of=etQY*3h1{UVG!5IuI?s2aT&jLg{
z#%F`Rj3|x{Gem<=V$i?!VKELk75OpNK-)d-4Iea!Hik<x1R}{3wm>nkEkKdo4bjFY
z2{-|O;K-?883~DkcLD*zWjku%WfUOxj)Q=!EHoHgD6`%Kqs9B-K;ZmPli8?EgQo>-
z^Ey$SuyfKqGt|ja>oDbeJz!OL*M=Htw&Y2~9l`oh4y70EW0P={6zb`3WFVS}A=<#_
zEP#vGX$351aq+IEBwY1Aa@B=O@!=jgiD3Uu306mNP6X3fCE0~S-^e@paTgW~0)(d+
zd>9z4zX_pnd&n{Nm4Q+44ijNbv2cCfLJo#^^n`nzDlaI2VnplU7$6{-0g+DzzCOn2
zt&pQd3h>+#PVrDLbRJwzM>Akm;&YSR{gb0gwPDyr3hjZzYta$nm;xPf_O!>myT&dp
zUQvAB82R;1(Xg-O?duB<ske@9-+OR$@7^0r*B{z@qiMl^f@kD$;-FplvD`<<Tm5kI
zUU<i5@M!M1s1urn{BBj<hJD2}d2kEwxE=c)4)qJbc^hjXm=OrSpf=+k0mTn0Ip9^1
z^R~io$3=spmnV%|7qa`d)NgB{f71@?SNZkepqbw3pKu+{3R=Z1$6+9JKm#XYz2A-I
zQ8*NB*uY>|v)way-F)MXg?-!i?kv1u=ico%+_-J~`1paH2M=D;2~b!o?&jlfFj)mo
zf7jf&ec$ezx9^5qZ@h6^O~*6j&}~amhErfFljw4|gUu?49cp-EGQzE}1>!S*<Th=Q
z-C<rxi`Z3!2U5@Q;F!440>{GXD5UDcJOBnH{Y?_rK<ovSnWlQ)<+x{a15U5}UmZ5k
za0*&$)f?Xa$U_&qOu;1YZ=25K{*KwKL9iFx5RN<HCZ0EDYq&#vi6IO<m?8gcVFPgm
z_j)zoMoqYC!EOoms?-Fh|HRfB_{Vs*>uvPbadl|5^BvRhUBGV23GnY)f!0qa#nFu)
z<QN1ExHACh5SW#s+EQT;3(Mu61@RU~ud6UmdK?Jdg7I108tv(e--0LoCbXQSh7DpA
zuR&nvF1+)6Pr^eWac@lzl&7DS2R0TQS1JJJ+8$-k0$(kb;Z1_&%+u92NUWyvg6w+|
z#vqtxFc+=_rt6IfN^pp4tUoC2t6(SecDT_!Z+}BA03m82<U|+D30PL>@Eq30y}FGj
za7qK%We1A8${#7Is4M&?h<Qb&?>BT+v;cQOw>yYg5E#l~!LIcIG=M^g!|OGG-||!r
z?{|FNu4w3HxdRu!aP;LHx7;NrnPt?gp&mz~p~vD@0|F$$9JHF6F~Srqf8m`tB0yt!
zQG>|J=x>IGr@&)^W!Z7Ufq?auW|KXyWN^m6b0zhumLRGM$K;Tt5Sbs>U@OJMX6UdM
zWC8l2)|xN{H>%)fiJiMU6g1K-zdE?|`@)32&-j`*(XSEBRrMGI(k3y6?e?jSQBZ=Q
z+Xm6i8_^F7xC@>mx-A#oD5In6I7iCpBvs)UJ+O;W0b+#!0Uhxipeqpcwjl5qZC@|$
z<>;7i$nAiTGews=CfPtXOsNKo0!%7moDk1!m`q`!r~)rOgd1U>Zy_`}I2&sp5##VS
z&|Tt90oQ}r1i5F6et5bMG1dm;5n)6EluBR};(ySM<8-jD`Z%o<u!wx{=-BBQq0JGb
zR*h+T%h6%G>)#UMSOAyrSsC2pH;B6mVj%ENFh2p3W-u)Xb~TP^!rq=IvK63Gtfk4|
z(n_4(qK)nlPnURXKr=77p46xNUP83v6z#jOArI&%Y~ImGlEbg?nkcYLF=KJtQm>8U
zT5ewhwrj_PbGIhk+{MGwY|Zf}YU2W&wJ!`!-Nv)wLhO}{&2Slb<i<sjtBdizE%@U(
z)5axuF&e7D1Q~x)!$g_je@LG3|998<NjiQ?)DZ|OLyY$Xo_+Z1<BNU?f9_I<k3zs4
z@(gJKgzQSp<icPMxLp({zy!Mh^0{%ye!L%6)&}G^z|jiFA;ipkPU03!oPZcJL}Nhb
z(H-85`h|z`Fc*y-YgCKgEk#CS^q8(5-(uJ}QIXF3T@B@!!Vw}kw7?mB43!L)HrjrT
z!Cq?%Oxe)J*POS-{~JveHe$nc6ZtOw1^C{21N?1&>ORXy--|<7>d}@C9KxB%-PPmn
z!n+AJ6tKa#toYn9zXIkYs1&-kAvT%{G3=^0>-ih3KnCH+2qsP@b_8d~pn-yy)ntlg
ztI<3%N!fIMhi!LmEk3unRp1q9ls6_WvJE(i7Y8rr#m2&|x!!1jPaE%wxm*Ez*Ko=h
ztonRz<fXIrDYd4i1mhc9aV~xi{&-wywaV@?CYZDo7Oy=EaAS?RwO$QQQkH_7`+mxW
zfH-~V=x;fbQVblTftx(nC`iEdlYF%y4NlD5L71rcVCq3o+UN<oclzx{5AOY}0QXb}
z$Zqr~95XN68P0eUxe{(#LXR6gN~a_TH=559&WV8_MmQ}e$SVNa{Y0u5x|nVgtHP|5
z7<*u0z$}*-_#mMp1^`n9Vu<5{5U)ey6X(sR$XALH9Lmk<xDxqYF)T5ggyo$~)rxW*
z_HD4)jixPl=c$-d5hIn-XJY*G!gnzk2-iz}aHEMZoS_o~;^nYFo^_CY;GQ~bDW=X~
zDwKy3L%4~_D{g9{K@3IC)rnPd>Qx**rq0AVauQffBA6=`>&Hn@ZfcGkLyBgLM1@Eh
zG_e6`5s*lMbGv6AcF#YFQQ~DO%I0Xep<I)PVA2e-7|<D5;mv`(Z-ej{PNEy)l^Q&E
z0B7|MHm;91>Ufj@D>JnDPi6$r;K2*1_Hu;b;R#F)w2K_2hK4g^utLi@w0hae!EG2H
z>+D(Ru8rNr4oA1~;Y7S!we3`)T3fT{%9gvv+t%PI5v&~?tA{lFRgroKr$I2b4LJf#
z0yt8b%;MnT5_?rEc%i1%3r-|~SCGmN%B&nIsX%qD1UpYW-G`0eNqAZTasbdrWhbKG
zI}yi^A1^XB7|R-iIdcqp+GB9uiFX7^54eskwI(Vd7|-%ykUL(~RcC@=pg)B7WADiQ
z%PH$uM3Rj|u(-O*VTGgZOKA#|n2`|}Q?gs-Xzj2Dx#_Tvf}j(GQ`~jru7hkbyAm_%
z8@NZP0;#LR$Jc&V%V96wMqA{j<#o8r{0KCN2M+OQQwHhfc${AH&(mA(Ab7F-><4Of
z>P)nI``5nmk(ZBLbN&qLEVr+yem7=<Jn3-jO6Qlc$pBYEZd>)lt71z|c#Y*gYZg2j
zgU)lG*ZNOyia`i3THNQHktb57Z|-;Q)px}f0&g|u=JOu=R*VpwM!D_$A6y!1!?m5;
zHhtrg7y&%ja_fb!ITV}4X$9xT%|HBj3@kc5+;-8=kHo<8TE?vxfB#qvEUlK@xaFNr
zyb(PFZXEryAHzvZ*tvmJQ*J6gw00)PggcB)FN)#Bix;;(XUXSc)SzeJwY}?_7)s=U
zapR?b@JviF-U`jlm%XeMTYr6blG~rRZC?yF<(P8g<;#B(Z^TvFYy9xDW03uoo!ejV
zgB>x31dbqgxaO8eW6)`J^csJ9Bu19!y>RpOZ$24wV?wSFce&wTpNc{7+-q*W>2EKO
zF&rI6ZaZ-3(O4U<(cE@u(E~B8$uZ-`mppb}46TrN#a(XE_reJvs8Gn?3uVP~r(2hQ
z+m-ML_@>)`XGyw?!d(x)@pCgco!oxsSzk)s6mZW{=M!O9kSp){70)yyu8`OEVD*$6
z8SYhEb2cOBLGV-yRz7ZTu6;(v>E@fPyFS(3ck-G)`{vLNh3o9%Jz?L+t33ICU0Dx`
z@0@<sTaEh`opA<Tz2>h^TxV2+tM5Ge06c>T2{(95*{INSD0jI_yge;GBLWW=adH;8
z4B(?KLT~Ef&ix&D*vL2la31U!2e~-J#m!v2go|6axRs0BxOgcSw{vj^7l*mHlZz4;
zcX6R`QRbq;h04VQ7n59QT<BaFTpZz|#zmcr1{Wq5O)iddVR2z|;c(I7;usglxtQW&
znv1)+xQC0EadCo+mviw7F7D;xm0Y}vi(lp9ek#B>&>Qr8AEa%452}p6gCAtPy9^GL
zRRx0bwd2aP-FXlsgp)H`wAc0f&=npgW%=Pf#&@6wU5sIlciBx9_JBL@+2|eGQe1xH
zRfUZ=Q539j*~Uu>8+{K3>)E}-S_~wJn#(qVODTLEJnHGVPu;T-ou0am!8uA|f*bA$
z?t}*|G35t=dEP2CUv>g6$sNN8Ej{dqqkvzD{pxTwhL7-I6@|X0Mg@>4MucM-d}4qN
ziKSDx$x|)7QQQ$cgj|C_Bei)r5#0i*jgXd9yc|eu*=|31lH@fTk05{1=fohj4R#4m
z4s7VD2R@3&4{#4z%5iT6fl$t1MT1ANAt3-FhsMQ=Q9y@)R5Y;FBHtby^THu|pzi(-
zK{3X#Yu6rbKj$NNj8W**Dl6`A=$r<ny-0`i0PtG*iDtkN{_o>R5d1d?`E=r<42f5C
zUV0cF(;I+?@UST$s#P}L4n!N5z(`CUAqFwstxy9LU5025+yZ+fNbQFSB7}TUYdjx1
z8P~%PAZuI&B_L_M07?LG4Hw(ExQ>f)Dq6-aD2?6l19-e69S?}Yf$*bPcy)}!O9)hU
z93D-_VG+935k622k6+C>{yWphUlMlRBX~qw7#}MqKJQA$r;oP@5lp-~#^K(aIJ`R@
z2Uyv}BXAK+A}x&1YjfiB7wPzngz%xK?IJiOS{bk3&WYE1((&r|Hd+yM{7S~+Z8@=c
zZ#ou>a6cD8fogdC_vak{eLakid&cPaSi|FgGUxd3PanUJ_oWdGygJ6=%Q<oQKspZm
zIC2C9u3`+npA&-*rem-Ox7ZN`sD{UXCg=DcN*}+ExA74SygJ6=7ddhG%XAzTQ?MX{
z0#`8xOZ)Pzs2}bH1B^(-Fu*Ft;H;b&d?X!%g%I|LjE@yO`sSRYKbAiFU~uFU!9i3r
zCYR^L<fG}B^l=C$f`(VeIE?4S;bZAIzyms!s4%F8$3KvB{KwPBUrfQM2n)E1F}N!y
z27i@~LBALAis0Z^G8T=TSbRJkivd5d7C|GZWjtP%6OT`%<FS|mco8JHiZS@LoEUtv
z7Yr~;7{dUo7=z!;iNO=;7~r$HbjTP%BB*6N-jWlKPo?8A7=%0{h=^*&<S%k!^67L;
z7E^3Bf(2JG29M{&;4|qM^n2Uy2o8QFWARi@EIyl##c(K29Kj^qz}S2zCpMo;$EM#4
zNk=g8D;bM_&WXj7=~yhn$ae$<s^RhfGw1l9?_qq5u1Ckm8XkYJKc7GKh4k?kQv^SP
z09P>v>vCf7R5}L3p<{vw9^nSY=2voJ^Ti&pp%B<1dP`3fn@|H|b7@X&zLbv5#p85d
zUN~kKcD;CfAC}j{^R0z_5E3ig0FTd88ad|=M6i{)k*V31lbWZ~sadg;vUCdvgBL4B
za85QeX8Uqt_T_ZUhIa=qvx*vHxPh^`BPTXrNylb{0<SZ%DbdP!89DL#YC2v^Z@{;S
zVIDf>t3+fMZDNe3a$@wgbd36mQ?Uu$uVgG9$ce?*)3F$dztJYbnnWw()yaw1H`4JM
z5+{cdj6(H{%OB>%<(uiaoJZ5=IGhB5?!db-3ft-Bj(E&Kwii{W)ZUEuqdD>ZRyy9{
z2_VA6a06rWk(}84bviatGmGF8ZDNc*mlLCJ&pJlm%!v^mAEuoBZ1T>23On)jZ8ko;
z?7b7}ka+P@gmpdL!5sZzPW<rzJO%$jS|#xaJc6XCW=#Gqib>`pHa^nYLa{?SkxxOd
zkKWQ6#m%c@#D)f<PU|lLQ8-px0M$?|;-Zg>0V=#>HO2v6hE+4+@gjT`ggE4+lSMxH
z!(%%>d&9#sgHFKk7|WouC_F$i=oAQ#aSS?(!2=Y7PC@X<!k}{pJT@>W_KyL4gQD;l
zN;fDTjsb0hqS6>xHYhrbAzp*xv>0eLC|ZgEPlKYC7<e=&dWb<lgCcntgfl3ThM_Qn
z;#nA!GAOcy!6AbpJQ$!cD9VB%5`*F#7^*NR-hd$kgZBNnX*X!+jhkkJcD}fIHE0Kl
z8%Tq8fw*}yXa|NHD1&xExRo(zKZ2VIgLVe!+#BSfqhoE5cZ^Q0L7pi(ga&za=ztmI
zMWOR!kOzbAhCx09F7pPh)wt9ev|i%kX3z?SON&A415VZk&A2#G8Z_JC1ZB`HgA)TK
z2N-B#lqh1LinB_RPQi<K@a5EaREy`{e0II0+=5rp@{{_(iFfQsm=3vz@LB#6JnLSc
zp&Pu%i{Fb5nWo-B`bz&j0C2voOj=4)o8ex@Whh7xov9lgPIo;+58JwNB`O%5QICRw
z$emGRx&}X42HB(ifKkiRJDeym%un~xdAhcRt<DW0%|mXM9@2x<g<A}9V^)YEnK7hu
zvO<ceiJwF8EP&QEhv57f8a5lxo}tCKWTu9h^AU{wftc@ryJthpm>L1e7xXlCM9jtu
zVFc#kZPH_T^YeHB;w1#an2~=MKs%&v@b>~{vW4E$E<}C_(Ki6gIz766xU+d*dam*V
zknAm+vGza*UbXI}Jz*{oCai2W?n4IL4?ij-Iw@29ekgtlaG;{_TbA~@i}6j&koesX
z?~aCKHn75F9we`#?GExo(vaZ22gJoo9lkOJ`VK>`j-b!8tbmp9l>&ODB|JDM`8xC1
z>nQ122znFuVtl-;vu80YheeXjkdJZzc|%hcD~BqdR<kDnaWD@SerC>$+Bxgi-6hM%
zI2_paJEe)~K80htQJQVPU3#p9ZT}g8nAx^x;$GINad^9Uq(8g}y5R=atf!=@>yeZ0
zl1-t6HIF4?#(YwG+yqxYlNE$8iYKyy5T?np&1IT@ng<IoO>)=g&NLIrZ^n_pFo)pv
zjI*)mB1vh6*)Kg-LWLF)h<Rz4o29AiZkP#9rWoc0(&Hw$x-lyVVVLJ-1tAQRWt+<|
z&&Y!X7$)tW=gu%Axu4;A-<S>zRFNjByILV>X$E?y^jHa1x}8AGO9Q=Enz|l2nPQ+P
zq{mHg_3o@7gn=H<3PKnt%QlyR-kJvsFi;9=&7FaENs~5S9hl|^q>1USP)JmoX}(u_
ztb`K1n?TG<)BL(Lbv<%2#WcSnJ#K=lU&;zXnC2I<f)J+3vdv|hkLJMwOp~I_b7z{7
zX9OZ^=Nke8T{$#6&MlIbW}wTZ$4aQu5&|(V4RotCb=?g#!O0W@9hDw8!PSeif)ED!
z?5rS!fwF9K8R%dhEWkkN@MrD}H1WVp#7O@rFj8HbtnR9X<fR$ug!EVmb*d1Ed1<64
zrK#(YlPN}ezx22XuD&WO2w|kJ$O=LjDa$sOk=~UD3oueTmz_H!^&caP*ycL}+x(a`
zHQhA|sY<iWk4TS|(4r3!h<Rz7-<77WM^2{L=C`HCO>p&_SwRTf{90BJ!Zum9xoq?O
zd9VQ6q)dsqv(3a4m&Rj(VV*fWJDx3)lxCRgq{m9A&}srPFAeibY3jNgW`dI`hWR|{
zaT8p<G%E;Um}6N%2*YIA<}%C`d9VP(q{O8;G|c#;$i|a_VIGwxrMo&INoj`JkRB_c
zLPrS1yfn;*q^awXlPQMz8tHKpT>Z7IAcSGQIx7fam@L~|hN<Pj0t}P#2<Of)yF8<B
zd@C@`PfHWiU7?VuG}HW~^jHZc`YQr4FHQ4@($w|H$rRK4d+Bi#T>XAl5W+P7CMyVG
znk?H~ruor4Sb%9#V(;9UX7be)#y<p>dH#~w@n(^xG|N0!daQ&FolPL-rDblDrmnkX
zCODa5nJ<(cH^J4bvVstnc|}$b!ZKO5xh!)-9xT8zDbarJEHm*+7vtxFVNOev(p{a9
zq%^}kCOuX{g=_*bFAeiIrK#(YlPQMz2I+AVTz!335W+AY%nCvnCd)RLVK(z%0ftG>
zz093qc6ry4(T7j4P=@grrHSdTP)JmoX?|XMtb`JMmO#u)(|ksnx*j>1Vwyja9yh_&
zf6NL(nC1_%f)J+3vdv|hpUQ&;m?k}lHg~3(d<B@XI<U-(md=hhi!`NK=7rK@C3I*L
zftZ(;dA&4s-7Pc0$rQ`nDLrn2tJh@(AuRLStRRGCvTSo%W+4w2V43t_=v-Q6{MC5I
z`GIA=Qks_T`h+y4S?0^7$4cnXJp^K2TITOdQ`aLWQ!Mj$q{mHg^-Wnp2+Mq9RuIB6
zS+=<>b1DxOV43uw_S{)!{FRZ$SYVgmkfx-&HX%i6cKKE5u@V~eG=Z3xcKPqp)b+^8
z6ubOC(&Hw$`qQi+gkAnPD+pniEZbam`BWY(z%J>v33F$c;;pHXB%l`t*7=-ev*XVq
zU1`=?lpZUgM_UNQytK}nq^av}oe55+Sm$2paT8p9QC1MbI(KIUA*_>So69;k=fMK3
zlU`*qch=eE1;fUkz%<*^#B^6EBr44`ACMj^p+xr)h<Rz6e=1E~kDN>~&Hp7mZi1_S
zm=%OD&ELxkLYOAYHkWDMn+FRpO?tP`+?i(Lz1zlZfnk16nw0M9ge0XI=69sWN~qAc
z2*kWJ%rlnHj`xw^WQt+_cYdz^XI2oxFn^vEgfL8&Z7#$7dLAsmFzHoab7z>z7t$M(
zfn`2_mh=f}O0&$%rN>HG=4Aw8URvg@($saI;}V=qvCNyL$4zkcKvodKGWTZ%AuN++
zo69n{=D`9ilU}_ycb4gYlOeLxYz4OYI%#UUYZOwIW}B~-9xI_mzfK_LrENYcO<j+i
zOtH;Jq{mHg^=(-}2;2OVtRRGKvTSqN=E*!*fNj#tFz3!TgAbKNjPt(0IR8PKobD=x
zWThGB|CSyrp+<j8Am*iU4vx%@OPk<iigETykDK7?!mJ>KasD!^Y=v>MY;zgsck^HY
z#!2s|ojc=9e$&TzU0|8prG?VnGLfb<%e+Q<tb`6-O(5o_W!@!CU5}hhvCPBL<0iQJ
z(ySnaW!{n%gs@DOZ7$2aG7lDDne@KsxwOpqx2}xe3oP@uq-p7{Pe@amW&VcrSP30^
zm_W=+%Y45ybv<%2#WLR`J#K=l@5%~7Smryjf)JL;vdv|g59PrEER){fK6jQGeC;jb
z&^{6v=TD@`>8?^pR+@4Ci}Y9tHTow4F)xjC#fsT+XcL@FG0tVu<0iN|oE3yH&Vj5T
zgmJQLa~bCkvuYS(0mez6RG2&C6kkA$Sm%cV>%2jltKF>==}NQCUD9JE^k@fxn3vY6
zNmJJ&CsV9bl^!?2)pAx4!a7S?K?v()+2*p&ZF#T&>!i<|%$;>6KNf0yI<U+?kfx=(
zJ|RtMmifEVV<mLx%>-gzTINTksq2xGDVF(R>2VWW{a{uQ!ZP2N6@;)%mTfM}{LMUA
zfMwEWhvv>Q{cm4HR?V*kw)r2@)O6P<q$<re|4n+VgckjbK+H?q+^}+XeA)yjQ*3js
z^tcJGuF48R*yc!95W+TDwz+KcnXDS-`Ly&Qu(`9%@E4>b_WAdLeZE+luifnvDND1@
zebQqkG-(fkn3wk1l%}pnPNvvrU3%OESB<P7gndqC1tIK{Wt+=Bug`-8tey0EzPYnc
z|GVlD+x%Hzn{Sn-rn^QVRcW^Q7U{7PTJ%Q*VqV(jr=+Rtk&`L5`3dQ96I^{fD+pnm
zk7WfRY?Ec1%Qk;M4;EmX^uf%zv&}_LE&8ojV*!5nl3sPNVAbrnVn|Y&Vg4d3+r)<f
z|BFD(OT#RjE>5Nx<~h>iCJghetRRG8uFncW7$(a$mtp>URt@u<TKazN92#cJszp9@
zY>Whkd7CstyU+7TQkr4DM0%`*3LPX6^U^S<q^awXlPQMTk{&m~RVyn9VVGuC5W+B7
zwz&-RraV}{ib<c7o;$-_+_F_GYMJK*mibO;TDt2K(v)VIZ<ih`p+kR0Am*iIJ|#_E
zkDN@g%qOMCO>p%ySwRTPd?G6dVVNx3T$cH#d9VP>q|dw0on;QAWtNml_=IuPKDPw+
zIkb9qTw0_o%|833$4Y3@A_6fl?Q^p<b=~bV!O0Z+yg+)~1Xnj^1tIM7ysRLEeX?wG
z+2<K~umJn~B51L^a%KJy{qVTrD1}4QP57jFBo_4iz&;gein?nRQkG_)cS?_y(4^Z5
zgggr~f3Nz0I-y!>qY~qwI~;1@&HKI5)b+?ouun^1;ju(~ulj`axCyS_ofU+z&*ND^
z2>WE&=CaRQ^I!q?`K7tF&x^;+x}rA<$Lzwc7mx45@_N&D3j370TDYO!tf_TaS`|k(
z8&Uh+9oX*&q$%#Mbx3)d{k~Uvtc0e$n?THHznhJjJ~*Fw4qUavtk=y(VO*Wi8#=Nw
zIv2X#I<Q55U7Fq=dF!s;R3WTJt0Alsmi-m!@e}<1QdWLvoiG=pB1e?f<tk?Be@K(m
zD@*$}O&qN@IteEJoAihYCjKld2r)fA!*ZBOyR&k85T}a<%ob6Oi)!ZjIcsLe2~SKC
z?$9R9#~{J^v!q8&aDIJO5T~8<{XBI?`R-RT*SAX}->a?<Y^u`2k<|8Uq{mF~{OYVA
z;yll=k_%^mC$0=21QuU7wasN-QP%F9QgCgy3+6;&d%dhrwsdDYstGgnVZ}Hq&EZ}Z
zW8Egz!)?@@7*zt?61LfpMj@dmM+n4>OZn`t<ipn~l_Qgu*=kgy%nmm&hhHyEUauTp
zvZ*YvNU-%m>2VWmbx+OK)8HWuAFQYi#nR2fb7FiAH85Y_ElpqVe6>9+MxT?M)*h7}
zH^J9OPR-XD)ivwVe3oEd;U>#0gD+p$Whr&NF&X9ZsX8*(zbs9CuUtQSli>Pjld&9~
z@UTp1_ZOw{NJ!!HSwV<t{j*s?h{c6<A=l#aHo{^?t;xK&2xGi7swUwER*S`JPnTD>
zM5x83Nn>0fJ#In`e!<+6j#TG2#!GuO#$-q4`UTR|XE4S~(~WVXG#&{loR<}ZFve$P
z1tE-)bzv5aF#`yJ1uwf9KnPy6^G{6dQ{}?qba}nYPZ5uD<Be=8b!p}3)l^0{>Cxy|
zVy!Zy$4;2XB!QUG!95M0*t#f>3;SD6O>e|D_cL{3p1)R_?p}GmKF0G=)59*o`(KyF
zA;J5TS$Uszg-D58y+fL$UfH^MlV0uO@&38=fC(PHH7f`)rM-p4@IMr`dRm$Q8K!sf
zY@U)HFv0XEvw}G7O!tFR;e$ZeujI+&=hDc_F#NKlEBUX|111>$ldK?4JHyY7&E~sw
zwN@?o!K169?tNNk7SP%2PM6DnZhUs1Kx{|-a8goq8>CT5h;D6G5OL9EaF~SW$4gBH
z5CV()Ne5@#3}#)E*2fgcSDmQl%-D-nW{)(Jd$s8eag~`_S+18xBB3lhvx10=DTAbi
zvanB>0ffMU9rO$!1QvXX+7pO3{O;r#^k<C2$4(FXb}Z0&H0$9Oq60_fPtWa<`HGzl
z2cqqTgO1gzI4vvc92++W2jdS(>q~dNNBYtZ#$O{nRzkghjX-4BY-F8WR(Xt^`CPn9
z2cA;iAx&<Ntc7!N$aetop88z;&!xvtu=}l9K?uWn3rlRaedCoL+jmYmYQs*ZD|BgR
zsXQ%BQm;~3<x52sIC&fuX-H2=51$aqlUYH`nNYSnj-{7dPCOgT7fPs|h4OQ0lB9*A
z2%Hi^`B&-T6GHh(RuFNa^t4<>S1GaL@${Ghguvp}SqbqLx-ZY|LN~m-rB_u9|3veZ
zj7qS?ZCyV*y8)yuZHXI|9xI_q7ZZpXmpJ1XI20GXvU8%d*%$*~McZO*C6~px3JR=!
z0bgFj#WpUk<AS{#x4)@Cwx-iDh^7Jf*V2K3hdZ11x#v}?^)WcB_qaO7OHIiRJc$Q7
z``mM5og4*D?qYq;jP<EPmTk$QEL#L|QM{RQHA<#c@^fYIf67*Rprg7=^+u)E!bC7g
zDL_n(n}JcrE%<XA{@e~fsykR$rmAYw(K;{sCH%Pq6{Sguf&1LWlQpy4X}kTJUahK)
z&PjKf2h*!)yMv8Zy$p%0)y^IeH7v0(mf5IHL*HRbIWG9*N$vF@3*%w<ad(Z~3`zd>
zSY^6=nRQ&Ts#_<=#?49#GZXEx-MVvqt30;<;K7}H$Es!p`bC+ng9OZCz1lI}0MPa<
z=4o*kkkl$G5|Z`s5;Fp8Q?41|*?F)4*Y_)PJ0px7LS3B6^F10&3%@E&R`)dr$xE9S
zUMW3RVp@1PftYbxm^sXz)$?7+e4Nqo?b6O#`$y8m_Q+Uw)h3!}PVM&ozVz@3UjI&3
z5Mmj96N_uM-QK~S==kGY9f?nhY8Js0(ggG>f+2Qt5d)8H!nggn^r#8We=IAAIOj9W
zcw*9ITgw1KU~x}YLOeI>tC=RvthT=N23&ut5GqLI(7z&>FwfW^yBc*@DkLp!!u;>7
z>=UnD_|L2$gb;t86@(|muVoTq=A@W@nz5r(gYlX`ep_Zqen?fC{5DIEm6!@HAP_Sy
zc(dyV6HQS+cn!K}wBFcbkn;tPHrX)gq33#5sHLGg$4%=<3ED6U0qxyf)ti78;{g2p
z&pD{qWpGeE>bpCq+p~&T%(E=wT=VS4JXnBp`t`Xr(UG{mgqLyS&4I1nBTZKKxfaPw
zv(+i-u@bi0A`mm%>TJ6~!=VULn1gP(fnA|DNmJJ&CsUpWexvlb39fdsf)Fd%>#~9n
zM#{3yWu#UfEWk*=F}FrKB&PeYav5(8%=2k!g1Rde5|(D3Pf3rJP^2db#Jn`mpGs5L
zBPUbL^T*QTCb;^~SwRT%{D-U{gn6=TbD8I7@?Zhx`OUdC&-3VU{c)W(D~dH;*xqt9
z(}E`k3KR^EY>kcg1xCB&%-Pw$Ah~HqyIFdygnC^-AZ9e$(-!c7r?o0(15VYP=uX1*
z0zTn(USeM)O>B1?PB1nI_`p+I0ZtyHMA%`s^zaE@k7orTOnEztYt}s-5r2#5wL2VY
zU@<hLiRe`fOEzKLogWKNhJB7mkDK7XmK8+L{Lj3p9_pS#;fCs&{jZm%p;z_~ZxV+u
z3GIJSde{W_T>>%VOf%~VTO$V@rBQ`568-MvOB>uoE3^0A(scI9-W9;!C_V`$KPo+V
zg2|6$1tC=YZCODGZ-GUf%Uej9=rSAH(*4$?(&(xZ(I(c1zm;Z2ullfTlNrV&p$y-Z
z9yy^5-zE@qXK_mp?A$)ScV}T29iE0aHEy(tdAs<m)8r|+%itY7O0}+z@-c3Lw+p04
zPVn{@S;Zp^?Z2{u5QfGQo&`h80778FK4b<Ef)^X}@B%gm-<sRa!HoGJp9uB=H%RMP
z_n8AJOWOzRk{&Ce&pQaj%yY%8=7SJTp*T3CX;iD>Y!JoYYn3RSqw4R%@Idf^j*>{z
zFdBfq@;{cAu~RbY9VNDV;JcJnrot{+rn&5LTOKUHF8?}{U7m&m#-{_re4{i;-3=2-
zOEb)l^jHbQd|g%$Vsd?LRuHI4AjEIa7a@Kx5aQ#~By|@el9ndK$E3$f2=Onof)GOd
zKvoc*5Wka2h?)KDO}FTcs(IWl>^z1so`Pc*wjVll;f_6pLuy59=to<z>=NV0fpC8$
zO=@@HBFSmO{YUAs62kofftYdWoc$2mYIqb0KL3rO$Q$*t1#gRq@zU+ugT3yhXU~q;
zonWrJ1|LCUyhdvQULLzdAZ<t*fdt3<vw{%jw1_~=deGtdyH$q-<0(7nzG^is-Bt@u
zp!bCd(<=D((X1&BT-T#<w;XU-%v+^d)T0f#S8bYP8b=}7eYA39RM0poXdDHaMvwCx
zFdER9P=--yG!x2jaaItgT^YuFWuS~)fBr*{wqTnr3vxXQb(0dHCkwb!jjDk3-7NS+
z((LF}@LL1Hn~<bZ_r;I&jC%Bp`t;DwI~l}%u{3fCaqr6t;<Ssquvcj|aZ(m594>pb
z02XdECu0X4>D^hNQ_=+YD$w&c)fwZk-8$x|ic9ur4KYp_Y)cxOgaoauAWpjk&kRZK
z`}aP4jVHSs#$%$}5b8HN8t%p-`)z3odllK*O`$24<)l};i0QYaF-VB%H?o2_?P6MY
zNP$z?id{IBjMn;{x(Vo`(zNv|AWR-7<UA|tDxD8Y51)|E2eX1W?b5kod!t}B(GhIH
zS>7~Gf#4Tf<}tPV3dmE?`R7MhzsykB0{>2$J-rI}@=Z!(G(_JhOqd>h-B(1WFFBKb
zPa4I95_~5sh`17Dh!Ke}6YqaAfDl;xUDjQgx4FG<Za25$L5T1nhw<OR4)&a9MK@W$
zgqFh{V*$idpjgC39~T2ubXPy5tNRXi3*5!3ewOrDo*rEofLKo;X57K1Cqef>U+^#>
z(G&{)!oz^8Fx44+4tnNfOsT1sLn+WJqV<hws@)K&tw3jeLa!)}O07{?m73YAcDbvn
z+OSRIb74%jepUo#sI>&0=>FBQ9>??w4;V$V3U9PWfYDmjsdYh))^Dm`839gvfh3Sg
z)$9TU-@)7L0z^}6ty{I@aPN`GkUCecjZ_{{EqF}PWP+l61?P~`(Bp*Gl}eXE>#Czr
zb(D#)S!lto2PvgA_&@`^^yMy)ntGFOh;j^9n=Wv?3`=T>l4hxsI;1<WLPcR&K2A|&
zd51%w)<?L+4KwJ8qgb$8rn{mVfgc`CiWt9oh_z9S@WW1B1`d7isr&N)*MV6Z<M^`+
zf3C-$7vay1__GgxZo;1f_;Uz<UV=Zj;?GO*=MMb26Myc)pECYb@n-^mH2g8}r-nZb
z{AuEkg+C7d9K)X}{J9%{UWPv}$De!g=T-RgtMD_|&nvWW=A#E{$0bj0B9iZZaB~?D
z6n>mGeQxyT<FjM)u~<=i22lt=tjU7~#QdwLT2W^|q}fLyl86gvtO$sCM4FiH%PA6-
zww%6AdaT59`X^aI2=V<fftdC1WZ!O6iGA_d_3GG}_<}U*J#yOZ-!w^Md)yNK%jcwr
zOfdY@SwWn3hOfNIG7Yuj%<!PN+ohca@iS?XdKJW~O|UE?PNRu@KOvN7q=!!k<wsdT
zoOYqC-O;k}#S|bE#cA1B6}H!!ni83O+!^|?aMqtAJH_`ZoVA-Oj2j3CaT`?#wS>{E
zk;Wh)pOslboOb!F@r=eU+-ze!HMusp-Mg@Ku9haOcj<VhV~@5Fvr!6!`&)ZqJy%L&
zkdV&vvVu76(iu7cZ!4kGi>Sqf>RApYX%c#s!!YFc`8Xs@;|}Rz6U@IYD~Qw1{C<84
zCCYiflG%QrH1fT&eP9#kWhE8<Ug<FtJU@{YM9)0WoXfDvUoY_Mb-Dv5y0P<sZXH+{
ze<Dp)ufl+@)_E%he!b4aDq#$NEIocgFn>TGW(*E(p55pWx#-d8&>*DC(N>H0z^l6?
z&p|`C=ixsOm>W;Q&nfno?#k$MUYJTTtM724S33Exhcdp3%rthvYqAWn3B5vc6B^rh
z?qpSajOCP?sF}W*6ff@TB8?&30t<0a;3o7QFVPYW7>Rm{gM^>?pFw*6jMDoT{CNg{
zehNRQl%xM?NjzTPi^uAxQ;z=**u>>%{0-tsZ`RsBcOu#64pl=E>5?0}?A%l4#=2|9
zRX9|{cd``77EU|!Rs%w(VBYO>$-Fg?!~)+C8}m|C0?qEi$IU5xT<zuj5EBo2F4Ae7
zONysvV>Qgi46!5;j^Y&{1Bm$2oB;%4(JHsx5yz~Q;JtYz*tb!>8@_|^5s2sPSzx@K
zi+5nL(0G)KcXIJAF5b<>UvTjrF5b(<`?z>N7a!o_gIs)wi@)UJ!(4oXi^sV5C>I~&
z;&Cqiii?kP@d++I$;A^~e2R-tbMYB2KFh`DxOkF_&vWqwF7T7_Kqh|U8w&gi=$=*d
z;%9iDAHHZ27=ka0+q1~PS0KR^zI6r)d`Sn~fG-1p0-u82GeFNxKpW;VLxI__P+)4`
zo<Rc-YTydjfIWjPcR5PHRxAASLK|KU$yF2jWT<Kd^l~g!EqO0J#D1GeLijSp`!J+;
zKm4eK>P+ufB$TmHywQd*g|jnC^e5D?{r{f`H?a{>4xAFB%K~TMTy5Y)qqf`?^z>56
zF-w+OZt1luu@YJMAizPTe~5S~uJB!zc!g^45WTcgT;ba*#TCBBQd}XM@d`ENA$o(5
zxI%{G6+W}^5HTFDP&Xc;vjuU5hYaEhPaDJ)9y^FDJbw^Zcn~43@I*pf;n9S+!ZQkS
zg@+a53QsM>6&_!RD?G;#S9qWyuJB|-T;UOixWcmzafOE-;tEec#1$Tch$}n~5m$IH
zBCha+L|oxfiMYZu6LE!yC*lfEQN$G<r-&;&R}oiuz#^{jq(xlek&C#(vlnrNnu%9v
z@DGvSEUr*j#T9yG;tJg}afN=GxI%pvSE$&*Rm)w5uSx~|rU}FDJlJtp`fo;!)DH6p
zb}`WqO~74Hp<=)+V;B=>7~=uJdCwUwcc`K%jY-vpGdJux;9Z8h3|4gSEAG(4yAkg5
zDrsI@=3jy3O<+yST~ui{3FH#XG@X(?T`!xpj`8a-uG@c*uO9ArZ_Ir@`1jzK!OLwM
z&VFlu6HfG&J1Tr63l6DoQs9e@Hq<QjYqndEXt&Q@QdKK8X!PDAI{+_mrH@JPb4PUh
zfEsRXyF;al1~URgG2tb(?y{27FdI8W4IJR$8+k*F>4Q{UbqXo)Ne(tyScfYq%&s`8
zK!GbM6u6Q?fh#E#xROGFD=8GXl0tziDHOPpLV+tO6u6Q?fh#E#xROGFD=8GXl0tzi
zDHOPpLV+tO6u6Q?fh#E#xROGFD=8GXl0tziDHOPpLV+tO6u6Q?fh#E#xROGFD=8GX
zl0tziDHOPpLV+tO6u6Q?fh#E#xROGFpBR7wr%)(xC4~Z4QYdhKgaTJmC~zf(0#{Nf
zaDIdWS5hc&C4~Z4QYdh?gaQo<KKjsd7aF`QcEBEB86Dt*@Q5NWt}F0%VHAzmX&D^o
zm(-&z(ht5Jh1MpSwMk@cl31Gr)+TwiNnCA`R-1&?CRw#fRBe(}n*`M+IkiblZIV)(
zgw!S(wMj&6l2Drj)F%0~Njz<mPMd_&CfT$}G;NYhn*`G)xwJ_vZIVixgwiINv`Hjw
zl1Q5b(k6MdNgQpGMw^7uCRwye6m613n*`A&IkZU(ZIVKpgwQ4#v`GYQl0dr^%oYoq
z(;*fcKO%7it&1$1W)V*UqTY6BDR!4YG<eda7eABiJW2J}l(Gt^Y#=;$a8hls<rxdl
z!`EoL%j~A6H>Qd;vjT}OFy)mFSxUo(sR1@%5cr;&?mP@qUj)6~ky1^$d%EO!9aLy>
z`}uy*8UU?Y3T$)xZXnxsI<M>)18|=)h(AO4GYmhkh7ET4)g5>`(yTHrfcZ40YV#Gm
z+q)0CZI0dRE`^OC<U$l?hQ2BUz28<9tD<#`4Ny4~$R!7<Q{g6MQtfoZ_e=q?g(tP}
zTI_(C#6gdZ4|I$b&^1m7RO9d-4i7+}(q9<hwcIV0MABDLDjNRl_QMnl8PND|v0*xD
z*))&XW3dfk)h>Bi(j}343u~24pm$&Uf#1TvH-T06>vbRt!beLy5w{#2q_bidr1s-X
zeltAvgzpmqDZ)DOV5jU3RBPnpb&MhsvuxZv-l&;M74NXQo4X3$IW!5WO0^P!FSRTk
z5gx+TgPxAXt0k~bmFV3yQ>e1;I(3R(V_q#a$|ZG5t(2NDozN1yL8;Zu<Em(}TN4xd
z6pRNevo@h=54lUrdf8E@O3WztEG7rR!}k`7+*tG)`*sjF{iV+xgl47*&=@JfRZTZ1
zEd`VwhA_SdQ<hPHrRo080T4h57FrcvM~>C*5)+o~Vsjdcjyt^Hs^UA+55mR65buWW
qOJMT{JHQHjbR4N{mEB<^%g0kTm!m{Z^;pqpHK!q_>w#&Ni~kRu2P{ee

diff --git a/docs/_build/.jupyter_cache/global.db b/docs/_build/.jupyter_cache/global.db
index e8902be685cfb3a13ef7cf10c319ff1749f71037..eaec73e74a26729298bce2b4fc0fbcc471182a1f 100644
GIT binary patch
delta 143
zcmZp8z}WDBae_1>$3z)tMvjdM%k){K8Th3)3knGGb2TP0ax(Zf2J;3^mb0I0Yiwd^
zXl!a?VpeNpU}T_cV5w_hp<rNaWo%$&V4`PYZeVT(6i1ga(=#zPGdJ1%-+sB+#t9cW
bCYQ&TiomoQSz4J|>RA|=nHrcZN)P}50h1%{

literal 28672
zcmeI4NpIUm6o9GNv1`Gu8X$lVhJk^7umngXMeWMcs*aktjUC69iw15$a2Z>SxrH-~
z;ubwP=#R*~$NrH1g|x^I=%t6=a_kH#+LYHMNR1$P1ZfUudGp@KHzSG9oXv;#EsD{O
z7dRS472yjZlM%i`NDzc+c1*G(*~VC6Jh@=!Oe%d=a#|3-{BtJvMwpm>CFGWJf6V;#
z`J3riGrynJ0P=wV5C8%|00;m9AOHk_01yBI?@Hic{p#fG++60xfNHvpU7b*EH#to#
zZ*)7oF6wo@zTZW|GL+9w`Fm((t=GNV-9T#(dT4Fy{{14#PKAMmzVB=--|KATm0GPZ
zQm7GvDM8<EK3E&cr-5c*T{HGjulqxfi!lPMQEZ|+tnc2+YImgi`o_v?XX6q2uKNh(
z{k;Nju(h`GaI1^*tp7r`P@0&S?aXBa%Qf+H^3-O(+f*&2UUaPvtx(Iu#N>;)v53I0
zGeZJ~X7m|>=rn$eK$Lk7fxbridwBnB3g;p+F);$mr<UiQEy2{N7E!zqm1Y>2L4OaB
zLo+zc@$+FuKsd}OarIz6GdVjypLr3(WOtle?k>Oc(fP^<&LsC7o(l}-!Xb-Febl9%
zX?BPYS)At?ksM}@bY)_8dHyWlNEA}bNs9lL|BR2R8FplH{|Ib{4F~`MAOHk_01yBI
zKmZ5;0U!VbfB+Eq6bM|)j0=lb;zt{{<yds=?<}(`llxa-J8VDz2mk>f00e*l5C8%|
z00;m9AOHk_z^6js^RdOL)DwU>{(oJ_UH?=J1UrBL5C8%|00;m9AOHk_01yBIKmZ85
z9f1QYGbOAZY|f~ij;YBlvm)zy)zF)Y+|cUHx>0N4YDHEWxTZ*31P4Si_Vr3I&;nE5
zmF{>(=wO!;>8?fZg}U@$bF;fDnVvx;*P~eXygedml(Kh2qyc+-!y6FEB&wtNK6|M^
zrP%1Z*3%FZ(en3Q{pSVz92+5jdqO4H@LZEDv{6-TR9lsDO=(u-Xsi9A$ckK&TP3-P
z<Vss^v}=l3uFF-WHd><8+trrXtjlG&9>@P*3%S>C#|CNv0U!VbfB+Bx0zd!=00AHX
z1b_e#00JKufyJ@asf(Up#PR=ukQ;nlx`Q@A00;m9AOHjeVd_WWVDs8<<<2EMZr^^~
zJ6yRb?|6iw02}OaJ~A}hMz%(1p`AtO8_ULMK?+GA*&ZvBY)hB?ecJcjirA0{Tb-%o
zvnTv))hQx930Vma)aW1Yr1){Z$HE4>Ml3`0_ZN!Dwp@(LwMG$HE{bbl)(uM1uAX;w
zRS#X$#-ghikuflDQO7r}z||aFcvqF!%0{013<p&51MCMLUs8#yH0(O1RHHJYl&eQ-
z1(=2b)6^G_+A|G{j27|2fQc)jJ?GY*Q`nXt|9{F=<yu7SNQp?h5k=4~L_!}2`EC?P
z!Rsl5i-=%*r*NhbAB-!z)i?#U-a1`v(ZIG%wxcz@9;aY(8<?UgJyl*a&;O*VaiMH=
zun(s7NpGlDo5wVd6p4L8vj|4ZOr@AKi&%Aozzf8kz;mK%s^*%iLw1LHdm$}k4?Qtu
z9P>mm>HDO-HtI0X<C2kQ7-0~wwZH~_J|N>ZEQ*F`pRa0d+a8Os?IMn;oh_Z%vRpG1
z$KniXA<OZ-fDSWM!?xJK&t`|YK2u&Ji0!@^Hyq{+%bySyp>z34+P3u*&Mu-m9%2DM
zM1#;Z*vfBcJr=;M_CuQWO_43frFzl2X!#}6BEGHdi;nhOH9UJ@nY6!DL~EYQ26v)D
zfO%YylEaLB&9P6jD?7I>->8(G6BfUJ29xL{Vpk$g(aq)Ae4aXIyKq8{#VXEC7VzXV
zXvuOJp;EcjGGwz=-cb~})w~_`#Ae6Hw7PTC@yyW1Jo`qa>hMw~r+lNL4E0f>2C3qc
zRVqhS6eqroNsbfW+~ksr)kt#1=3Sm-N7D6ZatKO^_}@m=sI=_Fsw)onI^LdNpVH4U
zMMnLKH;Kf>CXXhgepzvfLX9_wJ1#pH_~f~=Q<feBT~E3g#Uc*HIY(}u>L8y=pYHsr
z3Pqky=<y+uDl4SYCzDS044-YY4|JCg&*A9hpQ31Kl=Tvd=7*)&6_!x`EkEz$`jV<z
zu0>Uq&HIIHYRI(F!9-?~f29#F=NnBN|8JI*I#Og7{BJ8wvDs=h>g728|5C`kgzuR^
l00;m9AOHk_01yBIKmZ5;0U!VbfWT!F*d0IEoVtW)$A6znf$0DM

diff --git a/docs/_build/html/_sources/cdm/entities/host.md b/docs/_build/html/_sources/cdm/entities/host.md
deleted file mode 100644
index 109098dcfc..0000000000
--- a/docs/_build/html/_sources/cdm/entities/host.md
+++ /dev/null
@@ -1,18 +0,0 @@
-# host
-
-Event fields used to define metadata about a host or device.
-
-## Attributes
-
-| Name | Type | Description | Sample Value |
-|:---|:---|:---|:---|
- | host_domain | string | Name of the domain the host is part of or joined. | ```hunt.wardog.com``` |
- | host_fqdn | string | The fully qualified domain name of the host | ```WKHR001.hunt.wardog.com``` |
- | host_interface_guid | string | GUID of the network interface which was used for authentication request | ```{2BB33827-6BB6-48DB-8DE6-DB9E0B9F9C9B}``` |
- | host_interface_name | string | the name (description) of the network interface that was used for authentication request. You can get the list of all available network adapters using "ipconfig /all" command | ```Microsoft Hyper-V Network Adapter``` |
- | host_local_mac | string | local interface's MAC-address | ```18:64:72:F3:33:91``` |
- | host_model | string | The model of the source device | ```Samsung Galaxy Note 10``` |
- | host_name | string | The name of a host, device, node, or entity that is separate from the FQDN and Domain. | ```WKHR001``` |
- | host_os | string | The OS of the source device | ```iOS``` |
- | host_peer_mac | string | peer's (typically - access point) MAC-address | ```02:1A:C5:14:59:C9``` |
- | host_type | string | The type of the source device | ```mobile``` |
diff --git a/docs/_build/html/attack/windows/ds_mapping_table.html b/docs/_build/html/attack/windows/ds_mapping_table.html
index 2be9f2cf35..4640c1d1ec 100644
--- a/docs/_build/html/attack/windows/ds_mapping_table.html
+++ b/docs/_build/html/attack/windows/ds_mapping_table.html
@@ -116,6 +116,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../../cdm/entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../../cdm/tables/intro.html">
    Tables
diff --git a/docs/_build/html/attack/windows/intro.html b/docs/_build/html/attack/windows/intro.html
index 1c67dd1664..32388ba85c 100644
--- a/docs/_build/html/attack/windows/intro.html
+++ b/docs/_build/html/attack/windows/intro.html
@@ -116,6 +116,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../../cdm/entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../../cdm/tables/intro.html">
    Tables
diff --git a/docs/_build/html/cdm/entities/alert.html b/docs/_build/html/cdm/entities/alert.html
index 16aee9d374..2ac4e0af2f 100644
--- a/docs/_build/html/cdm/entities/alert.html
+++ b/docs/_build/html/cdm/entities/alert.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="any" href="any.html" />
+    <link rel="prev" title="Entities" href="intro.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -324,6 +503,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="intro.html" title="previous page">Entities</a>
+    <a class='right-next' id="next-link" href="any.html" title="next page">any</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/any.html b/docs/_build/html/cdm/entities/any.html
index ef9899b055..fac6d74cff 100644
--- a/docs/_build/html/cdm/entities/any.html
+++ b/docs/_build/html/cdm/entities/any.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="certificate" href="certificate.html" />
+    <link rel="prev" title="alert" href="alert.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -344,6 +523,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="alert.html" title="previous page">alert</a>
+    <a class='right-next' id="next-link" href="certificate.html" title="next page">certificate</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/certificate.html b/docs/_build/html/cdm/entities/certificate.html
index 9296cf3f4c..25624f4fca 100644
--- a/docs/_build/html/cdm/entities/certificate.html
+++ b/docs/_build/html/cdm/entities/certificate.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="cloud" href="cloud.html" />
+    <link rel="prev" title="any" href="any.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -329,6 +508,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="any.html" title="previous page">any</a>
+    <a class='right-next' id="next-link" href="cloud.html" title="next page">cloud</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/cloud.html b/docs/_build/html/cdm/entities/cloud.html
index f2a4d25338..087d9b94fe 100644
--- a/docs/_build/html/cdm/entities/cloud.html
+++ b/docs/_build/html/cdm/entities/cloud.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="destination" href="destination.html" />
+    <link rel="prev" title="certificate" href="certificate.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -309,6 +488,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="certificate.html" title="previous page">certificate</a>
+    <a class='right-next' id="next-link" href="destination.html" title="next page">destination</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/destination.html b/docs/_build/html/cdm/entities/destination.html
index 2d707de772..f74e70d89c 100644
--- a/docs/_build/html/cdm/entities/destination.html
+++ b/docs/_build/html/cdm/entities/destination.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="destination_nat" href="destination_nat.html" />
+    <link rel="prev" title="cloud" href="cloud.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -884,6 +1063,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="cloud.html" title="previous page">cloud</a>
+    <a class='right-next' id="next-link" href="destination_nat.html" title="next page">destination_nat</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/destination_nat.html b/docs/_build/html/cdm/entities/destination_nat.html
index 5210d8a7c4..b9835d467d 100644
--- a/docs/_build/html/cdm/entities/destination_nat.html
+++ b/docs/_build/html/cdm/entities/destination_nat.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="device" href="device.html" />
+    <link rel="prev" title="destination" href="destination.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -319,6 +498,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="destination.html" title="previous page">destination</a>
+    <a class='right-next' id="next-link" href="device.html" title="next page">device</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/device.html b/docs/_build/html/cdm/entities/device.html
index 0e29f91e55..5e15af3a4b 100644
--- a/docs/_build/html/cdm/entities/device.html
+++ b/docs/_build/html/cdm/entities/device.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="dns" href="dns.html" />
+    <link rel="prev" title="destination_nat" href="destination_nat.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -369,6 +548,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="destination_nat.html" title="previous page">destination_nat</a>
+    <a class='right-next' id="next-link" href="dns.html" title="next page">dns</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/dns.html b/docs/_build/html/cdm/entities/dns.html
index 24632da3c6..a16f3f2d87 100644
--- a/docs/_build/html/cdm/entities/dns.html
+++ b/docs/_build/html/cdm/entities/dns.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="etl" href="etl.html" />
+    <link rel="prev" title="device" href="device.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -404,6 +583,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="device.html" title="previous page">device</a>
+    <a class='right-next' id="next-link" href="etl.html" title="next page">etl</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/etl.html b/docs/_build/html/cdm/entities/etl.html
index f710173727..0d8bceea2a 100644
--- a/docs/_build/html/cdm/entities/etl.html
+++ b/docs/_build/html/cdm/entities/etl.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="event" href="event.html" />
+    <link rel="prev" title="dns" href="dns.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -399,6 +578,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="dns.html" title="previous page">dns</a>
+    <a class='right-next' id="next-link" href="event.html" title="next page">event</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/event.html b/docs/_build/html/cdm/entities/event.html
index da77b79e13..a2b33c884c 100644
--- a/docs/_build/html/cdm/entities/event.html
+++ b/docs/_build/html/cdm/entities/event.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="file" href="file.html" />
+    <link rel="prev" title="etl" href="etl.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -464,6 +643,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="etl.html" title="previous page">etl</a>
+    <a class='right-next' id="next-link" href="file.html" title="next page">file</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/file.html b/docs/_build/html/cdm/entities/file.html
index 37b8be438e..239d61989d 100644
--- a/docs/_build/html/cdm/entities/file.html
+++ b/docs/_build/html/cdm/entities/file.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="geo" href="geo.html" />
+    <link rel="prev" title="event" href="event.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -444,6 +623,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="event.html" title="previous page">event</a>
+    <a class='right-next' id="next-link" href="geo.html" title="next page">geo</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/geo.html b/docs/_build/html/cdm/entities/geo.html
index 9b822125f2..5a4d293b4e 100644
--- a/docs/_build/html/cdm/entities/geo.html
+++ b/docs/_build/html/cdm/entities/geo.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="group" href="group.html" />
+    <link rel="prev" title="file" href="file.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -329,6 +508,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="file.html" title="previous page">file</a>
+    <a class='right-next' id="next-link" href="group.html" title="next page">group</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/group.html b/docs/_build/html/cdm/entities/group.html
index 6d6bb82b7f..3767b1bd93 100644
--- a/docs/_build/html/cdm/entities/group.html
+++ b/docs/_build/html/cdm/entities/group.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="hash" href="hash.html" />
+    <link rel="prev" title="geo" href="geo.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -314,6 +493,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="geo.html" title="previous page">geo</a>
+    <a class='right-next' id="next-link" href="hash.html" title="next page">hash</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/hash.html b/docs/_build/html/cdm/entities/hash.html
index 170772fe73..98e14cc05e 100644
--- a/docs/_build/html/cdm/entities/hash.html
+++ b/docs/_build/html/cdm/entities/hash.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="http" href="http.html" />
+    <link rel="prev" title="group" href="group.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -314,6 +493,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="group.html" title="previous page">group</a>
+    <a class='right-next' id="next-link" href="http.html" title="next page">http</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/host.html b/docs/_build/html/cdm/entities/host.html
deleted file mode 100644
index 83557b8707..0000000000
--- a/docs/_build/html/cdm/entities/host.html
+++ /dev/null
@@ -1,363 +0,0 @@
-
-
-<!DOCTYPE html>
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta charset="utf-8" />
-    <title>host &#8212; The OSSEM Project</title>
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/css/all.min.css" integrity="sha384-KA6wR/X5RY4zFAHpv/CnoG2UW1uogYfdnP67Uv7eULvTveboZJg0qUpmJZb5VqzN" crossorigin="anonymous">
-    <link href="../../_static/css/index.css" rel="stylesheet">
-    <link rel="stylesheet" href="../../_static/sphinx-book-theme.css" type="text/css" />
-    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
-    <link rel="stylesheet" type="text/css" href="../../_static/togglebutton.css" />
-    <link rel="stylesheet" type="text/css" href="../../_static/copybutton.css" />
-    <link rel="stylesheet" type="text/css" href="../../_static/mystnb.css" />
-    <link rel="stylesheet" type="text/css" href="../../_static/sphinx-thebe.css" />
-    <link rel="stylesheet" type="text/css" href="../../_static/jupyter-sphinx.css" />
-    <script id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
-    <script src="../../_static/sphinx-book-theme.js"></script>
-    <script src="../../_static/jquery.js"></script>
-    <script src="../../_static/underscore.js"></script>
-    <script src="../../_static/doctools.js"></script>
-    <script src="../../_static/language_data.js"></script>
-    <script src="../../_static/togglebutton.js"></script>
-    <script src="../../_static/clipboard.min.js"></script>
-    <script src="../../_static/copybutton.js"></script>
-    <script src="../../_static/mystnb.js"></script>
-    <script src="../../_static/sphinx-book-theme.js"></script>
-    <script >var togglebuttonSelector = '.toggle, .tag_hide_input div.cell_input, .tag_hide-input div.cell_input, .tag_hide_output div.cell_output, .tag_hide-output div.cell_output, .tag_hide_cell.cell, .tag_hide-cell.cell';</script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/require.js/2.3.4/require.min.js"></script>
-    <script src="https://unpkg.com/@jupyter-widgets/html-manager@^0.18.0/dist/embed-amd.js"></script>
-    <script async="async" src="https://unpkg.com/thebelab@latest/lib/index.js"></script>
-    <script >
-        const thebe_selector = ".thebe,.cell"
-        const thebe_selector_input = "pre,.cell_input div.highlight"
-        const thebe_selector_output = ".output,.cell_output"
-    </script>
-    <script async="async" src="../../_static/sphinx-thebe.js"></script>
-    <link rel="canonical" href="https://ossemproject.com/cdm/entities/host.html" />
-    <link rel="shortcut icon" href="../../_static/favicon.ico"/>
-    <link rel="index" title="Index" href="../../genindex.html" />
-    <link rel="search" title="Search" href="../../search.html" />
-
-    <meta name="viewport" content="width=device-width, initial-scale=1">
-    <meta name="docsearch:language" content="en">
-
-
-<!-- Opengraph tags -->
-<meta property="og:url"         content="https://ossemproject.com/cdm/entities/host.html" />
-<meta property="og:type"        content="article" />
-<meta property="og:title"       content="host" />
-<meta property="og:description" content="host  Event fields used to define metadata about a host or device.  Attributes          Name  Type  Description  Sample Value  host_domain  string  Name of the " />
-<meta property="og:image"       content="https://ossemproject.com/_static/logo.png" />
-
-<meta name="twitter:card" content="summary" />
-
-
-  </head>
-  <body data-spy="scroll" data-target="#bd-toc-nav" data-offset="80">
-    
-
-    <div class="container-xl">
-      <div class="row">
-          
-<div class="col-12 col-md-3 bd-sidebar site-navigation show" id="site-navigation">
-    
-        <div class="navbar-brand-box">
-<a class="navbar-brand text-wrap" href="../../index.html">
-  
-  <img src="../../_static/logo.png" class="logo" alt="logo">
-  
-  
-  <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
-  
-</a>
-</div>
-
-<form class="bd-search d-flex align-items-center" action="../../search.html" method="get">
-  <i class="icon fas fa-search"></i>
-  <input type="search" class="form-control" name="q" id="search-input" placeholder="Search this book..." aria-label="Search this book..." autocomplete="off" >
-</form>
-
-<nav class="bd-links" id="bd-docs-nav" aria-label="Main navigation">
-  <p class="caption">
- <span class="caption-text">
-  Data Dictionaries
- </span>
-</p>
-<ul class="nav sidenav_l1">
- <li class="toctree-l1">
-  <a class="reference internal" href="../../dd/intro.html">
-   Introduction
-  </a>
- </li>
- <li class="toctree-l1">
-  <a class="reference internal" href="../../dd/guidelines/intro.html">
-   Guidelines
-  </a>
- </li>
-</ul>
-<p class="caption">
- <span class="caption-text">
-  Common Data Model
- </span>
-</p>
-<ul class="nav sidenav_l1">
- <li class="toctree-l1">
-  <a class="reference internal" href="../intro.html">
-   Introduction
-  </a>
- </li>
- <li class="toctree-l1">
-  <a class="reference internal" href="../guidelines/intro.html">
-   Guidelines
-  </a>
- </li>
- <li class="toctree-l1">
-  <a class="reference internal" href="../tables/intro.html">
-   Tables
-  </a>
- </li>
-</ul>
-<p class="caption">
- <span class="caption-text">
-  Detection Data Model
- </span>
-</p>
-<ul class="nav sidenav_l1">
- <li class="toctree-l1">
-  <a class="reference internal" href="../../ddm/intro.html">
-   Introduction
-  </a>
- </li>
-</ul>
-<p class="caption">
- <span class="caption-text">
-  ATT&amp;CK Data Sources
- </span>
-</p>
-<ul class="nav sidenav_l1">
- <li class="toctree-l1">
-  <a class="reference internal" href="../../attack/windows/intro.html">
-   Windows
-  </a>
- </li>
-</ul>
-
-</nav>
-
- <!-- To handle the deprecated key -->
-
-</div>
-
-
-          
-
-
-          
-<main class="col py-md-3 pl-md-4 bd-content overflow-auto" role="main">
-    
-    <div class="row topbar fixed-top container-xl">
-    <div class="col-12 col-md-3 bd-topbar-whitespace site-navigation show">
-    </div>
-    <div class="col pl-2 topbar-main">
-        
-        <button id="navbar-toggler" class="navbar-toggler ml-0" type="button" data-toggle="collapse"
-            data-toggle="tooltip" data-placement="bottom" data-target=".site-navigation" aria-controls="navbar-menu"
-            aria-expanded="true" aria-label="Toggle navigation" aria-controls="site-navigation"
-            title="Toggle navigation" data-toggle="tooltip" data-placement="left">
-            <i class="fas fa-bars"></i>
-            <i class="fas fa-arrow-left"></i>
-            <i class="fas fa-arrow-up"></i>
-        </button>
-        
-        <div class="dropdown-buttons-trigger">
-    <button id="dropdown-buttons-trigger" class="btn btn-secondary topbarbtn" aria-label="Download this page"><i
-            class="fas fa-download"></i></button>
-
-    
-    <div class="dropdown-buttons">
-        <!-- ipynb file if we had a myst markdown file -->
-        
-        <!-- Download raw file -->
-        <a class="dropdown-buttons" href="../../_sources/cdm/entities/host.md"><button type="button"
-                class="btn btn-secondary topbarbtn" title="Download source file" data-toggle="tooltip"
-                data-placement="left">.md</button></a>
-        <!-- Download PDF via print -->
-        <button type="button" id="download-print" class="btn btn-secondary topbarbtn" title="Print to PDF"
-            onClick="window.print()" data-toggle="tooltip" data-placement="left">.pdf</button>
-    </div>
-    
-</div>
-        <!-- Source interaction buttons -->
-
-<div class="dropdown-buttons-trigger">
-    <button id="dropdown-buttons-trigger" class="btn btn-secondary topbarbtn"
-        aria-label="Connect with source repository"><i class="fab fa-github"></i></button>
-    <div class="dropdown-buttons sourcebuttons">
-        <a class="repository-button"
-            href="https://github.com/OTRF/OSSEM"><button type="button" class="btn btn-secondary topbarbtn"
-                data-toggle="tooltip" data-placement="left" title="Source repository"><i
-                    class="fab fa-github"></i>repository</button></a>
-        <a class="issues-button"
-            href="https://github.com/OTRF/OSSEM/issues/new?title=Issue%20on%20page%20%2Fcdm/entities/host.html&body=Your%20issue%20content%20here."><button
-                type="button" class="btn btn-secondary topbarbtn" data-toggle="tooltip" data-placement="left"
-                title="Open an issue"><i class="fas fa-lightbulb"></i>open issue</button></a>
-        <a class="edit-button" href="https://github.com/OTRF/OSSEM/edit/master/docs/cdm/entities/host.md"><button
-                type="button" class="btn btn-secondary topbarbtn" data-toggle="tooltip" data-placement="left"
-                title="Edit this page"><i class="fas fa-pencil-alt"></i>suggest edit</button></a>
-    </div>
-</div>
-
-
-        <!-- Full screen (wrap in <a> to have style consistency -->
-        <a class="full-screen-button"><button type="button" class="btn btn-secondary topbarbtn" data-toggle="tooltip"
-                data-placement="bottom" onclick="toggleFullScreen()" title="Fullscreen mode"><i
-                    class="fas fa-expand"></i></button></a>
-
-        <!-- Launch buttons -->
-
-    </div>
-
-    <!-- Table of contents -->
-    <div class="d-none d-md-block col-md-2 bd-toc show">
-        <div class="tocsection onthispage pt-5 pb-3">
-            <i class="fas fa-list"></i> Contents
-        </div>
-        <nav id="bd-toc-nav">
-            <ul class="nav section-nav flex-column">
- <li class="toc-h2 nav-item toc-entry">
-  <a class="reference internal nav-link" href="#attributes">
-   Attributes
-  </a>
- </li>
-</ul>
-
-        </nav>
-    </div>
-</div>
-    <div id="main-content" class="row">
-        <div class="col-12 col-md-9 pl-md-3 pr-md-0">
-        
-              <div>
-                
-  <div class="section" id="host">
-<h1>host<a class="headerlink" href="#host" title="Permalink to this headline">¶</a></h1>
-<p>Event fields used to define metadata about a host or device.</p>
-<div class="section" id="attributes">
-<h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this headline">¶</a></h2>
-<table class="colwidths-auto table">
-<thead>
-<tr class="row-odd"><th class="text-align:left head"><p>Name</p></th>
-<th class="text-align:left head"><p>Type</p></th>
-<th class="text-align:left head"><p>Description</p></th>
-<th class="text-align:left head"><p>Sample Value</p></th>
-</tr>
-</thead>
-<tbody>
-<tr class="row-even"><td class="text-align:left"><p>host_domain</p></td>
-<td class="text-align:left"><p>string</p></td>
-<td class="text-align:left"><p>Name of the domain the host is part of or joined.</p></td>
-<td class="text-align:left"><p><code class="docutils literal notranslate"><span class="pre">hunt.wardog.com</span></code></p></td>
-</tr>
-<tr class="row-odd"><td class="text-align:left"><p>host_fqdn</p></td>
-<td class="text-align:left"><p>string</p></td>
-<td class="text-align:left"><p>The fully qualified domain name of the host</p></td>
-<td class="text-align:left"><p><code class="docutils literal notranslate"><span class="pre">WKHR001.hunt.wardog.com</span></code></p></td>
-</tr>
-<tr class="row-even"><td class="text-align:left"><p>host_interface_guid</p></td>
-<td class="text-align:left"><p>string</p></td>
-<td class="text-align:left"><p>GUID of the network interface which was used for authentication request</p></td>
-<td class="text-align:left"><p><code class="docutils literal notranslate"><span class="pre">{2BB33827-6BB6-48DB-8DE6-DB9E0B9F9C9B}</span></code></p></td>
-</tr>
-<tr class="row-odd"><td class="text-align:left"><p>host_interface_name</p></td>
-<td class="text-align:left"><p>string</p></td>
-<td class="text-align:left"><p>the name (description) of the network interface that was used for authentication request. You can get the list of all available network adapters using “ipconfig /all” command</p></td>
-<td class="text-align:left"><p><code class="docutils literal notranslate"><span class="pre">Microsoft</span> <span class="pre">Hyper-V</span> <span class="pre">Network</span> <span class="pre">Adapter</span></code></p></td>
-</tr>
-<tr class="row-even"><td class="text-align:left"><p>host_local_mac</p></td>
-<td class="text-align:left"><p>string</p></td>
-<td class="text-align:left"><p>local interface’s MAC-address</p></td>
-<td class="text-align:left"><p><code class="docutils literal notranslate"><span class="pre">18:64:72:F3:33:91</span></code></p></td>
-</tr>
-<tr class="row-odd"><td class="text-align:left"><p>host_model</p></td>
-<td class="text-align:left"><p>string</p></td>
-<td class="text-align:left"><p>The model of the source device</p></td>
-<td class="text-align:left"><p><code class="docutils literal notranslate"><span class="pre">Samsung</span> <span class="pre">Galaxy</span> <span class="pre">Note</span> <span class="pre">10</span></code></p></td>
-</tr>
-<tr class="row-even"><td class="text-align:left"><p>host_name</p></td>
-<td class="text-align:left"><p>string</p></td>
-<td class="text-align:left"><p>The name of a host, device, node, or entity that is separate from the FQDN and Domain.</p></td>
-<td class="text-align:left"><p><code class="docutils literal notranslate"><span class="pre">WKHR001</span></code></p></td>
-</tr>
-<tr class="row-odd"><td class="text-align:left"><p>host_os</p></td>
-<td class="text-align:left"><p>string</p></td>
-<td class="text-align:left"><p>The OS of the source device</p></td>
-<td class="text-align:left"><p><code class="docutils literal notranslate"><span class="pre">iOS</span></code></p></td>
-</tr>
-<tr class="row-even"><td class="text-align:left"><p>host_peer_mac</p></td>
-<td class="text-align:left"><p>string</p></td>
-<td class="text-align:left"><p>peer’s (typically - access point) MAC-address</p></td>
-<td class="text-align:left"><p><code class="docutils literal notranslate"><span class="pre">02:1A:C5:14:59:C9</span></code></p></td>
-</tr>
-<tr class="row-odd"><td class="text-align:left"><p>host_type</p></td>
-<td class="text-align:left"><p>string</p></td>
-<td class="text-align:left"><p>The type of the source device</p></td>
-<td class="text-align:left"><p><code class="docutils literal notranslate"><span class="pre">mobile</span></code></p></td>
-</tr>
-</tbody>
-</table>
-</div>
-</div>
-
-    <script type="text/x-thebe-config">
-    {
-        requestKernel: true,
-        binderOptions: {
-            repo: "OTRF/OSSEM",
-            ref: "master",
-        },
-        codeMirrorConfig: {
-            theme: "abcdef",
-            mode: "python"
-        },
-        kernelOptions: {
-            kernelName: "python3",
-            path: "./cdm/entities"
-        },
-        predefinedOutput: true
-    }
-    </script>
-    <script>kernelName = 'python3'</script>
-
-              </div>
-              
-        </div>
-    </div>
-    
-    
-    <div class='prev-next-bottom'>
-        
-
-    </div>
-    <footer class="footer mt-5 mt-md-0">
-    <div class="container">
-      <p>
-        
-          By Roberto Rodriguez @Cyb3rWard0g<br/>
-        
-            &copy; Copyright 2020.<br/>
-      </p>
-    </div>
-  </footer>
-</main>
-
-
-      </div>
-    </div>
-
-    <script src="../../_static/js/index.js"></script>
-    
-  </body>
-</html>
\ No newline at end of file
diff --git a/docs/_build/html/cdm/entities/http.html b/docs/_build/html/cdm/entities/http.html
index db9858ede9..55c7b92a15 100644
--- a/docs/_build/html/cdm/entities/http.html
+++ b/docs/_build/html/cdm/entities/http.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="ip" href="ip.html" />
+    <link rel="prev" title="hash" href="hash.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -404,6 +583,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="hash.html" title="previous page">hash</a>
+    <a class='right-next' id="next-link" href="ip.html" title="next page">ip</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/ip.html b/docs/_build/html/cdm/entities/ip.html
index 75546cedf7..7cd149e5e3 100644
--- a/docs/_build/html/cdm/entities/ip.html
+++ b/docs/_build/html/cdm/entities/ip.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="kerberos" href="kerberos.html" />
+    <link rel="prev" title="http" href="http.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -304,6 +483,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="http.html" title="previous page">http</a>
+    <a class='right-next' id="next-link" href="kerberos.html" title="next page">kerberos</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/kerberos.html b/docs/_build/html/cdm/entities/kerberos.html
index e776e37e66..6adbcc7800 100644
--- a/docs/_build/html/cdm/entities/kerberos.html
+++ b/docs/_build/html/cdm/entities/kerberos.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="logon" href="logon.html" />
+    <link rel="prev" title="ip" href="ip.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -319,6 +498,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="ip.html" title="previous page">ip</a>
+    <a class='right-next' id="next-link" href="logon.html" title="next page">logon</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/logon.html b/docs/_build/html/cdm/entities/logon.html
index 4810627c7c..14a73dfe0d 100644
--- a/docs/_build/html/cdm/entities/logon.html
+++ b/docs/_build/html/cdm/entities/logon.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="mac" href="mac.html" />
+    <link rel="prev" title="kerberos" href="kerberos.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -364,6 +543,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="kerberos.html" title="previous page">kerberos</a>
+    <a class='right-next' id="next-link" href="mac.html" title="next page">mac</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/mac.html b/docs/_build/html/cdm/entities/mac.html
index 132775ceb1..a0e6395ae5 100644
--- a/docs/_build/html/cdm/entities/mac.html
+++ b/docs/_build/html/cdm/entities/mac.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="meta" href="meta.html" />
+    <link rel="prev" title="logon" href="logon.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -294,6 +473,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="logon.html" title="previous page">logon</a>
+    <a class='right-next' id="next-link" href="meta.html" title="next page">meta</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/meta.html b/docs/_build/html/cdm/entities/meta.html
index ad47b1f210..996c0d0709 100644
--- a/docs/_build/html/cdm/entities/meta.html
+++ b/docs/_build/html/cdm/entities/meta.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="module" href="module.html" />
+    <link rel="prev" title="mac" href="mac.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -319,6 +498,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="mac.html" title="previous page">mac</a>
+    <a class='right-next' id="next-link" href="module.html" title="next page">module</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/module.html b/docs/_build/html/cdm/entities/module.html
index 36b363694a..8a6060fcdf 100644
--- a/docs/_build/html/cdm/entities/module.html
+++ b/docs/_build/html/cdm/entities/module.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="network" href="network.html" />
+    <link rel="prev" title="meta" href="meta.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -314,6 +493,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="meta.html" title="previous page">meta</a>
+    <a class='right-next' id="next-link" href="network.html" title="next page">network</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/network.html b/docs/_build/html/cdm/entities/network.html
index 4132b34952..97269c9897 100644
--- a/docs/_build/html/cdm/entities/network.html
+++ b/docs/_build/html/cdm/entities/network.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="pipe" href="pipe.html" />
+    <link rel="prev" title="module" href="module.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -389,6 +568,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="module.html" title="previous page">module</a>
+    <a class='right-next' id="next-link" href="pipe.html" title="next page">pipe</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/pipe.html b/docs/_build/html/cdm/entities/pipe.html
index b6dc0d62af..edb19dcd9a 100644
--- a/docs/_build/html/cdm/entities/pipe.html
+++ b/docs/_build/html/cdm/entities/pipe.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="port" href="port.html" />
+    <link rel="prev" title="network" href="network.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -309,6 +488,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="network.html" title="previous page">network</a>
+    <a class='right-next' id="next-link" href="port.html" title="next page">port</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/port.html b/docs/_build/html/cdm/entities/port.html
index 5851140a76..f5c2c9d868 100644
--- a/docs/_build/html/cdm/entities/port.html
+++ b/docs/_build/html/cdm/entities/port.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="process" href="process.html" />
+    <link rel="prev" title="pipe" href="pipe.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -299,6 +478,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="pipe.html" title="previous page">pipe</a>
+    <a class='right-next' id="next-link" href="process.html" title="next page">process</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/process.html b/docs/_build/html/cdm/entities/process.html
index 244e882ded..06e44b98be 100644
--- a/docs/_build/html/cdm/entities/process.html
+++ b/docs/_build/html/cdm/entities/process.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="registry" href="registry.html" />
+    <link rel="prev" title="port" href="port.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -499,6 +678,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="port.html" title="previous page">port</a>
+    <a class='right-next' id="next-link" href="registry.html" title="next page">registry</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/registry.html b/docs/_build/html/cdm/entities/registry.html
index 14ceb6fa4b..7130aa7ef0 100644
--- a/docs/_build/html/cdm/entities/registry.html
+++ b/docs/_build/html/cdm/entities/registry.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="rule" href="rule.html" />
+    <link rel="prev" title="process" href="process.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -339,6 +518,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="process.html" title="previous page">process</a>
+    <a class='right-next' id="next-link" href="rule.html" title="next page">rule</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/rule.html b/docs/_build/html/cdm/entities/rule.html
index 63b3ddcdad..b9c1a73709 100644
--- a/docs/_build/html/cdm/entities/rule.html
+++ b/docs/_build/html/cdm/entities/rule.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="source" href="source.html" />
+    <link rel="prev" title="registry" href="registry.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -299,6 +478,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="registry.html" title="previous page">registry</a>
+    <a class='right-next' id="next-link" href="source.html" title="next page">source</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/source.html b/docs/_build/html/cdm/entities/source.html
index 0b9fc0fdc9..db3a85f04e 100644
--- a/docs/_build/html/cdm/entities/source.html
+++ b/docs/_build/html/cdm/entities/source.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="source_nat" href="source_nat.html" />
+    <link rel="prev" title="rule" href="rule.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -1019,6 +1198,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="rule.html" title="previous page">rule</a>
+    <a class='right-next' id="next-link" href="source_nat.html" title="next page">source_nat</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/source_nat.html b/docs/_build/html/cdm/entities/source_nat.html
index 002df81fc6..87152c9d8f 100644
--- a/docs/_build/html/cdm/entities/source_nat.html
+++ b/docs/_build/html/cdm/entities/source_nat.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="target" href="target.html" />
+    <link rel="prev" title="source" href="source.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -314,6 +493,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="source.html" title="previous page">source</a>
+    <a class='right-next' id="next-link" href="target.html" title="next page">target</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/target.html b/docs/_build/html/cdm/entities/target.html
index 7b6c0c4b57..c0b80ebe36 100644
--- a/docs/_build/html/cdm/entities/target.html
+++ b/docs/_build/html/cdm/entities/target.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="tls" href="tls.html" />
+    <link rel="prev" title="source_nat" href="source_nat.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -744,6 +923,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="source_nat.html" title="previous page">source_nat</a>
+    <a class='right-next' id="next-link" href="tls.html" title="next page">tls</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/tls.html b/docs/_build/html/cdm/entities/tls.html
index c9dc733069..3813a8285f 100644
--- a/docs/_build/html/cdm/entities/tls.html
+++ b/docs/_build/html/cdm/entities/tls.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="url" href="url.html" />
+    <link rel="prev" title="target" href="target.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -329,6 +508,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="target.html" title="previous page">target</a>
+    <a class='right-next' id="next-link" href="url.html" title="next page">url</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/url.html b/docs/_build/html/cdm/entities/url.html
index d904cb602a..19b33d563f 100644
--- a/docs/_build/html/cdm/entities/url.html
+++ b/docs/_build/html/cdm/entities/url.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="user" href="user.html" />
+    <link rel="prev" title="tls" href="tls.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -356,6 +535,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="tls.html" title="previous page">tls</a>
+    <a class='right-next' id="next-link" href="user.html" title="next page">user</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/user.html b/docs/_build/html/cdm/entities/user.html
index e1bb74bcfd..835e42903e 100644
--- a/docs/_build/html/cdm/entities/user.html
+++ b/docs/_build/html/cdm/entities/user.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="user_agent" href="user_agent.html" />
+    <link rel="prev" title="url" href="url.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user_agent.html">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -454,6 +633,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="url.html" title="previous page">url</a>
+    <a class='right-next' id="next-link" href="user_agent.html" title="next page">user_agent</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/entities/user_agent.html b/docs/_build/html/cdm/entities/user_agent.html
index 8b82675ddd..f38edab1bc 100644
--- a/docs/_build/html/cdm/entities/user_agent.html
+++ b/docs/_build/html/cdm/entities/user_agent.html
@@ -40,6 +40,8 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Tables" href="../tables/intro.html" />
+    <link rel="prev" title="user" href="user.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -103,7 +105,7 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
   Common Data Model
  </span>
 </p>
-<ul class="nav sidenav_l1">
+<ul class="current nav sidenav_l1">
  <li class="toctree-l1">
   <a class="reference internal" href="../intro.html">
    Introduction
@@ -114,6 +116,183 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1 current active">
+  <a class="reference internal" href="intro.html">
+   Entities
+  </a>
+  <ul class="current">
+   <li class="toctree-l2">
+    <a class="reference internal" href="alert.html">
+     alert
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="any.html">
+     any
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="certificate.html">
+     certificate
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="cloud.html">
+     cloud
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination.html">
+     destination
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="destination_nat.html">
+     destination_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="device.html">
+     device
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="dns.html">
+     dns
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="etl.html">
+     etl
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="event.html">
+     event
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="file.html">
+     file
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="geo.html">
+     geo
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="group.html">
+     group
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="hash.html">
+     hash
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="http.html">
+     http
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="ip.html">
+     ip
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="kerberos.html">
+     kerberos
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="logon.html">
+     logon
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="mac.html">
+     mac
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="meta.html">
+     meta
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="module.html">
+     module
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="network.html">
+     network
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="pipe.html">
+     pipe
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="port.html">
+     port
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="process.html">
+     process
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="registry.html">
+     registry
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="rule.html">
+     rule
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source.html">
+     source
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="source_nat.html">
+     source_nat
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="target.html">
+     target
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="tls.html">
+     tls
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="url.html">
+     url
+    </a>
+   </li>
+   <li class="toctree-l2">
+    <a class="reference internal" href="user.html">
+     user
+    </a>
+   </li>
+   <li class="toctree-l2 current active">
+    <a class="current reference internal" href="#">
+     user_agent
+    </a>
+   </li>
+  </ul>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -294,6 +473,8 @@ <h2>Attributes<a class="headerlink" href="#attributes" title="Permalink to this
     
     <div class='prev-next-bottom'>
         
+    <a class='left-prev' id="prev-link" href="user.html" title="previous page">user</a>
+    <a class='right-next' id="next-link" href="../tables/intro.html" title="next page">Tables</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/guidelines/data_types.html b/docs/_build/html/cdm/guidelines/data_types.html
index 17410c2600..e6f6b87c34 100644
--- a/docs/_build/html/cdm/guidelines/data_types.html
+++ b/docs/_build/html/cdm/guidelines/data_types.html
@@ -138,6 +138,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    </li>
   </ul>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
diff --git a/docs/_build/html/cdm/guidelines/domain_or_hostname_or_fqdn.html b/docs/_build/html/cdm/guidelines/domain_or_hostname_or_fqdn.html
index 77097d9797..a83c306f39 100644
--- a/docs/_build/html/cdm/guidelines/domain_or_hostname_or_fqdn.html
+++ b/docs/_build/html/cdm/guidelines/domain_or_hostname_or_fqdn.html
@@ -40,7 +40,7 @@
     <link rel="shortcut icon" href="../../_static/favicon.ico"/>
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
-    <link rel="next" title="Tables" href="../tables/intro.html" />
+    <link rel="next" title="Entities" href="../entities/intro.html" />
     <link rel="prev" title="Data Types" href="data_types.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
@@ -138,6 +138,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    </li>
   </ul>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
@@ -586,7 +591,7 @@ <h3>Implementation Examples<a class="headerlink" href="#implementation-examples"
     <div class='prev-next-bottom'>
         
     <a class='left-prev' id="prev-link" href="data_types.html" title="previous page">Data Types</a>
-    <a class='right-next' id="next-link" href="../tables/intro.html" title="next page">Tables</a>
+    <a class='right-next' id="next-link" href="../entities/intro.html" title="next page">Entities</a>
 
     </div>
     <footer class="footer mt-5 mt-md-0">
diff --git a/docs/_build/html/cdm/guidelines/entity_structure.html b/docs/_build/html/cdm/guidelines/entity_structure.html
index 2ac29b8114..85c21a25e6 100644
--- a/docs/_build/html/cdm/guidelines/entity_structure.html
+++ b/docs/_build/html/cdm/guidelines/entity_structure.html
@@ -138,6 +138,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    </li>
   </ul>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
diff --git a/docs/_build/html/cdm/guidelines/intro.html b/docs/_build/html/cdm/guidelines/intro.html
index dc05b78c95..2c2efcc478 100644
--- a/docs/_build/html/cdm/guidelines/intro.html
+++ b/docs/_build/html/cdm/guidelines/intro.html
@@ -138,6 +138,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    </li>
   </ul>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
diff --git a/docs/_build/html/cdm/guidelines/table_structure.html b/docs/_build/html/cdm/guidelines/table_structure.html
index fe629c042c..19dddf4cf1 100644
--- a/docs/_build/html/cdm/guidelines/table_structure.html
+++ b/docs/_build/html/cdm/guidelines/table_structure.html
@@ -138,6 +138,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    </li>
   </ul>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../tables/intro.html">
    Tables
diff --git a/docs/_build/html/cdm/intro.html b/docs/_build/html/cdm/intro.html
index 59c5fd4f16..6db942839b 100644
--- a/docs/_build/html/cdm/intro.html
+++ b/docs/_build/html/cdm/intro.html
@@ -116,6 +116,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="tables/intro.html">
    Tables
diff --git a/docs/_build/html/cdm/tables/intro.html b/docs/_build/html/cdm/tables/intro.html
index eadd5cc162..b40f0d02cb 100644
--- a/docs/_build/html/cdm/tables/intro.html
+++ b/docs/_build/html/cdm/tables/intro.html
@@ -41,7 +41,7 @@
     <link rel="index" title="Index" href="../../genindex.html" />
     <link rel="search" title="Search" href="../../search.html" />
     <link rel="next" title="processes" href="processes.html" />
-    <link rel="prev" title="Domain vs FQDN vs Host Name Implementation" href="../guidelines/domain_or_hostname_or_fqdn.html" />
+    <link rel="prev" title="user_agent" href="../entities/user_agent.html" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="docsearch:language" content="en">
@@ -116,6 +116,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1 current active">
   <a class="current reference internal" href="#">
    Tables
@@ -283,7 +288,7 @@ <h1>Tables<a class="headerlink" href="#tables" title="Permalink to this headline
     
     <div class='prev-next-bottom'>
         
-    <a class='left-prev' id="prev-link" href="../guidelines/domain_or_hostname_or_fqdn.html" title="previous page">Domain vs FQDN vs Host Name Implementation</a>
+    <a class='left-prev' id="prev-link" href="../entities/user_agent.html" title="previous page">user_agent</a>
     <a class='right-next' id="next-link" href="processes.html" title="next page">processes</a>
 
     </div>
diff --git a/docs/_build/html/cdm/tables/network_session.html b/docs/_build/html/cdm/tables/network_session.html
index d86f3a8f82..ba54bcf26d 100644
--- a/docs/_build/html/cdm/tables/network_session.html
+++ b/docs/_build/html/cdm/tables/network_session.html
@@ -116,6 +116,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1 current active">
   <a class="reference internal" href="intro.html">
    Tables
diff --git a/docs/_build/html/cdm/tables/processes.html b/docs/_build/html/cdm/tables/processes.html
index 40f394676d..c08df9a25b 100644
--- a/docs/_build/html/cdm/tables/processes.html
+++ b/docs/_build/html/cdm/tables/processes.html
@@ -116,6 +116,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1 current active">
   <a class="reference internal" href="intro.html">
    Tables
diff --git a/docs/_build/html/dd/guidelines/authoring_data_dictionaries.html b/docs/_build/html/dd/guidelines/authoring_data_dictionaries.html
index 1b8bf6f6d6..b4b5b09e34 100644
--- a/docs/_build/html/dd/guidelines/authoring_data_dictionaries.html
+++ b/docs/_build/html/dd/guidelines/authoring_data_dictionaries.html
@@ -123,6 +123,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../../cdm/entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../../cdm/tables/intro.html">
    Tables
diff --git a/docs/_build/html/dd/guidelines/intro.html b/docs/_build/html/dd/guidelines/intro.html
index 7aaee37367..f3056bd35f 100644
--- a/docs/_build/html/dd/guidelines/intro.html
+++ b/docs/_build/html/dd/guidelines/intro.html
@@ -123,6 +123,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../../cdm/entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../../cdm/tables/intro.html">
    Tables
diff --git a/docs/_build/html/dd/intro.html b/docs/_build/html/dd/intro.html
index 52e9f48511..8a13c2e0a1 100644
--- a/docs/_build/html/dd/intro.html
+++ b/docs/_build/html/dd/intro.html
@@ -116,6 +116,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../cdm/entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../cdm/tables/intro.html">
    Tables
diff --git a/docs/_build/html/ddm/intro.html b/docs/_build/html/ddm/intro.html
index 95e60b6297..aa59f43b14 100644
--- a/docs/_build/html/ddm/intro.html
+++ b/docs/_build/html/ddm/intro.html
@@ -116,6 +116,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../cdm/entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../cdm/tables/intro.html">
    Tables
diff --git a/docs/_build/html/notebooks/attack/windows/ds_mapping_techniques.html b/docs/_build/html/notebooks/attack/windows/ds_mapping_techniques.html
index 0d96a9a685..3d46548954 100644
--- a/docs/_build/html/notebooks/attack/windows/ds_mapping_techniques.html
+++ b/docs/_build/html/notebooks/attack/windows/ds_mapping_techniques.html
@@ -115,6 +115,11 @@ <h1 class="site-logo" id="site-title">The OSSEM Project</h1>
    Guidelines
   </a>
  </li>
+ <li class="toctree-l1">
+  <a class="reference internal" href="../../../cdm/entities/intro.html">
+   Entities
+  </a>
+ </li>
  <li class="toctree-l1">
   <a class="reference internal" href="../../../cdm/tables/intro.html">
    Tables
diff --git a/docs/_build/html/reports/ds_mapping_techniques.log b/docs/_build/html/reports/ds_mapping_techniques.log
deleted file mode 100644
index 37745e4f5d..0000000000
--- a/docs/_build/html/reports/ds_mapping_techniques.log
+++ /dev/null
@@ -1,37 +0,0 @@
-Traceback (most recent call last):
-  File "/usr/local/lib/python3.7/site-packages/jupyter_cache/executors/basic.py", line 157, in execute
-    executenb(nb_bundle.nb, cwd=tmpdirname)
-  File "/usr/local/lib/python3.7/site-packages/nbconvert/preprocessors/execute.py", line 737, in executenb
-    return ep.preprocess(nb, resources, km=km)[0]
-  File "/usr/local/lib/python3.7/site-packages/nbconvert/preprocessors/execute.py", line 405, in preprocess
-    nb, resources = super(ExecutePreprocessor, self).preprocess(nb, resources)
-  File "/usr/local/lib/python3.7/site-packages/nbconvert/preprocessors/base.py", line 69, in preprocess
-    nb.cells[index], resources = self.preprocess_cell(cell, resources, index)
-  File "/usr/local/lib/python3.7/site-packages/nbconvert/preprocessors/execute.py", line 448, in preprocess_cell
-    raise CellExecutionError.from_cell_and_msg(cell, out)
-nbconvert.preprocessors.execute.CellExecutionError: An error occurred while executing the following cell:
-------------------
-from attackcti import attack_client
-
-import pandas as pd
-from pandas import json_normalize
-# Do not truncate Pandas output
-pd.set_option('display.max_colwidth', None)
-
-import requests
-
-import yaml
-------------------
-
----------------------------------------------------------------------------
-ImportError                               Traceback (most recent call last)
-<ipython-input-1-9c0d91f22098> in <module>
-      2 
-      3 import pandas as pd
-----> 4 from pandas import json_normalize
-      5 # Do not truncate Pandas output
-      6 pd.set_option('display.max_colwidth', None)
-
-ImportError: cannot import name 'json_normalize' from 'pandas' (/usr/local/lib/python3.7/site-packages/pandas/__init__.py)
-ImportError: cannot import name 'json_normalize' from 'pandas' (/usr/local/lib/python3.7/site-packages/pandas/__init__.py)
-
diff --git a/docs/_build/html/searchindex.js b/docs/_build/html/searchindex.js
index a1d39171d8..f3943c98a7 100644
--- a/docs/_build/html/searchindex.js
+++ b/docs/_build/html/searchindex.js
@@ -1 +1 @@
-Search.setIndex({docnames:["attack/windows/ds_mapping_table","attack/windows/intro","cdm/entities/alert","cdm/entities/any","cdm/entities/certificate","cdm/entities/cloud","cdm/entities/destination","cdm/entities/destination_nat","cdm/entities/device","cdm/entities/dns","cdm/entities/etl","cdm/entities/event","cdm/entities/file","cdm/entities/geo","cdm/entities/group","cdm/entities/hash","cdm/entities/http","cdm/entities/intro","cdm/entities/ip","cdm/entities/kerberos","cdm/entities/logon","cdm/entities/mac","cdm/entities/meta","cdm/entities/module","cdm/entities/network","cdm/entities/pipe","cdm/entities/port","cdm/entities/process","cdm/entities/registry","cdm/entities/rule","cdm/entities/source","cdm/entities/source_nat","cdm/entities/target","cdm/entities/tls","cdm/entities/url","cdm/entities/user","cdm/entities/user_agent","cdm/guidelines/data_types","cdm/guidelines/domain_or_hostname_or_fqdn","cdm/guidelines/entity_structure","cdm/guidelines/intro","cdm/guidelines/table_structure","cdm/intro","cdm/tables/intro","cdm/tables/network_session","cdm/tables/processes","dd/guidelines/authoring_data_dictionaries","dd/guidelines/intro","dd/intro","ddm/intro","intro","notebooks/attack/windows/ds_mapping_techniques"],envversion:{"sphinx.domains.c":1,"sphinx.domains.changeset":1,"sphinx.domains.citation":1,"sphinx.domains.cpp":1,"sphinx.domains.index":1,"sphinx.domains.javascript":1,"sphinx.domains.math":2,"sphinx.domains.python":1,"sphinx.domains.rst":1,"sphinx.domains.std":1,sphinx:56},filenames:["attack/windows/ds_mapping_table.md","attack/windows/intro.md","cdm/entities/alert.md","cdm/entities/any.md","cdm/entities/certificate.md","cdm/entities/cloud.md","cdm/entities/destination.md","cdm/entities/destination_nat.md","cdm/entities/device.md","cdm/entities/dns.md","cdm/entities/etl.md","cdm/entities/event.md","cdm/entities/file.md","cdm/entities/geo.md","cdm/entities/group.md","cdm/entities/hash.md","cdm/entities/http.md","cdm/entities/intro.md","cdm/entities/ip.md","cdm/entities/kerberos.md","cdm/entities/logon.md","cdm/entities/mac.md","cdm/entities/meta.md","cdm/entities/module.md","cdm/entities/network.md","cdm/entities/pipe.md","cdm/entities/port.md","cdm/entities/process.md","cdm/entities/registry.md","cdm/entities/rule.md","cdm/entities/source.md","cdm/entities/source_nat.md","cdm/entities/target.md","cdm/entities/tls.md","cdm/entities/url.md","cdm/entities/user.md","cdm/entities/user_agent.md","cdm/guidelines/data_types.md","cdm/guidelines/domain_or_hostname_or_fqdn.md","cdm/guidelines/entity_structure.md","cdm/guidelines/intro.md","cdm/guidelines/table_structure.md","cdm/intro.md","cdm/tables/intro.md","cdm/tables/network_session.md","cdm/tables/processes.md","dd/guidelines/authoring_data_dictionaries.md","dd/guidelines/intro.md","dd/intro.md","ddm/intro.md","intro.md","notebooks/attack/windows/ds_mapping_techniques.ipynb"],objects:{},objnames:{},objtypes:{},terms:{"000000000z":46,"000941900z":46,"0010396cab00":[27,30,32,45],"035e058":[39,41],"088f":10,"09454ca8bfc2":39,"09t05":46,"0x0":[6,19,20,30,32,35],"0x1000":[27,30,32,45],"0x1074":46,"0x12":19,"0x3e7":[6,30,32,35],"0x40810010":19,"0x48f29":46,"0x8dcdc":[6,20,30,32,35],"0xf003f":28,"0xffffbc6422dd9c20":[27,30,32,45],"0xffffffff":[27,30,32,45],"10e93":[27,30,32],"11fe4":[27,30,32],"1234567890ab":[11,44],"16384_none_25a8f00faa8f185c":46,"189bc2ee":41,"1ad1d79f85d8f6a50ea282f63898d652661daa0c1fd361c22647cabc98a70e8cbce83200d579d10dd0a3d46be9496dcdfddf28b0c5e9709343b032a8796fbecb":[4,6,12,15,27,30,32,44,45],"2012r2":[6,20,30,32,35],"20processnam":[34,44],"215696fc36392ca70f89228b98060afb":[34,44],"2505bd03d7bd285e50ce89cec02b333b":[4,6,12,15,27,30,32,45],"2654e":[27,30,32],"26cfb":[27,30,32],"273b4":[27,30,32],"2bb33827":[8,44],"2cd4":[6,30,32,35],"2d12e":[27,30,32],"2e853":[27,30,32],"2fbe":[6,30,44],"3083f":[27,30,32],"313a6":[27,30,32],"34b46":[27,30,32],"365ce":[27,30,32],"42c1a34":39,"44bf":41,"4668bb2223ffb983a5f1273b9e3d9fa2c5ce4a0f1fb18ca5c1b285762020073c":[4,6,12,15,27,30,32,39,44,45],"468d":39,"48db":[8,44],"4a8a":41,"4b3b":[39,41],"4d11":9,"4e17":[6,30,32,35],"5521c67d457b":41,"5acd":[27,30,32,45],"5cc68":[27,30,32],"5e8b0f4d":[6,30,32,35],"6a255bebf3dbcd13585538ed47dbafd7":[4,6,12,15,27,30,32,39,44,45],"6bb6":[8,44],"6efc1":[27,30,32],"76d23":[27,30,32],"7c202e90":[6,30,44],"88d16a8edaa8c66b":[6,20,30,32,35],"88d2b96fdb2b4c49":[6,20,30,32,35],"8de6":[8,44],"8efb":39,"9bf67e04bedf":[6,30,44],"9c2e":[27,30,32,45],"boolean":[3,6,7,8,9,10,18,23,24,27,30,31,32,33,37,45,46],"byte":[6,9,12,16,24,25,30,44],"case":[10,14,38,39,41],"class":9,"default":[6,10,20,30,32,35,39,46],"final":50,"float":[9,11],"function":46,"import":9,"int":[16,44],"long":[10,11,24,44],"new":[0,6,14,20,30,32,34,35,41,44,46,50,51],"public":[46,51],"return":[9,16],"short":24,"switch":[6,16,30],"true":[8,9,10,23,24,27,30,32,33,37,38,44,45,51],"try":[34,38,44],"while":[46,50],AWS:[6,11,30,44],DNS:[0,6,9,30,38,44,51],FOR:16,For:[6,7,11,14,16,19,20,22,24,30,32,35,38,39,41,44,46],Has:32,IDS:24,IDs:3,IIS:[16,38],IPS:[24,44],IPs:[3,9],Its:46,NOT:[6,7,8,26,30,31,38,44],TGS:19,TLS:[6,16,30,33,38,44,51],The:[0,2,5,6,8,9,10,11,12,14,16,20,23,24,25,27,28,29,30,32,33,34,35,36,38,39,41,42,44,45,46,50],There:[8,28,34,44,50],These:[28,38,39,41,46],Use:[10,50],Used:10,Yes:[6,20,30,32,35],_md5:39,_name:39,_path:39,_sha1:39,_sha256:39,_to:0,a0344:[27,30,32,45],a115:[6,30,44],a257:41,a343:10,a81c:[27,30,32],a98268c1:[27,30,32,45],aaaa:9,aaaaaaaaaaaa:[6,30,44],aaabbbcc:[11,44],ab0:[6,30,44],abbrevi:24,abil:[6,20,30,32,35],abl:[38,41],abort:33,about:[0,4,6,8,10,11,12,13,14,15,16,18,20,21,23,24,25,26,27,28,29,30,32,33,34,35,39,46,50],abov:[38,39,46,51],absolut:38,abus:22,accept:[0,39],access:[0,6,11,12,20,27,28,30,32,35,44,45],accomod:42,accomplish:38,accord:[9,24,46],account:[0,6,11,19,20,28,30,32,35,44,46],accountoper:14,accur:11,across:[2,9,11,27,30,32,45,46,50],action:[6,8,30,32,35,44],activ:[38,44,46,50],activewebsoftwar:16,actor:2,actual:[3,6,7,26,28,30,31,34,38],adapt:[8,44],add:41,add_processed_timestamp:10,added:[0,6,14,20,30,32,35,41],addit:[0,9,10,11,16,39,46,50],additon:[],address:[3,6,7,8,9,18,21,24,27,30,31,32,34,44,45],ade:[11,44],adher:34,admin:[4,6,20,30,32,35],administr:[6,20,30,32,35],adopt:46,adult:[6,22,34,44],advanc:[46,50],adversari:50,advertis:[6,34,44],afa:[11,44],after:[34,38],again:[38,46],agent:[10,16,36,44,46],aggreg:[11,44],ago:11,ahif:[41,44],aim:46,alert:[10,22],alert_categori:2,alert_descript:2,alert_id:2,alert_messag:2,alert_sever:2,alert_signatur:2,alert_vers:2,align:46,all:[3,8,9,10,16,28,39,41,44,51],all_d:51,all_data_sourc:51,allow:[0,3,6,8,20,24,30,32,35,41,42,44,50],alon:38,along:[6,20,30,32,35],alreadi:[4,16,33,34,38,41,44,46],also:[6,9,10,11,12,16,20,24,28,30,32,34,35,38,39,41,44,46,50],alter:11,alwai:[6,11,14,20,30,32,34,35,38,44,46],ambigu:34,amd64_microsoft:46,america:[6,13,30],among:[41,50],amount:[16,24,38,44],analysi:[11,44,51],analyst:[10,42,50],analyt:[46,50],analyz:[46,50],ani:[6,7,10,11,16,28,29,34,38,44,46,50],anomal:46,anoth:[0,6,11,14,20,30,32,35,38,39],answer:9,anti:[6,30,51],any_event_id:3,any_event_uid:[],any_hash:3,any_ip_addr:3,any_ip_byt:[],any_ip_dhcp_assigned_ip_addr:3,any_ip_geo:3,any_ip_is_ipv6:3,any_mac_addr:3,any_us:3,any_vlan_id:3,anyon:46,anyth:[16,34,44],apach:[16,38],apart:[10,38],api:51,appear:[14,28],append:[39,41,51],applewebkit:[16,36,44],appli:[6,10,30,32,35,38,39,46,51],applic:[0,5,6,7,9,10,11,12,14,16,20,24,26,28,30,31,32,33,34,35,38,39,44,46,51],appon:[5,44],arbritari:[4,6],argument:[27,30,32,45],around:42,arrai:[3,9,10],array_float:9,array_str:9,articl:38,as_org:3,asn:3,assign:[3,6,7,8,9,11,18,20,26,27,30,31,32,35,44,45,46],associ:[5,6,20,28,30,32,35,44,50],assumpt:[34,44],atim:[6,12,30],atom:46,atrribut:39,attack:[34,50],attack_cli:51,attack_data_sourc:51,attackcti:51,attempt:[0,6,20,30,32,35],attribut:[37,41,51],audit:[11,46,50,51],authent:[0,6,8,9,19,20,30,32,34,35,44,51],authenticated_with:0,author:[4,6,9,20,30,32,34,35,51],authorit:9,autom:[39,41,46],autonom:22,avail:[8,24,44,46],avoid:46,awesom:50,axi:51,azur:[6,11,30,32,35,44],b0bf5ac2e81bbf597fad5f349feeb32cac449fa2:[4,6,12,15,27,30,32,39,44,45],b0f6a5c0c4d0:[6,30,32,35],b94baf057a53:10,back:[39,42],bad:38,balanc:46,base:[6,16,34,44,46],basics_of_http:[6,30],beat:10,becaus:[3,6,16,20,30,32,34,35,38,44,46],becom:14,been:[0,6,9,11,20,30,32,33,34,35],befor:[6,7,11,28,34,38,41,46],begin:[34,38],behalf:[6,20,30,32,35],behavior:2,behind:[39,41],being:[0,10,11,25,28,32,38],believ:11,belong:[6,11,12,30,32,35,38,44],below:[3,9,38],berto:38,best:[34,38,44,46],between:[0,6,20,24,30,32,35,38,46,50],bgp:[3,22],bigwheel:38,bigwheelbobus:[34,44],bigwheelpassword:[34,44],binari:[4,6,12,15,27,30,32,39,44,45,51],bind:0,bit:[6,9,20,30,32,35],blob:46,block:[0,6,12,30],blocked_inbound_connection_on:0,blocked_listener_on:0,blocked_local_port_bind_on:0,blocked_outbound_connection_on:0,blocked_service_connection_to:0,bob:[8,38,44],bobspassword:[6,30,32,35],bodi:16,book:51,both:[6,13,24,28,30,38,44],bound:0,box:[6,30,32,35,44],briefli:38,bring:51,broad:51,broker:10,build:46,built:46,c_internet:9,cach:0,call:[0,27,28,30,32,38,41,45],came:[8,44],can:[0,3,4,6,8,9,10,11,12,16,20,24,27,28,30,32,34,35,38,39,41,44,45,46,50,51],capit:[6,13,30],captur:[3,6,7,8,14,15,18,30,31,39,44,51],car:50,carri:11,categor:11,categori:[2,11,18,21,22,44,46],caus:38,cdm:[42,46],cef:10,certain:3,certif:[6,19],certificate_hash_imphash:4,certificate_hash_md5:4,certificate_hash_sha1:4,certificate_hash_sha256:4,certificate_hash_sha512:4,certificate_issu:4,certificate_serial_numb:4,certificate_subject:4,chang:[0,6,12,14,30,38,46,50],changed_nam:0,changed_password:0,changed_permiss:0,changed_typ:0,channel:[0,9,11],charact:[37,38],characterist:46,check:[0,9,34,46],child:39,choos:46,chose:33,chosen:[4,6],chrome:[16,36,44],cim:50,cipher:33,citi:[6,13,30,44],claim:[6,20,30,32,35],cleanup:[6,7],clear:38,client:[0,9,10,14,16,25,30,34,38,44],close:0,closed_a_handl:0,closest:[],cloud:[6,30,32,35,44],cloud_app_id:[5,44],cloud_app_nam:[5,44],cloud_app_risk_level:[5,44],cloud_oper:[5,44],cmd:[6,12,30],cmzy3i4yonz3mt5yu5:[11,44],cncv2:2,code:[6,9,11,13,16,19,27,30,32,44,45,46],codec:10,collabor:41,collect:[11,46],column:51,com:[6,8,9,16,24,30,32,33,34,35,44,46,51],combin:[24,34,44],come:[34,50],command:[0,2,8,27,30,32,38,39,41,44,45,51],common:[3,6,7,11,26,30,31,34,39,41,44,46,50,51],commond:[37,42],commonli:[3,6,9,10,11,20,22,24,30,32,35,38,44],commun:[24,34,42,46,50],compani:[6,12,27,30,32,45],compar:41,complet:[24,27,28,30,32,44,45],complete_list_of_mime_typ:[6,30],complex:46,compromis:50,comput:[0,6,11,14,19,20,27,30,32,35,44,45,46],concept:41,conduct:0,config:50,configur:[10,28],conform:[10,34,44],confus:[34,38],conhost:[27,30,32,45],conn:11,connect:[0,3,6,7,8,16,18,21,24,25,26,30,31,32,33,34,35,38,44,46],connected_from:0,connected_to:0,connection_histori:24,consist:[28,38,42,46],consol:[6,12,27,30,32,45],consum:[10,46],contain:[3,6,9,11,14,20,27,28,30,32,35,41,45,46,50],content:[6,16,30,44,50,51],context:[3,6,7,8,10,18,26,30,31,38,39,44,46],contin:[6,13,30],contoso:[6,14,30,32,35,44,46],contribut:42,control:[2,6,20,28,30,32,35,51],convert:[11,24,44,46],cooki:16,coordin:[],copi:[3,16,22,33,34,38],cor_profil:51,core:37,core_31bf3856ad364e35_6:46,corelight:24,corp:[6,30,32,35],corpor:[6,12,23,27,30,32,38,45],correctli:38,correl:[6,20,30,32,35,46],correspond:[11,44,50],could:[3,6,7,8,9,10,11,12,16,18,26,30,31,34,39,44,50],countri:[6,13,30,44],cover:[36,39],creat:[0,3,6,10,11,12,14,25,27,30,32,39,41,42,45,50,51],creatabl:25,createremotethread:0,creation:[0,39,41,46,50],creation_timestamp:11,creativ:51,credenti:[0,6,20,30,32,35],credssp:[6,30,32,35],critic:[28,38],crtime:[6,12,30],cryptograph:19,cti:37,ctime:[6,12,30],curl:38,current:[27,28,30,32,34,39,41,44,45,46],currentcontrolset:[6,20,30,32,35],currentvers:28,curv:33,custom:[41,42],cyb3rpandah:[50,51],cyb3rward0g:50,cyber:37,d474:39,d9390:[27,30,32],dadmin:[6,20,30,32,35,44,46],dai:11,data:[2,3,9,10,11,22,24,27,28,30,32,34,38,39,41,42,44,45,50],data_dictionari:46,data_sourc:51,databas:28,databasevm:[6,30,44],datafram:51,dataset:[27,30,32,41,45],datasourcesmodelingdata:51,date:[6,10,12,30,37],datetim:[11,37,44],db9e0b9f9c9b:[8,44],dbvm:[11,44],dddd:[11,44],deal:46,debug:9,decid:29,decim:9,decrypt:16,defens:51,defin:[2,3,6,7,9,10,11,12,13,14,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,37,38,39,41,44,45,46,50],definion:46,definit:50,deleg:[6,30,32,35,44],delet:[0,5,14,16,28,38,44],delin:38,deni:[11,44],denot:[0,9],depart:[6,20,30,32,35],depend:10,depth:46,deriv:[27,30,32,34,45],describ:[2,22,27,30,32,39,45,46,50],descript:[0,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,39,41,44,45,46,50],design:[6,13,30,42,44],desir:[0,3],desktop:[6,30,32,35,44],destin:[3,7,8,12,16,18,21,24,26,30,31,32,33,34,35,38,44],destination_domain:38,destination_hostnam:38,destination_nat:44,destinationdomain:38,destinationhostnam:38,detail:[6,24,30,46,50,51],detect:[0,2,46,50],determin:[6,7,9,10,11,24,26,30,31,38,44],develop:[6,16,30,46,50],devic:[3,6,7,11,18,20,24,26,30,31,32,35,38,44,46],deviceact:29,dgm:[6,7,26,30,31],dhcp:[3,6,7,8,18,30,31],dia:50,dictionari:[38,39,41,50,51],did:24,differ:[2,5,10,11,19,28,32,34,39,50],differenti:24,direct:[24,38,44],directli:41,directori:[0,6,12,27,30,32,38,45,50],disabl:[0,9],disconnect:0,disconnected_from:0,discoveri:[],disk:11,displai:51,distinguish:[34,38],distribut:[0,14],divers:[41,42,50],divis:28,dll:[0,23,27,30,32,34,45,51],dllhost:46,dmz:[6,30,44],dns:38,dns_additional_authoritative_nam:9,dns_additional_nam:9,dns_flag:9,dns_flags_authent:9,dns_flags_authorit:9,dns_flags_checking_dis:9,dns_flags_recursion_avail:9,dns_flags_recursion_desir:9,dns_flags_trunc:9,dns_flags_z:9,dns_queri:[0,38],dns_query_class:9,dns_query_class_nam:9,dns_query_nam:9,dns_query_typ:9,dns_query_type_nam:9,dns_reject:9,dns_response_cod:9,dns_response_code_nam:9,dns_response_nam:9,dns_response_ttl:9,dns_rtt:9,dns_transaction_id:9,dns_transaction_id_hex:9,dnssec:9,doc:[6,12,16,30,37,46,50],document:[4,6,30,33,36,39,41,44,46,50],documentationin:41,doe:[4,6,9,12,24,27,30,32,34,39,44,45],doesn:38,domain:[6,8,9,14,16,20,22,30,32,34,35,44,46],don:38,done:[6,20,30,32,35],down:[28,50],download:[0,46,50],dozen:46,drive:[0,24],driver:[0,46],drop:[29,51],drop_dupl:51,dropna:51,ds_list:51,ds_record:51,dst_byte:[6,44],dst_certificate_hash_imphash:6,dst_certificate_hash_md5:6,dst_certificate_hash_sha1:6,dst_certificate_hash_sha256:6,dst_certificate_hash_sha512:6,dst_certificate_issu:6,dst_certificate_serial_numb:6,dst_certificate_subject:6,dst_domain:38,dst_file_accessed_tim:6,dst_file_changed_tim:6,dst_file_compani:6,dst_file_creation_tim:6,dst_file_descript:6,dst_file_directori:6,dst_file_extens:6,dst_file_hard_link:6,dst_file_hash_imphash:6,dst_file_hash_md5:6,dst_file_hash_sha1:6,dst_file_hash_sha256:6,dst_file_hash_sha512:6,dst_file_inod:6,dst_file_link_nam:6,dst_file_mime_typ:6,dst_file_modified_tim:6,dst_file_nam:6,dst_file_path:6,dst_file_previous_accessed_tim:6,dst_file_previous_changed_tim:6,dst_file_previous_creation_tim:6,dst_file_previous_modified_tim:6,dst_file_previous_nam:6,dst_file_product:6,dst_file_s:6,dst_file_symlink:6,dst_file_symlink_nam:6,dst_file_system_block_s:6,dst_file_system_typ:6,dst_file_vers:6,dst_fqdn:38,dst_geo_citi:[6,44],dst_geo_contin:6,dst_geo_countri:[6,44],dst_geo_country_capit:6,dst_geo_country_cod:6,dst_geo_latitud:[6,44],dst_geo_longitud:[6,44],dst_geo_region:[6,44],dst_host_domain:[],dst_host_fqdn:[],dst_host_interface_guid:[],dst_host_interface_nam:[],dst_host_local_mac:[],dst_host_model:[],dst_host_nam:[6,16,33,38,44],dst_host_o:[],dst_host_peer_mac:[],dst_host_typ:[],dst_interface_guid:[6,44],dst_interface_nam:[6,44],dst_ip_addr:[6,44],dst_ip_byt:[],dst_ip_dhcp_assigned_ip_addr:6,dst_ip_is_ipv6:6,dst_mac_addr:[6,44],dst_meta_dst_host_name_categori:6,dst_mime_typ:6,dst_nat_ip_addr:[7,44],dst_nat_ip_byt:[],dst_nat_ip_dhcp_assigned_ip_addr:7,dst_nat_ip_is_ipv6:7,dst_nat_original_valu:7,dst_nat_port:[7,44],dst_nat_port_nam:7,dst_nat_port_numb:[],dst_original_valu:6,dst_packet:[6,44],dst_port:[6,44],dst_port_nam:6,dst_port_numb:[],dst_resource_group:[6,44],dst_resource_id:[6,44],dst_user_cred_typ:6,dst_user_dent:6,dst_user_domain:[6,44],dst_user_linked_logon_id:6,dst_user_logon_authentication_lan_package_nam:6,dst_user_logon_authentication_package_nam:6,dst_user_logon_device_claim:6,dst_user_logon_elevated_token:6,dst_user_logon_guid:6,dst_user_logon_id:6,dst_user_logon_impersonation_level:6,dst_user_logon_key_length:6,dst_user_logon_process_nam:6,dst_user_logon_restricted_admin_mod:6,dst_user_logon_transmitted_servic:6,dst_user_logon_typ:6,dst_user_logon_user_claim:6,dst_user_logon_user_linked_id:6,dst_user_logon_virtual_account:6,dst_user_nam:[6,44],dst_user_network_account_domain:6,dst_user_network_account_nam:6,dst_user_password:6,dst_user_reporter_domain:6,dst_user_reporter_id:6,dst_user_reporter_nam:6,dst_user_reporter_sid:6,dst_user_security_packag:6,dst_user_session_id:6,dst_user_sid:[6,44],dst_user_sid_list:6,dst_user_upn:[6,44],dst_user_user_aadid:6,dst_vlan_id:6,dst_vlan_nam:6,dst_zone:[6,44],due:[11,34,38],duplic:3,durat:11,dure:[6,10,20,30,32,33,35,50],dvc_action:[8,44],dvc_domain:[8,44],dvc_fqdn:[8,44],dvc_host_nam:[8,44],dvc_inbound_interfac:[8,44],dvc_interface_guid:[8,44],dvc_interface_nam:[8,44],dvc_ip_addr:[8,44],dvc_ip_dhcp_assigned_ip_addr:8,dvc_ip_is_ipv6:8,dvc_mac_addr:8,dvc_model_nam:8,dvc_model_numb:8,dvc_o:8,dvc_outbound_interfac:[8,44],dvc_type:8,e78a63b40daa:[39,41],each:[9,16,28,39,41,46,50],eas:46,easi:46,east:[6,13,30,44],ecdh:33,editor:28,edr:[6,30],eeee:[11,44],eevyz07vgj1n0rld:24,either:[10,11,12,38,44],element:28,elev:[6,20,30,32,35],ellipt:33,embed:28,emit:46,empti:44,enabl:[0,28,46],enclav:51,encod:10,encompass:38,encrypt:33,end:[6,8,11,20,21,24,25,30,32,35,39,41,44],endpoint:[6,8,16,21,24,25,27,30,32,38,41,44,45],engin:[6,34,44,50],enhanc:46,enough:39,enrich:[10,46],ensur:46,enterpris:50,entir:38,entireti:[34,44],entiti:[6,11,12,30,32,35,36,37,38,42,44,45,46,50],entri:[28,46],enumer:0,environ:[28,35,38],environment:51,equat:[6,13,30,44],error:[10,11,51],escal:51,especi:34,establish:[33,34],etc:[6,10,11,12,22,24,28,30,32,34,38,39,41,44,46],eth02:[6,30,44],eth0:[8,44],ethernet:[8,44],etl:[3,6,11,24,34,44],etl_format_appli:10,etl_format_is_cef:10,etl_format_is_json:10,etl_format_is_syslog:10,etl_format_is_xml:10,etl_host_agent_typ:10,etl_host_agent_uid:10,etl_info_tag:10,etl_input_application_nam:10,etl_input_application_protocol:10,etl_input_port:10,etl_input_protocol:10,etl_input_src_port:10,etl_kafka_consumer_group:10,etl_kafka_kei:10,etl_kafka_offset:10,etl_kafka_partit:10,etl_kafka_tim:10,etl_kafka_top:10,etl_pipelin:10,etl_processed_tim:10,etl_vers:10,etw_level_inform:46,etw_task_task_0:46,evas:51,even:[3,6,7,8,18,26,27,28,30,31,32,34,38,39,44,45],event:[0,2,5,6,7,8,9,10,12,13,14,15,16,18,19,20,21,23,24,25,26,27,28,29,30,31,32,33,34,35,38,39,41,44,45,46,50],event_category_typ:11,event_cod:46,event_count:[11,44],event_creation_tim:11,event_dur:11,event_end_tim:[11,44],event_endtim:[],event_error:11,event_error_cod:11,event_event_host_nam:[],event_event_ip_addr:[],event_field:46,event_id:[11,51],event_messag:[11,44],event_original_messag:11,event_original_tim:11,event_original_uid:[11,44],event_product:[11,44],event_product_v:[],event_product_vers:[11,44],event_recorded_tim:11,event_report_url:[11,44],event_resource_group:[11,44],event_resource_id:[11,44],event_schema_vers:[11,44],event_sever:[11,44],event_start_tim:[11,44],event_statu:11,event_status_cod:11,event_sub_category_typ:11,event_sub_statu:11,event_sub_status_cod:11,event_sub_typ:11,event_time_ingest:[11,44],event_timestamp:11,event_timezon:11,event_typ:11,event_type_detail:11,event_uid:[11,44],event_vendor:[11,44],eventid:[0,9,11,38],eventtyp:11,everi:[39,41,46],everyth:[3,34],evil:2,evilactor:2,exampl:[6,7,11,14,16,22,30,34,39,41,44,46,51],exe:[6,12,23,27,28,30,32,34,44,45,46],execut:[0,27,30,32,39,45,46],exhibit:2,exist:[24,34,38,41,44,46],exit:0,expand:2,expect:[39,41],expedit:50,expir:11,explain:38,explicit:[0,6,20,30,32,35],ext3:[6,12,30],ext4:[6,12,30],ext:[6,20,30,32,35],extend:[12,39,42],extends_ent:39,extens:[6,12,20,30,32,33,34,35,42,44],extern:[38,46],extract:10,f9ea:[27,30,32],facilit:[42,50],fact:38,fail:0,failur:0,fairli:46,fals:[3,6,7,8,9,10,18,24,30,31,33,37,51],famili:[6,20,30,32,35],fat32:[6,12,30],fe4fb818:10,feedback:50,few:11,field:[2,3,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,39,41,44,46,50],figur:46,file:[0,2,4,6,15,23,27,28,30,32,39,41,44,45],file_accessed_tim:12,file_changed_tim:12,file_compani:12,file_creation_tim:12,file_descript:12,file_directori:12,file_extens:[12,44],file_hard_link:12,file_hash_imphash:12,file_hash_md5:[12,44],file_hash_sha1:[12,44],file_hash_sha256:[12,44],file_hash_sha512:[12,44],file_inod:12,file_link_nam:12,file_mime_typ:[12,44],file_modified_tim:12,file_nam:[12,41,44],file_path:[12,41,44],file_previous_accessed_tim:12,file_previous_changed_tim:12,file_previous_creation_tim:12,file_previous_modified_tim:12,file_previous_nam:12,file_product:12,file_s:[12,44],file_symlink:12,file_symlink_nam:12,file_system_block_s:12,file_system_typ:12,file_vers:12,filenam:38,filesystem:[6,12,30],filetim:46,filter:0,financ:38,find:[3,41,46],firewal:[0,3,6,7,8,18,24,26,30,31,44],first:[10,34,38,46,50],fit:[38,39],fix:28,flag:[6,9,19,20,24,25,30,32,35],flexibl:41,focus:50,folder:[28,46,50],follow:[4,6,18,21,38,39,41,46],forcev1:[27,30,32,45],forest:38,form:[28,34,41,44,50],format:[9,10,11,19,28,38,39,41,50],forward:[8,9,10,11,16,44,50],found:38,foundat:[4,33],four:50,fqdn:[],fragment:34,framework:2,fred:50,frei:50,from:[0,2,3,5,6,8,9,10,11,14,16,18,21,24,27,28,30,32,33,34,38,39,41,44,45,50,51],front:[6,20,30,32,35],fryguy2600:50,ftp:[24,34,44],full:[6,11,12,23,27,28,30,32,34,39,44,45,46],fulli:[8,38,44,46],fun:50,further:38,galaxi:8,gatewai:44,gather:10,gecko:[16,36,44],gener:[0,9,11,39,41,44,46,50,51],geo:22,geo_citi:13,geo_contin:13,geo_countri:13,geo_country_capit:13,geo_country_cod:13,geo_latitud:13,geo_longitud:13,geo_point:22,geo_region:13,geograph:[6,13,30,44],get:[8,10,16,44],get_techniques_by_platform:51,gg82ulgc9go:[6,30,32,35,44],gid:[34,44],github:[24,46,51],githubusercont:51,give:10,given:[6,9,20,30,32,35],global:[0,27,30,32,45],globe:[6,13,30,44],goal:46,going:[38,46],good:[41,46],googl:[6,9,24,30,33,34,44],grant:[0,19,27,30,32,34,45],granted_access:0,greatsearch:[34,44],greenwich:[6,13,30,44],gritti:46,group:[0,6,10,11,20,22,27,28,30,32,34,35,38,41,44,45,46],group_domain:14,group_nam:14,group_sam_nam:14,group_sid:14,group_sid_histori:14,guagenti:50,guess:[6,7,26,30,31],guid:[6,8,20,30,32,35,38,44],guidanc:46,guidelin:[38,41],had:38,handl:[0,28],handshak:33,happen:[10,38],hard:[0,6,12,30],hardwar:28,has:[0,6,11,14,20,28,30,32,33,35,38,39,41,51],hash:[3,4,6,12,24,27,30,32,34,39,41,44,45],hash_imphash:15,hash_md5:15,hash_sha1:15,hash_sha256:15,hash_sha512:15,have:[6,8,9,10,16,20,24,27,28,30,32,34,35,38,39,44,46,50],head:[16,44,51],header:[6,16,24,30,34,38,44],helk:50,helk_logstash:10,hello:[16,37],help:[6,11,20,30,32,35,46,50],henc:46,here:[4,6,16,30,33,38,44,50],hexadecim:[6,9,19,20,30,32,35,46],hexint64:46,hidden:[27,30,32,45,51],hierarch:28,hierarchi:38,high:[11,44],hive:28,hkcc:28,hkcr:28,hkcu:28,hkey_local_machin:28,hkey_local_mahin:28,hklm:[6,20,28,30,32,35],hkpd:28,hku:28,hopefulli:38,host:[0,6,8,10,11,12,16,27,30,32,34,35,44,45,46,51],host_domain:[],host_fqdn:[],host_interface_guid:[],host_interface_nam:[],host_local_mac:[],host_model:[],host_nam:34,host_o:[],host_peer_mac:[],host_typ:[],hostnam:[6,30,34,44],how:[6,9,30,38,44,46,51],howev:[3,11,16,34,38,51],html:[9,16,34,37],http:[6,9,10,11,24,30,34,36,37,38,41,44,46,51],http_content_typ:[16,44],http_cookie_vari:16,http_informational_cod:16,http_informational_messag:16,http_proxied_head:16,http_referrer_origin:[16,44],http_request_body_byt:16,http_request_header_host:16,http_request_header_nam:16,http_request_header_origin:16,http_request_header_valu:16,http_request_method:[16,44],http_request_tim:[16,44],http_request_v:[],http_response_body_byt:16,http_response_body_origin:16,http_response_header_nam:16,http_response_header_valu:16,http_response_tim:[16,44],http_status_cod:[16,44],http_status_messag:16,http_user_agent_origin:16,http_version:[16,44],http_xff:[16,44],human:46,hundr:16,hunt:[8,44,50],hxnoyd:50,hygien:38,hyper:[8,44],hypertext:16,iOS:8,iana:[6,7,26,30,31],icmp:[10,24,44],icmp_cod:[],icmp_typ:[],id_var:51,ident:[6,30,32,35,46],identif:[27,30,32,45],identifi:[0,2,5,6,9,11,20,24,27,30,32,35,39,41,44,45,46,50],ids:[2,11],ietf:[9,34],illustr:38,imag:[0,4,6,12,15,27,30,32,39,44,45,46],imagin:34,imaginari:[6,13,30,44],impact:[],imperson:[6,20,30,32,35],imphash:[4,6,12,15,27,30,32,45],implement:[9,34,44],implementaiton:34,imposs:16,improv:50,incid:38,includ:[3,6,9,11,12,16,24,27,28,30,32,33,34,38,44,45,46],incom:0,incorrect:[34,38],incred:38,index:46,indic:[2,3,6,9,16,20,25,30,32,33,35,38],infer:10,info:[24,33],inform:[0,4,6,8,9,10,11,16,19,20,24,28,30,32,35,39,44,46,50],infosec:51,infrastructur:5,ingest:[11,44],initi:[24,27,30,32,45],inject:[27,30,32,34,45],inod:[6,12,30],insid:[24,27],inspect:51,inspir:50,instal:[0,46],instanc:[25,51],instead:[6,20,30,32,35,38],integ:[2,3,6,7,9,10,11,12,16,19,20,22,24,25,26,27,30,31,32,33,34,35,37,44,45],integr:[27,30,32,42,45],intent:38,interest:38,interfac:[6,8,21,30,44,51],interface_nam:[6,30,44],intermediari:[3,6,7,8,18,26,30,31,44],intern:[6,20,30,32,35,38,51],intim:38,introduc:[6,20,30,32,35,41],intrud:46,intrus:50,involv:[9,32],ip_addr:18,ip_byt:[],ip_dhcp_assigned_ip_addr:18,ip_is_ipv6:18,ipconfig:[8,44],irrelev:38,isol:27,iss:38,issu:[2,4,6,11,19],item:51,itpro:[46,50],its:[6,7,11,12,24,26,28,30,31,38,39,41,44,46,50],itself:[11,39,46],javascript:[16,44],jhrwq:34,join:[8,44,51],jose:[50,51],json:[10,46],json_norm:51,jupyt:51,just:[6,20,30,32,34,35,38,41,44],kafka:10,keep:[6,7,10,11,34,44],kei:[0,3,6,10,20,28,30,32,34,35,51],kerbero:[0,6,20,30,32,35,38],kernel32:[27,30,32],kernelbas:[27,30,32],key_all_access:28,khtml:[16,36,44],kind:28,knock:51,know:[38,39],knowledg:38,known:[6,12,24,28,30,38,44],krb_service_nam:19,krb_ticket_encryption_typ:19,krb_ticket_opt:19,krb_ticket_pre_auth_typ:19,krb_ticket_request_typ:19,krb_ticket_statu:19,l1k4h:[34,44],label:[27,30,32,38,45],lambda:51,lan:[6,20,30,32,35],languag:46,last:[6,12,30,34],later:51,lateral_mov:51,latest:27,latitud:[6,13,22,30,44],layer:[6,16,24,30,33,44,46],ldap:34,lean:46,learn:50,least:38,leav:38,led:50,left:[38,51],left_index:51,length:[6,11,20,28,30,32,35],let:[38,46],level:[5,6,11,20,28,30,32,35,38,44,46],leverag:[39,41],licens:51,lift:51,like:[11,16,34,36,44,46,50],lima:[6,13,30],limit:[9,46],limitless:34,line:[0,6,13,30,38,44,51],link:[0,6,12,30,46,50],linux:[38,50],list:[6,8,16,20,30,32,35,39,41,44,46,51],listen:0,live:9,load:[0,6,10,12,20,23,27,28,30,32,35,51],local:[0,4,6,12,14,20,28,30,32,35,38,44],localhost:32,locat:[6,13,20,30,32,34,35,38,44,46],lock:0,lockout:0,log:[0,3,6,8,9,10,11,16,20,24,28,30,32,34,35,38,44,46,50],log_sourc:46,logic:[28,38,39,41],login:[],logon:[0,6,11,14,30,32,35,38,46],logon_authentication_lan_package_nam:20,logon_authentication_package_nam:20,logon_device_claim:20,logon_elevated_token:20,logon_guid:20,logon_id:20,logon_impersonation_level:20,logon_key_length:20,logon_process_nam:20,logon_restricted_admin_mod:20,logon_transmitted_servic:20,logon_typ:20,logon_user_claim:20,logon_user_linked_id:20,logon_virtual_account:20,london:[6,13,30,44],longitud:[6,13,22,30,44],loog:28,look:[9,10],lookup:9,loss:51,lot:34,lower:[39,41],lowercas:[24,44],lowest:[28,38],lsa:[6,20,30,32,35],lsm:[27,30,32],lui:50,mac:[3,6,8,24,30,44],mac_addr:21,machin:0,maco:[39,41,50],made:[0,6,10,16,24,30,32,35,38,44],mai:[8,9,16,24,34,38,44],mail:51,main:[4,6,30,32,33,35,44,50],major:[38,46],make:[9,33,38,39],malici:[4,6,34,38,46],malwar:[2,28,41,44,46],manag:[6,11,20,30,32,35,42],mandatori:46,mani:[11,34,38],manipul:[11,34],manual:[11,44],map:[0,6,13,27,30,32,44,45,50],markdown:46,master:[46,51],match:[9,29,41],matrix:50,max_colwidth:51,maximum:25,md5:[4,6,12,15,27,30,32,39,44,45],mean:[6,7,26,30,31,50],meant:34,measur:[6,13,30,44],medium:[27,30,32,45],melt:51,member:[0,6,30,32,35],membership:0,memori:[27,28,30,32,45],mention:[34,41],mere:28,merg:51,meridian:[6,13,30,44],messag:[2,11,16,24,25,44],meta:46,meta_alert:22,meta_as_numb:22,meta_as_org:22,meta_categori:22,meta_geo_loc:22,meta_ttp:22,meta_url_categori:22,metadata:[3,9,10,11,12,13,14,15,16,18,20,21,23,24,25,26,27,28,29,30,32,33,34,35,39,45,50,51],microsoft:[0,6,8,11,12,20,23,27,28,30,32,35,44,45,46],microsoftdoc:46,might:[2,6,11,14,20,30,32,35,39,44,46],miguel:[6,13,30,44],millisecond:[16,24,44],mime:[6,12,30,44],mime_typ:[6,30],min:11,minimum:50,mis:34,miss:24,mistak:[34,38,44],mitm:16,mitr:50,mix:9,mobil:8,mode:[6,20,30,32,35],model:[8,24,28,39,41,42,44,46,50],modif:[0,6,7,10,11],modifi:[0,6,12,28,30,51],modul:[0,27],module_is_sign:23,module_nam:23,module_path:23,module_signatur:23,module_signature_statu:23,monitor:[0,24,46,50,51],more:[6,9,20,30,32,34,35,39,41,44,50,51],most:[3,6,8,9,11,20,24,30,32,35,38,44],mostli:[10,50],move:[0,14],movement:51,mozilla:[6,16,30,36,44],msi:34,msvcrt:23,msword:[6,12,30,44],mtime:[6,12,30],multipl:[3,8,9,10,24,38,39,41,44],must:[11,27,39,41,46],mwi2xha9lpqn41lo:38,name:[0,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,39,41,44,45,46,50,51],nan:51,nat:[3,6,7,8,18,26,30,31,44],nate:50,natetoken:[4,6],necessari:[34,38],need:50,negoti:[6,20,30,32,35],nest:34,netbio:[6,7,26,30,31],netflow:51,network:[0,3,6,7,8,10,11,12,16,18,21,26,30,31,32,34,35,38,41,44,46,51],network_application_nam:24,network_application_protocol:[24,44],network_byt:[24,44],network_cod:24,network_connection_histori:24,network_connection_history_detail:24,network_connection_st:24,network_connection_state_detail:24,network_direct:[24,44],network_dur:[24,44],network_fingerprint_network_community_id:24,network_initi:24,network_inner_vlan_id:24,network_ip_byt:24,network_missed_byt:24,network_outer_vlan_id:24,network_packet:[24,44],network_protocol:[10,24,44],network_sess:41,network_session_id:[24,44],network_typ:24,networkservic:[6,20,30,32,35],networksess:41,neu5ron:[4,6,50],never:[34,44],newcredenti:[6,30,32,35],newtim:46,next:[11,28,33,38,41],nginx:[16,38],nitti:46,node:[28,38],noerror:9,non:[0,10],none:[0,51],normal:[9,24,34,38,42,50],north:[6,13,30,44],note:[8,46],now:38,nsm:24,ntdll:[27,30,32,45],ntf:[6,12,30],ntlm:[0,6,20,30,32,35],ntp:11,number:[3,4,6,7,8,11,12,19,22,25,26,28,29,30,31,34,37,44,46],numer:[24,33],nxlog:10,oasi:37,oauth:51,object:[0,11,14,34,41,50],objectsid:14,observ:[11,37],obtain:[6,20,30,32,35],occur:11,offic:51,officesharepoint:[],offici:41,older:9,onc:46,one:[3,11,14,16,27,34,38,39,41,46],onli:[6,20,27,30,32,35,38,39,45,46],op_nam:44,open:[0,27,28,30,32,37,45,50,51],oper:[0,5,6,12,19,27,28,30,32,44,45,46,50],option:38,order:[38,50],org:[6,9,16,30,34,37],organ:[3,22,38,50,51],origin:[6,7,11,16,28,34,38,44],osconfig:[6,20,30,32,35],osi:[24,44],ossem:[42,46],other:[6,10,12,16,20,24,27,28,30,32,34,35,38,39,44,45,46,50],otherwis:[6,12,30,46],otrf:51,our:41,out:[0,34,38,44,46],outbound:[6,24,30,32,35,44],outlin:24,output:[27,30,32,45,51],outsid:[24,38],over:[6,10,12,30,44],overwritten:0,own:38,packag:[6,20,30,32,35],packet:[6,9,24,30,44,51],pair:[6,20,30,32,35],paloalto:[11,38],panda:51,pane:28,paramet:[0,6,14,16,20,30,32,33,35,51],parent:39,park:[6,22,34,44],pars:[9,10,34,38,44,50],part3:37,part:[8,10,44,50],parti:51,particular:[11,23],particularli:46,partit:10,pass:[6,13,20,30,32,35,44],passiv:38,password:[0,6,30,32,34,35],path:[6,12,16,23,27,28,30,32,34,39,41,44,45,46],patth:[27,30,32,45],pdf:[6,30],peer:[],per:46,perform:[0,5,6,20,28,30,32,35,38,44],permiss:0,permit:[0,9],permitted_inbound_connection_on:0,permitted_listener_on:0,permitted_local_port_bind_on:0,permitted_outbound_connection_on:0,persist:51,perspect:38,peru:[6,13,30,44],php:[34,44],pick:46,pid:46,piec:38,pipe:[0,51],pipe_flag:25,pipe_inst:25,pipe_max_inst:25,pipe_nam:25,pipelin:[3,10,11,24,34,44,50],pivot:[24,38],place:38,plai:46,plane:11,platform:[0,46],playbook:50,png:46,point:22,pointer:46,pole:[6,13,30,44],polici:[9,46,50],popul:[6,20,30,32,35],port:[0,6,7,10,24,30,31,34,44,51],port_nam:26,port_numb:[],portion:[10,16,34,38,44],possibl:[2,6,20,24,30,32,34,35,39,44,46],post:[16,44,46],potenti:24,powershel:51,practic:[34,38,46],pre:[0,14,19,41],predefin:46,prefix:[39,41],presenc:28,present:[6,30,32,33,35],prevent:51,previou:[6,12,14,30,33,46],previous:[6,12,30],previoustim:46,primari:28,primarili:[46,50],prime:[6,13,30,44],princip:[6,30,32,35],prioriti:2,privileg:[0,6,20,30,32,35,51],procedur:[22,42,50],process:[0,6,10,20,23,30,32,35,39,44,46,51],process_call_trac:[27,45],process_command_lin:[27,39,45],process_command_line_hash_256:39,process_compani:[27,45],process_file_descript:[27,45],process_file_directori:[27,45],process_file_nam:[27,45],process_file_path:[27,45],process_file_product:[27,45],process_file_vers:[27,45],process_granted_access:[27,45],process_guid:[27,45],process_hash_imphash:[27,45],process_hash_md5:[27,39,45],process_hash_sha1:[27,45],process_hash_sha256:[27,39,45],process_hash_sha512:[27,45],process_id:[27,39,45,46],process_id_hash_md5:39,process_injected_address:[27,45],process_integr:39,process_integrity_level:[27,45],process_is_hidden:[27,45],process_nam:[27,39,45],process_par:39,process_parent_call_trac:[27,45],process_parent_command_lin:[27,45],process_parent_compani:[27,45],process_parent_file_descript:[27,45],process_parent_file_directori:[27,45],process_parent_file_nam:[27,45],process_parent_file_path:[27,45],process_parent_file_product:[27,45],process_parent_file_vers:[27,45],process_parent_granted_access:[27,45],process_parent_guid:[27,45],process_parent_hash_imphash:[27,45],process_parent_hash_md5:[27,39,45],process_parent_hash_sha1:[27,45],process_parent_hash_sha256:[27,39,45],process_parent_hash_sha512:[27,45],process_parent_id:[27,45],process_parent_injected_address:[27,45],process_parent_integrity_level:[27,45],process_parent_is_hidden:[27,45],process_parent_nam:[27,39,45],process_path:46,processguid:[27,30,32,45],processid:46,processnam:[34,46],product:[6,11,12,27,30,32,44,45],profil:28,program:[9,27,28],progress:[4,33,36,46],project:[42,51],promot:46,properli:[34,38],properti:[14,39,41,46],protect:[46,50],protocol:[6,10,11,16,20,24,30,32,33,35,44,51],provid:[0,2,3,5,6,7,8,11,18,20,24,26,30,31,32,34,35,38,39,42,44,46,50],proxi:[6,16,30,32,34,35,38,51],pull:[41,50],purpos:[38,41],put:[16,44],qualifi:[8,38,44],queri:[0,6,9,30,34,38,42,44,50],querynam:38,radiu:38,random:38,rare:10,raw:[0,16,51],raw_access_read:0,rawaccessread:0,rdp:[0,24,38],read:[0,38],read_control:28,readabl:46,readi:50,real:[],reason:[44,46],reboot:46,recap:46,receiv:[10,16,24,44],recent:[6,20,30,32,35,46],recommen:34,recommend:50,reconnect:0,record:[0,9,10,11,33,44,51],record_id:39,recurs:9,redmond:[6,30,32,35],reduc:46,redund:46,refer:[6,10,16,30,34,39,44,46,50,51],reg_expand_sz:28,reg_non:28,reg_sz:28,regard:38,region:[6,13,30,44],regist:[6,20,30,32,35],registri:[0,6,11,20,30,32,35,51],registry_h:28,registry_kei:28,registry_key_access_right:28,registry_path:28,registry_root_kei:28,registry_valu:28,registry_value_data:28,registry_value_data_modifi:28,registry_value_name_modifi:28,registry_value_typ:28,rel:[4,6,46],relat:[6,9,10,24,27,28,30,32,34,36,38,44,45],relationship:[0,32,41,50],relev:[44,46],remain:46,rememb:9,remoteinteract:[6,20,30,32,35],remov:0,remove_revok:51,removed_access:0,renam:[0,38],renew:0,repeat:[2,11],replac:[11,38],repli:[6,9,16,44],report:[0,6,8,11,24,30,32,35,44,51],repres:[6,20,23,28,30,32,35,46],represent:24,request:[0,6,8,9,16,19,20,27,30,32,33,34,35,36,38,44,45,46,51],request_header_nam:16,requested_a_handl:0,requir:[28,50],research:51,reserv:9,reset:0,reset_index:51,reset_password:0,resid:46,resourc:[6,11,20,30,32,35,44,46],resourcegroup:[6,11,30,44],respect:[34,44,50],respond:9,respons:[9,16,38,44],response_header_nam:16,response_nam:9,restor:0,restrict:[6,20,30,32,35],result:[0,6,9,19,20,30,32,35,44],result_reason_typ:44,result_typ:44,resulttyp:44,resum:33,rfc2181:9,rfc3655:9,rfc3986:34,rfc5395:9,rfc:[10,22,24,34,44],ricardo:50,right:28,right_index:51,risk:[5,44],roberto:50,rodriguez:[50,51],role:46,root:[28,46],round:9,router:[6,9,30],rpcrt4:[27,30,32],rrname:38,rsyslog:10,rtt:9,rule:[],rule_nam:29,rule_numb:29,run:[27,28,32,38,39,41,51],runtim:[6,20,30,32,35],s198_13_1_27_12321_d205_13_1_27_443_0012:[24,44],s4u:[6,20,30,32,35],safari:[16,36,44],safe_load:51,sai:[38,39],sam:[0,28],samaccountnam:14,same:[3,6,11,20,30,32,35,38,39,41,44,46],sampl:[2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,44,45,46],sample_valu:[39,41,46],samsung:8,san:[6,13,30,44],scan:24,scanner:[6,30],scenario:[11,34],schedul:0,schema:[3,10,11,38,42,44,46],schema_v:[],scope:51,search:[3,6,34,44,46],second:11,section:[9,34],secur:[0,6,11,14,20,28,30,32,35,42,44,46,50],see:[0,6,9,19,20,30,32,35,38,51],seen:[6,16,24,30,32,34,35,36,44],send:[10,16,25,44],sens:39,sensit:0,sensor:[24,38,44,46],sent:[6,16,30,44],sentinel:[11,44],separ:[38,39,41],seri:[37,51],serial:[4,6],server:[0,3,6,7,8,9,14,16,18,20,25,30,31,32,33,35,38,44,51],server_nam:38,servic:[0,5,6,19,20,24,28,30,32,35,38,44,46],servicedesk:14,session:[0,6,9,16,20,24,30,32,33,35,41,44],set:[0,9,19,28,38,46,50],set_opt:51,sever:[2,6,11,20,30,32,35,38,41,44,50],sftp:10,sha1:[4,6,12,15,27,30,32,39,44,45],sha256:[4,6,12,15,27,30,32,39,44,45],sha512:[4,6,12,15,27,30,32,44,45],share:[0,6,7,41,50],sharealik:51,shokobo:[6,11,30,44],should:[9,11,16,33,34,38,39,44],show:[38,50],shutdown:[],sid:[6,14,30,32,35,46],sidhistori:14,siem:[11,44,46,50],sign:[23,50],signatur:[2,23],signer:23,similar:[3,9,27,30,32,39,45],similarli:46,simpli:[14,39],simplifi:42,sinc:[39,46],singl:[3,9,50],sip:34,six:28,size:[6,12,30,44],skew:11,skip:38,small:[41,44],smb:[24,34,38,44],smtp:34,sni:38,softwar:[9,10,24,28],some:[6,10,11,30,34,38,44,46],someth:[11,34,39],sometim:28,somevalu:34,sort:38,sourc:[0,2,3,6,7,8,9,10,11,12,16,18,21,24,26,31,32,34,35,38,39,41,42,44,46,50],source_nat:44,source_process_nam:39,south:[6,13,30,44],space:[27,30,32,45],spawn:[6,30,32,35,44],spdy:33,spearphish:[],spec:24,special:[6,13,20,30,32,35,44,46],specif:[0,3,4,10,11,16,24,33,38,41,44,50],specifi:[6,12,30,39,44],split:51,spreadsheet:50,src_byte:[30,44],src_domain:38,src_file_accessed_tim:30,src_file_changed_tim:30,src_file_compani:30,src_file_creation_tim:30,src_file_descript:30,src_file_directori:30,src_file_extens:30,src_file_hard_link:30,src_file_hash_imphash:30,src_file_hash_md5:30,src_file_hash_sha1:30,src_file_hash_sha256:30,src_file_hash_sha512:30,src_file_inod:30,src_file_link_nam:30,src_file_mime_typ:30,src_file_modified_tim:30,src_file_nam:30,src_file_path:30,src_file_previous_accessed_tim:30,src_file_previous_changed_tim:30,src_file_previous_creation_tim:30,src_file_previous_modified_tim:30,src_file_previous_nam:30,src_file_product:30,src_file_s:30,src_file_symlink:30,src_file_symlink_nam:30,src_file_system_block_s:30,src_file_system_typ:30,src_file_vers:30,src_fqdn:38,src_geo_citi:[30,44],src_geo_contin:30,src_geo_countri:[30,44],src_geo_country_capit:30,src_geo_country_cod:30,src_geo_latitud:[30,44],src_geo_longitud:[30,44],src_geo_region:[30,44],src_host_domain:[],src_host_fqdn:[],src_host_interface_guid:[],src_host_interface_nam:[],src_host_local_mac:[],src_host_model:[],src_host_nam:[30,38,44],src_host_o:[],src_host_peer_mac:[],src_host_typ:[],src_interface_guid:[30,44],src_interface_nam:[30,44],src_ip_addr:[30,44],src_ip_byt:[],src_ip_dhcp_assigned_ip_addr:30,src_ip_is_ipv6:30,src_longitud:[],src_mac_addr:[30,44],src_mime_typ:30,src_nat_ip_addr:[31,44],src_nat_ip_byt:[],src_nat_ip_dhcp_assigned_ip_addr:31,src_nat_ip_is_ipv6:31,src_nat_port:[31,44],src_nat_port_nam:31,src_nat_port_numb:[],src_packet:[30,44],src_port:[30,44],src_port_nam:30,src_port_numb:[],src_process_call_trac:30,src_process_command_lin:30,src_process_compani:30,src_process_file_descript:30,src_process_file_directori:30,src_process_file_nam:30,src_process_file_path:30,src_process_file_product:30,src_process_file_vers:30,src_process_granted_access:30,src_process_guid:30,src_process_hash_imphash:30,src_process_hash_md5:30,src_process_hash_sha1:30,src_process_hash_sha256:30,src_process_hash_sha512:30,src_process_id:30,src_process_injected_address:30,src_process_integrity_level:30,src_process_is_hidden:30,src_process_nam:30,src_process_parent_call_trac:30,src_process_parent_command_lin:30,src_process_parent_compani:30,src_process_parent_file_descript:30,src_process_parent_file_directori:30,src_process_parent_file_nam:30,src_process_parent_file_path:30,src_process_parent_file_product:30,src_process_parent_file_vers:30,src_process_parent_granted_access:30,src_process_parent_guid:30,src_process_parent_hash_imphash:30,src_process_parent_hash_md5:30,src_process_parent_hash_sha1:30,src_process_parent_hash_sha256:30,src_process_parent_hash_sha512:30,src_process_parent_id:30,src_process_parent_injected_address:30,src_process_parent_integrity_level:30,src_process_parent_is_hidden:30,src_process_parent_nam:30,src_resource_group:[30,44],src_resource_id:[30,44],src_user_cred_typ:30,src_user_dent:30,src_user_domain:[30,44],src_user_linked_logon_id:30,src_user_logon_authentication_lan_package_nam:30,src_user_logon_authentication_package_nam:30,src_user_logon_device_claim:30,src_user_logon_elevated_token:30,src_user_logon_guid:30,src_user_logon_id:30,src_user_logon_impersonation_level:30,src_user_logon_key_length:30,src_user_logon_process_nam:30,src_user_logon_restricted_admin_mod:30,src_user_logon_transmitted_servic:30,src_user_logon_typ:30,src_user_logon_user_claim:30,src_user_logon_user_linked_id:30,src_user_logon_virtual_account:30,src_user_nam:[30,44],src_user_network_account_domain:30,src_user_network_account_nam:30,src_user_password:30,src_user_reporter_domain:30,src_user_reporter_id:30,src_user_reporter_nam:30,src_user_reporter_sid:30,src_user_security_packag:30,src_user_session_id:30,src_user_sid:[30,44],src_user_sid_list:30,src_user_upn:[30,44],src_user_user_aadid:30,src_vlan_id:30,src_vlan_nam:30,src_zone:[30,44],srvsvc:25,ssh:[24,44],ssl:[33,38,51],sslv3:33,stack:[24,27,30,32,45],stage:50,stanc:38,standard:[4,6,18,21,24,28,41,42,50],standard_nam:46,standard_typ:46,start:[6,8,21,27,28,30,32,33,44,45],startup:[6,20,30,32,35],state:[11,24,44,46],station:0,statu:[11,23],steal:[],step:38,still:[3,34,46,50],stix:37,stix_format:51,stop:0,store:[28,46],straightforward:46,string:[2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,39,41,44,45],structur:[28,42],sub:[0,6,11,16,20,28,30,32,35,38,44,46],subject:[6,30,32,35,44,46],subjectdomainnam:46,subjectlogonid:46,subjectusernam:46,subjectusersid:46,subkei:28,subprocess:[27,30,32,45],subscript:[6,11,30,44],subsequ:46,subset:[11,51],subtre:28,success:[0,9,44],successfulli:[0,33,46],suggest:50,suit:19,supplement:9,support:[9,14,28],suricata:[9,38],surrog:46,sylog:10,symbol:0,symlink:[6,12,30],synchron:28,sysintern:46,syslog:[8,10,11,44],sysmachin:[11,44],sysmachine2:[6,30,44],sysmon:[0,9,11,27,30,32,38,45,46],sysmoncommunityguid:46,sysmondatamodel:46,system32:[6,12,23,27,30,32,45],system:[0,2,6,12,20,22,24,27,28,30,32,35,39,44,45,46,50,51],t1112:51,t1205:51,t1480:51,t1518:[],t1529:[],t1531:[],t1534:[],t1539:[],t1564:51,t1574:51,t1ntru0k:16,tactic:22,tag:[10,39,46],take:[38,41],taken:[8,44],target:[0,27,30,38,39,45],target_process_call_trac:32,target_process_command_lin:32,target_process_compani:32,target_process_file_descript:32,target_process_file_directori:32,target_process_file_nam:32,target_process_file_path:32,target_process_file_product:32,target_process_file_vers:32,target_process_granted_access:32,target_process_guid:32,target_process_hash_imphash:32,target_process_hash_md5:32,target_process_hash_sha1:32,target_process_hash_sha256:32,target_process_hash_sha512:32,target_process_id:32,target_process_injected_address:32,target_process_integrity_level:32,target_process_is_hidden:32,target_process_nam:32,target_process_parent_call_trac:32,target_process_parent_command_lin:32,target_process_parent_compani:32,target_process_parent_file_descript:32,target_process_parent_file_directori:32,target_process_parent_file_nam:32,target_process_parent_file_path:32,target_process_parent_file_product:32,target_process_parent_file_vers:32,target_process_parent_granted_access:32,target_process_parent_guid:32,target_process_parent_hash_imphash:32,target_process_parent_hash_md5:32,target_process_parent_hash_sha1:32,target_process_parent_hash_sha256:32,target_process_parent_hash_sha512:32,target_process_parent_id:32,target_process_parent_injected_address:32,target_process_parent_integrity_level:32,target_process_parent_is_hidden:32,target_process_parent_nam:32,target_server_nam:32,target_user_cred_typ:32,target_user_dent:32,target_user_domain:32,target_user_linked_logon_id:32,target_user_logon_authentication_lan_package_nam:32,target_user_logon_authentication_package_nam:32,target_user_logon_device_claim:32,target_user_logon_elevated_token:32,target_user_logon_guid:32,target_user_logon_id:32,target_user_logon_impersonation_level:32,target_user_logon_key_length:32,target_user_logon_process_nam:32,target_user_logon_restricted_admin_mod:32,target_user_logon_transmitted_servic:32,target_user_logon_typ:32,target_user_logon_user_claim:32,target_user_logon_user_linked_id:32,target_user_logon_virtual_account:32,target_user_nam:32,target_user_network_account_domain:32,target_user_network_account_nam:32,target_user_password:32,target_user_reporter_domain:32,target_user_reporter_id:32,target_user_reporter_nam:32,target_user_reporter_sid:32,target_user_security_packag:32,target_user_session_id:32,target_user_sid:32,target_user_sid_list:32,target_user_upn:32,target_user_user_aadid:32,task:0,tast:0,tbd:46,tcp:[0,10,11,24,44],technic:10,techniqu:[22,50],technique_id:51,telemetri:39,term:38,termin:0,text:[16,24,46,51],tgt:[0,19],tha:[6,30,32,35],than:[9,34,39,41,44],thei:[16,28,41,46],them:[9,34,41,46],therefor:[4,6,7,9,10,26,30,31,34,38,39,44],thi:[0,2,3,4,6,7,8,9,10,11,12,14,16,18,19,20,24,25,26,27,28,30,31,32,33,34,35,38,39,41,42,44,45,46,50,51],thing:[10,38,41],think:[38,50],third:51,those:3,thread:[0,27],threat:[11,38,41,44,46,50,51],threat_categori:44,threat_id:44,threat_nam:44,threathunt:50,three:38,through:[6,9,13,30,44],throughout:34,thu:[34,44,46],ticket:[0,6,19,20,30,32,35],time:[0,6,9,10,11,16,24,27,28,30,32,37,38,44,45,46],timestamp:[0,11],timezon:11,titl:[2,16,46],tld:[16,38,44],tls_cipher:33,tls_curv:33,tls_establish:33,tls_next_protocol:33,tls_resum:33,tls_rsa_with_aes_128_cbc_sha:33,tls_server_nam:33,tls_version:33,tls_version_numb:33,tlsv10:33,tlsv1:33,togeth:[34,41,44],took:[16,38,44],tool:[2,9,34],top:[38,46],topic:10,total:[24,44],trace:[9,27,30,32,45,51],track:[10,11],traffic:[11,12,44],transaction_id:9,transfer:16,transform:[10,50],translat:[7,31,46],transmit:[6,12,20,30,32,35,44],transport:[24,44],tree:[28,46,51],tricki:46,trigger:2,trip:9,trojan:44,truest:[34,44],truli:[34,38,44],truncat:51,trust:[6,20,30,32,35],trustedsec:46,ttl:9,tupl:24,turn:46,twice:39,two:[38,39,41],twofold:46,txt:[6,12,30,34,44],type:[0,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,39,41,44,45,46],typic:[6,20,24,30,32,35,44],u8m:24,udp:[0,10,24,44],uid:[6,10,30,44],ultim:46,uncl:[8,44],uncommon:46,undelet:0,under:[39,41],underscor:[39,41],understand:46,unicod:[28,37],unicodestr:46,uniqu:[5,11,27,30,32,39,41,44,45,46,50],unless:34,unlock:0,unreach:24,untrust:6,updat:[0,50],upn:[6,30,32,35,44],upon:29,uri:[34,38],url:[6,11,22,38,41,44],url_categori:[22,34,44],url_dst_host_nam:34,url_extens:34,url_frag:34,url_host_nam:[34,44],url_origin:[34,44],url_path:34,url_port:34,url_query_nam:34,url_query_valu:34,url_schem:34,url_user_nam:34,url_user_password:34,urn:34,use:[0,6,10,16,30,38,41,44,46,51],used:[3,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,37,38,39,41,44,45,46,50],user32:[6,20,30,32,35],user:[0,3,6,10,11,12,16,20,24,28,30,32,34,36,41,44,46],user_ag:[39,41,44],user_agent_origin:[36,44],user_cred_typ:35,user_dent:35,user_domain:[35,46],user_linked_logon_id:35,user_logon_authentication_lan_package_nam:35,user_logon_authentication_package_nam:35,user_logon_device_claim:35,user_logon_elevated_token:35,user_logon_guid:35,user_logon_id:[35,46],user_logon_impersonation_level:35,user_logon_key_length:35,user_logon_process_nam:35,user_logon_restricted_admin_mod:35,user_logon_transmitted_servic:35,user_logon_typ:35,user_logon_user_claim:35,user_logon_user_linked_id:35,user_logon_virtual_account:35,user_nam:[6,30,32,35,44,46],user_network_account_domain:35,user_network_account_nam:35,user_password:35,user_reporter_domain:35,user_reporter_id:35,user_reporter_nam:35,user_reporter_sid:35,user_security_packag:35,user_session_id:35,user_sid:[35,46],user_sid_list:35,user_upn:35,user_user_aadid:35,usernam:34,uses:[6,20,28,30,32,35],using:[0,6,8,11,20,30,32,33,35,38,44,46],usual:[6,7,9,11,26,30,31,34,41,44],utc:[11,46],uuidgen:[27,30,32,39,41,45],vaku:28,valid:[0,6,23,28,30,32,35,41,50],valu:[0,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,41,44,45,46],value_nam:51,variabl:[28,51],varianc:16,variat:[34,44],variou:34,vendor:[11,44,46],verbiag:[9,38],veri:[10,38,41],verifi:34,version:[2,3,6,7,8,10,11,12,14,16,18,27,30,31,32,33,44,45,50],version_1:46,vhost:38,via:[11,16,38,44],virtual:[6,20,27,30,32,35,45,51],virtualmachin:[6,11,30,44],viru:[6,30,51],visual:38,vlan:[3,6,24,30],vmf:[6,12,30],wai:[34,42,50],want:[6,7,16,38,41],wardog:[6,8,12,30,32,35,44],wardogpersist:28,wasn:38,web:[6,16,30,38,44,51],websit:[6,20,30,32,35],wef:[],welcom:50,well:[10,24,34,38],were:[0,6,9,10,20,27,30,32,35,45],west:[6,13,30,44],what:[6,7,9,26,30,31,34,38,41,44,46,50],when:[0,3,6,7,8,10,11,12,18,20,26,28,30,31,32,33,35,41,44,46,50],whenev:14,where:[6,8,11,16,21,27,30,32,34,38,44,45,46,50],wherea:50,whether:[0,9,24,25,34,38],which:[4,6,8,11,19,20,28,29,30,32,35,44,46,50],whole:37,wiki:38,wikipedia:38,win10:[6,20,30,32,35],win2008r2:19,win32:[41,44],win64:[16,36,44],win8:[6,20,30,32,35],win:[0,6,30,32,35,44],winbuild:[6,12,27,30,32,45],window:[0,6,9,11,12,14,16,20,23,27,28,30,32,35,36,38,44,45,46,50],windowstechniqu:51,winev:10,winlogbeat:10,winsx:46,wire:12,within:19,without:[3,6,12,23,28,30,34,39,44],wkhr001:[8,44],word:[39,41],work:[4,27,30,32,33,36,45,46,50],workgroup:[6,30,32,35],workstat:0,world:[6,13,16,30],would:[6,7,9,10,11,16,22,30,34,38,39,41,44],wrap:24,write:0,write_dac:28,write_own:28,written:11,wrote_to:0,www:[6,16,30,33,38,44],x509_and_certif:19,x64:[16,36,44],xclfdm:24,xfs:[6,12,30],xml:10,xroxi:16,xxxxxxxx:[6,30,32,35],yaml:[39,41,46,51],yamlurl:51,yet:34,yml:[46,51],you:[6,8,10,11,20,28,30,32,34,35,38,39,41,44,46],your:[10,24,34,44,46,50],zeek:[9,11,38],zip:34,zone:[6,9,30,44,46]},titles:["Data Modeling Table","Windows","alert","any","certificate","cloud","destination","destination_nat","device","dns","etl","event","file","geo","group","hash","http","Entities","ip","kerberos","logon","mac","meta","module","network","pipe","port","process","registry","rule","source","source_nat","target","tls","url","user","user_agent","Data Types","Domain vs FQDN vs Host Name Implementation","Entity Structure","Guidelines","Table Structure","Introduction","Tables","network_session","processes","Data Dictionary Authoring Guide","Guidelines","Introduction","Introduction","OSSEM","Windows Events to ATT&amp;CK Techniques"],titleterms:{"import":51,IDs:51,Using:50,alert:2,alpha:50,ambigu:38,ani:3,att:51,attribut:[2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,39,44,45],author:[46,50],background:38,certif:4,cloud:5,committ:50,common:38,content:46,current:50,data:[0,37,46,51],definit:[38,39,41,46],destin:6,destination_nat:7,devic:8,dictionari:46,dns:9,domain:38,enterpris:51,entiti:[17,39,41],etl:10,event:[11,51],exampl:38,extens:39,field:38,file:[12,46,51],fqdn:38,frame:38,geo:13,get:51,goal:50,group:14,guid:46,guidelin:[40,47],hash:15,host:38,hostnam:38,http:16,implement:38,improv:51,introduct:[42,48,49],kerbero:19,librari:51,log:51,logon:20,mac:21,map:51,meta:22,model:[0,51],modul:23,name:38,network:24,network_sess:44,opportun:51,organ:46,ossem:[50,51],outlin:38,pipe:25,platform:51,port:26,problem:38,process:[27,45],project:50,readm:46,refer:37,registri:28,resourc:50,rule:29,scenario:38,sourc:[30,51],source_nat:31,standard:46,statu:50,structur:[39,41,46,50],tabl:[0,41,43,46],tactic:51,target:32,techniqu:51,tls:33,type:37,url:34,user:35,user_ag:36,window:[1,51]}})
\ No newline at end of file
+Search.setIndex({docnames:["attack/windows/ds_mapping_table","attack/windows/intro","cdm/entities/alert","cdm/entities/any","cdm/entities/certificate","cdm/entities/cloud","cdm/entities/destination","cdm/entities/destination_nat","cdm/entities/device","cdm/entities/dns","cdm/entities/etl","cdm/entities/event","cdm/entities/file","cdm/entities/geo","cdm/entities/group","cdm/entities/hash","cdm/entities/http","cdm/entities/intro","cdm/entities/ip","cdm/entities/kerberos","cdm/entities/logon","cdm/entities/mac","cdm/entities/meta","cdm/entities/module","cdm/entities/network","cdm/entities/pipe","cdm/entities/port","cdm/entities/process","cdm/entities/registry","cdm/entities/rule","cdm/entities/source","cdm/entities/source_nat","cdm/entities/target","cdm/entities/tls","cdm/entities/url","cdm/entities/user","cdm/entities/user_agent","cdm/guidelines/data_types","cdm/guidelines/domain_or_hostname_or_fqdn","cdm/guidelines/entity_structure","cdm/guidelines/intro","cdm/guidelines/table_structure","cdm/intro","cdm/tables/intro","cdm/tables/network_session","cdm/tables/processes","dd/guidelines/authoring_data_dictionaries","dd/guidelines/intro","dd/intro","ddm/intro","intro","notebooks/attack/windows/ds_mapping_techniques"],envversion:{"sphinx.domains.c":1,"sphinx.domains.changeset":1,"sphinx.domains.citation":1,"sphinx.domains.cpp":1,"sphinx.domains.index":1,"sphinx.domains.javascript":1,"sphinx.domains.math":2,"sphinx.domains.python":1,"sphinx.domains.rst":1,"sphinx.domains.std":1,sphinx:56},filenames:["attack/windows/ds_mapping_table.md","attack/windows/intro.md","cdm/entities/alert.md","cdm/entities/any.md","cdm/entities/certificate.md","cdm/entities/cloud.md","cdm/entities/destination.md","cdm/entities/destination_nat.md","cdm/entities/device.md","cdm/entities/dns.md","cdm/entities/etl.md","cdm/entities/event.md","cdm/entities/file.md","cdm/entities/geo.md","cdm/entities/group.md","cdm/entities/hash.md","cdm/entities/http.md","cdm/entities/intro.md","cdm/entities/ip.md","cdm/entities/kerberos.md","cdm/entities/logon.md","cdm/entities/mac.md","cdm/entities/meta.md","cdm/entities/module.md","cdm/entities/network.md","cdm/entities/pipe.md","cdm/entities/port.md","cdm/entities/process.md","cdm/entities/registry.md","cdm/entities/rule.md","cdm/entities/source.md","cdm/entities/source_nat.md","cdm/entities/target.md","cdm/entities/tls.md","cdm/entities/url.md","cdm/entities/user.md","cdm/entities/user_agent.md","cdm/guidelines/data_types.md","cdm/guidelines/domain_or_hostname_or_fqdn.md","cdm/guidelines/entity_structure.md","cdm/guidelines/intro.md","cdm/guidelines/table_structure.md","cdm/intro.md","cdm/tables/intro.md","cdm/tables/network_session.md","cdm/tables/processes.md","dd/guidelines/authoring_data_dictionaries.md","dd/guidelines/intro.md","dd/intro.md","ddm/intro.md","intro.md","notebooks/attack/windows/ds_mapping_techniques.ipynb"],objects:{},objnames:{},objtypes:{},terms:{"000000000z":46,"000941900z":46,"0010396cab00":[27,30,32,45],"035e058":[39,41],"088f":10,"09454ca8bfc2":39,"09t05":46,"0x0":[6,19,20,30,32,35],"0x1000":[27,30,32,45],"0x1074":46,"0x12":19,"0x3e7":[6,30,32,35],"0x40810010":19,"0x48f29":46,"0x8dcdc":[6,20,30,32,35],"0xf003f":28,"0xffffbc6422dd9c20":[27,30,32,45],"0xffffffff":[27,30,32,45],"10e93":[27,30,32],"11fe4":[27,30,32],"1234567890ab":[11,44],"16384_none_25a8f00faa8f185c":46,"189bc2ee":41,"1ad1d79f85d8f6a50ea282f63898d652661daa0c1fd361c22647cabc98a70e8cbce83200d579d10dd0a3d46be9496dcdfddf28b0c5e9709343b032a8796fbecb":[4,6,12,15,27,30,32,44,45],"2012r2":[6,20,30,32,35],"20processnam":[34,44],"215696fc36392ca70f89228b98060afb":[34,44],"2505bd03d7bd285e50ce89cec02b333b":[4,6,12,15,27,30,32,45],"2654e":[27,30,32],"26cfb":[27,30,32],"273b4":[27,30,32],"2bb33827":[8,44],"2cd4":[6,30,32,35],"2d12e":[27,30,32],"2e853":[27,30,32],"2fbe":[6,30,44],"3083f":[27,30,32],"313a6":[27,30,32],"34b46":[27,30,32],"365ce":[27,30,32],"42c1a34":39,"44bf":41,"4668bb2223ffb983a5f1273b9e3d9fa2c5ce4a0f1fb18ca5c1b285762020073c":[4,6,12,15,27,30,32,39,44,45],"468d":39,"48db":[8,44],"4a8a":41,"4b3b":[39,41],"4d11":9,"4e17":[6,30,32,35],"5521c67d457b":41,"5acd":[27,30,32,45],"5cc68":[27,30,32],"5e8b0f4d":[6,30,32,35],"6a255bebf3dbcd13585538ed47dbafd7":[4,6,12,15,27,30,32,39,44,45],"6bb6":[8,44],"6efc1":[27,30,32],"76d23":[27,30,32],"7c202e90":[6,30,44],"88d16a8edaa8c66b":[6,20,30,32,35],"88d2b96fdb2b4c49":[6,20,30,32,35],"8de6":[8,44],"8efb":39,"9bf67e04bedf":[6,30,44],"9c2e":[27,30,32,45],"boolean":[3,6,7,8,9,10,18,23,24,27,30,31,32,33,37,45,46],"byte":[6,9,12,16,24,25,30,44],"case":[10,14,38,39,41],"class":9,"default":[6,10,20,30,32,35,39,46],"final":50,"float":[9,11],"function":46,"import":9,"int":[16,44],"long":[10,11,24,44],"new":[0,6,14,20,30,32,34,35,41,44,46,50,51],"public":[46,51],"return":[9,16],"short":24,"switch":[6,16,30],"true":[8,9,10,23,24,27,30,32,33,37,38,44,45,51],"try":[34,38,44],"while":[46,50],AWS:[6,11,30,44],DNS:[0,6,9,30,38,44,51],FOR:16,For:[6,7,11,14,16,19,20,22,24,30,32,35,38,39,41,44,46],Has:32,IDS:24,IDs:3,IIS:[16,38],IPS:[24,44],IPs:[3,9],Its:46,NOT:[6,7,8,26,30,31,38,44],TGS:19,TLS:[6,16,30,33,38,44,51],The:[0,2,5,6,8,9,10,11,12,14,16,20,23,24,25,27,28,29,30,32,33,34,35,36,38,39,41,42,44,45,46,50],There:[8,28,34,44,50],These:[28,38,39,41,46],Use:[10,50],Used:10,Yes:[6,20,30,32,35],_md5:39,_name:39,_path:39,_sha1:39,_sha256:39,_to:0,a0344:[27,30,32,45],a115:[6,30,44],a257:41,a343:10,a81c:[27,30,32],a98268c1:[27,30,32,45],aaaa:9,aaaaaaaaaaaa:[6,30,44],aaabbbcc:[11,44],ab0:[6,30,44],abbrevi:24,abil:[6,20,30,32,35],abl:[38,41],abort:33,about:[0,4,6,8,10,11,12,13,14,15,16,18,20,21,23,24,25,26,27,28,29,30,32,33,34,35,39,46,50],abov:[38,39,46,51],absolut:38,abus:22,accept:[0,39],access:[0,6,11,12,20,27,28,30,32,35,44,45],accomod:42,accomplish:38,accord:[9,24,46],account:[0,6,11,19,20,28,30,32,35,44,46],accountoper:14,accur:11,across:[2,9,11,27,30,32,45,46,50],action:[6,8,30,32,35,44],activ:[38,44,46,50],activewebsoftwar:16,actor:2,actual:[3,6,7,26,28,30,31,34,38],adapt:[8,44],add:41,add_processed_timestamp:10,added:[0,6,14,20,30,32,35,41],addit:[0,9,10,11,16,39,46,50],address:[3,6,7,8,9,18,21,24,27,30,31,32,34,44,45],ade:[11,44],adher:34,admin:[4,6,20,30,32,35],administr:[6,20,30,32,35],adopt:46,adult:[6,22,34,44],advanc:[46,50],adversari:50,advertis:[6,34,44],afa:[11,44],after:[34,38],again:[38,46],agent:[10,16,36,44,46],aggreg:[11,44],ago:11,ahif:[41,44],aim:46,alert:[10,22],alert_categori:2,alert_descript:2,alert_id:2,alert_messag:2,alert_sever:2,alert_signatur:2,alert_vers:2,align:46,all:[3,8,9,10,16,28,39,41,44,51],all_d:51,all_data_sourc:51,allow:[0,3,6,8,20,24,30,32,35,41,42,44,50],alon:38,along:[6,20,30,32,35],alreadi:[4,16,33,34,38,41,44,46],also:[6,9,10,11,12,16,20,24,28,30,32,34,35,38,39,41,44,46,50],alter:11,alwai:[6,11,14,20,30,32,34,35,38,44,46],ambigu:34,amd64_microsoft:46,america:[6,13,30],among:[41,50],amount:[16,24,38,44],analysi:[11,44,51],analyst:[10,42,50],analyt:[46,50],analyz:[46,50],ani:[6,7,10,11,16,28,29,34,38,44,46,50],anomal:46,anoth:[0,6,11,14,20,30,32,35,38,39],answer:9,anti:[6,30,51],any_event_id:3,any_hash:3,any_ip_addr:3,any_ip_dhcp_assigned_ip_addr:3,any_ip_geo:3,any_ip_is_ipv6:3,any_mac_addr:3,any_us:3,any_vlan_id:3,anyon:46,anyth:[16,34,44],apach:[16,38],apart:[10,38],api:51,appear:[14,28],append:[39,41,51],applewebkit:[16,36,44],appli:[6,10,30,32,35,38,39,46,51],applic:[0,5,6,7,9,10,11,12,14,16,20,24,26,28,30,31,32,33,34,35,38,39,44,46,51],appon:[5,44],arbritari:[4,6],argument:[27,30,32,45],around:42,arrai:[3,9,10],array_float:9,array_str:9,articl:38,as_org:3,asn:3,assign:[3,6,7,8,9,11,18,20,26,27,30,31,32,35,44,45,46],associ:[5,6,20,28,30,32,35,44,50],assumpt:[34,44],atim:[6,12,30],atom:46,atrribut:39,attack:[34,50],attack_cli:51,attack_data_sourc:51,attackcti:51,attempt:[0,6,20,30,32,35],attribut:[37,41,51],audit:[11,46,50,51],authent:[0,6,8,9,19,20,30,32,34,35,44,51],authenticated_with:0,author:[4,6,9,20,30,32,34,35,51],authorit:9,autom:[39,41,46],autonom:22,avail:[8,24,44,46],avoid:46,awesom:50,axi:51,azur:[6,11,30,32,35,44],b0bf5ac2e81bbf597fad5f349feeb32cac449fa2:[4,6,12,15,27,30,32,39,44,45],b0f6a5c0c4d0:[6,30,32,35],b94baf057a53:10,back:[39,42],bad:38,balanc:46,base:[6,16,34,44,46],basics_of_http:[6,30],beat:10,becaus:[3,6,16,20,30,32,34,35,38,44,46],becom:14,been:[0,6,9,11,20,30,32,33,34,35],befor:[6,7,11,28,34,38,41,46],begin:[34,38],behalf:[6,20,30,32,35],behavior:2,behind:[39,41],being:[0,10,11,25,28,32,38],believ:11,belong:[6,11,12,30,32,35,38,44],below:[3,9,38],berto:38,best:[34,38,44,46],between:[0,6,20,24,30,32,35,38,46,50],bgp:[3,22],bigwheel:38,bigwheelbobus:[34,44],bigwheelpassword:[34,44],binari:[4,6,12,15,27,30,32,39,44,45,51],bind:0,bit:[6,9,20,30,32,35],blob:46,block:[0,6,12,30],blocked_inbound_connection_on:0,blocked_listener_on:0,blocked_local_port_bind_on:0,blocked_outbound_connection_on:0,blocked_service_connection_to:0,bob:[8,38,44],bobspassword:[6,30,32,35],bodi:16,book:51,both:[6,13,24,28,30,38,44],bound:0,box:[6,30,32,35,44],briefli:38,bring:51,broad:51,broker:10,build:46,built:46,c_internet:9,cach:0,call:[0,27,28,30,32,38,41,45],came:[8,44],can:[0,3,4,6,8,9,10,11,12,16,20,24,27,28,30,32,34,35,38,39,41,44,45,46,50,51],capit:[6,13,30],captur:[3,6,7,8,14,15,18,30,31,39,44,51],car:50,carri:11,categor:11,categori:[2,11,18,21,22,44,46],caus:38,cdm:[42,46],cef:10,certain:3,certif:[6,19],certificate_hash_imphash:4,certificate_hash_md5:4,certificate_hash_sha1:4,certificate_hash_sha256:4,certificate_hash_sha512:4,certificate_issu:4,certificate_serial_numb:4,certificate_subject:4,chang:[0,6,12,14,30,38,46,50],changed_nam:0,changed_password:0,changed_permiss:0,changed_typ:0,channel:[0,9,11],charact:[37,38],characterist:46,check:[0,9,34,46],child:39,choos:46,chose:33,chosen:[4,6],chrome:[16,36,44],cim:50,cipher:33,citi:[6,13,30,44],claim:[6,20,30,32,35],cleanup:[6,7],clear:38,client:[0,9,10,14,16,25,30,34,38,44],close:0,closed_a_handl:0,cloud:[6,30,32,35,44],cloud_app_id:[5,44],cloud_app_nam:[5,44],cloud_app_risk_level:[5,44],cloud_oper:[5,44],cmd:[6,12,30],cmzy3i4yonz3mt5yu5:[11,44],cncv2:2,code:[6,9,11,13,16,19,27,30,32,44,45,46],codec:10,collabor:41,collect:[11,46],column:51,com:[6,8,9,16,24,30,32,33,34,35,44,46,51],combin:[24,34,44],come:[34,50],command:[0,2,8,27,30,32,38,39,41,44,45,51],common:[3,6,7,11,26,30,31,34,39,41,44,46,50,51],commond:[37,42],commonli:[3,6,9,10,11,20,22,24,30,32,35,38,44],commun:[24,34,42,46,50],compani:[6,12,27,30,32,45],compar:41,complet:[24,27,28,30,32,44,45],complete_list_of_mime_typ:[6,30],complex:46,compromis:50,comput:[0,6,11,14,19,20,27,30,32,35,44,45,46],concept:41,conduct:0,config:50,configur:[10,28],conform:[10,34,44],confus:[34,38],conhost:[27,30,32,45],conn:11,connect:[0,3,6,7,8,16,18,21,24,25,26,30,31,32,33,34,35,38,44,46],connected_from:0,connected_to:0,connection_histori:24,consist:[28,38,42,46],consol:[6,12,27,30,32,45],consum:[10,46],contain:[3,6,9,11,14,20,27,28,30,32,35,41,45,46,50],content:[6,16,30,44,50,51],context:[3,6,7,8,10,18,26,30,31,38,39,44,46],contin:[6,13,30],contoso:[6,14,30,32,35,44,46],contribut:42,control:[2,6,20,28,30,32,35,51],convert:[11,24,44,46],cooki:16,copi:[3,16,22,33,34,38],cor_profil:51,core:37,core_31bf3856ad364e35_6:46,corelight:24,corp:[6,30,32,35],corpor:[6,12,23,27,30,32,38,45],correctli:38,correl:[6,20,30,32,35,46],correspond:[11,44,50],could:[3,6,7,8,9,10,11,12,16,18,26,30,31,34,39,44,50],countri:[6,13,30,44],cover:[36,39],creat:[0,3,6,10,11,12,14,25,27,30,32,39,41,42,45,50,51],creatabl:25,createremotethread:0,creation:[0,39,41,46,50],creation_timestamp:11,creativ:51,credenti:[0,6,20,30,32,35],credssp:[6,30,32,35],critic:[28,38],crtime:[6,12,30],cryptograph:19,cti:37,ctime:[6,12,30],curl:38,current:[27,28,30,32,34,39,41,44,45,46],currentcontrolset:[6,20,30,32,35],currentvers:28,curv:33,custom:[41,42],cyb3rpandah:[50,51],cyb3rward0g:50,cyber:37,d474:39,d9390:[27,30,32],dadmin:[6,20,30,32,35,44,46],dai:11,data:[2,3,9,10,11,22,24,27,28,30,32,34,38,39,41,42,44,45,50],data_dictionari:46,data_sourc:51,databas:28,databasevm:[6,30,44],datafram:51,dataset:[27,30,32,41,45],datasourcesmodelingdata:51,date:[6,10,12,30,37],datetim:[11,37,44],db9e0b9f9c9b:[8,44],dbvm:[11,44],dddd:[11,44],deal:46,debug:9,decid:29,decim:9,decrypt:16,defens:51,defin:[2,3,6,7,9,10,11,12,13,14,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,37,38,39,41,44,45,46,50],definion:46,definit:50,deleg:[6,30,32,35,44],delet:[0,5,14,16,28,38,44],delin:38,deni:[11,44],denot:[0,9],depart:[6,20,30,32,35],depend:10,depth:46,deriv:[27,30,32,34,45],describ:[2,22,27,30,32,39,45,46,50],descript:[0,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,39,41,44,45,46,50],design:[6,13,30,42,44],desir:[0,3],desktop:[6,30,32,35,44],destin:[3,7,8,12,16,18,21,24,26,30,31,32,33,34,35,38,44],destination_domain:38,destination_hostnam:38,destination_nat:44,destinationdomain:38,destinationhostnam:38,detail:[6,24,30,46,50,51],detect:[0,2,46,50],determin:[6,7,9,10,11,24,26,30,31,38,44],develop:[6,16,30,46,50],devic:[3,6,7,11,18,20,24,26,30,31,32,35,38,44,46],deviceact:29,dgm:[6,7,26,30,31],dhcp:[3,6,7,8,18,30,31],dia:50,dictionari:[38,39,41,50,51],did:24,differ:[2,5,10,11,19,28,32,34,39,50],differenti:24,direct:[24,38,44],directli:41,directori:[0,6,12,27,30,32,38,45,50],disabl:[0,9],disconnect:0,disconnected_from:0,disk:11,displai:51,distinguish:[34,38],distribut:[0,14],divers:[41,42,50],divis:28,dll:[0,23,27,30,32,34,45,51],dllhost:46,dmz:[6,30,44],dns:38,dns_additional_authoritative_nam:9,dns_additional_nam:9,dns_flag:9,dns_flags_authent:9,dns_flags_authorit:9,dns_flags_checking_dis:9,dns_flags_recursion_avail:9,dns_flags_recursion_desir:9,dns_flags_trunc:9,dns_flags_z:9,dns_queri:[0,38],dns_query_class:9,dns_query_class_nam:9,dns_query_nam:9,dns_query_typ:9,dns_query_type_nam:9,dns_reject:9,dns_response_cod:9,dns_response_code_nam:9,dns_response_nam:9,dns_response_ttl:9,dns_rtt:9,dns_transaction_id:9,dns_transaction_id_hex:9,dnssec:9,doc:[6,12,16,30,37,46,50],document:[4,6,30,33,36,39,41,44,46,50],documentationin:41,doe:[4,6,9,12,24,27,30,32,34,39,44,45],doesn:38,domain:[6,8,9,14,16,20,22,30,32,34,35,44,46],don:38,done:[6,20,30,32,35],down:[28,50],download:[0,46,50],dozen:46,drive:[0,24],driver:[0,46],drop:[29,51],drop_dupl:51,dropna:51,ds_list:51,ds_record:51,dst_byte:[6,44],dst_certificate_hash_imphash:6,dst_certificate_hash_md5:6,dst_certificate_hash_sha1:6,dst_certificate_hash_sha256:6,dst_certificate_hash_sha512:6,dst_certificate_issu:6,dst_certificate_serial_numb:6,dst_certificate_subject:6,dst_domain:38,dst_file_accessed_tim:6,dst_file_changed_tim:6,dst_file_compani:6,dst_file_creation_tim:6,dst_file_descript:6,dst_file_directori:6,dst_file_extens:6,dst_file_hard_link:6,dst_file_hash_imphash:6,dst_file_hash_md5:6,dst_file_hash_sha1:6,dst_file_hash_sha256:6,dst_file_hash_sha512:6,dst_file_inod:6,dst_file_link_nam:6,dst_file_mime_typ:6,dst_file_modified_tim:6,dst_file_nam:6,dst_file_path:6,dst_file_previous_accessed_tim:6,dst_file_previous_changed_tim:6,dst_file_previous_creation_tim:6,dst_file_previous_modified_tim:6,dst_file_previous_nam:6,dst_file_product:6,dst_file_s:6,dst_file_symlink:6,dst_file_symlink_nam:6,dst_file_system_block_s:6,dst_file_system_typ:6,dst_file_vers:6,dst_fqdn:38,dst_geo_citi:[6,44],dst_geo_contin:6,dst_geo_countri:[6,44],dst_geo_country_capit:6,dst_geo_country_cod:6,dst_geo_latitud:[6,44],dst_geo_longitud:[6,44],dst_geo_region:[6,44],dst_host_nam:[6,16,33,38,44],dst_interface_guid:[6,44],dst_interface_nam:[6,44],dst_ip_addr:[6,44],dst_ip_dhcp_assigned_ip_addr:6,dst_ip_is_ipv6:6,dst_mac_addr:[6,44],dst_meta_dst_host_name_categori:6,dst_mime_typ:6,dst_nat_ip_addr:[7,44],dst_nat_ip_dhcp_assigned_ip_addr:7,dst_nat_ip_is_ipv6:7,dst_nat_original_valu:7,dst_nat_port:[7,44],dst_nat_port_nam:7,dst_original_valu:6,dst_packet:[6,44],dst_port:[6,44],dst_port_nam:6,dst_resource_group:[6,44],dst_resource_id:[6,44],dst_user_cred_typ:6,dst_user_dent:6,dst_user_domain:[6,44],dst_user_linked_logon_id:6,dst_user_logon_authentication_lan_package_nam:6,dst_user_logon_authentication_package_nam:6,dst_user_logon_device_claim:6,dst_user_logon_elevated_token:6,dst_user_logon_guid:6,dst_user_logon_id:6,dst_user_logon_impersonation_level:6,dst_user_logon_key_length:6,dst_user_logon_process_nam:6,dst_user_logon_restricted_admin_mod:6,dst_user_logon_transmitted_servic:6,dst_user_logon_typ:6,dst_user_logon_user_claim:6,dst_user_logon_user_linked_id:6,dst_user_logon_virtual_account:6,dst_user_nam:[6,44],dst_user_network_account_domain:6,dst_user_network_account_nam:6,dst_user_password:6,dst_user_reporter_domain:6,dst_user_reporter_id:6,dst_user_reporter_nam:6,dst_user_reporter_sid:6,dst_user_security_packag:6,dst_user_session_id:6,dst_user_sid:[6,44],dst_user_sid_list:6,dst_user_upn:[6,44],dst_user_user_aadid:6,dst_vlan_id:6,dst_vlan_nam:6,dst_zone:[6,44],due:[11,34,38],duplic:3,durat:11,dure:[6,10,20,30,32,33,35,50],dvc_action:[8,44],dvc_domain:[8,44],dvc_fqdn:[8,44],dvc_host_nam:[8,44],dvc_inbound_interfac:[8,44],dvc_interface_guid:[8,44],dvc_interface_nam:[8,44],dvc_ip_addr:[8,44],dvc_ip_dhcp_assigned_ip_addr:8,dvc_ip_is_ipv6:8,dvc_mac_addr:8,dvc_model_nam:8,dvc_model_numb:8,dvc_o:8,dvc_outbound_interfac:[8,44],dvc_type:8,e78a63b40daa:[39,41],each:[9,16,28,39,41,46,50],eas:46,easi:46,east:[6,13,30,44],ecdh:33,editor:28,edr:[6,30],eeee:[11,44],eevyz07vgj1n0rld:24,either:[10,11,12,38,44],element:28,elev:[6,20,30,32,35],ellipt:33,embed:28,emit:46,empti:44,enabl:[0,28,46],enclav:51,encod:10,encompass:38,encrypt:33,end:[6,8,11,20,21,24,25,30,32,35,39,41,44],endpoint:[6,8,16,21,24,25,27,30,32,38,41,44,45],engin:[6,34,44,50],enhanc:46,enough:39,enrich:[10,46],ensur:46,enterpris:50,entir:38,entireti:[34,44],entiti:[6,11,12,30,32,35,36,37,38,42,44,45,46,50],entri:[28,46],enumer:0,environ:[28,35,38],environment:51,equat:[6,13,30,44],error:[10,11,51],escal:51,especi:34,establish:[33,34],etc:[6,10,11,12,22,24,28,30,32,34,38,39,41,44,46],eth02:[6,30,44],eth0:[8,44],ethernet:[8,44],etl:[3,6,11,24,34,44],etl_format_appli:10,etl_format_is_cef:10,etl_format_is_json:10,etl_format_is_syslog:10,etl_format_is_xml:10,etl_host_agent_typ:10,etl_host_agent_uid:10,etl_info_tag:10,etl_input_application_nam:10,etl_input_application_protocol:10,etl_input_port:10,etl_input_protocol:10,etl_input_src_port:10,etl_kafka_consumer_group:10,etl_kafka_kei:10,etl_kafka_offset:10,etl_kafka_partit:10,etl_kafka_tim:10,etl_kafka_top:10,etl_pipelin:10,etl_processed_tim:10,etl_vers:10,etw_level_inform:46,etw_task_task_0:46,evas:51,even:[3,6,7,8,18,26,27,28,30,31,32,34,38,39,44,45],event:[0,2,5,6,7,8,9,10,12,13,14,15,16,18,19,20,21,23,24,25,26,27,28,29,30,31,32,33,34,35,38,39,41,44,45,46,50],event_category_typ:11,event_cod:46,event_count:[11,44],event_creation_tim:11,event_dur:11,event_end_tim:[11,44],event_error:11,event_error_cod:11,event_field:46,event_id:[11,51],event_messag:[11,44],event_original_messag:11,event_original_tim:11,event_original_uid:[11,44],event_product:[11,44],event_product_vers:[11,44],event_recorded_tim:11,event_report_url:[11,44],event_resource_group:[11,44],event_resource_id:[11,44],event_schema_vers:[11,44],event_sever:[11,44],event_start_tim:[11,44],event_statu:11,event_status_cod:11,event_sub_category_typ:11,event_sub_statu:11,event_sub_status_cod:11,event_sub_typ:11,event_time_ingest:[11,44],event_timestamp:11,event_timezon:11,event_typ:11,event_type_detail:11,event_uid:[11,44],event_vendor:[11,44],eventid:[0,9,11,38],eventtyp:11,everi:[39,41,46],everyth:[3,34],evil:2,evilactor:2,exampl:[6,7,11,14,16,22,30,34,39,41,44,46,51],exe:[6,12,23,27,28,30,32,34,44,45,46],execut:[0,27,30,32,39,45,46],exhibit:2,exist:[24,34,38,41,44,46],exit:0,expand:2,expect:[39,41],expedit:50,expir:11,explain:38,explicit:[0,6,20,30,32,35],ext3:[6,12,30],ext4:[6,12,30],ext:[6,20,30,32,35],extend:[12,39,42],extends_ent:39,extens:[6,12,20,30,32,33,34,35,42,44],extern:[38,46],extract:10,f9ea:[27,30,32],facilit:[42,50],fact:38,fail:0,failur:0,fairli:46,fals:[3,6,7,8,9,10,18,24,30,31,33,37,51],famili:[6,20,30,32,35],fat32:[6,12,30],fe4fb818:10,feedback:50,few:11,field:[2,3,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,39,41,44,46,50],figur:46,file:[0,2,4,6,15,23,27,28,30,32,39,41,44,45],file_accessed_tim:12,file_changed_tim:12,file_compani:12,file_creation_tim:12,file_descript:12,file_directori:12,file_extens:[12,44],file_hard_link:12,file_hash_imphash:12,file_hash_md5:[12,44],file_hash_sha1:[12,44],file_hash_sha256:[12,44],file_hash_sha512:[12,44],file_inod:12,file_link_nam:12,file_mime_typ:[12,44],file_modified_tim:12,file_nam:[12,41,44],file_path:[12,41,44],file_previous_accessed_tim:12,file_previous_changed_tim:12,file_previous_creation_tim:12,file_previous_modified_tim:12,file_previous_nam:12,file_product:12,file_s:[12,44],file_symlink:12,file_symlink_nam:12,file_system_block_s:12,file_system_typ:12,file_vers:12,filenam:38,filesystem:[6,12,30],filetim:46,filter:0,financ:38,find:[3,41,46],firewal:[0,3,6,7,8,18,24,26,30,31,44],first:[10,34,38,46,50],fit:[38,39],fix:28,flag:[6,9,19,20,24,25,30,32,35],flexibl:41,focus:50,folder:[28,46,50],follow:[4,6,18,21,38,39,41,46],forcev1:[27,30,32,45],forest:38,form:[28,34,41,44,50],format:[9,10,11,19,28,38,39,41,50],forward:[8,9,10,11,16,44,50],found:38,foundat:[4,33],four:50,fragment:34,framework:2,fred:50,frei:50,from:[0,2,3,5,6,8,9,10,11,14,16,18,21,24,27,28,30,32,33,34,38,39,41,44,45,50,51],front:[6,20,30,32,35],fryguy2600:50,ftp:[24,34,44],full:[6,11,12,23,27,28,30,32,34,39,44,45,46],fulli:[8,38,44,46],fun:50,further:38,galaxi:8,gatewai:44,gather:10,gecko:[16,36,44],gener:[0,9,11,39,41,44,46,50,51],geo:22,geo_citi:13,geo_contin:13,geo_countri:13,geo_country_capit:13,geo_country_cod:13,geo_latitud:13,geo_longitud:13,geo_point:22,geo_region:13,geograph:[6,13,30,44],get:[8,10,16,44],get_techniques_by_platform:51,gg82ulgc9go:[6,30,32,35,44],gid:[34,44],github:[24,46,51],githubusercont:51,give:10,given:[6,9,20,30,32,35],global:[0,27,30,32,45],globe:[6,13,30,44],goal:46,going:[38,46],good:[41,46],googl:[6,9,24,30,33,34,44],grant:[0,19,27,30,32,34,45],granted_access:0,greatsearch:[34,44],greenwich:[6,13,30,44],gritti:46,group:[0,6,10,11,20,22,27,28,30,32,34,35,38,41,44,45,46],group_domain:14,group_nam:14,group_sam_nam:14,group_sid:14,group_sid_histori:14,guagenti:50,guess:[6,7,26,30,31],guid:[6,8,20,30,32,35,38,44],guidanc:46,guidelin:[38,41],had:38,handl:[0,28],handshak:33,happen:[10,38],hard:[0,6,12,30],hardwar:28,has:[0,6,11,14,20,28,30,32,33,35,38,39,41,51],hash:[3,4,6,12,24,27,30,32,34,39,41,44,45],hash_imphash:15,hash_md5:15,hash_sha1:15,hash_sha256:15,hash_sha512:15,have:[6,8,9,10,16,20,24,27,28,30,32,34,35,38,39,44,46,50],head:[16,44,51],header:[6,16,24,30,34,38,44],helk:50,helk_logstash:10,hello:[16,37],help:[6,11,20,30,32,35,46,50],henc:46,here:[4,6,16,30,33,38,44,50],hexadecim:[6,9,19,20,30,32,35,46],hexint64:46,hidden:[27,30,32,45,51],hierarch:28,hierarchi:38,high:[11,44],hive:28,hkcc:28,hkcr:28,hkcu:28,hkey_local_machin:28,hkey_local_mahin:28,hklm:[6,20,28,30,32,35],hkpd:28,hku:28,hopefulli:38,host:[0,6,8,10,11,12,16,27,30,32,34,35,44,45,46,51],host_nam:34,hostnam:[6,30,34,44],how:[6,9,30,38,44,46,51],howev:[3,11,16,34,38,51],html:[9,16,34,37],http:[6,9,10,11,24,30,34,36,37,38,41,44,46,51],http_content_typ:[16,44],http_cookie_vari:16,http_informational_cod:16,http_informational_messag:16,http_proxied_head:16,http_referrer_origin:[16,44],http_request_body_byt:16,http_request_header_host:16,http_request_header_nam:16,http_request_header_origin:16,http_request_header_valu:16,http_request_method:[16,44],http_request_tim:[16,44],http_response_body_byt:16,http_response_body_origin:16,http_response_header_nam:16,http_response_header_valu:16,http_response_tim:[16,44],http_status_cod:[16,44],http_status_messag:16,http_user_agent_origin:16,http_version:[16,44],http_xff:[16,44],human:46,hundr:16,hunt:[8,44,50],hxnoyd:50,hygien:38,hyper:[8,44],hypertext:16,iOS:8,iana:[6,7,26,30,31],icmp:[10,24,44],id_var:51,ident:[6,30,32,35,46],identif:[27,30,32,45],identifi:[0,2,5,6,9,11,20,24,27,30,32,35,39,41,44,45,46,50],ids:[2,11],ietf:[9,34],illustr:38,imag:[0,4,6,12,15,27,30,32,39,44,45,46],imagin:34,imaginari:[6,13,30,44],imperson:[6,20,30,32,35],imphash:[4,6,12,15,27,30,32,45],implement:[9,34,44],implementaiton:34,imposs:16,improv:50,incid:38,includ:[3,6,9,11,12,16,24,27,28,30,32,33,34,38,44,45,46],incom:0,incorrect:[34,38],incred:38,index:46,indic:[2,3,6,9,16,20,25,30,32,33,35,38],infer:10,info:[24,33],inform:[0,4,6,8,9,10,11,16,19,20,24,28,30,32,35,39,44,46,50],infosec:51,infrastructur:5,ingest:[11,44],initi:[24,27,30,32,45],inject:[27,30,32,34,45],inod:[6,12,30],insid:[24,27],inspect:51,inspir:50,instal:[0,46],instanc:[25,51],instead:[6,20,30,32,35,38],integ:[2,3,6,7,9,10,11,12,16,19,20,22,24,25,26,27,30,31,32,33,34,35,37,44,45],integr:[27,30,32,42,45],intent:38,interest:38,interfac:[6,8,21,30,44,51],interface_nam:[6,30,44],intermediari:[3,6,7,8,18,26,30,31,44],intern:[6,20,30,32,35,38,51],intim:38,introduc:[6,20,30,32,35,41],intrud:46,intrus:50,involv:[9,32],ip_addr:18,ip_dhcp_assigned_ip_addr:18,ip_is_ipv6:18,ipconfig:[8,44],irrelev:38,isol:27,iss:38,issu:[2,4,6,11,19],item:51,itpro:[46,50],its:[6,7,11,12,24,26,28,30,31,38,39,41,44,46,50],itself:[11,39,46],javascript:[16,44],jhrwq:34,join:[8,44,51],jose:[50,51],json:[10,46],json_norm:51,jupyt:51,just:[6,20,30,32,34,35,38,41,44],kafka:10,keep:[6,7,10,11,34,44],kei:[0,3,6,10,20,28,30,32,34,35,51],kerbero:[0,6,20,30,32,35,38],kernel32:[27,30,32],kernelbas:[27,30,32],key_all_access:28,khtml:[16,36,44],kind:28,knock:51,know:[38,39],knowledg:38,known:[6,12,24,28,30,38,44],krb_service_nam:19,krb_ticket_encryption_typ:19,krb_ticket_opt:19,krb_ticket_pre_auth_typ:19,krb_ticket_request_typ:19,krb_ticket_statu:19,l1k4h:[34,44],label:[27,30,32,38,45],lambda:51,lan:[6,20,30,32,35],languag:46,last:[6,12,30,34],later:51,lateral_mov:51,latest:27,latitud:[6,13,22,30,44],layer:[6,16,24,30,33,44,46],ldap:34,lean:46,learn:50,least:38,leav:38,led:50,left:[38,51],left_index:51,length:[6,11,20,28,30,32,35],let:[38,46],level:[5,6,11,20,28,30,32,35,38,44,46],leverag:[39,41],licens:51,lift:51,like:[11,16,34,36,44,46,50],lima:[6,13,30],limit:[9,46],limitless:34,line:[0,6,13,30,38,44,51],link:[0,6,12,30,46,50],linux:[38,50],list:[6,8,16,20,30,32,35,39,41,44,46,51],listen:0,live:9,load:[0,6,10,12,20,23,27,28,30,32,35,51],local:[0,4,6,12,14,20,28,30,32,35,38,44],localhost:32,locat:[6,13,20,30,32,34,35,38,44,46],lock:0,lockout:0,log:[0,3,6,8,9,10,11,16,20,24,28,30,32,34,35,38,44,46,50],log_sourc:46,logic:[28,38,39,41],logon:[0,6,11,14,30,32,35,38,46],logon_authentication_lan_package_nam:20,logon_authentication_package_nam:20,logon_device_claim:20,logon_elevated_token:20,logon_guid:20,logon_id:20,logon_impersonation_level:20,logon_key_length:20,logon_process_nam:20,logon_restricted_admin_mod:20,logon_transmitted_servic:20,logon_typ:20,logon_user_claim:20,logon_user_linked_id:20,logon_virtual_account:20,london:[6,13,30,44],longitud:[6,13,22,30,44],loog:28,look:[9,10],lookup:9,loss:51,lot:34,lower:[39,41],lowercas:[24,44],lowest:[28,38],lsa:[6,20,30,32,35],lsm:[27,30,32],lui:50,mac:[3,6,8,24,30,44],mac_addr:21,machin:0,maco:[39,41,50],made:[0,6,10,16,24,30,32,35,38,44],mai:[8,9,16,24,34,38,44],mail:51,main:[4,6,30,32,33,35,44,50],major:[38,46],make:[9,33,38,39],malici:[4,6,34,38,46],malwar:[2,28,41,44,46],manag:[6,11,20,30,32,35,42],mandatori:46,mani:[11,34,38],manipul:[11,34],manual:[11,44],map:[0,6,13,27,30,32,44,45,50],markdown:46,master:[46,51],match:[9,29,41],matrix:50,max_colwidth:51,maximum:25,md5:[4,6,12,15,27,30,32,39,44,45],mean:[6,7,26,30,31,50],meant:34,measur:[6,13,30,44],medium:[27,30,32,45],melt:51,member:[0,6,30,32,35],membership:0,memori:[27,28,30,32,45],mention:[34,41],mere:28,merg:51,meridian:[6,13,30,44],messag:[2,11,16,24,25,44],meta:46,meta_alert:22,meta_as_numb:22,meta_as_org:22,meta_categori:22,meta_geo_loc:22,meta_ttp:22,meta_url_categori:22,metadata:[3,9,10,11,12,13,14,15,16,18,20,21,23,24,25,26,27,28,29,30,32,33,34,35,39,45,50,51],microsoft:[0,6,8,11,12,20,23,27,28,30,32,35,44,45,46],microsoftdoc:46,might:[2,6,11,14,20,30,32,35,39,44,46],miguel:[6,13,30,44],millisecond:[16,24,44],mime:[6,12,30,44],mime_typ:[6,30],min:11,minimum:50,mis:34,miss:24,mistak:[34,38,44],mitm:16,mitr:50,mix:9,mobil:8,mode:[6,20,30,32,35],model:[8,24,28,39,41,42,44,46,50],modif:[0,6,7,10,11],modifi:[0,6,12,28,30,51],modul:[0,27],module_is_sign:23,module_nam:23,module_path:23,module_signatur:23,module_signature_statu:23,monitor:[0,24,46,50,51],more:[6,9,20,30,32,34,35,39,41,44,50,51],most:[3,6,8,9,11,20,24,30,32,35,38,44],mostli:[10,50],move:[0,14],movement:51,mozilla:[6,16,30,36,44],msi:34,msvcrt:23,msword:[6,12,30,44],mtime:[6,12,30],multipl:[3,8,9,10,24,38,39,41,44],must:[11,27,39,41,46],mwi2xha9lpqn41lo:38,name:[0,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,39,41,44,45,46,50,51],nan:51,nat:[3,6,7,8,18,26,30,31,44],nate:50,natetoken:[4,6],necessari:[34,38],need:50,negoti:[6,20,30,32,35],nest:34,netbio:[6,7,26,30,31],netflow:51,network:[0,3,6,7,8,10,11,12,16,18,21,26,30,31,32,34,35,38,41,44,46,51],network_application_nam:24,network_application_protocol:[24,44],network_byt:[24,44],network_cod:24,network_connection_histori:24,network_connection_history_detail:24,network_connection_st:24,network_connection_state_detail:24,network_direct:[24,44],network_dur:[24,44],network_fingerprint_network_community_id:24,network_initi:24,network_inner_vlan_id:24,network_ip_byt:24,network_missed_byt:24,network_outer_vlan_id:24,network_packet:[24,44],network_protocol:[10,24,44],network_sess:41,network_session_id:[24,44],network_typ:24,networkservic:[6,20,30,32,35],networksess:41,neu5ron:[4,6,50],never:[34,44],newcredenti:[6,30,32,35],newtim:46,next:[11,28,33,38,41],nginx:[16,38],nitti:46,node:[28,38],noerror:9,non:[0,10],none:[0,51],normal:[9,24,34,38,42,50],north:[6,13,30,44],note:[8,46],now:38,nsm:24,ntdll:[27,30,32,45],ntf:[6,12,30],ntlm:[0,6,20,30,32,35],ntp:11,number:[3,4,6,7,8,11,12,19,22,25,26,28,29,30,31,34,37,44,46],numer:[24,33],nxlog:10,oasi:37,oauth:51,object:[0,11,14,34,41,50],objectsid:14,observ:[11,37],obtain:[6,20,30,32,35],occur:11,offic:51,offici:41,older:9,onc:46,one:[3,11,14,16,27,34,38,39,41,46],onli:[6,20,27,30,32,35,38,39,45,46],op_nam:44,open:[0,27,28,30,32,37,45,50,51],oper:[0,5,6,12,19,27,28,30,32,44,45,46,50],option:38,order:[38,50],org:[6,9,16,30,34,37],organ:[3,22,38,50,51],origin:[6,7,11,16,28,34,38,44],osconfig:[6,20,30,32,35],osi:[24,44],ossem:[42,46],other:[6,10,12,16,20,24,27,28,30,32,34,35,38,39,44,45,46,50],otherwis:[6,12,30,46],otrf:51,our:41,out:[0,34,38,44,46],outbound:[6,24,30,32,35,44],outlin:24,output:[27,30,32,45,51],outsid:[24,38],over:[6,10,12,30,44],overwritten:0,own:38,packag:[6,20,30,32,35],packet:[6,9,24,30,44,51],pair:[6,20,30,32,35],paloalto:[11,38],panda:51,pane:28,paramet:[0,6,14,16,20,30,32,33,35,51],parent:39,park:[6,22,34,44],pars:[9,10,34,38,44,50],part3:37,part:[8,10,44,50],parti:51,particular:[11,23],particularli:46,partit:10,pass:[6,13,20,30,32,35,44],passiv:38,password:[0,6,30,32,34,35],path:[6,12,16,23,27,28,30,32,34,39,41,44,45,46],patth:[27,30,32,45],pdf:[6,30],per:46,perform:[0,5,6,20,28,30,32,35,38,44],permiss:0,permit:[0,9],permitted_inbound_connection_on:0,permitted_listener_on:0,permitted_local_port_bind_on:0,permitted_outbound_connection_on:0,persist:51,perspect:38,peru:[6,13,30,44],php:[34,44],pick:46,pid:46,piec:38,pipe:[0,51],pipe_flag:25,pipe_inst:25,pipe_max_inst:25,pipe_nam:25,pipelin:[3,10,11,24,34,44,50],pivot:[24,38],place:38,plai:46,plane:11,platform:[0,46],playbook:50,png:46,point:22,pointer:46,pole:[6,13,30,44],polici:[9,46,50],popul:[6,20,30,32,35],port:[0,6,7,10,24,30,31,34,44,51],port_nam:26,portion:[10,16,34,38,44],possibl:[2,6,20,24,30,32,34,35,39,44,46],post:[16,44,46],potenti:24,powershel:51,practic:[34,38,46],pre:[0,14,19,41],predefin:46,prefix:[39,41],presenc:28,present:[6,30,32,33,35],prevent:51,previou:[6,12,14,30,33,46],previous:[6,12,30],previoustim:46,primari:28,primarili:[46,50],prime:[6,13,30,44],princip:[6,30,32,35],prioriti:2,privileg:[0,6,20,30,32,35,51],procedur:[22,42,50],process:[0,6,10,20,23,30,32,35,39,44,46,51],process_call_trac:[27,45],process_command_lin:[27,39,45],process_command_line_hash_256:39,process_compani:[27,45],process_file_descript:[27,45],process_file_directori:[27,45],process_file_nam:[27,45],process_file_path:[27,45],process_file_product:[27,45],process_file_vers:[27,45],process_granted_access:[27,45],process_guid:[27,45],process_hash_imphash:[27,45],process_hash_md5:[27,39,45],process_hash_sha1:[27,45],process_hash_sha256:[27,39,45],process_hash_sha512:[27,45],process_id:[27,39,45,46],process_id_hash_md5:39,process_injected_address:[27,45],process_integr:39,process_integrity_level:[27,45],process_is_hidden:[27,45],process_nam:[27,39,45],process_par:39,process_parent_call_trac:[27,45],process_parent_command_lin:[27,45],process_parent_compani:[27,45],process_parent_file_descript:[27,45],process_parent_file_directori:[27,45],process_parent_file_nam:[27,45],process_parent_file_path:[27,45],process_parent_file_product:[27,45],process_parent_file_vers:[27,45],process_parent_granted_access:[27,45],process_parent_guid:[27,45],process_parent_hash_imphash:[27,45],process_parent_hash_md5:[27,39,45],process_parent_hash_sha1:[27,45],process_parent_hash_sha256:[27,39,45],process_parent_hash_sha512:[27,45],process_parent_id:[27,45],process_parent_injected_address:[27,45],process_parent_integrity_level:[27,45],process_parent_is_hidden:[27,45],process_parent_nam:[27,39,45],process_path:46,processguid:[27,30,32,45],processid:46,processnam:[34,46],product:[6,11,12,27,30,32,44,45],profil:28,program:[9,27,28],progress:[4,33,36,46],project:[42,51],promot:46,properli:[34,38],properti:[14,39,41,46],protect:[46,50],protocol:[6,10,11,16,20,24,30,32,33,35,44,51],provid:[0,2,3,5,6,7,8,11,18,20,24,26,30,31,32,34,35,38,39,42,44,46,50],proxi:[6,16,30,32,34,35,38,51],pull:[41,50],purpos:[38,41],put:[16,44],qualifi:[8,38,44],queri:[0,6,9,30,34,38,42,44,50],querynam:38,radiu:38,random:38,rare:10,raw:[0,16,51],raw_access_read:0,rawaccessread:0,rdp:[0,24,38],read:[0,38],read_control:28,readabl:46,readi:50,reason:[44,46],reboot:46,recap:46,receiv:[10,16,24,44],recent:[6,20,30,32,35,46],recommen:34,recommend:50,reconnect:0,record:[0,9,10,11,33,44,51],record_id:39,recurs:9,redmond:[6,30,32,35],reduc:46,redund:46,refer:[6,10,16,30,34,39,44,46,50,51],reg_expand_sz:28,reg_non:28,reg_sz:28,regard:38,region:[6,13,30,44],regist:[6,20,30,32,35],registri:[0,6,11,20,30,32,35,51],registry_h:28,registry_kei:28,registry_key_access_right:28,registry_path:28,registry_root_kei:28,registry_valu:28,registry_value_data:28,registry_value_data_modifi:28,registry_value_name_modifi:28,registry_value_typ:28,rel:[4,6,46],relat:[6,9,10,24,27,28,30,32,34,36,38,44,45],relationship:[0,32,41,50],relev:[44,46],remain:46,rememb:9,remoteinteract:[6,20,30,32,35],remov:0,remove_revok:51,removed_access:0,renam:[0,38],renew:0,repeat:[2,11],replac:[11,38],repli:[6,9,16,44],report:[0,6,8,11,24,30,32,35,44,51],repres:[6,20,23,28,30,32,35,46],represent:24,request:[0,6,8,9,16,19,20,27,30,32,33,34,35,36,38,44,45,46,51],request_header_nam:16,requested_a_handl:0,requir:[28,50],research:51,reserv:9,reset:0,reset_index:51,reset_password:0,resid:46,resourc:[6,11,20,30,32,35,44,46],resourcegroup:[6,11,30,44],respect:[34,44,50],respond:9,respons:[9,16,38,44],response_header_nam:16,response_nam:9,restor:0,restrict:[6,20,30,32,35],result:[0,6,9,19,20,30,32,35,44],result_reason_typ:44,result_typ:44,resulttyp:44,resum:33,rfc2181:9,rfc3655:9,rfc3986:34,rfc5395:9,rfc:[10,22,24,34,44],ricardo:50,right:28,right_index:51,risk:[5,44],roberto:50,rodriguez:[50,51],role:46,root:[28,46],round:9,router:[6,9,30],rpcrt4:[27,30,32],rrname:38,rsyslog:10,rtt:9,rule_nam:29,rule_numb:29,run:[27,28,32,38,39,41,51],runtim:[6,20,30,32,35],s198_13_1_27_12321_d205_13_1_27_443_0012:[24,44],s4u:[6,20,30,32,35],safari:[16,36,44],safe_load:51,sai:[38,39],sam:[0,28],samaccountnam:14,same:[3,6,11,20,30,32,35,38,39,41,44,46],sampl:[2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,44,45,46],sample_valu:[39,41,46],samsung:8,san:[6,13,30,44],scan:24,scanner:[6,30],scenario:[11,34],schedul:0,schema:[3,10,11,38,42,44,46],scope:51,search:[3,6,34,44,46],second:11,section:[9,34],secur:[0,6,11,14,20,28,30,32,35,42,44,46,50],see:[0,6,9,19,20,30,32,35,38,51],seen:[6,16,24,30,32,34,35,36,44],send:[10,16,25,44],sens:39,sensit:0,sensor:[24,38,44,46],sent:[6,16,30,44],sentinel:[11,44],separ:[38,39,41],seri:[37,51],serial:[4,6],server:[0,3,6,7,8,9,14,16,18,20,25,30,31,32,33,35,38,44,51],server_nam:38,servic:[0,5,6,19,20,24,28,30,32,35,38,44,46],servicedesk:14,session:[0,6,9,16,20,24,30,32,33,35,41,44],set:[0,9,19,28,38,46,50],set_opt:51,sever:[2,6,11,20,30,32,35,38,41,44,50],sftp:10,sha1:[4,6,12,15,27,30,32,39,44,45],sha256:[4,6,12,15,27,30,32,39,44,45],sha512:[4,6,12,15,27,30,32,44,45],share:[0,6,7,41,50],sharealik:51,shokobo:[6,11,30,44],should:[9,11,16,33,34,38,39,44],show:[38,50],sid:[6,14,30,32,35,46],sidhistori:14,siem:[11,44,46,50],sign:[23,50],signatur:[2,23],signer:23,similar:[3,9,27,30,32,39,45],similarli:46,simpli:[14,39],simplifi:42,sinc:[39,46],singl:[3,9,50],sip:34,six:28,size:[6,12,30,44],skew:11,skip:38,small:[41,44],smb:[24,34,38,44],smtp:34,sni:38,softwar:[9,10,24,28],some:[6,10,11,30,34,38,44,46],someth:[11,34,39],sometim:28,somevalu:34,sort:38,sourc:[0,2,3,6,7,8,9,10,11,12,16,18,21,24,26,31,32,34,35,38,39,41,42,44,46,50],source_nat:44,source_process_nam:39,south:[6,13,30,44],space:[27,30,32,45],spawn:[6,30,32,35,44],spdy:33,spec:24,special:[6,13,20,30,32,35,44,46],specif:[0,3,4,10,11,16,24,33,38,41,44,50],specifi:[6,12,30,39,44],split:51,spreadsheet:50,src_byte:[30,44],src_domain:38,src_file_accessed_tim:30,src_file_changed_tim:30,src_file_compani:30,src_file_creation_tim:30,src_file_descript:30,src_file_directori:30,src_file_extens:30,src_file_hard_link:30,src_file_hash_imphash:30,src_file_hash_md5:30,src_file_hash_sha1:30,src_file_hash_sha256:30,src_file_hash_sha512:30,src_file_inod:30,src_file_link_nam:30,src_file_mime_typ:30,src_file_modified_tim:30,src_file_nam:30,src_file_path:30,src_file_previous_accessed_tim:30,src_file_previous_changed_tim:30,src_file_previous_creation_tim:30,src_file_previous_modified_tim:30,src_file_previous_nam:30,src_file_product:30,src_file_s:30,src_file_symlink:30,src_file_symlink_nam:30,src_file_system_block_s:30,src_file_system_typ:30,src_file_vers:30,src_fqdn:38,src_geo_citi:[30,44],src_geo_contin:30,src_geo_countri:[30,44],src_geo_country_capit:30,src_geo_country_cod:30,src_geo_latitud:[30,44],src_geo_longitud:[30,44],src_geo_region:[30,44],src_host_nam:[30,38,44],src_interface_guid:[30,44],src_interface_nam:[30,44],src_ip_addr:[30,44],src_ip_dhcp_assigned_ip_addr:30,src_ip_is_ipv6:30,src_mac_addr:[30,44],src_mime_typ:30,src_nat_ip_addr:[31,44],src_nat_ip_dhcp_assigned_ip_addr:31,src_nat_ip_is_ipv6:31,src_nat_port:[31,44],src_nat_port_nam:31,src_packet:[30,44],src_port:[30,44],src_port_nam:30,src_process_call_trac:30,src_process_command_lin:30,src_process_compani:30,src_process_file_descript:30,src_process_file_directori:30,src_process_file_nam:30,src_process_file_path:30,src_process_file_product:30,src_process_file_vers:30,src_process_granted_access:30,src_process_guid:30,src_process_hash_imphash:30,src_process_hash_md5:30,src_process_hash_sha1:30,src_process_hash_sha256:30,src_process_hash_sha512:30,src_process_id:30,src_process_injected_address:30,src_process_integrity_level:30,src_process_is_hidden:30,src_process_nam:30,src_process_parent_call_trac:30,src_process_parent_command_lin:30,src_process_parent_compani:30,src_process_parent_file_descript:30,src_process_parent_file_directori:30,src_process_parent_file_nam:30,src_process_parent_file_path:30,src_process_parent_file_product:30,src_process_parent_file_vers:30,src_process_parent_granted_access:30,src_process_parent_guid:30,src_process_parent_hash_imphash:30,src_process_parent_hash_md5:30,src_process_parent_hash_sha1:30,src_process_parent_hash_sha256:30,src_process_parent_hash_sha512:30,src_process_parent_id:30,src_process_parent_injected_address:30,src_process_parent_integrity_level:30,src_process_parent_is_hidden:30,src_process_parent_nam:30,src_resource_group:[30,44],src_resource_id:[30,44],src_user_cred_typ:30,src_user_dent:30,src_user_domain:[30,44],src_user_linked_logon_id:30,src_user_logon_authentication_lan_package_nam:30,src_user_logon_authentication_package_nam:30,src_user_logon_device_claim:30,src_user_logon_elevated_token:30,src_user_logon_guid:30,src_user_logon_id:30,src_user_logon_impersonation_level:30,src_user_logon_key_length:30,src_user_logon_process_nam:30,src_user_logon_restricted_admin_mod:30,src_user_logon_transmitted_servic:30,src_user_logon_typ:30,src_user_logon_user_claim:30,src_user_logon_user_linked_id:30,src_user_logon_virtual_account:30,src_user_nam:[30,44],src_user_network_account_domain:30,src_user_network_account_nam:30,src_user_password:30,src_user_reporter_domain:30,src_user_reporter_id:30,src_user_reporter_nam:30,src_user_reporter_sid:30,src_user_security_packag:30,src_user_session_id:30,src_user_sid:[30,44],src_user_sid_list:30,src_user_upn:[30,44],src_user_user_aadid:30,src_vlan_id:30,src_vlan_nam:30,src_zone:[30,44],srvsvc:25,ssh:[24,44],ssl:[33,38,51],sslv3:33,stack:[24,27,30,32,45],stage:50,stanc:38,standard:[4,6,18,21,24,28,41,42,50],standard_nam:46,standard_typ:46,start:[6,8,21,27,28,30,32,33,44,45],startup:[6,20,30,32,35],state:[11,24,44,46],station:0,statu:[11,23],step:38,still:[3,34,46,50],stix:37,stix_format:51,stop:0,store:[28,46],straightforward:46,string:[2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,39,41,44,45],structur:[28,42],sub:[0,6,11,16,20,28,30,32,35,38,44,46],subject:[6,30,32,35,44,46],subjectdomainnam:46,subjectlogonid:46,subjectusernam:46,subjectusersid:46,subkei:28,subprocess:[27,30,32,45],subscript:[6,11,30,44],subsequ:46,subset:[11,51],subtre:28,success:[0,9,44],successfulli:[0,33,46],suggest:50,suit:19,supplement:9,support:[9,14,28],suricata:[9,38],surrog:46,sylog:10,symbol:0,symlink:[6,12,30],synchron:28,sysintern:46,syslog:[8,10,11,44],sysmachin:[11,44],sysmachine2:[6,30,44],sysmon:[0,9,11,27,30,32,38,45,46],sysmoncommunityguid:46,sysmondatamodel:46,system32:[6,12,23,27,30,32,45],system:[0,2,6,12,20,22,24,27,28,30,32,35,39,44,45,46,50,51],t1112:51,t1205:51,t1480:51,t1564:51,t1574:51,t1ntru0k:16,tactic:22,tag:[10,39,46],take:[38,41],taken:[8,44],target:[0,27,30,38,39,45],target_process_call_trac:32,target_process_command_lin:32,target_process_compani:32,target_process_file_descript:32,target_process_file_directori:32,target_process_file_nam:32,target_process_file_path:32,target_process_file_product:32,target_process_file_vers:32,target_process_granted_access:32,target_process_guid:32,target_process_hash_imphash:32,target_process_hash_md5:32,target_process_hash_sha1:32,target_process_hash_sha256:32,target_process_hash_sha512:32,target_process_id:32,target_process_injected_address:32,target_process_integrity_level:32,target_process_is_hidden:32,target_process_nam:32,target_process_parent_call_trac:32,target_process_parent_command_lin:32,target_process_parent_compani:32,target_process_parent_file_descript:32,target_process_parent_file_directori:32,target_process_parent_file_nam:32,target_process_parent_file_path:32,target_process_parent_file_product:32,target_process_parent_file_vers:32,target_process_parent_granted_access:32,target_process_parent_guid:32,target_process_parent_hash_imphash:32,target_process_parent_hash_md5:32,target_process_parent_hash_sha1:32,target_process_parent_hash_sha256:32,target_process_parent_hash_sha512:32,target_process_parent_id:32,target_process_parent_injected_address:32,target_process_parent_integrity_level:32,target_process_parent_is_hidden:32,target_process_parent_nam:32,target_server_nam:32,target_user_cred_typ:32,target_user_dent:32,target_user_domain:32,target_user_linked_logon_id:32,target_user_logon_authentication_lan_package_nam:32,target_user_logon_authentication_package_nam:32,target_user_logon_device_claim:32,target_user_logon_elevated_token:32,target_user_logon_guid:32,target_user_logon_id:32,target_user_logon_impersonation_level:32,target_user_logon_key_length:32,target_user_logon_process_nam:32,target_user_logon_restricted_admin_mod:32,target_user_logon_transmitted_servic:32,target_user_logon_typ:32,target_user_logon_user_claim:32,target_user_logon_user_linked_id:32,target_user_logon_virtual_account:32,target_user_nam:32,target_user_network_account_domain:32,target_user_network_account_nam:32,target_user_password:32,target_user_reporter_domain:32,target_user_reporter_id:32,target_user_reporter_nam:32,target_user_reporter_sid:32,target_user_security_packag:32,target_user_session_id:32,target_user_sid:32,target_user_sid_list:32,target_user_upn:32,target_user_user_aadid:32,task:0,tast:0,tbd:46,tcp:[0,10,11,24,44],technic:10,techniqu:[22,50],technique_id:51,telemetri:39,term:38,termin:0,text:[16,24,46,51],tgt:[0,19],tha:[6,30,32,35],than:[9,34,39,41,44],thei:[16,28,41,46],them:[9,34,41,46],therefor:[4,6,7,9,10,26,30,31,34,38,39,44],thi:[0,2,3,4,6,7,8,9,10,11,12,14,16,18,19,20,24,25,26,27,28,30,31,32,33,34,35,38,39,41,42,44,45,46,50,51],thing:[10,38,41],think:[38,50],third:51,those:3,thread:[0,27],threat:[11,38,41,44,46,50,51],threat_categori:44,threat_id:44,threat_nam:44,threathunt:50,three:38,through:[6,9,13,30,44],throughout:34,thu:[34,44,46],ticket:[0,6,19,20,30,32,35],time:[0,6,9,10,11,16,24,27,28,30,32,37,38,44,45,46],timestamp:[0,11],timezon:11,titl:[2,16,46],tld:[16,38,44],tls_cipher:33,tls_curv:33,tls_establish:33,tls_next_protocol:33,tls_resum:33,tls_rsa_with_aes_128_cbc_sha:33,tls_server_nam:33,tls_version:33,tls_version_numb:33,tlsv10:33,tlsv1:33,togeth:[34,41,44],took:[16,38,44],tool:[2,9,34],top:[38,46],topic:10,total:[24,44],trace:[9,27,30,32,45,51],track:[10,11],traffic:[11,12,44],transaction_id:9,transfer:16,transform:[10,50],translat:[7,31,46],transmit:[6,12,20,30,32,35,44],transport:[24,44],tree:[28,46,51],tricki:46,trigger:2,trip:9,trojan:44,truest:[34,44],truli:[34,38,44],truncat:51,trust:[6,20,30,32,35],trustedsec:46,ttl:9,tupl:24,turn:46,twice:39,two:[38,39,41],twofold:46,txt:[6,12,30,34,44],type:[0,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,39,41,44,45,46],typic:[6,20,24,30,32,35,44],u8m:24,udp:[0,10,24,44],uid:[6,10,30,44],ultim:46,uncl:[8,44],uncommon:46,undelet:0,under:[39,41],underscor:[39,41],understand:46,unicod:[28,37],unicodestr:46,uniqu:[5,11,27,30,32,39,41,44,45,46,50],unless:34,unlock:0,unreach:24,untrust:6,updat:[0,50],upn:[6,30,32,35,44],upon:29,uri:[34,38],url:[6,11,22,38,41,44],url_categori:[22,34,44],url_dst_host_nam:34,url_extens:34,url_frag:34,url_host_nam:[34,44],url_origin:[34,44],url_path:34,url_port:34,url_query_nam:34,url_query_valu:34,url_schem:34,url_user_nam:34,url_user_password:34,urn:34,use:[0,6,10,16,30,38,41,44,46,51],used:[3,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,37,38,39,41,44,45,46,50],user32:[6,20,30,32,35],user:[0,3,6,10,11,12,16,20,24,28,30,32,34,36,41,44,46],user_ag:[39,41,44],user_agent_origin:[36,44],user_cred_typ:35,user_dent:35,user_domain:[35,46],user_linked_logon_id:35,user_logon_authentication_lan_package_nam:35,user_logon_authentication_package_nam:35,user_logon_device_claim:35,user_logon_elevated_token:35,user_logon_guid:35,user_logon_id:[35,46],user_logon_impersonation_level:35,user_logon_key_length:35,user_logon_process_nam:35,user_logon_restricted_admin_mod:35,user_logon_transmitted_servic:35,user_logon_typ:35,user_logon_user_claim:35,user_logon_user_linked_id:35,user_logon_virtual_account:35,user_nam:[6,30,32,35,44,46],user_network_account_domain:35,user_network_account_nam:35,user_password:35,user_reporter_domain:35,user_reporter_id:35,user_reporter_nam:35,user_reporter_sid:35,user_security_packag:35,user_session_id:35,user_sid:[35,46],user_sid_list:35,user_upn:35,user_user_aadid:35,usernam:34,uses:[6,20,28,30,32,35],using:[0,6,8,11,20,30,32,33,35,38,44,46],usual:[6,7,9,11,26,30,31,34,41,44],utc:[11,46],uuidgen:[27,30,32,39,41,45],vaku:28,valid:[0,6,23,28,30,32,35,41,50],valu:[0,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,41,44,45,46],value_nam:51,variabl:[28,51],varianc:16,variat:[34,44],variou:34,vendor:[11,44,46],verbiag:[9,38],veri:[10,38,41],verifi:34,version:[2,3,6,7,8,10,11,12,14,16,18,27,30,31,32,33,44,45,50],version_1:46,vhost:38,via:[11,16,38,44],virtual:[6,20,27,30,32,35,45,51],virtualmachin:[6,11,30,44],viru:[6,30,51],visual:38,vlan:[3,6,24,30],vmf:[6,12,30],wai:[34,42,50],want:[6,7,16,38,41],wardog:[6,8,12,30,32,35,44],wardogpersist:28,wasn:38,web:[6,16,30,38,44,51],websit:[6,20,30,32,35],welcom:50,well:[10,24,34,38],were:[0,6,9,10,20,27,30,32,35,45],west:[6,13,30,44],what:[6,7,9,26,30,31,34,38,41,44,46,50],when:[0,3,6,7,8,10,11,12,18,20,26,28,30,31,32,33,35,41,44,46,50],whenev:14,where:[6,8,11,16,21,27,30,32,34,38,44,45,46,50],wherea:50,whether:[0,9,24,25,34,38],which:[4,6,8,11,19,20,28,29,30,32,35,44,46,50],whole:37,wiki:38,wikipedia:38,win10:[6,20,30,32,35],win2008r2:19,win32:[41,44],win64:[16,36,44],win8:[6,20,30,32,35],win:[0,6,30,32,35,44],winbuild:[6,12,27,30,32,45],window:[0,6,9,11,12,14,16,20,23,27,28,30,32,35,36,38,44,45,46,50],windowstechniqu:51,winev:10,winlogbeat:10,winsx:46,wire:12,within:19,without:[3,6,12,23,28,30,34,39,44],wkhr001:[8,44],word:[39,41],work:[4,27,30,32,33,36,45,46,50],workgroup:[6,30,32,35],workstat:0,world:[6,13,16,30],would:[6,7,9,10,11,16,22,30,34,38,39,41,44],wrap:24,write:0,write_dac:28,write_own:28,written:11,wrote_to:0,www:[6,16,30,33,38,44],x509_and_certif:19,x64:[16,36,44],xclfdm:24,xfs:[6,12,30],xml:10,xroxi:16,xxxxxxxx:[6,30,32,35],yaml:[39,41,46,51],yamlurl:51,yet:34,yml:[46,51],you:[6,8,10,11,20,28,30,32,34,35,38,39,41,44,46],your:[10,24,34,44,46,50],zeek:[9,11,38],zip:34,zone:[6,9,30,44,46]},titles:["Data Modeling Table","Windows","alert","any","certificate","cloud","destination","destination_nat","device","dns","etl","event","file","geo","group","hash","http","Entities","ip","kerberos","logon","mac","meta","module","network","pipe","port","process","registry","rule","source","source_nat","target","tls","url","user","user_agent","Data Types","Domain vs FQDN vs Host Name Implementation","Entity Structure","Guidelines","Table Structure","Introduction","Tables","network_session","processes","Data Dictionary Authoring Guide","Guidelines","Introduction","Introduction","OSSEM","Windows Events to ATT&amp;CK Techniques"],titleterms:{"import":51,IDs:51,Using:50,alert:2,alpha:50,ambigu:38,ani:3,att:51,attribut:[2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,39,44,45],author:[46,50],background:38,certif:4,cloud:5,committ:50,common:38,content:46,current:50,data:[0,37,46,51],definit:[38,39,41,46],destin:6,destination_nat:7,devic:8,dictionari:46,dns:9,domain:38,enterpris:51,entiti:[17,39,41],etl:10,event:[11,51],exampl:38,extens:39,field:38,file:[12,46,51],fqdn:38,frame:38,geo:13,get:51,goal:50,group:14,guid:46,guidelin:[40,47],hash:15,host:38,hostnam:38,http:16,implement:38,improv:51,introduct:[42,48,49],kerbero:19,librari:51,log:51,logon:20,mac:21,map:51,meta:22,model:[0,51],modul:23,name:38,network:24,network_sess:44,opportun:51,organ:46,ossem:[50,51],outlin:38,pipe:25,platform:51,port:26,problem:38,process:[27,45],project:50,readm:46,refer:37,registri:28,resourc:50,rule:29,scenario:38,sourc:[30,51],source_nat:31,standard:46,statu:50,structur:[39,41,46,50],tabl:[0,41,43,46],tactic:51,target:32,techniqu:51,tls:33,type:37,url:34,user:35,user_ag:36,window:[1,51]}})
\ No newline at end of file